SlideShare uma empresa Scribd logo

Following Well Architected Frameworks - Lunch and Learn.pdf

Amazon Web Services
Amazon Web Services

The AWS Well-Architected Framework enables customers to understand best practices around security, reliability, performance, cost optimization and operational excellence when building systems on AWS. This approach helps customers make informed decisions and weigh the pros and cons of application design patterns for the cloud. In this session, you'll learn how to use the Well-Architected Framework to follow AWS guidelines and best practices to your architecture on AWS.

1 de 97
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. https://aws.amazon.com/well-architected/
“Are you Well- Architected?” Werner Vogels
What is the Well-Architected Framework? Pillars Design Principles Questions
Pillars of Well-Architected Security Reliability Performance Efficiency Cost Optimization Operational Excellence
Why would I want to apply the AWS Well-Architected Framework? Build and deploy faster Lower or mitigate risks Make informed decisions Learn AWS best practices
A Mechanism for your Cloud Journey Learn Measure Improve
Pillar- Specific Design Principles General Design Principles Design Principles
General Design Principles Stop guessing your capacity needs Test systems at production scale Automate to make architectural experimentation easier Allow for evolutionary architectures Build data-driven architectures Improve through game days
AWS Reference Architectures aws.amazon.com/architecture aws.amazon.com/whitepapers
AWS Reference Serverless Micro Service Architectures aws.amazon.com/serverless/ AWS Serverless Multi-Tier Architectures Using Amazon API Gateway and AWS Lambda November 2015
AWS Foundation Services Compute Storage Database Networking AWS Global Infrastructure Regions Availability Zones Edge Locations Client-side Data Encryption Server-side Data Encryption Network Traffic Protection Platform, Applications, Identity & Access Management Operating System, Network & Firewall Configuration Customer content Customers Shared Responsibility between AWS and our customers Customers are responsible for their security IN the Cloud AWS is responsible for the security OF the Cloud
AWS Trusted Advisor AWS Trusted Advisor
AWS Well-Architected Framework Whitepapers AWS Well Architected Framework November 2016 AWS Well Architected Framework Whitepaper • Security Pillar Whitepaper • Reliability Pillar Whitepaper • Performance Efficiency Pillar Whitepaper • Cost Optimization Pillar Whitepaper • Operational Excellence Pillar Whitepaper aws.amazon.com/architecture/well-architected/
Free Online Self Paced Training Materials
Specialized Reviews by Architecture Type • Web Application Hosting • Content Streaming and Media Serving • COTS Enterprise Workloads (e.g. SAP, Microsoft, Oracle) • Fault Tolerance and High Availability • Large Scale Processing and Huge Data Sets • Ad Serving • Serverless • Gaming
AWS Well-Architected Framework Security Pillar Whitepaper Security Pillar AWS Well-Architected Framework November 2016
Design Principles for Security Apply security at all layers Enable traceability Implement a principle of least privilege Focus on securing your system Automate security best practices
Pillar Area Question Text Question Context Best Practices
Upload: FTP • Work through the questions • Use the questions as a prompt • CURRENT STATE – what is being done now? • TARGET STATE – what do you think they should be doing? • Not an absolute right or wrong – use case specific • It’s a guide How to Document Your System
Key Services for Security AWS IAM Areas Key Services Identity and Access Management Detective Controls Infrastructure Protection Data Protection Incident Response Elastic Load Balancing Amazon EBS Amazon S3 Amazon RDS AWS Key Management Service MFA Token Amazon VPC AWS CloudTrail AWS Config Amazon CloudWatch AWS IAM AWS IAM AWS CloudFormation AWS Organizations
AWS Organizations Control AWS service use across accounts Policy-based management for multiple AWS accounts. Consolidate billingAutomate AWS account creation AWS Organizations
AWS Identity & Access Management IAM Users IAM Groups IAM Roles IAM Policies • Granular access control for least privileges • Manage hierarchies of AWS Accounts with AWS Organizations • Federate with your existing directory services • Role-based access and segregation of duties • Achieve just-in-time access using automation • Create rich mobile applications without giving end-users long-term access keys IAM
You are making API calls... API Executed AWS CloudTrail is continuously recording API calls… And delivering log files to you AWS CLOUDTRAIL AWS CloudTrail
Continuous ChangeRecordingChanging Resources AWS Config History Stream Snapshot (ex. 2014-11-05) AWS Config AWS Config
AWS Config & Config Rules  Record configuration changes continuously  Time-series view of resource changes  Archive & Compare  Enforce best practices  Automatically roll-back unwanted changes  Trigger additional workflow AWS Config Amazon Config Rules
Private Subnet (Web Tier) Private Subnet (App Tier) VPC Defense in Depth Public Subnet SG-Web SG-App SG-Web SG-Web SG-App SG-App 10.0.2.0/24 10.0.1.0/24 10.0.3.0/24 SG-ALB Allow CloudFront IP ranges only Allow SG-ALB only Allow SG-Web only
VPC Flow Logs • Agentless • Enable per ENI, per subnet, or per VPC • Logged to AWS CloudWatch Logs • Create CloudWatch metrics from log data • Alarm on those metrics AWS account Source IP Destination IP Source port Destination port Interface Protocol Packets Bytes Start/end time Accept or reject
VPC Flow Logs – CloudWatch Alarms Amazon CloudWatch alarm
Mitigate DDoS Threats Application DDoS Good users Bad guys Web server Database AWS Shield
Mitigate OWASP Application Threats Good users Bad guys Web server Database Exploit code SQL injectionXSS AWS WAF filtering rule
SSL/TLS  Deep integration with AWS Services  Automated Certificate Renewal  CloudTrail  No extra cost … or you can always use your own AWS Certificate Manager
Cryptographic Services  Deep integration with AWS Services  CloudTrail  AWS SDK for application encryption AWS KMS  Hardware Security Module  Integrate with on-premises HSMs  Hybrid Architectures Amazon CloudHSM … or you can always use your own
AWS CloudFormation – Infrastructure as Code AWS CloudFormation  Orchestrate changes across AWS Services  Use as foundation to Service Catalog products  Use with source code repositories to manage infrastructure changes  JSON & YAML text file describing infrastructure  Resources created from a template  Can be updated  Updates can be restricted Template Stack
AWS Well-Architected Framework Reliability Pillar Whitepaper Reliability Pillar AWS Well-Architected Framework November 2016
Design Principles for Reliability Test recovery procedures Automatically recover from failure Scale horizontally to increase aggregate system availability Stop guessing capacity Manage change in automation
Key Services for Reliability Areas Key Services Foundations Change management Failure management AWS IAM Amazon VPC AWS CloudTrail AWS Config AWS CloudFormation Amazon CloudWatch
Foundations | Limit Management How do you manage AWS service limits for your accounts?
Foundations | Limit Management AWS Trusted Advisor Amazon CloudWatch
Foundations | Limit Management Easy wins: Default service limits AWS Trusted Advisor limit checks. Increasing soft limits if needed. Things to consider: Limit monitoring (possible automation) The difference between hard and soft limits Plan for more than you need. Consider your limits across accounts. Fixed Limit - 125 peering connections per VPC Fixed Limit - 100 routes across Direct Connect
Foundations | Limit Management
Foundations | Limit Management
Foundations | Limit Management
Foundations | Limit Management
Foundations | Limit Management
Foundations | Network Topology How are you planning your network topology on AWS?
Foundations | Network Topology Amazon VPC AWS Direct Connect VPN Gateway
Foundations | Network Topology Easy wins: Redundant networking built in to AWS regions. Highly available load balancing, DNS. Choose correct CIDR masks. Things to consider: Default VPC quick and resilient, but plan your own. Redundant connectivity to office/datacentre? VPN or Direct Connect? IP subnet address ranges overlap for VPC peering.
Change Management
Change Management | Monitoring How are you monitoring AWS resources?
Change Management | Monitoring Amazon CloudWatch Amazon S3 Amazon QuickSight
Change Management | Monitoring Easy wins: Amazon CloudWatch deep integration with AWS services. Built-in CloudWatch metrics. Highly durable CloudWatch logs. Things to consider: Integrate existing log solutions like Greylog or Splunk. Automate responses to alerts. Use Amazon EMR to gain insights. Long term event trigger refinement.
Change Management | Change Execution How are you executing change?
Change Management | Change Execution AWS CloudFormation AWS CodePipeline AWS CodeDeploy
Change Management | Change Execution Easy wins: Infrastructure as code for simple services. Version control infrastructure for change and rollback. Environments kept consistent. Things to consider: CI/CD pipeline is a long term strategy. Continuous Delivery is different to Deployment. Identify automation candidates. Shift approvals to the left.
Failure Management | Data Durability How are you backing up your data?
Failure Management | Data Durability Amazon S3 AWS KMS Amazon EBS
