AWSome Day Moscow 2014

© 2013, 2014 Amazon Web Services, Inc. and its affiliates. All rights reserved.

AWSome Day Training and CertificationTraining and Certification

Copyright © 2013, 2014 Amazon Web Services, Inc. and its affiliates. All rights reserved. This work may not be reproduced or redistributed, in whole or in part, without prior wriGen permission from Amazon Web Services, Inc.

Commercial copying, lending, or selling is prohibited. QuesJons? Email us at aws-‐training-‐[email protected].

AWSome Day

Денис Баталов

[email protected]

@dbatalov


AWSome Day Training and Certification

2

@dbatalov

We value your feedback !

#AWSomeDay

SSID: ?!Password: ?!



Поехали!

@awsoblako



Course Overview | Training Agenda

AWS Introduction

1AWS Storage

2AWS Compute & Networking

3Deployment & Management

5Managed

Services & Database

4



1

This module describes the history and fundamental elements of Amazon Web Services (AWS), as well as how to navigate the AWS Management Console. It discusses the AWS Global Infrastructure, security measures provided by AWS and basic principles of deploying on AWS.

2 3 54Introduction

to AWS AWS Storage Managed

Services & Database

Deployment & Management

AWS Compute & Networking

Course Overview | Training Agenda Module 1



1 2 3 54

This module describes the fundamental elements of AWS Storage with a focus on Amazon Simple Storage Service (S3) and Amazon Elastic Block Store (EBS).

AWS Storage Managed Services & Database




Introduction to AWS



1 2 3 54

This module describes the fundamental elements of AWS Compute and Networking, with a focus on Amazon Elastic Compute Cloud (EC2). This module will build off what you learned in Module 2 by verifying how to use Amazon Elastic Block Storage.





Introduction to AWS



1 2 3 54

This module describes the fundamental elements of AWS Managed Services and Databases. This module will focus on key aspects of Amazon Relational Database Service (RDS) and how to execute Amazon RDS.

Managed Services & Database

AWS Storage AWS Compute & Networking



Introduction to AWS



1 2 3 54

This module describes the fundamental elements of AWS Deployment and Management products and services.


Introduction to AWS






Introduction to AWS Module 1





Introduction to AWS | Overview

Module Overview

This module describes the history and fundamental elements of Amazon Web Services (AWS), as well as how to navigate the AWS Management Console. It discusses the AWS Global Infrastructure, security measures provided by AWS and basic principles of deploying on AWS.



Introduction to AWS | Learning Objectives

1 Navigate the AWS Management Console.

2 Recognize AWS Global Infrastructure.

Describe the security measures AWS provides. 3

By the end of this module you will be able to:



Introduction to AWS | Cloud Computing

Compute

Storage

Security Scaling

Database

Networking Monitoring

Messaging

Workflow

DNS Load Balancing

Backup CDN



AWS History



Introduction to AWS | Amazon History

1995 2006 2012

Amazon.com Launched

Online Bookstore Amazon Publishing

Kindle Launched

Amazon Games

Jeff Bezos Incorporated the Company

2007 2005 1994 2013

Amazon Web Services Launched

Amazon Art



Introduction to AWS | History of Amazon Web Services



Introduction to AWS | AWS Cloud Computing

On Demand } Uniform

Pay As You Go

Available

Compute

Storage

Security Scaling

Database

Networking Monitoring

Messaging

Workflow

DNS Load Balancing

Backup CDN



Introduction to AWS | AWS Core Infrastructure and Services

Traditional Infrastructure Amazon Web Services Security

Network

Servers

Storage & Database

RDBMS DAS SAN NAS

Security

Network

Servers

Storage & Database

Security Groups NACLs Access Mgmt

EBS S3

VPC VPC EC2 “Classic”

“Public”

Amazon EC2

RDS Ephemeral

ELB

Expand On-Demand Provision

AMI Instances



Introduction to AWS | Amazon Web Services

Your Applications


AWS Management Console

Web Interface

Application Services & Networking

Compute, Storage & Database

CloudWatch

Monitoring

IAM

Identity & Access

Content Delivery

CloudFront

Distributed Computing

Amazon EMR Auto Scaling

Compute

Amazon EC2

Storage

Amazon S3 Amazon Glacier Amazon EBS

Database

Amazon Redshift DynamoDB Amazon RDS ElastiCache

Elastic Load Balancing Route 53 Amazon VPC

Networking

AWS Direct Connect

AWS CloudFormation Elastic Beanstalk

Deployment & Automation

OpsWorks



Introduction to AWS | Amazon Web Services

AWS Management Console Demonstration



Global Infrastructure



Introduction to AWS | Regions and Edge Locations

10 AWS Regions 52 AWS Edge Locations



US Regions Global Regions

AZ - A AZ - B

AZ - C

EU (Ireland)

AZ - A AZ - B

South America (Sao Paulo)

AZ - A AZ - B

Asia Pacific (Sydney)

AZ - A AZ - B

GovCloud (US)

AZ - A AZ - B

AZ - C AZ - D

US East (VA)

AZ - A AZ - B

US West (CA)

AZ - A AZ - B

Asia Pacific (Singapore)

AZ - A AZ - B

AZ - C

Asia Pacific (Tokyo)

AZ - A AZ - B

AZ - C

US West (OR)

Customer Decides Where Applications and Data Reside Note: Conceptual drawing only. The number of Availability Zones (AZ) may vary.

