Amazon Web Services

Jinesh Variajvaria@amazon.com

Technology Evangelist

Amazon Web Services

Customers in 190 Countries

Keys to choosing a Cloud

Keys to choosing a CloudSecurity and OperationalExcellence

#1Priority

InvestmentFocusMotivation

SAS 70 Type II AuditISO 27001/2 CertificationPCI DSS 2.0 Level 1-5HIPAA/SOX ComplianceFISMA A&A Low

Enforce IAM policiesUse MFA, VPC, Leverage S3

bucket policies, EC2 Security groups, EFS in EC2 Etc..

Encrypt data in transitEncrypt data at rest

Protect your AWS CredentialsRotate your keys

Secure your application, OS, Stack and AMIs

In the cloud, Security is a Shared Responsibility

Application Security

Services Security

Infrastructure Security

How we secure our infrastructure

What security options and features are available to you?

How can you secure your application and what is your responsibility?

Keys to choosing a CloudSecurity and OperationalExcellence

Keys to choosing a Cloud

Provides Flexibility and Choice

Security and OperationalExcellence

The “Living and Evolving” AWS Cloud

ComputeAmazon EC2Auto Scaling

NetworkAmazon VPC

Elastic LBAmazon Route 53

Amazon Global Physical Infrastructure (Geographical Regions, Availability Zones, Edge Locations)

StorageAmazon S3

Amazon EBS

Content DeliveryAmazon

CloudFront

EmailAmazon SES

Your Application

PaymentsAmazon DevPay

Amazon FPS

Parallel Processing

Amazon Elastic MapReduce

DatabaseAmazon RDS

Amazon SimpleDB

MessagingAmazon SNSAmazon SQS

Libraries and SDKs.NET/Java etc.

Web InterfaceManagement Console

ToolsAWS Toolkit for Eclipse

Command Line Interface

WorkforceAmazon

Mechanical Turk

Authentication and AuthorizationAWS IAM, MFA

MonitoringAmazon CloudWatch

Deployment and AutomationAWS Elastic BeanstalkAWS CloudFormation

Low-level Infrastructure building blocks

High-level Infrastructure building blocks

Tools to access services

Cross Service features

The “Living and Evolving” AWS Cloud

ComputeAmazon EC2

NetworkAmazon VPC

Elasti c LBAmazon Route 53

Amazon Global Physical Infrastructure (Geographical Regions, Availability Zones, Edge Locations)

StorageAmazon S3

Amazon EBS

Content DeliveryAmazon

CloudFront

EmailAmazon

SES

Your Applicati on

Payments

Amazon DevPayAmazon

FPS

Parallel Processing

Amazon Elasti c

MapReduce

DatabaseAmazon RDS

Amazon SimpleDB

Messaging

Amazon SNS

Amazon SQS

Libraries and SDKs

.NET/Java etc.

Web InterfaceManagement

Console

ToolsAWS Toolkit for

Eclipse

Command Line Interface

Workforce

Amazon Mechanical

Turk

Authenti cati on and Authorizati onAWS IAM, MFA

MonitoringAmazon

CloudWatch

Deployment and Automati onAWS Elasti c BeanstalkAWS CloudFormati on

Low-level Infrastructure building blocks

High-level Infrastructure building blocks

Tools to access services

Cross Service features

Keys to choosing a Cloud

Provides Flexibility and Choice

Security and OperationalExcellence

Keys to choosing a Cloud

Provides Flexibility and Choice

Listens to the customer’s requests and iterates quickly

Security and OperationalExcellence

2009Jan

» Amazon RDS» High-Memory Instances» Lower EC2 Pricing

» AWS Multi-Factor Authentication» Virtual Private Cloud» Lower Reserved Instance Pricing

» AWS Security Center

» Reserved Instances in EU Region» Elastic MapReduce» SQS in EU Region

» New SimpleDB Features» FPS General Availability

» Lower pricing tiers for Amazon CloudFront» AWS Management Console

» Amazon EC2 with Windows» Amazon EC2 in EU Region» AWS Toolkit for Eclipse» Amazon EC2 Reserved Instances » AWS Import/Export

