AWS: Basic Architecture Session · 2016-09-02 · AWS Core Infrastructure and Services AWS...
Transcript of AWS: Basic Architecture Session · 2016-09-02 · AWS Core Infrastructure and Services AWS...
![Page 1: AWS: Basic Architecture Session · 2016-09-02 · AWS Core Infrastructure and Services AWS Technical Essen/als 3.8 ILT Security Network Security Network Security Groups NACLs Access](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e784356bf5ad156ab00826f/html5/thumbnails/1.jpg)
AWS: Basic Architecture Session SUNEY SHARMA Solutions Architect: AWS [email protected]
![Page 2: AWS: Basic Architecture Session · 2016-09-02 · AWS Core Infrastructure and Services AWS Technical Essen/als 3.8 ILT Security Network Security Network Security Groups NACLs Access](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e784356bf5ad156ab00826f/html5/thumbnails/2.jpg)
AWS Core Infrastructure and Services
AWSTechnicalEssen/als3.8ILT
Security
Network
Security
Network
Security Groups NACLs Access Mgmt
VPCVPC EC2 “Classic”
“Public”
ELB On-Demand Provision
Traditional Infrastructure Amazon Web Services
ServersAMI Amazon EC2 Instances On-Premises Servers
SecuritySecurity Groups NACLs AWS IAM Firewalls ACLs Administrators
NetworkingVPC ELB Router Network Pipeline Switch
Storageand
DatabaseRDBMS DAS SAN NAS Amazon
EBS Amazon
EFS Amazon
S3 Amazon
RDS
![Page 3: AWS: Basic Architecture Session · 2016-09-02 · AWS Core Infrastructure and Services AWS Technical Essen/als 3.8 ILT Security Network Security Network Security Groups NACLs Access](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e784356bf5ad156ab00826f/html5/thumbnails/3.jpg)
PublicSubnet PublicSubnet
PrivateSubnet PrivateSubnet
PrivateSubnet PrivateSubnet
PublicELB
InternalELB
RDSMaster
Usersoverinternet
InternetGateway
RDSStandby
CorporatePremises
VirtualPrivateGatewayCustomerGateway
VPNConnec@on
DirectConnect
CorporateUsers
S3
AZ1 AZ2
NatGateway NatGateway
InternetRoute53
Web-Autoscaling
App-Autoscaling
Mul/-AZRDS
Snapshot
PrivateSubnet
AmazonElas/Cache
PrivateSubnet
AmazonElas/Cache
AmazonCloudFront
Sta/
cCo
nten
t
DynamicContent
AmazonDynamoDB
Sessionstate
AmazonElas/Cache
SessionState
AmazonElas/Cache
SessionState
AmazonGlacier
![Page 4: AWS: Basic Architecture Session · 2016-09-02 · AWS Core Infrastructure and Services AWS Technical Essen/als 3.8 ILT Security Network Security Network Security Groups NACLs Access](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e784356bf5ad156ab00826f/html5/thumbnails/4.jpg)
PublicSubnet PublicSubnet
PrivateSubnet PrivateSubnet
PrivateSubnet PrivateSubnet
PublicELB
InternalELB
RDSMaster
Usersoverinternet
InternetGateway
RDSStandby
CorporatePremises
VirtualPrivateGatewayCustomerGateway
VPNConnec@on
DirectConnect
CorporateUsers
S3
AZ1 AZ2
NatGateway NatGateway
Internet
Web-Autoscaling
App-Autoscaling
Mul/-AZRDS
Snapshot AmazonElas/Cache
AmazonCloudFront
Sta/
cCo
nten
t
DynamicContent
AmazonGlacier
![Page 5: AWS: Basic Architecture Session · 2016-09-02 · AWS Core Infrastructure and Services AWS Technical Essen/als 3.8 ILT Security Network Security Network Security Groups NACLs Access](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e784356bf5ad156ab00826f/html5/thumbnails/5.jpg)
Usersoverinternet
InternetGateway
AZ1 AZ2
Internet
PublicSubnet PublicSubnet
PrivateSubnet PrivateSubnet
PrivateSubnet PrivateSubnet
![Page 6: AWS: Basic Architecture Session · 2016-09-02 · AWS Core Infrastructure and Services AWS Technical Essen/als 3.8 ILT Security Network Security Network Security Groups NACLs Access](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e784356bf5ad156ab00826f/html5/thumbnails/6.jpg)
Let’sdiscuss
• Whatisaregion?• WhatisanAZ?• WhatisaVPCandwhataresubnets?• WhatareNACLandSecurityGroups
![Page 7: AWS: Basic Architecture Session · 2016-09-02 · AWS Core Infrastructure and Services AWS Technical Essen/als 3.8 ILT Security Network Security Network Security Groups NACLs Access](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e784356bf5ad156ab00826f/html5/thumbnails/7.jpg)
AWSGlobalInfrastructure
![Page 8: AWS: Basic Architecture Session · 2016-09-02 · AWS Core Infrastructure and Services AWS Technical Essen/als 3.8 ILT Security Network Security Network Security Groups NACLs Access](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e784356bf5ad156ab00826f/html5/thumbnails/8.jpg)
Achieving High Availability Using Multi-AZ
Availability
Zone - A Availability Zone - B
Availability Zone - C
Region