Failure Management | Data Durability Easy wins: S3 designed for 99.99999999999% durability. Frequent snapshots of EBS volumes. RDS takes regular incremental snapshots. Things to consider: Durability requirements, ease of snapshots, speed, cost. Encryption of your data and management of keys. Periodic recovery testing to meet RPO and RTO.
Failure Management | Recovery Planning How are you testing your resiliency?
Failure Management | Recovery Planning AWS CloudFormation AWS SDKs
Failure Management | Recovery Planning Easy wins: Automated infrastructure for flexible testing. Chaos Monkey and the Simian Army for failure injection. Scheduling game days to break your system. Things to consider: Make sure your build servers are reliable as well. Do your playbooks sufficiently cover recovery pathways? Learn from your failures with Root Cause Analysis.
Failure Management | Recovery Planning How are you planning for disaster recovery?
Failure Management | Recovery Planning AWS IAM Amazon S3 Amazon Glacier
Failure Management | Recovery Planning Easy wins: Automated system recovery using infrastructure as code. Versioning in S3 with object lifecycle policies easy to turn on. Use another region or account to test failover. Knowledge base for capturing incident responses. Things to consider: RPOs and RTOs need to be defined first. Manage data access policies with IAM. Be aware of Configuration drift. Consider continuous availability.
Three Key Takeaways 1. Don’t forget the foundations. 2. Continually monitor your environment for events and analysis. 3. Automate, test and iterate.
AWS Well-Architected Framework Performance Efficiency Pillar Whitepaper Performance Efficiency Pillar AWS Well-Architected Framework November 2016
Design Principles for Performance Efficiency Democratize advanced technologies Go global in minutes Use serverless architectures Experiment more often Mechanical sympathy
Key Services for Performance Efficiency Areas Key Services Selection Review Monitoring Trade-Off Amazon EBS Amazon S3 Amazon RDSAuto Scaling Amazon Glacier Amazon CloudFront Amazon DynamoDB Amazon CloudWatch AWS Lambda Amazon Elasticache AWSSnowball AWS CloudFormation AWS Blog Amazon CloudWatch
Instances • CPU • Memory • EBS • GPU Containers • EC2 type • Memory • CPU • tenancy hi1.4xlarge m2.4xlarge m1.small • Functions – Memory – Execution time – Concurrency • Elasticity – Demand-based – Buffer-based – Time-based Selection | Compute
Key service for elastic compute solutions: Auto Scaling Selection | Compute
Characteristics Amazon EBS Amazon EFS Instance Storage Amazon S3 Amazon Glacier Selection | Storage
Selection | Storage Characteristics: - Availability - Consistency - Partition Tolerance - Latency - Durability - Scalability - Query capability Configuration options: - Cache - Memory - Database level settings - Storage optimisation Access Patterns: - Indexes - Key distribution - Partition - Horizontal scaling
Selection | Database Amazon DynamoDB Amazon ElastiCache Amazon RDS Amazon Redshift Fully Managed No-SQL - Fast and Predictable - Seamless Scalability - Secondary Indexing - Managed Table Partitioning In-Memory Cache - Memcached/Redis - High Performance - Supports Sharding, Clustering, Read Replicas Managed Relational DB - Industry standard relational databases - Options for Read Replicas, Provisioned IOPs, Indexes Data Warehouse - Fully Managed - Petabyte-scale - Columnar Storage - Specify sort keys, distribution keys, column encoding
Selection | Network Location (Regions and Availability Zones) - Where your users are located - Where your data is located - Other constraints (e.g. Security, compliance) Considerations: - Placement Groups - Edge Locations - DNS - Route53 edge location
AWS Well-Architected Framework Cost Optimization Pillar Whitepaper Cost Optimization Pillar AWS Well-Architected Framework November 2016
Design Principles for Cost Optimization Adopt a consumption model Benefit from economies of scale Stop spending money on data center operations Analyze and attribute expenditure Use managed services to reduce cost of ownership
Key Services for Cost Optimization Areas Key Services Cost-effective resources Matched supply and demand Expenditure awareness Optimizing over time Amazon CloudWatch Auto Scaling Amazon SNS Reserved Instances AWS Trusted Advisor AWS Blog & What’s New Cost Allocation Tags
How do you visualize and allocate costs for chargeback Cost explorer in the “billing and management” console
Tagging resources – add your own metadata (Almost) everything in AWS can be tagged Each tag is a key and an optional value Up to 10 tags per resource Project = natasha Stack = Development DevTribe = Tribe3 ticket = 78912 EC2 instance name i-4a1c2f5d RDS instance name d-6x3r2f7h Owner = DBAdmin Stack = Production Department = Accounts CostCenter = 8899 Project = BAU Key ValueKey Value Project = natasha Owner = DBAdmin Department = Accounts Stack = Production S3 bucket name s378236 Key Value ticket = 78912 CostCenter = 8899
Tagging resources – Now you have metadata you can pivot E.G. Accurately measure What resources (name) did project = natasha use? E.G. Chargeback how much (monthly $) did department = accounts spend? what proportion (monthly $) of ticket = 78921 should be charged to stack = production? Project Natasha Natasha BAU Stack t Developmen t Production Production Devtribe Tribe3 Ticket 78921 78912 Owner DBAdmin DBAdmin Depart Accounts Accounts Cost center 8899 8899 EC2 S3 RDS $680 $700 $45 Monthly $Name
Auto scaling: variable workloads CloudWatch for usage start more instances when usage is high stop instances when usage is low Time Based : For development and scheduled workloads 720 hours in a month 160 business hours in a month 80% saving if you switch them off Strategies to make sure your capacity matches, but does not substantially exceed what you need
Example – using CloudWatch metrics to control Auto-Scaling Single large instance = wasted capacity Autoscaling with cloudwatch = less wasted capacity Autoscaling with cloudwatch and appropriate instance size = Cost optimized Time Utilization Time Utilization Time Utilization
EC2 instance types – consider RAM usage Monitor RAM with a CloudWatch custom metric http://docs.aws.amazon.com/AmazonCloudWatc h/latest/DeveloperGuide/mon-scripts.html EBS Provisioned IOPS EBS General Purpose S3 Standard S3 Reduced redundancy Glacier EC2 c3.8xlarge 32 x vCPU, 60GB RAM EC2 r3.8xlarge 32 x vCPU, 244GB RAM Greatest Savings Greatest PerformanceGreatest Performance EBS Magnetic Storage Types – choose the right storage class for your workload Selecting appropriate EC2 instance types and storage types meet cost targets 50% saving
Cost optimizing EC2 instances – same technology – optimized commercials EC2 “On Demand” – scale up and down for dynamic workloads EC2 “Reserved instances” - reduce costs for steady state workloads EC2 “Spot instances” – Lowest possible price for time insensitive workloads The technology is the same BUT You can pick a commercial model that meets your business need Serverless Compute – event based computing model with step change in price Or Managed services with consumption based pricing models
AWS Well-Architected Framework Operational Excellence Pillar Whitepaper Operational Excellence Pillar AWS Well-Architected Framework Coming Soon
Design Principles for Operational Excellence Perform Operations with Code Align Operations Processes to Business Objectives Make Regular, Small, Incremental Changes Test for Responses to Unexpected Events Learn from Operational Events and Failures Keep Operations Procedures Current
Topics explored in Operations Excellence Pillar • What best practices for cloud operations are you using? • How are you doing configuration management for your workload? • How are you evolving your workload while minimizing the impact of change? • How do you monitor your workload to ensure it is operating as expected? • How do you respond to unplanned operational events? • How is escalation managed when responding to unplanned operational events?
Areas Key Services Preparation Operations Responses Key Services for Operational Excellence AWS CloudTrail AWS Config AWS CloudFormation Amazon CloudWatch Amazon CloudWatch AWS CloudFormation AWS CloudFormation Lambda RunCommand Batch Lambda RunCommand Batch Lambda RunCommand Batch AWS Config AWS Config AWS Developer Tools AWS CloudFormation AWS CloudTrail AWS Developer Tools AWS Developer Tools
Preparation Checklists Runbooks Playbooks Traceable changes Auto Scaling AWS CloudFormation Amazon CloudWatch AWS Config AWS CloudTrail
Operations CI/CD Pipeline • Releases • Build Systems • Deployment and rollback • Testing Centralised monitoring and logs Alerts and Automated responses Amazon CloudWatchAlarms
Responses CloudWatch Events CloudWatch Alarms AWS Config and Rules Lambda
Use CloudWatch Events and Lambda https://aws.amazon.com/blogs/security/how-to-detect-and-automatically-remediate-unintended-permissions-in-amazon-s3-object-acls-with- cloudwatch-events/
Benefits of Well-Architected Think Cloud-Natively Consistent Approach to Reviewing Architecture Understand Potential Impact Visibility of Risks
Preparing for Well Architected Review • Complete the Online Training • Perform Customer Self Assessment • Evaluate Automated Assessment Tools • Certified APN Partner Led Assessment • AWS Account Team Engagement & Review • Work with AWS SA on any Remediation Plans
AWS Well Architected Report Format
For More Information… https://aws.amazon.com/well-architected/ AWS Well-Architected Framework Whitepaper Pillar Specific Whitepapers Free Online Training

