SlideShare uma empresa Scribd logo
1 de 232
Welcome to:
Technical Essentials Day
AWS
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Objectives
Recognize terminology and concepts as they relate to the AWS
platform and navigate the AWS Management Console.
Understand the foundational services, including Amazon Elastic
Compute Cloud (EC2), Amazon Virtual Private Cloud (VPC), Amazon
Simple Storage Service (S3), and Amazon Elastic Block Store
(EBS).
Understand the security measures AWS provides and key concepts
of AWS Identity and Access Management (IAM).
Understand AWS database services, including Amazon DynamoDB
and Amazon Relational Database Service (RDS).
Understand AWS management tools, including Auto Scaling,
Amazon CloudWatch, Elastic Load Balancing (ELB), and AWS
Trusted Advisor.
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Module Layout
Module 1: Introduction and History of AWS
Module 2: Foundational Services – Amazon EC2, Amazon
VPC, Amazon S3, Amazon EBS
Module 3: Security, Identity, and Access Management - IAM
Module 4: Databases – Amazon DynamoDB and Amazon RDS
Module 5: AWS Elasticity and Management Tools – Auto
Scaling, Elastic Load Balancing, Amazon CloudWatch, and
AWS Trusted Advisor
Module 6: Wrap-Up
Module 7: Appendices
Module 1:
Introduction and
History of AWS
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Amazon History
1994: Jeff Bezos
incorporated the
company.
1995:
Amazon.com
launched its
online
bookstore.
2005:
Amazon
Publishing
was
launched.
2006:
Amazon
Web
Services
(AWS) was
launched.
2007:
Kindle was
launched.
2011:
Amazon
Fresh was
launched.
2012: Amazon
Game Studios
was launched.
2013:
Amazon Art
was
launched.
2014:
Amazon
Prime Now
was
launched.
2015: Amazon
Echo were
launched.
2018:
Amazon go
was
launched.
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Amazon Web Services
Enable businesses and
developers to use web services
to build scalable, sophisticated
applications.
ComputeMessaging
Mobile
App Services
Database
Networking
Development and
ManagementTools
Payments
VPC
On-DemandWorkforce
Analytics Content Delivery
Storage
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS Pace of Innovation
AWS offers over 175 fully featured services for compute,
storage, databases, networking, analytics, machine
learning, and artificial intelligence (AI), Internet of Things
(IoT), mobile, security, hybrid, and application
development, deployment, and management. AWS has
launched a total of 1845 new features or services year to
date* for a total of 6,284 new features or services since
inception in 2006.
* As of December 2019
2011
82
722
1,430
280
2013 2015 2017
AWS Pace of Innovation
2019
1,845
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
6,284
AWS Direct
Connect
AWS Elastic Beanstalk
Schema Conversion Tool
AWS Shield
Amazon EFS
WorkSpaces
Amazon Lumberyard
Amazon
Pinpoint
AWS IoT
AWS Managed Services
Amazon Route 53
AWS Import/Export
AWS OpsWorks for
Chef Automate
Amazon Redshift
Amazon DynamoDB
Amazon Polly
AWS
Snowball
AWS Organizations
Device Farm
AWS Config
Amazon RDS
for Aurora
WorkDocs
AWS
Snowball Edge
AWS CodeCommit
AWS CodePipeline
AWS Service Catalog
CloudWatch Logs
Amazon Lex
AWS IoT
Greengrass
Amazon EC2
Systems Manager
AWS WAF
Amazon AppStream 2.0
Amazon
Athena
AWS Glue
Amazon Lightsail
Amazon Rekognition
AWS Step Functions
AWS Discovery
Services
AWS Certificate
ManagerAmazon
ElastiCache
Mobile
Analytics
AWS Mobile Hub
AWS Storage Gateway
AWS OpsWorks
AWS Batch
Amazon Inspector
Amazon Cognito
AWS CodeDeploy
AWS Personal Health Dashboard
AWS Snowmobile
Lambda
AWS CodeBuild
AWS X-Ray
Amazon QuickSight
Amazon Kinesis Firehose
Amazon
WorkMail
Amazon Inspector
Amazon Machine
Learning
Total New Services and Features
*
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS Customers
Public Sector
Paving the way for innovation and
supporting world-changing projects
projects
in government, education and nonprofit
nonprofit organizations.
Startups
From the spark of an idea, to your first
customer, to IPO and beyond, let Amazon
Web Services help you build and grow
your startup.
Enterprise Customers
Amazon Web Services delivers a mature set
of services specifically designed for the
unique security, compliance, privacy, and
governance requirements of large
organizations.
.
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Advantages and Benefits of AWS Cloud
Computing
Trade capital expense
for variable expense.
Benefit from massive
economies of scale.
Stop guessing
capacity.
Go global in minutes.
Increase speed and
agility.
Stop spending money on
running and maintaining data
centers.
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS as a Leader in Cloud Infrastructure
as a Service
AWS is positioned as a
leader in the Gartner Magic
Quadrant for Cloud
Infrastructure as a Service
worldwide*.
AWS is rated highest in
execution and furthest in vision
within the Leaders Quadrant.
*Gartner, Magic Quadrant for Cloud Infrastructure as a Service, Worldwide,Raj Bala, Bob Gill, Dennis Smith, David Wright, July 2019
This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document.
The Gartner document is available upon request from AWS. https://pages.awscloud.com/Gartner-Magic-Quadrant-for-Infrastructure-as-a-Service-
Worldwide.html - Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology
users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's
research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this
research, including any warranties of merchantability or fitness for a particular purpose.
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS Core Infrastructure and Services
Traditional Infrastructure Amazon Web
Services
Security
Network
Security
Network
Security Groups NACLs Access Mgmt
VPCVPC
EC2 “Classic”
“Public”
ELB
On-DemandProvision
Security
Security groups Network ACLs AWS IAMFirewalls ACLs Administrators
Storage
and
Database
RDBMSDAS SAN NAS Amazon
EBS
Amazon
EFS
Amazon
S3
Amazon
RDS
Networking
AmazonVPCElastic Load BalancingRouter Network pipeline Switch
Servers
AMI Amazon EC2 instancesOn-premises servers
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS Cloud Computing
Infrastructure Regions Edge locationsAvailability Zones
Foundation
Services
Compute
(Virtual,Auto Scaling, and
load balancing)
Networking
Applications Virtual Desktops Collaboration and Sharing
Platform
Services
Databases
Relational
NoSQL
Caching
Analytics
Cluster
Computing
Real-time
Data Warehouse
Data Workflows
App Services
Queuing
Orchestration
App Streaming
Transcoding
Email
Search
Deployment and Management
Containers
DevOps Tools
ResourceTemplates
UsageTracking
Monitoring and Logs
Mobile Services
Identity
Sync
MobileAnalytics
Notifications
Storage
(Object, block, and archive)
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Compute
Amazon EC2
Network
Amazon CloudFront
Amazon Route 53
Amazon VPC
AWS Direct Connect
Elastic Load Balancing
Storage
Amazon EFS
Amazon S3 Glacier
Amazon S3
AWS Snowball
AWS Storage Gateway
Security & Identity
Amazon Inspector
AWS Artifact
AWS Certificate Manager
AWS CloudHSM
AWS Directory Service
AWS IAM
AWS KMS
AWS Organizations
AWS Shield
AWS WAF
Applications
Amazon WorkDocs
Amazon WorkMail
Amazon AppStream 2.0
Amazon WorkSpaces
Amazon Elastic
Container Registry
Amazon Elastic
Container Service
Amazon Lightsail
AWS Batch
AWS Elastic
Beanstalk
AWS Lambda
AWS Foundation Services
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS Platform Services
Databases
Amazon
DynamoDB
Analytics
Amazon
Athena
Application
Services
Amazon API
Gateway
Management
Tools
Amazon RDS
Amazon
ElastiCache
Amazon Redshift
Amazon
CloudSearch
Amazon EMR
Amazon
Elasticsearch
Service
Amazon
Kinesis
Amazon
QuickSight
Amazon
AppStream 2.0
Amazon
Elastic
Transcoder
Amazon SWF
AWS Step
Functions
Amazon
CloudWatch
AWS
CloudFormation
AWS
CloudTrail
AWS
Config
AWS Managed
Services
AWS
OpsWorks
AWS
Service Catalog
AWS Trusted
Advisor
Developer
Tools
AWS
CodeBuild
AWS
CodeCommit
AWS
CodeDeploy
AWS
CodePipeline
AWS X-Ray
Mobile
Services
Amazon
Cognito
Amazon
Mobile Analytics
Amazon
Pinpoint
AWS
Device Farm
AWS
Mobile Hub
Internet
ofThings
AWS IoT
AWS IoT
Greengrass
AWS CodeStar
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS Global Infrastructure
Regions
Geographic locations
Consist of at least two Availability Zones
Availability Zones
Clusters of data centers
Isolated from failures in other Availability Zones
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS Global Infrastructure Map
AWS spans 76 Availability
Zones within 24 Regions around
the world, and has announced
plans for 9 more Availability
Zones and 3 more AWS Regions
in Indonesia, Japan, and Spain.
* As of January 2020
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS Global Infrastructure Regions
At least 2 Availability Zones per region
Examples:
Note: Conceptual drawing only. The number of Availability Zones (AZ) may vary.
US East (VA)
AZ - a AZ - b
AZ - c AZ - d
AZ - e
Asia Pacific (Tokyo)
AZ - a AZ - b
AZ – c
US East (N. Virginia)
us-east-1a
us-east-1b
us-east-1c
us-east-1d
us-east-1e
us-east-1f
AZ - f
Asia Pacific (Tokyo)
ap-northeast-1a
ap-northeast-1b
ap-northeast-1c
ap-northeast-1d
AZ - d
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
High Availability Using Multi-AZ
Deployments
Availability
Zone - A
Availability
Zone - B
Availability
Zone - C
Region
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS Global Infrastructure –
Points of Presence
216 Points of Presence
205 Edge Locations
11 Regional Edge Caches
Local points of presence that support AWS services like:
Amazon Route 53
Amazon CloudFront
AWS WAF
AWS Shield
Demo:
AWS Management Console
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Knowledge Check
Q: What is the AWS term for physically distinct groups of data centers within
a region?
True or False: There are more regions than edge locations.
True or False: AWS owns and maintains the infrastructure required for
application services. You provision and use them as needed.
Q: How do Availability Zones in the same region differ?
Availability Zone
False
True
Each Availability Zone is isolated, but the Availability Zones in a region are
connected through low-latency links.
Module 2
AWS Foundational Services
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Module 2 Topics
Amazon Elastic Compute Cloud (EC2)
Amazon Virtual Private Cloud (VPC)
Lab 1: Build your VPC and launch a web server
Amazon Storage Services
Amazon Simple Storage Service (S3)
Amazon Elastic Block Store (EBS)
Amazon Elastic Compute
Cloud (EC2)
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Amazon Elastic Compute Cloud (EC2)
Resizable compute capacity
Complete control of your computing resources
Reduced time required to obtain and boot new
server instancesAmazon
EC2
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Amazon EC2 Facts
Scale capacity as your computing requirements change
Pay only for capacity that you actually use
Choose Linux or Windows
Deploy across AWS Regions and Availability Zones for
reliability
Use tags to help manage your Amazon EC2 resources
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Choosing the Right Amazon EC2
Instance Type
Amazon EC2 provides a wide selection of instance types that
are optimized for different use cases and workload
requirements.
Consider the following when choosing your instances:
Core count
Memory size
Storage size and type
Network performance
CPU technologies
Most AWS instance types include the latest generation Intel®
Xeon processors.
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Choosing the Right Amazon EC2
Instance Type
Amazon EC2 Families:
• General Purpose: Balanced workloads
• Compute-Optimized: High-performance computing, data
lakes, network appliances
• Memory-Optimized: High-performance databases, in-
memory databases
• Accelerated Computing: GPU-intensive workloads (machine
learning, 3D rendering)
• Storage-Optimized: High IOPS at low cost
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Intel® Xeon Scalable Processors
Latest generation of 2nd generation Intel Xeon Scalable
processors
Available in latest generation Amazon EC2 instance types
Up to:
28 cores per CPU
6 memory channels
48 PCIe lanes of bandwidth/throughput
100 Gbps network bandwidth (C5n.16xlarge)
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Intel® Xeon Family and EC2 Instances
E7 Processor Family
Memory Optimized:
X1/X1e
E5 Processor Family
General Purpose:
M4
Compute-Optimized:
C4
Memory-Optimized:
R4
GPU Intensive:
P2/P3, G3, F1
Storage
Optimized:
H1, I3, D2
Scalable Processor
Family
Memory-Optimized:
z1d, R5, High Memory
Compute-Optimized:
C5/C5n
General Purpose CPU:
M5
General Purpose:
T3
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Comparing Intel Xeon Generations
C4 Instances
• 2.9 GHz Intel Xeon E5-2666
v3 (Haswell) CPUs
• Up to 36 vCPUs
• Up to 60 GiB memory
• Up to 4k Mbps dedicated EBS
bandwidth
• Up to 10 Gbps network
bandwidth
C5n Instances
• 3.0 GHz Intel Xeon Platinum
CPUs
• Up to 72 vCPUs
• Up to 192 GiB memory
• Up to 14k Mbps dedicated
EBS bandwidth
• 25-100 Gbps network
bandwidth
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
C5n Instance Example Sizing Choices
vCPUs Memory (GiB) Network (Gbps)
large 2 5.25 Up to 25
xlarge 4 10.5 Up to 25
2xlarge 8 21 Up to 25
4xlarge 16 42 Up to 25
9xlarge 36 96 50
18xlarge 72 192 100
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Choosing the Right Instance
Newer generation instance types usually have a better price-to-
performance ratio.
Examples*:
Instance Change Costs Saved per Instance
T2.XLarge to T3.Large 47%
T2.Large to T3.Medium 44%
C4.8XLarge to C5.4XLarge 50%
* According to TSO Logic, November 2018 (link in notes)
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Launching an Amazon EC2 Instance
via the Management Console
Determine the AWS Region in which you want to launch the
Amazon EC2 instance.
Launch an Amazon EC2 instance from a pre-configured
Amazon Machine Image (AMI).
Choose an instance type based on CPU, memory, storage,
and network requirements.
Configure network, IP address, security groups, storage
volume, tags, and key pair.
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Amazon Machine Image (AMI) Details
An AMI includes the following:
A template for the root volume for the instance (for example,
an operating system, an application server, and applications).
Launch permissions that control which AWS accounts can
use the AMI to launch instances.
A block device mapping that specifies the volumes to attach
to the instance when it is launched.
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Instances and AMIs
Select an AMI based on:
Region
Operating system
Architecture (32-bit or 64-bit)
Launch permissions
Storage for the root device AMI
Instances
Instance
Launch instances
of any type
Host computer
Host computer
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Amazon EC2 Instances
OS, Applications
and Configuration
AMI
Running or
StoppedVM
Instances
AZ
VPC
Region
EBS
Amazon S3
EBS Snapshots S3 Buckets
EBS EBS EBS EBS EBS
AZ
Instances Instances
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Instance Lifecycle
AMI
pending
Launch
runningrebooting
Reboot
Start
terminated
shutting-down
Terminate
Terminate
EBS-backed instances only
Stop
stopping stopped
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Instance Metadata
Is data about your instance.
Can be used to configure or manage a running instance.
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Retrieving Instance Metadata
To view all categories of instance metadata
from within a running instance, use the
following URI:
http://169.254.169.254/latest/meta-data/
On a Linux instance, you can use:
$ curl http://169.254.169.254/latest/meta-data/
$ GET http://169.254.169.254/latest/meta-data/
All metadata is returned as text (content
type text/plain).
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Instance User Data
Can be passed to the instance at launch.
Can be used to perform common automated configuration
tasks.
Runs scripts after the instance starts.
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Adding User Data
You can specify user data when launching an instance.
User data can be:
Linux script – executed by cloud-init
Windows batch or PowerShell scripts – executed by EC2Launch
service
User data scripts run once per instance ID by default.
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
User Data Example Linux
#!/bin/sh
yum -y install httpd
chkconfig httpd on
/etc/init.d/httpd start
User data shell scripts must start with the #!
characters and the path to the interpreter you want
to read the script.
Install Apache web server
Enable the web server
Start the web server
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
User Data Example Windows
<powershell>
Import-Module ServerManager
Install-WindowsFeature web-server, web-webserver
Install-WindowsFeature web-mgmt-tools
</powershell>
Import the Server Manager module for
Windows PowerShell.
Install IIS
Install Web Management Tools
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Retrieving User Data
To retrieve user data, use the following URI:
http://169.254.169.254/latest/user-data
On a Linux instance, you can use:
$ curl http://169.254.169.254/latest/user-data/
$ GET http://169.254.169.254/latest/user-data/
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Amazon EC2 Purchasing Options
On-Demand
Instances
Pay by the
hour.
Reserved
Instances
Purchase, at a
significant
discount,
instances that
are always
available.
1-year to 3-
year terms.
Scheduled
Instances
Purchase
instances that
are always
available on
the specified
recurring
schedule, for
a one-year
term.
Spot
Instances
Bid on unused
instances,
which can run
as long as
they are
available and
your bid is
above the
Spot price.
Dedicated
Hosts
Pay for a
physical host
that is fully
dedicated to
running your
instances.
Dedicated
Instances
Pay, by the
hour, for
instances that
run on single-
tenant
hardware.
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS Marketplace: IT Software
Optimized for the Cloud
Online store to discover, purchase, and deploy
IT software on top of the AWS infrastructure.
Catalog of 4100+ IT software solutions
including Paid, BYOL, Open Source, SaaS,
and free-to-try options.
Pre-configured to operate on AWS.
Software checked by AWS for security and operability.
Deploys to AWS environment in minutes.
Flexible, usage-based billing models.
Software charges billed to AWS account.
Includes AWS Test Drive/Quick Starts.
https://aws.amazon.com/marketplace
Networking: Amazon VPC
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Amazon Virtual Private Cloud (VPC)
Provision a private, isolated virtual network on
the AWS cloud.
Have complete control over your virtual networking
environment.
Amazon
VPC
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
VPCs and Subnets
A subnet defines a range of IP addresses in your VPC.
You can launch AWS resources into a subnet that you select.
A private subnet should be used for resources that won’t be
accessible over the Internet.
A public subnet should be used for resources that will be
accessed over the Internet.
Each subnet must reside entirely within one Availability Zone
and cannot span zones.
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Amazon VPC Example
Public Subnet Private Subnet VPN Only Subnet
DB Server
Web Server
Customer
Network
R
Internet
App Server
VPC NAT
Gateway
Internet
Gateway
Web Server App Server DB Server
Virtual
Private
Gateway
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Security in Your VPC
Security groups
Network access control lists
(ACLs)
Key Pairs
Subnet
10.0.1.0/24
Internet GatewayVPN Gateway
VPC Router
10.0.0.0/16
Security
Group
Security
Group
Network ACL Network ACL
RouteTable RouteTable
instance instance instance instance
Subnet
10.0.0.0/24
Security
Group
Security
Group
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
VPN Connections
VPN Connectivity option Description
AWS HardwareVPN
You can create an IPsec hardware VPN connection
between your VPC and your remote network.
AWS Direct Connect
AWS Direct Connect provides a dedicated private
connection from a remote network to your VPC.
AWSVPN CloudHub
You can create multiple AWS hardware VPN
via your VPC to enable communications between
remote networks.
SoftwareVPN
You can create a VPN connection to your remote
by using an Amazon EC2 instance in your VPC that’s
running a software VPN appliance.
Storage Services:
Amazon S3 and Amazon
EBS
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Amazon Simple Storage Service (S3)
Storage for the Internet
Natively online, HTTP access
Storage that allows you to store and retrieve any
amount of data, any time, from anywhere on the web
Highly scalable, reliable, fast and durable
Amazon S3
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Amazon S3 Facts
Can store an unlimited number of objects in a bucket
Objects can be up to 5 TB; no bucket size limit
Designed for 99.999999999% durability and 99.99% availability of
objects over a given year
Can use HTTP/S endpoints to store and retrieve any amount of data,
at any time, from anywhere on the web
Highly scalable, reliable, fast, and inexpensive
Can use optional server-side encryption using AWS or customer-
managed provided client-side encryption
Auditing is provided by access logs
Provides standards-based REST and SOAP interfaces
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Common Use Scenarios
Storage and backup
Application file hosting
Media hosting
Software delivery
Store AMIs and snapshots
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Amazon S3 Concepts
Amazon S3 stores data as
objects within buckets.
An object is composed of a file
and optionally any metadata
that describes that file.
You can have up to 100
buckets in each account.
You can control access to the
bucket and its objects.
Amazon
S3
Bucket
with
Objects
Bucket
Object
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Object Keys
An object key is the unique identifier for an object in a
bucket.
http://doc.s3.amazonaws.com/2006-03-01/AmazonS3.html
Bucket Object/Key
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Amazon S3 Security
You can control access to buckets and objects with:
Access Control Lists (ACLs)
Bucket policies
Identity and Access Management (IAM) policies
You can upload or download data to Amazon S3 via SSL
encrypted endpoints.
You can encrypt data using AWS SDKs.
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Amazon S3 Versioning
Protects from accidental overwrites and deletes with no
performance penalty.
Generates a new version with every upload.
Allows easily retrieval of deleted objects or roll back to previous
versions.
Three states of an Amazon S3 bucket
Un-versioned (default)
Versioning-enabled
Versioning-suspended
Versioning Enabled
Key: photo.gif
ID: 121212
Key: photo.gif
ID: 111111
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Amazon S3 Object Lifecycle
Lifecycle management defines how Amazon S3 manages
objects during their lifetime.
Some objects that you store in an Amazon S3 bucket might
have a well-defined lifecycle:
Log files
Archive documents
Digital media archives
Financial and healthcare records
Raw genomics sequence data
Long-term database backups
Data that must be retained for regulatory compliance
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Amazon S3 Pricing
Pay only for what you use
No minimum fee
Prices based on location of your Amazon S3 bucket
Estimate monthly bill using the AWS Simple Monthly
Calculator
Pricing is available as:
Storage Pricing
Request Pricing
Data Transfer Pricing: data transferred out of Amazon S3
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Amazon Glacier
Long term low-cost archiving service
Optimal for infrequently accessed data
Designed for 99.999999999% durability
Three to five hours’ standard retrieval time
Less than $0.01 per GB/month (depending on region)
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Amazon S3 Storage Classes