![Page 9: AWS: Basic Architecture Session · 2016-09-02 · AWS Core Infrastructure and Services AWS Technical Essen/als 3.8 ILT Security Network Security Network Security Groups NACLs Access](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e784356bf5ad156ab00826f/html5/thumbnails/9.jpg)
AmazonVirtualPrivateCloud(VPC)• Provisionalogicallyisolatedsec/onoftheAWScloud
• Controlyourvirtualnetworkingenvironment– Subnets– RouteTables– SecurityGroups– NetworkACLs
• Connecttoyouron-premisesnetworkviahwVPN
• ControlifandhowyourinstancesaccesstheInternet
![Page 10: AWS: Basic Architecture Session · 2016-09-02 · AWS Core Infrastructure and Services AWS Technical Essen/als 3.8 ILT Security Network Security Network Security Groups NACLs Access](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e784356bf5ad156ab00826f/html5/thumbnails/10.jpg)
EC2Instance
VPC
![Page 11: AWS: Basic Architecture Session · 2016-09-02 · AWS Core Infrastructure and Services AWS Technical Essen/als 3.8 ILT Security Network Security Network Security Groups NACLs Access](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e784356bf5ad156ab00826f/html5/thumbnails/11.jpg)
172.31.0.128
172.31.0.129
172.31.1.24
172.31.1.27
VPC
VPC&Subnets
![Page 12: AWS: Basic Architecture Session · 2016-09-02 · AWS Core Infrastructure and Services AWS Technical Essen/als 3.8 ILT Security Network Security Network Security Groups NACLs Access](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e784356bf5ad156ab00826f/html5/thumbnails/12.jpg)
AvailabilityZone1a AvailabilityZone1b
Internet
10.0.0.5
10.0.0.6
10.0.3.17
10.0.3.5
10.0.1.5
10.0.1.25 10.0.1.8
10.0.1.6
VPCSubnet
VPCSubnet
VPCSubnet
VirtualPrivateGateway
CustomerGateway
VPNConnec@on
InternetGateway
CustomerDataCenter
![Page 13: AWS: Basic Architecture Session · 2016-09-02 · AWS Core Infrastructure and Services AWS Technical Essen/als 3.8 ILT Security Network Security Network Security Groups NACLs Access](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e784356bf5ad156ab00826f/html5/thumbnails/13.jpg)
ChoosingIPaddressrangesforyoursubnets172.31.0.0/16
Availability Zone Availability Zone Availability Zone VPC subnet VPC subnet VPC subnet
172.31.0.0/24 172.31.1.0/24 172.31.2.0/24
eu-west-1a eu-west-1b eu-west-1c
![Page 14: AWS: Basic Architecture Session · 2016-09-02 · AWS Core Infrastructure and Services AWS Technical Essen/als 3.8 ILT Security Network Security Network Security Groups NACLs Access](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e784356bf5ad156ab00826f/html5/thumbnails/14.jpg)
Authorizingtraffic:NetworkACLssecuritygroups
![Page 15: AWS: Basic Architecture Session · 2016-09-02 · AWS Core Infrastructure and Services AWS Technical Essen/als 3.8 ILT Security Network Security Network Security Groups NACLs Access](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e784356bf5ad156ab00826f/html5/thumbnails/15.jpg)
NetworkACLs=statelessfirewallrules
Englishtransla/on:Allowalltrafficin
Canbeappliedonasubnetbasis
![Page 16: AWS: Basic Architecture Session · 2016-09-02 · AWS Core Infrastructure and Services AWS Technical Essen/als 3.8 ILT Security Network Security Network Security Groups NACLs Access](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e784356bf5ad156ab00826f/html5/thumbnails/16.jpg)
SecurityGroups
![Page 17: AWS: Basic Architecture Session · 2016-09-02 · AWS Core Infrastructure and Services AWS Technical Essen/als 3.8 ILT Security Network Security Network Security Groups NACLs Access](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e784356bf5ad156ab00826f/html5/thumbnails/17.jpg)
Securitygroups=statefulfirewall
InEnglish:HostsinthisgrouparereachablefromtheInternetonport80(HTTP)
![Page 18: AWS: Basic Architecture Session · 2016-09-02 · AWS Core Infrastructure and Services AWS Technical Essen/als 3.8 ILT Security Network Security Network Security Groups NACLs Access](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e784356bf5ad156ab00826f/html5/thumbnails/18.jpg)
Usersoverinternet
InternetGateway
CorporatePremises
CustomerGateway
VPNConnec@on
DirectConnect
CorporateUsers
AZ1 AZ2
Internet
PublicSubnet PublicSubnet
PrivateSubnet PrivateSubnet
PrivateSubnet PrivateSubnet
VirtualPrivateGateway
![Page 19: AWS: Basic Architecture Session · 2016-09-02 · AWS Core Infrastructure and Services AWS Technical Essen/als 3.8 ILT Security Network Security Network Security Groups NACLs Access](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e784356bf5ad156ab00826f/html5/thumbnails/19.jpg)
Let’sdiscuss
• WhataretheVPCconnec/vityop/ons?
