This document provides an overview and introduction to Amazon Web Services (AWS) by Markku Lepistö. It covers:
- Signing up for an AWS account and enabling multi-factor authentication on IAM users
- Creating security groups and key pairs to launch and connect to EC2 instances
- Using EBS volumes to back up and restore EC2 instances
- Storing and serving files using S3
- Visualizing AWS costs and setting billing alerts
- Migrating data to AWS using services like Snowball, Direct Connect, Kinesis and Storage Gateway
3. What we’ll cover today
Creating an AWS account
Creating an IAM user and enabling MFA
Launching and connecting to EC2 instances
Backing up and restoring EC2 instances
Using S3 to store and serve files
Visualizing AWS costs and setting billing alerts
Migrating data to AWS
4. Characteristics of Cloud Computing?
On-Demand
delivery…
…of IT resources via
the Internet…
…with pay-as-you-go
pricing
5. The AWS Free Tier
Includes most AWS services
Available for all new accounts
Good for one year from the day the account is created
Everything we show today can be done within the free tier
For more details: http://aws.amazon.com/free/
6. Signing up for an AWS account
Sign up through https://aws.amazon.com
You will need a credit card
There will be a telephone verification
8. First Steps: Creating IAM Users
Using AWS Identity and Access
Management (IAM), you can create
and manage AWS users and
groups.
You can control what resources
each user has access to within an
AWS account.
9. First Steps: Enabling MFA
AWS allows you to require multi-
factor authentication for your
users through physical or software-
based single use login tokens. This
protects against stolen passwords
and key loggers.
Enable this on IAM users and the
root account
11. Amazon EC2 – Creating an SSH key pair
SSH stands for Secure Shell
SSH keys are used for secured access to EC2 instances
SSH keys avoid password weaknesses
You can import your own key or have AWS generate a key pair for you.
AWS does not store the private part of the key pair
13. Amazon EC2 – Creating a Security Group
Security Groups are firewalls for your instances
By default, they block all traffic
You can choose what protocols and ports to open
You can use port ranges (e.g. 22-24)
You can choose who the ports are open to
Create rules with CIDR notation for groups of IP addresses (/32 is a single IP)
Create rules that specify Security Groups for other EC2 Instances
15. Amazon EC2 – Launching an Instance
Instances are virtual machines running in the cloud
You have full control of the instance and can install any
software that you choose
You can choose the instance type and size to get different
amounts of memory, CPU, disk, etc.
You will need your Key Pair and a Security Group to launch
the instance into
17. Amazon EBS – Storage for EC2 Instances
Amazon Elastic Block Store is persistent block storage for EC2 instances
As small as 1GB and as large as 16TB
Available in several different types
Create snapshots of EBS volumes in S3 to create backups
21. Amazon S3
S3 is Amazon’s Simple Storage Service
Store and retrieve almost any amount of data: 1 byte to 5
terabytes per object
Highly scalable and durable
Encryption available
Objects exist in the AWS region you choose
Object level permissions
Easily accessible
23. Billing and Cost Management
There are several features to help you monitor costs and
visualize your AWS spend:
Cost Explorer
Alerts on Spending Limits
Detailed Billing Reports
Consolidated Billing
28. What is Internet/VPN…
Globally Available
Default method of ingesting content into Amazon S3
Simple standards based (HTTP) connection
Use your existing internet connection
Available within a VPC for VPN connectivity
Acceleration via Multipart Upload
Data Transfer Into AWS is free
VPN Connections using VPC Virtual Private Gateway
•$0.05 per VPN Connection-hour
•$0.048 per VPN Connection-hour for connections to the Tokyo region
29. How does Internet / VPN ingest work?
Accelerate Data Transfer using
Multipart Upload
Ingest Data Directly Into S3 Buckets with
existing internet connectivity
S3 Bucket
AWS Region
and
Via Management Console or API
customer
gateway
endpoints
VPN
connection
Internet Internet via VPN + VPC
31. What is Amazon S3 Transfer Acceleration…
Network and Protocol Based Data Transfer Service
Acceleration of Data Ingress / Egress with S3 Buckets
Typically 50% to 400% faster
Feature of S3 Enabled at the Bucket Level
Available at All S3 Regions Worldwide
No Client / Server Software Required
No Code Changes to Your Application
No Firewall Exceptions
Simple Pricing Model
32. Ingest & Egress with S3 transfer acceleration
S3 Bucket
AWS Edge
Location
Uploader
Optimized
Throughput!