Introduction to AWS | AWS Regions and Availability Zones (AZ)



Introduction to AWS | Achieving High Availability using Multi-AZ

Region

Availability Zone - A

Availability Zone - B

Availability Zone - C



Security



Introduction to AWS | Shared Responsibility

Foundation Services

Compute Storage Database Network

AWS Global Infrastructure Regions

Availability Zones Edge Locations

Client-side Data Encryption & Data Integrity Authentication

Server-side Encryption (File System and/or Data)

Network Traffic Protection (Encryption/Integrity/Identity)

Platform, Applications, Identity & Access Management

Operating System, Network & Firewall Configuration

Customer Data

AWS

Cus

tom

er



Introduction to AWS | Physical Security

!   24x7 trained security guards

!   Locations in nondescript, undisclosed facilities

!   Two-factor authentication for ingress

!   Authorization for data center access



Introduction to AWS | Hardware, Software and Network

!   Automated change control process

!   Bastion servers that record all

access attempts

!   Firewall and other boundary devices

!   AWS monitoring tools



IMPLEMENTATION

DATADAILY SOFTWARESYSTEMCOPYRECOVERY

LOCATIONVALIDATION

COMPRESSIONSTORAGE

MEDIAWEEKLY

DEVICE INCREMENTAL REMOTE REPORTINGPOLICY LOCAL

LOG SERVER DEFFERENTIALPROTECTION

FULL SCHEDULING ONLINEMONTHLY MONITORING

MANAGINGCATALOG DATABASE

SECURITY

BACKUPOFF-LINE PROCESSRESTOREINDEX PROCEDURE

Introduction to AWS | Security and Compliance Resources

!   Secure API access points for

encrypted transmission over HTTPS

using SSL

!   Cryptographic keys and certificates

are required for any user or software

program to access an AWS API

!   Security Groups to let you control

external access to your instances



User Accounts

Create individual AWS Identity and

Access Management (IAM) user accounts

so that each user managing AWS has their own security

credentials

IAM

Introduction to AWS | SSL Endpoints

Subnet Control

In your Virtual Private Cloud, create low level networking

constraints for resource access,

such as public and private subnets,

internet gateways, and NATs

VPC

Secure Transmission

Establish secure communication

sessions (HTTPS) using SSL

SSL Endpoints

Instance Firewalls

Configure firewall rule for instances

and load balancers using Security

Groups

Security Groups



Introduction to AWS | Security Groups

Secure Transmission



SSL Endpoints

Instance Firewalls



Groups

Security Groups

User Accounts




credentials

IAM

Subnet Control





VPC



Introduction to AWS | AWS Multi-tier Security Groups

HTTP

SSH

DB-sync

Ports 80 and 443 only open to the internet

Engineering staff have SSH / RDP access to

Bastion host DB-sync can be established with a database server running on-premise

All other internet ports blocked by default

EC2

EC2

EBS

Web Tier

EC2



Introduction to AWS | Identity and Access Management (IAM)

Secure Transmission



SSL Endpoints

Instance Firewalls



Groups

Security Groups IAM

User Accounts




credentials

Subnet Control





VPC



Introduction to AWS | Account Control

AWS Identify and Access Management (IAM)

AWS Identity and Access Management (IAM) enables you to securely control access to AWS services and resources for your users. Using IAM, you can create and manage AWS users and groups and use permissions to allow and deny their permissions to AWS resources. If you are new to IAM, read the IAM Top 10 Best Practices.

Note: Master IAM accounts should not be used for production systems!!!



Introduction to AWS | Virtual Private Cloud (VPC)

VPC

Secure transmission



SSL Endpoints

Instance firewalls



Groups

Security Groups

User Accounts




credentials

IAM

Subnet Control







Introduction to AWS | Certifications and Accreditations

!   AWS publishes SOC 1 Type II, SOC 2 Type II and SOC 3 reports

!   AWS is PCI DSS Level 1 compliant and ISO 27001 certified

!   AWS has achieved FedRAMP compliance, received authorization from

the U.S. Government

!   FISMA Moderate level

!   Authorities to Operate (ATOs) under the Defense Information

Assurance Certification and Accreditation Program (DIACAP)



Additional Resources

Introduction to AWS | Additional Resources

Here are some additional resources:

!  More details and up to date information on Global Infrastructure can be found

online: http://aws.amazon.com/about-aws/globalinfrastructure/

!  AWS Management Console: https://console.aws.amazon.com/console/home.

!  AWS Security Assurance and Compliance Programs:

https://aws.amazon.com/compliance/

!  Security Center: http://aws.amazon.com/security

!   IAM Best Practices:

http://docs.aws.amazon.com/IAM/latest/UserGuide/IAMBestPractices.html



Introduction to AWS | Module Completion and Summary

Summary

You have reached the end of this training module. In summary, you have learned: !   How to navigate the AWS Management Console !   What is the AWS Global Infrastructure !   Describe the security measures AWS provides



AWS Storage Module 2



AWS Storage | Overview

Module Overview

This module describes the fundamental elements of AWS Storage with a focus on Amazon Simple Storage Service (S3) and Amazon Elastic Block Store (EBS).