Storage Class Durability Availability Other Considerations
Amazon S3
Standard
99.999999999% 99.99%
Amazon S3
Standard -
Infrequent
Access (IA)
99.999999999% 99.9%
• Retrieval fee associated with
objects
• Most suitable for infrequently
accessed data
Glacier 99.999999999%
99.99%
(once restored)
• Not available for real-time
access
• Must restore objects before
can access them
• Restoring objects can take 1
minute - 12 hours
Demo: Amazon S3
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Amazon Elastic Block Store (EBS)
Persistent block level storage volumes offer
consistent and low-latency performance.
Stored data is automatically replicated within its
Availability Zone.
Snapshots are stored durably in Amazon S3.
Amazon
EBS
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Amazon EBS Lifecycle
Vast amounts of
unused space Create
Call CreateVolume
1 GiB to 16TiB
Attach
Call AttachVolume to affiliate with
one Amazon EC2 instance
Attached
and
In Use
• Format fromAmazon EC2
instance OS
• Mount formatted drive
CreateSnapshot
Snapshot to Amazon
S3
Detach
Call DetachVolume
Deleted
Call DeleteVolume
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Amazon EBS Volume Types
SSD-backed volumes are:
Optimized for transactional workloads that involve frequent read/write
operations with small I/O size.
Dominant in IOPS performance.
HDD-backed volumes are
Optimized for large streaming workloads.
Dominant in throughput (measured in MiB/s).
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Amazon EBS Volume Types
SSD HDD
VolumeType
General Purpose SSD
(gp2)
Provisioned IOPS
SSD (io1)
Throughput Optimized
HDD (st1)
Cold HDD (sc1)
Description
Balances price and
performance for a
wide variety of
transactional loads.
Highest-performance
SSD volume
for mission-critical
applications.
Low-cost HDD designed
for frequently accessed,
throughput-intensive
workloads.
Lowest cost HDD
designed for less
frequently accessed
workloads.
Volume Sizes 1 GiB – 16 TiB 4 GiB – 16 TiB 500 GiB – 16 TiB 500 GiB – 16 TiB
Dominant
Performance
Attribute
IOPS IOPS MiB/s MiB/s
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Amazon EBS Facts
EBS is recommended when data must be quickly accessible
and requires long-term persistence.
You can launch your EBS volumes as encrypted volumes.
Data stored at rest on the volume, disk I/O, and snapshots
created from the volume are all encrypted.
You can create point-in-time snapshots of EBS volumes, which
are persisted to Amazon S3.
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Amazon EBS Use Cases
OS: Use for boot/root volume, secondary volumes
Databases: Scales with your performance needs
Enterprise applications: Provides reliable block storage to run
mission-critical applications
Business continuity: Minimize data loss and recovery time by
regularly backing up using EBS Snapshots
Applications: Install and persist any application
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Amazon EBS Pricing
Pay for what you provision:
Pricing based on region
Review Pricing Calculator online
Pricing is available as:
Storage
IOPS
* Check Amazon EBS Pricing page for current pricing for all regions.
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Amazon EBS Scope
Amazon EBS volumes are in a single Availability Zone
Availability Zone A
EBSVolume 1
Availability Zone B
EBSVolume 2
Volume data is replicated across multiple servers in an Availability Zone.
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Amazon EBS and Amazon S3
Amazon EBS Amazon S3
Paradigm Block storage with file system Object store
Performance Very fast Fast
Redundancy Across multiple servers in an
Availability Zone
Across multiple facilities in a
Security EBS Encryption – Data
and Snapshots
Encryption
Access from the
Internet?
No (1) Yes (2)
Typical use case It is a disk drive Online storage
(1) Accessible from the Internet if mounted to server and set up as FTP, etc.
(2) Only with proper credentials, unless ACLs are world-readable
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Amazon EC2 Instance Storage
Is local, complimentary direct attached block storage.
Includes availability, number of disks, and size based on EC2
instance type.
Is optimized for up to 365,000 Read IOPS and 315,000 First Write
IOPS.
Is SSD or magnetic.
Has no persistence.
Automatically deletes data when an EC2 instance stops, fails or is
terminated.
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Amazon EBS vs. Amazon EC2
Instance Store
Amazon EBS
Data stored on an Amazon EBS volume can persist independently of the life
of the instance.
Storage is persistent.
Amazon EC2 Instance Store
Data stored on a local instance store persists only as long as the instance is
alive.
Storage is ephemeral.
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Reboot vs. Stop vs. Terminate
Characteristic Reboot Stop/Start
(EBS-backed instances only)
Terminate
Host computer
The instance stays on the
host computer.
The instance runs on a new
computer.
Public IP address No change New address assigned
Elastic IP addresses
(EIP)
EIP remains associated with
instance.
EIP remains associated with
instance.
EIP is disassociated from
instance.
Instance store
volumes
Preserved Erased Erased
EBS volume Preserved Preserved
Boot volume is deleted by
default.
Billing
Instance billing hour doesn’t
change.
You stop incurring charges as
soon as state is changed to
stopping.
You stop incurring charges
soon as state is changed to
shutting-down.
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Knowledge Check
Q: What AWS service would help support your web application by
hosting static assets and storing user uploaded images and video
off-instance?
Q: How would an Amazon EC2 instance find its private and public IP
addresses?
Q: What acts as an additional layer of security at the subnet level in
a VPC?
True or False: Amazon S3 limits the total amount you can store.
False (There is a 5TB limit per object)
Retrieve the instance metadata: http://169.254.169.254/latest/meta-data/
Amazon S3
Network ACLs
Module 3:
AWS Security, Identity, and
Access Management
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS Shared Responsibility Model
AWS Foundation Services
Compute Storage Database Networking
AWS Global
Infrastructure Regions
Availability Zones
Edge locations
Client-side data
encryption
Server-side data
encryption
NetworkTraffic
Protection
Platform, Applications, Identity, and Access Management
Operating system, network, and firewall configuration
Customer Applications & Content
Customers
Customers are
responsible for
security IN the cloud
AWS is responsible
for the security OF
the cloud
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Physical Security
24/7 trained security staff
AWS data centers in nondescript and undisclosed facilities
Two-factor authentication for authorized staff
Authorization for data center access
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Hardware, Software, and Network
Automated change-control process
Bastion servers that record all access attempts
Firewall and other boundary devices
AWS monitoring tools
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Assurance Programs
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
SSL Endpoints
VPC
SecureTransmission
Use secure endpoints
to establish secure
communication
sessions (HTTPS).
Instance Firewalls
Use security groups
to configure firewall
rules for instances.
SSL Endpoints Security Groups
Network Control
Use public and
private subnets,
NAT, and VPN
support in your
virtual private cloud
to create low-level
networking
constraints for
resource access.
SSL Endpoints
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Security Groups
SSL Endpoints Security Groups
Instance Firewalls
Use security groups
to configure firewall
rules for instances.
VPC
SecureTransmission
Use secure endpoints
to establish secure
communication
sessions (HTTPS).
Network Control
Use public and
private subnets,
NAT, and VPN
support in your
virtual private cloud
to create low-level
networking
constraints for
resource access.
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS Multi-Tier Security Groups
www server
www server
www server
app server
app server
app server
DatabaseTier
security group
ApplicationTier
security group
WebTier
security group
db server
db server
db server
Internet
Corporate Admin
Network
ssh/rdp
api api
(all other ports are blocked)
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Amazon Virtual Private Cloud
VPCSSL Endpoints Security Groups
Network Control
Use public and
private subnets,
NAT, and VPN
support in your
virtual private cloud
to create low-level
networking
constraints for
resource access.
Instance Firewalls
Use security groups
to configure firewall
rules for instances.
SecureTransmission
Use secure endpoints
to establish secure
communication
sessions (HTTPS).
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS Identity and Access Management
AWS IAM
3
Manage federated users
and their permissions
2
ManageAWS IAM roles
and their permissions
1
ManageAWS IAM users
and their access
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS IAM Authentication
Authentication
AWS Management Console
User name and Password IAM User
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS IAM Authentication
Authentication
AWS CLI or SDK API
Access Key and Secret Key
Access Key ID: AKIAIOSFODNN7EXAMPLE
Secret Access Key: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
Java Python .NET
AWS SDK & APIAWS CLI
IAM User
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS IAM User Management - Groups
User D
DevOps Group
User C
AWS Account
TestDev Group
User BUser A
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS IAM Authorization
Authorization
Policies:
Are JSON documents to describe permissions.
Are assigned to users, groups, or roles.
IAM User IAM Group
IAM Roles
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS IAM Policy Elements
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1453690971587",
"Action": [
"ec2:Describe*",
"ec2:StartInstances",
"ec2:StopInstances”
],
"Effect": "Allow",
"Resource": "*",
"Condition": {
"IpAddress": {
"aws:SourceIp": "54.64.34.65/32”
}
}
},
{
"Sid": "Stmt1453690998327",
"Action": [
"s3:GetObject*"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::example_bucket/*"
}
]
}
IAM Policy
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS IAM Policy Assignment
IAM User
IAM Group
Assigned Assigned
IAM Policy
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS IAM Policy Assignment
IAM User
IAM Group
IAM Roles
Assigned Assigned
Assigned
IAM Policy
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS IAM Roles
An IAM role uses a policy.
An IAM role has no associated credentials.
IAM users, applications, and services may assume IAM roles.
IAM Roles
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS IAM Policy Assignment
IAM User
IAM Group
IAM Roles
Assigned Assigned
Assigned
IAM User
Assumed Assumed
AWS Resources
IAM Policy
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Example: Application Access to
AWS Resources
Python application hosted on an Amazon EC2 instance needs
to interact with Amazon S3.
AWS credentials are required:
Option 1: Store AWS Credentials on the Amazon EC2 instance.
Option 2: Securely distribute AWS credentials to AWS services and
applications.
IAM Roles
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS IAM Roles - Instance Profiles
Amazon EC2
EC2 MetaData Service
http://169.254.169.254/latest/meta-data/iam/security-credentials/rolename
Amazon S31
3
4
app and
Create instance
Application
interacts
with Amazon S3
Select IAM Role2
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS IAM Roles – Assume Role
IAM Restricted Policy
IAM User A-1
AWS Account A
IAM Admin RoleIAM Admin Policy
Assigned
Assume
Assigned
1
2
IAM User B-1
AWS Account B
Amazon S3
Assume
4
Access
53
Access
1
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Temporary Security Credentials
(AWS STS)
Use Cases
Cross-account access
Federation
Mobile users
Key rotation for Amazon EC2-based apps
Session
Access Key ID
Secret Access Key
Session Token
Expiration
Temporary security credentials
15 minutes to 36 hours
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Application Authentication
AWS IAM Application
No Support No Support
OS
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS IAM Authentication and
Authorization
Authentication
AWS Management Console
User Name and Password
AWS CLI or SDK API
Access Key and Secret Key
Authorization
Policies IAM User IAM Group
IAM Roles
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS IAM Best Practices
Delete AWS account (root) access keys.
Create individual IAM users.
Use groups to assign permissions to IAM users.
Grant least privilege.
Configure a strong password policy.
Enable MFA for privileged users.
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS IAM Best Practices (continued)
Use roles for applications that run on Amazon EC2 instances.
Delegate by using roles instead of by sharing credentials.
Rotate credentials regularly.
Remove unnecessary users and credentials.
Use policy conditions for extra security.
Monitor activity in your AWS account.
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS CloudTrail
Records AWS API calls for accounts.
Delivers log files with information to an Amazon S3 bucket.
Makes calls using the AWS Management Console, AWS SDKs,
AWS CLI, and higher-level AWS services.
AWS CloudTrail Amazon S3 bucket
Logs
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Knowledge Check
Q: Your web application needs to read/write an Amazon
DynamoDB table and an Amazon S3 bucket. This operation
requires AWS credentials and authorization to use AWS
services. What IAM entity should be used?
User
Group
Role
Policy
A: Role
Demo: AWS
IAM
Module 4: AWS Databases
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
SQL and NoSQL Databases
112
SQL NoSQL
Data Storage Rows and Columns Key-Value
Schemas Fixed Dynamic
Querying Using SQL Focused on a collection of documents
Scalability Vertical Horizontal
ISBN Title Author Format
9182932465265
Cloud Computing
Concepts
Wilson,
Joe
Paperback
3142536475869 The Database
Gomez,
Maria
Ebook
SQL NoSQL
{
ISBN: 9182932465265,
Title: “Cloud Computing Concepts”,
Author: ”Wilson, Joe”,
Format: “Paperback”
}
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Data Storage Considerations
No one size fits all.
Analyze your data requirements by considering:
Data formats
Data size
Query frequency
Data access speed
Data retention period
113
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS Managed Database Services
114
Compute Storage
AWSGlobal Infrastructure
Database
Application Services
Deployment and Administration
Networking
Amazon DynamoDB
Amazon ElastiCache
Amazon RDS
Amazon Redshift
AWS Database Migration Service
Amazon Aurora
Amazon Neptune
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Amazon Relational Database Service
Cost-efficient and resizable capacity
Manages time-consuming database administration
tasks
Access to the full capabilities of Amazon Aurora,
MySQL, MariaDB, Microsoft SQL Server, Oracle,
and PostgreSQL databases
Deployable on VMware
115
Amazon
RDS
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Amazon RDS
Simple and fast to deploy
Manages common database administrative tasks
Compatible with your applications
Fast, predictable performance
Simple and fast to scale
Secure
Cost-effective
116
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
DB Instances
DB instances are the basic building blocks of Amazon RDS.
They are an isolated database environment in the cloud.
They can contain multiple user-created databases.
117
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
How Amazon RDS Backups Work
Automatic Backups:
Restore your database to a
point in time.
Are enabled by default.
Let you choose a retention
period up to 35 days.
118
Manual Snapshots:
Let you build a new database
instance from a snapshot.
Are initiated by the user.
Persist until the user deletes
them.
Are stored in Amazon S3.
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Cross-Region Snapshots
Are a copy of a database snapshot stored in a different AWS Region.
Provide a backup for disaster recovery.
Can be used as a base for migration to a different region.
119
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Amazon RDS Security
Run your DB instance in an Amazon VPC.
Use IAM policies to grant access to RDS resources.
Use security groups.
Use Secure Socket Layer (SSL) connections with DB instances
(Amazon Aurora, Oracle, MySQL, MariaDB, PostgreSQL,
Microsoft SQL Server).
Use RDS encryption to secure instances and snapshots at
rest.
Use network encryption and Transparent Data Encryption
(TDE) with Oracle DB and Microsoft SQL Server instances.
Use security features of your DB engine to control access to DB
instance.
120
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Simple Application Architecture
121
Amazon RDS database
instance
Amazon EC2 application
servers
Elastic Load Balancing
load balancer instance
DB snapshots in
Amazon S3
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Multi-AZ RDS Deployment
With Multi-AZ operation, your database is synchronously
replicated to another Availability Zone in the same AWS Region.
Fail over to the standby automatically occurs in case of a
master database failure.
Planned maintenance is applied first to standby databases.
122
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Resilient, Durable
Application Architecture
123
Amazon RDS database instances:
Master and Multi-AZ standby
Application, in Amazon
EC2 instances
Elastic Load Balancing
load balancer instance
DB snapshots in
Amazon S3
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Amazon RDS Best Practices
Monitor your memory, CPU, and storage usage.
Use Multi-AZ deployments to automatically provision and maintain a
synchronous standby in a different Availability Zone.
Enable automatic backups.
Set the backup window to occur during the daily low in Write IOPS.
To increase the I/O capacity of a DB instance:
Migrate to a DB instance class with high I/O capacity.
Convert from standard storage to Provisioned IOPS storage and use a DB
instance class optimized for Provisioned IOPS.
Provision additional throughput capacity (if using Provisioned IOPS storage).
If your client application is caching the DNS data of your DB
instances, set a TTL of less than 30 seconds.
Test failover for your DB instance.
124
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Amazon DynamoDB
Allows you to store any amount of data with no limits.
Provides fast, predictable performance using SSDs.
Allows you to easily provision and change the
request capacity needed for each table.
Is a fully managed, NoSQL database service.
Accommodate changing workloads with on-demand
mode
125
Amazon
DynamoDB
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
DynamoDB Data Model
126
Table:
Music
Items
Attributes (name-value pairs)
Artist
Song
Title
Album
Title Year Genre
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Primary Keys
127
Partition key
Sort key
Table: Music
Partition Key: Artist
Sort Key: SongTitle
(DynamoDB maintains a sorted index for both keys)
Table:
Music
Artist
Song
Title
Album
Title Year Genre
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Provisioned Throughput
You specify how much provisioned throughput capacity you
need for reads and writes.
Amazon DynamoDB allocates the necessary machine
resources to meet your needs.
128
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Supported Operations
Query:
Query a table using the partition key and an optional sort key filter.
If the table has a secondary index, query using its key.
It is the most efficient way to retrieve items from a table or secondary
index.
Scan:
You can scan a table or secondary index.
Scan reads every item – slower than querying.
You can use conditional expressions in both Query and Scan
operations.
129
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Simple Application Architecture
130
Elastic Load
Balancing Amazon EC2
application
instances
Clients
Amazon
DynamoDB
Business logic
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Amazon RDS and Amazon DynamoDB
Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)
ApplicationType
•Existing database apps
•Business process–centric apps
• New web-scale applications
• Large number of small writes and
Application
Characteristics
•Relational data models,
transactions
•Complex queries, joins, and
updates
•Simple data models, transactions
•Range queries, simple updates
Scaling
Application or DBA–architected
(clustering, partitions, sharding)
Seamless, on-demand scaling based
application requirements
QoS
• Performance–depends on data
model, indexing, query, and
storage optimization
• Reliability and availability
• Durability
• Performance–Automatically
by the system
• Reliability and availability
• Durability
131
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Database Considerations
132
IfYou Need Consider Using
A relational database
service with minimal
administration
Amazon RDS
• Choice of Amazon Aurora, MySQL, MariaDB, Microsoft
SQL Server, Oracle, or PostgreSQL database engines
• Scale compute and storage
• Multi-AZ availability
A fast, highly scalable
NoSQL database
service
Amazon DynamoDB
• Extremely fast performance
• Seamless scalability and reliability
• Low cost
A database you can
manage on your own
Your choice of AMIs on Amazon EC2
and Amazon EBS that provide scale compute and
storage, complete control over instances, and more.
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Knowledge Check
Q: What are the basic building blocks of Amazon Relational
Database Service (Amazon RDS)?
Q: You are creating a resilient, durable application using Amazon
RDS. In addition to Amazon RDS’s automatic backups, what feature
should you use to ensure that your backups are durable retained?
True or False: Amazon DynamoDB allows you to store any amount
of data with no limits.
True or False: Scan is the most efficient way to retrieve items from a
DynamoDB table.
133
True
DB instances
False
Manual snapshots
Module 5:
AWS Elasticity and
Management Tools
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Triad of Services
135
Latency
Utilization
Amazon
CloudWatch
Auto Scaling
Elastic Load
Balancing
Auto Scaling group
Execute scaling policy
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Elastic Load Balancing
Distributes traffic across multiple EC2 instances, in
multiple Availability Zones
Supports health checks to detect unhealthy Amazon
EC2 instances
Supports the routing and load balancing of HTTP,
HTTPS, SSL, and TCP traffic to Amazon EC2
instances
136
Elastic Load
Balancing
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Classic Load Balancer: How It Works
Register instances with your
load balancer.
Load balancer routes request
at either:
Transport layer (TCP)
Application layer (HTPP/HTTPS)
Intended for applications build
within the EC2-Classic network
Recommendation for new
applications is to use Application
Load Balancer or Network Load
Balancer
137
Availability Zone A Availability Zone B
load balancer
X
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Application Load Balancer:
How It Works
Register instances as targets in a
target group, and route traffic to a
target group.
Load balancer routes request at
the Application layer
(HTPP/HTTPS).
138
Target Group /mobile
Load balancer
Listener ListenerRule Rule Rule
Target Group Target Group /api
Target Target Target Target Target Target Target
Health
Check
Health
Check
Health
Check
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Network Load Balancer: How it Works
Register instances as targets
in a target group, and route
traffic to a target group.
Load balancer routes request
at the Transport layer (TCP).
139
Load balancer
ListenerRule
Target Group
Target Target
Health
Check
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Load Balancer Comparison
Feature Classic