Recomendados

An Introduction to the AWS Well Architected Framework - Webinar
An Introduction to the AWS Well Architected Framework - WebinarAn Introduction to the AWS Well Architected Framework - Webinar
An Introduction to the AWS Well Architected Framework - WebinarAmazon Web Services
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS SecurityAmazon Web Services
 
Setting Up a Landing Zone
Setting Up a Landing ZoneSetting Up a Landing Zone
Setting Up a Landing ZoneAmazon Web Services
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS SecurityAmazon Web Services
 
AWS Multi-Account Architecture and Best Practices
AWS Multi-Account Architecture and Best PracticesAWS Multi-Account Architecture and Best Practices
AWS Multi-Account Architecture and Best PracticesAmazon Web Services
 
Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...
Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...
Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...Amazon Web Services
 
Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Using AWS Control Tower to govern multi-account AWS environments at scale - G...Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Using AWS Control Tower to govern multi-account AWS environments at scale - G...Amazon Web Services
 
AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018
AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018
AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018Amazon Web Services
 

Recomendados

An Introduction to the AWS Well Architected Framework - Webinar
An Introduction to the AWS Well Architected Framework - WebinarAn Introduction to the AWS Well Architected Framework - Webinar
An Introduction to the AWS Well Architected Framework - WebinarAmazon Web Services
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS SecurityAmazon Web Services
 
Setting Up a Landing Zone
Setting Up a Landing ZoneSetting Up a Landing Zone
Setting Up a Landing ZoneAmazon Web Services
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS SecurityAmazon Web Services
 
AWS Multi-Account Architecture and Best Practices
AWS Multi-Account Architecture and Best PracticesAWS Multi-Account Architecture and Best Practices
AWS Multi-Account Architecture and Best PracticesAmazon Web Services
 
Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...
Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...
Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...Amazon Web Services
 
Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Using AWS Control Tower to govern multi-account AWS environments at scale - G...Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Using AWS Control Tower to govern multi-account AWS environments at scale - G...Amazon Web Services
 
AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018
AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018
AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018Amazon Web Services
 
AWS Well-Architected Framework
AWS Well-Architected FrameworkAWS Well-Architected Framework
AWS Well-Architected FrameworkHenrique Mecking
 
Intro to AWS: Security
Intro to AWS: SecurityIntro to AWS: Security
Intro to AWS: SecurityAmazon Web Services
 
Deploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerDeploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerAmazon Web Services
 
IAM Introduction
IAM IntroductionIAM Introduction
IAM IntroductionAmazon Web Services
 
Well-Architected Bootcamp
Well-Architected BootcampWell-Architected Bootcamp
Well-Architected BootcampAmazon Web Services
 
Introduction to DevSecOps on AWS
Introduction to DevSecOps on AWSIntroduction to DevSecOps on AWS
Introduction to DevSecOps on AWSAmazon Web Services
 
AWS Control Tower
AWS Control TowerAWS Control Tower
AWS Control TowerCloudHesive
 
Managing and governing multi-account AWS environments using AWS Organizations...
Managing and governing multi-account AWS environments using AWS Organizations...Managing and governing multi-account AWS environments using AWS Organizations...
Managing and governing multi-account AWS environments using AWS Organizations...Amazon Web Services
 
Introduction to the Well-Architected Framework and Tool - SVC208 - Anaheim AW...
Introduction to the Well-Architected Framework and Tool - SVC208 - Anaheim AW...Introduction to the Well-Architected Framework and Tool - SVC208 - Anaheim AW...
Introduction to the Well-Architected Framework and Tool - SVC208 - Anaheim AW...Amazon Web Services
 
Fundamentals of AWS Security
Fundamentals of AWS SecurityFundamentals of AWS Security
Fundamentals of AWS SecurityAmazon Web Services
 
Designing security & governance via AWS Control Tower & Organizations - SEC30...
Designing security & governance via AWS Control Tower & Organizations - SEC30...Designing security & governance via AWS Control Tower & Organizations - SEC30...
Designing security & governance via AWS Control Tower & Organizations - SEC30...Amazon Web Services
 
AWS Security Week: Security, Identity, & Compliance
AWS Security Week: Security, Identity, & ComplianceAWS Security Week: Security, Identity, & Compliance
AWS Security Week: Security, Identity, & ComplianceAmazon Web Services
 
AWS Technical Essentials Day
AWS Technical Essentials DayAWS Technical Essentials Day
AWS Technical Essentials DayAmazon Web Services
 
AWS Security Hub
AWS Security HubAWS Security Hub
AWS Security HubCrishantha Nanayakkara
 
Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019
Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019 Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019
Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019 Amazon Web Services
 
Module 1: Introduction to the AWS Cloud - AWSome Day Online Conference 2019
Module 1: Introduction to the AWS Cloud - AWSome Day Online Conference 2019Module 1: Introduction to the AWS Cloud - AWSome Day Online Conference 2019
Module 1: Introduction to the AWS Cloud - AWSome Day Online Conference 2019Amazon Web Services
 
Living the AWS Well Architected Framework
Living the AWS Well Architected FrameworkLiving the AWS Well Architected Framework
Living the AWS Well Architected FrameworkAdam Dillman
 
AWS CodeCommit, CodeDeploy & CodePipeline
AWS CodeCommit, CodeDeploy & CodePipelineAWS CodeCommit, CodeDeploy & CodePipeline
AWS CodeCommit, CodeDeploy & CodePipelineJulien SIMON
 
AWS Security Hub
AWS Security HubAWS Security Hub
AWS Security HubAmazon Web Services
 
Aws landing zone
Aws landing zoneAws landing zone
Aws landing zoneIgor Ivanovic
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 

Mais conteúdo relacionado

Mais procurados

AWS Well-Architected Framework
AWS Well-Architected FrameworkAWS Well-Architected Framework
AWS Well-Architected FrameworkHenrique Mecking
 
Deploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerDeploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerAmazon Web Services
 
Introduction to DevSecOps on AWS
Introduction to DevSecOps on AWSIntroduction to DevSecOps on AWS
Introduction to DevSecOps on AWSAmazon Web Services
 
AWS Control Tower
AWS Control TowerAWS Control Tower
AWS Control TowerCloudHesive
 
Managing and governing multi-account AWS environments using AWS Organizations...
Managing and governing multi-account AWS environments using AWS Organizations...Managing and governing multi-account AWS environments using AWS Organizations...
Managing and governing multi-account AWS environments using AWS Organizations...Amazon Web Services
 
Introduction to the Well-Architected Framework and Tool - SVC208 - Anaheim AW...
Introduction to the Well-Architected Framework and Tool - SVC208 - Anaheim AW...Introduction to the Well-Architected Framework and Tool - SVC208 - Anaheim AW...
Introduction to the Well-Architected Framework and Tool - SVC208 - Anaheim AW...Amazon Web Services
 
Designing security & governance via AWS Control Tower & Organizations - SEC30...
Designing security & governance via AWS Control Tower & Organizations - SEC30...Designing security & governance via AWS Control Tower & Organizations - SEC30...
Designing security & governance via AWS Control Tower & Organizations - SEC30...Amazon Web Services
 
AWS Security Week: Security, Identity, & Compliance
AWS Security Week: Security, Identity, & ComplianceAWS Security Week: Security, Identity, & Compliance
AWS Security Week: Security, Identity, & ComplianceAmazon Web Services
 
Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019
Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019 Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019
Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019 Amazon Web Services
 
Module 1: Introduction to the AWS Cloud - AWSome Day Online Conference 2019
Module 1: Introduction to the AWS Cloud - AWSome Day Online Conference 2019Module 1: Introduction to the AWS Cloud - AWSome Day Online Conference 2019
Module 1: Introduction to the AWS Cloud - AWSome Day Online Conference 2019Amazon Web Services
 
Living the AWS Well Architected Framework
Living the AWS Well Architected FrameworkLiving the AWS Well Architected Framework
Living the AWS Well Architected FrameworkAdam Dillman
 
AWS CodeCommit, CodeDeploy & CodePipeline
AWS CodeCommit, CodeDeploy & CodePipelineAWS CodeCommit, CodeDeploy & CodePipeline
AWS CodeCommit, CodeDeploy & CodePipelineJulien SIMON
 

Mais procurados (20)

AWS Well-Architected Framework
AWS Well-Architected FrameworkAWS Well-Architected Framework
AWS Well-Architected Framework
 
Intro to AWS: Security
Intro to AWS: SecurityIntro to AWS: Security
Intro to AWS: Security
 
Deploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerDeploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control Tower
 
IAM Introduction
IAM IntroductionIAM Introduction
IAM Introduction
 
Well-Architected Bootcamp
Well-Architected BootcampWell-Architected Bootcamp
Well-Architected Bootcamp
 
Introduction to DevSecOps on AWS
Introduction to DevSecOps on AWSIntroduction to DevSecOps on AWS
Introduction to DevSecOps on AWS
 
AWS Control Tower
AWS Control TowerAWS Control Tower
AWS Control Tower
 
Managing and governing multi-account AWS environments using AWS Organizations...
Managing and governing multi-account AWS environments using AWS Organizations...Managing and governing multi-account AWS environments using AWS Organizations...
Managing and governing multi-account AWS environments using AWS Organizations...
 