AWS Storage | Learning Objectives

1 Identify key AWS storage options.

2 Describe Amazon Elastic Block Store (EBS).

Create an Amazon S3 Bucket and manage associated objects. 3

By the end of this training you will be able to:



AWS Storage | AWS Storage Products and Services

Amazon Simple Storage Service

Amazon Glacier

AWS Storage Gateway

Amazon Import/Export

Amazon Elastic

Block Store



AWS Storage | Amazon Simple Storage Service (S3)

Storage for the Internet. Natively online, HTTP access

Store and retrieve any amount of data, any time, from anywhere on the web

Highly scalable, reliable, fast and durable

Amazon Simple Storage Service



AWS Storage | Amazon S3 Storage Concepts

Amazon S3 Concepts

Amazon S3

Bucket with

Objects

Bucket

Object

!   Amazon S3 stores data as

objects within buckets

!   An object is comprised of a file

and optionally any metadata that

describes that file

!   You can have up to 100 buckets

in each account

!   You can control access to the

bucket and its objects



AWS Storage | Amazon S3 Concepts - Buckets

Amazon S3 Buckets Objects are stored in Buckets. Objects can be accessed via a URL:

!   Organize Amazon S3 namespace at highest level

!   Identify account – storage and data transfer charges

!   Access Control

!   Unit of aggregation for usage reporting Amazon S3 Bucket

http://johnsmith.s3.amazonaws.com/photos/puppy.jpg

Bucket Object



AWS Storage | Amazon S3 Concepts - Objects

Amazon S3 Objects Objects are the fundamental entities stored in Amazon S3. When using the console, you can think of them as being files. Objects consist of data and metadata. The data portion is opaque to Amazon S3. The metadata is a set of name-value pairs that describe the object.

!   Default metadata such as the date last modified

!   Standard HTTP metadata such as Content-Type

!   Custom metadata at the time the object is stored

!   An object is uniquely identified within a bucket by a key (name)

Object Bucket w/Objects



AWS Storage | Amazon S3 Object Lifecycle

Lifecycle Management

Lifecycle management defines how Amazon S3 manages objects during their lifetime. Some objects that you store in an Amazon S3 bucket might have a well-defined lifecycle: !   Log files

!   Archive documents

!   Digital media archives

!   Financial and healthcare records

!   Raw genomics sequence data

!   Long-term database backups

!   Data that must be retained for regulatory compliance



AWS Storage | Amazon S3 Pricing

!   Pay only for what you use

!   No minimum fee

!   Prices based on location of your Amazon S3 bucket

!   Estimate monthly bill using the AWS Simple Monthly Calculator

Pricing



AWS Storage | Amazon S3 Facts

Facts

!   Able to store unlimited number of Objects in a Bucket

!   Objects up to 5TB; no bucket size limit

!   Designed for 99.999999999% durability and 99.99% availability of objects

over a given year

!   HTTP/S endpoint to store and retrieve any amount of data, at any time,

from anywhere on the web

!   Highly scalable, reliable, fast, and inexpensive

!   Server-side Encryption using AES 256-bit symmetric keys

!   Access Logs for auditing

!   Provides standards-based REST and SOAP interfaces



AWS Storage | Amazon Glacier

Amazon Glacier Extremely low-cost storage

Secure, durable storage for data archiving and backup

Optimized for data that is infrequently accessed



AWS Storage | Amazon Glacier Storage Facts

!   Offload the administrative burdens of operating and scaling archival

storage to AWS, and make retaining data for long periods, whether

measured in years or decades, especially simple.

!   Optimized for data that is infrequently accessed and for which retrieval

time of several hours are suitable.

!   No limit to the amount of data you can store in Amazon Glacier.

!   Automatic Server-side Encryption using AES 256-bit symmetric keys.

!   Average annual durability of 99.999999999% for an archive.

Facts



AWS Storage | Amazon Elastic Block Store (EBS)

Amazon Elastic Block Store

Attach to running instance and expose as a block device

Persistent block level storage volumes for

use with Amazon EC2 instances

Snapshots stored durably in Amazon S3



AWS Storage | Amazon EBS Lifecycle

Create Vast amounts of unused space

Call CreateVolume 1 GB to 1 TB

Attach

Deleted

Call AttachVolume to affiliate with one Amazon EC2 instance

Attached &

In Use

• Format from Amazon EC2 instance OS

• Mount formatted drive

CreateSnapshot Snapshot to Amazon S3

Detach

Call DetachVolume Call DeleteVolume



AWS Storage | Amazon EBS Facts

Facts about Amazon EBS

!   Use for persistent storage

!   Can use to create RAID configuration for a server

!   Off-instance block storage that persists independently

!   Volumes behave like unformatted block devices for Linux or Windows instances



AWS Storage | Amazon EBS Use Case

Use Cases

!   OS Boot device / root file system; secondary volumes/filesystems

!   Typical basis for database storage

!   Raw block devices for RAID, some databases



AWS Storage | Amazon EBS Pricing

* Check Amazon EBS Pricing page for current pricing for all regions.