Load Balancer
Application
Load Balancer
Network
Load Balancer
Protocols TCP, SSL, HTTP, HTTPS HTTP, HTTPS TCP
Platforms EC2-Classic, VPC VPC VPC
Cross-zone load
balancing
Yes Yes Yes
Logging Yes Yes Yes
Path-based routing No Yes No
Sticky sessions No Yes No
Static IP No No Yes
140
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Amazon CloudWatch
A monitoring service for AWS Cloud resources and
the applications you run on AWS
Visibility into resource utilization, operational
performance, and overall demand patterns
Custom application-specific metrics of your own
Accessible via AWS Management Console, APIs,
AWS SDK, or AWS CLI
141
Amazon
CloudWatch
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Amazon CloudWatch Facts
Monitor other AWS resources
View graphics and statistics
Set alarms
142
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Amazon CloudWatch Architecture
143
AWS resources that
support
CloudWatch
Amazon
CloudWatch
Available
statistics
StatisticsConsumerAWS
Management
Console
CloudWatch Metrics
CPUUtilization
StatusCheckFailed
Custom
Application-Specific
Metrics
PageViewCount
Amazon
CloudWatch
alarm
Amazon SNS
email
notification
Auto Scaling
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
CloudWatch Metrics Examples
144
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Auto Scaling
Scale your Amazon EC2 capacity automatically
Well-suited for applications that experience variability
in usage
Available at no additional charge
145
Auto
Scaling
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Auto Scaling Benefits
146
Better cost
management
Better
availability
Better fault
tolerance
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Launch Configurations
A launch configuration is a template that an Auto Scaling group
uses to launch EC2 instances.
When you create a launch configuration, you can specify:
AMI ID
Instance type
Key pair
Security groups
Block device mapping
User data
147
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Auto Scaling Groups
Contain a collection of EC2 instances that share similar
characteristics.
Instances in an Auto Scaling group are treated as a logical
grouping for the purpose of instance scaling and management.
148
Auto Scaling group
Minimum size
Desired capacity
Maximum size
Scale out as needed
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Dynamic Scaling
You can create a scaling policy that uses CloudWatch alarms to
determine:
When your Auto Scaling group should scale out.
When your Auto Scaling group should scale in.
You can use alarms to monitor:
Any of the metrics that AWS services send to Amazon CloudWatch.
Your own custom metrics.
149
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Auto Scaling Basic Lifecycle
150
Instances
Auto Scaling group
Scale out
Amazon CloudWatch Scheduled event
Scale in
Amazon CloudWatch Scheduled event
Launch instance
Attach to Group
Detach from
Group
Terminate
instance X
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS Trusted Advisor?
A service providing guidance to help you reduce cost,
increase performance, and improve security
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Trusted Advisor: Core vs. Full
Core Checks and Recommendations
(included)
• Seven core checks around
security and performance
• Service Limits
FullTrusted Advisor Benefits
(With Business or Enterprise support)
• Full set of checks
• Notifications
• Programmatic Access via API
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Knowledge Check
True or False: Auto Scaling helps you ensure that you have the
correct number of EC2 instances available to handle the load for
your application.
Q: What feature would you use with an Auto Scaling policy to
determine when your Auto Scaling group should scale out/in?
Q: You have an application composed of individual services and
need to route a request to a service based on the content of the
request. What type of load balancer should you use?
Q: Which AWS service serves as a best practice and
recommendation engine?
153
AWS Trusted Advisor
Amazon CloudWatch alarms
True
Application Load Balancer
Module 6
Wrap-Up
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Learning Path
155
AWS Introduction
• TheAWS Cloud
• History
• Global Infrastructure
• AWS Management Console
AWS Foundational
Services
• Compute:
• Amazon EC2
• Networking:
• AmazonVPC
• Storage:
• Amazon EBS
• Amazon S3
• Security
• IAM
• Databases:
• Amazon DynamoDB
• Amazon RDS
AWS Management
Tools
• Triad of Services:
• Auto Scaling
• ELB
• Amazon CloudWatch
• AWSTrustedAdvisor
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Expand Your Cloud Skills with AWS
156
Certification
https://aws.amazon.com/certification/
Validate your proven
technical expertise with the
AWS platform and gain
recognition for your skills
Online videos and labs
Start working with an AWS
service in minutes with free
online instructional videos
and labs
https://aws.amazon.com/training/
Instructor-led courses
Learn how to design, deploy,
and operate highly available,
cost-effective, and secure
applications on AWS
https://aws.amazon.com/training/self-paced-labs/
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Self-Paced Labs
Learn an individual AWS Service topic
Follow a Learning Quest by AWS Service Area or Use Case
Practice working with AWS as you prepare for an exam
For more information, see:
https://aws.amazon.com/training/self-paced-labs/
157
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS ILT & vILT Training Courses
158
AWSTechnical Essentials
1 day
Architecting on AWS
3 days
Developing on AWS
3 days
Systems Operations on AWS
3 days
Big Data on AWS
3 days
Advanced Architecting on AWS
3 days
DevOps Engineering on AWS
3 days
Security Operations on AWS
3 days
Migrating to AWS
2 days
Data Warehousing on AWS
3 days
https://aws.amazon.com/training/
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS Certification
159
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Benefits of AWS Certification
160
Individual
• Demonstrate expertise
• Stand out
• Industry visibility
• Customer visibility
• Peer recognition
• Credibility with customers
Employer
• Baseline bar on AWS skills
• Identify expert talent
• Leverage best practices
• Reduce operational risk
• Increase business advantage
• Maximize AWS efficiencies
• Common vocabulary
• Accelerate time to cloud
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Preparing for AWS Certification
For resources to help you prepare for the certification exam, see:
https://aws.amazon.com/certification/certification-prep/
161
Practice ExamsSelf-Paced Labs on qwikLABS
AWSWhitepapers &
FAQs
AWS Documentation &
ReferenceArchitectures
Exam Guides &
SampleQuestions
AWS-Authored Study Guide
AWSTechnicalTraining
AWS Support
162
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Support Options (1 of 2)
163
TheTechnical Account Manager provides...
 A dedicated voice within AWS to serve as your
advocate.
 Proactive guidance and insight into ways to
optimizeAWS through business and performance
reviews.
 Orchestration and access to the full breadth and
depth of technical expertise across the full range
of AWS.
 Access to resources and best practice
recommendations.
Infrastructure Event Management provides...
 A common understanding of event objectives and
use cases through pre-event planning and
preparation.
 Resource recommendations and deployment
guidance based on anticipated capacity needs.
 Dedicated attention of the your AWS Support
team during your event.
 The ability to immediately scale down resources
to normal operating levels post-event.
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Support Options (2 of 2)
164
AWSTrusted Advisor provides...
 Insight into how and where you can get the
most impact for your AWS spend.
 Opportunities to reduce your monthly
spend and retain or increase productivity.
 Guidance on getting the optimal
performance and availability based on your
requirements.
 Confidence that your environment is secure.
The Concierge Service provides...
 A primary contact to help manage AWS
resources.
 Personalized handling of billing inquiries, tax
questions, service limits, and bulk reserve
instance purchases.
 Direct access to an agent to help optimize
costs, and identify underutilized resources.
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Support Comparison
Basic Developer Business Enterprise
Customer Service
Communities
24x7 access to
customer service,
whitepapers, and
support forums
24x7 access to
customer service,
whitepapers, and
support forums
24x7 access to
customer service,
whitepapers, and
support forums
24x7 access to
customer service,
whitepapers, and
support forums
Best
Practices
Access to 7 core
Trusted Advisor checks
Access to 7 core
Trusted Advisor checks
Access to full set of
Trusted Advisor checks
Access to full set of
Trusted Advisor checks
Technical
Support
Business hours access
to Cloud Support Associates
via email
24x7 access
to Cloud Support Engineers
via email, chat & phone
24x7 access
to Sr. Cloud Support Engineers
via email, chat & phone
Case Severity/
Response Times
Production system impaired:
< 4 hours
Production system down:
< 1 hour
Production system impaired:
< 4 hours
Production system down:
< 1 hour
Business-critical system down:
< 15 minutes
165
Module 7
Appendices
Module 1 Appendix
AWS Introduction and
History
Cloud Computing Concepts
168
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
What is cloud computing?
Cloud computing is on-demand delivery of IT resources and
applications via the Internet with pay-as-you-go pricing.
169
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Essential Characteristics of
Cloud Computing
170
On-Demand Self
Services
Broad Network Access
Resource Pooling
Rapid Elasticity
Measured Service
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
On-Demand Self Services
& Broad Network Access
User provisions computing resources as needed.
User interacts with cloud service provider through an online
control panel.
Clear solutions are available through a variety of network-
connected devices and over varying platforms.
171
InternetClient Mobile Client
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Resource Pooling
Securely separate resources to service multiple customers.
172
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Rapid Elasticity
Resources are quickly scalable and flexible based on business
needs.
173
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Measured Service
Pay for services as you go.
174
Electrical services
analogy
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
What Does My AWS Cloud Look Like?
175
Module 2 Appendix
AWS Foundational Services
Data Center Design Models
177
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Application Design Model
178
One-Tier Model
Clients
Mainframe
Two-Tier Model
SQL
Client Database
Servers
Three-Tier Model
Client Application
Server
Database
Servers
SQL, ODBC,
JDBC
HTTP,
RPC
N-Tier Model
Client Application
Servers
Web
Server Middleware
Database
Servers
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Web Services Model
179
Web Server Application Server Database Server
Serves web pages • Implements business logic
• Manipulates data
• Data mining
• Accesses data store
• High transaction rate
• High bandwidth
• Low latency
Amazon EC2
180
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AMI Types –
Storage for the Root Device
Characteristic Amazon EBS-Backed Amazon Instance Store-Backed
Boot time Usually < 1 minute Usually < 5 minutes
Size limit 16 TiB 10 GiB
Data
persistence
The root volume is deleted when the instance
terminates. Data on any other Amazon EBS
volumes persists after the instance is
Data on any instance store volumes
only during the life of the instance.
Charges Instance usage, Amazon EBS volume usage,
storing your AMI as an Amazon EBS snapshot.
Instance usage and storing your AMI in
Amazon S3.
Stopped state Can be stopped. Cannot be stopped.
181
Storage Concepts and Solutions
182
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Block and File Level Storage
183
Block Level Storage File Level Storage
Block File
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Storage Technologies
184
DAS NAS SAN
Client
Server Server
Client
NAS Storage
Client
Server
Client
DAS StorageDAS Storage Server
Server Server
FC Switch
Client Client
SAN Storage
RAID 1
RAID 2
Amazon S3
185
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Amazon S3 Buckets
Organize the Amazon S3 namespace at the highest level.
Identify the account responsible for storage and data transfer
charges.
Play a role in access control.
Serve as the unit of aggregation for usage reporting.
Have globally unique bucket names, regardless of the AWS
region in which they were created.
186
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Amazon S3 Region Considerations
Amazon S3 creates a bucket in the region you select.
You can choose a region to:
Optimize latency
Minimize costs
Address regulatory requirements
Objects stored in a region never leave the region unless you
explicitly transfer them to another region.
187
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Amazon S3 Objects
Objects are the fundamental entities stored in Amazon S3.
When using the console, you can think of them as files.
Objects consist of data and metadata. The data portion is
opaque to Amazon S3. The metadata is a set of name-value
pairs that describe the object.
Default metadata such as the date last modified
Standard HTTP metadata such as Content-Type
Custom metadata at the time the object is stored
A key that uniquely identifies as object within its bucket
188
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Amazon S3 + Amazon Glacier
S3 Lifecycle policies allow you to delete or move objects based
on age and set rules per S3 bucket.
189
bucket with
objects
30 Days
Glacier
archive
365 Days
Amazon EBS
190
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
EBS Performance
EBS Magnetic
40-200 IOPS
EBS General Purpose SSD
SSD backed
3 IOPS / GB
Burstable to 3,000 IOPS and up to 10,000 IOPS
EBS Provisioned IOPS SSD
SSD backed
Up to 32,000 IOPS consistently
Up to 500 MB/s throughput
191
Amazon CloudFront
192
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Amazon CloudFront
Easy and cost effective way to distribute content to end
users
Low latency, high data transfer speeds
Deliver your entire website, including static, dynamic,
and streaming content using a global network of edge
locations
193
Amazon
CloudFront
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
How You Configure CloudFront to
Deliver Your Content
194
Developer
S3 bucket or HTTP server
1
Objects/data
2
Web distribution
CloudFront
3
http://d111111abcdef8.cloudfront.net
Edge
locations
Your distribution’s
configuration
4
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
How CloudFront Delivers
Content to Your Users
195
Amazon S3 server or
HTTP server
User Website
example.com
1
3a
Edge location
Object/data
3b
Object/
data
3/3c
2
Networking Concepts
196
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
What is a Network?
A network is two or more computers linked to share resources,
exchange files, or allow electronic communications.
Network Types:
Local Area Network (LAN)
Wide Area Network (WAN)
Virtual Private Network (VPN)
197
WAN
LAN LAN
VPN
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Physical vs. Logical Topology
A physical topology defines how the systems are physically
connected.
A logical topology defines how the systems communicate
across the physical topologies.
198
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Physical Network Hardware/Devices
Workstations/
Devices
Router
Telecommunications
Firewall
Servers
Internet
Router
Firewall
Workstations/Devices
Switch
Switch
Servers
199
Amazon VPC
200
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Networking in Your VPC
You can use the following components to configure networking in your VPC:
IP addresses
Elastic network interfaces
Route tables
Internet gateways
Network Address Translation (NAT)
Dynamic Host Configuration Protocol (DHCP) options sets
Domain Name System (DNS)
VPC peering
VPC endpoints
VPC flow logs
201
Module 3 Appendix
Security, Identity, and
Access Management
Data Center Security
203
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Physical & Environmental Security
Lock your data center.
Only provide access to those who need it.
Keep track of access.
Mount servers on racks with locks.
Have redundant utilities.
Build your data center with security in mind.
204
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Network Security
Identification & Authentication
Firewalls
Patching
Virus Protection
Encryption
205
AWS IAM
Advanced Concepts
206
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS Resource-Based Policies
Are an alternative to IAM and supported by some services.
Grant cross-account access to your resources.
Use a principal to uniquely identify accounts in the policy.
Supported AWS services include :
Amazon S3 Bucket Policy
Amazon SNS Topic Policy
Amazon SQS Queue Policy
Amazon Glacier Vault Policy
AWS OpsWorks Stack Policy
AWS Lambda Function Policy
207
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Access to AWS Resources
Temporary Security Credentials
Security Token Service
AssumeRole
AssumeRoleWithSAML
AssumeRoleWithWebIdentity
208
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS Services support for IAM Roles
AWS CLI on Amazon EC2
AWS CloudTrail logs to Amazon S3
Amazon Elastic Transcoder access to Amazon S3
AWS Elastic Beanstalk access to AWS services
AWS Lambda code access to AWS services
Many more …
209
Module 4 Appendix
Databases
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Security Groups
Allow access to IP address ranges or Amazon EC2 instances
you specify.
Use VPC security groups to control access to a DB instance
inside a VPC.
211
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
DB Parameter & Option Groups
DB parameter groups:
Contain engine configuration values that can be applied to one or more
DB instances of the same instance type.
Are applied by Amazon RDS by default when you create DB instance,
which contains defaults for the specific database engine and instance
class of the DB instance.
DB option groups:
Tools that simplify database management
Currently available for:
Oracle
Microsoft SQL Server
MySQL 5.6
212
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Amazon DynamoDB:
Supported Operations
Table Operations:
Create, update, and delete tables.
After creation, you can increase or decrease provisioned throughput.
Retrieve the table’s status, the primary key, and when the table was
created.
List all tables in your account for a region.
Item Operations:
Add, update, and delete items from a table.
Add, update, and delete existing attributes from an item.
Perform conditional updates.
Retrieve a single item or multiple items.
213
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Local Secondary Index
214
Partition Key
Sort Key
LSI
Table: Music
Partition Key:Artist
Sort Key: SongTitle
LSI: AlbumTitle
Table:
Music
Artist
Song
Title
Album
Title Year Genre
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Genre Year Song Title
Global Secondary Index
215
Choose which attributes
to project (if any)
Table: Music
Partition Key: Artist
Sort Key: SongTitle GSI: MusicGSI
Partition Key: Genre
Sort Key:Year
Table:
Music
Artist
Song
Title
Album
Title Year Genre
Module 5 Appendix
AWS Elasticity and
Management Tool
AutoScaling
Advanced Concepts
217
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Scaling Plans
Auto Scaling
Minimum
Health Check
monitors running
instances within
an Auto Scaling
group.
If an unhealthy
instance is found,
it can be
replaced.
Manual Scaling
Specify a new
minimum for your
Auto Scaling
group.
Manually invoke
Auto Scaling
policies.
Scheduled Scaling
Scaling functions
are performed as
a function of time
and date.
On Demand Scaling
You create a
policy to scale
your resources.
Define when to
scale using
CloudWatch
Alarms.
218
Elastic Load Balancing
Advanced Concepts
219
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Load Balancer Types
220
Availability Zone A Availability Zone B
EC2 instancesEC2 instances
Internet-Facing
Load balancer
EC2 instancesEC2 instances
HTTPS
SSL handler/load
balancer
HTTPS traffic
Availability Zone BAvailability Zone AAvailability Zone B
EC2 instancesEC2 instances
Internal
Load balancer
private subnetprivate subnet
public subnet public subnet
EC2 instance EC2 instance
Availability Zone A
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Request Routing
221
client
DNS server
Load Balancer
Routing
Algorithm
Auto Scaling group
security group
EC2 instance
Auto Scaling group
security group
EC2 instance
EC2 instance
IP Addresses
elb.example.org
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Listeners
A listener is a process that checks for connection requests.
Front-end connections are:
Client to load balancer connections.
Configured with a protocol and a port.
Back-end connections are:
Load balancer to back-end instance connections.
Configured with a protocol and a port .
ELB supported protocols:
HTTP
HTTPS
TCP
SSL
222
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Back-end Instances
for Your Load Balancer
Health checks
Security groups
Subnets
Register
De-register instances
223
CloudWatch Advanced Concepts
224
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
CloudWatch Alarms
225
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Supported AWS Services
226
Auto Scaling
Amazon
CloudFront
Amazon CloudWatch
Amazon
CloudSearch
Amazon
DynamoDB
Amazon EC2
Amazon
ElastiCache
Amazon EBS
Elastic Load
Balancing
Amazon EMR
Amazon Kinesis Amazon EC2
Container Service
AWS OpsWorks
Amazon Redshift
Amazon RDS
Amazon
Route 53
Amazon SNS
Amazon
SQS
Amazon
SWF
Amazon S3AWS Storage Gateway Amazon
WorkSpaces
Amazon Machine
Learning
AWS Lambda AWSWAF
Module 6 Appendix
Wrap-Up
AWS Support
228
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Case Severity & Response Times
229
Critical Urgent High Normal Low
Enterprise Plan
(24 x 7)
15 minutes or less 1 hour or less 4 hours or less 12 hours or less 24 hours or
Business Plan
(24 x 7)
1 hour or less 4 hours or less 12 hours or less 24 hours or
Developer Plan
(Business hours)
12 hours or less 24 hours or
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Support Pricing
Basic Developer Business Enterprise
Included $29/month
-or-
3% of monthly
AWS spend
Greater of $100
-or-
10% of monthly AWS usage for
first $0-$10K
7% of monthly AWS usage from
$10K-$80K
5% of monthly AWS usage from
$80K-$250K
3% of monthly AWS usage over
$250K
Greater of $15,000
-or-
10% of monthly AWS usage for the
$0-$150K
7% of monthly AWS usage from
$150K-$500K
5% of monthly AWS usage from
$500k-$1M
3% of monthly AWS usage over
$1M
230
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Pricing Examples
Business Pricing Example
For $85K in AWS monthly usage:
$10,000 x 10% = $1,000
(10% of the first $0 - $10K of usage)
+ $70,000 x 7% = $4,900
(7% of usage from $10K - $80K)
+ $5,000 x 5% = $250
(5% of usage from $80K - $250K)
+ $0 x 3% = $0
(3% of usage over $250K)
Total: $6,500
231
Enterprise Pricing Example
For $1.2M in AWS monthly usage:
$150,000 x 10% = $15,000
(10% of the first $0 - $150K of
usage)
+ $350,000 x 7% = $24,500
(7% of usage from $150K - $500K)
+ $500,000 x 5% = $25,000
(5% of usage from $500K - $1M)
+ $200,000 x 3% = $6,000
(3% of usage over $1M)
Total: $70,500
Thanks for participating!
© 2018 Amazon Web Services, Inc. or its affiliates. All rights reserved. This work may not be reproduced or redistributed, in whole
or in part, without prior written permission from Amazon Web Services, Inc. Commercial copying, lending, or selling is prohibited.
Corrections or feedback on the course, please email us at: aws-course-feedback@amazon.com. For all other questions, contact us
at: https://aws.amazon.com/contact-us/aws-training/. All trademarks are the property of their owners.