Introduction to the Well-Architected Framework and Tool - SVC208 - Anaheim AW...
Introduction to the Well-Architected Framework and Tool - SVC208 - Anaheim AW...Introduction to the Well-Architected Framework and Tool - SVC208 - Anaheim AW...
Introduction to the Well-Architected Framework and Tool - SVC208 - Anaheim AW...
 
Fundamentals of AWS Security
Fundamentals of AWS SecurityFundamentals of AWS Security
Fundamentals of AWS Security
 
Designing security & governance via AWS Control Tower & Organizations - SEC30...
Designing security & governance via AWS Control Tower & Organizations - SEC30...Designing security & governance via AWS Control Tower & Organizations - SEC30...
Designing security & governance via AWS Control Tower & Organizations - SEC30...
 
AWS Security Week: Security, Identity, & Compliance
AWS Security Week: Security, Identity, & ComplianceAWS Security Week: Security, Identity, & Compliance
AWS Security Week: Security, Identity, & Compliance
 
AWS Technical Essentials Day
AWS Technical Essentials DayAWS Technical Essentials Day
AWS Technical Essentials Day
 
AWS Security Hub
AWS Security HubAWS Security Hub
AWS Security Hub
 
Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019
Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019 Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019
Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019
 
Module 1: Introduction to the AWS Cloud - AWSome Day Online Conference 2019
Module 1: Introduction to the AWS Cloud - AWSome Day Online Conference 2019Module 1: Introduction to the AWS Cloud - AWSome Day Online Conference 2019
Module 1: Introduction to the AWS Cloud - AWSome Day Online Conference 2019
 
Living the AWS Well Architected Framework
Living the AWS Well Architected FrameworkLiving the AWS Well Architected Framework
Living the AWS Well Architected Framework
 
AWS CodeCommit, CodeDeploy & CodePipeline
AWS CodeCommit, CodeDeploy & CodePipelineAWS CodeCommit, CodeDeploy & CodePipeline
AWS CodeCommit, CodeDeploy & CodePipeline
 
AWS Security Hub
AWS Security HubAWS Security Hub
AWS Security Hub
 
Aws landing zone
Aws landing zoneAws landing zone
Aws landing zone
 

Semelhante a Following Well Architected Frameworks - Lunch and Learn.pdf

Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
Getting started with aws security toronto rs
Getting started with aws security toronto rsGetting started with aws security toronto rs
Getting started with aws security toronto rsAmazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS Security Getting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
Security and Compliance Better on AWS_John Hildebrandt
Security and Compliance Better on AWS_John HildebrandtSecurity and Compliance Better on AWS_John Hildebrandt
Security and Compliance Better on AWS_John HildebrandtHelen Rogers
 
Sicurezza e Compliance nel Cloud
Sicurezza e Compliance nel CloudSicurezza e Compliance nel Cloud
Sicurezza e Compliance nel CloudAmazon Web Services
 
Simplify & Standardise Your Migration to AWS with a Migration Landing Zone
Simplify & Standardise Your Migration to AWS with a Migration Landing ZoneSimplify & Standardise Your Migration to AWS with a Migration Landing Zone
Simplify & Standardise Your Migration to AWS with a Migration Landing ZoneAmazon Web Services
 
re:Invent Recap: Security Week at the SF Loft
re:Invent Recap: Security Week at the SF Loftre:Invent Recap: Security Week at the SF Loft
re:Invent Recap: Security Week at the SF LoftAmazon Web Services
 
Simplify & Standardise your migration to AWS with a Migration Landing Zone
Simplify & Standardise your migration to AWS with a Migration Landing ZoneSimplify & Standardise your migration to AWS with a Migration Landing Zone
Simplify & Standardise your migration to AWS with a Migration Landing ZoneAmazon Web Services
 
AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...
AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...
AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...Amazon Web Services
 
Forge - DevCon 2016: Developing & Deploying Secure, Scalable Applications on ...
Forge - DevCon 2016: Developing & Deploying Secure, Scalable Applications on ...Forge - DevCon 2016: Developing & Deploying Secure, Scalable Applications on ...
Forge - DevCon 2016: Developing & Deploying Secure, Scalable Applications on ...Autodesk
 
So you want to be Well-Architected?
So you want to be Well-Architected?So you want to be Well-Architected?
So you want to be Well-Architected?Amazon Web Services
 
Best Practices for Security at Scale
Best Practices for Security at ScaleBest Practices for Security at Scale
Best Practices for Security at ScaleAmazon Web Services
 
Day 1 - Introduction to Cloud Computing with Amazon Web Services
Day 1 - Introduction to Cloud Computing with Amazon Web ServicesDay 1 - Introduction to Cloud Computing with Amazon Web Services
Day 1 - Introduction to Cloud Computing with Amazon Web ServicesAmazon Web Services
 
Security Best Practices - AWS Summit Bahrain 2017
Security Best Practices - AWS Summit Bahrain 2017Security Best Practices - AWS Summit Bahrain 2017
Security Best Practices - AWS Summit Bahrain 2017Amazon Web Services
 
Migrate & Modernize your legacy Microsoft applications with AWS
Migrate & Modernize your legacy Microsoft applications with AWSMigrate & Modernize your legacy Microsoft applications with AWS
Migrate & Modernize your legacy Microsoft applications with AWSAmazon Web Services
 
Being Well Architected in the Cloud
Being Well Architected in the CloudBeing Well Architected in the Cloud
Being Well Architected in the CloudAdrian Hornsby
 

Semelhante a Following Well Architected Frameworks - Lunch and Learn.pdf (20)

Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 
Getting started with aws security toronto rs
Getting started with aws security toronto rsGetting started with aws security toronto rs
Getting started with aws security toronto rs
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 
Getting Started with AWS Security
Getting Started with AWS Security Getting Started with AWS Security
Getting Started with AWS Security
 
Security and Compliance Better on AWS_John Hildebrandt
Security and Compliance Better on AWS_John HildebrandtSecurity and Compliance Better on AWS_John Hildebrandt
Security and Compliance Better on AWS_John Hildebrandt
 
Sicurezza e Compliance nel Cloud
Sicurezza e Compliance nel CloudSicurezza e Compliance nel Cloud
Sicurezza e Compliance nel Cloud
 
Simplify & Standardise Your Migration to AWS with a Migration Landing Zone
Simplify & Standardise Your Migration to AWS with a Migration Landing ZoneSimplify & Standardise Your Migration to AWS with a Migration Landing Zone
Simplify & Standardise Your Migration to AWS with a Migration Landing Zone
 
Security & Compliance in AWS
Security & Compliance in AWSSecurity & Compliance in AWS
Security & Compliance in AWS
 
re:Invent Recap: Security Week at the SF Loft
re:Invent Recap: Security Week at the SF Loftre:Invent Recap: Security Week at the SF Loft
re:Invent Recap: Security Week at the SF Loft
 
Simplify & Standardise your migration to AWS with a Migration Landing Zone
Simplify & Standardise your migration to AWS with a Migration Landing ZoneSimplify & Standardise your migration to AWS with a Migration Landing Zone
Simplify & Standardise your migration to AWS with a Migration Landing Zone
 
AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...
AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...
AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...
 