Pay for what you Provision

!   Pricing based on Region

!   AWS GovCloud (US) Pricing page

!   Review Pricing Calculator online



AWS Storage | Amazon EBS Best Practices

Amazon EBS Volumes are in a Single Availability Zone

Availability Zone A

EBS Volume 1

Availability Zone B

EBS Volume 2

Volume data is replicated across multiple servers in an Availability Zone.



AWS Storage | Amazon EBS and Amazon S3

Amazon EBS Amazon S3

Paradigm File system Object store

Performance Very fast Fast Redundancy Across multiple servers in an

Availability Zone Across multiple facilities and on

multiple devices within each facility Security Visible only to your

Amazon EC2 Public Key / Private Key

Access from the Internet?

No (1) Yes (2)

Typical use case

Its a disk drive Write once, read many

(1)  Accessible from Internet if mounted to server and set up as FTP, etc. (2)  Only with proper credentials, unless ACLs are world-readable



AWS Storage | AWS Storage Gateway

AWS Storage Gateway

Mirror your on-premises data to Amazon EC2 instances

Connect an on-premises software appliance with cloud-based storage

Securely upload data to the AWS cloud for cost effective backup and

rapid disaster recovery



AWS Storage | Gateway-Cached Volume Architecture



AWS Storage | AWS Storage Gateway Virtual Tape Library



AWS Storage | Amazon Import/Export

Amazon Import/Export

Uses Amazon high-speed internal network

Accelerates moving large amounts of data into and out of

Amazon S3 or Amazon EBS

Transfers your data directly onto and off of storage devices



AWS Storage | AWS Import/Export Support

Import/Export Support !   Accelerates moving large amounts of data into and out of Amazon S3 or Amazon EBS

!   Transfers your data directly onto and off of storage devices

!   Uses AWS high-speed internal network

Amazon S3

AWS Import/Export

Amazon S3

Amazon EBS

AWS Import/Export

AWS Import/Export

Amazon Glacier AWS Import/Export

Import to Amazon S3

Export from Amazon S3

Import to Amazon EBS

Import to Amazon Glacier

AWS Import/Export supports:



Amazon S3 Demo




AWS Storage | Additional Resources


!  Yelp Amazon Case Study: http://aws.amazon.com/solutions/case-studies/yelp/

!  Getting Started with Amazon S3 Video:

http://www.youtube.com/watch?v=1qrjFb0ZTm8&feature=youtu.be

!  Online Pricing Calculator: http://calculator.s3.amazonaws.com/calc5.html

!  Glacier: http://aws.amazon.com/glacier/

!   Introduction to Amazon EBS Video:

https://us-east-1-aws-training.s3.amazonaws.com/intro/elb.html



AWS Storage | Module Completion

Summary

You have reached the end of this training module. In summary, you have learned:

!   The key AWS storage options

!   What is an Amazon Elastic Block Store

!   How to create an Amazon S3 bucket and manage associated objects



Compute Services & Networking Module 3





Compute Services & Networking | Overview

Module Overview

This module describes the fundamental elements of AWS Compute and Networking, with a focus on Amazon Elastic Compute Cloud (EC2). This module will build off what you learned in Module 2 by verifying how to use Amazon Elastic Block Storage.



Compute Services & Networking | Learning Objectives

1 Identify the different AWS compute and networking options.

2 Describe what is Amazon Virtual Private Cloud (VPC).

4 Verify how to use Amazon Elastic Block Storage.

Create an Amazon Elastic Compute Cloud (EC2) Instance. 3




Compute Services & Networking | AWS Compute Products and Services

Amazon Elastic Compute Cloud

(EC2)

Amazon Elastic MapReduce

(EMR)

Auto Scaling



Compute Services & Networking | Amazon Elastic Compute Cloud (EC2)

Resizable compute capacity

Complete control of your computing resources

Reduces the time required to obtain and boot new server instances to minutes

Amazon Elastic Compute Cloud

(EC2)



Compute Services & Networking | Amazon EC2 Facts

!   Resizable compute capacity with many instance types

!   Reduces the time required to obtain and boot new server instances to minutes

or seconds

!   Scale capacity as your computing requirements change

!   Pay only for capacity that you actually use

!   Choose Linux or Windows

!   Deploy across Regions and Availability Zones for reliability

Facts about Amazon EC2



Compute Services & Networking | Using Amazon EC2

How to Use Amazon EC2

!   Select a pre-configured, Amazon Machine Image (AMI) to get up and running

immediately. Or create an AMI containing your applications, libraries, data, and

associated configuration settings.

!   Configure security and network access on your Amazon EC2 instance.

!   Choose which instance type(s) you want, then start, terminate, and monitor as

many instances of your AMI as needed, using the web service APIs or the

variety of management tools provided.

!   Determine whether you want to run in multiple locations, utilize static IP

endpoints, or attach persistent block storage to your instances.

!   Pay only for the resources that you actually consume, like instance-hours

or data transfer.