Mais conteúdo relacionado

Mais procurados

AWS Multi-Account Architecture and Best Practices
AWS Multi-Account Architecture and Best PracticesAWS Multi-Account Architecture and Best Practices
AWS Multi-Account Architecture and Best PracticesAmazon Web Services
 
Landing Zones - Creating a Foundation for Your AWS Migrations
Landing Zones - Creating a Foundation for Your AWS MigrationsLanding Zones - Creating a Foundation for Your AWS Migrations
Landing Zones - Creating a Foundation for Your AWS MigrationsAmazon Web Services
 
Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...
Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...
Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...Amazon Web Services
 
AWS Security Best Practices and Design Patterns
AWS Security Best Practices and Design PatternsAWS Security Best Practices and Design Patterns
AWS Security Best Practices and Design PatternsAmazon Web Services
 
Introduction to AWS Lambda and Serverless Applications
Introduction to AWS Lambda and Serverless ApplicationsIntroduction to AWS Lambda and Serverless Applications
Introduction to AWS Lambda and Serverless ApplicationsAmazon Web Services
 
Cloud Migration, Application Modernization and Security for Partners
Cloud Migration, Application Modernization and Security for PartnersCloud Migration, Application Modernization and Security for Partners
Cloud Migration, Application Modernization and Security for PartnersAmazon Web Services
 
Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...
Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...
Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...Amazon Web Services
 
Introduction to Amazon Web Services by i2k2 Networks
Introduction to Amazon Web Services by i2k2 NetworksIntroduction to Amazon Web Services by i2k2 Networks
Introduction to Amazon Web Services by i2k2 Networksi2k2 Networks (P) Ltd.
 
Executing a Large-Scale Migration to AWS
Executing a Large-Scale Migration to AWSExecuting a Large-Scale Migration to AWS
Executing a Large-Scale Migration to AWSAmazon Web Services
 
Introduction to AWS and Cloud Computing - Module 1 Part 1 - AWSome Day 2017
Introduction to AWS and Cloud Computing - Module 1 Part 1 - AWSome Day 2017Introduction to AWS and Cloud Computing - Module 1 Part 1 - AWSome Day 2017
Introduction to AWS and Cloud Computing - Module 1 Part 1 - AWSome Day 2017Amazon Web Services
 
AWS Security Week: AWS Secrets Manager
AWS Security Week: AWS Secrets ManagerAWS Security Week: AWS Secrets Manager
AWS Security Week: AWS Secrets ManagerAmazon Web Services
 
Getting Started on Amazon EKS
Getting Started on Amazon EKSGetting Started on Amazon EKS
Getting Started on Amazon EKSMatthew Barlocker
 

Mais procurados (20)

AWS Multi-Account Architecture and Best Practices
AWS Multi-Account Architecture and Best PracticesAWS Multi-Account Architecture and Best Practices
AWS Multi-Account Architecture and Best Practices
 
AWS Business Essentials Day
AWS Business Essentials DayAWS Business Essentials Day
AWS Business Essentials Day
 
Landing Zones - Creating a Foundation for Your AWS Migrations
Landing Zones - Creating a Foundation for Your AWS MigrationsLanding Zones - Creating a Foundation for Your AWS Migrations
Landing Zones - Creating a Foundation for Your AWS Migrations
 
AWS networking fundamentals
AWS networking fundamentalsAWS networking fundamentals
AWS networking fundamentals
 
AWS Cloud Adoption Framework
AWS Cloud Adoption Framework AWS Cloud Adoption Framework
AWS Cloud Adoption Framework
 
AWS Security Hub
AWS Security HubAWS Security Hub
AWS Security Hub
 
Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...
Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...
Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...
 
Cloud Migration Workshop
Cloud Migration WorkshopCloud Migration Workshop
Cloud Migration Workshop
 
AWS Security Best Practices and Design Patterns
AWS Security Best Practices and Design PatternsAWS Security Best Practices and Design Patterns
AWS Security Best Practices and Design Patterns
 
Introduction to AWS Lambda and Serverless Applications
Introduction to AWS Lambda and Serverless ApplicationsIntroduction to AWS Lambda and Serverless Applications
Introduction to AWS Lambda and Serverless Applications
 
Cloud Migration, Application Modernization and Security for Partners
Cloud Migration, Application Modernization and Security for PartnersCloud Migration, Application Modernization and Security for Partners
Cloud Migration, Application Modernization and Security for Partners
 
Getting Started on AWS
Getting Started on AWSGetting Started on AWS
Getting Started on AWS
 
Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...
Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...
Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...
 