Forge - DevCon 2016: Developing & Deploying Secure, Scalable Applications on ...
Forge - DevCon 2016: Developing & Deploying Secure, Scalable Applications on ...Forge - DevCon 2016: Developing & Deploying Secure, Scalable Applications on ...
Forge - DevCon 2016: Developing & Deploying Secure, Scalable Applications on ...
 
So you want to be Well-Architected?
So you want to be Well-Architected?So you want to be Well-Architected?
So you want to be Well-Architected?
 
Best Practices for Security at Scale
Best Practices for Security at ScaleBest Practices for Security at Scale
Best Practices for Security at Scale
 
Day 1 - Introduction to Cloud Computing with Amazon Web Services
Day 1 - Introduction to Cloud Computing with Amazon Web ServicesDay 1 - Introduction to Cloud Computing with Amazon Web Services
Day 1 - Introduction to Cloud Computing with Amazon Web Services
 
Security Best Practices - AWS Summit Bahrain 2017
Security Best Practices - AWS Summit Bahrain 2017Security Best Practices - AWS Summit Bahrain 2017
Security Best Practices - AWS Summit Bahrain 2017
 
Migrate & Modernize your legacy Microsoft applications with AWS
Migrate & Modernize your legacy Microsoft applications with AWSMigrate & Modernize your legacy Microsoft applications with AWS
Migrate & Modernize your legacy Microsoft applications with AWS
 
Being Well Architected in the Cloud
Being Well Architected in the CloudBeing Well Architected in the Cloud
Being Well Architected in the Cloud
 

Mais de Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

Mais de Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Following Well Architected Frameworks - Lunch and Learn.pdf