![Page 20: AWS: Basic Architecture Session · 2016-09-02 · AWS Core Infrastructure and Services AWS Technical Essen/als 3.8 ILT Security Network Security Network Security Groups NACLs Access](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e784356bf5ad156ab00826f/html5/thumbnails/20.jpg)
Connec/vityOp/onsTobeginwiththereisinternetandaddi/onally:• VPN• DirectConnect
![Page 21: AWS: Basic Architecture Session · 2016-09-02 · AWS Core Infrastructure and Services AWS Technical Essen/als 3.8 ILT Security Network Security Network Security Groups NACLs Access](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e784356bf5ad156ab00826f/html5/thumbnails/21.jpg)
VPNconnec/ons
![Page 22: AWS: Basic Architecture Session · 2016-09-02 · AWS Core Infrastructure and Services AWS Technical Essen/als 3.8 ILT Security Network Security Network Security Groups NACLs Access](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e784356bf5ad156ab00826f/html5/thumbnails/22.jpg)
VPNconnec/ons
![Page 23: AWS: Basic Architecture Session · 2016-09-02 · AWS Core Infrastructure and Services AWS Technical Essen/als 3.8 ILT Security Network Security Network Security Groups NACLs Access](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e784356bf5ad156ab00826f/html5/thumbnails/23.jpg)
DirectConnect
![Page 24: AWS: Basic Architecture Session · 2016-09-02 · AWS Core Infrastructure and Services AWS Technical Essen/als 3.8 ILT Security Network Security Network Security Groups NACLs Access](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e784356bf5ad156ab00826f/html5/thumbnails/24.jpg)
PublicSubnet PublicSubnet
PrivateSubnet PrivateSubnet
PrivateSubnet PrivateSubnet
PublicELB
InternalELB
Usersoverinternet
InternetGateway
CorporatePremises
VirtualPrivateGatewayCustomerGateway
VPNConnec@on
DirectConnect
CorporateUsers
AZ1 AZ2
NatGateway NatGateway
Internet
Web-Autoscaling
App-Autoscaling
![Page 25: AWS: Basic Architecture Session · 2016-09-02 · AWS Core Infrastructure and Services AWS Technical Essen/als 3.8 ILT Security Network Security Network Security Groups NACLs Access](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e784356bf5ad156ab00826f/html5/thumbnails/25.jpg)
Let’sdiscuss
• NATGateway• ELB
![Page 26: AWS: Basic Architecture Session · 2016-09-02 · AWS Core Infrastructure and Services AWS Technical Essen/als 3.8 ILT Security Network Security Network Security Groups NACLs Access](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e784356bf5ad156ab00826f/html5/thumbnails/26.jpg)
NATGateway
![Page 27: AWS: Basic Architecture Session · 2016-09-02 · AWS Core Infrastructure and Services AWS Technical Essen/als 3.8 ILT Security Network Security Network Security Groups NACLs Access](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e784356bf5ad156ab00826f/html5/thumbnails/27.jpg)
NATAvailableas:
• EC2InstancerunningaLinuxAMI.• ManagedNATservicefromAWS.
![Page 28: AWS: Basic Architecture Session · 2016-09-02 · AWS Core Infrastructure and Services AWS Technical Essen/als 3.8 ILT Security Network Security Network Security Groups NACLs Access](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e784356bf5ad156ab00826f/html5/thumbnails/28.jpg)
Elastic Load Balancing Example
![Page 29: AWS: Basic Architecture Session · 2016-09-02 · AWS Core Infrastructure and Services AWS Technical Essen/als 3.8 ILT Security Network Security Network Security Groups NACLs Access](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e784356bf5ad156ab00826f/html5/thumbnails/29.jpg)
PublicSubnet PublicSubnet
PrivateSubnet PrivateSubnet
PrivateSubnet PrivateSubnet
PublicELB
InternalELB
Usersoverinternet
InternetGateway
CorporatePremises
VirtualPrivateGatewayCustomerGateway
VPNConnec@on
DirectConnect
CorporateUsers
AZ1 AZ2
NatGateway NatGateway
Internet
Web-Autoscaling
App-Autoscaling
![Page 30: AWS: Basic Architecture Session · 2016-09-02 · AWS Core Infrastructure and Services AWS Technical Essen/als 3.8 ILT Security Network Security Network Security Groups NACLs Access](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e784356bf5ad156ab00826f/html5/thumbnails/30.jpg)
Let’sdiscuss
• EC2• Autoscaling
![Page 31: AWS: Basic Architecture Session · 2016-09-02 · AWS Core Infrastructure and Services AWS Technical Essen/als 3.8 ILT Security Network Security Network Security Groups NACLs Access](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e784356bf5ad156ab00826f/html5/thumbnails/31.jpg)
AmazonElas/cComputeCloud(EC2)- Elas/cvirtualserversinthecloud
Physical Servers in AWS Global Regions
HostserverHypervisor
Guest1 Guest2 GuestnEC2Instances
![Page 32: AWS: Basic Architecture Session · 2016-09-02 · AWS Core Infrastructure and Services AWS Technical Essen/als 3.8 ILT Security Network Security Network Security Groups NACLs Access](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e784356bf5ad156ab00826f/html5/thumbnails/32.jpg)
EC2instances:FamiliesandGenera/ons