AWS Security by Design
AWS Security by Design AWS Security by Design
AWS Security by Design
 
Introduction to Amazon Web Services by i2k2 Networks
Introduction to Amazon Web Services by i2k2 NetworksIntroduction to Amazon Web Services by i2k2 Networks
Introduction to Amazon Web Services by i2k2 Networks
 
Executing a Large-Scale Migration to AWS
Executing a Large-Scale Migration to AWSExecuting a Large-Scale Migration to AWS
Executing a Large-Scale Migration to AWS
 
AWS Business Essentials
AWS Business EssentialsAWS Business Essentials
AWS Business Essentials
 
Introduction to AWS and Cloud Computing - Module 1 Part 1 - AWSome Day 2017
Introduction to AWS and Cloud Computing - Module 1 Part 1 - AWSome Day 2017Introduction to AWS and Cloud Computing - Module 1 Part 1 - AWSome Day 2017
Introduction to AWS and Cloud Computing - Module 1 Part 1 - AWSome Day 2017
 
AWS Security Week: AWS Secrets Manager
AWS Security Week: AWS Secrets ManagerAWS Security Week: AWS Secrets Manager
AWS Security Week: AWS Secrets Manager
 
Getting Started on Amazon EKS
Getting Started on Amazon EKSGetting Started on Amazon EKS
Getting Started on Amazon EKS
 

Semelhante a AWS Technical Essentials Day

Module 1 - AWSome Day Online Conference Thailand
Module 1 - AWSome Day Online Conference Thailand Module 1 - AWSome Day Online Conference Thailand
Module 1 - AWSome Day Online Conference Thailand Amazon Web Services
 
Module 1: AWS Introduction and History - AWSome Day Online Conference - APAC
Module 1: AWS Introduction and History - AWSome Day Online Conference - APACModule 1: AWS Introduction and History - AWSome Day Online Conference - APAC
Module 1: AWS Introduction and History - AWSome Day Online Conference - APACAmazon Web Services
 
AWSome Day Nashville 2018_Training
AWSome Day Nashville 2018_Training AWSome Day Nashville 2018_Training
AWSome Day Nashville 2018_Training Amazon Web Services
 
Getting Started on AWS - AWSome Day Houston 2018
Getting Started on AWS - AWSome Day Houston 2018Getting Started on AWS - AWSome Day Houston 2018
Getting Started on AWS - AWSome Day Houston 2018Amazon Web Services
 
AWSome Day 2016 - Module 1: AWS Introduction and History
AWSome Day 2016 - Module 1: AWS Introduction and HistoryAWSome Day 2016 - Module 1: AWS Introduction and History
AWSome Day 2016 - Module 1: AWS Introduction and HistoryAmazon Web Services
 
awsomedaymodules14gettingstartedwithaws161013161135convertedpptx__2022_01_10_...
awsomedaymodules14gettingstartedwithaws161013161135convertedpptx__2022_01_10_...awsomedaymodules14gettingstartedwithaws161013161135convertedpptx__2022_01_10_...
awsomedaymodules14gettingstartedwithaws161013161135convertedpptx__2022_01_10_...himanipatel524244
 
AWS Partner Presentation - Digicomp - AWSome Day Zurich 112016
AWS Partner Presentation - Digicomp - AWSome Day Zurich 112016AWS Partner Presentation - Digicomp - AWSome Day Zurich 112016
AWS Partner Presentation - Digicomp - AWSome Day Zurich 112016Amazon Web Services
 
AWS PROTECTED: Why This Matters for Australia - AWS Summit Sydney
AWS PROTECTED: Why This Matters for Australia - AWS Summit SydneyAWS PROTECTED: Why This Matters for Australia - AWS Summit Sydney
AWS PROTECTED: Why This Matters for Australia - AWS Summit SydneyAmazon Web Services
 
Getting Started on AWS - AWSome Day Dallas 2018
Getting Started on AWS - AWSome Day Dallas 2018Getting Started on AWS - AWSome Day Dallas 2018
Getting Started on AWS - AWSome Day Dallas 2018Amazon Web Services
 
Module 1 - AWSome Day Online Conference 2018
Module 1 - AWSome Day Online Conference 2018Module 1 - AWSome Day Online Conference 2018
Module 1 - AWSome Day Online Conference 2018Amazon Web Services
 
Security & Governance on AWS – Better, Faster, and Cost Effective - Technical...
Security & Governance on AWS – Better, Faster, and Cost Effective - Technical...Security & Governance on AWS – Better, Faster, and Cost Effective - Technical...
Security & Governance on AWS – Better, Faster, and Cost Effective - Technical...Amazon Web Services
 

Semelhante a AWS Technical Essentials Day (20)

Module 1 - AWSome Day Online Conference Thailand
Module 1 - AWSome Day Online Conference Thailand Module 1 - AWSome Day Online Conference Thailand
Module 1 - AWSome Day Online Conference Thailand
 
AWSome Day Nairobi 2019
AWSome Day Nairobi 2019AWSome Day Nairobi 2019
AWSome Day Nairobi 2019
 
Module 1: AWS Introduction and History - AWSome Day Online Conference - APAC
Module 1: AWS Introduction and History - AWSome Day Online Conference - APACModule 1: AWS Introduction and History - AWSome Day Online Conference - APAC
Module 1: AWS Introduction and History - AWSome Day Online Conference - APAC
 
AWSome Day Nashville 2018_Training
AWSome Day Nashville 2018_Training AWSome Day Nashville 2018_Training
AWSome Day Nashville 2018_Training
 
AWS Intro & History
AWS Intro & HistoryAWS Intro & History
AWS Intro & History
 
Getting Started on AWS - AWSome Day Houston 2018
Getting Started on AWS - AWSome Day Houston 2018Getting Started on AWS - AWSome Day Houston 2018
Getting Started on AWS - AWSome Day Houston 2018
 
AWSome Day 2016 - Module 1: AWS Introduction and History
AWSome Day 2016 - Module 1: AWS Introduction and HistoryAWSome Day 2016 - Module 1: AWS Introduction and History
AWSome Day 2016 - Module 1: AWS Introduction and History
 
Getting Started on AWS
Getting Started on AWSGetting Started on AWS
Getting Started on AWS
 
Technical Track
Technical TrackTechnical Track
Technical Track
 
Getting Started with AWS
Getting Started with AWSGetting Started with AWS
Getting Started with AWS
 
awsomedaymodules14gettingstartedwithaws161013161135convertedpptx__2022_01_10_...
awsomedaymodules14gettingstartedwithaws161013161135convertedpptx__2022_01_10_...awsomedaymodules14gettingstartedwithaws161013161135convertedpptx__2022_01_10_...
awsomedaymodules14gettingstartedwithaws161013161135convertedpptx__2022_01_10_...
 
AWSome Day | Tech Track
AWSome Day | Tech TrackAWSome Day | Tech Track
AWSome Day | Tech Track
 
AWS Partner Presentation - Digicomp - AWSome Day Zurich 112016
AWS Partner Presentation - Digicomp - AWSome Day Zurich 112016AWS Partner Presentation - Digicomp - AWSome Day Zurich 112016
AWS Partner Presentation - Digicomp - AWSome Day Zurich 112016
 
AWSome Day Intro
AWSome Day IntroAWSome Day Intro
AWSome Day Intro
 
AWSome Day Helsinki Training
AWSome Day Helsinki TrainingAWSome Day Helsinki Training
AWSome Day Helsinki Training
 
AWS PROTECTED: Why This Matters for Australia - AWS Summit Sydney
AWS PROTECTED: Why This Matters for Australia - AWS Summit SydneyAWS PROTECTED: Why This Matters for Australia - AWS Summit Sydney
AWS PROTECTED: Why This Matters for Australia - AWS Summit Sydney
 
AWSome Day Digital LATAM
AWSome Day Digital LATAMAWSome Day Digital LATAM
AWSome Day Digital LATAM
 
Getting Started on AWS - AWSome Day Dallas 2018
Getting Started on AWS - AWSome Day Dallas 2018Getting Started on AWS - AWSome Day Dallas 2018
Getting Started on AWS - AWSome Day Dallas 2018
 
Module 1 - AWSome Day Online Conference 2018
Module 1 - AWSome Day Online Conference 2018Module 1 - AWSome Day Online Conference 2018
Module 1 - AWSome Day Online Conference 2018
 
Security & Governance on AWS – Better, Faster, and Cost Effective - Technical...
Security & Governance on AWS – Better, Faster, and Cost Effective - Technical...Security & Governance on AWS – Better, Faster, and Cost Effective - Technical...
Security & Governance on AWS – Better, Faster, and Cost Effective - Technical...
 

