Upload File

awsome day cork | technical track

133
1 © 2016 Amazon Web Services, Inc. or its affiliates. All rights reserved. The Metropole Hotel | Tuesday, September 29, 2016 Cork Ryan Little

Upload: amazon-web-services

Post on 18-Feb-2017

615 views

Category:

Technology


1 download

Report

TRANSCRIPT

Page 1: AWSome Day Cork | Technical Track

1copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

The Metropole Hotel | Tuesday September 29 2016

Cork

Ryan Little

2copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module Layout

Module 1 AWS History and Introduction

Module 2 AWS Infrastructure Compute (EC2) Storage (S3 EBS)

Networking (VPC)

Module 3 Security Identity and Access Management IAM

Module 4 Databases Amazon DynamoDB and Amazon RDS

Module 5 AWS Elasticity and Management Tools Auto Scaling Elastic

Load Balancing Amazon CloudWatch and AWS Trusted Advisor

3copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 1

AWS Introduction and History

4copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon History

1994 Jeff Bezos Incorporated the

Company

1995 Amazoncom

Launched Online

Bookstore

2005 Amazon

Publishing Launched

2006 Amazon

Web Services (AWS)

Launched

2007 Kindle

Launched

2011 Amazon

Fresh Launched

2012 Amazon Game Studios

Launched

2013 Amazon

Art Launched

2014 Amazon Prime Now

Launched

2015 Amazon Home

Services amp Amazon

Echo Launched

5copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Web Services (AWS)

ComputeMessaging

Mobile

App Services

Database

Networking

Development and

Management Tools

Payments

VPCOn-Demand Workforce

Analytics Content Delivery

Storage

Enable businesses and developers to

use web services to build scalable

sophisticated applications

6copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Rapid Pace of Innovation

2009

48

159

722

82

2011 2013 2015

New FeaturesServices

Launched

7copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Direct

Connect

AWS Elastic Beanstalk

AWS GovCloud

Amazon CloudTrail

Amazon S3

Amazon WorkSpaces

Amazon Kinesis

Amazon

AppStream

Amazon SNS

AWS IAM

Amazon Route 53

Amazon SWF

Amazon Redshift

Amazon Dynamo DB

Amazon CloudSearch

AWS Data

Pipeline

Trusted Advisor

AWS KMS

Amazon Config

Amazon RDS

for Aurora

Amazon WorkDocs

AWS

Directory

Service

AWS CodeCommit

AWS CodePipeline

AWS Service Catalog

Amazon CloudWatch Logs

Amazon EFS

Amazon API

Gateway

Amazon Machine

Learning

AWS Device Farm

AWS Web App Firewall

Amazon Elasticsearch Service

Amazon QuickSight

AWS ImportExport Snowball

RDS for MariaDB

Amazon Inspector

AWS IoT

Amazon EC2 Container

Registry

Amazon

ElastiCache

AWS

CloudFormation

Amazon

Mobile

Analytics

AWS Mobile Hub

AWS Storage GatewayAWS OpsWorks

AWS Elastic Transcoder

Amazon SES

Amazon EC2

Container Service

Amazon Cognito

AWS CodeDeploy

Glacier As of 1 February 2016

Amazon WorkMail

AWS Lambda1950Services and Features

8copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Customers

Enterprise Customers Startup Customers Public Sector Customers

9copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Six Advantages amp Benefits of AWS Cloud Computing

Trade capital expense

for variable expense

Benefit from massive

economies of scale

Stop guessing

capacity

Go global in minutes

Increase speed and

agility

Stop spending money on

running and maintaining

data centers

10copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Core Infrastructure and Services

AWS Technical Essentials 38 ILT

Security

Network

Security

Network

Security Groups NACLs Access Mgmt

VPCVPCEC2 ldquoClassicrdquo

ldquoPublic

rdquo

ELBOn-Demand

Provision

Traditional Infrastructure Amazon Web Services

Servers

AMI Amazon EC2 InstancesOn-Premises Servers

SecuritySecurity Groups NACLs AWS IAMFirewalls ACLs Administrators

NetworkingVPCELBRouter Network Pipeline Switch

Storage and

DatabaseRDBMSDAS SAN NAS Amazon

EBSAmazon

EFSAmazon

S3

Amazon

RDS

11copy 2016 Amazon Web Services Inc or its affiliates All rights reserved Infrastructure Regions Edge LocationsAvailability Zones

Foundation

Services

Compute(Virtual Auto-scaling and

Load Balancing)

Networking

Applications Virtual

DesktopsCollaboration and Sharing

Platform

Services

Caching

Relational

No SQL

Cluster

Computing

Real-time

Data

Workflows

Data

Warehouse

Queuing

Orchestration

App Streaming

Transcoding

Email

Search

Containers

Devops Tools

Resource Templates

Usage Tracking

Monitoring and Logs

Identity

Sync

Mobile Analytics

Notifications

AWS Cloud Computing

Databases Analytics App Services Deployment and

Management

Mobile Services

Storage(Object Block and Archive)

12copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Global Infrastructure

Regions

Geographic locations

Consists of at least two Availability Zones(AZs)

Availability Zones

Clusters of data centers

Isolated from failures in other Availability Zones

13copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Achieving High Availability Using Multi-AZ

Availability

Zone - AAvailability

Zone - B

Availability

Zone - C

Region

14copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Global Infrastructure

15copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Global Infrastructure

50+ AWS Edge Locations

Local points-of-presence commonly supporting AWS

services like

Amazon Route 53

Amazon CloudFront

16copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check

Q What is the AWS term for physically distinct groups of data centers

within a region

True or False There are more regions than Edge locations

True or False AWS owns and maintains the infrastructure required

for application services and you provision and use them as needed

Q How do AZs in the same region differ

Availability Zone (AZ)

False

True

Each Availability Zone is isolated but the Availability Zones in a region are

connected through low-latency links

17copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Management

Console Demonstration

18copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 2

AWS Infrastructure

19copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Elastic Compute

Cloud (EC2)

20copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Elastic Compute Cloud (EC2)

Resizable compute capacity

Complete control of your computing resources

Reduces the time required to obtain and boot

new server instances to minutesAmazon

EC2

21copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Facts

Scale capacity as your computing requirements change

Pay only for capacity that you actually use

Choose Linux or Windows

Deploy across AWS Regions and Availability Zones for reliability

22copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launching an Amazon EC2 Instance via the Web

Console

1 Determine the AWS Region in which you want to launch the

Amazon EC2 instance

2 Launch an Amazon EC2 instance from a pre-configured

Amazon Machine Image (AMI)

3 Choose an instance type based on CPU memory storage

and network requirements

4 Configure network IP address security groups storage

volume tags and key pair

23copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AMI Details

An AMI includes the following

A template for the root volume for the instance (for

example an operating system an application server

and applications)

Launch permissions that control which AWS accounts

can use the AMI to launch instances

A block device mapping that specifies the volumes to

attach to the instance when its launched

24copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instances and AMIs

Select an AMI based on

Region

Operating system

Architecture (32-bit or 64-bit)

Launch permissions

Storage for the root deviceAMI

Instances

Instance

Launch

instances of any

type

Host computer

Host computer

25copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Instances

OS Applications

amp Configuration

AMI

Running or

Stopped VM

Instances

AZ

VPC

Region

EBS

S3

EBS

SnapshotsS3 Buckets

EBS EBS EBS EBS EBS

AZ

Instances Instances

26copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS vs Amazon EC2 Instance Store

Amazon EBS

Data stored on an Amazon EBS volume can persist

independently of the life of the instance

Storage is persistent

Amazon EC2 Instance Store

Data stored on a local instance store persists only as long as the

instance is alive

Storage is ephemeral

27copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Marketplace ndash IT Software Optimized for the

Cloud

AWS Marketplace

Is an online store to discover purchase and deploy IT software on top of the AWS infrastructure

Catalog of 2300+ IT software solutionsbull Including Paid BYOL Open Source SaaS amp free to try options

Pre-configured to operate on AWSbull Software checked by AWS for security and operability

Deploys to AWS environment in minutes

Flexible usage-based billing models

Software charges billed to AWS account

Includes AWS Test Drive

httpsawsamazoncommarketplace

28copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Choosing the Right Amazon EC2 Instance

EC2 instance types are optimized for different use cases and come

in multiple sizes This allows you to optimally scale resources to

your workload requirements

AWS uses Intelreg Xeonreg processors for EC2 instances providing

customers with high performance and value

Consider the following when choosing your instances Core count

memory size storage size and type network performance and

CPU technologies

Hurry Up and Go Idle - A larger compute instance can save you time

and money therefore paying more per hour for a shorter amount of

time can be less expensive

29copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Intelreg Processor Technologies

Intelreg AVX ndash Get dramatically better performance for highly parallel HPC workloads such as life science engineering data mining financial analysis or other technical computing applications AVX also enhances image video and audio processing

Intelreg AES-NI ndash Enhance your security with these new encryption instructions that reduce the performance penalty associated with encryptingdecrypting data

Intelreg Turbo Boost Technology ndash Get more computing power when you need it with performance that adapts to spikes in your workload with Intelreg Turbo Boost Technology 20

30copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Current Generation Instances

Instance Family Some Use Cases

General purpose (t2 m4 m3) bull Low-traffic websites and web applications

bull Small databases and mid-size databases

Compute optimized (c4 c3) bull High performance front-end fleets

bull Video-encoding

Memory optimized (r3) bull High performance databases

bull Distributed memory caches

Storage optimized (i2 d2) bull Data warehousing

bull Log or data-processing applications

GPU instances (g2) bull 3D application streaming

bull Machine learning

31copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instance Metadata amp User Data

Instance Metadata

Is data about your instance

Can be used to configure or manage a running instance

Instance User Data

Can be passed to the instance at launch

Can be used to perform common automated configuration tasks

Runs scripts after the instance starts

32copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Purchasing Options

On-Demand Instances

Pay by the hour

Reserved Instances

Purchase at significant discount

Instances are always available

1-year to 3-year terms

Scheduled Instances

Purchase a 1-year RI for a

recurring period of time

Spot Instances

Highest bidder uses instance at a

significant discount

Spot blocks supported

Dedicated Hosts

Physical host is fully dedicated to

run your instances Bring your per-socket per-core or per-

VM software licenses to reduce

cost

33copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instructor Demo

Amazon EC2

34copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Simple Storage Service (S3)

Amazon S3

Storage for the Internet

Natively online HTTP access

Store and retrieve any amount of data any

time from anywhere on the web

Highly scalable reliable fast and durable

35copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Facts

Able to store an unlimited number of objects in a bucket

Objects up to 5 TB no bucket size limit

Designed for 99999999999 durability and 9999 availability of

objects over a given year

HTTPS endpoint to store and retrieve any amount of data at any

time from anywhere on the web

Highly scalable reliable fast and inexpensive

Optional server-side encryption using AWS or customer-

managed provided client-side encryption

Access logs for auditing

Provides standards-based REST and SOAP interfaces

36copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Common Use Scenarios

Storage and Backup

Application File Hosting

Media Hosting

Software Delivery

Store AMIs and Snapshots

37copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Concepts

Amazon S3 stores data as objects

within buckets

An object is composed of a file and

optionally any metadata that

describes that file

You can have up to 100 buckets in

each account

You can control access to the

bucket and its objects

Amazon

S3

Bucket

with

Objects

Bucket

Object

38copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Object Keys

An object key is the unique identifier for an object in a

bucket

httpdocs3amazonawscom2006-03-01AmazonS3html

Bucket ObjectKey

39copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Security

You can control access to buckets and objects with

Access Control Lists (ACLs)

Bucket policies

Identity and Access Management (IAM) policies

You can upload or download data to Amazon S3 via SSL

encrypted endpoints

You can encrypt data using AWS SDKs

40copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Versioning

Protects from accidental overwrites and deletes with

no performance penalty

Generates a new version with every upload

Allows easily retrieval of deleted objects or roll back

to previous versions

Three states of an Amazon S3 bucket

Un-versioned (default)

Versioning-enabled

Versioning-suspendedVersioning Enabled

Key photogif

ID 121212

Key photogif

ID 111111

41copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Object Lifecycle

Lifecycle management defines how Amazon S3 manages

objects during their lifetime Some objects that you store in an

Amazon S3 bucket might have a well-defined lifecycle

Log files

Archive documents

Digital media archives

Financial and healthcare records

Raw genomics sequence data

Long-term database backups

Data that must be retained for regulatory compliance

42copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Glacier

Long term low-cost archiving service

Optimal for infrequently accessed data

Designed for 99999999999 durability

3-5 hours retrieval time

Less than $001 per GB month (depending on region)

43copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 + Amazon Glacier

S3 Lifecycle policies allow you to delete or move

objects based on age and set rules per S3 bucket

bucket with

objects

30 Days

Glacier

archive

365 Days

44copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Region Considerations

Amazon S3 creates a bucket in the region you

select

You can choose a region to

Optimize latency

Minimize costs

Address regulatory requirements

Objects stored in a region never leave the region

unless you explicitly transfer them to another

region

45copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Storage Classes

Storage Class Durability Availability Other Considerations

Amazon S3

Standard

99999999999 9999 None

Amazon S3

Standard -

Infrequent

Access (IA)

99999999999 9999 bull Retrieval fee associated

with objects

bull Most suitable for

infrequently accessed

data

Glacier 99999999999 9999 (after you

restore objects)

bull Not available for real-time

access

bull Must restore objects

before you can access

them

46copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Elastic Block Store (EBS)

Persistent block level storage volumes

offering consistent and low-latency performance

Automatically replicated within its Availability

Zone

Snapshots stored durably in Amazon S3 Amazon

EBS

47copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS Lifecycle

Vast amounts of

unused space Create

Call CreateVolume

1 GB to 16 TB

Attach

Call AttachVolume to affiliate with

one Amazon EC2 instance

Attached

and

In Use

bull Format from Amazon EC2

instance OS

bull Mount formatted drive

CreateSnapshotSnapshot to

Amazon S3Detach

Call DetachVolume

Deleted

Call DeleteVolume

48copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS Facts

You can create

EBS Magnetic volumes from 1 GiB to 1 TiB in size

EBS General Purpose (SSD) and Provisioned IOPS (SSD)

volumes up to 16 TiB in size

You can use encrypted EBS volumes to meet a wide

range of data at-rest encryption requirements for

regulatedaudited data and applications

You can create point-in-time snapshots of EBS volumes

which are persisted to Amazon S3

49copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS and Amazon S3

Amazon EBS Amazon S3

Paradigm Block storage with file system Object store

Performance Very fast Fast

Redundancy Across multiple servers in an

Availability Zone

Across multiple facilities in a Region

Security EBS Encryption ndash Data volumes

and Snapshots

Encryption

Access from the

Internet

No (1) Yes (2)

Typical use case It is a disk drive Online storage

(1) Accessible from the Internet if mounted to server and set up as FTP etc

(2) Only with proper credentials unless ACLs are world-readable

50copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Instance Storage

Local complimentary direct attached block storage resource

Availability number of disks and size is based on EC2

instance type

Storage optimized instances for up to 365000 Read IOPS

and 315000 First Write IOPS

SSD or magnetic

No persistence

All data is automatically deleted when an EC2 instance stops

fails or is terminated

51copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Reboot vs Stop vs Terminate

Characteristic Reboot StopStart (EBS-backed instances only)

Terminate

Host computer The instance stays on the

same host computer

The instance runs on a new

host computer

NA

Private and public

IP addresses

Stay the same Instance keeps its private IP

address and gets a new public

IP address

NA

Elastic IP addresses

(EIP)

EIP remains associated with

the instance

EIP remains associated with the

instance

The EIP is disassociated from the

instance

Instance store

volumes

The data is preserved The data is erased The data is erased

EBS volume The volume is preserved The volume is preserved The volume is deleted by default

Billing Instance billing hour doesnrsquot

change

You stop incurring charges as

soon as state is changed to

stopping

You stop incurring charges as

soon as state is changed to

shutting-down

52copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instructor Demo

Amazon S3

53copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Networking

Amazon VPC

54copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

Provision a private isolated virtual network

on the AWS cloud

Have complete control over your virtual

networking environmentAmazon

VPC

55copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

VPCs and Subnets

A subnet defines a range of IP addresses in your VPC

You can launch AWS resources into a subnet that you select

A private subnet should be used for resources that wonrsquot be accessible over the Internet

A public subnet should be used for resources that will be accessed over the Internet

Each subnet must reside entirely within one Availability Zone and cannot span zones

56copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon VPC Example

Availability Zone A

Virtual Private Cloud

AWS Cloud

Public Subnet

Internet

Virtual Private Cloud

Availability Zone B

Private Subnet

Availability Zone C

VPN Only Subnet

DB Server DB Server

App Server

DB Server DB Server

DB Server

Web Server Web Server

NAT

Customer

Network

R

57copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security in Your VPC

Security groups

Network access

control lists

(ACLs) Subnet

1000024Subnet

1001024

Internet GatewayVPN Gateway

VPC Router

1000016

Security Group Security

Group

Security

Group

Network ACL Network ACL

Routing Table Routing Table

instance instance instance instance

58copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answers

Q What AWS service would help support your web application to offload serving static assets and store user uploaded images and video off-instance

Q How would you find out the private and public IP addresses for an EC2 instance

Q What acts as an additional layer of security at the subnet level in a VPC

True or False S3 Provides unlimited storageTrue

Retrieve the instance metadata http169254169254latestmeta-data

Amazon S3

Network ACLs

59copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 3

Security Identity and Access

Management

60copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Shared Responsibility ndash AWS

AW

S

Client-side Data Encryption

and Data Integrity

Authentication

Server-side Encryption

(File System andor Data)Network Traffic Protection

(EncryptionIntegrityIdentity)

Platform Applications Identity and Access Management

Operating System Network and Firewall Configuration

Customer DataC

usto

mer

Foundation Services

Compute Storage Database Network

AWS Global

Infrastructure Regions

Availability Zones Edge

Locations

61copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Physical Security

247 trained security staff

AWS data centers in nondescript and undisclosed facilities

Two-factor authentication for authorized staff

Authorization for data center access

62copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Hardware Software and Network

Automated change-control process

Bastion servers that record all access attempts

Firewall and other boundary devices

AWS monitoring tools

63copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Certifications and Accreditations

ISO 9001 ISO 27001 ISO 27017 ISO 27018 IRAP (Australia) MLPS Level 3 (China)

MTCS Tier 3 Certification (Singapore) and more hellip

64copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SSL Endpoints

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

SSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

SSL Endpoints

65copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security Groups

SSL Endpoints Security Groups

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

66copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

VPCSSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

67copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Multi-Tier Security Groups

HTTP

SSHRDP

Ports 80 and 443 only

open to the Internet

Engineering staff have SSHRDP

access to Bastion Host

All other internet ports blocked by default

Bastion

68copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Identity and Access Management (IAM)

AWS IAM

3

Manage federated users

and their permissions

2

Manage AWS IAM roles

and their permissions

1

Manage AWS IAM users

and their access

69copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Authentication

AWS Management Console User Name and Password

IAM User

70copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Access Key ID AKIAIOSFODNN7EXAMPLE

Secret Access Key wJalrXUtnFEMIK7MDENGbPxRfiCYEXAMPLEKEY

Java Python NET

AWS SDK amp APIAWS CLI

Authentication

AWS CLI or SDK API Access Key and Secret Key

IAM User

71copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM User Management - Groups

User D

DevOps Group

User C

AWS Account

TestDev Group

User BUser A

72copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authorization

Authorization

Policies

Are JSON documents to

describe permissions

Are assigned to Users

Groups or Roles

IAM User IAM Group

IAM Roles

73copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Elements

Version 2012-10-17

Statement [

Sid Stmt1453690971587

Action [

ec2Describe

ec2StartInstances

ec2StopInstancesrdquo

]

Effect Allow

Resource

Condition

IpAddress

awsSourceIp 5464346532rdquo

Sid Stmt1453690998327

Action [

s3GetObjectrdquo

]

Effect Allow

Resource arnawss3example_bucketrdquo

]

IAM Policy

74copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

Assigned Assigned

IAM Policy

75copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

76copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Roles

An IAM role uses a policy

An IAM role has no associated credentials

IAM users applications and services may assume IAM

roles

IAM Roles

77copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

IAM User

Assumed Assumed

AWS Resources

78copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Access to AWS Resources

Python application hosted on an Amazon EC2 Instance

needs to interact with Amazon S3

AWS credentials are required

Option 1 Store AWS Credentials on the Amazon EC2 instance

Option 2 Securely distribute AWS credentials to AWS Services

and Applications

IAM Roles

79copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Authentication

AWS IAM Application

No Support No Support

OS

80copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication and Authorization

Authentication

AWS Management Console

bull User Name and Password

AWS CLI or SDK API

bull Access Key and Secret Key

Authorization

Policies

IAM User IAM Group

IAM Roles

81copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices

Delete AWS account (root) access keys

Create individual IAM users

Use groups to assign permissions to IAM users

Grant least privilege

Configure a strong password policy

Enable MFA for privileged users

82copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices (cont)

Use roles for applications that run on Amazon EC2

instances

Delegate by using roles instead of by sharing credentials

Rotate credentials regularly

Remove unnecessary users and credentials

Use policy conditions for extra security

Monitor activity in your AWS account

83copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Resource-Based Policies

Are an alternative to IAM and supported by some

services

Grant cross-account access to your resources

Use a principal to uniquely identify account in the policy

Supported AWS services include Amazon S3 Bucket Policy

Amazon SNS Topic Policy

Amazon SQS Queue Policy

Amazon Glacier Vault Policy

AWS OpsWorks Stack Policy

AWS Lambda Function Policy

84copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answer

Q Your web application needs to readwrite an Amazon DynamoDB table

and an Amazon S3 bucket This operation requires AWS credentials and

authorization to use AWS services What service would you use

AWS IAM Role

85copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 4

Databases

86copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SQL and NoSQL Databases

SQL NoSQL

Data Storage Rows and Columns Key-Value

Schemas Fixed Dynamic

Querying Using SQL Focused on collection of

documents

Scalability Vertical Horizontal

ISBN Title Author Format

9182932465265 Cloud Computing

Concepts

Wilson

Joe

Paperback

3142536475869 The Database

Guru

Gomez

Maria

eBook

SQL NoSQL

ISBN 9182932465265

Title ldquoCloud Computing Conceptsrdquo

Author ldquoWilson Joerdquo

Format ldquoPaperbackrdquo

87copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Data Storage Considerations

No one size fits all

Analyze your data requirements by considering

Data formats

Data size

Query frequency

Data access speed

Data retention period

88copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Managed Database Services

Compute Storage

AWS Global Infrastructure

Database

App Services

Deployment and Administration

Networking

Amazon DynamoDB

Amazon ElastiCache

Amazon RDS

Amazon Redshift

AWS Database Migration Service

89copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Relational Database Service (RDS)

Cost-efficient and resizable capacity

Manages time-consuming database

administration tasks

Access to the full capabilities of Amazon

Aurora MySQL MariaDB Microsoft SQL

Server Oracle and PostgreSQL databases

Amazon

RDS

90copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Use Case

We were able to go from

concept to delivered product

in about six months with just

a handful of engineers

Greg Scallan

Chief Architect Flipboard

rdquo

ldquoFlipboard is an online magazine

with millions of users and billions of

ldquoflipsrdquo per month

Flipboard is one of the worldrsquos first

social media magazines

Flipboard uses Amazon RDS and

its Multi-AZ capabilities to store

mission critical user data

91copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS

Simple and fast to deploy

Manages common database administrative tasks

Compatible with your applications

Fast predictable performance

Simple and fast to scale

Secure

Cost-effective

92copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

How Amazon RDS Backups Work

Automatic Backups

Restore your database to a

point in time

Are enabled by default

Let you choose a retention

period up to 35 days

Manual Snapshots

Let you build a new

database instance from a

snapshot

Are initiated by the user

Persist until the user deletes

them

Are stored in Amazon S3

93copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cross-Region Snapshots

Are a copy of a database

snapshot stored in a

different AWS Region

Provide a backup for

disaster recovery

Can be used as a base

for migration to a

different region

94copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Security

Run your DB instance in an Amazon VPC

Use IAM policies to grant access to Amazon RDS resources

Use security groups

Use Secure Socket Layer (SSL) connections with DB instances (Amazon Aurora Oracle MySQL MariaDB PostgreSQL Microsoft SQL Server)

Use Amazon RDS encryption to secure your RDS instances and snapshots at rest

Use network encryption and transparent data encryption (TDE) with Oracle DB and Microsoft SQL Server instances

Use the security features of your DB engine to control access to your DB instance

95copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

A Resilient Durable Application Architecture

Amazon RDS database

instances

Master and Multi-AZ standby

Application in Amazon

EC2 instances

Elastic Load Balancing

load balancer instance

DB snapshots in

Amazon S3

96copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Best Practices

Monitor your memory CPU and storage usage

Use Multi-AZ deployments to automatically provision and maintain a synchronous standby in a different Availability Zone

Enable automatic backups

Set the backup window to occur during the daily low in WriteIOPS

To increase the IO capacity of a DB instance Migrate to a DB instance class with high IO capacity

Convert from standard storage to provisioned IOPS storage and use a DB instance class optimized for provisioned IOPS

Provision additional throughput capacity (if using provisioned IOPS storage)

If your client application is caching the DNS data of your DB instances set a TTL of less than 30 seconds

Test failover for your DB instance

97copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon DynamoDB

Store any amount of data with no limits

Fast predictable performance using SSDs

Easily provision and change the request

capacity needed for each table

Fully managed NoSQL database serviceAmazon

DynamoDB

98copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Use Case

AdRoll an online advertising platform serves 50

billion impressions a day worldwide with its

global retargeting platforms

We spend more on snacks

than we do on Amazon

DynamoDB

Valentino Volonghi

CTO Adroll

rdquo

ldquoAdroll Uses AWS to grow by more than

15000 in a year

Needed high-performance flexible

platform to swiftly sync data for

worldwide audience

Processes 50 TB of data a day

Serves 50 billion impressions a day

Stores 15 PB of data

Worldwide deployment minimizes

latency

99copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Data Model

Table

MusicItems

Attributes (name-value pairs)

Artist Song

Title

Album

Title

Year Genre

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 2: AWSome Day Cork | Technical Track

2copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module Layout

Module 1 AWS History and Introduction

Module 2 AWS Infrastructure Compute (EC2) Storage (S3 EBS)

Networking (VPC)

Module 3 Security Identity and Access Management IAM

Module 4 Databases Amazon DynamoDB and Amazon RDS

Module 5 AWS Elasticity and Management Tools Auto Scaling Elastic

Load Balancing Amazon CloudWatch and AWS Trusted Advisor

3copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 1

AWS Introduction and History

4copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon History

1994 Jeff Bezos Incorporated the

Company

1995 Amazoncom

Launched Online

Bookstore

2005 Amazon

Publishing Launched

2006 Amazon

Web Services (AWS)

Launched

2007 Kindle

Launched

2011 Amazon

Fresh Launched

2012 Amazon Game Studios

Launched

2013 Amazon

Art Launched

2014 Amazon Prime Now

Launched

2015 Amazon Home

Services amp Amazon

Echo Launched

5copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Web Services (AWS)

ComputeMessaging

Mobile

App Services

Database

Networking

Development and

Management Tools

Payments

VPCOn-Demand Workforce

Analytics Content Delivery

Storage

Enable businesses and developers to

use web services to build scalable

sophisticated applications

6copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Rapid Pace of Innovation

2009

48

159

722

82

2011 2013 2015

New FeaturesServices

Launched

7copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Direct

Connect

AWS Elastic Beanstalk

AWS GovCloud

Amazon CloudTrail

Amazon S3

Amazon WorkSpaces

Amazon Kinesis

Amazon

AppStream

Amazon SNS

AWS IAM

Amazon Route 53

Amazon SWF

Amazon Redshift

Amazon Dynamo DB

Amazon CloudSearch

AWS Data

Pipeline

Trusted Advisor

AWS KMS

Amazon Config

Amazon RDS

for Aurora

Amazon WorkDocs

AWS

Directory

Service

AWS CodeCommit

AWS CodePipeline

AWS Service Catalog

Amazon CloudWatch Logs

Amazon EFS

Amazon API

Gateway

Amazon Machine

Learning

AWS Device Farm

AWS Web App Firewall

Amazon Elasticsearch Service

Amazon QuickSight

AWS ImportExport Snowball

RDS for MariaDB

Amazon Inspector

AWS IoT

Amazon EC2 Container

Registry

Amazon

ElastiCache

AWS

CloudFormation

Amazon

Mobile

Analytics

AWS Mobile Hub

AWS Storage GatewayAWS OpsWorks

AWS Elastic Transcoder

Amazon SES

Amazon EC2

Container Service

Amazon Cognito

AWS CodeDeploy

Glacier As of 1 February 2016

Amazon WorkMail

AWS Lambda1950Services and Features

8copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Customers

Enterprise Customers Startup Customers Public Sector Customers

9copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Six Advantages amp Benefits of AWS Cloud Computing

Trade capital expense

for variable expense

Benefit from massive

economies of scale

Stop guessing

capacity

Go global in minutes

Increase speed and

agility

Stop spending money on

running and maintaining

data centers

10copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Core Infrastructure and Services

AWS Technical Essentials 38 ILT

Security

Network

Security

Network

Security Groups NACLs Access Mgmt

VPCVPCEC2 ldquoClassicrdquo

ldquoPublic

rdquo

ELBOn-Demand

Provision

Traditional Infrastructure Amazon Web Services

Servers

AMI Amazon EC2 InstancesOn-Premises Servers

SecuritySecurity Groups NACLs AWS IAMFirewalls ACLs Administrators

NetworkingVPCELBRouter Network Pipeline Switch

Storage and

DatabaseRDBMSDAS SAN NAS Amazon

EBSAmazon

EFSAmazon

S3

Amazon

RDS

11copy 2016 Amazon Web Services Inc or its affiliates All rights reserved Infrastructure Regions Edge LocationsAvailability Zones

Foundation

Services

Compute(Virtual Auto-scaling and

Load Balancing)

Networking

Applications Virtual

DesktopsCollaboration and Sharing

Platform

Services

Caching

Relational

No SQL

Cluster

Computing

Real-time

Data

Workflows

Data

Warehouse

Queuing

Orchestration

App Streaming

Transcoding

Email

Search

Containers

Devops Tools

Resource Templates

Usage Tracking

Monitoring and Logs

Identity

Sync

Mobile Analytics

Notifications

AWS Cloud Computing

Databases Analytics App Services Deployment and

Management

Mobile Services

Storage(Object Block and Archive)

12copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Global Infrastructure

Regions

Geographic locations

Consists of at least two Availability Zones(AZs)

Availability Zones

Clusters of data centers

Isolated from failures in other Availability Zones

13copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Achieving High Availability Using Multi-AZ

Availability

Zone - AAvailability

Zone - B

Availability

Zone - C

Region

14copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Global Infrastructure

15copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Global Infrastructure

50+ AWS Edge Locations

Local points-of-presence commonly supporting AWS

services like

Amazon Route 53

Amazon CloudFront

16copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check

Q What is the AWS term for physically distinct groups of data centers

within a region

True or False There are more regions than Edge locations

True or False AWS owns and maintains the infrastructure required

for application services and you provision and use them as needed

Q How do AZs in the same region differ

Availability Zone (AZ)

False

True

Each Availability Zone is isolated but the Availability Zones in a region are

connected through low-latency links

17copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Management

Console Demonstration

18copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 2

AWS Infrastructure

19copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Elastic Compute

Cloud (EC2)

20copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Elastic Compute Cloud (EC2)

