Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Â
AWS Summit Auckland - Introducing Well-Architected for Developers
1. Š 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Ben Potter, Professional Services Consultant, Amazon Web Services
Richard Paul, Technical Lead, Orion Health
Introducing Well-Architected
For Developers
Technical 101
3. What We Will Cover
⢠The Well-Architected Framework
⢠Key Best Practices
⢠How to Get Started
⢠Resources
4. Main Pillars
Security Reliability Performance
Efficiency
Cost
Optimisation
Account
Access Keys
Network
Services
High Availability
Load Balancing
Backup and DR
Auto Scaling
Right-Sizing
Benchmarking
Load Testing
Monitoring
Managed-
Services
Cost Awareness
Tagging
5. General Design Principles
⢠Secure from the Start
⢠Stop Guessing your Capacity Needs
⢠Test Systems at Production Scale
⢠Lower the Risk of Architecture Change
⢠Automate to make Architectural Experimentation Easier
⢠Allow for Evolutionary Architectures
9. Security
The ability to protect information, systems and assets while
delivering business value through risk assessments and
mitigation strategies.
⢠Data Protection
⢠Privilege Management
⢠Infrastructure Protection
⢠Detective Controls
10. Security: Shared Responsibility
AWS Foundation Services
Compute Storage Database Networking
AWS Global
Infrastructure
Regions
Availability Zones
Edge
Locations
Client-side Data
Encryption
Server-side Data
Encryption
Network Traffic
Protection
Platform, Applications, Identity & Access Management
Operating System, Network, and Firewall Configuration
Customer applications & content
Customers
11. Security: Credentials
⢠As soon as you Create a new AWS Account Enable MFA
⢠Use Identity and Access Management Service (IAM) to
Create Users, even if its only 1
⢠Protect all of your Credentials
⢠DO NOT place Access Keys in CodeâŚEVER!
'key' => '1111-2222-3333-4444-5555â,
'secret' => 'aaaa-bbbb-cccc-dddd-eeee',
12. Security: EC2 Role
1: Create EC2 role
Create role in IAM service with
limited policy
2: Launch EC2 instance
Launch instance with role
3: App retrieves credentials
Using AWS SDK application
retrieves temporary credentials
4: App accesses AWS resource(s)
Using AWS SDK application uses
credentials to access resource(s)
Instance
13. Security: EC2 Role â PHP SDK
⢠PHP SDK: Using an Instance Profile (EC2 role)
use AwsCredentialsCredentialProvider;
use AwsS3S3Client;
$provider = CredentialProvider::instanceProfile();
// Be sure to memoize the credentials
$memoizedProvider = CredentialProvider::memoize($provider);
$client = new S3Client([
âregion' => âap-southeast-2',
'version' => '2006-03-01',
'credentials' => $memoizedProvider
]);
14. Security: Cognito
Identity
Providers
Unique
Identities
Any Device
Any Platform
Any AWS
Service
Helps implement Security Best Practices
Securely access any AWS Service from mobile
device. It simplifies the interaction with AWS
Identity and Access Management
Support Multiple Login Providers
Easily integrate with major login providers for
authentication.
Unique Users vs. Devices
Manage unique identities. Automatically
recognise unique user across devices and
platforms.
Mobile Analytics S3 DynamoDB Kinesis
Joe Anna Bob
15. Security: Network and Boundary
⢠Security Groups are Built-in Stateful Firewalls
⢠Divide Layers of the Stack into Subnets
⢠Use a Bastion Host for Access
⢠Implement Host Based Controls
16. Two Layers with Security Groups
Availability Zone A
User
Availability Zone B
WEB
Server
RDS DB Instance
Web Subnet A
DB Subnet A
WEB
Security Group
DB
Security Group
17. Security: Instance, Monitoring and Auditing
⢠Configure Encryption Everywhere Possible
⢠Configure CloudTrail Service
⢠Configure VPC Flow Logs
⢠Collect all Logs Centrally and Alert
Virtual Private
Cloud
Identity &
Access
Manager
Key
Management
Service
CloudTrail AWS
Config
20. Reliability
The ability of a system to recover from infrastructure or
service failures, dynamically acquire computing resources
to meet demand and mitigate disruptions such as
misconfigurations or transient network issues.
⢠Foundations
⢠Change Management
⢠Failure Management
21. Reliability: High Availability
⢠No Single Point of Failure
⢠Multiple Availability Zones
⢠Load Balancing
⢠Auto Scaling and Healing
22. Multi AZ, Load Balanced, Auto Scaled
Availability Zone A
Amazon
Route 53User
Availability Zone B
Elastic Load
Balancing
WEB
Server
WEB
Server
WEB
Server
WEB
Server
WEB
Server
WEB
Server
RDS DB Instance
Standby
RDS DB Instance
Active
Auto Scaling
Group
Web Subnet A Web Subnet B
DB Subnet A DB Subnet A
26. Performance Efficiency
The ability to use computing resources efficiently to meet
system requirements and to maintain that efficiency as
demand changes and technologies evolve.