Mais de Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

Mais de Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

AWS Technical Essentials Day

  • 2. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Objectives Recognize terminology and concepts as they relate to the AWS platform and navigate the AWS Management Console. Understand the foundational services, including Amazon Elastic Compute Cloud (EC2), Amazon Virtual Private Cloud (VPC), Amazon Simple Storage Service (S3), and Amazon Elastic Block Store (EBS). Understand the security measures AWS provides and key concepts of AWS Identity and Access Management (IAM). Understand AWS database services, including Amazon DynamoDB and Amazon Relational Database Service (RDS). Understand AWS management tools, including Auto Scaling, Amazon CloudWatch, Elastic Load Balancing (ELB), and AWS Trusted Advisor.
  • 3. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Module Layout Module 1: Introduction and History of AWS Module 2: Foundational Services – Amazon EC2, Amazon VPC, Amazon S3, Amazon EBS Module 3: Security, Identity, and Access Management - IAM Module 4: Databases – Amazon DynamoDB and Amazon RDS Module 5: AWS Elasticity and Management Tools – Auto Scaling, Elastic Load Balancing, Amazon CloudWatch, and AWS Trusted Advisor Module 6: Wrap-Up Module 7: Appendices
  • 5. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon History 1994: Jeff Bezos incorporated the company. 1995: Amazon.com launched its online bookstore. 2005: Amazon Publishing was launched. 2006: Amazon Web Services (AWS) was launched. 2007: Kindle was launched. 2011: Amazon Fresh was launched. 2012: Amazon Game Studios was launched. 2013: Amazon Art was launched. 2014: Amazon Prime Now was launched. 2015: Amazon Echo were launched. 2018: Amazon go was launched.
  • 6. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Web Services Enable businesses and developers to use web services to build scalable, sophisticated applications. ComputeMessaging Mobile App Services Database Networking Development and ManagementTools Payments VPC On-DemandWorkforce Analytics Content Delivery Storage
  • 7. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Pace of Innovation AWS offers over 175 fully featured services for compute, storage, databases, networking, analytics, machine learning, and artificial intelligence (AI), Internet of Things (IoT), mobile, security, hybrid, and application development, deployment, and management. AWS has launched a total of 1845 new features or services year to date* for a total of 6,284 new features or services since inception in 2006. * As of December 2019 2011 82 722 1,430 280 2013 2015 2017 AWS Pace of Innovation 2019 1,845
  • 8. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 6,284 AWS Direct Connect AWS Elastic Beanstalk Schema Conversion Tool AWS Shield Amazon EFS WorkSpaces Amazon Lumberyard Amazon Pinpoint AWS IoT AWS Managed Services Amazon Route 53 AWS Import/Export AWS OpsWorks for Chef Automate Amazon Redshift Amazon DynamoDB Amazon Polly AWS Snowball AWS Organizations Device Farm AWS Config Amazon RDS for Aurora WorkDocs AWS Snowball Edge AWS CodeCommit AWS CodePipeline AWS Service Catalog CloudWatch Logs Amazon Lex AWS IoT Greengrass Amazon EC2 Systems Manager AWS WAF Amazon AppStream 2.0 Amazon Athena AWS Glue Amazon Lightsail Amazon Rekognition AWS Step Functions AWS Discovery Services AWS Certificate ManagerAmazon ElastiCache Mobile Analytics AWS Mobile Hub AWS Storage Gateway AWS OpsWorks AWS Batch Amazon Inspector Amazon Cognito AWS CodeDeploy AWS Personal Health Dashboard AWS Snowmobile Lambda AWS CodeBuild AWS X-Ray Amazon QuickSight Amazon Kinesis Firehose Amazon WorkMail Amazon Inspector Amazon Machine Learning Total New Services and Features *
  • 9. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Customers Public Sector Paving the way for innovation and supporting world-changing projects projects in government, education and nonprofit nonprofit organizations. Startups From the spark of an idea, to your first customer, to IPO and beyond, let Amazon Web Services help you build and grow your startup. Enterprise Customers Amazon Web Services delivers a mature set of services specifically designed for the unique security, compliance, privacy, and governance requirements of large organizations. .
  • 10. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Advantages and Benefits of AWS Cloud Computing Trade capital expense for variable expense. Benefit from massive economies of scale. Stop guessing capacity. Go global in minutes. Increase speed and agility. Stop spending money on running and maintaining data centers.
  • 11. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS as a Leader in Cloud Infrastructure as a Service AWS is positioned as a leader in the Gartner Magic Quadrant for Cloud Infrastructure as a Service worldwide*. AWS is rated highest in execution and furthest in vision within the Leaders Quadrant. *Gartner, Magic Quadrant for Cloud Infrastructure as a Service, Worldwide,Raj Bala, Bob Gill, Dennis Smith, David Wright, July 2019 This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from AWS. https://pages.awscloud.com/Gartner-Magic-Quadrant-for-Infrastructure-as-a-Service- Worldwide.html - Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
  • 12. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Core Infrastructure and Services Traditional Infrastructure Amazon Web Services Security Network Security Network Security Groups NACLs Access Mgmt VPCVPC EC2 “Classic” “Public” ELB On-DemandProvision Security Security groups Network ACLs AWS IAMFirewalls ACLs Administrators Storage and Database RDBMSDAS SAN NAS Amazon EBS Amazon EFS Amazon S3 Amazon RDS Networking AmazonVPCElastic Load BalancingRouter Network pipeline Switch Servers AMI Amazon EC2 instancesOn-premises servers
  • 13. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Cloud Computing Infrastructure Regions Edge locationsAvailability Zones Foundation Services Compute (Virtual,Auto Scaling, and load balancing) Networking Applications Virtual Desktops Collaboration and Sharing Platform Services Databases Relational NoSQL Caching Analytics Cluster Computing Real-time Data Warehouse Data Workflows App Services Queuing Orchestration App Streaming Transcoding Email Search Deployment and Management Containers DevOps Tools ResourceTemplates UsageTracking Monitoring and Logs Mobile Services Identity Sync MobileAnalytics Notifications Storage (Object, block, and archive)
  • 14. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Compute Amazon EC2 Network Amazon CloudFront Amazon Route 53 Amazon VPC AWS Direct Connect Elastic Load Balancing Storage Amazon EFS Amazon S3 Glacier Amazon S3 AWS Snowball AWS Storage Gateway Security & Identity Amazon Inspector AWS Artifact AWS Certificate Manager AWS CloudHSM AWS Directory Service AWS IAM AWS KMS AWS Organizations AWS Shield AWS WAF Applications Amazon WorkDocs Amazon WorkMail Amazon AppStream 2.0 Amazon WorkSpaces Amazon Elastic Container Registry Amazon Elastic Container Service Amazon Lightsail AWS Batch AWS Elastic Beanstalk AWS Lambda AWS Foundation Services
  • 15. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Platform Services Databases Amazon DynamoDB Analytics Amazon Athena Application Services Amazon API Gateway Management Tools Amazon RDS Amazon ElastiCache Amazon Redshift Amazon CloudSearch Amazon EMR Amazon Elasticsearch Service Amazon Kinesis Amazon QuickSight Amazon AppStream 2.0 Amazon Elastic Transcoder Amazon SWF AWS Step Functions Amazon CloudWatch AWS CloudFormation AWS CloudTrail AWS Config AWS Managed Services AWS OpsWorks AWS Service Catalog AWS Trusted Advisor Developer Tools AWS CodeBuild AWS CodeCommit AWS CodeDeploy AWS CodePipeline AWS X-Ray Mobile Services Amazon Cognito Amazon Mobile Analytics Amazon Pinpoint AWS Device Farm AWS Mobile Hub Internet ofThings AWS IoT AWS IoT Greengrass AWS CodeStar
  • 16. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Global Infrastructure Regions Geographic locations Consist of at least two Availability Zones Availability Zones Clusters of data centers Isolated from failures in other Availability Zones
  • 17. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Global Infrastructure Map AWS spans 76 Availability Zones within 24 Regions around the world, and has announced plans for 9 more Availability Zones and 3 more AWS Regions in Indonesia, Japan, and Spain. * As of January 2020
  • 18. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Global Infrastructure Regions At least 2 Availability Zones per region Examples: Note: Conceptual drawing only. The number of Availability Zones (AZ) may vary. US East (VA) AZ - a AZ - b AZ - c AZ - d AZ - e Asia Pacific (Tokyo) AZ - a AZ - b AZ – c US East (N. Virginia) us-east-1a us-east-1b us-east-1c us-east-1d us-east-1e us-east-1f AZ - f Asia Pacific (Tokyo) ap-northeast-1a ap-northeast-1b ap-northeast-1c ap-northeast-1d AZ - d
  • 19. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. High Availability Using Multi-AZ Deployments Availability Zone - A Availability Zone - B Availability Zone - C Region
  • 20. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Global Infrastructure – Points of Presence 216 Points of Presence 205 Edge Locations 11 Regional Edge Caches Local points of presence that support AWS services like: Amazon Route 53 Amazon CloudFront AWS WAF AWS Shield
  • 22. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Knowledge Check Q: What is the AWS term for physically distinct groups of data centers within a region? True or False: There are more regions than edge locations. True or False: AWS owns and maintains the infrastructure required for application services. You provision and use them as needed. Q: How do Availability Zones in the same region differ? Availability Zone False True Each Availability Zone is isolated, but the Availability Zones in a region are connected through low-latency links.
  • 24. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Module 2 Topics Amazon Elastic Compute Cloud (EC2) Amazon Virtual Private Cloud (VPC) Lab 1: Build your VPC and launch a web server Amazon Storage Services Amazon Simple Storage Service (S3) Amazon Elastic Block Store (EBS)
  • 26. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Elastic Compute Cloud (EC2) Resizable compute capacity Complete control of your computing resources Reduced time required to obtain and boot new server instancesAmazon EC2
  • 27. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon EC2 Facts Scale capacity as your computing requirements change Pay only for capacity that you actually use Choose Linux or Windows Deploy across AWS Regions and Availability Zones for reliability Use tags to help manage your Amazon EC2 resources
  • 28. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Choosing the Right Amazon EC2 Instance Type Amazon EC2 provides a wide selection of instance types that are optimized for different use cases and workload requirements. Consider the following when choosing your instances: Core count Memory size Storage size and type Network performance CPU technologies Most AWS instance types include the latest generation Intel® Xeon processors.
  • 29. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Choosing the Right Amazon EC2 Instance Type Amazon EC2 Families: • General Purpose: Balanced workloads • Compute-Optimized: High-performance computing, data lakes, network appliances • Memory-Optimized: High-performance databases, in- memory databases • Accelerated Computing: GPU-intensive workloads (machine learning, 3D rendering) • Storage-Optimized: High IOPS at low cost
  • 30. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Intel® Xeon Scalable Processors Latest generation of 2nd generation Intel Xeon Scalable processors Available in latest generation Amazon EC2 instance types Up to: 28 cores per CPU 6 memory channels 48 PCIe lanes of bandwidth/throughput 100 Gbps network bandwidth (C5n.16xlarge)
  • 31. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Intel® Xeon Family and EC2 Instances E7 Processor Family Memory Optimized: X1/X1e E5 Processor Family General Purpose: M4 Compute-Optimized: C4 Memory-Optimized: R4 GPU Intensive: P2/P3, G3, F1 Storage Optimized: H1, I3, D2 Scalable Processor Family Memory-Optimized: z1d, R5, High Memory Compute-Optimized: C5/C5n General Purpose CPU: M5 General Purpose: T3
  • 32. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Comparing Intel Xeon Generations C4 Instances • 2.9 GHz Intel Xeon E5-2666 v3 (Haswell) CPUs • Up to 36 vCPUs • Up to 60 GiB memory • Up to 4k Mbps dedicated EBS bandwidth • Up to 10 Gbps network bandwidth C5n Instances • 3.0 GHz Intel Xeon Platinum CPUs • Up to 72 vCPUs • Up to 192 GiB memory • Up to 14k Mbps dedicated EBS bandwidth • 25-100 Gbps network bandwidth
  • 33. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. C5n Instance Example Sizing Choices vCPUs Memory (GiB) Network (Gbps) large 2 5.25 Up to 25 xlarge 4 10.5 Up to 25 2xlarge 8 21 Up to 25 4xlarge 16 42 Up to 25 9xlarge 36 96 50 18xlarge 72 192 100
  • 34. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Choosing the Right Instance Newer generation instance types usually have a better price-to- performance ratio. Examples*: Instance Change Costs Saved per Instance T2.XLarge to T3.Large 47% T2.Large to T3.Medium 44% C4.8XLarge to C5.4XLarge 50% * According to TSO Logic, November 2018 (link in notes)
  • 35. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Launching an Amazon EC2 Instance via the Management Console Determine the AWS Region in which you want to launch the Amazon EC2 instance. Launch an Amazon EC2 instance from a pre-configured Amazon Machine Image (AMI). Choose an instance type based on CPU, memory, storage, and network requirements. Configure network, IP address, security groups, storage volume, tags, and key pair.
  • 36. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Machine Image (AMI) Details An AMI includes the following: A template for the root volume for the instance (for example, an operating system, an application server, and applications). Launch permissions that control which AWS accounts can use the AMI to launch instances. A block device mapping that specifies the volumes to attach to the instance when it is launched.
  • 37. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Instances and AMIs Select an AMI based on: Region Operating system Architecture (32-bit or 64-bit) Launch permissions Storage for the root device AMI Instances Instance Launch instances of any type Host computer Host computer
  • 38. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon EC2 Instances OS, Applications and Configuration AMI Running or StoppedVM Instances AZ VPC Region EBS Amazon S3 EBS Snapshots S3 Buckets EBS EBS EBS EBS EBS AZ Instances Instances
  • 39. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Instance Lifecycle AMI pending Launch runningrebooting Reboot Start terminated shutting-down Terminate Terminate EBS-backed instances only Stop stopping stopped
  • 40. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Instance Metadata Is data about your instance. Can be used to configure or manage a running instance.
  • 41. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Retrieving Instance Metadata To view all categories of instance metadata from within a running instance, use the following URI: http://169.254.169.254/latest/meta-data/ On a Linux instance, you can use: $ curl http://169.254.169.254/latest/meta-data/ $ GET http://169.254.169.254/latest/meta-data/ All metadata is returned as text (content type text/plain).
  • 42. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Instance User Data Can be passed to the instance at launch. Can be used to perform common automated configuration tasks. Runs scripts after the instance starts.
  • 43. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Adding User Data You can specify user data when launching an instance. User data can be: Linux script – executed by cloud-init Windows batch or PowerShell scripts – executed by EC2Launch service User data scripts run once per instance ID by default.
  • 44. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. User Data Example Linux #!/bin/sh yum -y install httpd chkconfig httpd on /etc/init.d/httpd start User data shell scripts must start with the #! characters and the path to the interpreter you want to read the script. Install Apache web server Enable the web server Start the web server
  • 45. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. User Data Example Windows <powershell> Import-Module ServerManager Install-WindowsFeature web-server, web-webserver Install-WindowsFeature web-mgmt-tools </powershell> Import the Server Manager module for Windows PowerShell. Install IIS Install Web Management Tools
  • 46. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Retrieving User Data To retrieve user data, use the following URI: http://169.254.169.254/latest/user-data On a Linux instance, you can use: $ curl http://169.254.169.254/latest/user-data/ $ GET http://169.254.169.254/latest/user-data/
  • 47. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon EC2 Purchasing Options On-Demand Instances Pay by the hour. Reserved Instances Purchase, at a significant discount, instances that are always available. 1-year to 3- year terms. Scheduled Instances Purchase instances that are always available on the specified recurring schedule, for a one-year term. Spot Instances Bid on unused instances, which can run as long as they are available and your bid is above the Spot price. Dedicated Hosts Pay for a physical host that is fully dedicated to running your instances. Dedicated Instances Pay, by the hour, for instances that run on single- tenant hardware.
  • 48. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Marketplace: IT Software Optimized for the Cloud Online store to discover, purchase, and deploy IT software on top of the AWS infrastructure. Catalog of 4100+ IT software solutions including Paid, BYOL, Open Source, SaaS, and free-to-try options. Pre-configured to operate on AWS. Software checked by AWS for security and operability. Deploys to AWS environment in minutes. Flexible, usage-based billing models. Software charges billed to AWS account. Includes AWS Test Drive/Quick Starts. https://aws.amazon.com/marketplace
  • 50. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Virtual Private Cloud (VPC) Provision a private, isolated virtual network on the AWS cloud. Have complete control over your virtual networking environment. Amazon VPC
  • 51. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. VPCs and Subnets A subnet defines a range of IP addresses in your VPC. You can launch AWS resources into a subnet that you select. A private subnet should be used for resources that won’t be accessible over the Internet. A public subnet should be used for resources that will be accessed over the Internet. Each subnet must reside entirely within one Availability Zone and cannot span zones.
  • 52. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon VPC Example Public Subnet Private Subnet VPN Only Subnet DB Server Web Server Customer Network R Internet App Server VPC NAT Gateway Internet Gateway Web Server App Server DB Server Virtual Private Gateway
  • 53. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Security in Your VPC Security groups Network access control lists (ACLs) Key Pairs Subnet 10.0.1.0/24 Internet GatewayVPN Gateway VPC Router 10.0.0.0/16 Security Group Security Group Network ACL Network ACL RouteTable RouteTable instance instance instance instance Subnet 10.0.0.0/24 Security Group Security Group
  • 54. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. VPN Connections VPN Connectivity option Description AWS HardwareVPN You can create an IPsec hardware VPN connection between your VPC and your remote network. AWS Direct Connect AWS Direct Connect provides a dedicated private connection from a remote network to your VPC. AWSVPN CloudHub You can create multiple AWS hardware VPN via your VPC to enable communications between remote networks. SoftwareVPN You can create a VPN connection to your remote by using an Amazon EC2 instance in your VPC that’s running a software VPN appliance.
  • 55. Storage Services: Amazon S3 and Amazon EBS
  • 56. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Simple Storage Service (S3) Storage for the Internet Natively online, HTTP access Storage that allows you to store and retrieve any amount of data, any time, from anywhere on the web Highly scalable, reliable, fast and durable Amazon S3
  • 57. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon S3 Facts Can store an unlimited number of objects in a bucket Objects can be up to 5 TB; no bucket size limit Designed for 99.999999999% durability and 99.99% availability of objects over a given year Can use HTTP/S endpoints to store and retrieve any amount of data, at any time, from anywhere on the web Highly scalable, reliable, fast, and inexpensive Can use optional server-side encryption using AWS or customer- managed provided client-side encryption Auditing is provided by access logs Provides standards-based REST and SOAP interfaces
  • 58. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Common Use Scenarios Storage and backup Application file hosting Media hosting Software delivery Store AMIs and snapshots
  • 59. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon S3 Concepts Amazon S3 stores data as objects within buckets. An object is composed of a file and optionally any metadata that describes that file. You can have up to 100 buckets in each account. You can control access to the bucket and its objects. Amazon S3 Bucket with Objects Bucket Object
  • 60. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Object Keys An object key is the unique identifier for an object in a bucket. http://doc.s3.amazonaws.com/2006-03-01/AmazonS3.html Bucket Object/Key
  • 61. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon S3 Security You can control access to buckets and objects with: Access Control Lists (ACLs) Bucket policies Identity and Access Management (IAM) policies You can upload or download data to Amazon S3 via SSL encrypted endpoints. You can encrypt data using AWS SDKs.
  • 62. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon S3 Versioning Protects from accidental overwrites and deletes with no performance penalty. Generates a new version with every upload. Allows easily retrieval of deleted objects or roll back to previous versions. Three states of an Amazon S3 bucket Un-versioned (default) Versioning-enabled Versioning-suspended Versioning Enabled Key: photo.gif ID: 121212 Key: photo.gif ID: 111111
  • 63. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon S3 Object Lifecycle Lifecycle management defines how Amazon S3 manages objects during their lifetime. Some objects that you store in an Amazon S3 bucket might have a well-defined lifecycle: Log files Archive documents Digital media archives Financial and healthcare records Raw genomics sequence data Long-term database backups Data that must be retained for regulatory compliance
  • 64. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon S3 Pricing Pay only for what you use No minimum fee Prices based on location of your Amazon S3 bucket Estimate monthly bill using the AWS Simple Monthly Calculator Pricing is available as: Storage Pricing Request Pricing Data Transfer Pricing: data transferred out of Amazon S3
  • 65. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Glacier Long term low-cost archiving service Optimal for infrequently accessed data Designed for 99.999999999% durability Three to five hours’ standard retrieval time Less than $0.01 per GB/month (depending on region)
  • 66. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon S3 Storage Classes Storage Class Durability Availability Other Considerations Amazon S3 Standard 99.999999999% 99.99% Amazon S3 Standard - Infrequent Access (IA) 99.999999999% 99.9% • Retrieval fee associated with objects • Most suitable for infrequently accessed data Glacier 99.999999999% 99.99% (once restored) • Not available for real-time access • Must restore objects before can access them • Restoring objects can take 1 minute - 12 hours