» New CloudFront Feature» Monitoring, Auto Scaling & Elastic Load Balancing

» Amazon Elastic MapReduce in Europe

» EBS Shared Snapshots» SimpleDB in EU Region» Monitoring, Auto Scaling & Elastic Load Balancing in EU

Feb

Mar

Apr

May

JunAug

JulSep

Oct Nov

Dec

Feb

» Amazon CloudFront Private Content» SAS70 Type II Audit» AWS SDK for .NET

» Amazon EC2 with Windows Server 2008, Spot Instances, Boot from Amazon EBS» Amazon CloudFront Streaming» Amazon VPC enters Unlimited Beta» AWS Region in Northern California» International Support for AWS Import/Export

» Amazon EC2 Reserved Instances with Windows, Extra Large High Memory Instances» Amazon S3 Versioning Feature» Consolidated Billing for AWS» Lower pricing for Outbound Data Transfer

2010Jan Ma

r

» Amazon SNS

The pace of innovation in 2009

2010Jan

» Amazon RDS Read Replicas» Suse EC2 Linux» Amazon SNS Console» Amazon ELB HTTPS» AWS Free Tier» EMR Resizing Cluster

» RDS Reserved» CloudFront Default Root» Startup Challenge 2010» CloudFront Invalidation

» CloudFront HTTPS» NYC Edge Location» Lowers Pricing HTTP» AWS Import Export GA» Amazon SNS» Amazon S3 Console» Amazon EBS CloudWatch

» Amazon SNS» Combined AWS Data Transfer Savings» Amazon EMR Bootstrap Actions» Amazon ELB Session Stickiness» Amazon RDS in EU» New Singapore Region

» EMR JobFlow Debugging» Simple DB Consistent Reads» Simple DB Conditional Puts

» VPC in EU» Amazon RDS in US-west» Amazon CloudFront Access Logs» Amazon RDS Multi-AZ» Amazon S3 RRS» Amazon RDS Console

» Amazon SQS Longer retention, Free TierAmazon S3 Bucket Policies» Amazon VPC IP Address» Cluster Compute Instances» Amazon S3 RRS Notifications

» Lowered Pricing EC2» AWS IAM» Amazon VPC Console» Micro Instances» Amazon Linux AMI» Amazon EC2 Tagging, Filtering, Idempotency, » Oracle Certified AWS» AWS PHP SDK

Feb Mar

Apr May

Jun AugJul Sep Oct Nov Dec Feb

» Amazon S3 Lowered Pricing» CloudFront GA, SLA» S3 Multipart» GPGPU Instance Types» ISO27001/2 Certification

» AWS Elastic Beanstalk» Amazon Simple Email Service» Improved AWS Support “Bronze”» Amazon CloudWatch Console

» AWS CloudFormation» Amazon S3 Static Websites» AWS IAM Website Login» Paris Edge Location

2011Jan Mar

» VM Connector» Tokyo Region» AWS Support JP

And pace accelerates in 2010….

» Amazon EC2 Reserved Instances with Windows, Extra Large High Memory Instances» Amazon S3 Versioning Feature» Consolidated Billing for AWS» Lower pricing for Outbound Data Transfer

» AWS Java SDK» Windows BYOL» Singapore Pop» CloudFront Private Streaming

» Free Monitoring EC2» Amazon Route 53» PCI DSS Level 1 Certification» Mobile SDKs (Android, iPhone)» Large Object S3 Support» Florida POP» Import/Export APAC