Resizable compute capacity

Complete control of your computing resources

Reduces the time required to obtain and boot

new server instances to minutesAmazon

EC2

21copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Facts

Scale capacity as your computing requirements change

Pay only for capacity that you actually use

Choose Linux or Windows

Deploy across AWS Regions and Availability Zones for reliability

22copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launching an Amazon EC2 Instance via the Web

Console

1 Determine the AWS Region in which you want to launch the

Amazon EC2 instance

2 Launch an Amazon EC2 instance from a pre-configured

Amazon Machine Image (AMI)

3 Choose an instance type based on CPU memory storage

and network requirements

4 Configure network IP address security groups storage

volume tags and key pair

23copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AMI Details

An AMI includes the following

A template for the root volume for the instance (for

example an operating system an application server

and applications)

Launch permissions that control which AWS accounts

can use the AMI to launch instances

A block device mapping that specifies the volumes to

attach to the instance when its launched

24copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instances and AMIs

Select an AMI based on

Region

Operating system

Architecture (32-bit or 64-bit)

Launch permissions

Storage for the root deviceAMI

Instances

Instance

Launch

instances of any

type

Host computer

Host computer

25copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Instances

OS Applications

amp Configuration

AMI

Running or

Stopped VM

Instances

AZ

VPC

Region

EBS

S3

EBS

SnapshotsS3 Buckets

EBS EBS EBS EBS EBS

AZ

Instances Instances

26copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS vs Amazon EC2 Instance Store

Amazon EBS

Data stored on an Amazon EBS volume can persist

independently of the life of the instance

Storage is persistent

Amazon EC2 Instance Store

Data stored on a local instance store persists only as long as the

instance is alive

Storage is ephemeral

27copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Marketplace ndash IT Software Optimized for the

Cloud

AWS Marketplace

Is an online store to discover purchase and deploy IT software on top of the AWS infrastructure

Catalog of 2300+ IT software solutionsbull Including Paid BYOL Open Source SaaS amp free to try options

Pre-configured to operate on AWSbull Software checked by AWS for security and operability

Deploys to AWS environment in minutes

Flexible usage-based billing models

Software charges billed to AWS account

Includes AWS Test Drive

httpsawsamazoncommarketplace

28copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Choosing the Right Amazon EC2 Instance

EC2 instance types are optimized for different use cases and come

in multiple sizes This allows you to optimally scale resources to

your workload requirements

AWS uses Intelreg Xeonreg processors for EC2 instances providing

customers with high performance and value

Consider the following when choosing your instances Core count

memory size storage size and type network performance and

CPU technologies

Hurry Up and Go Idle - A larger compute instance can save you time

and money therefore paying more per hour for a shorter amount of

time can be less expensive

29copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Intelreg Processor Technologies

Intelreg AVX ndash Get dramatically better performance for highly parallel HPC workloads such as life science engineering data mining financial analysis or other technical computing applications AVX also enhances image video and audio processing

Intelreg AES-NI ndash Enhance your security with these new encryption instructions that reduce the performance penalty associated with encryptingdecrypting data

Intelreg Turbo Boost Technology ndash Get more computing power when you need it with performance that adapts to spikes in your workload with Intelreg Turbo Boost Technology 20

30copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Current Generation Instances

Instance Family Some Use Cases

General purpose (t2 m4 m3) bull Low-traffic websites and web applications

bull Small databases and mid-size databases

Compute optimized (c4 c3) bull High performance front-end fleets

bull Video-encoding

Memory optimized (r3) bull High performance databases

bull Distributed memory caches

Storage optimized (i2 d2) bull Data warehousing

bull Log or data-processing applications

GPU instances (g2) bull 3D application streaming

bull Machine learning

31copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instance Metadata amp User Data

Instance Metadata

Is data about your instance

Can be used to configure or manage a running instance

Instance User Data

Can be passed to the instance at launch

Can be used to perform common automated configuration tasks

Runs scripts after the instance starts

32copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Purchasing Options

On-Demand Instances

Pay by the hour

Reserved Instances

Purchase at significant discount

Instances are always available

1-year to 3-year terms

Scheduled Instances

Purchase a 1-year RI for a

recurring period of time

Spot Instances

Highest bidder uses instance at a

significant discount

Spot blocks supported

Dedicated Hosts

Physical host is fully dedicated to

run your instances Bring your per-socket per-core or per-

VM software licenses to reduce

cost

33copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instructor Demo

Amazon EC2

34copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Simple Storage Service (S3)

Amazon S3

Storage for the Internet

Natively online HTTP access

Store and retrieve any amount of data any

time from anywhere on the web

Highly scalable reliable fast and durable

35copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Facts

Able to store an unlimited number of objects in a bucket

Objects up to 5 TB no bucket size limit

Designed for 99999999999 durability and 9999 availability of

objects over a given year

HTTPS endpoint to store and retrieve any amount of data at any

time from anywhere on the web

Highly scalable reliable fast and inexpensive

Optional server-side encryption using AWS or customer-

managed provided client-side encryption

Access logs for auditing

Provides standards-based REST and SOAP interfaces

36copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Common Use Scenarios

Storage and Backup

Application File Hosting

Media Hosting

Software Delivery

Store AMIs and Snapshots

37copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Concepts

Amazon S3 stores data as objects

within buckets

An object is composed of a file and

optionally any metadata that

describes that file

You can have up to 100 buckets in

each account

You can control access to the

bucket and its objects

Amazon

S3

Bucket

with

Objects

Bucket

Object

38copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Object Keys

An object key is the unique identifier for an object in a

bucket

httpdocs3amazonawscom2006-03-01AmazonS3html

Bucket ObjectKey

39copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Security

You can control access to buckets and objects with

Access Control Lists (ACLs)

Bucket policies

Identity and Access Management (IAM) policies

You can upload or download data to Amazon S3 via SSL

encrypted endpoints

You can encrypt data using AWS SDKs

40copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Versioning

Protects from accidental overwrites and deletes with

no performance penalty

Generates a new version with every upload

Allows easily retrieval of deleted objects or roll back

to previous versions

Three states of an Amazon S3 bucket

Un-versioned (default)

Versioning-enabled

Versioning-suspendedVersioning Enabled

Key photogif

ID 121212

Key photogif

ID 111111

41copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Object Lifecycle

Lifecycle management defines how Amazon S3 manages

objects during their lifetime Some objects that you store in an

Amazon S3 bucket might have a well-defined lifecycle

Log files

Archive documents

Digital media archives

Financial and healthcare records

Raw genomics sequence data

Long-term database backups

Data that must be retained for regulatory compliance

42copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Glacier

Long term low-cost archiving service

Optimal for infrequently accessed data

Designed for 99999999999 durability

3-5 hours retrieval time

Less than $001 per GB month (depending on region)

43copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 + Amazon Glacier

S3 Lifecycle policies allow you to delete or move

objects based on age and set rules per S3 bucket

bucket with

objects

30 Days

Glacier

archive

365 Days

44copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Region Considerations

Amazon S3 creates a bucket in the region you

select

You can choose a region to

Optimize latency

Minimize costs

Address regulatory requirements

Objects stored in a region never leave the region

unless you explicitly transfer them to another

region

45copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Storage Classes

Storage Class Durability Availability Other Considerations

Amazon S3

Standard

99999999999 9999 None

Amazon S3

Standard -

Infrequent

Access (IA)

99999999999 9999 bull Retrieval fee associated

with objects

bull Most suitable for

infrequently accessed

data

Glacier 99999999999 9999 (after you

restore objects)

bull Not available for real-time

access

bull Must restore objects

before you can access

them

46copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Elastic Block Store (EBS)

Persistent block level storage volumes

offering consistent and low-latency performance

Automatically replicated within its Availability

Zone

Snapshots stored durably in Amazon S3 Amazon

EBS

47copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS Lifecycle

Vast amounts of

unused space Create

Call CreateVolume

1 GB to 16 TB

Attach

Call AttachVolume to affiliate with

one Amazon EC2 instance

Attached

and

In Use

bull Format from Amazon EC2

instance OS

bull Mount formatted drive

CreateSnapshotSnapshot to

Amazon S3Detach

Call DetachVolume

Deleted

Call DeleteVolume

48copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS Facts

You can create

EBS Magnetic volumes from 1 GiB to 1 TiB in size

EBS General Purpose (SSD) and Provisioned IOPS (SSD)

volumes up to 16 TiB in size

You can use encrypted EBS volumes to meet a wide

range of data at-rest encryption requirements for

regulatedaudited data and applications

You can create point-in-time snapshots of EBS volumes

which are persisted to Amazon S3

49copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS and Amazon S3

Amazon EBS Amazon S3

Paradigm Block storage with file system Object store

Performance Very fast Fast

Redundancy Across multiple servers in an

Availability Zone

Across multiple facilities in a Region

Security EBS Encryption ndash Data volumes

and Snapshots

Encryption

Access from the

Internet

No (1) Yes (2)

Typical use case It is a disk drive Online storage

(1) Accessible from the Internet if mounted to server and set up as FTP etc

(2) Only with proper credentials unless ACLs are world-readable

50copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Instance Storage

Local complimentary direct attached block storage resource

Availability number of disks and size is based on EC2

instance type

Storage optimized instances for up to 365000 Read IOPS

and 315000 First Write IOPS

SSD or magnetic

No persistence

All data is automatically deleted when an EC2 instance stops

fails or is terminated

51copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Reboot vs Stop vs Terminate

Characteristic Reboot StopStart (EBS-backed instances only)

Terminate

Host computer The instance stays on the

same host computer

The instance runs on a new

host computer

NA

Private and public

IP addresses

Stay the same Instance keeps its private IP

address and gets a new public

IP address

NA

Elastic IP addresses

(EIP)

EIP remains associated with

the instance

EIP remains associated with the

instance

The EIP is disassociated from the

instance

Instance store

volumes

The data is preserved The data is erased The data is erased

EBS volume The volume is preserved The volume is preserved The volume is deleted by default

Billing Instance billing hour doesnrsquot

change

You stop incurring charges as

soon as state is changed to

stopping

You stop incurring charges as

soon as state is changed to

shutting-down

52copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instructor Demo

Amazon S3

53copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Networking

Amazon VPC

54copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

Provision a private isolated virtual network

on the AWS cloud

Have complete control over your virtual

networking environmentAmazon

VPC

55copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

VPCs and Subnets

A subnet defines a range of IP addresses in your VPC

You can launch AWS resources into a subnet that you select

A private subnet should be used for resources that wonrsquot be accessible over the Internet

A public subnet should be used for resources that will be accessed over the Internet

Each subnet must reside entirely within one Availability Zone and cannot span zones

56copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon VPC Example

Availability Zone A

Virtual Private Cloud

AWS Cloud

Public Subnet

Internet

Virtual Private Cloud

Availability Zone B

Private Subnet

Availability Zone C

VPN Only Subnet

DB Server DB Server

App Server

DB Server DB Server

DB Server

Web Server Web Server

NAT

Customer

Network

R

57copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security in Your VPC

Security groups

Network access

control lists

(ACLs) Subnet

1000024Subnet

1001024

Internet GatewayVPN Gateway

VPC Router

1000016

Security Group Security

Group

Security

Group

Network ACL Network ACL

Routing Table Routing Table

instance instance instance instance

58copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answers

Q What AWS service would help support your web application to offload serving static assets and store user uploaded images and video off-instance

Q How would you find out the private and public IP addresses for an EC2 instance

Q What acts as an additional layer of security at the subnet level in a VPC

True or False S3 Provides unlimited storageTrue

Retrieve the instance metadata http169254169254latestmeta-data

Amazon S3

Network ACLs

59copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 3

Security Identity and Access

Management

60copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Shared Responsibility ndash AWS

AW

S

Client-side Data Encryption

and Data Integrity

Authentication

Server-side Encryption

(File System andor Data)Network Traffic Protection

(EncryptionIntegrityIdentity)

Platform Applications Identity and Access Management

Operating System Network and Firewall Configuration

Customer DataC

usto

mer

Foundation Services

Compute Storage Database Network

AWS Global

Infrastructure Regions

Availability Zones Edge

Locations

61copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Physical Security

247 trained security staff

AWS data centers in nondescript and undisclosed facilities

Two-factor authentication for authorized staff

Authorization for data center access

62copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Hardware Software and Network

Automated change-control process

Bastion servers that record all access attempts

Firewall and other boundary devices

AWS monitoring tools

63copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Certifications and Accreditations

ISO 9001 ISO 27001 ISO 27017 ISO 27018 IRAP (Australia) MLPS Level 3 (China)

MTCS Tier 3 Certification (Singapore) and more hellip

64copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SSL Endpoints

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

SSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

SSL Endpoints

65copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security Groups

SSL Endpoints Security Groups

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

66copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

VPCSSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

67copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Multi-Tier Security Groups

HTTP

SSHRDP

Ports 80 and 443 only

open to the Internet

Engineering staff have SSHRDP

access to Bastion Host

All other internet ports blocked by default

Bastion

68copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Identity and Access Management (IAM)

AWS IAM

3

Manage federated users

and their permissions

2

Manage AWS IAM roles

and their permissions

1

Manage AWS IAM users

and their access

69copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Authentication

AWS Management Console User Name and Password

IAM User

70copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Access Key ID AKIAIOSFODNN7EXAMPLE

Secret Access Key wJalrXUtnFEMIK7MDENGbPxRfiCYEXAMPLEKEY

Java Python NET

AWS SDK amp APIAWS CLI

Authentication

AWS CLI or SDK API Access Key and Secret Key

IAM User

71copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM User Management - Groups

User D

DevOps Group

User C

AWS Account

TestDev Group

User BUser A

72copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authorization

Authorization

Policies

Are JSON documents to

describe permissions

Are assigned to Users

Groups or Roles

IAM User IAM Group

IAM Roles

73copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Elements

Version 2012-10-17

Statement [

Sid Stmt1453690971587

Action [

ec2Describe

ec2StartInstances

ec2StopInstancesrdquo

]

Effect Allow

Resource

Condition

IpAddress

awsSourceIp 5464346532rdquo

Sid Stmt1453690998327

Action [

s3GetObjectrdquo

]

Effect Allow

Resource arnawss3example_bucketrdquo

]

IAM Policy

74copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

Assigned Assigned

IAM Policy

75copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

76copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Roles

An IAM role uses a policy

An IAM role has no associated credentials

IAM users applications and services may assume IAM

roles

IAM Roles

77copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

IAM User

Assumed Assumed

AWS Resources

78copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Access to AWS Resources

Python application hosted on an Amazon EC2 Instance

needs to interact with Amazon S3

AWS credentials are required

Option 1 Store AWS Credentials on the Amazon EC2 instance

Option 2 Securely distribute AWS credentials to AWS Services

and Applications

IAM Roles

79copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Authentication

AWS IAM Application

No Support No Support

OS

80copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication and Authorization

Authentication

AWS Management Console

bull User Name and Password

AWS CLI or SDK API

bull Access Key and Secret Key

Authorization

Policies

IAM User IAM Group

IAM Roles

81copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices

Delete AWS account (root) access keys

Create individual IAM users

Use groups to assign permissions to IAM users

Grant least privilege

Configure a strong password policy

Enable MFA for privileged users

82copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices (cont)

Use roles for applications that run on Amazon EC2

instances

Delegate by using roles instead of by sharing credentials

Rotate credentials regularly

Remove unnecessary users and credentials

Use policy conditions for extra security

Monitor activity in your AWS account

83copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Resource-Based Policies

Are an alternative to IAM and supported by some

services

Grant cross-account access to your resources

Use a principal to uniquely identify account in the policy

Supported AWS services include Amazon S3 Bucket Policy

Amazon SNS Topic Policy

Amazon SQS Queue Policy

Amazon Glacier Vault Policy

AWS OpsWorks Stack Policy

AWS Lambda Function Policy

84copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answer

Q Your web application needs to readwrite an Amazon DynamoDB table

and an Amazon S3 bucket This operation requires AWS credentials and

authorization to use AWS services What service would you use

AWS IAM Role

85copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 4

Databases

86copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SQL and NoSQL Databases

SQL NoSQL

Data Storage Rows and Columns Key-Value

Schemas Fixed Dynamic

Querying Using SQL Focused on collection of

documents

Scalability Vertical Horizontal

ISBN Title Author Format

9182932465265 Cloud Computing

Concepts

Wilson

Joe

Paperback

3142536475869 The Database

Guru

Gomez

Maria

eBook

SQL NoSQL

ISBN 9182932465265

Title ldquoCloud Computing Conceptsrdquo

Author ldquoWilson Joerdquo

Format ldquoPaperbackrdquo

87copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Data Storage Considerations

No one size fits all

Analyze your data requirements by considering

Data formats

Data size

Query frequency

Data access speed

Data retention period

88copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Managed Database Services

Compute Storage

AWS Global Infrastructure

Database

App Services

Deployment and Administration

Networking

Amazon DynamoDB

Amazon ElastiCache

Amazon RDS

Amazon Redshift

AWS Database Migration Service

89copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Relational Database Service (RDS)

Cost-efficient and resizable capacity

Manages time-consuming database

administration tasks

Access to the full capabilities of Amazon

Aurora MySQL MariaDB Microsoft SQL

Server Oracle and PostgreSQL databases

Amazon

RDS

90copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Use Case

We were able to go from

concept to delivered product

in about six months with just

a handful of engineers

Greg Scallan

Chief Architect Flipboard

rdquo

ldquoFlipboard is an online magazine

with millions of users and billions of

ldquoflipsrdquo per month

Flipboard is one of the worldrsquos first

social media magazines

Flipboard uses Amazon RDS and

its Multi-AZ capabilities to store

mission critical user data

91copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS

Simple and fast to deploy

Manages common database administrative tasks

Compatible with your applications

Fast predictable performance

Simple and fast to scale

Secure

Cost-effective

92copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

How Amazon RDS Backups Work

Automatic Backups

Restore your database to a

point in time

Are enabled by default

Let you choose a retention

period up to 35 days

Manual Snapshots

Let you build a new

database instance from a

snapshot

Are initiated by the user

Persist until the user deletes

them

Are stored in Amazon S3

93copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cross-Region Snapshots

Are a copy of a database

snapshot stored in a

different AWS Region

Provide a backup for

disaster recovery

Can be used as a base

for migration to a

different region

94copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Security

Run your DB instance in an Amazon VPC

Use IAM policies to grant access to Amazon RDS resources

Use security groups

Use Secure Socket Layer (SSL) connections with DB instances (Amazon Aurora Oracle MySQL MariaDB PostgreSQL Microsoft SQL Server)

Use Amazon RDS encryption to secure your RDS instances and snapshots at rest

Use network encryption and transparent data encryption (TDE) with Oracle DB and Microsoft SQL Server instances

Use the security features of your DB engine to control access to your DB instance

95copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

A Resilient Durable Application Architecture

Amazon RDS database

instances

Master and Multi-AZ standby

Application in Amazon

EC2 instances

Elastic Load Balancing

load balancer instance

DB snapshots in

Amazon S3

96copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Best Practices

Monitor your memory CPU and storage usage

Use Multi-AZ deployments to automatically provision and maintain a synchronous standby in a different Availability Zone

Enable automatic backups

Set the backup window to occur during the daily low in WriteIOPS

To increase the IO capacity of a DB instance Migrate to a DB instance class with high IO capacity

Convert from standard storage to provisioned IOPS storage and use a DB instance class optimized for provisioned IOPS

Provision additional throughput capacity (if using provisioned IOPS storage)

If your client application is caching the DNS data of your DB instances set a TTL of less than 30 seconds

Test failover for your DB instance

97copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon DynamoDB

Store any amount of data with no limits

Fast predictable performance using SSDs

Easily provision and change the request

capacity needed for each table

Fully managed NoSQL database serviceAmazon

DynamoDB

98copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Use Case

AdRoll an online advertising platform serves 50

billion impressions a day worldwide with its

global retargeting platforms

We spend more on snacks

than we do on Amazon

DynamoDB

Valentino Volonghi

CTO Adroll

rdquo

ldquoAdroll Uses AWS to grow by more than

15000 in a year

Needed high-performance flexible

platform to swiftly sync data for

worldwide audience

Processes 50 TB of data a day

Serves 50 billion impressions a day

Stores 15 PB of data

Worldwide deployment minimizes

latency

99copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Data Model

Table

MusicItems

Attributes (name-value pairs)

Artist Song

Title

Album

Title

Year Genre

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 3: AWSome Day Cork | Technical Track

3copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 1

AWS Introduction and History

4copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon History

1994 Jeff Bezos Incorporated the

Company

1995 Amazoncom

Launched Online

Bookstore

2005 Amazon

Publishing Launched

2006 Amazon

Web Services (AWS)

Launched

2007 Kindle

Launched

2011 Amazon

Fresh Launched

2012 Amazon Game Studios

Launched

2013 Amazon

Art Launched

2014 Amazon Prime Now

Launched

2015 Amazon Home

Services amp Amazon

Echo Launched

5copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Web Services (AWS)

ComputeMessaging

Mobile

App Services

Database

Networking

Development and

Management Tools

Payments

VPCOn-Demand Workforce

Analytics Content Delivery

Storage

Enable businesses and developers to

use web services to build scalable

sophisticated applications

6copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Rapid Pace of Innovation

2009

48

159

722

82

2011 2013 2015

New FeaturesServices

Launched

7copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Direct

Connect

AWS Elastic Beanstalk

AWS GovCloud

Amazon CloudTrail

Amazon S3

Amazon WorkSpaces

Amazon Kinesis

Amazon

AppStream

Amazon SNS

AWS IAM

Amazon Route 53

Amazon SWF

Amazon Redshift

Amazon Dynamo DB

Amazon CloudSearch

AWS Data

Pipeline

Trusted Advisor

AWS KMS

Amazon Config

Amazon RDS

for Aurora

Amazon WorkDocs

AWS

Directory

Service

AWS CodeCommit

AWS CodePipeline

AWS Service Catalog

Amazon CloudWatch Logs

Amazon EFS

Amazon API

Gateway

Amazon Machine

Learning

AWS Device Farm

AWS Web App Firewall

Amazon Elasticsearch Service

Amazon QuickSight

AWS ImportExport Snowball

RDS for MariaDB

Amazon Inspector

AWS IoT

Amazon EC2 Container

Registry

Amazon

ElastiCache

AWS

CloudFormation

Amazon

Mobile

Analytics

AWS Mobile Hub

AWS Storage GatewayAWS OpsWorks

AWS Elastic Transcoder

Amazon SES

Amazon EC2

Container Service

Amazon Cognito

AWS CodeDeploy

Glacier As of 1 February 2016

Amazon WorkMail

AWS Lambda1950Services and Features

8copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Customers

Enterprise Customers Startup Customers Public Sector Customers

9copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Six Advantages amp Benefits of AWS Cloud Computing

Trade capital expense

for variable expense

Benefit from massive

economies of scale

Stop guessing

capacity

Go global in minutes

Increase speed and

agility

Stop spending money on

running and maintaining

data centers

10copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Core Infrastructure and Services

AWS Technical Essentials 38 ILT

Security

Network

Security

Network

Security Groups NACLs Access Mgmt

VPCVPCEC2 ldquoClassicrdquo

ldquoPublic

rdquo

ELBOn-Demand

Provision

Traditional Infrastructure Amazon Web Services

Servers

AMI Amazon EC2 InstancesOn-Premises Servers

SecuritySecurity Groups NACLs AWS IAMFirewalls ACLs Administrators

NetworkingVPCELBRouter Network Pipeline Switch

Storage and

DatabaseRDBMSDAS SAN NAS Amazon

EBSAmazon

EFSAmazon

S3

Amazon

RDS

11copy 2016 Amazon Web Services Inc or its affiliates All rights reserved Infrastructure Regions Edge LocationsAvailability Zones

Foundation

Services

Compute(Virtual Auto-scaling and

Load Balancing)

Networking

Applications Virtual

DesktopsCollaboration and Sharing

Platform

Services

Caching

Relational

No SQL

Cluster

Computing

Real-time

Data

Workflows

Data

Warehouse

Queuing

Orchestration

App Streaming

Transcoding

Email

Search

Containers

Devops Tools

Resource Templates

Usage Tracking

Monitoring and Logs

Identity

Sync

Mobile Analytics

Notifications

AWS Cloud Computing

Databases Analytics App Services Deployment and

Management

Mobile Services

Storage(Object Block and Archive)

12copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Global Infrastructure

Regions

Geographic locations

Consists of at least two Availability Zones(AZs)

Availability Zones

Clusters of data centers

Isolated from failures in other Availability Zones

13copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Achieving High Availability Using Multi-AZ

Availability

Zone - AAvailability

Zone - B

Availability

Zone - C

Region

14copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Global Infrastructure

15copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Global Infrastructure

50+ AWS Edge Locations

Local points-of-presence commonly supporting AWS

services like

Amazon Route 53

Amazon CloudFront

16copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check

Q What is the AWS term for physically distinct groups of data centers

within a region

True or False There are more regions than Edge locations

True or False AWS owns and maintains the infrastructure required

for application services and you provision and use them as needed

Q How do AZs in the same region differ

Availability Zone (AZ)

False

True

Each Availability Zone is isolated but the Availability Zones in a region are

connected through low-latency links

17copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Management

Console Demonstration

18copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 2

AWS Infrastructure

19copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Elastic Compute

Cloud (EC2)

20copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Elastic Compute Cloud (EC2)

Resizable compute capacity

Complete control of your computing resources

Reduces the time required to obtain and boot

new server instances to minutesAmazon

EC2

21copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Facts

Scale capacity as your computing requirements change

Pay only for capacity that you actually use

Choose Linux or Windows

Deploy across AWS Regions and Availability Zones for reliability

22copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launching an Amazon EC2 Instance via the Web

Console

1 Determine the AWS Region in which you want to launch the

Amazon EC2 instance

2 Launch an Amazon EC2 instance from a pre-configured

Amazon Machine Image (AMI)

3 Choose an instance type based on CPU memory storage

and network requirements

4 Configure network IP address security groups storage

volume tags and key pair

23copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AMI Details

An AMI includes the following

A template for the root volume for the instance (for

example an operating system an application server

and applications)

Launch permissions that control which AWS accounts

can use the AMI to launch instances

A block device mapping that specifies the volumes to

attach to the instance when its launched

24copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instances and AMIs

Select an AMI based on

Region

Operating system

Architecture (32-bit or 64-bit)

Launch permissions

Storage for the root deviceAMI

Instances

Instance

Launch

instances of any

type

Host computer

Host computer

25copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Instances

OS Applications

amp Configuration

AMI

Running or

Stopped VM

Instances

AZ

VPC

Region

EBS

S3

EBS

SnapshotsS3 Buckets

EBS EBS EBS EBS EBS

AZ

Instances Instances

26copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS vs Amazon EC2 Instance Store

Amazon EBS

Data stored on an Amazon EBS volume can persist

independently of the life of the instance

Storage is persistent

Amazon EC2 Instance Store

Data stored on a local instance store persists only as long as the

instance is alive

Storage is ephemeral

27copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Marketplace ndash IT Software Optimized for the

Cloud

AWS Marketplace

Is an online store to discover purchase and deploy IT software on top of the AWS infrastructure

Catalog of 2300+ IT software solutionsbull Including Paid BYOL Open Source SaaS amp free to try options

Pre-configured to operate on AWSbull Software checked by AWS for security and operability

Deploys to AWS environment in minutes

Flexible usage-based billing models

Software charges billed to AWS account

Includes AWS Test Drive

httpsawsamazoncommarketplace

28copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Choosing the Right Amazon EC2 Instance

EC2 instance types are optimized for different use cases and come

in multiple sizes This allows you to optimally scale resources to

your workload requirements

AWS uses Intelreg Xeonreg processors for EC2 instances providing

customers with high performance and value

Consider the following when choosing your instances Core count

memory size storage size and type network performance and

CPU technologies

Hurry Up and Go Idle - A larger compute instance can save you time

and money therefore paying more per hour for a shorter amount of

time can be less expensive

29copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Intelreg Processor Technologies

Intelreg AVX ndash Get dramatically better performance for highly parallel HPC workloads such as life science engineering data mining financial analysis or other technical computing applications AVX also enhances image video and audio processing

Intelreg AES-NI ndash Enhance your security with these new encryption instructions that reduce the performance penalty associated with encryptingdecrypting data

Intelreg Turbo Boost Technology ndash Get more computing power when you need it with performance that adapts to spikes in your workload with Intelreg Turbo Boost Technology 20

30copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Current Generation Instances

Instance Family Some Use Cases

General purpose (t2 m4 m3) bull Low-traffic websites and web applications

bull Small databases and mid-size databases

Compute optimized (c4 c3) bull High performance front-end fleets

bull Video-encoding

Memory optimized (r3) bull High performance databases

bull Distributed memory caches

Storage optimized (i2 d2) bull Data warehousing

bull Log or data-processing applications

GPU instances (g2) bull 3D application streaming

bull Machine learning

31copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instance Metadata amp User Data

Instance Metadata

Is data about your instance

Can be used to configure or manage a running instance

Instance User Data

Can be passed to the instance at launch

Can be used to perform common automated configuration tasks

Runs scripts after the instance starts

32copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Purchasing Options

On-Demand Instances

Pay by the hour

Reserved Instances

Purchase at significant discount

Instances are always available

1-year to 3-year terms

Scheduled Instances

Purchase a 1-year RI for a

recurring period of time

Spot Instances

Highest bidder uses instance at a

significant discount

Spot blocks supported

Dedicated Hosts

Physical host is fully dedicated to

run your instances Bring your per-socket per-core or per-

VM software licenses to reduce

cost

33copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instructor Demo

Amazon EC2

34copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Simple Storage Service (S3)

Amazon S3

Storage for the Internet

Natively online HTTP access

Store and retrieve any amount of data any

time from anywhere on the web

Highly scalable reliable fast and durable

35copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Facts

Able to store an unlimited number of objects in a bucket

Objects up to 5 TB no bucket size limit

Designed for 99999999999 durability and 9999 availability of

objects over a given year

HTTPS endpoint to store and retrieve any amount of data at any

time from anywhere on the web

Highly scalable reliable fast and inexpensive

Optional server-side encryption using AWS or customer-

managed provided client-side encryption

Access logs for auditing

Provides standards-based REST and SOAP interfaces

36copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Common Use Scenarios

Storage and Backup

Application File Hosting

Media Hosting

Software Delivery

Store AMIs and Snapshots

37copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Concepts

Amazon S3 stores data as objects

within buckets

An object is composed of a file and

optionally any metadata that

describes that file

You can have up to 100 buckets in

each account

You can control access to the

bucket and its objects

Amazon

S3

Bucket

with

Objects

Bucket

Object

38copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Object Keys

An object key is the unique identifier for an object in a

bucket

httpdocs3amazonawscom2006-03-01AmazonS3html

Bucket ObjectKey

39copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Security

You can control access to buckets and objects with

Access Control Lists (ACLs)

Bucket policies

Identity and Access Management (IAM) policies

You can upload or download data to Amazon S3 via SSL

encrypted endpoints

You can encrypt data using AWS SDKs

40copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Versioning

Protects from accidental overwrites and deletes with

no performance penalty

Generates a new version with every upload

Allows easily retrieval of deleted objects or roll back

to previous versions

Three states of an Amazon S3 bucket

Un-versioned (default)

Versioning-enabled

Versioning-suspendedVersioning Enabled

Key photogif

ID 121212

Key photogif

ID 111111

41copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Object Lifecycle

Lifecycle management defines how Amazon S3 manages

objects during their lifetime Some objects that you store in an

Amazon S3 bucket might have a well-defined lifecycle

Log files

Archive documents

Digital media archives

Financial and healthcare records

Raw genomics sequence data

Long-term database backups

Data that must be retained for regulatory compliance

42copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Glacier

Long term low-cost archiving service

Optimal for infrequently accessed data

Designed for 99999999999 durability

3-5 hours retrieval time

Less than $001 per GB month (depending on region)

43copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 + Amazon Glacier

S3 Lifecycle policies allow you to delete or move

objects based on age and set rules per S3 bucket

bucket with

objects

30 Days

Glacier

archive

365 Days

44copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Region Considerations

Amazon S3 creates a bucket in the region you

select

You can choose a region to

Optimize latency

Minimize costs

Address regulatory requirements

Objects stored in a region never leave the region

unless you explicitly transfer them to another

region

45copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Storage Classes

Storage Class Durability Availability Other Considerations

Amazon S3

Standard

99999999999 9999 None

Amazon S3

Standard -

Infrequent

Access (IA)

99999999999 9999 bull Retrieval fee associated

with objects

bull Most suitable for

infrequently accessed

data

Glacier 99999999999 9999 (after you

restore objects)

bull Not available for real-time

access

bull Must restore objects

before you can access

them

46copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Elastic Block Store (EBS)

Persistent block level storage volumes

offering consistent and low-latency performance

Automatically replicated within its Availability

Zone

Snapshots stored durably in Amazon S3 Amazon

EBS

47copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS Lifecycle

Vast amounts of

unused space Create

Call CreateVolume

1 GB to 16 TB

Attach

Call AttachVolume to affiliate with

one Amazon EC2 instance

Attached

and

In Use

bull Format from Amazon EC2

instance OS

bull Mount formatted drive

CreateSnapshotSnapshot to

Amazon S3Detach

Call DetachVolume

Deleted

Call DeleteVolume

48copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS Facts

You can create

EBS Magnetic volumes from 1 GiB to 1 TiB in size

EBS General Purpose (SSD) and Provisioned IOPS (SSD)

volumes up to 16 TiB in size

You can use encrypted EBS volumes to meet a wide

range of data at-rest encryption requirements for

regulatedaudited data and applications

You can create point-in-time snapshots of EBS volumes

which are persisted to Amazon S3

49copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS and Amazon S3

Amazon EBS Amazon S3

Paradigm Block storage with file system Object store

Performance Very fast Fast

Redundancy Across multiple servers in an

Availability Zone

Across multiple facilities in a Region

Security EBS Encryption ndash Data volumes

and Snapshots

Encryption

Access from the

Internet

No (1) Yes (2)

Typical use case It is a disk drive Online storage

(1) Accessible from the Internet if mounted to server and set up as FTP etc

(2) Only with proper credentials unless ACLs are world-readable

50copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Instance Storage

Local complimentary direct attached block storage resource

Availability number of disks and size is based on EC2

instance type

Storage optimized instances for up to 365000 Read IOPS

and 315000 First Write IOPS

SSD or magnetic

No persistence

All data is automatically deleted when an EC2 instance stops

fails or is terminated

51copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Reboot vs Stop vs Terminate

Characteristic Reboot StopStart (EBS-backed instances only)

Terminate

Host computer The instance stays on the

same host computer

The instance runs on a new

host computer

NA

Private and public

IP addresses

Stay the same Instance keeps its private IP

address and gets a new public

IP address

NA

Elastic IP addresses

(EIP)

EIP remains associated with

the instance

EIP remains associated with the

instance

The EIP is disassociated from the

instance

Instance store

volumes

The data is preserved The data is erased The data is erased

EBS volume The volume is preserved The volume is preserved The volume is deleted by default

Billing Instance billing hour doesnrsquot

change

You stop incurring charges as

soon as state is changed to

stopping

You stop incurring charges as

soon as state is changed to

shutting-down

52copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instructor Demo

Amazon S3

53copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Networking

Amazon VPC

54copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

Provision a private isolated virtual network

on the AWS cloud

Have complete control over your virtual

networking environmentAmazon

VPC

55copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

VPCs and Subnets

A subnet defines a range of IP addresses in your VPC

You can launch AWS resources into a subnet that you select

A private subnet should be used for resources that wonrsquot be accessible over the Internet

A public subnet should be used for resources that will be accessed over the Internet

Each subnet must reside entirely within one Availability Zone and cannot span zones

56copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon VPC Example

Availability Zone A

Virtual Private Cloud

AWS Cloud

Public Subnet

Internet

Virtual Private Cloud

Availability Zone B

Private Subnet

Availability Zone C

VPN Only Subnet

DB Server DB Server

App Server

DB Server DB Server

DB Server

Web Server Web Server

NAT

Customer

Network

R

57copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security in Your VPC

Security groups

Network access

control lists

(ACLs) Subnet

1000024Subnet

1001024

Internet GatewayVPN Gateway

VPC Router

1000016

Security Group Security

Group

Security

Group

Network ACL Network ACL

Routing Table Routing Table

instance instance instance instance

58copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answers

Q What AWS service would help support your web application to offload serving static assets and store user uploaded images and video off-instance

Q How would you find out the private and public IP addresses for an EC2 instance

Q What acts as an additional layer of security at the subnet level in a VPC

True or False S3 Provides unlimited storageTrue

Retrieve the instance metadata http169254169254latestmeta-data

Amazon S3

Network ACLs

59copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 3

Security Identity and Access

Management

60copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Shared Responsibility ndash AWS

AW

S

Client-side Data Encryption

and Data Integrity

Authentication

Server-side Encryption

(File System andor Data)Network Traffic Protection

(EncryptionIntegrityIdentity)

Platform Applications Identity and Access Management

Operating System Network and Firewall Configuration

Customer DataC

usto

mer

Foundation Services

Compute Storage Database Network

AWS Global

Infrastructure Regions

Availability Zones Edge

Locations

61copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Physical Security

247 trained security staff

AWS data centers in nondescript and undisclosed facilities

Two-factor authentication for authorized staff

Authorization for data center access

62copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Hardware Software and Network

Automated change-control process

Bastion servers that record all access attempts

Firewall and other boundary devices

AWS monitoring tools

63copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Certifications and Accreditations

ISO 9001 ISO 27001 ISO 27017 ISO 27018 IRAP (Australia) MLPS Level 3 (China)

MTCS Tier 3 Certification (Singapore) and more hellip

64copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SSL Endpoints

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

SSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

SSL Endpoints

65copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security Groups

SSL Endpoints Security Groups

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

66copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

VPCSSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

67copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Multi-Tier Security Groups

HTTP

SSHRDP

Ports 80 and 443 only

open to the Internet

Engineering staff have SSHRDP

access to Bastion Host

All other internet ports blocked by default

Bastion

68copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Identity and Access Management (IAM)

AWS IAM

3

Manage federated users

and their permissions

2

Manage AWS IAM roles

and their permissions

1

Manage AWS IAM users

and their access

69copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Authentication

AWS Management Console User Name and Password

IAM User

70copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Access Key ID AKIAIOSFODNN7EXAMPLE

Secret Access Key wJalrXUtnFEMIK7MDENGbPxRfiCYEXAMPLEKEY

Java Python NET

AWS SDK amp APIAWS CLI

Authentication

AWS CLI or SDK API Access Key and Secret Key

IAM User

71copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM User Management - Groups

User D

DevOps Group

User C

AWS Account

TestDev Group

User BUser A

72copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authorization

Authorization

Policies

Are JSON documents to

describe permissions

Are assigned to Users

Groups or Roles

IAM User IAM Group

IAM Roles

73copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Elements

Version 2012-10-17

Statement [

Sid Stmt1453690971587

Action [

ec2Describe

ec2StartInstances

ec2StopInstancesrdquo

]

Effect Allow

Resource

Condition

IpAddress

awsSourceIp 5464346532rdquo

Sid Stmt1453690998327

Action [

s3GetObjectrdquo

]

Effect Allow

Resource arnawss3example_bucketrdquo

]

IAM Policy

74copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

Assigned Assigned

IAM Policy

75copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

76copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Roles

An IAM role uses a policy

An IAM role has no associated credentials

IAM users applications and services may assume IAM

roles

IAM Roles

77copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

IAM User

Assumed Assumed

AWS Resources

78copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Access to AWS Resources

Python application hosted on an Amazon EC2 Instance

needs to interact with Amazon S3

AWS credentials are required

Option 1 Store AWS Credentials on the Amazon EC2 instance

Option 2 Securely distribute AWS credentials to AWS Services

and Applications

IAM Roles

79copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Authentication

AWS IAM Application

No Support No Support

OS

80copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication and Authorization

Authentication

AWS Management Console

bull User Name and Password

AWS CLI or SDK API

bull Access Key and Secret Key

Authorization

Policies

IAM User IAM Group

IAM Roles

81copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices

Delete AWS account (root) access keys

Create individual IAM users

Use groups to assign permissions to IAM users

Grant least privilege

Configure a strong password policy

Enable MFA for privileged users

82copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices (cont)

Use roles for applications that run on Amazon EC2

instances

Delegate by using roles instead of by sharing credentials

Rotate credentials regularly

Remove unnecessary users and credentials

Use policy conditions for extra security

Monitor activity in your AWS account

83copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Resource-Based Policies

Are an alternative to IAM and supported by some

services

Grant cross-account access to your resources

Use a principal to uniquely identify account in the policy

Supported AWS services include Amazon S3 Bucket Policy

Amazon SNS Topic Policy

Amazon SQS Queue Policy

Amazon Glacier Vault Policy

AWS OpsWorks Stack Policy

AWS Lambda Function Policy

84copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answer

Q Your web application needs to readwrite an Amazon DynamoDB table

and an Amazon S3 bucket This operation requires AWS credentials and

authorization to use AWS services What service would you use

AWS IAM Role

85copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 4

Databases

86copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SQL and NoSQL Databases

SQL NoSQL

Data Storage Rows and Columns Key-Value

Schemas Fixed Dynamic

Querying Using SQL Focused on collection of

documents

Scalability Vertical Horizontal

ISBN Title Author Format

9182932465265 Cloud Computing

Concepts

Wilson

Joe

Paperback

3142536475869 The Database

Guru

Gomez

Maria

eBook

SQL NoSQL

ISBN 9182932465265

Title ldquoCloud Computing Conceptsrdquo

Author ldquoWilson Joerdquo

Format ldquoPaperbackrdquo

87copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Data Storage Considerations

No one size fits all

Analyze your data requirements by considering

Data formats

Data size

Query frequency

Data access speed

Data retention period

88copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Managed Database Services

Compute Storage

AWS Global Infrastructure

Database

App Services

Deployment and Administration

Networking

Amazon DynamoDB

Amazon ElastiCache

Amazon RDS

Amazon Redshift

AWS Database Migration Service

89copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Relational Database Service (RDS)

Cost-efficient and resizable capacity

Manages time-consuming database

administration tasks

Access to the full capabilities of Amazon

Aurora MySQL MariaDB Microsoft SQL

Server Oracle and PostgreSQL databases

Amazon

RDS

90copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Use Case

We were able to go from

concept to delivered product

in about six months with just

a handful of engineers

Greg Scallan

Chief Architect Flipboard

rdquo

ldquoFlipboard is an online magazine

with millions of users and billions of

ldquoflipsrdquo per month

Flipboard is one of the worldrsquos first

social media magazines

Flipboard uses Amazon RDS and

its Multi-AZ capabilities to store

mission critical user data

91copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS

Simple and fast to deploy

Manages common database administrative tasks

Compatible with your applications

Fast predictable performance

Simple and fast to scale

Secure

Cost-effective

92copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

How Amazon RDS Backups Work

Automatic Backups

Restore your database to a

point in time

Are enabled by default

Let you choose a retention

period up to 35 days

Manual Snapshots

Let you build a new

database instance from a

snapshot

Are initiated by the user

Persist until the user deletes

them

Are stored in Amazon S3

93copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cross-Region Snapshots

Are a copy of a database

snapshot stored in a

different AWS Region

Provide a backup for

disaster recovery

Can be used as a base

for migration to a

different region

94copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Security

Run your DB instance in an Amazon VPC

Use IAM policies to grant access to Amazon RDS resources

Use security groups

Use Secure Socket Layer (SSL) connections with DB instances (Amazon Aurora Oracle MySQL MariaDB PostgreSQL Microsoft SQL Server)

Use Amazon RDS encryption to secure your RDS instances and snapshots at rest

Use network encryption and transparent data encryption (TDE) with Oracle DB and Microsoft SQL Server instances

Use the security features of your DB engine to control access to your DB instance

95copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

A Resilient Durable Application Architecture

Amazon RDS database

instances

Master and Multi-AZ standby

Application in Amazon

EC2 instances

Elastic Load Balancing

load balancer instance

DB snapshots in

Amazon S3

96copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Best Practices

Monitor your memory CPU and storage usage

Use Multi-AZ deployments to automatically provision and maintain a synchronous standby in a different Availability Zone

Enable automatic backups

Set the backup window to occur during the daily low in WriteIOPS

To increase the IO capacity of a DB instance Migrate to a DB instance class with high IO capacity

Convert from standard storage to provisioned IOPS storage and use a DB instance class optimized for provisioned IOPS

Provision additional throughput capacity (if using provisioned IOPS storage)

If your client application is caching the DNS data of your DB instances set a TTL of less than 30 seconds

Test failover for your DB instance

97copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon DynamoDB

Store any amount of data with no limits

Fast predictable performance using SSDs

Easily provision and change the request

capacity needed for each table

Fully managed NoSQL database serviceAmazon

DynamoDB

98copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Use Case

AdRoll an online advertising platform serves 50

billion impressions a day worldwide with its

global retargeting platforms

We spend more on snacks

than we do on Amazon

DynamoDB

Valentino Volonghi

CTO Adroll

rdquo

ldquoAdroll Uses AWS to grow by more than

15000 in a year

Needed high-performance flexible

platform to swiftly sync data for

worldwide audience

Processes 50 TB of data a day

Serves 50 billion impressions a day

Stores 15 PB of data

Worldwide deployment minimizes

latency

99copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Data Model

Table

MusicItems

Attributes (name-value pairs)

Artist Song

Title

Album

Title

Year Genre

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 4: AWSome Day Cork | Technical Track

4copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon History

1994 Jeff Bezos Incorporated the

Company

1995 Amazoncom

Launched Online

Bookstore

2005 Amazon

Publishing Launched

2006 Amazon

Web Services (AWS)

Launched

2007 Kindle

Launched

2011 Amazon

Fresh Launched

2012 Amazon Game Studios

Launched

2013 Amazon

Art Launched

2014 Amazon Prime Now

Launched

2015 Amazon Home

Services amp Amazon

Echo Launched

5copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Web Services (AWS)

ComputeMessaging

Mobile

App Services

Database

Networking

Development and

Management Tools

Payments

VPCOn-Demand Workforce

Analytics Content Delivery

Storage

Enable businesses and developers to

use web services to build scalable

sophisticated applications

6copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Rapid Pace of Innovation

2009

48

159

722

82

2011 2013 2015

New FeaturesServices

Launched

7copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Direct

Connect

AWS Elastic Beanstalk

AWS GovCloud

Amazon CloudTrail

Amazon S3

Amazon WorkSpaces

Amazon Kinesis

Amazon

AppStream

Amazon SNS

AWS IAM

Amazon Route 53

Amazon SWF

Amazon Redshift

Amazon Dynamo DB

Amazon CloudSearch

AWS Data

Pipeline

Trusted Advisor

AWS KMS

Amazon Config

Amazon RDS

for Aurora

Amazon WorkDocs

AWS

Directory

Service

AWS CodeCommit

AWS CodePipeline

AWS Service Catalog

Amazon CloudWatch Logs

Amazon EFS

Amazon API

Gateway

Amazon Machine

Learning

AWS Device Farm

AWS Web App Firewall

Amazon Elasticsearch Service

Amazon QuickSight

AWS ImportExport Snowball

RDS for MariaDB

Amazon Inspector

AWS IoT

Amazon EC2 Container

Registry

Amazon

ElastiCache

AWS

CloudFormation

Amazon

Mobile

Analytics

AWS Mobile Hub

AWS Storage GatewayAWS OpsWorks

AWS Elastic Transcoder

Amazon SES

Amazon EC2

Container Service

Amazon Cognito

AWS CodeDeploy

Glacier As of 1 February 2016

Amazon WorkMail

AWS Lambda1950Services and Features

8copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Customers

Enterprise Customers Startup Customers Public Sector Customers

9copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Six Advantages amp Benefits of AWS Cloud Computing

Trade capital expense

for variable expense

Benefit from massive

economies of scale

Stop guessing

capacity

Go global in minutes

Increase speed and

agility

Stop spending money on

running and maintaining

data centers

10copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Core Infrastructure and Services

AWS Technical Essentials 38 ILT

Security

Network

Security

Network

Security Groups NACLs Access Mgmt

VPCVPCEC2 ldquoClassicrdquo

ldquoPublic

rdquo

ELBOn-Demand

Provision

Traditional Infrastructure Amazon Web Services

Servers

AMI Amazon EC2 InstancesOn-Premises Servers

SecuritySecurity Groups NACLs AWS IAMFirewalls ACLs Administrators

NetworkingVPCELBRouter Network Pipeline Switch

Storage and

DatabaseRDBMSDAS SAN NAS Amazon

EBSAmazon

EFSAmazon

S3

Amazon

RDS

11copy 2016 Amazon Web Services Inc or its affiliates All rights reserved Infrastructure Regions Edge LocationsAvailability Zones

Foundation

Services

Compute(Virtual Auto-scaling and

Load Balancing)

Networking

Applications Virtual

DesktopsCollaboration and Sharing

Platform

Services

Caching

Relational

No SQL

Cluster

Computing

Real-time

Data

Workflows

Data

Warehouse

Queuing

Orchestration

App Streaming

Transcoding

Email

Search

Containers

Devops Tools

Resource Templates

Usage Tracking

Monitoring and Logs

Identity

Sync

Mobile Analytics

Notifications

AWS Cloud Computing

Databases Analytics App Services Deployment and

Management

Mobile Services

Storage(Object Block and Archive)

12copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Global Infrastructure

Regions

Geographic locations

Consists of at least two Availability Zones(AZs)

Availability Zones

Clusters of data centers

Isolated from failures in other Availability Zones

13copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Achieving High Availability Using Multi-AZ

Availability

Zone - AAvailability

Zone - B

Availability

Zone - C

Region

14copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Global Infrastructure

15copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Global Infrastructure

50+ AWS Edge Locations

Local points-of-presence commonly supporting AWS

services like

Amazon Route 53

Amazon CloudFront

16copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check

Q What is the AWS term for physically distinct groups of data centers

within a region

True or False There are more regions than Edge locations

True or False AWS owns and maintains the infrastructure required

for application services and you provision and use them as needed

Q How do AZs in the same region differ

Availability Zone (AZ)

False

True

Each Availability Zone is isolated but the Availability Zones in a region are

connected through low-latency links

17copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Management

Console Demonstration

18copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 2

AWS Infrastructure

19copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Elastic Compute

Cloud (EC2)

20copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Elastic Compute Cloud (EC2)

Resizable compute capacity

Complete control of your computing resources

Reduces the time required to obtain and boot

new server instances to minutesAmazon

EC2

21copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Facts

Scale capacity as your computing requirements change

Pay only for capacity that you actually use

Choose Linux or Windows

Deploy across AWS Regions and Availability Zones for reliability

22copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launching an Amazon EC2 Instance via the Web

Console

1 Determine the AWS Region in which you want to launch the

Amazon EC2 instance

2 Launch an Amazon EC2 instance from a pre-configured

Amazon Machine Image (AMI)

3 Choose an instance type based on CPU memory storage

and network requirements

4 Configure network IP address security groups storage

volume tags and key pair

23copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AMI Details

An AMI includes the following

A template for the root volume for the instance (for

example an operating system an application server

and applications)

Launch permissions that control which AWS accounts

can use the AMI to launch instances

A block device mapping that specifies the volumes to

attach to the instance when its launched

24copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instances and AMIs

Select an AMI based on

Region

Operating system

Architecture (32-bit or 64-bit)

Launch permissions

Storage for the root deviceAMI

Instances

Instance

Launch

instances of any

type

Host computer

Host computer

25copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Instances

OS Applications

amp Configuration

AMI

Running or

Stopped VM

Instances

AZ

VPC

Region

EBS

S3

EBS

SnapshotsS3 Buckets

EBS EBS EBS EBS EBS

AZ

Instances Instances

26copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS vs Amazon EC2 Instance Store

Amazon EBS

Data stored on an Amazon EBS volume can persist

independently of the life of the instance

Storage is persistent

Amazon EC2 Instance Store

Data stored on a local instance store persists only as long as the

instance is alive

Storage is ephemeral

27copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Marketplace ndash IT Software Optimized for the

Cloud

AWS Marketplace

Is an online store to discover purchase and deploy IT software on top of the AWS infrastructure

Catalog of 2300+ IT software solutionsbull Including Paid BYOL Open Source SaaS amp free to try options

Pre-configured to operate on AWSbull Software checked by AWS for security and operability

Deploys to AWS environment in minutes

Flexible usage-based billing models

Software charges billed to AWS account

Includes AWS Test Drive

httpsawsamazoncommarketplace

28copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Choosing the Right Amazon EC2 Instance

EC2 instance types are optimized for different use cases and come

in multiple sizes This allows you to optimally scale resources to

your workload requirements

AWS uses Intelreg Xeonreg processors for EC2 instances providing

customers with high performance and value

Consider the following when choosing your instances Core count

memory size storage size and type network performance and

CPU technologies

Hurry Up and Go Idle - A larger compute instance can save you time

and money therefore paying more per hour for a shorter amount of

time can be less expensive

29copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Intelreg Processor Technologies

Intelreg AVX ndash Get dramatically better performance for highly parallel HPC workloads such as life science engineering data mining financial analysis or other technical computing applications AVX also enhances image video and audio processing

Intelreg AES-NI ndash Enhance your security with these new encryption instructions that reduce the performance penalty associated with encryptingdecrypting data

Intelreg Turbo Boost Technology ndash Get more computing power when you need it with performance that adapts to spikes in your workload with Intelreg Turbo Boost Technology 20

30copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Current Generation Instances

Instance Family Some Use Cases

General purpose (t2 m4 m3) bull Low-traffic websites and web applications

bull Small databases and mid-size databases

Compute optimized (c4 c3) bull High performance front-end fleets

bull Video-encoding

Memory optimized (r3) bull High performance databases

bull Distributed memory caches

Storage optimized (i2 d2) bull Data warehousing

bull Log or data-processing applications

GPU instances (g2) bull 3D application streaming

bull Machine learning

31copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instance Metadata amp User Data

Instance Metadata

Is data about your instance

Can be used to configure or manage a running instance

Instance User Data

Can be passed to the instance at launch

Can be used to perform common automated configuration tasks

Runs scripts after the instance starts

32copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Purchasing Options

On-Demand Instances

Pay by the hour

Reserved Instances

Purchase at significant discount

Instances are always available

1-year to 3-year terms

Scheduled Instances

Purchase a 1-year RI for a

recurring period of time

Spot Instances

Highest bidder uses instance at a

significant discount

Spot blocks supported

Dedicated Hosts

Physical host is fully dedicated to

run your instances Bring your per-socket per-core or per-

VM software licenses to reduce

cost

33copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instructor Demo

Amazon EC2

34copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Simple Storage Service (S3)

Amazon S3

Storage for the Internet

Natively online HTTP access

Store and retrieve any amount of data any

time from anywhere on the web

Highly scalable reliable fast and durable

35copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Facts

Able to store an unlimited number of objects in a bucket

Objects up to 5 TB no bucket size limit

Designed for 99999999999 durability and 9999 availability of

objects over a given year

HTTPS endpoint to store and retrieve any amount of data at any

time from anywhere on the web

Highly scalable reliable fast and inexpensive

Optional server-side encryption using AWS or customer-

managed provided client-side encryption

Access logs for auditing

Provides standards-based REST and SOAP interfaces

36copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Common Use Scenarios

Storage and Backup

Application File Hosting

Media Hosting

Software Delivery

Store AMIs and Snapshots

37copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Concepts

Amazon S3 stores data as objects

within buckets

An object is composed of a file and

optionally any metadata that

describes that file

You can have up to 100 buckets in

each account

You can control access to the

bucket and its objects

Amazon

S3

Bucket

with

Objects

Bucket

Object

38copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Object Keys

An object key is the unique identifier for an object in a

bucket

httpdocs3amazonawscom2006-03-01AmazonS3html

Bucket ObjectKey

39copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Security

You can control access to buckets and objects with

Access Control Lists (ACLs)

Bucket policies

Identity and Access Management (IAM) policies

You can upload or download data to Amazon S3 via SSL

encrypted endpoints

You can encrypt data using AWS SDKs

40copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Versioning

Protects from accidental overwrites and deletes with

no performance penalty

Generates a new version with every upload

Allows easily retrieval of deleted objects or roll back

to previous versions

Three states of an Amazon S3 bucket

Un-versioned (default)

Versioning-enabled

Versioning-suspendedVersioning Enabled

Key photogif

ID 121212

Key photogif

ID 111111

41copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Object Lifecycle

Lifecycle management defines how Amazon S3 manages

objects during their lifetime Some objects that you store in an

Amazon S3 bucket might have a well-defined lifecycle

Log files

Archive documents

Digital media archives

Financial and healthcare records

Raw genomics sequence data

Long-term database backups

Data that must be retained for regulatory compliance

42copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Glacier

Long term low-cost archiving service

Optimal for infrequently accessed data

Designed for 99999999999 durability

3-5 hours retrieval time

Less than $001 per GB month (depending on region)

43copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 + Amazon Glacier

S3 Lifecycle policies allow you to delete or move

objects based on age and set rules per S3 bucket

bucket with

objects

30 Days

Glacier

archive

365 Days

44copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Region Considerations

Amazon S3 creates a bucket in the region you

select

You can choose a region to

Optimize latency

Minimize costs

Address regulatory requirements

Objects stored in a region never leave the region

unless you explicitly transfer them to another

region

45copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Storage Classes

Storage Class Durability Availability Other Considerations

Amazon S3

Standard

99999999999 9999 None

Amazon S3

Standard -

Infrequent

Access (IA)

99999999999 9999 bull Retrieval fee associated

with objects

bull Most suitable for

infrequently accessed

data

Glacier 99999999999 9999 (after you

restore objects)

bull Not available for real-time

access

bull Must restore objects

before you can access

them

46copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Elastic Block Store (EBS)

Persistent block level storage volumes

offering consistent and low-latency performance

Automatically replicated within its Availability

Zone

Snapshots stored durably in Amazon S3 Amazon

EBS

47copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS Lifecycle

Vast amounts of

unused space Create

Call CreateVolume

1 GB to 16 TB

Attach

Call AttachVolume to affiliate with

one Amazon EC2 instance

Attached

and

In Use

bull Format from Amazon EC2

instance OS

bull Mount formatted drive

CreateSnapshotSnapshot to

Amazon S3Detach

Call DetachVolume

Deleted

Call DeleteVolume

48copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS Facts

You can create

EBS Magnetic volumes from 1 GiB to 1 TiB in size

EBS General Purpose (SSD) and Provisioned IOPS (SSD)

volumes up to 16 TiB in size

You can use encrypted EBS volumes to meet a wide

range of data at-rest encryption requirements for

regulatedaudited data and applications

You can create point-in-time snapshots of EBS volumes

which are persisted to Amazon S3

49copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS and Amazon S3

Amazon EBS Amazon S3

Paradigm Block storage with file system Object store

Performance Very fast Fast

Redundancy Across multiple servers in an

Availability Zone

Across multiple facilities in a Region

Security EBS Encryption ndash Data volumes

and Snapshots

Encryption

Access from the

Internet

No (1) Yes (2)

Typical use case It is a disk drive Online storage

(1) Accessible from the Internet if mounted to server and set up as FTP etc

(2) Only with proper credentials unless ACLs are world-readable

50copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Instance Storage

Local complimentary direct attached block storage resource

Availability number of disks and size is based on EC2

instance type

Storage optimized instances for up to 365000 Read IOPS

and 315000 First Write IOPS

SSD or magnetic

No persistence

All data is automatically deleted when an EC2 instance stops

fails or is terminated

51copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Reboot vs Stop vs Terminate

Characteristic Reboot StopStart (EBS-backed instances only)

Terminate

Host computer The instance stays on the

same host computer

The instance runs on a new

host computer

NA

Private and public

IP addresses

Stay the same Instance keeps its private IP

address and gets a new public

IP address

NA

Elastic IP addresses

(EIP)

EIP remains associated with

the instance

EIP remains associated with the

instance

The EIP is disassociated from the

instance

Instance store

volumes

The data is preserved The data is erased The data is erased

EBS volume The volume is preserved The volume is preserved The volume is deleted by default

Billing Instance billing hour doesnrsquot

change

You stop incurring charges as

soon as state is changed to

stopping

You stop incurring charges as

soon as state is changed to

shutting-down

52copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instructor Demo

Amazon S3

53copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Networking

Amazon VPC

54copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

Provision a private isolated virtual network

on the AWS cloud

Have complete control over your virtual

networking environmentAmazon

VPC

55copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

VPCs and Subnets

A subnet defines a range of IP addresses in your VPC

You can launch AWS resources into a subnet that you select

A private subnet should be used for resources that wonrsquot be accessible over the Internet

A public subnet should be used for resources that will be accessed over the Internet

Each subnet must reside entirely within one Availability Zone and cannot span zones

56copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon VPC Example

Availability Zone A

Virtual Private Cloud

AWS Cloud

Public Subnet

Internet

Virtual Private Cloud

Availability Zone B

Private Subnet

Availability Zone C

VPN Only Subnet

DB Server DB Server

App Server

DB Server DB Server

DB Server

Web Server Web Server

NAT

Customer

Network

R

57copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security in Your VPC

Security groups

Network access

control lists

(ACLs) Subnet

1000024Subnet

1001024

Internet GatewayVPN Gateway

VPC Router

1000016

Security Group Security

Group

Security

Group

Network ACL Network ACL

Routing Table Routing Table

instance instance instance instance

58copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answers

Q What AWS service would help support your web application to offload serving static assets and store user uploaded images and video off-instance

Q How would you find out the private and public IP addresses for an EC2 instance

Q What acts as an additional layer of security at the subnet level in a VPC

True or False S3 Provides unlimited storageTrue

Retrieve the instance metadata http169254169254latestmeta-data

Amazon S3

Network ACLs

59copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 3

Security Identity and Access

Management

60copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Shared Responsibility ndash AWS

AW

S

Client-side Data Encryption

and Data Integrity

Authentication

Server-side Encryption

(File System andor Data)Network Traffic Protection

(EncryptionIntegrityIdentity)

Platform Applications Identity and Access Management

Operating System Network and Firewall Configuration

Customer DataC

usto

mer

Foundation Services

Compute Storage Database Network

AWS Global

Infrastructure Regions

Availability Zones Edge

Locations

61copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Physical Security

247 trained security staff

AWS data centers in nondescript and undisclosed facilities

Two-factor authentication for authorized staff

Authorization for data center access

62copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Hardware Software and Network

Automated change-control process

Bastion servers that record all access attempts

Firewall and other boundary devices

AWS monitoring tools

63copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Certifications and Accreditations

ISO 9001 ISO 27001 ISO 27017 ISO 27018 IRAP (Australia) MLPS Level 3 (China)

MTCS Tier 3 Certification (Singapore) and more hellip

64copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SSL Endpoints

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

SSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

SSL Endpoints

65copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security Groups

SSL Endpoints Security Groups

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

66copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

VPCSSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

67copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Multi-Tier Security Groups

HTTP

SSHRDP

Ports 80 and 443 only

open to the Internet

Engineering staff have SSHRDP

access to Bastion Host

All other internet ports blocked by default

Bastion

68copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Identity and Access Management (IAM)