General-purpose: M1,M3,M4,T2Compute-op/mized: C1,CC2,C3,C4Memory-op/mized: M2,CR1,R3Dense-storage: HS1,D2I/O-op/mized: HI1,I2GPU: CG1,G2Micro: T1,T2
![Page 33: AWS: Basic Architecture Session · 2016-09-02 · AWS Core Infrastructure and Services AWS Technical Essen/als 3.8 ILT Security Network Security Network Security Groups NACLs Access](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e784356bf5ad156ab00826f/html5/thumbnails/33.jpg)
c4.large Instance family
Instance generation
Instance size
EC2 instances: Types and Sizes
![Page 34: AWS: Basic Architecture Session · 2016-09-02 · AWS Core Infrastructure and Services AWS Technical Essen/als 3.8 ILT Security Network Security Network Security Groups NACLs Access](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e784356bf5ad156ab00826f/html5/thumbnails/34.jpg)
StorageOp/ons• Locallyafachedor“instancestorage”• AmazonEBSGeneralPurpose(SSD)volumes• AmazonEBSProvisionedIOPS(SSD)volumes• AmazonEBSMagne/cvolumes• AmazonS3andAmazonGlacierforobjectstorage
![Page 35: AWS: Basic Architecture Session · 2016-09-02 · AWS Core Infrastructure and Services AWS Technical Essen/als 3.8 ILT Security Network Security Network Security Groups NACLs Access](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e784356bf5ad156ab00826f/html5/thumbnails/35.jpg)
AMIDetailsAnAMIincludesthefollowing:• Atemplatefortherootvolumefortheinstance(forexample,anopera/ngsystem,anapplica/onserver,andapplica/ons).
• LaunchpermissionsthatcontrolwhichAWSaccountscanusetheAMItolaunchinstances.
• Ablockdevicemappingthatspecifiesthevolumestoafachtotheinstancewhenit'slaunched.
![Page 36: AWS: Basic Architecture Session · 2016-09-02 · AWS Core Infrastructure and Services AWS Technical Essen/als 3.8 ILT Security Network Security Network Security Groups NACLs Access](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e784356bf5ad156ab00826f/html5/thumbnails/36.jpg)
Amazon EC2 Instances
OS, Applications, & Configuration
AMI
Running or Stopped VM
Instances
AZ
VPC
Region
EBS
S3
EBS Snapshots S3 Buckets
EBS EBS EBS EBS EBS
AZ
Instances Instances
![Page 37: AWS: Basic Architecture Session · 2016-09-02 · AWS Core Infrastructure and Services AWS Technical Essen/als 3.8 ILT Security Network Security Network Security Groups NACLs Access](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e784356bf5ad156ab00826f/html5/thumbnails/37.jpg)
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
Serverload
Hourofday
![Page 38: AWS: Basic Architecture Session · 2016-09-02 · AWS Core Infrastructure and Services AWS Technical Essen/als 3.8 ILT Security Network Security Network Security Groups NACLs Access](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e784356bf5ad156ab00826f/html5/thumbnails/38.jpg)
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
Serverload
Hourofday
Capacityof1server
![Page 39: AWS: Basic Architecture Session · 2016-09-02 · AWS Core Infrastructure and Services AWS Technical Essen/als 3.8 ILT Security Network Security Network Security Groups NACLs Access](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e784356bf5ad156ab00826f/html5/thumbnails/39.jpg)
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
Serverload
Hourofday
Capacityof1server
Tradi/onalcapacityrequired
![Page 40: AWS: Basic Architecture Session · 2016-09-02 · AWS Core Infrastructure and Services AWS Technical Essen/als 3.8 ILT Security Network Security Network Security Groups NACLs Access](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e784356bf5ad156ab00826f/html5/thumbnails/40.jpg)
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
Serverload
Hourofday
Capacityof1server
Tradi/onalcapacityrequired
1serverfor8hours
![Page 41: AWS: Basic Architecture Session · 2016-09-02 · AWS Core Infrastructure and Services AWS Technical Essen/als 3.8 ILT Security Network Security Network Security Groups NACLs Access](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e784356bf5ad156ab00826f/html5/thumbnails/41.jpg)
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
Serverload
Hourofday
Capacityof1server
Tradi/onalcapacityrequired
1serverfor8hours 1serverfor8hours
![Page 42: AWS: Basic Architecture Session · 2016-09-02 · AWS Core Infrastructure and Services AWS Technical Essen/als 3.8 ILT Security Network Security Network Security Groups NACLs Access](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e784356bf5ad156ab00826f/html5/thumbnails/42.jpg)
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
Serverload
Hourofday
Capacityof1server
Tradi/onalcapacityrequired
1serverfor8hours 1serverfor8hours
1serverfor8hours
![Page 43: AWS: Basic Architecture Session · 2016-09-02 · AWS Core Infrastructure and Services AWS Technical Essen/als 3.8 ILT Security Network Security Network Security Groups NACLs Access](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e784356bf5ad156ab00826f/html5/thumbnails/43.jpg)
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
Serverload