Compute Services & Networking | Amazon Machine Images (AMI)

AMIs

!   Building blocks of Amazon EC2 Instances

!   An AMI is a template of a computer's root volume

!   Can be public or private

!   Create “gold Images” of your Amazon EC2 infrastructure AMI



Compute Services & Networking | Infrastructure and Applications

!   Oracle

!   SAP

!   Microsoft

!   AWS Marketplace

Infrastructure and Applications



Compute Services & Networking | Amazon EC2 Instances

256

128

64

32

16

8

4

2

1

1 2 4 8 16 32 64 128

Amazon EC2 Compute Units

Mem

ory

(GB

)



Compute Services & Networking | Choosing the Right Instance

Your choice of Amazon EC2 instances matters…

!   A larger compute instance will sometimes save you not only time but money

too. Paying more per hour for a shorter amount of time can be less expensive.

!   Instances come in multiple sizes, allowing you to optimally scale resources to

the requirements of your workload. As you choose an instance type, consider

the following: –  Core count –  Memory size –  Storage size & type –  Network performance



Compute Services & Networking | Amazon EC2 Instances with Intel®

Additional Features that impact your workload:

!   Intel AES-NI1 – Intel processors that support these new encryption instructions

allow you to enable encryption for enhanced data security without paying a

performance penalty

!   Intel AVX – Get dramatically better performance for highly parallel HPC

workloads such as life science engineering, data mining, financial analysis, or

other technical computing applications. AVX also enhances image, video, and

audio processing.

!   Intel Turbo Boost Technology2 – Get a turbo boost of compute speed,

accelerating performance for peak loads. This Instance is appropriate for

traditional non-parallel workloads.

1. Intel AES-New Instructions (Intel AES-NI) requires a system with an AES-NI enabled processor, as well as non-Intel software to execute the instructions in the correct sequence. AES-NI is available on select Intel processors. For more information, see http://software.intel.com/en-us/articles/intel-advanced-encryption-standard-instructions-aes-ni/. 2. Intel Turbo Boost Technology requires a system with Intel Turbo Boost Technology capability. Performance varies depending on hardware, software, and system configuration. For more information, see http://www.intel.com/content/www/us/en/architecture-and-technology/turbo-boost/turbo-boost-technology.html



Compute Services & Networking | Choosing the Right Instance

Instances with All Three Intel® Xeon® Processor Technologies



Compute Services & Networking | Instances with Intel®

Amazon EC2 Intel Processor Specifications



Compute Services & Networking | Amazon EC2 Instances Pricing

Reserved Instances

!   1- or 3-year terms

!   Pay 1 time low up-

front fee for significant

hourly discount

!   Pay low up-front fee,

receive significant

hourly discount

!   Helps ensure

compute capacity is

available when

needed

!   Pay as you go for

compute power

!   Pay only for what you

use, no up-front

commitments or

long-term contracts

On-Demand Instances Spot Instances

!   Bid on unused

Amazon EC2

capacity

!   Spot Price based on

supply/demand,

determined

automatically

!   Spot Price below bid,

instances start

!   Spot Price above bid,

instances terminate

AWS Free

Usage Tier



Reserved Instances

Billing Options

ArchitecSng With AWS

Designing for Cost |



Reserved Instances

On Demand

Spot

Com

pute

Res

ourc

es

Compute Services & Networking | Leverage all 3 Instances



Compute Services & Networking | Compute Example

Virtual Machine Configuration

AMI

Running or Stopped VM

Instances VPC

EC2 “Classic”

“Public”

AZ Availability Zone

VPC

Region

VPC

EC2 “Classic”

“Public”

EBS EBS EBS EBS EBS EBS

Region S3

EBS Snapshots S3 Buckets



Amazon EC2 Demo



Compute Services & Networking | Amazon Virtual Private Cloud (VPC)

Availability Zone

Virtual Private Cloud

AWS Cloud

Public Subnet

Internet

Virtual Private Cloud

Availability Zone

Private Subnet

Availability Zone

VPN Only Subnet

DB Server DB Server

DB Server

DB Server DB Server

DB Server

Web Server Web Server

NAT

Customer Network

R



Compute Services & Networking | Amazon EC2 Security Groups

Public Amazon EC2 Virtual Private Cloud

Inbound Only Inbound and Outbound

TCP, UDP, ICMP only Any Internet Protocol

Assigned at launch Can be assigned or removed at anytime, including when running

Modify anytime Modify anytime



Compute Services & Networking | Amazon Elastic MapReduce (EMR)

Easily and cost-effectively process vast amounts of data

Utilizes a hosted Hadoop framework

Highly scalable

Amazon Elastic MapReduce

(EMR)



Compute Services & Networking | Amazon EMR Example

Amazon EMR Job Flow

Amazon Simple Storage Service (S3)

Amazon CloudWatch

Amazon EC2 Instance

The Amazon EMR job flow runs on a cluster of Amazon EC2 Instances

Input Data

Output Results M

etric

s



Compute Services & Networking | Amazon Auto Scaling

Auto Scaling

Scale your Amazon EC2 capacity automatically

Available at no additional charge

Well-suited for applications that experience variability

in usage



Compute Services & Networking | Amazon Auto Scaling Cont.