AWS IAM

3

Manage federated users

and their permissions

2

Manage AWS IAM roles

and their permissions

1

Manage AWS IAM users

and their access

69copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Authentication

AWS Management Console User Name and Password

IAM User

70copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Access Key ID AKIAIOSFODNN7EXAMPLE

Secret Access Key wJalrXUtnFEMIK7MDENGbPxRfiCYEXAMPLEKEY

Java Python NET

AWS SDK amp APIAWS CLI

Authentication

AWS CLI or SDK API Access Key and Secret Key

IAM User

71copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM User Management - Groups

User D

DevOps Group

User C

AWS Account

TestDev Group

User BUser A

72copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authorization

Authorization

Policies

Are JSON documents to

describe permissions

Are assigned to Users

Groups or Roles

IAM User IAM Group

IAM Roles

73copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Elements

Version 2012-10-17

Statement [

Sid Stmt1453690971587

Action [

ec2Describe

ec2StartInstances

ec2StopInstancesrdquo

]

Effect Allow

Resource

Condition

IpAddress

awsSourceIp 5464346532rdquo

Sid Stmt1453690998327

Action [

s3GetObjectrdquo

]

Effect Allow

Resource arnawss3example_bucketrdquo

]

IAM Policy

74copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

Assigned Assigned

IAM Policy

75copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

76copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Roles

An IAM role uses a policy

An IAM role has no associated credentials

IAM users applications and services may assume IAM

roles

IAM Roles

77copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

IAM User

Assumed Assumed

AWS Resources

78copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Access to AWS Resources

Python application hosted on an Amazon EC2 Instance

needs to interact with Amazon S3

AWS credentials are required

Option 1 Store AWS Credentials on the Amazon EC2 instance

Option 2 Securely distribute AWS credentials to AWS Services

and Applications

IAM Roles

79copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Authentication

AWS IAM Application

No Support No Support

OS

80copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication and Authorization

Authentication

AWS Management Console

bull User Name and Password

AWS CLI or SDK API

bull Access Key and Secret Key

Authorization

Policies

IAM User IAM Group

IAM Roles

81copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices

Delete AWS account (root) access keys

Create individual IAM users

Use groups to assign permissions to IAM users

Grant least privilege

Configure a strong password policy

Enable MFA for privileged users

82copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices (cont)

Use roles for applications that run on Amazon EC2

instances

Delegate by using roles instead of by sharing credentials

Rotate credentials regularly

Remove unnecessary users and credentials

Use policy conditions for extra security

Monitor activity in your AWS account

83copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Resource-Based Policies

Are an alternative to IAM and supported by some

services

Grant cross-account access to your resources

Use a principal to uniquely identify account in the policy

Supported AWS services include Amazon S3 Bucket Policy

Amazon SNS Topic Policy

Amazon SQS Queue Policy

Amazon Glacier Vault Policy

AWS OpsWorks Stack Policy

AWS Lambda Function Policy

84copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answer

Q Your web application needs to readwrite an Amazon DynamoDB table

and an Amazon S3 bucket This operation requires AWS credentials and

authorization to use AWS services What service would you use

AWS IAM Role

85copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 4

Databases

86copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SQL and NoSQL Databases

SQL NoSQL

Data Storage Rows and Columns Key-Value

Schemas Fixed Dynamic

Querying Using SQL Focused on collection of

documents

Scalability Vertical Horizontal

ISBN Title Author Format

9182932465265 Cloud Computing

Concepts

Wilson

Joe

Paperback

3142536475869 The Database

Guru

Gomez

Maria

eBook

SQL NoSQL

ISBN 9182932465265

Title ldquoCloud Computing Conceptsrdquo

Author ldquoWilson Joerdquo

Format ldquoPaperbackrdquo

87copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Data Storage Considerations

No one size fits all

Analyze your data requirements by considering

Data formats

Data size

Query frequency

Data access speed

Data retention period

88copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Managed Database Services

Compute Storage

AWS Global Infrastructure

Database

App Services

Deployment and Administration

Networking

Amazon DynamoDB

Amazon ElastiCache

Amazon RDS

Amazon Redshift

AWS Database Migration Service

89copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Relational Database Service (RDS)

Cost-efficient and resizable capacity

Manages time-consuming database

administration tasks

Access to the full capabilities of Amazon

Aurora MySQL MariaDB Microsoft SQL

Server Oracle and PostgreSQL databases

Amazon

RDS

90copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Use Case

We were able to go from

concept to delivered product

in about six months with just

a handful of engineers

Greg Scallan

Chief Architect Flipboard

rdquo

ldquoFlipboard is an online magazine

with millions of users and billions of

ldquoflipsrdquo per month

Flipboard is one of the worldrsquos first

social media magazines

Flipboard uses Amazon RDS and

its Multi-AZ capabilities to store

mission critical user data

91copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS

Simple and fast to deploy

Manages common database administrative tasks

Compatible with your applications

Fast predictable performance

Simple and fast to scale

Secure

Cost-effective

92copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

How Amazon RDS Backups Work

Automatic Backups

Restore your database to a

point in time

Are enabled by default

Let you choose a retention

period up to 35 days

Manual Snapshots

Let you build a new

database instance from a

snapshot

Are initiated by the user

Persist until the user deletes

them

Are stored in Amazon S3

93copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cross-Region Snapshots

Are a copy of a database

snapshot stored in a

different AWS Region

Provide a backup for

disaster recovery

Can be used as a base

for migration to a

different region

94copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Security

Run your DB instance in an Amazon VPC

Use IAM policies to grant access to Amazon RDS resources

Use security groups

Use Secure Socket Layer (SSL) connections with DB instances (Amazon Aurora Oracle MySQL MariaDB PostgreSQL Microsoft SQL Server)

Use Amazon RDS encryption to secure your RDS instances and snapshots at rest

Use network encryption and transparent data encryption (TDE) with Oracle DB and Microsoft SQL Server instances

Use the security features of your DB engine to control access to your DB instance

95copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

A Resilient Durable Application Architecture

Amazon RDS database

instances

Master and Multi-AZ standby

Application in Amazon

EC2 instances

Elastic Load Balancing

load balancer instance

DB snapshots in

Amazon S3

96copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Best Practices

Monitor your memory CPU and storage usage

Use Multi-AZ deployments to automatically provision and maintain a synchronous standby in a different Availability Zone

Enable automatic backups

Set the backup window to occur during the daily low in WriteIOPS

To increase the IO capacity of a DB instance Migrate to a DB instance class with high IO capacity

Convert from standard storage to provisioned IOPS storage and use a DB instance class optimized for provisioned IOPS

Provision additional throughput capacity (if using provisioned IOPS storage)

If your client application is caching the DNS data of your DB instances set a TTL of less than 30 seconds

Test failover for your DB instance

97copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon DynamoDB

Store any amount of data with no limits

Fast predictable performance using SSDs

Easily provision and change the request

capacity needed for each table

Fully managed NoSQL database serviceAmazon

DynamoDB

98copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Use Case

AdRoll an online advertising platform serves 50

billion impressions a day worldwide with its

global retargeting platforms

We spend more on snacks

than we do on Amazon

DynamoDB

Valentino Volonghi

CTO Adroll

rdquo

ldquoAdroll Uses AWS to grow by more than

15000 in a year

Needed high-performance flexible

platform to swiftly sync data for

worldwide audience

Processes 50 TB of data a day

Serves 50 billion impressions a day

Stores 15 PB of data

Worldwide deployment minimizes

latency

99copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Data Model

Table

MusicItems

Attributes (name-value pairs)

Artist Song

Title

Album

Title

Year Genre

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 5: AWSome Day Cork | Technical Track

5copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Web Services (AWS)

ComputeMessaging

Mobile

App Services

Database

Networking

Development and

Management Tools

Payments

VPCOn-Demand Workforce

Analytics Content Delivery

Storage

Enable businesses and developers to

use web services to build scalable

sophisticated applications

6copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Rapid Pace of Innovation

2009

48

159

722

82

2011 2013 2015

New FeaturesServices

Launched

7copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Direct

Connect

AWS Elastic Beanstalk

AWS GovCloud

Amazon CloudTrail

Amazon S3

Amazon WorkSpaces

Amazon Kinesis

Amazon

AppStream

Amazon SNS

AWS IAM

Amazon Route 53

Amazon SWF

Amazon Redshift

Amazon Dynamo DB

Amazon CloudSearch

AWS Data

Pipeline

Trusted Advisor

AWS KMS

Amazon Config

Amazon RDS

for Aurora

Amazon WorkDocs

AWS

Directory

Service

AWS CodeCommit

AWS CodePipeline

AWS Service Catalog

Amazon CloudWatch Logs

Amazon EFS

Amazon API

Gateway

Amazon Machine

Learning

AWS Device Farm

AWS Web App Firewall

Amazon Elasticsearch Service

Amazon QuickSight

AWS ImportExport Snowball

RDS for MariaDB

Amazon Inspector

AWS IoT

Amazon EC2 Container

Registry

Amazon

ElastiCache

AWS

CloudFormation

Amazon

Mobile

Analytics

AWS Mobile Hub

AWS Storage GatewayAWS OpsWorks

AWS Elastic Transcoder

Amazon SES

Amazon EC2

Container Service

Amazon Cognito

AWS CodeDeploy

Glacier As of 1 February 2016

Amazon WorkMail

AWS Lambda1950Services and Features

8copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Customers

Enterprise Customers Startup Customers Public Sector Customers

9copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Six Advantages amp Benefits of AWS Cloud Computing

Trade capital expense

for variable expense

Benefit from massive

economies of scale

Stop guessing

capacity

Go global in minutes

Increase speed and

agility

Stop spending money on

running and maintaining

data centers

10copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Core Infrastructure and Services

AWS Technical Essentials 38 ILT

Security

Network

Security

Network

Security Groups NACLs Access Mgmt

VPCVPCEC2 ldquoClassicrdquo

ldquoPublic

rdquo

ELBOn-Demand

Provision

Traditional Infrastructure Amazon Web Services

Servers

AMI Amazon EC2 InstancesOn-Premises Servers

SecuritySecurity Groups NACLs AWS IAMFirewalls ACLs Administrators

NetworkingVPCELBRouter Network Pipeline Switch

Storage and

DatabaseRDBMSDAS SAN NAS Amazon

EBSAmazon

EFSAmazon

S3

Amazon

RDS

11copy 2016 Amazon Web Services Inc or its affiliates All rights reserved Infrastructure Regions Edge LocationsAvailability Zones

Foundation

Services

Compute(Virtual Auto-scaling and

Load Balancing)

Networking

Applications Virtual

DesktopsCollaboration and Sharing

Platform

Services

Caching

Relational

No SQL

Cluster

Computing

Real-time

Data

Workflows

Data

Warehouse

Queuing

Orchestration

App Streaming

Transcoding

Email

Search

Containers

Devops Tools

Resource Templates

Usage Tracking

Monitoring and Logs

Identity

Sync

Mobile Analytics

Notifications

AWS Cloud Computing

Databases Analytics App Services Deployment and

Management

Mobile Services

Storage(Object Block and Archive)

12copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Global Infrastructure

Regions

Geographic locations

Consists of at least two Availability Zones(AZs)

Availability Zones

Clusters of data centers

Isolated from failures in other Availability Zones

13copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Achieving High Availability Using Multi-AZ

Availability

Zone - AAvailability

Zone - B

Availability

Zone - C

Region

14copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Global Infrastructure

15copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Global Infrastructure

50+ AWS Edge Locations

Local points-of-presence commonly supporting AWS

services like

Amazon Route 53

Amazon CloudFront

16copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check

Q What is the AWS term for physically distinct groups of data centers

within a region

True or False There are more regions than Edge locations

True or False AWS owns and maintains the infrastructure required

for application services and you provision and use them as needed

Q How do AZs in the same region differ

Availability Zone (AZ)

False

True

Each Availability Zone is isolated but the Availability Zones in a region are

connected through low-latency links

17copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Management

Console Demonstration

18copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 2

AWS Infrastructure

19copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Elastic Compute

Cloud (EC2)

20copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Elastic Compute Cloud (EC2)

Resizable compute capacity

Complete control of your computing resources

Reduces the time required to obtain and boot

new server instances to minutesAmazon

EC2

21copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Facts

Scale capacity as your computing requirements change

Pay only for capacity that you actually use

Choose Linux or Windows

Deploy across AWS Regions and Availability Zones for reliability

22copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launching an Amazon EC2 Instance via the Web

Console

1 Determine the AWS Region in which you want to launch the

Amazon EC2 instance

2 Launch an Amazon EC2 instance from a pre-configured

Amazon Machine Image (AMI)

3 Choose an instance type based on CPU memory storage

and network requirements

4 Configure network IP address security groups storage

volume tags and key pair

23copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AMI Details

An AMI includes the following

A template for the root volume for the instance (for

example an operating system an application server

and applications)

Launch permissions that control which AWS accounts

can use the AMI to launch instances

A block device mapping that specifies the volumes to

attach to the instance when its launched

24copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instances and AMIs

Select an AMI based on

Region

Operating system

Architecture (32-bit or 64-bit)

Launch permissions

Storage for the root deviceAMI

Instances

Instance

Launch

instances of any

type

Host computer

Host computer

25copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Instances

OS Applications

amp Configuration

AMI

Running or

Stopped VM

Instances

AZ

VPC

Region

EBS

S3

EBS

SnapshotsS3 Buckets

EBS EBS EBS EBS EBS

AZ

Instances Instances

26copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS vs Amazon EC2 Instance Store

Amazon EBS

Data stored on an Amazon EBS volume can persist

independently of the life of the instance

Storage is persistent

Amazon EC2 Instance Store

Data stored on a local instance store persists only as long as the

instance is alive

Storage is ephemeral

27copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Marketplace ndash IT Software Optimized for the

Cloud

AWS Marketplace

Is an online store to discover purchase and deploy IT software on top of the AWS infrastructure

Catalog of 2300+ IT software solutionsbull Including Paid BYOL Open Source SaaS amp free to try options

Pre-configured to operate on AWSbull Software checked by AWS for security and operability

Deploys to AWS environment in minutes

Flexible usage-based billing models

Software charges billed to AWS account

Includes AWS Test Drive

httpsawsamazoncommarketplace

28copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Choosing the Right Amazon EC2 Instance

EC2 instance types are optimized for different use cases and come

in multiple sizes This allows you to optimally scale resources to

your workload requirements

AWS uses Intelreg Xeonreg processors for EC2 instances providing

customers with high performance and value

Consider the following when choosing your instances Core count

memory size storage size and type network performance and

CPU technologies

Hurry Up and Go Idle - A larger compute instance can save you time

and money therefore paying more per hour for a shorter amount of

time can be less expensive

29copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Intelreg Processor Technologies

Intelreg AVX ndash Get dramatically better performance for highly parallel HPC workloads such as life science engineering data mining financial analysis or other technical computing applications AVX also enhances image video and audio processing

Intelreg AES-NI ndash Enhance your security with these new encryption instructions that reduce the performance penalty associated with encryptingdecrypting data

Intelreg Turbo Boost Technology ndash Get more computing power when you need it with performance that adapts to spikes in your workload with Intelreg Turbo Boost Technology 20

30copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Current Generation Instances

Instance Family Some Use Cases

General purpose (t2 m4 m3) bull Low-traffic websites and web applications

bull Small databases and mid-size databases

Compute optimized (c4 c3) bull High performance front-end fleets

bull Video-encoding

Memory optimized (r3) bull High performance databases

bull Distributed memory caches

Storage optimized (i2 d2) bull Data warehousing

bull Log or data-processing applications

GPU instances (g2) bull 3D application streaming

bull Machine learning

31copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instance Metadata amp User Data

Instance Metadata

Is data about your instance

Can be used to configure or manage a running instance

Instance User Data

Can be passed to the instance at launch

Can be used to perform common automated configuration tasks

Runs scripts after the instance starts

32copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Purchasing Options

On-Demand Instances

Pay by the hour

Reserved Instances

Purchase at significant discount

Instances are always available

1-year to 3-year terms

Scheduled Instances

Purchase a 1-year RI for a

recurring period of time

Spot Instances

Highest bidder uses instance at a

significant discount

Spot blocks supported

Dedicated Hosts

Physical host is fully dedicated to

run your instances Bring your per-socket per-core or per-

VM software licenses to reduce

cost

33copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instructor Demo

Amazon EC2

34copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Simple Storage Service (S3)

Amazon S3

Storage for the Internet

Natively online HTTP access

Store and retrieve any amount of data any

time from anywhere on the web

Highly scalable reliable fast and durable

35copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Facts

Able to store an unlimited number of objects in a bucket

Objects up to 5 TB no bucket size limit

Designed for 99999999999 durability and 9999 availability of

objects over a given year

HTTPS endpoint to store and retrieve any amount of data at any

time from anywhere on the web

Highly scalable reliable fast and inexpensive

Optional server-side encryption using AWS or customer-

managed provided client-side encryption

Access logs for auditing

Provides standards-based REST and SOAP interfaces

36copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Common Use Scenarios

Storage and Backup

Application File Hosting

Media Hosting

Software Delivery

Store AMIs and Snapshots

37copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Concepts

Amazon S3 stores data as objects

within buckets

An object is composed of a file and

optionally any metadata that

describes that file

You can have up to 100 buckets in

each account

You can control access to the

bucket and its objects

Amazon

S3

Bucket

with

Objects

Bucket

Object

38copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Object Keys

An object key is the unique identifier for an object in a

bucket

httpdocs3amazonawscom2006-03-01AmazonS3html

Bucket ObjectKey

39copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Security

You can control access to buckets and objects with

Access Control Lists (ACLs)

Bucket policies

Identity and Access Management (IAM) policies

You can upload or download data to Amazon S3 via SSL

encrypted endpoints

You can encrypt data using AWS SDKs

40copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Versioning

Protects from accidental overwrites and deletes with

no performance penalty

Generates a new version with every upload

Allows easily retrieval of deleted objects or roll back

to previous versions

Three states of an Amazon S3 bucket

Un-versioned (default)

Versioning-enabled

Versioning-suspendedVersioning Enabled

Key photogif

ID 121212

Key photogif

ID 111111

41copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Object Lifecycle

Lifecycle management defines how Amazon S3 manages

objects during their lifetime Some objects that you store in an

Amazon S3 bucket might have a well-defined lifecycle

Log files

Archive documents

Digital media archives

Financial and healthcare records

Raw genomics sequence data

Long-term database backups

Data that must be retained for regulatory compliance

42copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Glacier

Long term low-cost archiving service

Optimal for infrequently accessed data

Designed for 99999999999 durability

3-5 hours retrieval time

Less than $001 per GB month (depending on region)

43copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 + Amazon Glacier

S3 Lifecycle policies allow you to delete or move

objects based on age and set rules per S3 bucket

bucket with

objects

30 Days

Glacier

archive

365 Days

44copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Region Considerations

Amazon S3 creates a bucket in the region you

select

You can choose a region to

Optimize latency

Minimize costs

Address regulatory requirements

Objects stored in a region never leave the region

unless you explicitly transfer them to another

region

45copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Storage Classes

Storage Class Durability Availability Other Considerations

Amazon S3

Standard

99999999999 9999 None

Amazon S3

Standard -

Infrequent

Access (IA)

99999999999 9999 bull Retrieval fee associated

with objects

bull Most suitable for

infrequently accessed

data

Glacier 99999999999 9999 (after you

restore objects)

bull Not available for real-time

access

bull Must restore objects

before you can access

them

46copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Elastic Block Store (EBS)

Persistent block level storage volumes

offering consistent and low-latency performance

Automatically replicated within its Availability

Zone

Snapshots stored durably in Amazon S3 Amazon

EBS

47copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS Lifecycle

Vast amounts of

unused space Create

Call CreateVolume

1 GB to 16 TB

Attach

Call AttachVolume to affiliate with

one Amazon EC2 instance

Attached

and

In Use

bull Format from Amazon EC2

instance OS

bull Mount formatted drive

CreateSnapshotSnapshot to

Amazon S3Detach

Call DetachVolume

Deleted

Call DeleteVolume

48copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS Facts

You can create

EBS Magnetic volumes from 1 GiB to 1 TiB in size

EBS General Purpose (SSD) and Provisioned IOPS (SSD)

volumes up to 16 TiB in size

You can use encrypted EBS volumes to meet a wide

range of data at-rest encryption requirements for

regulatedaudited data and applications

You can create point-in-time snapshots of EBS volumes

which are persisted to Amazon S3

49copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS and Amazon S3

Amazon EBS Amazon S3

Paradigm Block storage with file system Object store

Performance Very fast Fast

Redundancy Across multiple servers in an

Availability Zone

Across multiple facilities in a Region

Security EBS Encryption ndash Data volumes

and Snapshots

Encryption

Access from the

Internet

No (1) Yes (2)

Typical use case It is a disk drive Online storage

(1) Accessible from the Internet if mounted to server and set up as FTP etc

(2) Only with proper credentials unless ACLs are world-readable

50copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Instance Storage

Local complimentary direct attached block storage resource

Availability number of disks and size is based on EC2

instance type

Storage optimized instances for up to 365000 Read IOPS

and 315000 First Write IOPS

SSD or magnetic

No persistence

All data is automatically deleted when an EC2 instance stops

fails or is terminated

51copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Reboot vs Stop vs Terminate

Characteristic Reboot StopStart (EBS-backed instances only)

Terminate

Host computer The instance stays on the

same host computer

The instance runs on a new

host computer

NA

Private and public

IP addresses

Stay the same Instance keeps its private IP

address and gets a new public

IP address

NA

Elastic IP addresses

(EIP)

EIP remains associated with

the instance

EIP remains associated with the

instance

The EIP is disassociated from the

instance

Instance store

volumes

The data is preserved The data is erased The data is erased

EBS volume The volume is preserved The volume is preserved The volume is deleted by default

Billing Instance billing hour doesnrsquot

change

You stop incurring charges as

soon as state is changed to

stopping

You stop incurring charges as

soon as state is changed to

shutting-down

52copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instructor Demo

Amazon S3

53copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Networking

Amazon VPC

54copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

Provision a private isolated virtual network

on the AWS cloud

Have complete control over your virtual

networking environmentAmazon

VPC

55copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

VPCs and Subnets

A subnet defines a range of IP addresses in your VPC

You can launch AWS resources into a subnet that you select

A private subnet should be used for resources that wonrsquot be accessible over the Internet

A public subnet should be used for resources that will be accessed over the Internet

Each subnet must reside entirely within one Availability Zone and cannot span zones

56copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon VPC Example

Availability Zone A

Virtual Private Cloud

AWS Cloud

Public Subnet

Internet

Virtual Private Cloud

Availability Zone B

Private Subnet

Availability Zone C

VPN Only Subnet

DB Server DB Server

App Server

DB Server DB Server

DB Server

Web Server Web Server

NAT

Customer

Network

R

57copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security in Your VPC

Security groups

Network access

control lists

(ACLs) Subnet

1000024Subnet

1001024

Internet GatewayVPN Gateway

VPC Router

1000016

Security Group Security

Group

Security

Group

Network ACL Network ACL

Routing Table Routing Table

instance instance instance instance

58copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answers

Q What AWS service would help support your web application to offload serving static assets and store user uploaded images and video off-instance

Q How would you find out the private and public IP addresses for an EC2 instance

Q What acts as an additional layer of security at the subnet level in a VPC

True or False S3 Provides unlimited storageTrue

Retrieve the instance metadata http169254169254latestmeta-data

Amazon S3

Network ACLs

59copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 3

Security Identity and Access

Management

60copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Shared Responsibility ndash AWS

AW

S

Client-side Data Encryption

and Data Integrity

Authentication

Server-side Encryption

(File System andor Data)Network Traffic Protection

(EncryptionIntegrityIdentity)

Platform Applications Identity and Access Management

Operating System Network and Firewall Configuration

Customer DataC

usto

mer

Foundation Services

Compute Storage Database Network

AWS Global

Infrastructure Regions

Availability Zones Edge

Locations

61copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Physical Security

247 trained security staff

AWS data centers in nondescript and undisclosed facilities

Two-factor authentication for authorized staff

Authorization for data center access

62copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Hardware Software and Network

Automated change-control process

Bastion servers that record all access attempts

Firewall and other boundary devices

AWS monitoring tools

63copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Certifications and Accreditations

ISO 9001 ISO 27001 ISO 27017 ISO 27018 IRAP (Australia) MLPS Level 3 (China)

MTCS Tier 3 Certification (Singapore) and more hellip

64copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SSL Endpoints

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

SSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

SSL Endpoints

65copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security Groups

SSL Endpoints Security Groups

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

66copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

VPCSSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

67copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Multi-Tier Security Groups

HTTP

SSHRDP

Ports 80 and 443 only

open to the Internet

Engineering staff have SSHRDP

access to Bastion Host

All other internet ports blocked by default

Bastion

68copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Identity and Access Management (IAM)

AWS IAM

3

Manage federated users

and their permissions

2

Manage AWS IAM roles

and their permissions

1

Manage AWS IAM users

and their access

69copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Authentication

AWS Management Console User Name and Password

IAM User

70copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Access Key ID AKIAIOSFODNN7EXAMPLE

Secret Access Key wJalrXUtnFEMIK7MDENGbPxRfiCYEXAMPLEKEY

Java Python NET

AWS SDK amp APIAWS CLI

Authentication

AWS CLI or SDK API Access Key and Secret Key

IAM User

71copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM User Management - Groups

User D

DevOps Group

User C

AWS Account

TestDev Group

User BUser A

72copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authorization

Authorization

Policies

Are JSON documents to

describe permissions

Are assigned to Users

Groups or Roles

IAM User IAM Group

IAM Roles

73copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Elements

Version 2012-10-17

Statement [

Sid Stmt1453690971587

Action [

ec2Describe

ec2StartInstances

ec2StopInstancesrdquo

]

Effect Allow

Resource

Condition

IpAddress

awsSourceIp 5464346532rdquo

Sid Stmt1453690998327

Action [

s3GetObjectrdquo

]

Effect Allow

Resource arnawss3example_bucketrdquo

]

IAM Policy

74copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

Assigned Assigned

IAM Policy

75copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

76copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Roles

An IAM role uses a policy

An IAM role has no associated credentials

IAM users applications and services may assume IAM

roles

IAM Roles

77copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

IAM User

Assumed Assumed

AWS Resources

78copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Access to AWS Resources

Python application hosted on an Amazon EC2 Instance

needs to interact with Amazon S3

AWS credentials are required

Option 1 Store AWS Credentials on the Amazon EC2 instance

Option 2 Securely distribute AWS credentials to AWS Services

and Applications

IAM Roles

79copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Authentication

AWS IAM Application

No Support No Support

OS

80copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication and Authorization

Authentication

AWS Management Console

bull User Name and Password

AWS CLI or SDK API

bull Access Key and Secret Key

Authorization

Policies

IAM User IAM Group

IAM Roles

81copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices

Delete AWS account (root) access keys

Create individual IAM users

Use groups to assign permissions to IAM users

Grant least privilege

Configure a strong password policy

Enable MFA for privileged users

82copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices (cont)

Use roles for applications that run on Amazon EC2

instances

Delegate by using roles instead of by sharing credentials

Rotate credentials regularly

Remove unnecessary users and credentials

Use policy conditions for extra security

Monitor activity in your AWS account

83copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Resource-Based Policies

Are an alternative to IAM and supported by some

services

Grant cross-account access to your resources

Use a principal to uniquely identify account in the policy

Supported AWS services include Amazon S3 Bucket Policy

Amazon SNS Topic Policy

Amazon SQS Queue Policy

Amazon Glacier Vault Policy

AWS OpsWorks Stack Policy

AWS Lambda Function Policy

84copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answer

Q Your web application needs to readwrite an Amazon DynamoDB table

and an Amazon S3 bucket This operation requires AWS credentials and

authorization to use AWS services What service would you use

AWS IAM Role

85copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 4

Databases

86copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SQL and NoSQL Databases

SQL NoSQL

Data Storage Rows and Columns Key-Value

Schemas Fixed Dynamic

Querying Using SQL Focused on collection of

documents

Scalability Vertical Horizontal

ISBN Title Author Format

9182932465265 Cloud Computing

Concepts

Wilson

Joe

Paperback

3142536475869 The Database

Guru

Gomez

Maria

eBook

SQL NoSQL

ISBN 9182932465265

Title ldquoCloud Computing Conceptsrdquo

Author ldquoWilson Joerdquo

Format ldquoPaperbackrdquo

87copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Data Storage Considerations

No one size fits all

Analyze your data requirements by considering

Data formats

Data size

Query frequency

Data access speed

Data retention period

88copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Managed Database Services

Compute Storage

AWS Global Infrastructure

Database

App Services

Deployment and Administration

Networking

Amazon DynamoDB

Amazon ElastiCache

Amazon RDS

Amazon Redshift

AWS Database Migration Service

89copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Relational Database Service (RDS)

Cost-efficient and resizable capacity

Manages time-consuming database

administration tasks

Access to the full capabilities of Amazon

Aurora MySQL MariaDB Microsoft SQL

Server Oracle and PostgreSQL databases

Amazon

RDS

90copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Use Case

We were able to go from

concept to delivered product

in about six months with just

a handful of engineers

Greg Scallan

Chief Architect Flipboard

rdquo

ldquoFlipboard is an online magazine

with millions of users and billions of

ldquoflipsrdquo per month

Flipboard is one of the worldrsquos first

social media magazines

Flipboard uses Amazon RDS and

its Multi-AZ capabilities to store

mission critical user data

91copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS

Simple and fast to deploy

Manages common database administrative tasks

Compatible with your applications

Fast predictable performance

Simple and fast to scale

Secure

Cost-effective

92copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

How Amazon RDS Backups Work

Automatic Backups

Restore your database to a

point in time

Are enabled by default

Let you choose a retention

period up to 35 days

Manual Snapshots

Let you build a new

database instance from a

snapshot

Are initiated by the user

Persist until the user deletes

them

Are stored in Amazon S3

93copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cross-Region Snapshots

Are a copy of a database

snapshot stored in a

different AWS Region

Provide a backup for

disaster recovery

Can be used as a base

for migration to a

different region

94copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Security

Run your DB instance in an Amazon VPC

Use IAM policies to grant access to Amazon RDS resources

Use security groups

Use Secure Socket Layer (SSL) connections with DB instances (Amazon Aurora Oracle MySQL MariaDB PostgreSQL Microsoft SQL Server)

Use Amazon RDS encryption to secure your RDS instances and snapshots at rest

Use network encryption and transparent data encryption (TDE) with Oracle DB and Microsoft SQL Server instances

Use the security features of your DB engine to control access to your DB instance

95copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

A Resilient Durable Application Architecture

Amazon RDS database

instances

Master and Multi-AZ standby

Application in Amazon

EC2 instances

Elastic Load Balancing

load balancer instance

DB snapshots in

Amazon S3

96copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Best Practices

Monitor your memory CPU and storage usage

Use Multi-AZ deployments to automatically provision and maintain a synchronous standby in a different Availability Zone

Enable automatic backups

Set the backup window to occur during the daily low in WriteIOPS

To increase the IO capacity of a DB instance Migrate to a DB instance class with high IO capacity

Convert from standard storage to provisioned IOPS storage and use a DB instance class optimized for provisioned IOPS

Provision additional throughput capacity (if using provisioned IOPS storage)

If your client application is caching the DNS data of your DB instances set a TTL of less than 30 seconds