Hourofday
Capacityof1server
Tradi/onalcapacityrequired
1serverfor8hours 1serverfor8hours
1serverfor8hours
1serverfor8hours
![Page 44: AWS: Basic Architecture Session · 2016-09-02 · AWS Core Infrastructure and Services AWS Technical Essen/als 3.8 ILT Security Network Security Network Security Groups NACLs Access](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e784356bf5ad156ab00826f/html5/thumbnails/44.jpg)
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
Serverload
Hourofday
Capacityof1server
Tradi/onalcapacityrequired
1/3rdsaving
![Page 45: AWS: Basic Architecture Session · 2016-09-02 · AWS Core Infrastructure and Services AWS Technical Essen/als 3.8 ILT Security Network Security Network Security Groups NACLs Access](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e784356bf5ad156ab00826f/html5/thumbnails/45.jpg)
0
1
2
3
4
5
6
0 1 2 3 4 5 6 7 8 9101112131415161718192021222324252627282930
Instan
cecou
nt
Dayofmonth
![Page 46: AWS: Basic Architecture Session · 2016-09-02 · AWS Core Infrastructure and Services AWS Technical Essen/als 3.8 ILT Security Network Security Network Security Groups NACLs Access](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e784356bf5ad156ab00826f/html5/thumbnails/46.jpg)
0
1
2
3
4
5
6
0 1 2 3 4 5 6 7 8 9101112131415161718192021222324252627282930
Instan
cecou
nt
Dayofmonth
Monthlypredictable
peakprocessing
![Page 47: AWS: Basic Architecture Session · 2016-09-02 · AWS Core Infrastructure and Services AWS Technical Essen/als 3.8 ILT Security Network Security Network Security Groups NACLs Access](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e784356bf5ad156ab00826f/html5/thumbnails/47.jpg)
0
1
2
3
4
5
6
0 1 2 3 4 5 6 7 8 9101112131415161718192021222324252627282930
Instan
cecou
nt
Dayofmonth
Tradi/onalcapacityrequired
![Page 48: AWS: Basic Architecture Session · 2016-09-02 · AWS Core Infrastructure and Services AWS Technical Essen/als 3.8 ILT Security Network Security Network Security Groups NACLs Access](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e784356bf5ad156ab00826f/html5/thumbnails/48.jpg)
0
1
2
3
4
5
6
0 1 2 3 4 5 6 7 8 9101112131415161718192021222324252627282930
Instan
cecou
nt
Dayofmonth
Elas/ccapacity
Tradi/onalcapacityrequired
![Page 49: AWS: Basic Architecture Session · 2016-09-02 · AWS Core Infrastructure and Services AWS Technical Essen/als 3.8 ILT Security Network Security Network Security Groups NACLs Access](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e784356bf5ad156ab00826f/html5/thumbnails/49.jpg)
0
1
2
3
4
5
6
0 1 2 3 4 5 6 7 8 9101112131415161718192021222324252627282930
Instan
cecou
nt
Dayofmonth
75%savings
Tradi/onalcapacityrequired
Elas/ccapacity
![Page 50: AWS: Basic Architecture Session · 2016-09-02 · AWS Core Infrastructure and Services AWS Technical Essen/als 3.8 ILT Security Network Security Network Security Groups NACLs Access](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e784356bf5ad156ab00826f/html5/thumbnails/50.jpg)
Trio of Services Elastic Load Balancing
CloudWatch Auto Scaling Execute Scaling
Policy
CPU Utilization
AWSomeDays3.8
![Page 51: AWS: Basic Architecture Session · 2016-09-02 · AWS Core Infrastructure and Services AWS Technical Essen/als 3.8 ILT Security Network Security Network Security Groups NACLs Access](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e784356bf5ad156ab00826f/html5/thumbnails/51.jpg)
WhatisAmazonEBS?
EBSvolume
AvailabilityZone
AWSregion
EC2instance
![Page 52: AWS: Basic Architecture Session · 2016-09-02 · AWS Core Infrastructure and Services AWS Technical Essen/als 3.8 ILT Security Network Security Network Security Groups NACLs Access](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e784356bf5ad156ab00826f/html5/thumbnails/52.jpg)
WhatisAmazonEBS?
EBSboot
volume
AvailabilityZone
AWSregion
EC2instance
EBSdata
volume
EBSdata
volume
![Page 53: AWS: Basic Architecture Session · 2016-09-02 · AWS Core Infrastructure and Services AWS Technical Essen/als 3.8 ILT Security Network Security Network Security Groups NACLs Access](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e784356bf5ad156ab00826f/html5/thumbnails/53.jpg)
WhatisAmazonEBS?
EBSvolume
AvailabilityZone AvailabilityZone
AWSregion
Replica
![Page 54: AWS: Basic Architecture Session · 2016-09-02 · AWS Core Infrastructure and Services AWS Technical Essen/als 3.8 ILT Security Network Security Network Security Groups NACLs Access](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e784356bf5ad156ab00826f/html5/thumbnails/54.jpg)
WhatisAmazonEBS?
EBSvolume
AvailabilityZone
AWSregion
AmazonS3 EBSsnapshot
AvailabilityZone
Replica
![Page 55: AWS: Basic Architecture Session · 2016-09-02 · AWS Core Infrastructure and Services AWS Technical Essen/als 3.8 ILT Security Network Security Network Security Groups NACLs Access](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e784356bf5ad156ab00826f/html5/thumbnails/55.jpg)
WhatisAmazonEBS?