Elastic Capacity

1Ease of Use

2Cost Savings

3Actions

5Geographic

4



Compute Services & Networking | Elastic Capacity

1

With Auto Scaling, you can ensure that the number of Amazon EC2 instances you are using increases seamlessly during demand spikes to maintain performance, and decreases automatically during demand lulls to minimize costs.

Ease of Use

2Cost Savings

3Actions

5Geographic

4Elastic Capacity



Compute Services & Networking | Ease of Use

1 2 3 54

Manage your instances as a single collective entity and define rules for when instances should be added and removed. Replace lost or unhealthy instances automatically based on predefined thresholds.

Ease of Use Cost Savings Actions Geographic Elastic Capacity



Compute Services & Networking | Cost Savings

1 2 3 54

Save compute costs by terminating underused instances automatically and launching new instances when you need them, without the need for manual intervention.




Compute Services & Networking | Geographic

1 2 3 54

Distribute, scale, and balance applications automatically over multiple Availability Zones within a region to support scalability and geographic redundancy.




Compute Services & Networking | Actions

1 2 3 54

Schedule scaling actions for future times and dates when you expect to need more or less capacity.




Compute Services & Networking | Trinity of Services

Amazon Auto Scaling

Elastic Load Balancer

CloudWatch Auto Scaling

Latency

Execute Scaling Policy

99

Utilization



Networking



Compute Services & Networking | AWS Networking Products & Services

Amazon Virtual Private Cloud

Amazon Route 53

AWS Direct Connect

Elastic Load

Balancing



Compute Services & Networking | AWS Networking Products & Services

Amazon Route 53

AWS Direct Connect


Elastic Load

Balancing



Compute Services & Networking | Amazon Virtual Private Cloud (VPC)


Provision a private, isolated section of the AWS Cloud where you can launch AWS

resources in a virtual network that you define

You have complete control over your virtual networking environment: selection of IP address range, creation of

subnets, configuration of route tables, and network gateways

Define a virtual network topology that closely resembles a traditional network that you

might operate in your own datacenter



Compute Services & Networking | Amazon VPC

Bridge your Amazon VPC to your own IT infrastructure via an encrypted VPN connection.

Attach an Amazon Elastic IP address to any instance in your VPC so it can be reached directly from the Internet.

Control inbound and outbound access to subnets using Network Access Control Lists.

Divide your VPC’s private IP address range into multiple subnets. Create an Amazon VPC and

specify its private IP address range from any range you choose.

Amazon VPC

Internet

Amazon VPC



Compute Services & Networking | AWS Direct Connect

AWS Direct Connect

All AWS services, including Amazon EC2 and Amazon S3 can be used with AWS

Direct Connect

Use the same connection to access public resources such as objects stored in Amazon S3

Virtual interfaces can be reconfigured at any time



Compute Services & Networking | Networking

AWS Direct Connect

!   AWS Direct Connect establishes a

dedicated network connection from your

premises to AWS.

!   Establish private connectivity between

AWS and your datacenter, office, or

colocation environment.

!   Create multiple virtual interfaces to use

the same connection to access public

resources such as Amazon S3 and

private resources such as Amazon EC2

instances running within a VPC.



Compute Services & Networking | Amazon Route 53

Amazon Route 53

Route end users to Internet applications

Provides secure and reliable routing to your application instances

Answers DNS queries with low latency by

using a global network of DNS servers



Compute Services & Networking | Networking with Amazon Route 53

Amazon Route 53

!   Answers DNS queries with low latency by using a global network of DNS servers.

!   Queries for your domain are automatically routed to the nearest DNS server,

and thus answered with the best possible performance.

!   You pay only for managing domains through the service and the number of queries

that the service answers.



Compute Services & Networking | Elastic Load Balancing (ELB)

Elastic Load

Balancing

Supports the routing and load balancing of HTTP, HTTPS, and TCP traffic to Amazon EC2 instances

Dynamically grows and shrinks required resources

based on traffic

Supports health checks to ensure detect and

remove failing instances



Compute Services & Networking | Elastic Load Balancing Diagram



Elastic Load Balancing : Demo



Compute Services & Networking | Additional Resources



!  Amazon EC2 Instance Types: http://aws.amazon.com/ec2/instance-types/

!  Service Documentation: http://aws.amazon.com/documentation

!  White Papers: http://aws.amazon.com/whitepapers

!  AWS Free Usage Tier: http://aws.amazon.com/free/

!  AWS Support: http://aws.amazon.com/premiumsupport/

!  APN Partners supporting AWS Direct Connect:

http://aws.amazon.com/directconnect/partners/

!  AWS Security Process:

http://d36cz9buwru1tt.cloudfront.net/pdf/AWS_Security_Whitepaper.pdf



Summary

Compute Services & Networking | Module Completion


!  Amazon Virtual Private Cloud lets you provision a logically isolated section

with complete control over your virtual networking environment, including IP

address range, creation of subnets, and configuration of route tables and

network gateways

!  VPN and Direct Connect allows you to leverage the AWS cloud as an

extension of your corporate datacenter

!  Elastic Load Balancing service provides load balancing across multiple

instances in a region

!  Amazon Route 53 is a highly available scalable Domain Name System (DNS)

web service



Managed Services & Database

Module 4





Managed Services & Database | Overview

Module Overview

This module describes the fundamental elements of AWS Managed Services and Databases. This module will focus on key aspects of Amazon Relational Database Service (RDS) and how to execute Amazon RDS.