Test failover for your DB instance

97copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon DynamoDB

Store any amount of data with no limits

Fast predictable performance using SSDs

Easily provision and change the request

capacity needed for each table

Fully managed NoSQL database serviceAmazon

DynamoDB

98copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Use Case

AdRoll an online advertising platform serves 50

billion impressions a day worldwide with its

global retargeting platforms

We spend more on snacks

than we do on Amazon

DynamoDB

Valentino Volonghi

CTO Adroll

rdquo

ldquoAdroll Uses AWS to grow by more than

15000 in a year

Needed high-performance flexible

platform to swiftly sync data for

worldwide audience

Processes 50 TB of data a day

Serves 50 billion impressions a day

Stores 15 PB of data

Worldwide deployment minimizes

latency

99copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Data Model

Table

MusicItems

Attributes (name-value pairs)

Artist Song

Title

Album

Title

Year Genre

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 6: AWSome Day Cork | Technical Track

6copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Rapid Pace of Innovation

2009

48

159

722

82

2011 2013 2015

New FeaturesServices

Launched

7copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Direct

Connect

AWS Elastic Beanstalk

AWS GovCloud

Amazon CloudTrail

Amazon S3

Amazon WorkSpaces

Amazon Kinesis

Amazon

AppStream

Amazon SNS

AWS IAM

Amazon Route 53

Amazon SWF

Amazon Redshift

Amazon Dynamo DB

Amazon CloudSearch

AWS Data

Pipeline

Trusted Advisor

AWS KMS

Amazon Config

Amazon RDS

for Aurora

Amazon WorkDocs

AWS

Directory

Service

AWS CodeCommit

AWS CodePipeline

AWS Service Catalog

Amazon CloudWatch Logs

Amazon EFS

Amazon API

Gateway

Amazon Machine

Learning

AWS Device Farm

AWS Web App Firewall

Amazon Elasticsearch Service

Amazon QuickSight

AWS ImportExport Snowball

RDS for MariaDB

Amazon Inspector

AWS IoT

Amazon EC2 Container

Registry

Amazon

ElastiCache

AWS

CloudFormation

Amazon

Mobile

Analytics

AWS Mobile Hub

AWS Storage GatewayAWS OpsWorks

AWS Elastic Transcoder

Amazon SES

Amazon EC2

Container Service

Amazon Cognito

AWS CodeDeploy

Glacier As of 1 February 2016

Amazon WorkMail

AWS Lambda1950Services and Features

8copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Customers

Enterprise Customers Startup Customers Public Sector Customers

9copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Six Advantages amp Benefits of AWS Cloud Computing

Trade capital expense

for variable expense

Benefit from massive

economies of scale

Stop guessing

capacity

Go global in minutes

Increase speed and

agility

Stop spending money on

running and maintaining

data centers

10copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Core Infrastructure and Services

AWS Technical Essentials 38 ILT

Security

Network

Security

Network

Security Groups NACLs Access Mgmt

VPCVPCEC2 ldquoClassicrdquo

ldquoPublic

rdquo

ELBOn-Demand

Provision

Traditional Infrastructure Amazon Web Services

Servers

AMI Amazon EC2 InstancesOn-Premises Servers

SecuritySecurity Groups NACLs AWS IAMFirewalls ACLs Administrators

NetworkingVPCELBRouter Network Pipeline Switch

Storage and

DatabaseRDBMSDAS SAN NAS Amazon

EBSAmazon

EFSAmazon

S3

Amazon

RDS

11copy 2016 Amazon Web Services Inc or its affiliates All rights reserved Infrastructure Regions Edge LocationsAvailability Zones

Foundation

Services

Compute(Virtual Auto-scaling and

Load Balancing)

Networking

Applications Virtual

DesktopsCollaboration and Sharing

Platform

Services

Caching

Relational

No SQL

Cluster

Computing

Real-time

Data

Workflows

Data

Warehouse

Queuing

Orchestration

App Streaming

Transcoding

Email

Search

Containers

Devops Tools

Resource Templates

Usage Tracking

Monitoring and Logs

Identity

Sync

Mobile Analytics

Notifications

AWS Cloud Computing

Databases Analytics App Services Deployment and

Management

Mobile Services

Storage(Object Block and Archive)

12copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Global Infrastructure

Regions

Geographic locations

Consists of at least two Availability Zones(AZs)

Availability Zones

Clusters of data centers

Isolated from failures in other Availability Zones

13copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Achieving High Availability Using Multi-AZ

Availability

Zone - AAvailability

Zone - B

Availability

Zone - C

Region

14copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Global Infrastructure

15copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Global Infrastructure

50+ AWS Edge Locations

Local points-of-presence commonly supporting AWS

services like

Amazon Route 53

Amazon CloudFront

16copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check

Q What is the AWS term for physically distinct groups of data centers

within a region

True or False There are more regions than Edge locations

True or False AWS owns and maintains the infrastructure required

for application services and you provision and use them as needed

Q How do AZs in the same region differ

Availability Zone (AZ)

False

True

Each Availability Zone is isolated but the Availability Zones in a region are

connected through low-latency links

17copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Management

Console Demonstration

18copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 2

AWS Infrastructure

19copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Elastic Compute

Cloud (EC2)

20copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Elastic Compute Cloud (EC2)

Resizable compute capacity

Complete control of your computing resources

Reduces the time required to obtain and boot

new server instances to minutesAmazon

EC2

21copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Facts

Scale capacity as your computing requirements change

Pay only for capacity that you actually use

Choose Linux or Windows

Deploy across AWS Regions and Availability Zones for reliability

22copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launching an Amazon EC2 Instance via the Web

Console

1 Determine the AWS Region in which you want to launch the

Amazon EC2 instance

2 Launch an Amazon EC2 instance from a pre-configured

Amazon Machine Image (AMI)

3 Choose an instance type based on CPU memory storage

and network requirements

4 Configure network IP address security groups storage

volume tags and key pair

23copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AMI Details

An AMI includes the following

A template for the root volume for the instance (for

example an operating system an application server

and applications)

Launch permissions that control which AWS accounts

can use the AMI to launch instances

A block device mapping that specifies the volumes to

attach to the instance when its launched

24copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instances and AMIs

Select an AMI based on

Region

Operating system

Architecture (32-bit or 64-bit)

Launch permissions

Storage for the root deviceAMI

Instances

Instance

Launch

instances of any

type

Host computer

Host computer

25copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Instances

OS Applications

amp Configuration

AMI

Running or

Stopped VM

Instances

AZ

VPC

Region

EBS

S3

EBS

SnapshotsS3 Buckets

EBS EBS EBS EBS EBS

AZ

Instances Instances

26copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS vs Amazon EC2 Instance Store

Amazon EBS

Data stored on an Amazon EBS volume can persist

independently of the life of the instance

Storage is persistent

Amazon EC2 Instance Store

Data stored on a local instance store persists only as long as the

instance is alive

Storage is ephemeral

27copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Marketplace ndash IT Software Optimized for the

Cloud

AWS Marketplace

Is an online store to discover purchase and deploy IT software on top of the AWS infrastructure

Catalog of 2300+ IT software solutionsbull Including Paid BYOL Open Source SaaS amp free to try options

Pre-configured to operate on AWSbull Software checked by AWS for security and operability

Deploys to AWS environment in minutes

Flexible usage-based billing models

Software charges billed to AWS account

Includes AWS Test Drive

httpsawsamazoncommarketplace

28copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Choosing the Right Amazon EC2 Instance

EC2 instance types are optimized for different use cases and come

in multiple sizes This allows you to optimally scale resources to

your workload requirements

AWS uses Intelreg Xeonreg processors for EC2 instances providing

customers with high performance and value

Consider the following when choosing your instances Core count

memory size storage size and type network performance and

CPU technologies

Hurry Up and Go Idle - A larger compute instance can save you time

and money therefore paying more per hour for a shorter amount of

time can be less expensive

29copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Intelreg Processor Technologies

Intelreg AVX ndash Get dramatically better performance for highly parallel HPC workloads such as life science engineering data mining financial analysis or other technical computing applications AVX also enhances image video and audio processing

Intelreg AES-NI ndash Enhance your security with these new encryption instructions that reduce the performance penalty associated with encryptingdecrypting data

Intelreg Turbo Boost Technology ndash Get more computing power when you need it with performance that adapts to spikes in your workload with Intelreg Turbo Boost Technology 20

30copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Current Generation Instances

Instance Family Some Use Cases

General purpose (t2 m4 m3) bull Low-traffic websites and web applications

bull Small databases and mid-size databases

Compute optimized (c4 c3) bull High performance front-end fleets

bull Video-encoding

Memory optimized (r3) bull High performance databases

bull Distributed memory caches

Storage optimized (i2 d2) bull Data warehousing

bull Log or data-processing applications

GPU instances (g2) bull 3D application streaming

bull Machine learning

31copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instance Metadata amp User Data

Instance Metadata

Is data about your instance

Can be used to configure or manage a running instance

Instance User Data

Can be passed to the instance at launch

Can be used to perform common automated configuration tasks

Runs scripts after the instance starts

32copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Purchasing Options

On-Demand Instances

Pay by the hour

Reserved Instances

Purchase at significant discount

Instances are always available

1-year to 3-year terms

Scheduled Instances

Purchase a 1-year RI for a

recurring period of time

Spot Instances

Highest bidder uses instance at a

significant discount

Spot blocks supported

Dedicated Hosts

Physical host is fully dedicated to

run your instances Bring your per-socket per-core or per-

VM software licenses to reduce

cost

33copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instructor Demo

Amazon EC2

34copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Simple Storage Service (S3)

Amazon S3

Storage for the Internet

Natively online HTTP access

Store and retrieve any amount of data any

time from anywhere on the web

Highly scalable reliable fast and durable

35copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Facts

Able to store an unlimited number of objects in a bucket

Objects up to 5 TB no bucket size limit

Designed for 99999999999 durability and 9999 availability of

objects over a given year

HTTPS endpoint to store and retrieve any amount of data at any

time from anywhere on the web

Highly scalable reliable fast and inexpensive

Optional server-side encryption using AWS or customer-

managed provided client-side encryption

Access logs for auditing

Provides standards-based REST and SOAP interfaces

36copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Common Use Scenarios

Storage and Backup

Application File Hosting

Media Hosting

Software Delivery

Store AMIs and Snapshots

37copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Concepts

Amazon S3 stores data as objects

within buckets

An object is composed of a file and

optionally any metadata that

describes that file

You can have up to 100 buckets in

each account

You can control access to the

bucket and its objects

Amazon

S3

Bucket

with

Objects

Bucket

Object

38copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Object Keys

An object key is the unique identifier for an object in a

bucket

httpdocs3amazonawscom2006-03-01AmazonS3html

Bucket ObjectKey

39copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Security

You can control access to buckets and objects with

Access Control Lists (ACLs)

Bucket policies

Identity and Access Management (IAM) policies

You can upload or download data to Amazon S3 via SSL

encrypted endpoints

You can encrypt data using AWS SDKs

40copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Versioning

Protects from accidental overwrites and deletes with

no performance penalty

Generates a new version with every upload

Allows easily retrieval of deleted objects or roll back

to previous versions

Three states of an Amazon S3 bucket

Un-versioned (default)

Versioning-enabled

Versioning-suspendedVersioning Enabled

Key photogif

ID 121212

Key photogif

ID 111111

41copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Object Lifecycle

Lifecycle management defines how Amazon S3 manages

objects during their lifetime Some objects that you store in an

Amazon S3 bucket might have a well-defined lifecycle

Log files

Archive documents

Digital media archives

Financial and healthcare records

Raw genomics sequence data

Long-term database backups

Data that must be retained for regulatory compliance

42copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Glacier

Long term low-cost archiving service

Optimal for infrequently accessed data

Designed for 99999999999 durability

3-5 hours retrieval time

Less than $001 per GB month (depending on region)

43copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 + Amazon Glacier

S3 Lifecycle policies allow you to delete or move

objects based on age and set rules per S3 bucket

bucket with

objects

30 Days

Glacier

archive

365 Days

44copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Region Considerations

Amazon S3 creates a bucket in the region you

select

You can choose a region to

Optimize latency

Minimize costs

Address regulatory requirements

Objects stored in a region never leave the region

unless you explicitly transfer them to another

region

45copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Storage Classes

Storage Class Durability Availability Other Considerations

Amazon S3

Standard

99999999999 9999 None

Amazon S3

Standard -

Infrequent

Access (IA)

99999999999 9999 bull Retrieval fee associated

with objects

bull Most suitable for

infrequently accessed

data

Glacier 99999999999 9999 (after you

restore objects)

bull Not available for real-time

access

bull Must restore objects

before you can access

them

46copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Elastic Block Store (EBS)

Persistent block level storage volumes

offering consistent and low-latency performance

Automatically replicated within its Availability

Zone

Snapshots stored durably in Amazon S3 Amazon

EBS

47copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS Lifecycle

Vast amounts of

unused space Create

Call CreateVolume

1 GB to 16 TB

Attach

Call AttachVolume to affiliate with

one Amazon EC2 instance

Attached

and

In Use

bull Format from Amazon EC2

instance OS

bull Mount formatted drive

CreateSnapshotSnapshot to

Amazon S3Detach

Call DetachVolume

Deleted

Call DeleteVolume

48copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS Facts

You can create

EBS Magnetic volumes from 1 GiB to 1 TiB in size

EBS General Purpose (SSD) and Provisioned IOPS (SSD)

volumes up to 16 TiB in size

You can use encrypted EBS volumes to meet a wide

range of data at-rest encryption requirements for

regulatedaudited data and applications

You can create point-in-time snapshots of EBS volumes

which are persisted to Amazon S3

49copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS and Amazon S3

Amazon EBS Amazon S3

Paradigm Block storage with file system Object store

Performance Very fast Fast

Redundancy Across multiple servers in an

Availability Zone

Across multiple facilities in a Region

Security EBS Encryption ndash Data volumes

and Snapshots

Encryption

Access from the

Internet

No (1) Yes (2)

Typical use case It is a disk drive Online storage

(1) Accessible from the Internet if mounted to server and set up as FTP etc

(2) Only with proper credentials unless ACLs are world-readable

50copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Instance Storage

Local complimentary direct attached block storage resource

Availability number of disks and size is based on EC2

instance type

Storage optimized instances for up to 365000 Read IOPS

and 315000 First Write IOPS

SSD or magnetic

No persistence

All data is automatically deleted when an EC2 instance stops

fails or is terminated

51copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Reboot vs Stop vs Terminate

Characteristic Reboot StopStart (EBS-backed instances only)

Terminate

Host computer The instance stays on the

same host computer

The instance runs on a new

host computer

NA

Private and public

IP addresses

Stay the same Instance keeps its private IP

address and gets a new public

IP address

NA

Elastic IP addresses

(EIP)

EIP remains associated with

the instance

EIP remains associated with the

instance

The EIP is disassociated from the

instance

Instance store

volumes

The data is preserved The data is erased The data is erased

EBS volume The volume is preserved The volume is preserved The volume is deleted by default

Billing Instance billing hour doesnrsquot

change

You stop incurring charges as

soon as state is changed to

stopping

You stop incurring charges as

soon as state is changed to

shutting-down

52copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instructor Demo

Amazon S3

53copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Networking

Amazon VPC

54copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

Provision a private isolated virtual network

on the AWS cloud

Have complete control over your virtual

networking environmentAmazon

VPC

55copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

VPCs and Subnets

A subnet defines a range of IP addresses in your VPC

You can launch AWS resources into a subnet that you select

A private subnet should be used for resources that wonrsquot be accessible over the Internet

A public subnet should be used for resources that will be accessed over the Internet

Each subnet must reside entirely within one Availability Zone and cannot span zones

56copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon VPC Example

Availability Zone A

Virtual Private Cloud

AWS Cloud

Public Subnet

Internet

Virtual Private Cloud

Availability Zone B

Private Subnet

Availability Zone C

VPN Only Subnet

DB Server DB Server

App Server

DB Server DB Server

DB Server

Web Server Web Server

NAT

Customer

Network

R

57copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security in Your VPC

Security groups

Network access

control lists

(ACLs) Subnet

1000024Subnet

1001024

Internet GatewayVPN Gateway

VPC Router

1000016

Security Group Security

Group

Security

Group

Network ACL Network ACL

Routing Table Routing Table

instance instance instance instance

58copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answers

Q What AWS service would help support your web application to offload serving static assets and store user uploaded images and video off-instance

Q How would you find out the private and public IP addresses for an EC2 instance

Q What acts as an additional layer of security at the subnet level in a VPC

True or False S3 Provides unlimited storageTrue

Retrieve the instance metadata http169254169254latestmeta-data

Amazon S3

Network ACLs

59copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 3

Security Identity and Access

Management

60copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Shared Responsibility ndash AWS

AW

S

Client-side Data Encryption

and Data Integrity

Authentication

Server-side Encryption

(File System andor Data)Network Traffic Protection

(EncryptionIntegrityIdentity)

Platform Applications Identity and Access Management

Operating System Network and Firewall Configuration

Customer DataC

usto

mer

Foundation Services

Compute Storage Database Network

AWS Global

Infrastructure Regions

Availability Zones Edge

Locations

61copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Physical Security

247 trained security staff

AWS data centers in nondescript and undisclosed facilities

Two-factor authentication for authorized staff

Authorization for data center access

62copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Hardware Software and Network

Automated change-control process

Bastion servers that record all access attempts

Firewall and other boundary devices

AWS monitoring tools

63copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Certifications and Accreditations

ISO 9001 ISO 27001 ISO 27017 ISO 27018 IRAP (Australia) MLPS Level 3 (China)

MTCS Tier 3 Certification (Singapore) and more hellip

64copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SSL Endpoints

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

SSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

SSL Endpoints

65copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security Groups

SSL Endpoints Security Groups

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

66copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

VPCSSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

67copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Multi-Tier Security Groups

HTTP

SSHRDP

Ports 80 and 443 only

open to the Internet

Engineering staff have SSHRDP

access to Bastion Host

All other internet ports blocked by default

Bastion

68copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Identity and Access Management (IAM)

AWS IAM

3

Manage federated users

and their permissions

2

Manage AWS IAM roles

and their permissions

1

Manage AWS IAM users

and their access

69copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Authentication

AWS Management Console User Name and Password

IAM User

70copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Access Key ID AKIAIOSFODNN7EXAMPLE

Secret Access Key wJalrXUtnFEMIK7MDENGbPxRfiCYEXAMPLEKEY

Java Python NET

AWS SDK amp APIAWS CLI

Authentication

AWS CLI or SDK API Access Key and Secret Key

IAM User

71copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM User Management - Groups

User D

DevOps Group

User C

AWS Account

TestDev Group

User BUser A

72copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authorization

Authorization

Policies

Are JSON documents to

describe permissions

Are assigned to Users

Groups or Roles

IAM User IAM Group

IAM Roles

73copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Elements

Version 2012-10-17

Statement [

Sid Stmt1453690971587

Action [

ec2Describe

ec2StartInstances

ec2StopInstancesrdquo

]

Effect Allow

Resource

Condition

IpAddress

awsSourceIp 5464346532rdquo

Sid Stmt1453690998327

Action [

s3GetObjectrdquo

]

Effect Allow

Resource arnawss3example_bucketrdquo

]

IAM Policy

74copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

Assigned Assigned

IAM Policy

75copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

76copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Roles

An IAM role uses a policy

An IAM role has no associated credentials

IAM users applications and services may assume IAM

roles

IAM Roles

77copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

IAM User

Assumed Assumed

AWS Resources

78copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Access to AWS Resources

Python application hosted on an Amazon EC2 Instance

needs to interact with Amazon S3

AWS credentials are required

Option 1 Store AWS Credentials on the Amazon EC2 instance

Option 2 Securely distribute AWS credentials to AWS Services

and Applications

IAM Roles

79copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Authentication

AWS IAM Application

No Support No Support

OS

80copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication and Authorization

Authentication

AWS Management Console

bull User Name and Password

AWS CLI or SDK API

bull Access Key and Secret Key

Authorization

Policies

IAM User IAM Group

IAM Roles

81copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices

Delete AWS account (root) access keys

Create individual IAM users

Use groups to assign permissions to IAM users

Grant least privilege

Configure a strong password policy

Enable MFA for privileged users

82copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices (cont)

Use roles for applications that run on Amazon EC2

instances

Delegate by using roles instead of by sharing credentials

Rotate credentials regularly

Remove unnecessary users and credentials

Use policy conditions for extra security

Monitor activity in your AWS account

83copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Resource-Based Policies

Are an alternative to IAM and supported by some

services

Grant cross-account access to your resources

Use a principal to uniquely identify account in the policy

Supported AWS services include Amazon S3 Bucket Policy

Amazon SNS Topic Policy

Amazon SQS Queue Policy

Amazon Glacier Vault Policy

AWS OpsWorks Stack Policy

AWS Lambda Function Policy

84copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answer

Q Your web application needs to readwrite an Amazon DynamoDB table

and an Amazon S3 bucket This operation requires AWS credentials and

authorization to use AWS services What service would you use

AWS IAM Role

85copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 4

Databases

86copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SQL and NoSQL Databases

SQL NoSQL

Data Storage Rows and Columns Key-Value

Schemas Fixed Dynamic

Querying Using SQL Focused on collection of

documents

Scalability Vertical Horizontal

ISBN Title Author Format

9182932465265 Cloud Computing

Concepts

Wilson

Joe

Paperback

3142536475869 The Database

Guru

Gomez

Maria

eBook

SQL NoSQL

ISBN 9182932465265

Title ldquoCloud Computing Conceptsrdquo

Author ldquoWilson Joerdquo

Format ldquoPaperbackrdquo

87copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Data Storage Considerations

No one size fits all

Analyze your data requirements by considering

Data formats

Data size

Query frequency

Data access speed

Data retention period

88copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Managed Database Services

Compute Storage

AWS Global Infrastructure

Database

App Services

Deployment and Administration

Networking

Amazon DynamoDB

Amazon ElastiCache

Amazon RDS

Amazon Redshift

AWS Database Migration Service

89copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Relational Database Service (RDS)

Cost-efficient and resizable capacity

Manages time-consuming database

administration tasks

Access to the full capabilities of Amazon

Aurora MySQL MariaDB Microsoft SQL

Server Oracle and PostgreSQL databases

Amazon

RDS

90copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Use Case

We were able to go from

concept to delivered product

in about six months with just

a handful of engineers

Greg Scallan

Chief Architect Flipboard

rdquo

ldquoFlipboard is an online magazine

with millions of users and billions of

ldquoflipsrdquo per month

Flipboard is one of the worldrsquos first

social media magazines

Flipboard uses Amazon RDS and

its Multi-AZ capabilities to store

mission critical user data

91copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS

Simple and fast to deploy

Manages common database administrative tasks

Compatible with your applications

Fast predictable performance

Simple and fast to scale

Secure

Cost-effective

92copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

How Amazon RDS Backups Work

Automatic Backups

Restore your database to a

point in time

Are enabled by default

Let you choose a retention

period up to 35 days

Manual Snapshots

Let you build a new

database instance from a

snapshot

Are initiated by the user

Persist until the user deletes

them

Are stored in Amazon S3

93copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cross-Region Snapshots

Are a copy of a database

snapshot stored in a

different AWS Region

Provide a backup for

disaster recovery

Can be used as a base

for migration to a

different region

94copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Security

Run your DB instance in an Amazon VPC

Use IAM policies to grant access to Amazon RDS resources

Use security groups

Use Secure Socket Layer (SSL) connections with DB instances (Amazon Aurora Oracle MySQL MariaDB PostgreSQL Microsoft SQL Server)

Use Amazon RDS encryption to secure your RDS instances and snapshots at rest

Use network encryption and transparent data encryption (TDE) with Oracle DB and Microsoft SQL Server instances

Use the security features of your DB engine to control access to your DB instance

95copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

A Resilient Durable Application Architecture

Amazon RDS database

instances

Master and Multi-AZ standby

Application in Amazon

EC2 instances

Elastic Load Balancing

load balancer instance

DB snapshots in

Amazon S3

96copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Best Practices

Monitor your memory CPU and storage usage

Use Multi-AZ deployments to automatically provision and maintain a synchronous standby in a different Availability Zone

Enable automatic backups

Set the backup window to occur during the daily low in WriteIOPS

To increase the IO capacity of a DB instance Migrate to a DB instance class with high IO capacity

Convert from standard storage to provisioned IOPS storage and use a DB instance class optimized for provisioned IOPS

Provision additional throughput capacity (if using provisioned IOPS storage)

If your client application is caching the DNS data of your DB instances set a TTL of less than 30 seconds

Test failover for your DB instance

97copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon DynamoDB

Store any amount of data with no limits

Fast predictable performance using SSDs

Easily provision and change the request

capacity needed for each table

Fully managed NoSQL database serviceAmazon

DynamoDB

98copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Use Case

AdRoll an online advertising platform serves 50

billion impressions a day worldwide with its

global retargeting platforms

We spend more on snacks

than we do on Amazon

DynamoDB

Valentino Volonghi

CTO Adroll

rdquo

ldquoAdroll Uses AWS to grow by more than

15000 in a year

Needed high-performance flexible

platform to swiftly sync data for

worldwide audience

Processes 50 TB of data a day

Serves 50 billion impressions a day

Stores 15 PB of data

Worldwide deployment minimizes

latency

99copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Data Model

Table

MusicItems

Attributes (name-value pairs)

Artist Song

Title

Album

Title

Year Genre

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 7: AWSome Day Cork | Technical Track

7copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Direct

Connect

AWS Elastic Beanstalk

AWS GovCloud

Amazon CloudTrail

Amazon S3

Amazon WorkSpaces

Amazon Kinesis

Amazon

AppStream

Amazon SNS

AWS IAM

Amazon Route 53

Amazon SWF

Amazon Redshift

Amazon Dynamo DB

Amazon CloudSearch

AWS Data

Pipeline

Trusted Advisor

AWS KMS

Amazon Config

Amazon RDS

for Aurora

Amazon WorkDocs

AWS

Directory

Service

AWS CodeCommit

AWS CodePipeline

AWS Service Catalog

Amazon CloudWatch Logs

Amazon EFS

Amazon API

Gateway

Amazon Machine

Learning

AWS Device Farm

AWS Web App Firewall

Amazon Elasticsearch Service

Amazon QuickSight

AWS ImportExport Snowball

RDS for MariaDB

Amazon Inspector

AWS IoT

Amazon EC2 Container

Registry

Amazon

ElastiCache

AWS

CloudFormation

Amazon

Mobile

Analytics

AWS Mobile Hub

AWS Storage GatewayAWS OpsWorks

AWS Elastic Transcoder

Amazon SES

Amazon EC2

Container Service

Amazon Cognito

AWS CodeDeploy

Glacier As of 1 February 2016

Amazon WorkMail

AWS Lambda1950Services and Features

8copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Customers

Enterprise Customers Startup Customers Public Sector Customers

9copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Six Advantages amp Benefits of AWS Cloud Computing

Trade capital expense

for variable expense

Benefit from massive

economies of scale

Stop guessing

capacity

Go global in minutes

Increase speed and

agility

Stop spending money on

running and maintaining

data centers

10copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Core Infrastructure and Services

AWS Technical Essentials 38 ILT

Security

Network

Security

Network

Security Groups NACLs Access Mgmt

VPCVPCEC2 ldquoClassicrdquo

ldquoPublic

rdquo

ELBOn-Demand

Provision

Traditional Infrastructure Amazon Web Services

Servers

AMI Amazon EC2 InstancesOn-Premises Servers

SecuritySecurity Groups NACLs AWS IAMFirewalls ACLs Administrators

NetworkingVPCELBRouter Network Pipeline Switch

Storage and

DatabaseRDBMSDAS SAN NAS Amazon

EBSAmazon

EFSAmazon

S3

Amazon

RDS

11copy 2016 Amazon Web Services Inc or its affiliates All rights reserved Infrastructure Regions Edge LocationsAvailability Zones

Foundation

Services

Compute(Virtual Auto-scaling and

Load Balancing)

Networking

Applications Virtual

DesktopsCollaboration and Sharing

Platform

Services

Caching

Relational

No SQL

Cluster

Computing

Real-time

Data

Workflows

Data

Warehouse

Queuing

Orchestration

App Streaming

Transcoding

Email

Search

Containers

Devops Tools

Resource Templates

Usage Tracking

Monitoring and Logs

Identity

Sync

Mobile Analytics

Notifications

AWS Cloud Computing

Databases Analytics App Services Deployment and

Management

Mobile Services

Storage(Object Block and Archive)

12copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Global Infrastructure

Regions

Geographic locations

Consists of at least two Availability Zones(AZs)

Availability Zones

Clusters of data centers

Isolated from failures in other Availability Zones

13copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Achieving High Availability Using Multi-AZ

Availability

Zone - AAvailability

Zone - B

Availability

Zone - C

Region

14copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Global Infrastructure

15copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Global Infrastructure

50+ AWS Edge Locations

Local points-of-presence commonly supporting AWS

services like

Amazon Route 53

Amazon CloudFront

16copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check

Q What is the AWS term for physically distinct groups of data centers

within a region

True or False There are more regions than Edge locations

True or False AWS owns and maintains the infrastructure required

for application services and you provision and use them as needed

Q How do AZs in the same region differ

Availability Zone (AZ)

False

True

Each Availability Zone is isolated but the Availability Zones in a region are

connected through low-latency links

17copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Management

Console Demonstration

18copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 2

AWS Infrastructure

19copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Elastic Compute

Cloud (EC2)

20copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Elastic Compute Cloud (EC2)

Resizable compute capacity

Complete control of your computing resources

Reduces the time required to obtain and boot

new server instances to minutesAmazon

EC2

21copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Facts

Scale capacity as your computing requirements change

Pay only for capacity that you actually use

Choose Linux or Windows

Deploy across AWS Regions and Availability Zones for reliability

22copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launching an Amazon EC2 Instance via the Web

Console

1 Determine the AWS Region in which you want to launch the

Amazon EC2 instance

2 Launch an Amazon EC2 instance from a pre-configured

Amazon Machine Image (AMI)

3 Choose an instance type based on CPU memory storage

and network requirements

4 Configure network IP address security groups storage

volume tags and key pair

23copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AMI Details

An AMI includes the following

A template for the root volume for the instance (for

example an operating system an application server

and applications)

Launch permissions that control which AWS accounts

can use the AMI to launch instances

A block device mapping that specifies the volumes to

attach to the instance when its launched

24copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instances and AMIs

Select an AMI based on

Region

Operating system

Architecture (32-bit or 64-bit)

Launch permissions

Storage for the root deviceAMI

Instances

Instance

Launch

instances of any

type

Host computer

Host computer

25copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Instances

OS Applications

amp Configuration

AMI

Running or

Stopped VM

Instances

AZ

VPC

Region

EBS

S3

EBS

SnapshotsS3 Buckets

EBS EBS EBS EBS EBS

AZ

Instances Instances

26copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS vs Amazon EC2 Instance Store

Amazon EBS

Data stored on an Amazon EBS volume can persist

independently of the life of the instance

Storage is persistent

Amazon EC2 Instance Store

Data stored on a local instance store persists only as long as the

instance is alive

Storage is ephemeral

27copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Marketplace ndash IT Software Optimized for the

Cloud

AWS Marketplace

Is an online store to discover purchase and deploy IT software on top of the AWS infrastructure

Catalog of 2300+ IT software solutionsbull Including Paid BYOL Open Source SaaS amp free to try options

Pre-configured to operate on AWSbull Software checked by AWS for security and operability

Deploys to AWS environment in minutes

Flexible usage-based billing models

Software charges billed to AWS account

Includes AWS Test Drive

httpsawsamazoncommarketplace

28copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Choosing the Right Amazon EC2 Instance