EBSvolume
AvailabilityZone
AWSregion
AmazonS3 EBSsnapshot
AvailabilityZone
EBSvolume
Replica Replica
![Page 56: AWS: Basic Architecture Session · 2016-09-02 · AWS Core Infrastructure and Services AWS Technical Essen/als 3.8 ILT Security Network Security Network Security Groups NACLs Access](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e784356bf5ad156ab00826f/html5/thumbnails/56.jpg)
WhatisAmazonEBS?
EBSvolume
AvailabilityZone
AWSregion
AmazonS3 EBSsnapshot
EBSvolume
AvailabilityZone
AWSregion
EBSsnapshot
Replica Replica
![Page 57: AWS: Basic Architecture Session · 2016-09-02 · AWS Core Infrastructure and Services AWS Technical Essen/als 3.8 ILT Security Network Security Network Security Groups NACLs Access](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e784356bf5ad156ab00826f/html5/thumbnails/57.jpg)
WhatifanEBSvolumefails?
EBSvolume
AvailabilityZone
EC2instance
AWSregion
EBSvolume
Replica
![Page 58: AWS: Basic Architecture Session · 2016-09-02 · AWS Core Infrastructure and Services AWS Technical Essen/als 3.8 ILT Security Network Security Network Security Groups NACLs Access](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e784356bf5ad156ab00826f/html5/thumbnails/58.jpg)
WhatifanEBSvolumefails?
AvailabilityZone
EBSvolume
EC2instance
AWSregion
Replica
![Page 59: AWS: Basic Architecture Session · 2016-09-02 · AWS Core Infrastructure and Services AWS Technical Essen/als 3.8 ILT Security Network Security Network Security Groups NACLs Access](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e784356bf5ad156ab00826f/html5/thumbnails/59.jpg)
WhataboutEC2instancefailure?
AvailabilityZone
AWSregion
EBSvolume
EC2instance
Replica
![Page 60: AWS: Basic Architecture Session · 2016-09-02 · AWS Core Infrastructure and Services AWS Technical Essen/als 3.8 ILT Security Network Security Network Security Groups NACLs Access](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e784356bf5ad156ab00826f/html5/thumbnails/60.jpg)
WhataboutEC2instancefailure?
AvailabilityZone
AWSregion
EBSvolume
NewEC2instance
Replica
![Page 61: AWS: Basic Architecture Session · 2016-09-02 · AWS Core Infrastructure and Services AWS Technical Essen/als 3.8 ILT Security Network Security Network Security Groups NACLs Access](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e784356bf5ad156ab00826f/html5/thumbnails/61.jpg)
EBSVolumeTypes
![Page 62: AWS: Basic Architecture Session · 2016-09-02 · AWS Core Infrastructure and Services AWS Technical Essen/als 3.8 ILT Security Network Security Network Security Groups NACLs Access](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e784356bf5ad156ab00826f/html5/thumbnails/62.jpg)
Afewdefini/ons…IOPS:Input/outputopera/onspersecond(#)
Throughput:Read/writeratetostorage(MB/s)
Latency:Delaybetweenrequestandcomple/on(ms)
Capacity:Volumeofdatathatcanbestored(GB)
Blocksize:SizeofeachI/O(KB)
![Page 63: AWS: Basic Architecture Session · 2016-09-02 · AWS Core Infrastructure and Services AWS Technical Essen/als 3.8 ILT Security Network Security Network Security Groups NACLs Access](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e784356bf5ad156ab00826f/html5/thumbnails/63.jpg)
EBSVolumeTypes
HarddiskdriveSolidstatedrive
![Page 64: AWS: Basic Architecture Session · 2016-09-02 · AWS Core Infrastructure and Services AWS Technical Essen/als 3.8 ILT Security Network Security Network Security Groups NACLs Access](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e784356bf5ad156ab00826f/html5/thumbnails/64.jpg)
EBSVolumeTypes
GeneralPurposeSSD
gp2!ProvisionedIOPS
SSD
io1!ThroughputOp/mized
HDD
st1!ColdHDD
sc1!
SSD HDD
![Page 65: AWS: Basic Architecture Session · 2016-09-02 · AWS Core Infrastructure and Services AWS Technical Essen/als 3.8 ILT Security Network Security Network Security Groups NACLs Access](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e784356bf5ad156ab00826f/html5/thumbnails/65.jpg)
EBSVolumeTypes:I/OProvisioned
GeneralPurposeSSD
gp2!
Throughput:160MB/s
Latency:Single-digitms
Capacity:1GBto16TB
Baseline:3IOPSperGBupto10,000
Greatforbootvolumes,lowlatencyapplica6onsandburstydatabases
![Page 66: AWS: Basic Architecture Session · 2016-09-02 · AWS Core Infrastructure and Services AWS Technical Essen/als 3.8 ILT Security Network Security Network Security Groups NACLs Access](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e784356bf5ad156ab00826f/html5/thumbnails/66.jpg)
EBSVolumeTypes:I/OProvisioned
ProvisionedIOPSSSD
io1!