  • 68. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Elastic Block Store (EBS) Persistent block level storage volumes offer consistent and low-latency performance. Stored data is automatically replicated within its Availability Zone. Snapshots are stored durably in Amazon S3. Amazon EBS
  • 69. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon EBS Lifecycle Vast amounts of unused space Create Call CreateVolume 1 GiB to 16TiB Attach Call AttachVolume to affiliate with one Amazon EC2 instance Attached and In Use • Format fromAmazon EC2 instance OS • Mount formatted drive CreateSnapshot Snapshot to Amazon S3 Detach Call DetachVolume Deleted Call DeleteVolume
  • 70. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon EBS Volume Types SSD-backed volumes are: Optimized for transactional workloads that involve frequent read/write operations with small I/O size. Dominant in IOPS performance. HDD-backed volumes are Optimized for large streaming workloads. Dominant in throughput (measured in MiB/s).
  • 71. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon EBS Volume Types SSD HDD VolumeType General Purpose SSD (gp2) Provisioned IOPS SSD (io1) Throughput Optimized HDD (st1) Cold HDD (sc1) Description Balances price and performance for a wide variety of transactional loads. Highest-performance SSD volume for mission-critical applications. Low-cost HDD designed for frequently accessed, throughput-intensive workloads. Lowest cost HDD designed for less frequently accessed workloads. Volume Sizes 1 GiB – 16 TiB 4 GiB – 16 TiB 500 GiB – 16 TiB 500 GiB – 16 TiB Dominant Performance Attribute IOPS IOPS MiB/s MiB/s
  • 72. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon EBS Facts EBS is recommended when data must be quickly accessible and requires long-term persistence. You can launch your EBS volumes as encrypted volumes. Data stored at rest on the volume, disk I/O, and snapshots created from the volume are all encrypted. You can create point-in-time snapshots of EBS volumes, which are persisted to Amazon S3.
  • 73. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon EBS Use Cases OS: Use for boot/root volume, secondary volumes Databases: Scales with your performance needs Enterprise applications: Provides reliable block storage to run mission-critical applications Business continuity: Minimize data loss and recovery time by regularly backing up using EBS Snapshots Applications: Install and persist any application
  • 74. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon EBS Pricing Pay for what you provision: Pricing based on region Review Pricing Calculator online Pricing is available as: Storage IOPS * Check Amazon EBS Pricing page for current pricing for all regions.
  • 75. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon EBS Scope Amazon EBS volumes are in a single Availability Zone Availability Zone A EBSVolume 1 Availability Zone B EBSVolume 2 Volume data is replicated across multiple servers in an Availability Zone.
  • 76. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon EBS and Amazon S3 Amazon EBS Amazon S3 Paradigm Block storage with file system Object store Performance Very fast Fast Redundancy Across multiple servers in an Availability Zone Across multiple facilities in a Security EBS Encryption – Data and Snapshots Encryption Access from the Internet? No (1) Yes (2) Typical use case It is a disk drive Online storage (1) Accessible from the Internet if mounted to server and set up as FTP, etc. (2) Only with proper credentials, unless ACLs are world-readable
  • 77. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon EC2 Instance Storage Is local, complimentary direct attached block storage. Includes availability, number of disks, and size based on EC2 instance type. Is optimized for up to 365,000 Read IOPS and 315,000 First Write IOPS. Is SSD or magnetic. Has no persistence. Automatically deletes data when an EC2 instance stops, fails or is terminated.
  • 78. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon EBS vs. Amazon EC2 Instance Store Amazon EBS Data stored on an Amazon EBS volume can persist independently of the life of the instance. Storage is persistent. Amazon EC2 Instance Store Data stored on a local instance store persists only as long as the instance is alive. Storage is ephemeral.
  • 79. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Reboot vs. Stop vs. Terminate Characteristic Reboot Stop/Start (EBS-backed instances only) Terminate Host computer The instance stays on the host computer. The instance runs on a new computer. Public IP address No change New address assigned Elastic IP addresses (EIP) EIP remains associated with instance. EIP remains associated with instance. EIP is disassociated from instance. Instance store volumes Preserved Erased Erased EBS volume Preserved Preserved Boot volume is deleted by default. Billing Instance billing hour doesn’t change. You stop incurring charges as soon as state is changed to stopping. You stop incurring charges soon as state is changed to shutting-down.
  • 80. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Knowledge Check Q: What AWS service would help support your web application by hosting static assets and storing user uploaded images and video off-instance? Q: How would an Amazon EC2 instance find its private and public IP addresses? Q: What acts as an additional layer of security at the subnet level in a VPC? True or False: Amazon S3 limits the total amount you can store. False (There is a 5TB limit per object) Retrieve the instance metadata: http://169.254.169.254/latest/meta-data/ Amazon S3 Network ACLs
  • 81. Module 3: AWS Security, Identity, and Access Management
  • 82. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Shared Responsibility Model AWS Foundation Services Compute Storage Database Networking AWS Global Infrastructure Regions Availability Zones Edge locations Client-side data encryption Server-side data encryption NetworkTraffic Protection Platform, Applications, Identity, and Access Management Operating system, network, and firewall configuration Customer Applications & Content Customers Customers are responsible for security IN the cloud AWS is responsible for the security OF the cloud
  • 83. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Physical Security 24/7 trained security staff AWS data centers in nondescript and undisclosed facilities Two-factor authentication for authorized staff Authorization for data center access
  • 84. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Hardware, Software, and Network Automated change-control process Bastion servers that record all access attempts Firewall and other boundary devices AWS monitoring tools
  • 85. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Assurance Programs
  • 86. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. SSL Endpoints VPC SecureTransmission Use secure endpoints to establish secure communication sessions (HTTPS). Instance Firewalls Use security groups to configure firewall rules for instances. SSL Endpoints Security Groups Network Control Use public and private subnets, NAT, and VPN support in your virtual private cloud to create low-level networking constraints for resource access. SSL Endpoints
  • 87. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Security Groups SSL Endpoints Security Groups Instance Firewalls Use security groups to configure firewall rules for instances. VPC SecureTransmission Use secure endpoints to establish secure communication sessions (HTTPS). Network Control Use public and private subnets, NAT, and VPN support in your virtual private cloud to create low-level networking constraints for resource access.
  • 88. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Multi-Tier Security Groups www server www server www server app server app server app server DatabaseTier security group ApplicationTier security group WebTier security group db server db server db server Internet Corporate Admin Network ssh/rdp api api (all other ports are blocked)
  • 89. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Virtual Private Cloud VPCSSL Endpoints Security Groups Network Control Use public and private subnets, NAT, and VPN support in your virtual private cloud to create low-level networking constraints for resource access. Instance Firewalls Use security groups to configure firewall rules for instances. SecureTransmission Use secure endpoints to establish secure communication sessions (HTTPS).
  • 90. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Identity and Access Management AWS IAM 3 Manage federated users and their permissions 2 ManageAWS IAM roles and their permissions 1 ManageAWS IAM users and their access
  • 91. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS IAM Authentication Authentication AWS Management Console User name and Password IAM User
  • 92. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS IAM Authentication Authentication AWS CLI or SDK API Access Key and Secret Key Access Key ID: AKIAIOSFODNN7EXAMPLE Secret Access Key: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY Java Python .NET AWS SDK & APIAWS CLI IAM User
  • 93. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS IAM User Management - Groups User D DevOps Group User C AWS Account TestDev Group User BUser A
  • 94. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS IAM Authorization Authorization Policies: Are JSON documents to describe permissions. Are assigned to users, groups, or roles. IAM User IAM Group IAM Roles
  • 95. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS IAM Policy Elements { "Version": "2012-10-17", "Statement": [ { "Sid": "Stmt1453690971587", "Action": [ "ec2:Describe*", "ec2:StartInstances", "ec2:StopInstances” ], "Effect": "Allow", "Resource": "*", "Condition": { "IpAddress": { "aws:SourceIp": "54.64.34.65/32” } } }, { "Sid": "Stmt1453690998327", "Action": [ "s3:GetObject*" ], "Effect": "Allow", "Resource": "arn:aws:s3:::example_bucket/*" } ] } IAM Policy
  • 96. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS IAM Policy Assignment IAM User IAM Group Assigned Assigned IAM Policy
  • 97. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS IAM Policy Assignment IAM User IAM Group IAM Roles Assigned Assigned Assigned IAM Policy
  • 98. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS IAM Roles An IAM role uses a policy. An IAM role has no associated credentials. IAM users, applications, and services may assume IAM roles. IAM Roles
  • 99. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS IAM Policy Assignment IAM User IAM Group IAM Roles Assigned Assigned Assigned IAM User Assumed Assumed AWS Resources IAM Policy
  • 100. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Example: Application Access to AWS Resources Python application hosted on an Amazon EC2 instance needs to interact with Amazon S3. AWS credentials are required: Option 1: Store AWS Credentials on the Amazon EC2 instance. Option 2: Securely distribute AWS credentials to AWS services and applications. IAM Roles
  • 101. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS IAM Roles - Instance Profiles Amazon EC2 EC2 MetaData Service http://169.254.169.254/latest/meta-data/iam/security-credentials/rolename Amazon S31 3 4 app and Create instance Application interacts with Amazon S3 Select IAM Role2
  • 102. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS IAM Roles – Assume Role IAM Restricted Policy IAM User A-1 AWS Account A IAM Admin RoleIAM Admin Policy Assigned Assume Assigned 1 2 IAM User B-1 AWS Account B Amazon S3 Assume 4 Access 53 Access 1
  • 103. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Temporary Security Credentials (AWS STS) Use Cases Cross-account access Federation Mobile users Key rotation for Amazon EC2-based apps Session Access Key ID Secret Access Key Session Token Expiration Temporary security credentials 15 minutes to 36 hours
  • 104. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Application Authentication AWS IAM Application No Support No Support OS
  • 105. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS IAM Authentication and Authorization Authentication AWS Management Console User Name and Password AWS CLI or SDK API Access Key and Secret Key Authorization Policies IAM User IAM Group IAM Roles
  • 106. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS IAM Best Practices Delete AWS account (root) access keys. Create individual IAM users. Use groups to assign permissions to IAM users. Grant least privilege. Configure a strong password policy. Enable MFA for privileged users.
  • 107. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS IAM Best Practices (continued) Use roles for applications that run on Amazon EC2 instances. Delegate by using roles instead of by sharing credentials. Rotate credentials regularly. Remove unnecessary users and credentials. Use policy conditions for extra security. Monitor activity in your AWS account.
  • 108. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS CloudTrail Records AWS API calls for accounts. Delivers log files with information to an Amazon S3 bucket. Makes calls using the AWS Management Console, AWS SDKs, AWS CLI, and higher-level AWS services. AWS CloudTrail Amazon S3 bucket Logs
  • 109. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Knowledge Check Q: Your web application needs to read/write an Amazon DynamoDB table and an Amazon S3 bucket. This operation requires AWS credentials and authorization to use AWS services. What IAM entity should be used? User Group Role Policy A: Role
  • 111. Module 4: AWS Databases
  • 112. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. SQL and NoSQL Databases 112 SQL NoSQL Data Storage Rows and Columns Key-Value Schemas Fixed Dynamic Querying Using SQL Focused on a collection of documents Scalability Vertical Horizontal ISBN Title Author Format 9182932465265 Cloud Computing Concepts Wilson, Joe Paperback 3142536475869 The Database Gomez, Maria Ebook SQL NoSQL { ISBN: 9182932465265, Title: “Cloud Computing Concepts”, Author: ”Wilson, Joe”, Format: “Paperback” }
  • 113. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Data Storage Considerations No one size fits all. Analyze your data requirements by considering: Data formats Data size Query frequency Data access speed Data retention period 113
  • 114. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Managed Database Services 114 Compute Storage AWSGlobal Infrastructure Database Application Services Deployment and Administration Networking Amazon DynamoDB Amazon ElastiCache Amazon RDS Amazon Redshift AWS Database Migration Service Amazon Aurora Amazon Neptune
  • 115. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Relational Database Service Cost-efficient and resizable capacity Manages time-consuming database administration tasks Access to the full capabilities of Amazon Aurora, MySQL, MariaDB, Microsoft SQL Server, Oracle, and PostgreSQL databases Deployable on VMware 115 Amazon RDS
  • 116. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon RDS Simple and fast to deploy Manages common database administrative tasks Compatible with your applications Fast, predictable performance Simple and fast to scale Secure Cost-effective 116
  • 117. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. DB Instances DB instances are the basic building blocks of Amazon RDS. They are an isolated database environment in the cloud. They can contain multiple user-created databases. 117
  • 118. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How Amazon RDS Backups Work Automatic Backups: Restore your database to a point in time. Are enabled by default. Let you choose a retention period up to 35 days. 118 Manual Snapshots: Let you build a new database instance from a snapshot. Are initiated by the user. Persist until the user deletes them. Are stored in Amazon S3.
  • 119. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Cross-Region Snapshots Are a copy of a database snapshot stored in a different AWS Region. Provide a backup for disaster recovery. Can be used as a base for migration to a different region. 119
  • 120. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon RDS Security Run your DB instance in an Amazon VPC. Use IAM policies to grant access to RDS resources. Use security groups. Use Secure Socket Layer (SSL) connections with DB instances (Amazon Aurora, Oracle, MySQL, MariaDB, PostgreSQL, Microsoft SQL Server). Use RDS encryption to secure instances and snapshots at rest. Use network encryption and Transparent Data Encryption (TDE) with Oracle DB and Microsoft SQL Server instances. Use security features of your DB engine to control access to DB instance. 120
  • 121. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Simple Application Architecture 121 Amazon RDS database instance Amazon EC2 application servers Elastic Load Balancing load balancer instance DB snapshots in Amazon S3
  • 122. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Multi-AZ RDS Deployment With Multi-AZ operation, your database is synchronously replicated to another Availability Zone in the same AWS Region. Fail over to the standby automatically occurs in case of a master database failure. Planned maintenance is applied first to standby databases. 122
  • 123. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Resilient, Durable Application Architecture 123 Amazon RDS database instances: Master and Multi-AZ standby Application, in Amazon EC2 instances Elastic Load Balancing load balancer instance DB snapshots in Amazon S3
  • 124. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon RDS Best Practices Monitor your memory, CPU, and storage usage. Use Multi-AZ deployments to automatically provision and maintain a synchronous standby in a different Availability Zone. Enable automatic backups. Set the backup window to occur during the daily low in Write IOPS. To increase the I/O capacity of a DB instance: Migrate to a DB instance class with high I/O capacity. Convert from standard storage to Provisioned IOPS storage and use a DB instance class optimized for Provisioned IOPS. Provision additional throughput capacity (if using Provisioned IOPS storage). If your client application is caching the DNS data of your DB instances, set a TTL of less than 30 seconds. Test failover for your DB instance. 124
  • 125. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon DynamoDB Allows you to store any amount of data with no limits. Provides fast, predictable performance using SSDs. Allows you to easily provision and change the request capacity needed for each table. Is a fully managed, NoSQL database service. Accommodate changing workloads with on-demand mode 125 Amazon DynamoDB
  • 126. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. DynamoDB Data Model 126 Table: Music Items Attributes (name-value pairs) Artist Song Title Album Title Year Genre
  • 127. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Primary Keys 127 Partition key Sort key Table: Music Partition Key: Artist Sort Key: SongTitle (DynamoDB maintains a sorted index for both keys) Table: Music Artist Song Title Album Title Year Genre
  • 128. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Provisioned Throughput You specify how much provisioned throughput capacity you need for reads and writes. Amazon DynamoDB allocates the necessary machine resources to meet your needs. 128
  • 129. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Supported Operations Query: Query a table using the partition key and an optional sort key filter. If the table has a secondary index, query using its key. It is the most efficient way to retrieve items from a table or secondary index. Scan: You can scan a table or secondary index. Scan reads every item – slower than querying. You can use conditional expressions in both Query and Scan operations. 129
  • 130. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Simple Application Architecture 130 Elastic Load Balancing Amazon EC2 application instances Clients Amazon DynamoDB Business logic
  • 131. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon RDS and Amazon DynamoDB Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB) ApplicationType •Existing database apps •Business process–centric apps • New web-scale applications • Large number of small writes and Application Characteristics •Relational data models, transactions •Complex queries, joins, and updates •Simple data models, transactions •Range queries, simple updates Scaling Application or DBA–architected (clustering, partitions, sharding) Seamless, on-demand scaling based application requirements QoS • Performance–depends on data model, indexing, query, and storage optimization • Reliability and availability • Durability • Performance–Automatically by the system • Reliability and availability • Durability 131
  • 132. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Database Considerations 132 IfYou Need Consider Using A relational database service with minimal administration Amazon RDS • Choice of Amazon Aurora, MySQL, MariaDB, Microsoft SQL Server, Oracle, or PostgreSQL database engines • Scale compute and storage • Multi-AZ availability A fast, highly scalable NoSQL database service Amazon DynamoDB • Extremely fast performance • Seamless scalability and reliability • Low cost A database you can manage on your own Your choice of AMIs on Amazon EC2 and Amazon EBS that provide scale compute and storage, complete control over instances, and more.
  • 133. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Knowledge Check Q: What are the basic building blocks of Amazon Relational Database Service (Amazon RDS)? Q: You are creating a resilient, durable application using Amazon RDS. In addition to Amazon RDS’s automatic backups, what feature should you use to ensure that your backups are durable retained? True or False: Amazon DynamoDB allows you to store any amount of data with no limits. True or False: Scan is the most efficient way to retrieve items from a DynamoDB table. 133 True DB instances False Manual snapshots
  • 134. Module 5: AWS Elasticity and Management Tools
  • 135. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Triad of Services 135 Latency Utilization Amazon CloudWatch Auto Scaling Elastic Load Balancing Auto Scaling group Execute scaling policy
  • 136. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Elastic Load Balancing Distributes traffic across multiple EC2 instances, in multiple Availability Zones Supports health checks to detect unhealthy Amazon EC2 instances Supports the routing and load balancing of HTTP, HTTPS, SSL, and TCP traffic to Amazon EC2 instances 136 Elastic Load Balancing
  • 137. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Classic Load Balancer: How It Works Register instances with your load balancer. Load balancer routes request at either: Transport layer (TCP) Application layer (HTPP/HTTPS) Intended for applications build within the EC2-Classic network Recommendation for new applications is to use Application Load Balancer or Network Load Balancer 137 Availability Zone A Availability Zone B load balancer X
  • 138. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Application Load Balancer: How It Works Register instances as targets in a target group, and route traffic to a target group. Load balancer routes request at the Application layer (HTPP/HTTPS). 138 Target Group /mobile Load balancer Listener ListenerRule Rule Rule Target Group Target Group /api Target Target Target Target Target Target Target Health Check Health Check Health Check
  • 139. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Network Load Balancer: How it Works Register instances as targets in a target group, and route traffic to a target group. Load balancer routes request at the Transport layer (TCP). 139 Load balancer ListenerRule Target Group Target Target Health Check