EC2 instance types are optimized for different use cases and come

in multiple sizes This allows you to optimally scale resources to

your workload requirements

AWS uses Intelreg Xeonreg processors for EC2 instances providing

customers with high performance and value

Consider the following when choosing your instances Core count

memory size storage size and type network performance and

CPU technologies

Hurry Up and Go Idle - A larger compute instance can save you time

and money therefore paying more per hour for a shorter amount of

time can be less expensive

29copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Intelreg Processor Technologies

Intelreg AVX ndash Get dramatically better performance for highly parallel HPC workloads such as life science engineering data mining financial analysis or other technical computing applications AVX also enhances image video and audio processing

Intelreg AES-NI ndash Enhance your security with these new encryption instructions that reduce the performance penalty associated with encryptingdecrypting data

Intelreg Turbo Boost Technology ndash Get more computing power when you need it with performance that adapts to spikes in your workload with Intelreg Turbo Boost Technology 20

30copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Current Generation Instances

Instance Family Some Use Cases

General purpose (t2 m4 m3) bull Low-traffic websites and web applications

bull Small databases and mid-size databases

Compute optimized (c4 c3) bull High performance front-end fleets

bull Video-encoding

Memory optimized (r3) bull High performance databases

bull Distributed memory caches

Storage optimized (i2 d2) bull Data warehousing

bull Log or data-processing applications

GPU instances (g2) bull 3D application streaming

bull Machine learning

31copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instance Metadata amp User Data

Instance Metadata

Is data about your instance

Can be used to configure or manage a running instance

Instance User Data

Can be passed to the instance at launch

Can be used to perform common automated configuration tasks

Runs scripts after the instance starts

32copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Purchasing Options

On-Demand Instances

Pay by the hour

Reserved Instances

Purchase at significant discount

Instances are always available

1-year to 3-year terms

Scheduled Instances

Purchase a 1-year RI for a

recurring period of time

Spot Instances

Highest bidder uses instance at a

significant discount

Spot blocks supported

Dedicated Hosts

Physical host is fully dedicated to

run your instances Bring your per-socket per-core or per-

VM software licenses to reduce

cost

33copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instructor Demo

Amazon EC2

34copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Simple Storage Service (S3)

Amazon S3

Storage for the Internet

Natively online HTTP access

Store and retrieve any amount of data any

time from anywhere on the web

Highly scalable reliable fast and durable

35copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Facts

Able to store an unlimited number of objects in a bucket

Objects up to 5 TB no bucket size limit

Designed for 99999999999 durability and 9999 availability of

objects over a given year

HTTPS endpoint to store and retrieve any amount of data at any

time from anywhere on the web

Highly scalable reliable fast and inexpensive

Optional server-side encryption using AWS or customer-

managed provided client-side encryption

Access logs for auditing

Provides standards-based REST and SOAP interfaces

36copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Common Use Scenarios

Storage and Backup

Application File Hosting

Media Hosting

Software Delivery

Store AMIs and Snapshots

37copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Concepts

Amazon S3 stores data as objects

within buckets

An object is composed of a file and

optionally any metadata that

describes that file

You can have up to 100 buckets in

each account

You can control access to the

bucket and its objects

Amazon

S3

Bucket

with

Objects

Bucket

Object

38copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Object Keys

An object key is the unique identifier for an object in a

bucket

httpdocs3amazonawscom2006-03-01AmazonS3html

Bucket ObjectKey

39copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Security

You can control access to buckets and objects with

Access Control Lists (ACLs)

Bucket policies

Identity and Access Management (IAM) policies

You can upload or download data to Amazon S3 via SSL

encrypted endpoints

You can encrypt data using AWS SDKs

40copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Versioning

Protects from accidental overwrites and deletes with

no performance penalty

Generates a new version with every upload

Allows easily retrieval of deleted objects or roll back

to previous versions

Three states of an Amazon S3 bucket

Un-versioned (default)

Versioning-enabled

Versioning-suspendedVersioning Enabled

Key photogif

ID 121212

Key photogif

ID 111111

41copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Object Lifecycle

Lifecycle management defines how Amazon S3 manages

objects during their lifetime Some objects that you store in an

Amazon S3 bucket might have a well-defined lifecycle

Log files

Archive documents

Digital media archives

Financial and healthcare records

Raw genomics sequence data

Long-term database backups

Data that must be retained for regulatory compliance

42copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Glacier

Long term low-cost archiving service

Optimal for infrequently accessed data

Designed for 99999999999 durability

3-5 hours retrieval time

Less than $001 per GB month (depending on region)

43copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 + Amazon Glacier

S3 Lifecycle policies allow you to delete or move

objects based on age and set rules per S3 bucket

bucket with

objects

30 Days

Glacier

archive

365 Days

44copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Region Considerations

Amazon S3 creates a bucket in the region you

select

You can choose a region to

Optimize latency

Minimize costs

Address regulatory requirements

Objects stored in a region never leave the region

unless you explicitly transfer them to another

region

45copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Storage Classes

Storage Class Durability Availability Other Considerations

Amazon S3

Standard

99999999999 9999 None

Amazon S3

Standard -

Infrequent

Access (IA)

99999999999 9999 bull Retrieval fee associated

with objects

bull Most suitable for

infrequently accessed

data

Glacier 99999999999 9999 (after you

restore objects)

bull Not available for real-time

access

bull Must restore objects

before you can access

them

46copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Elastic Block Store (EBS)

Persistent block level storage volumes

offering consistent and low-latency performance

Automatically replicated within its Availability

Zone

Snapshots stored durably in Amazon S3 Amazon

EBS

47copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS Lifecycle

Vast amounts of

unused space Create

Call CreateVolume

1 GB to 16 TB

Attach

Call AttachVolume to affiliate with

one Amazon EC2 instance

Attached

and

In Use

bull Format from Amazon EC2

instance OS

bull Mount formatted drive

CreateSnapshotSnapshot to

Amazon S3Detach

Call DetachVolume

Deleted

Call DeleteVolume

48copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS Facts

You can create

EBS Magnetic volumes from 1 GiB to 1 TiB in size

EBS General Purpose (SSD) and Provisioned IOPS (SSD)

volumes up to 16 TiB in size

You can use encrypted EBS volumes to meet a wide

range of data at-rest encryption requirements for

regulatedaudited data and applications

You can create point-in-time snapshots of EBS volumes

which are persisted to Amazon S3

49copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS and Amazon S3

Amazon EBS Amazon S3

Paradigm Block storage with file system Object store

Performance Very fast Fast

Redundancy Across multiple servers in an

Availability Zone

Across multiple facilities in a Region

Security EBS Encryption ndash Data volumes

and Snapshots

Encryption

Access from the

Internet

No (1) Yes (2)

Typical use case It is a disk drive Online storage

(1) Accessible from the Internet if mounted to server and set up as FTP etc

(2) Only with proper credentials unless ACLs are world-readable

50copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Instance Storage

Local complimentary direct attached block storage resource

Availability number of disks and size is based on EC2

instance type

Storage optimized instances for up to 365000 Read IOPS

and 315000 First Write IOPS

SSD or magnetic

No persistence

All data is automatically deleted when an EC2 instance stops

fails or is terminated

51copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Reboot vs Stop vs Terminate

Characteristic Reboot StopStart (EBS-backed instances only)

Terminate

Host computer The instance stays on the

same host computer

The instance runs on a new

host computer

NA

Private and public

IP addresses

Stay the same Instance keeps its private IP

address and gets a new public

IP address

NA

Elastic IP addresses

(EIP)

EIP remains associated with

the instance

EIP remains associated with the

instance

The EIP is disassociated from the

instance

Instance store

volumes

The data is preserved The data is erased The data is erased

EBS volume The volume is preserved The volume is preserved The volume is deleted by default

Billing Instance billing hour doesnrsquot

change

You stop incurring charges as

soon as state is changed to

stopping

You stop incurring charges as

soon as state is changed to

shutting-down

52copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instructor Demo

Amazon S3

53copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Networking

Amazon VPC

54copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

Provision a private isolated virtual network

on the AWS cloud

Have complete control over your virtual

networking environmentAmazon

VPC

55copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

VPCs and Subnets

A subnet defines a range of IP addresses in your VPC

You can launch AWS resources into a subnet that you select

A private subnet should be used for resources that wonrsquot be accessible over the Internet

A public subnet should be used for resources that will be accessed over the Internet

Each subnet must reside entirely within one Availability Zone and cannot span zones

56copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon VPC Example

Availability Zone A

Virtual Private Cloud

AWS Cloud

Public Subnet

Internet

Virtual Private Cloud

Availability Zone B

Private Subnet

Availability Zone C

VPN Only Subnet

DB Server DB Server

App Server

DB Server DB Server

DB Server

Web Server Web Server

NAT

Customer

Network

R

57copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security in Your VPC

Security groups

Network access

control lists

(ACLs) Subnet

1000024Subnet

1001024

Internet GatewayVPN Gateway

VPC Router

1000016

Security Group Security

Group

Security

Group

Network ACL Network ACL

Routing Table Routing Table

instance instance instance instance

58copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answers

Q What AWS service would help support your web application to offload serving static assets and store user uploaded images and video off-instance

Q How would you find out the private and public IP addresses for an EC2 instance

Q What acts as an additional layer of security at the subnet level in a VPC

True or False S3 Provides unlimited storageTrue

Retrieve the instance metadata http169254169254latestmeta-data

Amazon S3

Network ACLs

59copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 3

Security Identity and Access

Management

60copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Shared Responsibility ndash AWS

AW

S

Client-side Data Encryption

and Data Integrity

Authentication

Server-side Encryption

(File System andor Data)Network Traffic Protection

(EncryptionIntegrityIdentity)

Platform Applications Identity and Access Management

Operating System Network and Firewall Configuration

Customer DataC

usto

mer

Foundation Services

Compute Storage Database Network

AWS Global

Infrastructure Regions

Availability Zones Edge

Locations

61copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Physical Security

247 trained security staff

AWS data centers in nondescript and undisclosed facilities

Two-factor authentication for authorized staff

Authorization for data center access

62copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Hardware Software and Network

Automated change-control process

Bastion servers that record all access attempts

Firewall and other boundary devices

AWS monitoring tools

63copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Certifications and Accreditations

ISO 9001 ISO 27001 ISO 27017 ISO 27018 IRAP (Australia) MLPS Level 3 (China)

MTCS Tier 3 Certification (Singapore) and more hellip

64copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SSL Endpoints

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

SSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

SSL Endpoints

65copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security Groups

SSL Endpoints Security Groups

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

66copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

VPCSSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

67copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Multi-Tier Security Groups

HTTP

SSHRDP

Ports 80 and 443 only

open to the Internet

Engineering staff have SSHRDP

access to Bastion Host

All other internet ports blocked by default

Bastion

68copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Identity and Access Management (IAM)

AWS IAM

3

Manage federated users

and their permissions

2

Manage AWS IAM roles

and their permissions

1

Manage AWS IAM users

and their access

69copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Authentication

AWS Management Console User Name and Password

IAM User

70copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Access Key ID AKIAIOSFODNN7EXAMPLE

Secret Access Key wJalrXUtnFEMIK7MDENGbPxRfiCYEXAMPLEKEY

Java Python NET

AWS SDK amp APIAWS CLI

Authentication

AWS CLI or SDK API Access Key and Secret Key

IAM User

71copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM User Management - Groups

User D

DevOps Group

User C

AWS Account

TestDev Group

User BUser A

72copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authorization

Authorization

Policies

Are JSON documents to

describe permissions

Are assigned to Users

Groups or Roles

IAM User IAM Group

IAM Roles

73copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Elements

Version 2012-10-17

Statement [

Sid Stmt1453690971587

Action [

ec2Describe

ec2StartInstances

ec2StopInstancesrdquo

]

Effect Allow

Resource

Condition

IpAddress

awsSourceIp 5464346532rdquo

Sid Stmt1453690998327

Action [

s3GetObjectrdquo

]

Effect Allow

Resource arnawss3example_bucketrdquo

]

IAM Policy

74copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

Assigned Assigned

IAM Policy

75copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

76copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Roles

An IAM role uses a policy

An IAM role has no associated credentials

IAM users applications and services may assume IAM

roles

IAM Roles

77copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

IAM User

Assumed Assumed

AWS Resources

78copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Access to AWS Resources

Python application hosted on an Amazon EC2 Instance

needs to interact with Amazon S3

AWS credentials are required

Option 1 Store AWS Credentials on the Amazon EC2 instance

Option 2 Securely distribute AWS credentials to AWS Services

and Applications

IAM Roles

79copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Authentication

AWS IAM Application

No Support No Support

OS

80copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication and Authorization

Authentication

AWS Management Console

bull User Name and Password

AWS CLI or SDK API

bull Access Key and Secret Key

Authorization

Policies

IAM User IAM Group

IAM Roles

81copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices

Delete AWS account (root) access keys

Create individual IAM users

Use groups to assign permissions to IAM users

Grant least privilege

Configure a strong password policy

Enable MFA for privileged users

82copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices (cont)

Use roles for applications that run on Amazon EC2

instances

Delegate by using roles instead of by sharing credentials

Rotate credentials regularly

Remove unnecessary users and credentials

Use policy conditions for extra security

Monitor activity in your AWS account

83copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Resource-Based Policies

Are an alternative to IAM and supported by some

services

Grant cross-account access to your resources

Use a principal to uniquely identify account in the policy

Supported AWS services include Amazon S3 Bucket Policy

Amazon SNS Topic Policy

Amazon SQS Queue Policy

Amazon Glacier Vault Policy

AWS OpsWorks Stack Policy

AWS Lambda Function Policy

84copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answer

Q Your web application needs to readwrite an Amazon DynamoDB table

and an Amazon S3 bucket This operation requires AWS credentials and

authorization to use AWS services What service would you use

AWS IAM Role

85copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 4

Databases

86copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SQL and NoSQL Databases

SQL NoSQL

Data Storage Rows and Columns Key-Value

Schemas Fixed Dynamic

Querying Using SQL Focused on collection of

documents

Scalability Vertical Horizontal

ISBN Title Author Format

9182932465265 Cloud Computing

Concepts

Wilson

Joe

Paperback

3142536475869 The Database

Guru

Gomez

Maria

eBook

SQL NoSQL

ISBN 9182932465265

Title ldquoCloud Computing Conceptsrdquo

Author ldquoWilson Joerdquo

Format ldquoPaperbackrdquo

87copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Data Storage Considerations

No one size fits all

Analyze your data requirements by considering

Data formats

Data size

Query frequency

Data access speed

Data retention period

88copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Managed Database Services

Compute Storage

AWS Global Infrastructure

Database

App Services

Deployment and Administration

Networking

Amazon DynamoDB

Amazon ElastiCache

Amazon RDS

Amazon Redshift

AWS Database Migration Service

89copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Relational Database Service (RDS)

Cost-efficient and resizable capacity

Manages time-consuming database

administration tasks

Access to the full capabilities of Amazon

Aurora MySQL MariaDB Microsoft SQL

Server Oracle and PostgreSQL databases

Amazon

RDS

90copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Use Case

We were able to go from

concept to delivered product

in about six months with just

a handful of engineers

Greg Scallan

Chief Architect Flipboard

rdquo

ldquoFlipboard is an online magazine

with millions of users and billions of

ldquoflipsrdquo per month

Flipboard is one of the worldrsquos first

social media magazines

Flipboard uses Amazon RDS and

its Multi-AZ capabilities to store

mission critical user data

91copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS

Simple and fast to deploy

Manages common database administrative tasks

Compatible with your applications

Fast predictable performance

Simple and fast to scale

Secure

Cost-effective

92copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

How Amazon RDS Backups Work

Automatic Backups

Restore your database to a

point in time

Are enabled by default

Let you choose a retention

period up to 35 days

Manual Snapshots

Let you build a new

database instance from a

snapshot

Are initiated by the user

Persist until the user deletes

them

Are stored in Amazon S3

93copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cross-Region Snapshots

Are a copy of a database

snapshot stored in a

different AWS Region

Provide a backup for

disaster recovery

Can be used as a base

for migration to a

different region

94copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Security

Run your DB instance in an Amazon VPC

Use IAM policies to grant access to Amazon RDS resources

Use security groups

Use Secure Socket Layer (SSL) connections with DB instances (Amazon Aurora Oracle MySQL MariaDB PostgreSQL Microsoft SQL Server)

Use Amazon RDS encryption to secure your RDS instances and snapshots at rest

Use network encryption and transparent data encryption (TDE) with Oracle DB and Microsoft SQL Server instances

Use the security features of your DB engine to control access to your DB instance

95copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

A Resilient Durable Application Architecture

Amazon RDS database

instances

Master and Multi-AZ standby

Application in Amazon

EC2 instances

Elastic Load Balancing

load balancer instance

DB snapshots in

Amazon S3

96copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Best Practices

Monitor your memory CPU and storage usage

Use Multi-AZ deployments to automatically provision and maintain a synchronous standby in a different Availability Zone

Enable automatic backups

Set the backup window to occur during the daily low in WriteIOPS

To increase the IO capacity of a DB instance Migrate to a DB instance class with high IO capacity

Convert from standard storage to provisioned IOPS storage and use a DB instance class optimized for provisioned IOPS

Provision additional throughput capacity (if using provisioned IOPS storage)

If your client application is caching the DNS data of your DB instances set a TTL of less than 30 seconds

Test failover for your DB instance

97copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon DynamoDB

Store any amount of data with no limits

Fast predictable performance using SSDs

Easily provision and change the request

capacity needed for each table

Fully managed NoSQL database serviceAmazon

DynamoDB

98copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Use Case

AdRoll an online advertising platform serves 50

billion impressions a day worldwide with its

global retargeting platforms

We spend more on snacks

than we do on Amazon

DynamoDB

Valentino Volonghi

CTO Adroll

rdquo

ldquoAdroll Uses AWS to grow by more than

15000 in a year

Needed high-performance flexible

platform to swiftly sync data for

worldwide audience

Processes 50 TB of data a day

Serves 50 billion impressions a day

Stores 15 PB of data

Worldwide deployment minimizes

latency

99copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Data Model

Table

MusicItems

Attributes (name-value pairs)

Artist Song

Title

Album

Title

Year Genre

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 8: AWSome Day Cork | Technical Track

8copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Customers

Enterprise Customers Startup Customers Public Sector Customers

9copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Six Advantages amp Benefits of AWS Cloud Computing

Trade capital expense

for variable expense

Benefit from massive

economies of scale

Stop guessing

capacity

Go global in minutes

Increase speed and

agility

Stop spending money on

running and maintaining

data centers

10copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Core Infrastructure and Services

AWS Technical Essentials 38 ILT

Security

Network

Security

Network

Security Groups NACLs Access Mgmt

VPCVPCEC2 ldquoClassicrdquo

ldquoPublic

rdquo

ELBOn-Demand

Provision

Traditional Infrastructure Amazon Web Services

Servers

AMI Amazon EC2 InstancesOn-Premises Servers

SecuritySecurity Groups NACLs AWS IAMFirewalls ACLs Administrators

NetworkingVPCELBRouter Network Pipeline Switch

Storage and

DatabaseRDBMSDAS SAN NAS Amazon

EBSAmazon

EFSAmazon

S3

Amazon

RDS

11copy 2016 Amazon Web Services Inc or its affiliates All rights reserved Infrastructure Regions Edge LocationsAvailability Zones

Foundation

Services

Compute(Virtual Auto-scaling and

Load Balancing)

Networking

Applications Virtual

DesktopsCollaboration and Sharing

Platform

Services

Caching

Relational

No SQL

Cluster

Computing

Real-time

Data

Workflows

Data

Warehouse

Queuing

Orchestration

App Streaming

Transcoding

Email

Search

Containers

Devops Tools

Resource Templates

Usage Tracking

Monitoring and Logs

Identity

Sync

Mobile Analytics

Notifications

AWS Cloud Computing

Databases Analytics App Services Deployment and

Management

Mobile Services

Storage(Object Block and Archive)

12copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Global Infrastructure

Regions

Geographic locations

Consists of at least two Availability Zones(AZs)

Availability Zones

Clusters of data centers

Isolated from failures in other Availability Zones

13copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Achieving High Availability Using Multi-AZ

Availability

Zone - AAvailability

Zone - B

Availability

Zone - C

Region

14copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Global Infrastructure

15copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Global Infrastructure

50+ AWS Edge Locations

Local points-of-presence commonly supporting AWS

services like

Amazon Route 53

Amazon CloudFront

16copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check

Q What is the AWS term for physically distinct groups of data centers

within a region

True or False There are more regions than Edge locations

True or False AWS owns and maintains the infrastructure required

for application services and you provision and use them as needed

Q How do AZs in the same region differ

Availability Zone (AZ)

False

True

Each Availability Zone is isolated but the Availability Zones in a region are

connected through low-latency links

17copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Management

Console Demonstration

18copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 2

AWS Infrastructure

19copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Elastic Compute

Cloud (EC2)

20copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Elastic Compute Cloud (EC2)

Resizable compute capacity

Complete control of your computing resources

Reduces the time required to obtain and boot

new server instances to minutesAmazon

EC2

21copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Facts

Scale capacity as your computing requirements change

Pay only for capacity that you actually use

Choose Linux or Windows

Deploy across AWS Regions and Availability Zones for reliability

22copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launching an Amazon EC2 Instance via the Web

Console

1 Determine the AWS Region in which you want to launch the

Amazon EC2 instance

2 Launch an Amazon EC2 instance from a pre-configured

Amazon Machine Image (AMI)

3 Choose an instance type based on CPU memory storage

and network requirements

4 Configure network IP address security groups storage

volume tags and key pair

23copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AMI Details

An AMI includes the following

A template for the root volume for the instance (for

example an operating system an application server

and applications)

Launch permissions that control which AWS accounts

can use the AMI to launch instances

A block device mapping that specifies the volumes to

attach to the instance when its launched

24copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instances and AMIs

Select an AMI based on

Region

Operating system

Architecture (32-bit or 64-bit)

Launch permissions

Storage for the root deviceAMI

Instances

Instance

Launch

instances of any

type

Host computer

Host computer

25copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Instances

OS Applications

amp Configuration

AMI

Running or

Stopped VM

Instances

AZ

VPC

Region

EBS

S3

EBS

SnapshotsS3 Buckets

EBS EBS EBS EBS EBS

AZ

Instances Instances

26copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS vs Amazon EC2 Instance Store

Amazon EBS

Data stored on an Amazon EBS volume can persist

independently of the life of the instance

Storage is persistent

Amazon EC2 Instance Store

Data stored on a local instance store persists only as long as the

instance is alive

Storage is ephemeral

27copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Marketplace ndash IT Software Optimized for the

Cloud

AWS Marketplace

Is an online store to discover purchase and deploy IT software on top of the AWS infrastructure

Catalog of 2300+ IT software solutionsbull Including Paid BYOL Open Source SaaS amp free to try options

Pre-configured to operate on AWSbull Software checked by AWS for security and operability

Deploys to AWS environment in minutes

Flexible usage-based billing models

Software charges billed to AWS account

Includes AWS Test Drive

httpsawsamazoncommarketplace

28copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Choosing the Right Amazon EC2 Instance

EC2 instance types are optimized for different use cases and come

in multiple sizes This allows you to optimally scale resources to

your workload requirements

AWS uses Intelreg Xeonreg processors for EC2 instances providing

customers with high performance and value

Consider the following when choosing your instances Core count

memory size storage size and type network performance and

CPU technologies

Hurry Up and Go Idle - A larger compute instance can save you time

and money therefore paying more per hour for a shorter amount of

time can be less expensive

29copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Intelreg Processor Technologies

Intelreg AVX ndash Get dramatically better performance for highly parallel HPC workloads such as life science engineering data mining financial analysis or other technical computing applications AVX also enhances image video and audio processing

Intelreg AES-NI ndash Enhance your security with these new encryption instructions that reduce the performance penalty associated with encryptingdecrypting data

Intelreg Turbo Boost Technology ndash Get more computing power when you need it with performance that adapts to spikes in your workload with Intelreg Turbo Boost Technology 20

30copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Current Generation Instances

Instance Family Some Use Cases

General purpose (t2 m4 m3) bull Low-traffic websites and web applications

bull Small databases and mid-size databases

Compute optimized (c4 c3) bull High performance front-end fleets

bull Video-encoding

Memory optimized (r3) bull High performance databases

bull Distributed memory caches

Storage optimized (i2 d2) bull Data warehousing

bull Log or data-processing applications

GPU instances (g2) bull 3D application streaming

bull Machine learning

31copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instance Metadata amp User Data

Instance Metadata

Is data about your instance

Can be used to configure or manage a running instance

Instance User Data

Can be passed to the instance at launch

Can be used to perform common automated configuration tasks

Runs scripts after the instance starts

32copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Purchasing Options

On-Demand Instances

Pay by the hour

Reserved Instances

Purchase at significant discount

Instances are always available

1-year to 3-year terms

Scheduled Instances

Purchase a 1-year RI for a

recurring period of time

Spot Instances

Highest bidder uses instance at a

significant discount

Spot blocks supported

Dedicated Hosts

Physical host is fully dedicated to

run your instances Bring your per-socket per-core or per-

VM software licenses to reduce

cost

33copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instructor Demo

Amazon EC2

34copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Simple Storage Service (S3)

Amazon S3

Storage for the Internet

Natively online HTTP access

Store and retrieve any amount of data any

time from anywhere on the web

Highly scalable reliable fast and durable

35copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Facts

Able to store an unlimited number of objects in a bucket

Objects up to 5 TB no bucket size limit

Designed for 99999999999 durability and 9999 availability of

objects over a given year

HTTPS endpoint to store and retrieve any amount of data at any

time from anywhere on the web

Highly scalable reliable fast and inexpensive

Optional server-side encryption using AWS or customer-

managed provided client-side encryption

Access logs for auditing

Provides standards-based REST and SOAP interfaces

36copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Common Use Scenarios

Storage and Backup

Application File Hosting

Media Hosting

Software Delivery

Store AMIs and Snapshots

37copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Concepts

Amazon S3 stores data as objects

within buckets

An object is composed of a file and

optionally any metadata that

describes that file

You can have up to 100 buckets in

each account

You can control access to the

bucket and its objects

Amazon

S3

Bucket

with

Objects

Bucket

Object

38copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Object Keys

An object key is the unique identifier for an object in a

bucket

httpdocs3amazonawscom2006-03-01AmazonS3html

Bucket ObjectKey

39copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Security

You can control access to buckets and objects with

Access Control Lists (ACLs)

Bucket policies

Identity and Access Management (IAM) policies

You can upload or download data to Amazon S3 via SSL

encrypted endpoints

You can encrypt data using AWS SDKs

40copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Versioning

Protects from accidental overwrites and deletes with

no performance penalty

Generates a new version with every upload

Allows easily retrieval of deleted objects or roll back

to previous versions

Three states of an Amazon S3 bucket

Un-versioned (default)

Versioning-enabled

Versioning-suspendedVersioning Enabled

Key photogif

ID 121212

Key photogif

ID 111111

41copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Object Lifecycle

Lifecycle management defines how Amazon S3 manages

objects during their lifetime Some objects that you store in an

Amazon S3 bucket might have a well-defined lifecycle

Log files

Archive documents

Digital media archives

Financial and healthcare records

Raw genomics sequence data

Long-term database backups

Data that must be retained for regulatory compliance

42copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Glacier

Long term low-cost archiving service

Optimal for infrequently accessed data

Designed for 99999999999 durability

3-5 hours retrieval time

Less than $001 per GB month (depending on region)

43copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 + Amazon Glacier

S3 Lifecycle policies allow you to delete or move

objects based on age and set rules per S3 bucket

bucket with

objects

30 Days

Glacier

archive

365 Days

44copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Region Considerations

Amazon S3 creates a bucket in the region you

select

You can choose a region to

Optimize latency

Minimize costs

Address regulatory requirements

Objects stored in a region never leave the region

unless you explicitly transfer them to another

region

45copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Storage Classes

Storage Class Durability Availability Other Considerations

Amazon S3

Standard

99999999999 9999 None

Amazon S3

Standard -

Infrequent

Access (IA)

99999999999 9999 bull Retrieval fee associated

with objects

bull Most suitable for

infrequently accessed

data

Glacier 99999999999 9999 (after you

restore objects)

bull Not available for real-time

access

bull Must restore objects

before you can access

them

46copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Elastic Block Store (EBS)

Persistent block level storage volumes

offering consistent and low-latency performance

Automatically replicated within its Availability

Zone

Snapshots stored durably in Amazon S3 Amazon

EBS

47copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS Lifecycle

Vast amounts of

unused space Create

Call CreateVolume

1 GB to 16 TB

Attach

Call AttachVolume to affiliate with

one Amazon EC2 instance

Attached

and

In Use

bull Format from Amazon EC2

instance OS

bull Mount formatted drive

CreateSnapshotSnapshot to

Amazon S3Detach

Call DetachVolume

Deleted

Call DeleteVolume

48copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS Facts

You can create

EBS Magnetic volumes from 1 GiB to 1 TiB in size

EBS General Purpose (SSD) and Provisioned IOPS (SSD)

volumes up to 16 TiB in size

You can use encrypted EBS volumes to meet a wide

range of data at-rest encryption requirements for

regulatedaudited data and applications

You can create point-in-time snapshots of EBS volumes

which are persisted to Amazon S3

49copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS and Amazon S3

Amazon EBS Amazon S3

Paradigm Block storage with file system Object store

Performance Very fast Fast

Redundancy Across multiple servers in an

Availability Zone

Across multiple facilities in a Region

Security EBS Encryption ndash Data volumes

and Snapshots

Encryption

Access from the

Internet

No (1) Yes (2)

Typical use case It is a disk drive Online storage

(1) Accessible from the Internet if mounted to server and set up as FTP etc

(2) Only with proper credentials unless ACLs are world-readable

50copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Instance Storage

Local complimentary direct attached block storage resource

Availability number of disks and size is based on EC2

instance type

Storage optimized instances for up to 365000 Read IOPS

and 315000 First Write IOPS

SSD or magnetic

No persistence

All data is automatically deleted when an EC2 instance stops

fails or is terminated

51copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Reboot vs Stop vs Terminate

Characteristic Reboot StopStart (EBS-backed instances only)

Terminate

Host computer The instance stays on the

same host computer

The instance runs on a new

host computer

NA

Private and public

IP addresses

Stay the same Instance keeps its private IP

address and gets a new public

IP address

NA

Elastic IP addresses

(EIP)

EIP remains associated with

the instance

EIP remains associated with the

instance

The EIP is disassociated from the

instance

Instance store

volumes

The data is preserved The data is erased The data is erased

EBS volume The volume is preserved The volume is preserved The volume is deleted by default

Billing Instance billing hour doesnrsquot

change

You stop incurring charges as

soon as state is changed to

stopping

You stop incurring charges as

soon as state is changed to

shutting-down

52copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instructor Demo

Amazon S3

53copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Networking

Amazon VPC

54copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

Provision a private isolated virtual network

on the AWS cloud

Have complete control over your virtual

networking environmentAmazon

VPC

55copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

VPCs and Subnets

A subnet defines a range of IP addresses in your VPC

You can launch AWS resources into a subnet that you select

A private subnet should be used for resources that wonrsquot be accessible over the Internet

A public subnet should be used for resources that will be accessed over the Internet

Each subnet must reside entirely within one Availability Zone and cannot span zones

56copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon VPC Example

Availability Zone A

Virtual Private Cloud

AWS Cloud

Public Subnet

Internet

Virtual Private Cloud

Availability Zone B

Private Subnet

Availability Zone C

VPN Only Subnet

DB Server DB Server

App Server

DB Server DB Server

DB Server

Web Server Web Server

NAT

Customer

Network

R

57copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security in Your VPC

Security groups

Network access

control lists

(ACLs) Subnet

1000024Subnet

1001024

Internet GatewayVPN Gateway

VPC Router

1000016

Security Group Security

Group

Security

Group

Network ACL Network ACL

Routing Table Routing Table

instance instance instance instance

58copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answers

Q What AWS service would help support your web application to offload serving static assets and store user uploaded images and video off-instance