Baseline:100to20,000IOPS
Throughput:320MB/s
Latency:Single-digitms
Capacity:4GBto16TB
Idealforcri6calapplica6onsanddatabaseswithsustainedIOPS
![Page 67: AWS: Basic Architecture Session · 2016-09-02 · AWS Core Infrastructure and Services AWS Technical Essen/als 3.8 ILT Security Network Security Network Security Groups NACLs Access](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e784356bf5ad156ab00826f/html5/thumbnails/67.jpg)
EBSVolumeTypes:ThroughputProvisioned
NEW!
ThroughputOp/mizedHDD
st1!
Baseline:40MB/sperTBupto500MB/s
Capacity:500GBto16TB
Burst:250MB/sperTBupto500MB/s
Idealforlargeblock,highthroughputsequen6alworkloads
![Page 68: AWS: Basic Architecture Session · 2016-09-02 · AWS Core Infrastructure and Services AWS Technical Essen/als 3.8 ILT Security Network Security Network Security Groups NACLs Access](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e784356bf5ad156ab00826f/html5/thumbnails/68.jpg)
NEW!
ColdHDD
sc1
EBSVolumeTypes:ThroughputProvisioned
Baseline:12MB/sperTBupto192MB/s
Capacity:500GBto16TB
Burst:80MB/sperTBupto250MB/s
Idealforsequen6althroughputworkloadssuchasloggingandbackup
![Page 69: AWS: Basic Architecture Session · 2016-09-02 · AWS Core Infrastructure and Services AWS Technical Essen/als 3.8 ILT Security Network Security Network Security Groups NACLs Access](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e784356bf5ad156ab00826f/html5/thumbnails/69.jpg)
IOProvisionedVolumes ThroughputProvisionedVolumes
sc1!st1!io1!gp2!
$0.10perGB $0.125perGB$0.065perPIOPS
*Allpricesarepermonthandfromtheus-west-2regionasofApril2016
$0.045perGB $0.025perGB
![Page 70: AWS: Basic Architecture Session · 2016-09-02 · AWS Core Infrastructure and Services AWS Technical Essen/als 3.8 ILT Security Network Security Network Security Groups NACLs Access](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e784356bf5ad156ab00826f/html5/thumbnails/70.jpg)
Performance:BandwidthMafers
EBSc3.2xlarge
EC2instances
Internet
Databases
~125MB/s
S3
c3.8xlarge
10Gbps~1250MB/s
![Page 71: AWS: Basic Architecture Session · 2016-09-02 · AWS Core Infrastructure and Services AWS Technical Essen/als 3.8 ILT Security Network Security Network Security Groups NACLs Access](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e784356bf5ad156ab00826f/html5/thumbnails/71.jpg)
Performance:EBS-Op/mizedInstances
Formaxthroughputsta/s/csperinstancetypes,see:hfp://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSOp/mized.html
• DedicatednetworkbandwidthforEBSI/O
• Enabledbydefaultonc4,d2,andm4instances
• Canbeenabledatinstancelaunchoronarunninginstance
• Notanop/ononsome10Gbpsinstancetypes(c3.8xlarge,r3.8xlarge,i2.8xlarge)
![Page 72: AWS: Basic Architecture Session · 2016-09-02 · AWS Core Infrastructure and Services AWS Technical Essen/als 3.8 ILT Security Network Security Network Security Groups NACLs Access](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e784356bf5ad156ab00826f/html5/thumbnails/72.jpg)
Performance:EBS-Op/mizedInstances
EBS
EC2instances InternetDatabases
c3.2xlarge
~125MB/s
S3
![Page 73: AWS: Basic Architecture Session · 2016-09-02 · AWS Core Infrastructure and Services AWS Technical Essen/als 3.8 ILT Security Network Security Network Security Groups NACLs Access](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e784356bf5ad156ab00826f/html5/thumbnails/73.jpg)
BestPrac/ce:RAID
WhentoRAID?• Storagerequirement>16TB
• Throughputrequirement>500MB/s
• IOPSrequirement>20,000@16K
![Page 74: AWS: Basic Architecture Session · 2016-09-02 · AWS Core Infrastructure and Services AWS Technical Essen/als 3.8 ILT Security Network Security Network Security Groups NACLs Access](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e784356bf5ad156ab00826f/html5/thumbnails/74.jpg)
BestPrac/ce:RAID
EBSvolume
AvailabilityZone
AWSregion
EC2instance
EBSvolume
RAID0RAID0
Replica Replica
![Page 75: AWS: Basic Architecture Session · 2016-09-02 · AWS Core Infrastructure and Services AWS Technical Essen/als 3.8 ILT Security Network Security Network Security Groups NACLs Access](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e784356bf5ad156ab00826f/html5/thumbnails/75.jpg)
BestPrac/ce:RAID
AvoidRAIDforredundancy
• RAID1halvesavailableEBSbandwidth
• RAID5/6loses20–30%ofusableI/Otoparity
![Page 76: AWS: Basic Architecture Session · 2016-09-02 · AWS Core Infrastructure and Services AWS Technical Essen/als 3.8 ILT Security Network Security Network Security Groups NACLs Access](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e784356bf5ad156ab00826f/html5/thumbnails/76.jpg)
BestPrac/ce:Security
EBSencryp@on