Uses AWS 55 global edge locations
AWS determines best edge location
Data transfer optimized between edge
and customer, and edge and S3
Data is not stored on the edge cache
33. Using the Service is as easy as 1, 2, 3…
Update Application to Point to new S3 URL
• Update“bucket.s3.amazonaws.com” to
“<bucket-name>.s3-accelerate.amazonaws.com”
• Original bucket location and contents are the same, only
namespace changes
Or Use Permissions via API
s3:PutAccelerateConfiguration
Enable the Service in the Management Console
Start Uploading Data to Amazon S3
1
2
3
34. How fast is S3 transfer acceleration?
Rio De
Janeiro
Warsaw New York Atlanta Madrid Virginia Melbourne Paris Los
Angeles
Seattle Tokyo Singapore
Time[hrs]
500 GB upload from these edge locations to a bucket in Singapore
Public InternetS3 Transfer Acceleration
36. Global Content Delivery Network
55 Edge Locations Worldwide
Supports Ingest via PUT/POST methods
Works with S3 Multi-part upload
Supports SSL SNI and TLS connections
Integrated with ACM and AWS WAF for additional security
Proxy ingest to S3, EC2 and even your own origins
Tiered and Custom Pricing Models
What is Amazon CloudFront…
37. Using CloudFront to Ingest Data into AWS
AWS Region
Customer Client
HTTP/S PUT/POST
“upload_files.zip”
Amazon EC2
S3 Bucket
ELB
Custom Origin
CloudFront
Edge Location
Ingest content into S3, EC2, ELB or your own custom origin
with Amazon CloudFront
Use cache behaviors to direct to the correct origin based on
PATH pattern matching
Restrict Access via Geo Restriction or AWS WAF Web ACL
39. Dedicated, 1 or 10 GE private pipes into AWS
Create private (VPC) or public virtual interfaces to AWS
Reduced data-out rates (data-in still free)
Consistent network performance
At least 1 location to each AWS region
Option for redundant connections
Uses BGP to exchange routing information over a VLAN
What is AWS Direct Connect…
40. At the Direct Connect Location
CORP
AWS
Direct
Connect
Routers
Custo
mer
Router
Colocat
ion
DX Location
Customer
Network
`
AWS Backbone
Network
Cross
Connect
Customer
Router
Customers
Network
Demarcation
41. Dedicated Port via Direct Connect Partner
AWS
Direct
Connect
Routers
Colocat
ion
DX Location
Partner
Network
AWS Backbone
Network
Cross
Connect
Customer
Router
Partner
Network
Access
Circuit
Demarcation
Partner
Equipment
CORP
43. Amazon Kinesis Platform
Amazon Kinesis streaming data on the AWS cloud
• Amazon Kinesis Streams
• Amazon Kinesis Firehose
• Amazon Kinesis Analytics
44. Amazon Kinesis Firehose
Load massive volumes of streaming data into Amazon S3 and Amazon Redshift
Zero administration: Capture and deliver streaming data into S3, Redshift, and other destinations
without writing an application or managing infrastructure.
Direct-to-data store integration: Batch, compress, and encrypt streaming data for delivery into data
destinations in as little as 60 secs using simple configurations.
Seamless elasticity: Seamlessly scales to match data throughput w/o intervention
Capture and submit streaming
data to Firehose
Firehose loads streaming data continuously
into S3 and Redshift
Analyze streaming data using your
favorite BI tools
46. What is AWS Storage Gateway?
Works with your existing applications
Secure and durable storage in AWS
Low-latency for frequently used data
Scalable and cost-effective on-premises storage - $125 per
gateway per month + S3/Glacier storage fees
Service connecting an on-premises software appliance
with cloud-based storage
47. How does AWS Storage Gateway work?
Amazon EBS
snapshots
Amazon S3
Amazon
Glacier
AWS
Storage Gateway
appliance
Application
server
AWS
Storage Gateway
backend
Customer premises
S3
Transfer
Acceleration
AWS
Direct
Connect
Internet
48. AWS Storage Gateway configurations
iSCSI block storage
Gateway-stored volumes
iSCSI virtual tape storage
Low-latency for all your data with point-in-time
backups to AWS
Replacement for on-premises physical tape
infrastructure for backup and archive
Gateway-cached volumes
Gateway-virtual tape library (VTL)
Low-latency for frequently used data with all data
stored in AWS