Managed Services & Database | Learning Objectives

1 Describe Amazon DynamoDB.

2 Verify the key aspects of Amazon Relational Database Service (RDS).

Execute Amazon Relational Database Service. 3




Managed Services & Database | Product and Services

Amazon ElastiCache

Amazon Relational Database Service

Amazon DynamoDB

Amazon Redshift



Managed Services & Database | Amazon Relational Database Service

Cost-efficient and resizable capacity

Access to the full capabilities of familiar MySQL, PostgreSQL, Oracle and SQL Server databases

Manages time-consuming database administration tasks

Amazon Relational Database Service



Managed Services & Database | Amazon RDS

Amazon Relational Database Services (RDS)

!  Easy to set up, operate, and scale a relational database in the cloud

!  Cost-efficient and resizable capacity while managing time-consuming database

administration tasks

!  Access to the full capabilities of a familiar SQL database

!  Automatically patches the database software and backs up your database

!  Ability to scale the compute resources or storage capacity associated with

your relational database instance via a single API call



Managed Services & Database | Amazon RDS & VPC

Amazon RDS & VPC !  You can select your own IP address range.

!  Create subnets, and configure routing and access control lists.

!  The basic functionality of Amazon RDS is the same whether it is running in a

VPC or not: Amazon RDS manages backups, software patching, automatic

failure detection, and recovery.

!  There is no additional cost to run your DB instance in a VPC.



Managed Services & Database | Amazon DynamoDB

Store any amount of data – no limits

Easily provision and change the request capacity needed for each table

Fast, predictable performance using SSDs

Amazon DynamoDB



If You Need Consider Using

A relational database service with minimal administration

Amazon RDS, a fully managed service that offers a choice of MySQL, Oracle or SQL Server database engines, scale compute & storage, Multi-AZ availability and more.

A fast, highly scalable NoSQL database service

Amazon DynamoDB, a fully managed service that offers extremely fast performance, seamless scalability and reliability, low cost and more.

A relational database you can manage on your own

Your choice of relational AMIs on Amazon EC2 and Amazon EBS that provide scale compute & storage, complete control over instances, and more.

Managed Services & Database | Database Considerations



Managed Services & Database | Amazon RDS and DynamoDB

Factors Relational (RDS) NoSQL (DynamoDB)

Application Type

• Existing database apps • Business process-centric apps Example: Financial transactions,

ERP apps, Multi-stage approval flows

•  New Web scale applications •  Large # of small writes and reads Example: Web, social, mobile apps,

shopping cart, order mgt, user preferences

Application Characteristics

• Relational data models, transactions

• Complex queries, joins and updates

• Simple data models, transactions • Range queries, simple updates

Scaling Application or DBA architected (clustering, partitions, sharding)

Seamless, on-demand scaling per application needs

QoS

•  Performance – depends on data model, indexing, query, and storage optimization

•  Reliability and availability – Managed Durability – Managed

•  Performance – Automatically optimized by the system

•  Reliability and availability – Managed •  Durability – Managed

Skill Set Existing programming skills – SQL + Programming languages

Web style programming – queries managed through programming and developers



Amazon ElastiCache

Managed Services & Database | Amazon ElastiCache

Seamlessly caches in front of Amazon

RDS instances

Manages patching, cache node failure detection and recovery

Memcached and Redis compliant cache cluster on-demand



Managed Services & Database | Amazon ElastiCache Security Groups



Amazon Redshift

Managed Services & Database | Amazon Redshift

Petabyte-scale service that manages all the work need to set up, operate, and scale

a data warehouse cluster

Dramatically reduces IO

Continuously monitors the health of the

cluster and replaces any component



Managed Services & Database | Amazon Redshift Facts

Amazon Redshift Amazon Redshift manages all the work needed to set up, operate, and scale a data warehouse cluster, from provisioning capacity to monitoring and backing up the cluster, to applying patches and upgrades. Scaling a cluster to improve performance or increase capacity is simple and incurs no downtime. The service continuously monitors the health of the cluster and automatically replaces any component, if needed.

Redshic Redshic

Redshic



Amazon RDS Demo




Managed Services & Database | Additional Resources


!  Service Documentation: http://aws.amazon.com/documentation

!  Pricing Calculator: http://aws.amazon.com/calculator/

!  Economics: http://aws.amazon.com/economics/

!  Pricing details for all services: http://aws.amazon.com/pricing/

!  Solutions Case Studies: http://aws.amazon.com/solutions/case-studies

!  Marketing Overview Materials: http://aws.amazon.com

!  Videos & Webinars: http://www.youtube.com/AmazonWebServices

!  AWS Blog: http://aws.typepad.com/



Summary


!   Describe Amazon DynamoDB

!   Verify key aspects of Amazon Relational Database Service (RDS)

!   How to execute Amazon RDS

Managed Services & Database | Module Completion



Deployment & Management Module 5





Deployment & Management | Overview

Module Overview

This module describes the fundamental elements of AWS Deployment & Management products and services.