• Afachbothencryptedandunencrypted
• Novolumeperformanceimpact
• Anycurrentgenera/oninstance
• SupportedbyallEBSvolumetypes
• Snapshotsalsoencrypted
• Noextracost
![Page 77: AWS: Basic Architecture Session · 2016-09-02 · AWS Core Infrastructure and Services AWS Technical Essen/als 3.8 ILT Security Network Security Network Security Groups NACLs Access](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e784356bf5ad156ab00826f/html5/thumbnails/77.jpg)
BestPrac/ce:Security
EBSencryp@on:datavolumes
![Page 78: AWS: Basic Architecture Session · 2016-09-02 · AWS Core Infrastructure and Services AWS Technical Essen/als 3.8 ILT Security Network Security Network Security Groups NACLs Access](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e784356bf5ad156ab00826f/html5/thumbnails/78.jpg)
HowAWSpricingwork• Payasyougo:Nominimumcommitments• Paylesswhenyoureserve• Payevenlessperunitbyusingmore• PayevenlessasAWSgrows:44pricedropssince2006
• CustomPricing
![Page 79: AWS: Basic Architecture Session · 2016-09-02 · AWS Core Infrastructure and Services AWS Technical Essen/als 3.8 ILT Security Network Security Network Security Groups NACLs Access](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e784356bf5ad156ab00826f/html5/thumbnails/79.jpg)
PlusServicesofferedfreeofcost• AmazonVPC• AWSElas/cBeanstalk• AWSCloudforma/on• AWSIden/tyandAccessManagement• Autoscaling• AWSOpsworks
![Page 80: AWS: Basic Architecture Session · 2016-09-02 · AWS Core Infrastructure and Services AWS Technical Essen/als 3.8 ILT Security Network Security Network Security Groups NACLs Access](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e784356bf5ad156ab00826f/html5/thumbnails/80.jpg)
FundamentalPricingCharacters/cs• Fundamentalcharacters/csyoupayfor:
– Compute– Storage– Datatransferout
• Customersarechargedfordataxferout.• DataxferintoAWSisfree.• OutbounddatatransferisaggregatedacrossAmazonEC2,AmazonS3,AmazonRDS,AmazonSimpleDB,AmazonSQS,AmazonSNS,andAmazonVPC
![Page 81: AWS: Basic Architecture Session · 2016-09-02 · AWS Core Infrastructure and Services AWS Technical Essen/als 3.8 ILT Security Network Security Network Security Groups NACLs Access](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e784356bf5ad156ab00826f/html5/thumbnails/81.jpg)
EC2PurchasingOp/ons• OnDemand• Reserved• Spot• DedicatedHosts
![Page 82: AWS: Basic Architecture Session · 2016-09-02 · AWS Core Infrastructure and Services AWS Technical Essen/als 3.8 ILT Security Network Security Network Security Groups NACLs Access](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e784356bf5ad156ab00826f/html5/thumbnails/82.jpg)
EC2ReservedInstances
![Page 83: AWS: Basic Architecture Session · 2016-09-02 · AWS Core Infrastructure and Services AWS Technical Essen/als 3.8 ILT Security Network Security Network Security Groups NACLs Access](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e784356bf5ad156ab00826f/html5/thumbnails/83.jpg)
EC2DedicatedHosts&Instances
![Page 84: AWS: Basic Architecture Session · 2016-09-02 · AWS Core Infrastructure and Services AWS Technical Essen/als 3.8 ILT Security Network Security Network Security Groups NACLs Access](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e784356bf5ad156ab00826f/html5/thumbnails/84.jpg)
EC2costs:Pointstoconsider• Serverclockhours• Instanceconfigura/on• InstancePurchaseop/on• NumberofInstances• LoadBalancing• Detailedmonitoring• Autoscaling• Elas/cIP• OSandSoxware
![Page 85: AWS: Basic Architecture Session · 2016-09-02 · AWS Core Infrastructure and Services AWS Technical Essen/als 3.8 ILT Security Network Security Network Security Groups NACLs Access](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e784356bf5ad156ab00826f/html5/thumbnails/85.jpg)
S3costs:Pointstoconsider• Storageclass• Storage• Numberofrequests• DataTransfer
![Page 86: AWS: Basic Architecture Session · 2016-09-02 · AWS Core Infrastructure and Services AWS Technical Essen/als 3.8 ILT Security Network Security Network Security Groups NACLs Access](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e784356bf5ad156ab00826f/html5/thumbnails/86.jpg)
EBSCosts:Pointstoconsider• Volume(GB)provisioned• IOPsprovisioned• Snapshot• DataTransfer
![Page 87: AWS: Basic Architecture Session · 2016-09-02 · AWS Core Infrastructure and Services AWS Technical Essen/als 3.8 ILT Security Network Security Network Security Groups NACLs Access](https://reader034.fdocuments.us/reader034/viewer/2022042021/5e784356bf5ad156ab00826f/html5/thumbnails/87.jpg)
Complicated?Wellyouhaveagreattool
• hfp://calculator.s3.amazonaws.com/index.htmlAWSSimplemonthlycalculator