Q How would you find out the private and public IP addresses for an EC2 instance

Q What acts as an additional layer of security at the subnet level in a VPC

True or False S3 Provides unlimited storageTrue

Retrieve the instance metadata http169254169254latestmeta-data

Amazon S3

Network ACLs

59copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 3

Security Identity and Access

Management

60copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Shared Responsibility ndash AWS

AW

S

Client-side Data Encryption

and Data Integrity

Authentication

Server-side Encryption

(File System andor Data)Network Traffic Protection

(EncryptionIntegrityIdentity)

Platform Applications Identity and Access Management

Operating System Network and Firewall Configuration

Customer DataC

usto

mer

Foundation Services

Compute Storage Database Network

AWS Global

Infrastructure Regions

Availability Zones Edge

Locations

61copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Physical Security

247 trained security staff

AWS data centers in nondescript and undisclosed facilities

Two-factor authentication for authorized staff

Authorization for data center access

62copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Hardware Software and Network

Automated change-control process

Bastion servers that record all access attempts

Firewall and other boundary devices

AWS monitoring tools

63copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Certifications and Accreditations

ISO 9001 ISO 27001 ISO 27017 ISO 27018 IRAP (Australia) MLPS Level 3 (China)

MTCS Tier 3 Certification (Singapore) and more hellip

64copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SSL Endpoints

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

SSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

SSL Endpoints

65copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security Groups

SSL Endpoints Security Groups

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

66copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

VPCSSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

67copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Multi-Tier Security Groups

HTTP

SSHRDP

Ports 80 and 443 only

open to the Internet

Engineering staff have SSHRDP

access to Bastion Host

All other internet ports blocked by default

Bastion

68copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Identity and Access Management (IAM)

AWS IAM

3

Manage federated users

and their permissions

2

Manage AWS IAM roles

and their permissions

1

Manage AWS IAM users

and their access

69copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Authentication

AWS Management Console User Name and Password

IAM User

70copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Access Key ID AKIAIOSFODNN7EXAMPLE

Secret Access Key wJalrXUtnFEMIK7MDENGbPxRfiCYEXAMPLEKEY

Java Python NET

AWS SDK amp APIAWS CLI

Authentication

AWS CLI or SDK API Access Key and Secret Key

IAM User

71copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM User Management - Groups

User D

DevOps Group

User C

AWS Account

TestDev Group

User BUser A

72copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authorization

Authorization

Policies

Are JSON documents to

describe permissions

Are assigned to Users

Groups or Roles

IAM User IAM Group

IAM Roles

73copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Elements

Version 2012-10-17

Statement [

Sid Stmt1453690971587

Action [

ec2Describe

ec2StartInstances

ec2StopInstancesrdquo

]

Effect Allow

Resource

Condition

IpAddress

awsSourceIp 5464346532rdquo

Sid Stmt1453690998327

Action [

s3GetObjectrdquo

]

Effect Allow

Resource arnawss3example_bucketrdquo

]

IAM Policy

74copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

Assigned Assigned

IAM Policy

75copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

76copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Roles

An IAM role uses a policy

An IAM role has no associated credentials

IAM users applications and services may assume IAM

roles

IAM Roles

77copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

IAM User

Assumed Assumed

AWS Resources

78copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Access to AWS Resources

Python application hosted on an Amazon EC2 Instance

needs to interact with Amazon S3

AWS credentials are required

Option 1 Store AWS Credentials on the Amazon EC2 instance

Option 2 Securely distribute AWS credentials to AWS Services

and Applications

IAM Roles

79copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Authentication

AWS IAM Application

No Support No Support

OS

80copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication and Authorization

Authentication

AWS Management Console

bull User Name and Password

AWS CLI or SDK API

bull Access Key and Secret Key

Authorization

Policies

IAM User IAM Group

IAM Roles

81copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices

Delete AWS account (root) access keys

Create individual IAM users

Use groups to assign permissions to IAM users

Grant least privilege

Configure a strong password policy

Enable MFA for privileged users

82copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices (cont)

Use roles for applications that run on Amazon EC2

instances

Delegate by using roles instead of by sharing credentials

Rotate credentials regularly

Remove unnecessary users and credentials

Use policy conditions for extra security

Monitor activity in your AWS account

83copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Resource-Based Policies

Are an alternative to IAM and supported by some

services

Grant cross-account access to your resources

Use a principal to uniquely identify account in the policy

Supported AWS services include Amazon S3 Bucket Policy

Amazon SNS Topic Policy

Amazon SQS Queue Policy

Amazon Glacier Vault Policy

AWS OpsWorks Stack Policy

AWS Lambda Function Policy

84copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answer

Q Your web application needs to readwrite an Amazon DynamoDB table

and an Amazon S3 bucket This operation requires AWS credentials and

authorization to use AWS services What service would you use

AWS IAM Role

85copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 4

Databases

86copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SQL and NoSQL Databases

SQL NoSQL

Data Storage Rows and Columns Key-Value

Schemas Fixed Dynamic

Querying Using SQL Focused on collection of

documents

Scalability Vertical Horizontal

ISBN Title Author Format

9182932465265 Cloud Computing

Concepts

Wilson

Joe

Paperback

3142536475869 The Database

Guru

Gomez

Maria

eBook

SQL NoSQL

ISBN 9182932465265

Title ldquoCloud Computing Conceptsrdquo

Author ldquoWilson Joerdquo

Format ldquoPaperbackrdquo

87copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Data Storage Considerations

No one size fits all

Analyze your data requirements by considering

Data formats

Data size

Query frequency

Data access speed

Data retention period

88copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Managed Database Services

Compute Storage

AWS Global Infrastructure

Database

App Services

Deployment and Administration

Networking

Amazon DynamoDB

Amazon ElastiCache

Amazon RDS

Amazon Redshift

AWS Database Migration Service

89copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Relational Database Service (RDS)

Cost-efficient and resizable capacity

Manages time-consuming database

administration tasks

Access to the full capabilities of Amazon

Aurora MySQL MariaDB Microsoft SQL

Server Oracle and PostgreSQL databases

Amazon

RDS

90copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Use Case

We were able to go from

concept to delivered product

in about six months with just

a handful of engineers

Greg Scallan

Chief Architect Flipboard

rdquo

ldquoFlipboard is an online magazine

with millions of users and billions of

ldquoflipsrdquo per month

Flipboard is one of the worldrsquos first

social media magazines

Flipboard uses Amazon RDS and

its Multi-AZ capabilities to store

mission critical user data

91copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS

Simple and fast to deploy

Manages common database administrative tasks

Compatible with your applications

Fast predictable performance

Simple and fast to scale

Secure

Cost-effective

92copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

How Amazon RDS Backups Work

Automatic Backups

Restore your database to a

point in time

Are enabled by default

Let you choose a retention

period up to 35 days

Manual Snapshots

Let you build a new

database instance from a

snapshot

Are initiated by the user

Persist until the user deletes

them

Are stored in Amazon S3

93copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cross-Region Snapshots

Are a copy of a database

snapshot stored in a

different AWS Region

Provide a backup for

disaster recovery

Can be used as a base

for migration to a

different region

94copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Security

Run your DB instance in an Amazon VPC

Use IAM policies to grant access to Amazon RDS resources

Use security groups

Use Secure Socket Layer (SSL) connections with DB instances (Amazon Aurora Oracle MySQL MariaDB PostgreSQL Microsoft SQL Server)

Use Amazon RDS encryption to secure your RDS instances and snapshots at rest

Use network encryption and transparent data encryption (TDE) with Oracle DB and Microsoft SQL Server instances

Use the security features of your DB engine to control access to your DB instance

95copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

A Resilient Durable Application Architecture

Amazon RDS database

instances

Master and Multi-AZ standby

Application in Amazon

EC2 instances

Elastic Load Balancing

load balancer instance

DB snapshots in

Amazon S3

96copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Best Practices

Monitor your memory CPU and storage usage

Use Multi-AZ deployments to automatically provision and maintain a synchronous standby in a different Availability Zone

Enable automatic backups

Set the backup window to occur during the daily low in WriteIOPS

To increase the IO capacity of a DB instance Migrate to a DB instance class with high IO capacity

Convert from standard storage to provisioned IOPS storage and use a DB instance class optimized for provisioned IOPS

Provision additional throughput capacity (if using provisioned IOPS storage)

If your client application is caching the DNS data of your DB instances set a TTL of less than 30 seconds

Test failover for your DB instance

97copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon DynamoDB

Store any amount of data with no limits

Fast predictable performance using SSDs

Easily provision and change the request

capacity needed for each table

Fully managed NoSQL database serviceAmazon

DynamoDB

98copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Use Case

AdRoll an online advertising platform serves 50

billion impressions a day worldwide with its

global retargeting platforms

We spend more on snacks

than we do on Amazon

DynamoDB

Valentino Volonghi

CTO Adroll

rdquo

ldquoAdroll Uses AWS to grow by more than

15000 in a year

Needed high-performance flexible

platform to swiftly sync data for

worldwide audience

Processes 50 TB of data a day

Serves 50 billion impressions a day

Stores 15 PB of data

Worldwide deployment minimizes

latency

99copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Data Model

Table

MusicItems

Attributes (name-value pairs)

Artist Song

Title

Album

Title

Year Genre

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 9: AWSome Day Cork | Technical Track

9copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Six Advantages amp Benefits of AWS Cloud Computing

Trade capital expense

for variable expense

Benefit from massive

economies of scale

Stop guessing

capacity

Go global in minutes

Increase speed and

agility

Stop spending money on

running and maintaining

data centers

10copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Core Infrastructure and Services

AWS Technical Essentials 38 ILT

Security

Network

Security

Network

Security Groups NACLs Access Mgmt

VPCVPCEC2 ldquoClassicrdquo

ldquoPublic

rdquo

ELBOn-Demand

Provision

Traditional Infrastructure Amazon Web Services

Servers

AMI Amazon EC2 InstancesOn-Premises Servers

SecuritySecurity Groups NACLs AWS IAMFirewalls ACLs Administrators

NetworkingVPCELBRouter Network Pipeline Switch

Storage and

DatabaseRDBMSDAS SAN NAS Amazon

EBSAmazon

EFSAmazon

S3

Amazon

RDS

11copy 2016 Amazon Web Services Inc or its affiliates All rights reserved Infrastructure Regions Edge LocationsAvailability Zones

Foundation

Services

Compute(Virtual Auto-scaling and

Load Balancing)

Networking

Applications Virtual

DesktopsCollaboration and Sharing

Platform

Services

Caching

Relational

No SQL

Cluster

Computing

Real-time

Data

Workflows

Data

Warehouse

Queuing

Orchestration

App Streaming

Transcoding

Email

Search

Containers

Devops Tools

Resource Templates

Usage Tracking

Monitoring and Logs

Identity

Sync

Mobile Analytics

Notifications

AWS Cloud Computing

Databases Analytics App Services Deployment and

Management

Mobile Services

Storage(Object Block and Archive)

12copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Global Infrastructure

Regions

Geographic locations

Consists of at least two Availability Zones(AZs)

Availability Zones

Clusters of data centers

Isolated from failures in other Availability Zones

13copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Achieving High Availability Using Multi-AZ

Availability

Zone - AAvailability

Zone - B

Availability

Zone - C

Region

14copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Global Infrastructure

15copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Global Infrastructure

50+ AWS Edge Locations

Local points-of-presence commonly supporting AWS

services like

Amazon Route 53

Amazon CloudFront

16copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check

Q What is the AWS term for physically distinct groups of data centers

within a region

True or False There are more regions than Edge locations

True or False AWS owns and maintains the infrastructure required

for application services and you provision and use them as needed

Q How do AZs in the same region differ

Availability Zone (AZ)

False

True

Each Availability Zone is isolated but the Availability Zones in a region are

connected through low-latency links

17copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Management

Console Demonstration

18copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 2

AWS Infrastructure

19copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Elastic Compute

Cloud (EC2)

20copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Elastic Compute Cloud (EC2)

Resizable compute capacity

Complete control of your computing resources

Reduces the time required to obtain and boot

new server instances to minutesAmazon

EC2

21copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Facts

Scale capacity as your computing requirements change

Pay only for capacity that you actually use

Choose Linux or Windows

Deploy across AWS Regions and Availability Zones for reliability

22copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launching an Amazon EC2 Instance via the Web

Console

1 Determine the AWS Region in which you want to launch the

Amazon EC2 instance

2 Launch an Amazon EC2 instance from a pre-configured

Amazon Machine Image (AMI)

3 Choose an instance type based on CPU memory storage

and network requirements

4 Configure network IP address security groups storage

volume tags and key pair

23copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AMI Details

An AMI includes the following

A template for the root volume for the instance (for

example an operating system an application server

and applications)

Launch permissions that control which AWS accounts

can use the AMI to launch instances

A block device mapping that specifies the volumes to

attach to the instance when its launched

24copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instances and AMIs

Select an AMI based on

Region

Operating system

Architecture (32-bit or 64-bit)

Launch permissions

Storage for the root deviceAMI

Instances

Instance

Launch

instances of any

type

Host computer

Host computer

25copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Instances

OS Applications

amp Configuration

AMI

Running or

Stopped VM

Instances

AZ

VPC

Region

EBS

S3

EBS

SnapshotsS3 Buckets

EBS EBS EBS EBS EBS

AZ

Instances Instances

26copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS vs Amazon EC2 Instance Store

Amazon EBS

Data stored on an Amazon EBS volume can persist

independently of the life of the instance

Storage is persistent

Amazon EC2 Instance Store

Data stored on a local instance store persists only as long as the

instance is alive

Storage is ephemeral

27copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Marketplace ndash IT Software Optimized for the

Cloud

AWS Marketplace

Is an online store to discover purchase and deploy IT software on top of the AWS infrastructure

Catalog of 2300+ IT software solutionsbull Including Paid BYOL Open Source SaaS amp free to try options

Pre-configured to operate on AWSbull Software checked by AWS for security and operability

Deploys to AWS environment in minutes

Flexible usage-based billing models

Software charges billed to AWS account

Includes AWS Test Drive

httpsawsamazoncommarketplace

28copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Choosing the Right Amazon EC2 Instance

EC2 instance types are optimized for different use cases and come

in multiple sizes This allows you to optimally scale resources to

your workload requirements

AWS uses Intelreg Xeonreg processors for EC2 instances providing

customers with high performance and value

Consider the following when choosing your instances Core count

memory size storage size and type network performance and

CPU technologies

Hurry Up and Go Idle - A larger compute instance can save you time

and money therefore paying more per hour for a shorter amount of

time can be less expensive

29copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Intelreg Processor Technologies

Intelreg AVX ndash Get dramatically better performance for highly parallel HPC workloads such as life science engineering data mining financial analysis or other technical computing applications AVX also enhances image video and audio processing

Intelreg AES-NI ndash Enhance your security with these new encryption instructions that reduce the performance penalty associated with encryptingdecrypting data

Intelreg Turbo Boost Technology ndash Get more computing power when you need it with performance that adapts to spikes in your workload with Intelreg Turbo Boost Technology 20

30copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Current Generation Instances

Instance Family Some Use Cases

General purpose (t2 m4 m3) bull Low-traffic websites and web applications

bull Small databases and mid-size databases

Compute optimized (c4 c3) bull High performance front-end fleets

bull Video-encoding

Memory optimized (r3) bull High performance databases

bull Distributed memory caches

Storage optimized (i2 d2) bull Data warehousing

bull Log or data-processing applications

GPU instances (g2) bull 3D application streaming

bull Machine learning

31copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instance Metadata amp User Data

Instance Metadata

Is data about your instance

Can be used to configure or manage a running instance

Instance User Data

Can be passed to the instance at launch

Can be used to perform common automated configuration tasks

Runs scripts after the instance starts

32copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Purchasing Options

On-Demand Instances

Pay by the hour

Reserved Instances

Purchase at significant discount

Instances are always available

1-year to 3-year terms

Scheduled Instances

Purchase a 1-year RI for a

recurring period of time

Spot Instances

Highest bidder uses instance at a

significant discount

Spot blocks supported

Dedicated Hosts

Physical host is fully dedicated to

run your instances Bring your per-socket per-core or per-

VM software licenses to reduce

cost

33copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instructor Demo

Amazon EC2

34copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Simple Storage Service (S3)

Amazon S3

Storage for the Internet

Natively online HTTP access

Store and retrieve any amount of data any

time from anywhere on the web

Highly scalable reliable fast and durable

35copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Facts

Able to store an unlimited number of objects in a bucket

Objects up to 5 TB no bucket size limit

Designed for 99999999999 durability and 9999 availability of

objects over a given year

HTTPS endpoint to store and retrieve any amount of data at any

time from anywhere on the web

Highly scalable reliable fast and inexpensive

Optional server-side encryption using AWS or customer-

managed provided client-side encryption

Access logs for auditing

Provides standards-based REST and SOAP interfaces

36copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Common Use Scenarios

Storage and Backup

Application File Hosting

Media Hosting

Software Delivery

Store AMIs and Snapshots

37copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Concepts

Amazon S3 stores data as objects

within buckets

An object is composed of a file and

optionally any metadata that

describes that file

You can have up to 100 buckets in

each account

You can control access to the

bucket and its objects

Amazon

S3

Bucket

with

Objects

Bucket

Object

38copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Object Keys

An object key is the unique identifier for an object in a

bucket

httpdocs3amazonawscom2006-03-01AmazonS3html

Bucket ObjectKey

39copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Security

You can control access to buckets and objects with

Access Control Lists (ACLs)

Bucket policies

Identity and Access Management (IAM) policies

You can upload or download data to Amazon S3 via SSL

encrypted endpoints

You can encrypt data using AWS SDKs

40copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Versioning

Protects from accidental overwrites and deletes with

no performance penalty

Generates a new version with every upload

Allows easily retrieval of deleted objects or roll back

to previous versions

Three states of an Amazon S3 bucket

Un-versioned (default)

Versioning-enabled

Versioning-suspendedVersioning Enabled

Key photogif

ID 121212

Key photogif

ID 111111

41copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Object Lifecycle

Lifecycle management defines how Amazon S3 manages

objects during their lifetime Some objects that you store in an

Amazon S3 bucket might have a well-defined lifecycle

Log files

Archive documents

Digital media archives

Financial and healthcare records

Raw genomics sequence data

Long-term database backups

Data that must be retained for regulatory compliance

42copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Glacier

Long term low-cost archiving service

Optimal for infrequently accessed data

Designed for 99999999999 durability

3-5 hours retrieval time

Less than $001 per GB month (depending on region)

43copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 + Amazon Glacier

S3 Lifecycle policies allow you to delete or move

objects based on age and set rules per S3 bucket

bucket with

objects

30 Days

Glacier

archive

365 Days

44copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Region Considerations

Amazon S3 creates a bucket in the region you

select

You can choose a region to

Optimize latency

Minimize costs

Address regulatory requirements

Objects stored in a region never leave the region

unless you explicitly transfer them to another

region

45copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Storage Classes

Storage Class Durability Availability Other Considerations

Amazon S3

Standard

99999999999 9999 None

Amazon S3

Standard -

Infrequent

Access (IA)

99999999999 9999 bull Retrieval fee associated

with objects

bull Most suitable for

infrequently accessed

data

Glacier 99999999999 9999 (after you

restore objects)

bull Not available for real-time

access

bull Must restore objects

before you can access

them

46copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Elastic Block Store (EBS)

Persistent block level storage volumes

offering consistent and low-latency performance

Automatically replicated within its Availability

Zone

Snapshots stored durably in Amazon S3 Amazon

EBS

47copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS Lifecycle

Vast amounts of

unused space Create

Call CreateVolume

1 GB to 16 TB

Attach

Call AttachVolume to affiliate with

one Amazon EC2 instance

Attached

and

In Use

bull Format from Amazon EC2

instance OS

bull Mount formatted drive

CreateSnapshotSnapshot to

Amazon S3Detach

Call DetachVolume

Deleted

Call DeleteVolume

48copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS Facts

You can create

EBS Magnetic volumes from 1 GiB to 1 TiB in size

EBS General Purpose (SSD) and Provisioned IOPS (SSD)

volumes up to 16 TiB in size

You can use encrypted EBS volumes to meet a wide

range of data at-rest encryption requirements for

regulatedaudited data and applications

You can create point-in-time snapshots of EBS volumes

which are persisted to Amazon S3

49copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS and Amazon S3

Amazon EBS Amazon S3

Paradigm Block storage with file system Object store

Performance Very fast Fast

Redundancy Across multiple servers in an

Availability Zone

Across multiple facilities in a Region

Security EBS Encryption ndash Data volumes

and Snapshots

Encryption

Access from the

Internet

No (1) Yes (2)

Typical use case It is a disk drive Online storage

(1) Accessible from the Internet if mounted to server and set up as FTP etc

(2) Only with proper credentials unless ACLs are world-readable

50copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Instance Storage

Local complimentary direct attached block storage resource

Availability number of disks and size is based on EC2

instance type

Storage optimized instances for up to 365000 Read IOPS

and 315000 First Write IOPS

SSD or magnetic

No persistence

All data is automatically deleted when an EC2 instance stops

fails or is terminated

51copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Reboot vs Stop vs Terminate

Characteristic Reboot StopStart (EBS-backed instances only)

Terminate

Host computer The instance stays on the

same host computer

The instance runs on a new

host computer

NA

Private and public

IP addresses

Stay the same Instance keeps its private IP

address and gets a new public

IP address

NA

Elastic IP addresses

(EIP)

EIP remains associated with

the instance

EIP remains associated with the

instance

The EIP is disassociated from the

instance

Instance store

volumes

The data is preserved The data is erased The data is erased

EBS volume The volume is preserved The volume is preserved The volume is deleted by default

Billing Instance billing hour doesnrsquot

change

You stop incurring charges as

soon as state is changed to

stopping

You stop incurring charges as

soon as state is changed to

shutting-down

52copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instructor Demo

Amazon S3

53copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Networking

Amazon VPC

54copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

Provision a private isolated virtual network

on the AWS cloud

Have complete control over your virtual

networking environmentAmazon

VPC

55copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

VPCs and Subnets

A subnet defines a range of IP addresses in your VPC

You can launch AWS resources into a subnet that you select

A private subnet should be used for resources that wonrsquot be accessible over the Internet

A public subnet should be used for resources that will be accessed over the Internet

Each subnet must reside entirely within one Availability Zone and cannot span zones

56copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon VPC Example

Availability Zone A

Virtual Private Cloud

AWS Cloud

Public Subnet

Internet

Virtual Private Cloud

Availability Zone B

Private Subnet

Availability Zone C

VPN Only Subnet

DB Server DB Server

App Server

DB Server DB Server

DB Server

Web Server Web Server

NAT

Customer

Network

R

57copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security in Your VPC

Security groups

Network access

control lists

(ACLs) Subnet

1000024Subnet

1001024

Internet GatewayVPN Gateway

VPC Router

1000016

Security Group Security

Group

Security

Group

Network ACL Network ACL

Routing Table Routing Table

instance instance instance instance

58copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answers

Q What AWS service would help support your web application to offload serving static assets and store user uploaded images and video off-instance

Q How would you find out the private and public IP addresses for an EC2 instance

Q What acts as an additional layer of security at the subnet level in a VPC

True or False S3 Provides unlimited storageTrue

Retrieve the instance metadata http169254169254latestmeta-data

Amazon S3

Network ACLs

59copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 3

Security Identity and Access

Management

60copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Shared Responsibility ndash AWS

AW

S

Client-side Data Encryption

and Data Integrity

Authentication

Server-side Encryption

(File System andor Data)Network Traffic Protection

(EncryptionIntegrityIdentity)

Platform Applications Identity and Access Management

Operating System Network and Firewall Configuration

Customer DataC

usto

mer

Foundation Services

Compute Storage Database Network

AWS Global

Infrastructure Regions

Availability Zones Edge

Locations

61copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Physical Security

247 trained security staff

AWS data centers in nondescript and undisclosed facilities

Two-factor authentication for authorized staff

Authorization for data center access

62copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Hardware Software and Network

Automated change-control process

Bastion servers that record all access attempts

Firewall and other boundary devices

AWS monitoring tools

63copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Certifications and Accreditations

ISO 9001 ISO 27001 ISO 27017 ISO 27018 IRAP (Australia) MLPS Level 3 (China)

MTCS Tier 3 Certification (Singapore) and more hellip

64copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SSL Endpoints

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

SSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

SSL Endpoints

65copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security Groups

SSL Endpoints Security Groups

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

66copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

VPCSSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

67copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Multi-Tier Security Groups

HTTP

SSHRDP

Ports 80 and 443 only

open to the Internet

Engineering staff have SSHRDP

access to Bastion Host

All other internet ports blocked by default

Bastion

68copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Identity and Access Management (IAM)

AWS IAM

3

Manage federated users

and their permissions

2

Manage AWS IAM roles

and their permissions

1

Manage AWS IAM users

and their access

69copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Authentication

AWS Management Console User Name and Password

IAM User

70copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Access Key ID AKIAIOSFODNN7EXAMPLE

Secret Access Key wJalrXUtnFEMIK7MDENGbPxRfiCYEXAMPLEKEY

Java Python NET

AWS SDK amp APIAWS CLI

Authentication

AWS CLI or SDK API Access Key and Secret Key

IAM User

71copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM User Management - Groups

User D

DevOps Group

User C

AWS Account

TestDev Group

User BUser A

72copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authorization

Authorization

Policies

Are JSON documents to

describe permissions

Are assigned to Users

Groups or Roles

IAM User IAM Group

IAM Roles

73copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Elements

Version 2012-10-17

Statement [

Sid Stmt1453690971587

Action [

ec2Describe

ec2StartInstances

ec2StopInstancesrdquo

]

Effect Allow

Resource

Condition

IpAddress

awsSourceIp 5464346532rdquo

Sid Stmt1453690998327

Action [

s3GetObjectrdquo

]

Effect Allow

Resource arnawss3example_bucketrdquo

]

IAM Policy

74copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

Assigned Assigned

IAM Policy

75copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

76copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Roles

An IAM role uses a policy

An IAM role has no associated credentials

IAM users applications and services may assume IAM

roles

IAM Roles

77copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

IAM User

Assumed Assumed

AWS Resources

78copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Access to AWS Resources

Python application hosted on an Amazon EC2 Instance

needs to interact with Amazon S3

AWS credentials are required

Option 1 Store AWS Credentials on the Amazon EC2 instance

Option 2 Securely distribute AWS credentials to AWS Services

and Applications

IAM Roles

79copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Authentication

AWS IAM Application

No Support No Support

OS

80copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication and Authorization

Authentication

AWS Management Console

bull User Name and Password

AWS CLI or SDK API

bull Access Key and Secret Key

Authorization

Policies

IAM User IAM Group

IAM Roles

81copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices

Delete AWS account (root) access keys

Create individual IAM users

Use groups to assign permissions to IAM users

Grant least privilege

Configure a strong password policy

Enable MFA for privileged users

82copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices (cont)

Use roles for applications that run on Amazon EC2

instances

Delegate by using roles instead of by sharing credentials

Rotate credentials regularly

Remove unnecessary users and credentials

Use policy conditions for extra security

Monitor activity in your AWS account

83copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Resource-Based Policies

Are an alternative to IAM and supported by some

services

Grant cross-account access to your resources

Use a principal to uniquely identify account in the policy

Supported AWS services include Amazon S3 Bucket Policy

Amazon SNS Topic Policy

Amazon SQS Queue Policy

Amazon Glacier Vault Policy

AWS OpsWorks Stack Policy

AWS Lambda Function Policy

84copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answer

Q Your web application needs to readwrite an Amazon DynamoDB table

and an Amazon S3 bucket This operation requires AWS credentials and

authorization to use AWS services What service would you use

AWS IAM Role

85copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 4

Databases

86copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SQL and NoSQL Databases

SQL NoSQL

Data Storage Rows and Columns Key-Value

Schemas Fixed Dynamic

Querying Using SQL Focused on collection of

documents

Scalability Vertical Horizontal

ISBN Title Author Format

9182932465265 Cloud Computing

Concepts

Wilson

Joe

Paperback

3142536475869 The Database

Guru

Gomez

Maria

eBook

SQL NoSQL

ISBN 9182932465265

Title ldquoCloud Computing Conceptsrdquo

Author ldquoWilson Joerdquo

Format ldquoPaperbackrdquo

87copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Data Storage Considerations

No one size fits all

Analyze your data requirements by considering

Data formats

Data size

Query frequency

Data access speed

Data retention period

88copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Managed Database Services

Compute Storage

AWS Global Infrastructure

Database

App Services

Deployment and Administration

Networking

Amazon DynamoDB

Amazon ElastiCache

Amazon RDS

Amazon Redshift

AWS Database Migration Service

89copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Relational Database Service (RDS)

Cost-efficient and resizable capacity

Manages time-consuming database

administration tasks

Access to the full capabilities of Amazon

Aurora MySQL MariaDB Microsoft SQL

Server Oracle and PostgreSQL databases

Amazon

RDS

90copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Use Case

We were able to go from

concept to delivered product

in about six months with just

a handful of engineers

Greg Scallan

Chief Architect Flipboard

rdquo

ldquoFlipboard is an online magazine

with millions of users and billions of

ldquoflipsrdquo per month

Flipboard is one of the worldrsquos first

social media magazines

Flipboard uses Amazon RDS and

its Multi-AZ capabilities to store

mission critical user data

91copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS

Simple and fast to deploy

Manages common database administrative tasks

Compatible with your applications

Fast predictable performance

Simple and fast to scale

Secure

Cost-effective

92copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

How Amazon RDS Backups Work

Automatic Backups

Restore your database to a

point in time

Are enabled by default

Let you choose a retention

period up to 35 days

Manual Snapshots

Let you build a new

database instance from a

snapshot

Are initiated by the user

Persist until the user deletes

them

Are stored in Amazon S3

93copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cross-Region Snapshots

Are a copy of a database

snapshot stored in a

different AWS Region

Provide a backup for

disaster recovery

Can be used as a base

for migration to a

different region

94copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Security

Run your DB instance in an Amazon VPC

Use IAM policies to grant access to Amazon RDS resources

Use security groups

Use Secure Socket Layer (SSL) connections with DB instances (Amazon Aurora Oracle MySQL MariaDB PostgreSQL Microsoft SQL Server)

Use Amazon RDS encryption to secure your RDS instances and snapshots at rest

Use network encryption and transparent data encryption (TDE) with Oracle DB and Microsoft SQL Server instances

Use the security features of your DB engine to control access to your DB instance

95copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

A Resilient Durable Application Architecture

Amazon RDS database

instances

Master and Multi-AZ standby

Application in Amazon

EC2 instances

Elastic Load Balancing

load balancer instance

DB snapshots in

Amazon S3

96copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Best Practices

Monitor your memory CPU and storage usage

Use Multi-AZ deployments to automatically provision and maintain a synchronous standby in a different Availability Zone

Enable automatic backups

Set the backup window to occur during the daily low in WriteIOPS

To increase the IO capacity of a DB instance Migrate to a DB instance class with high IO capacity

Convert from standard storage to provisioned IOPS storage and use a DB instance class optimized for provisioned IOPS

Provision additional throughput capacity (if using provisioned IOPS storage)

If your client application is caching the DNS data of your DB instances set a TTL of less than 30 seconds