  • 140. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Load Balancer Comparison Feature Classic Load Balancer Application Load Balancer Network Load Balancer Protocols TCP, SSL, HTTP, HTTPS HTTP, HTTPS TCP Platforms EC2-Classic, VPC VPC VPC Cross-zone load balancing Yes Yes Yes Logging Yes Yes Yes Path-based routing No Yes No Sticky sessions No Yes No Static IP No No Yes 140
  • 141. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon CloudWatch A monitoring service for AWS Cloud resources and the applications you run on AWS Visibility into resource utilization, operational performance, and overall demand patterns Custom application-specific metrics of your own Accessible via AWS Management Console, APIs, AWS SDK, or AWS CLI 141 Amazon CloudWatch
  • 142. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon CloudWatch Facts Monitor other AWS resources View graphics and statistics Set alarms 142
  • 143. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon CloudWatch Architecture 143 AWS resources that support CloudWatch Amazon CloudWatch Available statistics StatisticsConsumerAWS Management Console CloudWatch Metrics CPUUtilization StatusCheckFailed Custom Application-Specific Metrics PageViewCount Amazon CloudWatch alarm Amazon SNS email notification Auto Scaling
  • 144. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. CloudWatch Metrics Examples 144
  • 145. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Auto Scaling Scale your Amazon EC2 capacity automatically Well-suited for applications that experience variability in usage Available at no additional charge 145 Auto Scaling
  • 146. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Auto Scaling Benefits 146 Better cost management Better availability Better fault tolerance
  • 147. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Launch Configurations A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances. When you create a launch configuration, you can specify: AMI ID Instance type Key pair Security groups Block device mapping User data 147
  • 148. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Auto Scaling Groups Contain a collection of EC2 instances that share similar characteristics. Instances in an Auto Scaling group are treated as a logical grouping for the purpose of instance scaling and management. 148 Auto Scaling group Minimum size Desired capacity Maximum size Scale out as needed
  • 149. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Dynamic Scaling You can create a scaling policy that uses CloudWatch alarms to determine: When your Auto Scaling group should scale out. When your Auto Scaling group should scale in. You can use alarms to monitor: Any of the metrics that AWS services send to Amazon CloudWatch. Your own custom metrics. 149
  • 150. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Auto Scaling Basic Lifecycle 150 Instances Auto Scaling group Scale out Amazon CloudWatch Scheduled event Scale in Amazon CloudWatch Scheduled event Launch instance Attach to Group Detach from Group Terminate instance X
  • 151. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Trusted Advisor? A service providing guidance to help you reduce cost, increase performance, and improve security
  • 152. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Trusted Advisor: Core vs. Full Core Checks and Recommendations (included) • Seven core checks around security and performance • Service Limits FullTrusted Advisor Benefits (With Business or Enterprise support) • Full set of checks • Notifications • Programmatic Access via API
  • 153. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Knowledge Check True or False: Auto Scaling helps you ensure that you have the correct number of EC2 instances available to handle the load for your application. Q: What feature would you use with an Auto Scaling policy to determine when your Auto Scaling group should scale out/in? Q: You have an application composed of individual services and need to route a request to a service based on the content of the request. What type of load balancer should you use? Q: Which AWS service serves as a best practice and recommendation engine? 153 AWS Trusted Advisor Amazon CloudWatch alarms True Application Load Balancer
  • 155. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Learning Path 155 AWS Introduction • TheAWS Cloud • History • Global Infrastructure • AWS Management Console AWS Foundational Services • Compute: • Amazon EC2 • Networking: • AmazonVPC • Storage: • Amazon EBS • Amazon S3 • Security • IAM • Databases: • Amazon DynamoDB • Amazon RDS AWS Management Tools • Triad of Services: • Auto Scaling • ELB • Amazon CloudWatch • AWSTrustedAdvisor
  • 156. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Expand Your Cloud Skills with AWS 156 Certification https://aws.amazon.com/certification/ Validate your proven technical expertise with the AWS platform and gain recognition for your skills Online videos and labs Start working with an AWS service in minutes with free online instructional videos and labs https://aws.amazon.com/training/ Instructor-led courses Learn how to design, deploy, and operate highly available, cost-effective, and secure applications on AWS https://aws.amazon.com/training/self-paced-labs/
  • 157. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Self-Paced Labs Learn an individual AWS Service topic Follow a Learning Quest by AWS Service Area or Use Case Practice working with AWS as you prepare for an exam For more information, see: https://aws.amazon.com/training/self-paced-labs/ 157
  • 158. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS ILT & vILT Training Courses 158 AWSTechnical Essentials 1 day Architecting on AWS 3 days Developing on AWS 3 days Systems Operations on AWS 3 days Big Data on AWS 3 days Advanced Architecting on AWS 3 days DevOps Engineering on AWS 3 days Security Operations on AWS 3 days Migrating to AWS 2 days Data Warehousing on AWS 3 days https://aws.amazon.com/training/
  • 159. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Certification 159
  • 160. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Benefits of AWS Certification 160 Individual • Demonstrate expertise • Stand out • Industry visibility • Customer visibility • Peer recognition • Credibility with customers Employer • Baseline bar on AWS skills • Identify expert talent • Leverage best practices • Reduce operational risk • Increase business advantage • Maximize AWS efficiencies • Common vocabulary • Accelerate time to cloud
  • 161. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Preparing for AWS Certification For resources to help you prepare for the certification exam, see: https://aws.amazon.com/certification/certification-prep/ 161 Practice ExamsSelf-Paced Labs on qwikLABS AWSWhitepapers & FAQs AWS Documentation & ReferenceArchitectures Exam Guides & SampleQuestions AWS-Authored Study Guide AWSTechnicalTraining
  • 163. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Support Options (1 of 2) 163 TheTechnical Account Manager provides...  A dedicated voice within AWS to serve as your advocate.  Proactive guidance and insight into ways to optimizeAWS through business and performance reviews.  Orchestration and access to the full breadth and depth of technical expertise across the full range of AWS.  Access to resources and best practice recommendations. Infrastructure Event Management provides...  A common understanding of event objectives and use cases through pre-event planning and preparation.  Resource recommendations and deployment guidance based on anticipated capacity needs.  Dedicated attention of the your AWS Support team during your event.  The ability to immediately scale down resources to normal operating levels post-event.
  • 164. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Support Options (2 of 2) 164 AWSTrusted Advisor provides...  Insight into how and where you can get the most impact for your AWS spend.  Opportunities to reduce your monthly spend and retain or increase productivity.  Guidance on getting the optimal performance and availability based on your requirements.  Confidence that your environment is secure. The Concierge Service provides...  A primary contact to help manage AWS resources.  Personalized handling of billing inquiries, tax questions, service limits, and bulk reserve instance purchases.  Direct access to an agent to help optimize costs, and identify underutilized resources.
  • 165. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Support Comparison Basic Developer Business Enterprise Customer Service Communities 24x7 access to customer service, whitepapers, and support forums 24x7 access to customer service, whitepapers, and support forums 24x7 access to customer service, whitepapers, and support forums 24x7 access to customer service, whitepapers, and support forums Best Practices Access to 7 core Trusted Advisor checks Access to 7 core Trusted Advisor checks Access to full set of Trusted Advisor checks Access to full set of Trusted Advisor checks Technical Support Business hours access to Cloud Support Associates via email 24x7 access to Cloud Support Engineers via email, chat & phone 24x7 access to Sr. Cloud Support Engineers via email, chat & phone Case Severity/ Response Times Production system impaired: < 4 hours Production system down: < 1 hour Production system impaired: < 4 hours Production system down: < 1 hour Business-critical system down: < 15 minutes 165
  • 167. Module 1 Appendix AWS Introduction and History
  • 169. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What is cloud computing? Cloud computing is on-demand delivery of IT resources and applications via the Internet with pay-as-you-go pricing. 169
  • 170. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Essential Characteristics of Cloud Computing 170 On-Demand Self Services Broad Network Access Resource Pooling Rapid Elasticity Measured Service
  • 171. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. On-Demand Self Services & Broad Network Access User provisions computing resources as needed. User interacts with cloud service provider through an online control panel. Clear solutions are available through a variety of network- connected devices and over varying platforms. 171 InternetClient Mobile Client
  • 172. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Resource Pooling Securely separate resources to service multiple customers. 172
  • 173. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Rapid Elasticity Resources are quickly scalable and flexible based on business needs. 173
  • 174. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Measured Service Pay for services as you go. 174 Electrical services analogy
  • 175. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What Does My AWS Cloud Look Like? 175
  • 176. Module 2 Appendix AWS Foundational Services
  • 177. Data Center Design Models 177
  • 178. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Application Design Model 178 One-Tier Model Clients Mainframe Two-Tier Model SQL Client Database Servers Three-Tier Model Client Application Server Database Servers SQL, ODBC, JDBC HTTP, RPC N-Tier Model Client Application Servers Web Server Middleware Database Servers
  • 179. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Web Services Model 179 Web Server Application Server Database Server Serves web pages • Implements business logic • Manipulates data • Data mining • Accesses data store • High transaction rate • High bandwidth • Low latency
  • 181. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AMI Types – Storage for the Root Device Characteristic Amazon EBS-Backed Amazon Instance Store-Backed Boot time Usually < 1 minute Usually < 5 minutes Size limit 16 TiB 10 GiB Data persistence The root volume is deleted when the instance terminates. Data on any other Amazon EBS volumes persists after the instance is Data on any instance store volumes only during the life of the instance. Charges Instance usage, Amazon EBS volume usage, storing your AMI as an Amazon EBS snapshot. Instance usage and storing your AMI in Amazon S3. Stopped state Can be stopped. Cannot be stopped. 181
  • 182. Storage Concepts and Solutions 182
  • 183. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Block and File Level Storage 183 Block Level Storage File Level Storage Block File
  • 184. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Storage Technologies 184 DAS NAS SAN Client Server Server Client NAS Storage Client Server Client DAS StorageDAS Storage Server Server Server FC Switch Client Client SAN Storage RAID 1 RAID 2
  • 186. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon S3 Buckets Organize the Amazon S3 namespace at the highest level. Identify the account responsible for storage and data transfer charges. Play a role in access control. Serve as the unit of aggregation for usage reporting. Have globally unique bucket names, regardless of the AWS region in which they were created. 186
  • 187. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon S3 Region Considerations Amazon S3 creates a bucket in the region you select. You can choose a region to: Optimize latency Minimize costs Address regulatory requirements Objects stored in a region never leave the region unless you explicitly transfer them to another region. 187
  • 188. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon S3 Objects Objects are the fundamental entities stored in Amazon S3. When using the console, you can think of them as files. Objects consist of data and metadata. The data portion is opaque to Amazon S3. The metadata is a set of name-value pairs that describe the object. Default metadata such as the date last modified Standard HTTP metadata such as Content-Type Custom metadata at the time the object is stored A key that uniquely identifies as object within its bucket 188
  • 189. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon S3 + Amazon Glacier S3 Lifecycle policies allow you to delete or move objects based on age and set rules per S3 bucket. 189 bucket with objects 30 Days Glacier archive 365 Days
  • 191. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. EBS Performance EBS Magnetic 40-200 IOPS EBS General Purpose SSD SSD backed 3 IOPS / GB Burstable to 3,000 IOPS and up to 10,000 IOPS EBS Provisioned IOPS SSD SSD backed Up to 32,000 IOPS consistently Up to 500 MB/s throughput 191
  • 193. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon CloudFront Easy and cost effective way to distribute content to end users Low latency, high data transfer speeds Deliver your entire website, including static, dynamic, and streaming content using a global network of edge locations 193 Amazon CloudFront
  • 194. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How You Configure CloudFront to Deliver Your Content 194 Developer S3 bucket or HTTP server 1 Objects/data 2 Web distribution CloudFront 3 http://d111111abcdef8.cloudfront.net Edge locations Your distribution’s configuration 4
  • 195. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How CloudFront Delivers Content to Your Users 195 Amazon S3 server or HTTP server User Website example.com 1 3a Edge location Object/data 3b Object/ data 3/3c 2
  • 197. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What is a Network? A network is two or more computers linked to share resources, exchange files, or allow electronic communications. Network Types: Local Area Network (LAN) Wide Area Network (WAN) Virtual Private Network (VPN) 197 WAN LAN LAN VPN
  • 198. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Physical vs. Logical Topology A physical topology defines how the systems are physically connected. A logical topology defines how the systems communicate across the physical topologies. 198
  • 199. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Physical Network Hardware/Devices Workstations/ Devices Router Telecommunications Firewall Servers Internet Router Firewall Workstations/Devices Switch Switch Servers 199
  • 201. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Networking in Your VPC You can use the following components to configure networking in your VPC: IP addresses Elastic network interfaces Route tables Internet gateways Network Address Translation (NAT) Dynamic Host Configuration Protocol (DHCP) options sets Domain Name System (DNS) VPC peering VPC endpoints VPC flow logs 201
  • 202. Module 3 Appendix Security, Identity, and Access Management
  • 204. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Physical & Environmental Security Lock your data center. Only provide access to those who need it. Keep track of access. Mount servers on racks with locks. Have redundant utilities. Build your data center with security in mind. 204
  • 205. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Network Security Identification & Authentication Firewalls Patching Virus Protection Encryption 205
  • 207. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Resource-Based Policies Are an alternative to IAM and supported by some services. Grant cross-account access to your resources. Use a principal to uniquely identify accounts in the policy. Supported AWS services include : Amazon S3 Bucket Policy Amazon SNS Topic Policy Amazon SQS Queue Policy Amazon Glacier Vault Policy AWS OpsWorks Stack Policy AWS Lambda Function Policy 207
  • 208. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Access to AWS Resources Temporary Security Credentials Security Token Service AssumeRole AssumeRoleWithSAML AssumeRoleWithWebIdentity 208
  • 209. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Services support for IAM Roles AWS CLI on Amazon EC2 AWS CloudTrail logs to Amazon S3 Amazon Elastic Transcoder access to Amazon S3 AWS Elastic Beanstalk access to AWS services AWS Lambda code access to AWS services Many more … 209
  • 211. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Security Groups Allow access to IP address ranges or Amazon EC2 instances you specify. Use VPC security groups to control access to a DB instance inside a VPC. 211
  • 212. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. DB Parameter & Option Groups DB parameter groups: Contain engine configuration values that can be applied to one or more DB instances of the same instance type. Are applied by Amazon RDS by default when you create DB instance, which contains defaults for the specific database engine and instance class of the DB instance. DB option groups: Tools that simplify database management Currently available for: Oracle Microsoft SQL Server MySQL 5.6 212
  • 213. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon DynamoDB: Supported Operations Table Operations: Create, update, and delete tables. After creation, you can increase or decrease provisioned throughput. Retrieve the table’s status, the primary key, and when the table was created. List all tables in your account for a region. Item Operations: Add, update, and delete items from a table. Add, update, and delete existing attributes from an item. Perform conditional updates. Retrieve a single item or multiple items. 213
  • 214. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Local Secondary Index 214 Partition Key Sort Key LSI Table: Music Partition Key:Artist Sort Key: SongTitle LSI: AlbumTitle Table: Music Artist Song Title Album Title Year Genre
  • 215. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Genre Year Song Title Global Secondary Index 215 Choose which attributes to project (if any) Table: Music Partition Key: Artist Sort Key: SongTitle GSI: MusicGSI Partition Key: Genre Sort Key:Year Table: Music Artist Song Title Album Title Year Genre
  • 216. Module 5 Appendix AWS Elasticity and Management Tool
  • 218. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Scaling Plans Auto Scaling Minimum Health Check monitors running instances within an Auto Scaling group. If an unhealthy instance is found, it can be replaced. Manual Scaling Specify a new minimum for your Auto Scaling group. Manually invoke Auto Scaling policies. Scheduled Scaling Scaling functions are performed as a function of time and date. On Demand Scaling You create a policy to scale your resources. Define when to scale using CloudWatch Alarms. 218
  • 220. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Load Balancer Types 220 Availability Zone A Availability Zone B EC2 instancesEC2 instances Internet-Facing Load balancer EC2 instancesEC2 instances HTTPS SSL handler/load balancer HTTPS traffic Availability Zone BAvailability Zone AAvailability Zone B EC2 instancesEC2 instances Internal Load balancer private subnetprivate subnet public subnet public subnet EC2 instance EC2 instance Availability Zone A
  • 221. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Request Routing 221 client DNS server Load Balancer Routing Algorithm Auto Scaling group security group EC2 instance Auto Scaling group security group EC2 instance EC2 instance IP Addresses elb.example.org
  • 222. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Listeners A listener is a process that checks for connection requests. Front-end connections are: Client to load balancer connections. Configured with a protocol and a port. Back-end connections are: Load balancer to back-end instance connections. Configured with a protocol and a port . ELB supported protocols: HTTP HTTPS TCP SSL 222
  • 223. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Back-end Instances for Your Load Balancer Health checks Security groups Subnets Register De-register instances 223
  • 225. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. CloudWatch Alarms 225
  • 226. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Supported AWS Services 226 Auto Scaling Amazon CloudFront Amazon CloudWatch Amazon CloudSearch Amazon DynamoDB Amazon EC2 Amazon ElastiCache Amazon EBS Elastic Load Balancing Amazon EMR Amazon Kinesis Amazon EC2 Container Service AWS OpsWorks Amazon Redshift Amazon RDS Amazon Route 53 Amazon SNS Amazon SQS Amazon SWF Amazon S3AWS Storage Gateway Amazon WorkSpaces Amazon Machine Learning AWS Lambda AWSWAF
  • 229. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Case Severity & Response Times 229 Critical Urgent High Normal Low Enterprise Plan (24 x 7) 15 minutes or less 1 hour or less 4 hours or less 12 hours or less 24 hours or Business Plan (24 x 7) 1 hour or less 4 hours or less 12 hours or less 24 hours or Developer Plan (Business hours) 12 hours or less 24 hours or
  • 230. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Support Pricing Basic Developer Business Enterprise Included $29/month -or- 3% of monthly AWS spend Greater of $100 -or- 10% of monthly AWS usage for first $0-$10K 7% of monthly AWS usage from $10K-$80K 5% of monthly AWS usage from $80K-$250K 3% of monthly AWS usage over $250K Greater of $15,000 -or- 10% of monthly AWS usage for the $0-$150K 7% of monthly AWS usage from $150K-$500K 5% of monthly AWS usage from $500k-$1M 3% of monthly AWS usage over $1M 230
  • 231. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Pricing Examples Business Pricing Example For $85K in AWS monthly usage: $10,000 x 10% = $1,000 (10% of the first $0 - $10K of usage) + $70,000 x 7% = $4,900 (7% of usage from $10K - $80K) + $5,000 x 5% = $250 (5% of usage from $80K - $250K) + $0 x 3% = $0 (3% of usage over $250K) Total: $6,500 231 Enterprise Pricing Example For $1.2M in AWS monthly usage: $150,000 x 10% = $15,000 (10% of the first $0 - $150K of usage) + $350,000 x 7% = $24,500 (7% of usage from $150K - $500K) + $500,000 x 5% = $25,000 (5% of usage from $500K - $1M) + $200,000 x 3% = $6,000 (3% of usage over $1M) Total: $70,500
  • 232. Thanks for participating! © 2018 Amazon Web Services, Inc. or its affiliates. All rights reserved. This work may not be reproduced or redistributed, in whole or in part, without prior written permission from Amazon Web Services, Inc. Commercial copying, lending, or selling is prohibited. Corrections or feedback on the course, please email us at: aws-course-feedback@amazon.com. For all other questions, contact us at: https://aws.amazon.com/contact-us/aws-training/. All trademarks are the property of their owners.