  • 1. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. https://aws.amazon.com/well-architected/
  • 3. What is the Well-Architected Framework? Pillars Design Principles Questions
  • 4. Pillars of Well-Architected Security Reliability Performance Efficiency Cost Optimization Operational Excellence
  • 5. Why would I want to apply the AWS Well-Architected Framework? Build and deploy faster Lower or mitigate risks Make informed decisions Learn AWS best practices
  • 6. A Mechanism for your Cloud Journey Learn Measure Improve
  • 8. General Design Principles Stop guessing your capacity needs Test systems at production scale Automate to make architectural experimentation easier Allow for evolutionary architectures Build data-driven architectures Improve through game days
  • 10. AWS Reference Serverless Micro Service Architectures aws.amazon.com/serverless/ AWS Serverless Multi-Tier Architectures Using Amazon API Gateway and AWS Lambda November 2015
  • 11. AWS Foundation Services Compute Storage Database Networking AWS Global Infrastructure Regions Availability Zones Edge Locations Client-side Data Encryption Server-side Data Encryption Network Traffic Protection Platform, Applications, Identity & Access Management Operating System, Network & Firewall Configuration Customer content Customers Shared Responsibility between AWS and our customers Customers are responsible for their security IN the Cloud AWS is responsible for the security OF the Cloud
  • 12. AWS Trusted Advisor AWS Trusted Advisor
  • 13. AWS Well-Architected Framework Whitepapers AWS Well Architected Framework November 2016 AWS Well Architected Framework Whitepaper • Security Pillar Whitepaper • Reliability Pillar Whitepaper • Performance Efficiency Pillar Whitepaper • Cost Optimization Pillar Whitepaper • Operational Excellence Pillar Whitepaper aws.amazon.com/architecture/well-architected/
  • 14. Free Online Self Paced Training Materials
  • 15. Specialized Reviews by Architecture Type • Web Application Hosting • Content Streaming and Media Serving • COTS Enterprise Workloads (e.g. SAP, Microsoft, Oracle) • Fault Tolerance and High Availability • Large Scale Processing and Huge Data Sets • Ad Serving • Serverless • Gaming
  • 16. AWS Well-Architected Framework Security Pillar Whitepaper Security Pillar AWS Well-Architected Framework November 2016
  • 17. Design Principles for Security Apply security at all layers Enable traceability Implement a principle of least privilege Focus on securing your system Automate security best practices
  • 18.
  • 19.
  • 20. Pillar Area Question Text Question Context Best Practices
  • 21. Upload: FTP • Work through the questions • Use the questions as a prompt • CURRENT STATE – what is being done now? • TARGET STATE – what do you think they should be doing? • Not an absolute right or wrong – use case specific • It’s a guide How to Document Your System
  • 22. Key Services for Security AWS IAM Areas Key Services Identity and Access Management Detective Controls Infrastructure Protection Data Protection Incident Response Elastic Load Balancing Amazon EBS Amazon S3 Amazon RDS AWS Key Management Service MFA Token Amazon VPC AWS CloudTrail AWS Config Amazon CloudWatch AWS IAM AWS IAM AWS CloudFormation AWS Organizations
  • 23. AWS Organizations Control AWS service use across accounts Policy-based management for multiple AWS accounts. Consolidate billingAutomate AWS account creation AWS Organizations
  • 24. AWS Identity & Access Management IAM Users IAM Groups IAM Roles IAM Policies • Granular access control for least privileges • Manage hierarchies of AWS Accounts with AWS Organizations • Federate with your existing directory services • Role-based access and segregation of duties • Achieve just-in-time access using automation • Create rich mobile applications without giving end-users long-term access keys IAM
  • 25. You are making API calls... API Executed AWS CloudTrail is continuously recording API calls… And delivering log files to you AWS CLOUDTRAIL AWS CloudTrail
  • 27. AWS Config & Config Rules  Record configuration changes continuously  Time-series view of resource changes  Archive & Compare  Enforce best practices  Automatically roll-back unwanted changes  Trigger additional workflow AWS Config Amazon Config Rules
  • 28. Private Subnet (Web Tier) Private Subnet (App Tier) VPC Defense in Depth Public Subnet SG-Web SG-App SG-Web SG-Web SG-App SG-App 10.0.2.0/24 10.0.1.0/24 10.0.3.0/24 SG-ALB Allow CloudFront IP ranges only Allow SG-ALB only Allow SG-Web only
  • 29. VPC Flow Logs • Agentless • Enable per ENI, per subnet, or per VPC • Logged to AWS CloudWatch Logs • Create CloudWatch metrics from log data • Alarm on those metrics AWS account Source IP Destination IP Source port Destination port Interface Protocol Packets Bytes Start/end time Accept or reject
  • 30. VPC Flow Logs – CloudWatch Alarms Amazon CloudWatch alarm
  • 31. Mitigate DDoS Threats Application DDoS Good users Bad guys Web server Database AWS Shield
  • 32. Mitigate OWASP Application Threats Good users Bad guys Web server Database Exploit code SQL injectionXSS AWS WAF filtering rule
  • 33. SSL/TLS  Deep integration with AWS Services  Automated Certificate Renewal  CloudTrail  No extra cost … or you can always use your own AWS Certificate Manager
  • 34. Cryptographic Services  Deep integration with AWS Services  CloudTrail  AWS SDK for application encryption AWS KMS  Hardware Security Module  Integrate with on-premises HSMs  Hybrid Architectures Amazon CloudHSM … or you can always use your own
  • 35. AWS CloudFormation – Infrastructure as Code AWS CloudFormation  Orchestrate changes across AWS Services  Use as foundation to Service Catalog products  Use with source code repositories to manage infrastructure changes  JSON & YAML text file describing infrastructure  Resources created from a template  Can be updated  Updates can be restricted Template Stack
  • 36. AWS Well-Architected Framework Reliability Pillar Whitepaper Reliability Pillar AWS Well-Architected Framework November 2016
  • 37. Design Principles for Reliability Test recovery procedures Automatically recover from failure Scale horizontally to increase aggregate system availability Stop guessing capacity Manage change in automation
  • 38. Key Services for Reliability Areas Key Services Foundations Change management Failure management AWS IAM Amazon VPC AWS CloudTrail AWS Config AWS CloudFormation Amazon CloudWatch
  • 39. Foundations | Limit Management How do you manage AWS service limits for your accounts?
  • 40. Foundations | Limit Management AWS Trusted Advisor Amazon CloudWatch
  • 41. Foundations | Limit Management Easy wins: Default service limits AWS Trusted Advisor limit checks. Increasing soft limits if needed. Things to consider: Limit monitoring (possible automation) The difference between hard and soft limits Plan for more than you need. Consider your limits across accounts. Fixed Limit - 125 peering connections per VPC Fixed Limit - 100 routes across Direct Connect
  • 42. Foundations | Limit Management
  • 43. Foundations | Limit Management
  • 44. Foundations | Limit Management
  • 45. Foundations | Limit Management
  • 46. Foundations | Limit Management
  • 47. Foundations | Network Topology How are you planning your network topology on AWS?
  • 48. Foundations | Network Topology Amazon VPC AWS Direct Connect VPN Gateway
  • 49. Foundations | Network Topology Easy wins: Redundant networking built in to AWS regions. Highly available load balancing, DNS. Choose correct CIDR masks. Things to consider: Default VPC quick and resilient, but plan your own. Redundant connectivity to office/datacentre? VPN or Direct Connect? IP subnet address ranges overlap for VPC peering.
  • 51. Change Management | Monitoring How are you monitoring AWS resources?
  • 52. Change Management | Monitoring Amazon CloudWatch Amazon S3 Amazon QuickSight
  • 53. Change Management | Monitoring Easy wins: Amazon CloudWatch deep integration with AWS services. Built-in CloudWatch metrics. Highly durable CloudWatch logs. Things to consider: Integrate existing log solutions like Greylog or Splunk. Automate responses to alerts. Use Amazon EMR to gain insights. Long term event trigger refinement.
  • 54. Change Management | Change Execution How are you executing change?
  • 55. Change Management | Change Execution AWS CloudFormation AWS CodePipeline AWS CodeDeploy
  • 56. Change Management | Change Execution Easy wins: Infrastructure as code for simple services. Version control infrastructure for change and rollback. Environments kept consistent. Things to consider: CI/CD pipeline is a long term strategy. Continuous Delivery is different to Deployment. Identify automation candidates. Shift approvals to the left.
  • 57. Failure Management | Data Durability How are you backing up your data?
  • 58. Failure Management | Data Durability Amazon S3 AWS KMS Amazon EBS
  • 59. Failure Management | Data Durability Easy wins: S3 designed for 99.99999999999% durability. Frequent snapshots of EBS volumes. RDS takes regular incremental snapshots. Things to consider: Durability requirements, ease of snapshots, speed, cost. Encryption of your data and management of keys. Periodic recovery testing to meet RPO and RTO.