Deployment & Management | Learning Objectives

1 Identify AWS CloudFormation.

2 Describe Amazon CloudWatch metrics and alarms.

Describe Amazon Identity and Access Management (IAM). 3




Deployment & Management | Product and Services

AWS Identity and Access Management

Amazon CloudWatch

Amazon Elastic

Beanstalk

Amazon CloudFormation



Deployment & Management | AWS Identity and Access Management (IAM)

AWS Identity and Access Management

(IAM)

Create and manage AWS users and groups and use permissions to allow and deny their

permissions to AWS resources

Use existing corporate identities to grant secure access to AWS resources, such as Amazon S3 buckets, without creating new

AWS identities for those users

Enables identity federation between your corporate directory and AWS

services



Deployment & Management | Using AWS IAM

Enable identity federation to allow existing identities (e.g. users) in your enterprise to access the AWS Management Console, to call AWS APIs, and to access resources, without the need to create an IAM user for each identity..

3

Manage federated users and their permissions

Create users in AWS IAM, assign them individual security credentials or request temporary security credentials to provide users access to AWS services and resources. Manage permissions in order to control which operations a user can perform.

2

Manage AWS IAM users and their access

1

Create roles in AWS IAM, and manage permissions to control which operations can be performed by the entity, or AWS service, that assumes the role. Define which entity is allowed to assume the role.

Manage AWS IAM roles and their permissions



Deployment & Management | Amazon CloudWatch

Amazon CloudWatch

Visibility into resource utilization, operational

performance, and overall demand patterns

Accessible via AWS Management Console, APIs, SDK, or CLI

Custom application-specific metrics of your

own



Deployment & Management | AWS CloudWatch Facts

AWS CloudWatch !   Visibility into resource utilization, operational performance, and overall

demand patterns

!   Metrics including CPU utilization, disk reads and writes, and network traffic

!   Custom application-specific metrics of your own

!   Accessible via AWS Management Console, APIs, SDK, or CLI



Deployment & Management | Amazon Elastic Beanstalk

Amazon Elastic

Beanstalk

Simply upload your application

Automatically handles the deployment details of capacity

provisioning, load balancing, auto scaling, and application health

monitoring

Retain full control over the AWS resources powering

your application



Deployment & Management | AWS Elastic Beanstalk Facts

AWS Elastic Beanstalk !   Quickly deploy and manage applications in the AWS cloud without worrying

about the infrastructure that runs those applications.

!   Reduce management complexity without restricting choice or control.



Deployment & Management | Amazon CloudFormation

Create templates of stack of resources

Use templates as a starting point or create your own

Deploy stack from template with runtime parameters

Amazon CloudFormation



Deployment & Management | Deployment and Management

Amazon CloudFormation Deployment and Management

!   Templates are simple JSON formatted text files

!   CloudFormer supports generating templates from running environments

"Resources" : {! "Ec2Instance" : {! "Type" : "AWS::EC2::Instance",! "Properties" : {! "SecurityGroups" : [ { "Ref" : "InstanceSecurityGroup" } ],! "ImageId" : { "Fn::FindInMap" : [ "RegionMap", { "Ref" : "AWS::Region" }, "AMI" ]},! "Tags" : [{! "Key" : "MyTag",! "Value" : "TagValue"! }]! }! },!



Deployment & Management | Deployment and Management

Amazon CloudFormation Deployment and Management

Use AWS CloudFormation’s sample templates or create your own templates to describe the AWS resources, and any associated dependencies or runtime parameters, required to run your application. Deploy and update a template and its associated collection of resources “called a stack” via the AWS Management Console, AWS CloudFormation command line tools or APIs. CloudFormation is available at no additional charge, and you pay only for the AWS resources needed.

Template AWS CloudFormaJon Stack




Deployment & Management | Additional Resources


!  AWS CloudFormation Sample Templates:

https://aws.amazon.com/cloudformation/aws-cloudformation-templates/

!  AWS User Groups: http://aws.amazon.com/usergroups/

!   Introduction to AWS IAM Training Video:

https://us-east-1-aws-training.s3.amazonaws.com/intro/iam.html



Summary


!   The key fundamental elements of AWS Deployment & Management

products and services.

Deployment & Management | Module Completion



Free to try

aws.amazon.com/free

New AWS accounts receive 12 months of

AWS Free Tier access

Self-Paced Labs

aws.amazon.com/training/ self-paced-labs

Try products, gain new skills, and get hands-on practice working with AWS

technologies

aws.amazon.com/training

Training

Skill up and gain confidence to design, develop, deploy and

manage your applications on AWS

Completion | Training Next Steps



Thank You Hope you enjoyed the training!

We value your feedback

[email protected]

#AWSomeDay

@awsoblako

@dbatalov

AWSome Day Moscow 2014

Internet

Transcript of AWSome Day Moscow 2014