» New VPC» Dedicated Instances» Windows2008 R2

Innovative Business Models

On-demandInstances

• Pay as you go

• Starts from 0.03/Hour

ReservedInstances

• Onetime upfront + Pay as you go

• $56 for 1 year term and then $0.01/Hour

SpotInstances

• Requested Bid Price and Pay as you go

• $0.005 /Hour as of today at 9 AM

Dedicated Instances

• Multi-Tenant Single Customer

• $10 /Region + $0.105/Hour

For Spiky workloads

For Steady State

Workloads

For Time-insensitive workloads

For Regulatory and Compliant

Workloads

Keys to choosing a Cloud

Provides Flexibility and Choice

Listens to the customer’s requests and iterates quickly

Security and OperationalExcellence

Keys to choosing a Cloud

Provides Flexibility and Choice

Listens to the customer’s requests and iterates quickly

Continues to lower costs for customers

Security and OperationalExcellence

AWS History of Lowering Prices

Apr 22, 2008 AWS Lowers Data Transfer Costs – Effective May 1Oct 09, 2008 New Tiered Pricing for Amazon S3 StorageJan 28, 2009 New Lower Pricing Tiers for Amazon CloudFrontAug 20, 2009 New Lower Prices for Amazon EC2 Reserved InstancesSep 30, 2009 New Lower Price for Windows Instances with Authentication ServicesOct 27, 2009 Announcing Lower Amazon EC2 Instance PricingDec 08, 2009 AWS Announces Pricing Changes Amazon S3 Storage Pricing Tiers Amazon S3 EU (Ireland) Pricing Amazon EC2 Windows Instance EU (Ireland) Pricing Free Inbound Data Transfer (until June 30, 2010)Feb 01, 2010 AWS Announces Lower Pricing for Outbound Data TransferApr 01, 2010 Announcing Combined AWS Data Transfer PricingMay 19, 2010 Announcing Amazon S3 Reduced Redundancy StorageJun 07, 2010 Amazon CloudFront Adds HTTPS Support, Lowers Prices, Opens NYC Edge LocationJul 01, 2010 Amazon SQS introduces Free TierSep 01, 2010 New Lower Prices for High Memory Double and Quadruple XL InstancesOct 05, 2010 Lower High Memory DB Instance Prices for Amazon RDSOct 21, 2010 Announcing AWS Free Usage Tier Nov 01, 2010 Amazon S3 Reduces Storage PricingDec 03, 2010 Amazon CloudWatch Free Monitoring

Keys to choosing a Cloud

Provides Flexibility and Choice

Listens to the customer’s requests and iterates quickly

Continues to lower costs for customers

Helps the customer compete in the Global Market

Security and OperationalExcellence

Keys to choosing a Cloud

Provides Flexibility and Choice

Listens to the customer’s requests and iterates quickly

Continues to lower costs for customers

Helps the customer compete in the Global Market

Security and OperationalExcellence

US West(Northern California)

US East(Northern Virginia)

Europe West(Dublin)

Asia Pacific Region

(Singapore)

Ashburn, Dallas, Los Angeles, Miami, Newark, Palo Alto, Seattle, St. Louis, Amsterdam, Dublin, Frankfurt, London, Hong Kong, Singapore, Tokyo

Amazon CloudFrontEdge Locations

Asia Pacific Region(Japan)

Singapore-1b

RDSMulti-

AZ

Singapore

Auto Scaling group : Web App Tier

RDSMast

er

Europe TrafficAsia Traffic

ELB

Geo IP/Directional DNS Server

US West Traffic

DNS

CNAME

Software-based Data Replicator

US East Traffic

WebApp

WebApp

WebApp

WebApp Web

App

WebApp

EU-West-1b

RDSMulti-

AZ

EU-West

Auto Scaling group : Web App Tier

RDSMast

er

ELB

WebApp

WebApp

WebApp

WebApp Web

App

WebApp

US-East-1b

RDSMulti-

AZ

US-East

Auto Scaling group : Web App Tier

RDSMast

er

ELB

WebApp

WebApp

WebApp

WebApp Web

App

WebApp

US-West-1b

RDSMulti-

AZ

US-West

Auto Scaling group : Web App Tier

RDSMast

er

ELB

WebApp

WebApp

WebApp

WebApp Web

App

WebApp

Keys to choosing a Cloud

Provides Flexibility and Choice

Listens to the customer’s requests and iterates quickly

Continues to lower costs for customers

Helps the customer compete in the Global Market

Security and OperationalExcellence

Jinesh Variajvaria@amazon.com Twitter:@jinman

Thank you!

Thank You!

Jinesh Variajvaria@amazon.com

Follow me on Twitter: @jinman