  • 60. Failure Management | Recovery Planning How are you testing your resiliency?
  • 61. Failure Management | Recovery Planning AWS CloudFormation AWS SDKs
  • 62. Failure Management | Recovery Planning Easy wins: Automated infrastructure for flexible testing. Chaos Monkey and the Simian Army for failure injection. Scheduling game days to break your system. Things to consider: Make sure your build servers are reliable as well. Do your playbooks sufficiently cover recovery pathways? Learn from your failures with Root Cause Analysis.
  • 63. Failure Management | Recovery Planning How are you planning for disaster recovery?
  • 64. Failure Management | Recovery Planning AWS IAM Amazon S3 Amazon Glacier
  • 65. Failure Management | Recovery Planning Easy wins: Automated system recovery using infrastructure as code. Versioning in S3 with object lifecycle policies easy to turn on. Use another region or account to test failover. Knowledge base for capturing incident responses. Things to consider: RPOs and RTOs need to be defined first. Manage data access policies with IAM. Be aware of Configuration drift. Consider continuous availability.
  • 66. Three Key Takeaways 1. Don’t forget the foundations. 2. Continually monitor your environment for events and analysis. 3. Automate, test and iterate.
  • 67. AWS Well-Architected Framework Performance Efficiency Pillar Whitepaper Performance Efficiency Pillar AWS Well-Architected Framework November 2016
  • 68. Design Principles for Performance Efficiency Democratize advanced technologies Go global in minutes Use serverless architectures Experiment more often Mechanical sympathy
  • 69. Key Services for Performance Efficiency Areas Key Services Selection Review Monitoring Trade-Off Amazon EBS Amazon S3 Amazon RDSAuto Scaling Amazon Glacier Amazon CloudFront Amazon DynamoDB Amazon CloudWatch AWS Lambda Amazon Elasticache AWSSnowball AWS CloudFormation AWS Blog Amazon CloudWatch
  • 70. Instances • CPU • Memory • EBS • GPU Containers • EC2 type • Memory • CPU • tenancy hi1.4xlarge m2.4xlarge m1.small • Functions – Memory – Execution time – Concurrency • Elasticity – Demand-based – Buffer-based – Time-based Selection | Compute
  • 71. Key service for elastic compute solutions: Auto Scaling Selection | Compute
  • 72. Characteristics Amazon EBS Amazon EFS Instance Storage Amazon S3 Amazon Glacier Selection | Storage
  • 73. Selection | Storage Characteristics: - Availability - Consistency - Partition Tolerance - Latency - Durability - Scalability - Query capability Configuration options: - Cache - Memory - Database level settings - Storage optimisation Access Patterns: - Indexes - Key distribution - Partition - Horizontal scaling
  • 74. Selection | Database Amazon DynamoDB Amazon ElastiCache Amazon RDS Amazon Redshift Fully Managed No-SQL - Fast and Predictable - Seamless Scalability - Secondary Indexing - Managed Table Partitioning In-Memory Cache - Memcached/Redis - High Performance - Supports Sharding, Clustering, Read Replicas Managed Relational DB - Industry standard relational databases - Options for Read Replicas, Provisioned IOPs, Indexes Data Warehouse - Fully Managed - Petabyte-scale - Columnar Storage - Specify sort keys, distribution keys, column encoding
  • 75. Selection | Network Location (Regions and Availability Zones) - Where your users are located - Where your data is located - Other constraints (e.g. Security, compliance) Considerations: - Placement Groups - Edge Locations - DNS - Route53 edge location
  • 76. AWS Well-Architected Framework Cost Optimization Pillar Whitepaper Cost Optimization Pillar AWS Well-Architected Framework November 2016
  • 77. Design Principles for Cost Optimization Adopt a consumption model Benefit from economies of scale Stop spending money on data center operations Analyze and attribute expenditure Use managed services to reduce cost of ownership
  • 78. Key Services for Cost Optimization Areas Key Services Cost-effective resources Matched supply and demand Expenditure awareness Optimizing over time Amazon CloudWatch Auto Scaling Amazon SNS Reserved Instances AWS Trusted Advisor AWS Blog & What’s New Cost Allocation Tags
  • 79. How do you visualize and allocate costs for chargeback Cost explorer in the “billing and management” console
  • 80. Tagging resources – add your own metadata (Almost) everything in AWS can be tagged Each tag is a key and an optional value Up to 10 tags per resource Project = natasha Stack = Development DevTribe = Tribe3 ticket = 78912 EC2 instance name i-4a1c2f5d RDS instance name d-6x3r2f7h Owner = DBAdmin Stack = Production Department = Accounts CostCenter = 8899 Project = BAU Key ValueKey Value Project = natasha Owner = DBAdmin Department = Accounts Stack = Production S3 bucket name s378236 Key Value ticket = 78912 CostCenter = 8899
  • 81. Tagging resources – Now you have metadata you can pivot E.G. Accurately measure What resources (name) did project = natasha use? E.G. Chargeback how much (monthly $) did department = accounts spend? what proportion (monthly $) of ticket = 78921 should be charged to stack = production? Project Natasha Natasha BAU Stack t Developmen t Production Production Devtribe Tribe3 Ticket 78921 78912 Owner DBAdmin DBAdmin Depart Accounts Accounts Cost center 8899 8899 EC2 S3 RDS $680 $700 $45 Monthly $Name
  • 82. Auto scaling: variable workloads CloudWatch for usage start more instances when usage is high stop instances when usage is low Time Based : For development and scheduled workloads 720 hours in a month 160 business hours in a month 80% saving if you switch them off Strategies to make sure your capacity matches, but does not substantially exceed what you need
  • 83. Example – using CloudWatch metrics to control Auto-Scaling Single large instance = wasted capacity Autoscaling with cloudwatch = less wasted capacity Autoscaling with cloudwatch and appropriate instance size = Cost optimized Time Utilization Time Utilization Time Utilization
  • 84. EC2 instance types – consider RAM usage Monitor RAM with a CloudWatch custom metric http://docs.aws.amazon.com/AmazonCloudWatc h/latest/DeveloperGuide/mon-scripts.html EBS Provisioned IOPS EBS General Purpose S3 Standard S3 Reduced redundancy Glacier EC2 c3.8xlarge 32 x vCPU, 60GB RAM EC2 r3.8xlarge 32 x vCPU, 244GB RAM Greatest Savings Greatest PerformanceGreatest Performance EBS Magnetic Storage Types – choose the right storage class for your workload Selecting appropriate EC2 instance types and storage types meet cost targets 50% saving
  • 85. Cost optimizing EC2 instances – same technology – optimized commercials EC2 “On Demand” – scale up and down for dynamic workloads EC2 “Reserved instances” - reduce costs for steady state workloads EC2 “Spot instances” – Lowest possible price for time insensitive workloads The technology is the same BUT You can pick a commercial model that meets your business need Serverless Compute – event based computing model with step change in price Or Managed services with consumption based pricing models
  • 86. AWS Well-Architected Framework Operational Excellence Pillar Whitepaper Operational Excellence Pillar AWS Well-Architected Framework Coming Soon
  • 87. Design Principles for Operational Excellence Perform Operations with Code Align Operations Processes to Business Objectives Make Regular, Small, Incremental Changes Test for Responses to Unexpected Events Learn from Operational Events and Failures Keep Operations Procedures Current
  • 88. Topics explored in Operations Excellence Pillar • What best practices for cloud operations are you using? • How are you doing configuration management for your workload? • How are you evolving your workload while minimizing the impact of change? • How do you monitor your workload to ensure it is operating as expected? • How do you respond to unplanned operational events? • How is escalation managed when responding to unplanned operational events?
  • 89. Areas Key Services Preparation Operations Responses Key Services for Operational Excellence AWS CloudTrail AWS Config AWS CloudFormation Amazon CloudWatch Amazon CloudWatch AWS CloudFormation AWS CloudFormation Lambda RunCommand Batch Lambda RunCommand Batch Lambda RunCommand Batch AWS Config AWS Config AWS Developer Tools AWS CloudFormation AWS CloudTrail AWS Developer Tools AWS Developer Tools
  • 91. Operations CI/CD Pipeline • Releases • Build Systems • Deployment and rollback • Testing Centralised monitoring and logs Alerts and Automated responses Amazon CloudWatchAlarms
  • 93. Use CloudWatch Events and Lambda https://aws.amazon.com/blogs/security/how-to-detect-and-automatically-remediate-unintended-permissions-in-amazon-s3-object-acls-with- cloudwatch-events/
  • 94. Benefits of Well-Architected Think Cloud-Natively Consistent Approach to Reviewing Architecture Understand Potential Impact Visibility of Risks
  • 95. Preparing for Well Architected Review • Complete the Online Training • Perform Customer Self Assessment • Evaluate Automated Assessment Tools • Certified APN Partner Led Assessment • AWS Account Team Engagement & Review • Work with AWS SA on any Remediation Plans
  • 96. AWS Well Architected Report Format
  • 97. For More Information… https://aws.amazon.com/well-architected/ AWS Well-Architected Framework Whitepaper Pillar Specific Whitepapers Free Online Training