⢠Compute
⢠Storage
⢠Database
29. Performance Efficiency: Proximity and Caching
⢠Session State in ElastiCache (Redis) for .NET:
<sessionState mode="Custom" customProvider="MySessionStateStore">
<providers>
<add name="MySessionStateStore" type="Microsoft.Web.Redis.RedisSessionStateProvider"
host="aspnet.k30h8n.0001.use1.cache.amazonaws.com"
accessKey="" ssl="false" />
</providers>
</sessionState>
30. Multi AZ, Load Balanced, Auto Scaled, Caching
Availability Zone A
Amazon
Route 53User
Amazon S3
Amazon
CloudFront
Availability Zone B
Elastic Load
Balancing
RDS DB Instance
Read Replica
WEB
Server
WEB
Server
WEB
Server
ElastiCache RDS DB Instance
Read Replica
WEB
Server
WEB
Server
WEB
Server
ElastiCacheRDS DB Instance
Standby
RDS DB Instance
Active
Auto Scaling
Group
Web Subnet A Web Subnet B
Web Subnet A
AWS WAF
31. Authenticate Users
Authorise Access
Analyse User Behavior
Store and Share Media
Synchronise Data
AWS Mobile SDK
Amazon Mobile
Analytics
Deliver Media
Amazon Cognito
(Sync)
AWS Identity and
Access Management
Amazon Cognito
(Identity Broker)
Amazon S3
Transfer Manager
Amazon CloudFront
(Device Detection)
Store Shared Data
Amazon DynamoDB
(Object Mapper)
Stream Real-time Data
Amazon Kinesis
(Recorder)
Send Push Notifications
Amazon SNS
Mobile Push
Your
Mobile
App
Run Business Logic
AWS Lambda
33. Cost Optimisation
The ability to avoid or eliminate unneeded cost or
suboptimal resources.
⢠Matching Capacity and Demand
⢠Cost-effective Resources
⢠Expenditure Awareness
⢠Optimising Over Time
34. Cost Optimisation: Capacity Matching
⢠Demand Based
⢠Queue Based
⢠Schedule Based
⢠Appropriately Provisioned
⢠Instance Matching
⢠Pro-active Monitoring and Action
Amazon
SQS
Optimised
instance
Amazon
SWF
39. Who am I
Technical Lead for Delivery Engineering tribe
We provide efficient delivery pipelines (services and
tooling) for teams across Orion Health
Organiser of the Auckland Continuous Delivery Meetup
group.
40. What we Value
⢠Robots not Monkeys
⢠Cattle not Pets
⢠DRY â Don't repeat yourself
44. $$$
⢠Automation = easy to create new environments
⢠AWS loves you, your boss might not :D
⢠Cost Engineering required to keep your shiny toys
46. Lights Out â Automate with EC2-Operator
Simple python script, runs in Lambda every 10 minutes.
auto: stop=0 6 * * *
auto: expiry=2016-12-31;
stop=0 6 * * *
auto: expiry=persistent
stop=0 8 * * *;start=0 18 * * *
47. Clean Up â Automate with Janitor Monkey!
Open sourced by Netflix
We use it to automatically clean up:
Emails warnings to Owner tag for AWS resources
EC2 EBS S3 RDS
48. Summary â Cost Saving Tips
â Make use of APIs
â Understand your highest costs (cost explorer)
â Start simple, for us that was
â lights out
â EC2 instance clean up
â Terminate whenever possible (cattle)
â EBS volumes for stopped instance still have a cost
â Iterate
â Make use of APIs ;)
58. Developer Support
The Developer Support plan offers resources for customers
testing or developing on AWS, as well as any customers
who:
⢠Want Access to Guidance and Technical Support
⢠Are Exploring how to Quickly put AWS to Work
⢠Use AWS for Non-production Workloads or Applications
⢠Trusted Advisor â Core Checks
⢠Architecture Support â Developer
59.
60. Get Started
Architecture Centre: https://aws.amazon.com/architecture/
AWS Well-Architected Framework
https://aws.amazon.com/whitepapers/
10m Tutorials: https://aws.amazon.com/getting-started/
62. AWS Training & Certification
Intro Videos & Labs
Free videos and labs to
help you learn to work
with 30+ AWS services
â in minutes!
Training Classes
In-person and online
courses to build
technical skills â
taught by accredited
AWS instructors
Online Labs
Practice working with
AWS services in live
environment â
Learn how related
services work
together
AWS Certification
Validate technical
skills and expertise â
identify qualified IT
talent or show you
are AWS cloud ready
Learn more: aws.amazon.com/training
63. Your Training Next Steps:
ďź Visit the AWS Training & Certification pod to discuss your
training plan & AWS Summit training offer
ďź Register & attend AWS instructor led training
ďź Get Certified
AWS Certified? Visit the AWS Summit Certification Lounge to pick up your swag
Learn more: aws.amazon.com/training