Test failover for your DB instance

97copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon DynamoDB

Store any amount of data with no limits

Fast predictable performance using SSDs

Easily provision and change the request

capacity needed for each table

Fully managed NoSQL database serviceAmazon

DynamoDB

98copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Use Case

AdRoll an online advertising platform serves 50

billion impressions a day worldwide with its

global retargeting platforms

We spend more on snacks

than we do on Amazon

DynamoDB

Valentino Volonghi

CTO Adroll

rdquo

ldquoAdroll Uses AWS to grow by more than

15000 in a year

Needed high-performance flexible

platform to swiftly sync data for

worldwide audience

Processes 50 TB of data a day

Serves 50 billion impressions a day

Stores 15 PB of data

Worldwide deployment minimizes

latency

99copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Data Model

Table

MusicItems

Attributes (name-value pairs)

Artist Song

Title

Album

Title

Year Genre

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 10: AWSome Day Cork | Technical Track

10copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Core Infrastructure and Services

AWS Technical Essentials 38 ILT

Security

Network

Security

Network

Security Groups NACLs Access Mgmt

VPCVPCEC2 ldquoClassicrdquo

ldquoPublic

rdquo

ELBOn-Demand

Provision

Traditional Infrastructure Amazon Web Services

Servers

AMI Amazon EC2 InstancesOn-Premises Servers

SecuritySecurity Groups NACLs AWS IAMFirewalls ACLs Administrators

NetworkingVPCELBRouter Network Pipeline Switch

Storage and

DatabaseRDBMSDAS SAN NAS Amazon

EBSAmazon

EFSAmazon

S3

Amazon

RDS

11copy 2016 Amazon Web Services Inc or its affiliates All rights reserved Infrastructure Regions Edge LocationsAvailability Zones

Foundation

Services

Compute(Virtual Auto-scaling and

Load Balancing)

Networking

Applications Virtual

DesktopsCollaboration and Sharing

Platform

Services

Caching

Relational

No SQL

Cluster

Computing

Real-time

Data

Workflows

Data

Warehouse

Queuing

Orchestration

App Streaming

Transcoding

Email

Search

Containers

Devops Tools

Resource Templates

Usage Tracking

Monitoring and Logs

Identity

Sync

Mobile Analytics

Notifications

AWS Cloud Computing

Databases Analytics App Services Deployment and

Management

Mobile Services

Storage(Object Block and Archive)

12copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Global Infrastructure

Regions

Geographic locations

Consists of at least two Availability Zones(AZs)

Availability Zones

Clusters of data centers

Isolated from failures in other Availability Zones

13copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Achieving High Availability Using Multi-AZ

Availability

Zone - AAvailability

Zone - B

Availability

Zone - C

Region

14copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Global Infrastructure

15copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Global Infrastructure

50+ AWS Edge Locations

Local points-of-presence commonly supporting AWS

services like

Amazon Route 53

Amazon CloudFront

16copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check

Q What is the AWS term for physically distinct groups of data centers

within a region

True or False There are more regions than Edge locations

True or False AWS owns and maintains the infrastructure required

for application services and you provision and use them as needed

Q How do AZs in the same region differ

Availability Zone (AZ)

False

True

Each Availability Zone is isolated but the Availability Zones in a region are

connected through low-latency links

17copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Management

Console Demonstration

18copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 2

AWS Infrastructure

19copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Elastic Compute

Cloud (EC2)

20copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Elastic Compute Cloud (EC2)

Resizable compute capacity

Complete control of your computing resources

Reduces the time required to obtain and boot

new server instances to minutesAmazon

EC2

21copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Facts

Scale capacity as your computing requirements change

Pay only for capacity that you actually use

Choose Linux or Windows

Deploy across AWS Regions and Availability Zones for reliability

22copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launching an Amazon EC2 Instance via the Web

Console

1 Determine the AWS Region in which you want to launch the

Amazon EC2 instance

2 Launch an Amazon EC2 instance from a pre-configured

Amazon Machine Image (AMI)

3 Choose an instance type based on CPU memory storage

and network requirements

4 Configure network IP address security groups storage

volume tags and key pair

23copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AMI Details

An AMI includes the following

A template for the root volume for the instance (for

example an operating system an application server

and applications)

Launch permissions that control which AWS accounts

can use the AMI to launch instances

A block device mapping that specifies the volumes to

attach to the instance when its launched

24copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instances and AMIs

Select an AMI based on

Region

Operating system

Architecture (32-bit or 64-bit)

Launch permissions

Storage for the root deviceAMI

Instances

Instance

Launch

instances of any

type

Host computer

Host computer

25copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Instances

OS Applications

amp Configuration

AMI

Running or

Stopped VM

Instances

AZ

VPC

Region

EBS

S3

EBS

SnapshotsS3 Buckets

EBS EBS EBS EBS EBS

AZ

Instances Instances

26copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS vs Amazon EC2 Instance Store

Amazon EBS

Data stored on an Amazon EBS volume can persist

independently of the life of the instance

Storage is persistent

Amazon EC2 Instance Store

Data stored on a local instance store persists only as long as the

instance is alive

Storage is ephemeral

27copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Marketplace ndash IT Software Optimized for the

Cloud

AWS Marketplace

Is an online store to discover purchase and deploy IT software on top of the AWS infrastructure

Catalog of 2300+ IT software solutionsbull Including Paid BYOL Open Source SaaS amp free to try options

Pre-configured to operate on AWSbull Software checked by AWS for security and operability

Deploys to AWS environment in minutes

Flexible usage-based billing models

Software charges billed to AWS account

Includes AWS Test Drive

httpsawsamazoncommarketplace

28copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Choosing the Right Amazon EC2 Instance

EC2 instance types are optimized for different use cases and come

in multiple sizes This allows you to optimally scale resources to

your workload requirements

AWS uses Intelreg Xeonreg processors for EC2 instances providing

customers with high performance and value

Consider the following when choosing your instances Core count

memory size storage size and type network performance and

CPU technologies

Hurry Up and Go Idle - A larger compute instance can save you time

and money therefore paying more per hour for a shorter amount of

time can be less expensive

29copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Intelreg Processor Technologies

Intelreg AVX ndash Get dramatically better performance for highly parallel HPC workloads such as life science engineering data mining financial analysis or other technical computing applications AVX also enhances image video and audio processing

Intelreg AES-NI ndash Enhance your security with these new encryption instructions that reduce the performance penalty associated with encryptingdecrypting data

Intelreg Turbo Boost Technology ndash Get more computing power when you need it with performance that adapts to spikes in your workload with Intelreg Turbo Boost Technology 20

30copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Current Generation Instances

Instance Family Some Use Cases

General purpose (t2 m4 m3) bull Low-traffic websites and web applications

bull Small databases and mid-size databases

Compute optimized (c4 c3) bull High performance front-end fleets

bull Video-encoding

Memory optimized (r3) bull High performance databases

bull Distributed memory caches

Storage optimized (i2 d2) bull Data warehousing

bull Log or data-processing applications

GPU instances (g2) bull 3D application streaming

bull Machine learning

31copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instance Metadata amp User Data

Instance Metadata

Is data about your instance

Can be used to configure or manage a running instance

Instance User Data

Can be passed to the instance at launch

Can be used to perform common automated configuration tasks

Runs scripts after the instance starts

32copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Purchasing Options

On-Demand Instances

Pay by the hour

Reserved Instances

Purchase at significant discount

Instances are always available

1-year to 3-year terms

Scheduled Instances

Purchase a 1-year RI for a

recurring period of time

Spot Instances

Highest bidder uses instance at a

significant discount

Spot blocks supported

Dedicated Hosts

Physical host is fully dedicated to

run your instances Bring your per-socket per-core or per-

VM software licenses to reduce

cost

33copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instructor Demo

Amazon EC2

34copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Simple Storage Service (S3)

Amazon S3

Storage for the Internet

Natively online HTTP access

Store and retrieve any amount of data any

time from anywhere on the web

Highly scalable reliable fast and durable

35copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Facts

Able to store an unlimited number of objects in a bucket

Objects up to 5 TB no bucket size limit

Designed for 99999999999 durability and 9999 availability of

objects over a given year

HTTPS endpoint to store and retrieve any amount of data at any

time from anywhere on the web

Highly scalable reliable fast and inexpensive

Optional server-side encryption using AWS or customer-

managed provided client-side encryption

Access logs for auditing

Provides standards-based REST and SOAP interfaces

36copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Common Use Scenarios

Storage and Backup

Application File Hosting

Media Hosting

Software Delivery

Store AMIs and Snapshots

37copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Concepts

Amazon S3 stores data as objects

within buckets

An object is composed of a file and

optionally any metadata that

describes that file

You can have up to 100 buckets in

each account

You can control access to the

bucket and its objects

Amazon

S3

Bucket

with

Objects

Bucket

Object

38copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Object Keys

An object key is the unique identifier for an object in a

bucket

httpdocs3amazonawscom2006-03-01AmazonS3html

Bucket ObjectKey

39copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Security

You can control access to buckets and objects with

Access Control Lists (ACLs)

Bucket policies

Identity and Access Management (IAM) policies

You can upload or download data to Amazon S3 via SSL

encrypted endpoints

You can encrypt data using AWS SDKs

40copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Versioning

Protects from accidental overwrites and deletes with

no performance penalty

Generates a new version with every upload

Allows easily retrieval of deleted objects or roll back

to previous versions

Three states of an Amazon S3 bucket

Un-versioned (default)

Versioning-enabled

Versioning-suspendedVersioning Enabled

Key photogif

ID 121212

Key photogif

ID 111111

41copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Object Lifecycle

Lifecycle management defines how Amazon S3 manages

objects during their lifetime Some objects that you store in an

Amazon S3 bucket might have a well-defined lifecycle

Log files

Archive documents

Digital media archives

Financial and healthcare records

Raw genomics sequence data

Long-term database backups

Data that must be retained for regulatory compliance

42copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Glacier

Long term low-cost archiving service

Optimal for infrequently accessed data

Designed for 99999999999 durability

3-5 hours retrieval time

Less than $001 per GB month (depending on region)

43copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 + Amazon Glacier

S3 Lifecycle policies allow you to delete or move

objects based on age and set rules per S3 bucket

bucket with

objects

30 Days

Glacier

archive

365 Days

44copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Region Considerations

Amazon S3 creates a bucket in the region you

select

You can choose a region to

Optimize latency

Minimize costs

Address regulatory requirements

Objects stored in a region never leave the region

unless you explicitly transfer them to another

region

45copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Storage Classes

Storage Class Durability Availability Other Considerations

Amazon S3

Standard

99999999999 9999 None

Amazon S3

Standard -

Infrequent

Access (IA)

99999999999 9999 bull Retrieval fee associated

with objects

bull Most suitable for

infrequently accessed

data

Glacier 99999999999 9999 (after you

restore objects)

bull Not available for real-time

access

bull Must restore objects

before you can access

them

46copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Elastic Block Store (EBS)

Persistent block level storage volumes

offering consistent and low-latency performance

Automatically replicated within its Availability

Zone

Snapshots stored durably in Amazon S3 Amazon

EBS

47copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS Lifecycle

Vast amounts of

unused space Create

Call CreateVolume

1 GB to 16 TB

Attach

Call AttachVolume to affiliate with

one Amazon EC2 instance

Attached

and

In Use

bull Format from Amazon EC2

instance OS

bull Mount formatted drive

CreateSnapshotSnapshot to

Amazon S3Detach

Call DetachVolume

Deleted

Call DeleteVolume

48copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS Facts

You can create

EBS Magnetic volumes from 1 GiB to 1 TiB in size

EBS General Purpose (SSD) and Provisioned IOPS (SSD)

volumes up to 16 TiB in size

You can use encrypted EBS volumes to meet a wide

range of data at-rest encryption requirements for

regulatedaudited data and applications

You can create point-in-time snapshots of EBS volumes

which are persisted to Amazon S3

49copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS and Amazon S3

Amazon EBS Amazon S3

Paradigm Block storage with file system Object store

Performance Very fast Fast

Redundancy Across multiple servers in an

Availability Zone

Across multiple facilities in a Region

Security EBS Encryption ndash Data volumes

and Snapshots

Encryption

Access from the

Internet

No (1) Yes (2)

Typical use case It is a disk drive Online storage

(1) Accessible from the Internet if mounted to server and set up as FTP etc

(2) Only with proper credentials unless ACLs are world-readable

50copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Instance Storage

Local complimentary direct attached block storage resource

Availability number of disks and size is based on EC2

instance type

Storage optimized instances for up to 365000 Read IOPS

and 315000 First Write IOPS

SSD or magnetic

No persistence

All data is automatically deleted when an EC2 instance stops

fails or is terminated

51copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Reboot vs Stop vs Terminate

Characteristic Reboot StopStart (EBS-backed instances only)

Terminate

Host computer The instance stays on the

same host computer

The instance runs on a new

host computer

NA

Private and public

IP addresses

Stay the same Instance keeps its private IP

address and gets a new public

IP address

NA

Elastic IP addresses

(EIP)

EIP remains associated with

the instance

EIP remains associated with the

instance

The EIP is disassociated from the

instance

Instance store

volumes

The data is preserved The data is erased The data is erased

EBS volume The volume is preserved The volume is preserved The volume is deleted by default

Billing Instance billing hour doesnrsquot

change

You stop incurring charges as

soon as state is changed to

stopping

You stop incurring charges as

soon as state is changed to

shutting-down

52copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instructor Demo

Amazon S3

53copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Networking

Amazon VPC

54copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

Provision a private isolated virtual network

on the AWS cloud

Have complete control over your virtual

networking environmentAmazon

VPC

55copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

VPCs and Subnets

A subnet defines a range of IP addresses in your VPC

You can launch AWS resources into a subnet that you select

A private subnet should be used for resources that wonrsquot be accessible over the Internet

A public subnet should be used for resources that will be accessed over the Internet

Each subnet must reside entirely within one Availability Zone and cannot span zones

56copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon VPC Example

Availability Zone A

Virtual Private Cloud

AWS Cloud

Public Subnet

Internet

Virtual Private Cloud

Availability Zone B

Private Subnet

Availability Zone C

VPN Only Subnet

DB Server DB Server

App Server

DB Server DB Server

DB Server

Web Server Web Server

NAT

Customer

Network

R

57copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security in Your VPC

Security groups

Network access

control lists

(ACLs) Subnet

1000024Subnet

1001024

Internet GatewayVPN Gateway

VPC Router

1000016

Security Group Security

Group

Security

Group

Network ACL Network ACL

Routing Table Routing Table

instance instance instance instance

58copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answers

Q What AWS service would help support your web application to offload serving static assets and store user uploaded images and video off-instance

Q How would you find out the private and public IP addresses for an EC2 instance

Q What acts as an additional layer of security at the subnet level in a VPC

True or False S3 Provides unlimited storageTrue

Retrieve the instance metadata http169254169254latestmeta-data

Amazon S3

Network ACLs

59copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 3

Security Identity and Access

Management

60copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Shared Responsibility ndash AWS

AW

S

Client-side Data Encryption

and Data Integrity

Authentication

Server-side Encryption

(File System andor Data)Network Traffic Protection

(EncryptionIntegrityIdentity)

Platform Applications Identity and Access Management

Operating System Network and Firewall Configuration

Customer DataC

usto

mer

Foundation Services

Compute Storage Database Network

AWS Global

Infrastructure Regions

Availability Zones Edge

Locations

61copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Physical Security

247 trained security staff

AWS data centers in nondescript and undisclosed facilities

Two-factor authentication for authorized staff

Authorization for data center access

62copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Hardware Software and Network

Automated change-control process

Bastion servers that record all access attempts

Firewall and other boundary devices

AWS monitoring tools

63copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Certifications and Accreditations

ISO 9001 ISO 27001 ISO 27017 ISO 27018 IRAP (Australia) MLPS Level 3 (China)

MTCS Tier 3 Certification (Singapore) and more hellip

64copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SSL Endpoints

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

SSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

SSL Endpoints

65copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security Groups

SSL Endpoints Security Groups

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

66copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

VPCSSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

67copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Multi-Tier Security Groups

HTTP

SSHRDP

Ports 80 and 443 only

open to the Internet

Engineering staff have SSHRDP

access to Bastion Host

All other internet ports blocked by default

Bastion

68copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Identity and Access Management (IAM)

AWS IAM

3

Manage federated users

and their permissions

2

Manage AWS IAM roles

and their permissions

1

Manage AWS IAM users

and their access

69copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Authentication

AWS Management Console User Name and Password

IAM User

70copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Access Key ID AKIAIOSFODNN7EXAMPLE

Secret Access Key wJalrXUtnFEMIK7MDENGbPxRfiCYEXAMPLEKEY

Java Python NET

AWS SDK amp APIAWS CLI

Authentication

AWS CLI or SDK API Access Key and Secret Key

IAM User

71copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM User Management - Groups

User D

DevOps Group

User C

AWS Account

TestDev Group

User BUser A

72copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authorization

Authorization

Policies

Are JSON documents to

describe permissions

Are assigned to Users

Groups or Roles

IAM User IAM Group

IAM Roles

73copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Elements

Version 2012-10-17

Statement [

Sid Stmt1453690971587

Action [

ec2Describe

ec2StartInstances

ec2StopInstancesrdquo

]

Effect Allow

Resource

Condition

IpAddress

awsSourceIp 5464346532rdquo

Sid Stmt1453690998327

Action [

s3GetObjectrdquo

]

Effect Allow

Resource arnawss3example_bucketrdquo

]

IAM Policy

74copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

Assigned Assigned

IAM Policy

75copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

76copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Roles

An IAM role uses a policy

An IAM role has no associated credentials

IAM users applications and services may assume IAM

roles

IAM Roles

77copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

IAM User

Assumed Assumed

AWS Resources

78copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Access to AWS Resources

Python application hosted on an Amazon EC2 Instance

needs to interact with Amazon S3

AWS credentials are required

Option 1 Store AWS Credentials on the Amazon EC2 instance

Option 2 Securely distribute AWS credentials to AWS Services

and Applications

IAM Roles

79copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Authentication

AWS IAM Application

No Support No Support

OS

80copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication and Authorization

Authentication

AWS Management Console

bull User Name and Password

AWS CLI or SDK API

bull Access Key and Secret Key

Authorization

Policies

IAM User IAM Group

IAM Roles

81copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices

Delete AWS account (root) access keys

Create individual IAM users

Use groups to assign permissions to IAM users

Grant least privilege

Configure a strong password policy

Enable MFA for privileged users

82copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices (cont)

Use roles for applications that run on Amazon EC2

instances

Delegate by using roles instead of by sharing credentials

Rotate credentials regularly

Remove unnecessary users and credentials

Use policy conditions for extra security

Monitor activity in your AWS account

83copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Resource-Based Policies

Are an alternative to IAM and supported by some

services

Grant cross-account access to your resources

Use a principal to uniquely identify account in the policy

Supported AWS services include Amazon S3 Bucket Policy

Amazon SNS Topic Policy

Amazon SQS Queue Policy

Amazon Glacier Vault Policy

AWS OpsWorks Stack Policy

AWS Lambda Function Policy

84copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answer

Q Your web application needs to readwrite an Amazon DynamoDB table

and an Amazon S3 bucket This operation requires AWS credentials and

authorization to use AWS services What service would you use

AWS IAM Role

85copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 4

Databases

86copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SQL and NoSQL Databases

SQL NoSQL

Data Storage Rows and Columns Key-Value

Schemas Fixed Dynamic

Querying Using SQL Focused on collection of

documents

Scalability Vertical Horizontal

ISBN Title Author Format

9182932465265 Cloud Computing

Concepts

Wilson

Joe

Paperback

3142536475869 The Database

Guru

Gomez

Maria

eBook

SQL NoSQL

ISBN 9182932465265

Title ldquoCloud Computing Conceptsrdquo

Author ldquoWilson Joerdquo

Format ldquoPaperbackrdquo

87copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Data Storage Considerations

No one size fits all

Analyze your data requirements by considering

Data formats

Data size

Query frequency

Data access speed

Data retention period

88copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Managed Database Services

Compute Storage

AWS Global Infrastructure

Database

App Services

Deployment and Administration

Networking

Amazon DynamoDB

Amazon ElastiCache

Amazon RDS

Amazon Redshift

AWS Database Migration Service

89copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Relational Database Service (RDS)

Cost-efficient and resizable capacity

Manages time-consuming database

administration tasks

Access to the full capabilities of Amazon

Aurora MySQL MariaDB Microsoft SQL

Server Oracle and PostgreSQL databases

Amazon

RDS

90copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Use Case

We were able to go from

concept to delivered product

in about six months with just

a handful of engineers

Greg Scallan

Chief Architect Flipboard

rdquo

ldquoFlipboard is an online magazine

with millions of users and billions of

ldquoflipsrdquo per month

Flipboard is one of the worldrsquos first

social media magazines

Flipboard uses Amazon RDS and

its Multi-AZ capabilities to store

mission critical user data

91copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS

Simple and fast to deploy

Manages common database administrative tasks

Compatible with your applications

Fast predictable performance

Simple and fast to scale

Secure

Cost-effective

92copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

How Amazon RDS Backups Work

Automatic Backups

Restore your database to a

point in time

Are enabled by default

Let you choose a retention

period up to 35 days

Manual Snapshots

Let you build a new

database instance from a

snapshot

Are initiated by the user

Persist until the user deletes

them

Are stored in Amazon S3

93copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cross-Region Snapshots

Are a copy of a database

snapshot stored in a

different AWS Region

Provide a backup for

disaster recovery

Can be used as a base

for migration to a

different region

94copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Security

Run your DB instance in an Amazon VPC

Use IAM policies to grant access to Amazon RDS resources

Use security groups

Use Secure Socket Layer (SSL) connections with DB instances (Amazon Aurora Oracle MySQL MariaDB PostgreSQL Microsoft SQL Server)

Use Amazon RDS encryption to secure your RDS instances and snapshots at rest

Use network encryption and transparent data encryption (TDE) with Oracle DB and Microsoft SQL Server instances

Use the security features of your DB engine to control access to your DB instance

95copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

A Resilient Durable Application Architecture

Amazon RDS database

instances

Master and Multi-AZ standby

Application in Amazon

EC2 instances

Elastic Load Balancing

load balancer instance

DB snapshots in

Amazon S3

96copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Best Practices

Monitor your memory CPU and storage usage

Use Multi-AZ deployments to automatically provision and maintain a synchronous standby in a different Availability Zone

Enable automatic backups

Set the backup window to occur during the daily low in WriteIOPS

To increase the IO capacity of a DB instance Migrate to a DB instance class with high IO capacity

Convert from standard storage to provisioned IOPS storage and use a DB instance class optimized for provisioned IOPS

Provision additional throughput capacity (if using provisioned IOPS storage)

If your client application is caching the DNS data of your DB instances set a TTL of less than 30 seconds

Test failover for your DB instance

97copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon DynamoDB

Store any amount of data with no limits

Fast predictable performance using SSDs

Easily provision and change the request

capacity needed for each table

Fully managed NoSQL database serviceAmazon

DynamoDB

98copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Use Case

AdRoll an online advertising platform serves 50

billion impressions a day worldwide with its

global retargeting platforms

We spend more on snacks

than we do on Amazon

DynamoDB

Valentino Volonghi

CTO Adroll

rdquo

ldquoAdroll Uses AWS to grow by more than

15000 in a year

Needed high-performance flexible

platform to swiftly sync data for

worldwide audience

Processes 50 TB of data a day

Serves 50 billion impressions a day

Stores 15 PB of data

Worldwide deployment minimizes

latency

99copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Data Model

Table

MusicItems

Attributes (name-value pairs)

Artist Song

Title

Album

Title

Year Genre

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 11: AWSome Day Cork | Technical Track

11copy 2016 Amazon Web Services Inc or its affiliates All rights reserved Infrastructure Regions Edge LocationsAvailability Zones

Foundation

Services

Compute(Virtual Auto-scaling and

Load Balancing)

Networking

Applications Virtual

DesktopsCollaboration and Sharing

Platform

Services

Caching

Relational

No SQL

Cluster

Computing

Real-time

Data

Workflows

Data

Warehouse

Queuing

Orchestration

App Streaming

Transcoding

Email

Search

Containers

Devops Tools

Resource Templates

Usage Tracking

Monitoring and Logs

Identity

Sync

Mobile Analytics

Notifications

AWS Cloud Computing

Databases Analytics App Services Deployment and

Management

Mobile Services

Storage(Object Block and Archive)

12copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Global Infrastructure

Regions

Geographic locations

Consists of at least two Availability Zones(AZs)

Availability Zones

Clusters of data centers

Isolated from failures in other Availability Zones

13copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Achieving High Availability Using Multi-AZ

Availability

Zone - AAvailability

Zone - B

Availability

Zone - C

Region

14copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Global Infrastructure

15copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Global Infrastructure

50+ AWS Edge Locations

Local points-of-presence commonly supporting AWS

services like

Amazon Route 53

Amazon CloudFront

16copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check

Q What is the AWS term for physically distinct groups of data centers

within a region

True or False There are more regions than Edge locations

True or False AWS owns and maintains the infrastructure required

for application services and you provision and use them as needed

Q How do AZs in the same region differ

Availability Zone (AZ)

False

True

Each Availability Zone is isolated but the Availability Zones in a region are

connected through low-latency links

17copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Management

Console Demonstration

18copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 2

AWS Infrastructure

19copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Elastic Compute

Cloud (EC2)

20copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Elastic Compute Cloud (EC2)

Resizable compute capacity

Complete control of your computing resources

Reduces the time required to obtain and boot

new server instances to minutesAmazon

EC2

21copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Facts

Scale capacity as your computing requirements change

Pay only for capacity that you actually use

Choose Linux or Windows

Deploy across AWS Regions and Availability Zones for reliability

22copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launching an Amazon EC2 Instance via the Web

Console

1 Determine the AWS Region in which you want to launch the

Amazon EC2 instance

2 Launch an Amazon EC2 instance from a pre-configured

Amazon Machine Image (AMI)

3 Choose an instance type based on CPU memory storage

and network requirements

4 Configure network IP address security groups storage

volume tags and key pair

23copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AMI Details

An AMI includes the following

A template for the root volume for the instance (for

example an operating system an application server

and applications)

Launch permissions that control which AWS accounts

can use the AMI to launch instances

A block device mapping that specifies the volumes to

attach to the instance when its launched

24copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instances and AMIs

Select an AMI based on

Region

Operating system

Architecture (32-bit or 64-bit)

Launch permissions

Storage for the root deviceAMI

Instances

Instance

Launch

instances of any

type

Host computer

Host computer

25copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Instances

OS Applications

amp Configuration

AMI

Running or

Stopped VM

Instances

AZ

VPC

Region

EBS

S3

EBS

SnapshotsS3 Buckets

EBS EBS EBS EBS EBS

AZ

Instances Instances

26copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS vs Amazon EC2 Instance Store

Amazon EBS

Data stored on an Amazon EBS volume can persist

independently of the life of the instance

Storage is persistent

Amazon EC2 Instance Store

Data stored on a local instance store persists only as long as the

instance is alive

Storage is ephemeral

27copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Marketplace ndash IT Software Optimized for the

Cloud

AWS Marketplace

Is an online store to discover purchase and deploy IT software on top of the AWS infrastructure

Catalog of 2300+ IT software solutionsbull Including Paid BYOL Open Source SaaS amp free to try options

Pre-configured to operate on AWSbull Software checked by AWS for security and operability

Deploys to AWS environment in minutes

Flexible usage-based billing models

Software charges billed to AWS account

Includes AWS Test Drive

httpsawsamazoncommarketplace

28copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Choosing the Right Amazon EC2 Instance

EC2 instance types are optimized for different use cases and come

in multiple sizes This allows you to optimally scale resources to

your workload requirements

AWS uses Intelreg Xeonreg processors for EC2 instances providing

customers with high performance and value

Consider the following when choosing your instances Core count

memory size storage size and type network performance and

CPU technologies

Hurry Up and Go Idle - A larger compute instance can save you time

and money therefore paying more per hour for a shorter amount of

time can be less expensive

29copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Intelreg Processor Technologies

Intelreg AVX ndash Get dramatically better performance for highly parallel HPC workloads such as life science engineering data mining financial analysis or other technical computing applications AVX also enhances image video and audio processing

Intelreg AES-NI ndash Enhance your security with these new encryption instructions that reduce the performance penalty associated with encryptingdecrypting data

Intelreg Turbo Boost Technology ndash Get more computing power when you need it with performance that adapts to spikes in your workload with Intelreg Turbo Boost Technology 20

30copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Current Generation Instances

Instance Family Some Use Cases

General purpose (t2 m4 m3) bull Low-traffic websites and web applications

bull Small databases and mid-size databases

Compute optimized (c4 c3) bull High performance front-end fleets

bull Video-encoding

Memory optimized (r3) bull High performance databases

bull Distributed memory caches

Storage optimized (i2 d2) bull Data warehousing

bull Log or data-processing applications

GPU instances (g2) bull 3D application streaming

bull Machine learning

31copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instance Metadata amp User Data

Instance Metadata

Is data about your instance

Can be used to configure or manage a running instance

Instance User Data

Can be passed to the instance at launch

Can be used to perform common automated configuration tasks

Runs scripts after the instance starts

32copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Purchasing Options

On-Demand Instances

Pay by the hour

Reserved Instances

Purchase at significant discount

Instances are always available

1-year to 3-year terms

Scheduled Instances

Purchase a 1-year RI for a

recurring period of time

Spot Instances

Highest bidder uses instance at a

significant discount

Spot blocks supported

Dedicated Hosts

Physical host is fully dedicated to

run your instances Bring your per-socket per-core or per-

VM software licenses to reduce

cost

33copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instructor Demo

Amazon EC2

34copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Simple Storage Service (S3)

Amazon S3

Storage for the Internet

Natively online HTTP access

Store and retrieve any amount of data any

time from anywhere on the web

Highly scalable reliable fast and durable

35copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Facts

Able to store an unlimited number of objects in a bucket

Objects up to 5 TB no bucket size limit

Designed for 99999999999 durability and 9999 availability of

objects over a given year

HTTPS endpoint to store and retrieve any amount of data at any

time from anywhere on the web

Highly scalable reliable fast and inexpensive

Optional server-side encryption using AWS or customer-

managed provided client-side encryption

Access logs for auditing

Provides standards-based REST and SOAP interfaces

36copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Common Use Scenarios

Storage and Backup

Application File Hosting

Media Hosting

Software Delivery

Store AMIs and Snapshots

37copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Concepts

Amazon S3 stores data as objects

within buckets

An object is composed of a file and

optionally any metadata that

describes that file

You can have up to 100 buckets in

each account

You can control access to the

bucket and its objects

Amazon

S3

Bucket

with

Objects

Bucket

Object

38copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Object Keys

An object key is the unique identifier for an object in a

bucket

httpdocs3amazonawscom2006-03-01AmazonS3html

Bucket ObjectKey

39copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Security

You can control access to buckets and objects with

Access Control Lists (ACLs)

Bucket policies

Identity and Access Management (IAM) policies

You can upload or download data to Amazon S3 via SSL

encrypted endpoints

You can encrypt data using AWS SDKs

40copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Versioning

Protects from accidental overwrites and deletes with

no performance penalty

Generates a new version with every upload

Allows easily retrieval of deleted objects or roll back

to previous versions

Three states of an Amazon S3 bucket

Un-versioned (default)

Versioning-enabled

Versioning-suspendedVersioning Enabled

Key photogif

ID 121212

Key photogif

ID 111111

41copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Object Lifecycle

Lifecycle management defines how Amazon S3 manages

objects during their lifetime Some objects that you store in an

Amazon S3 bucket might have a well-defined lifecycle

Log files

Archive documents

Digital media archives

Financial and healthcare records

Raw genomics sequence data

Long-term database backups

Data that must be retained for regulatory compliance

42copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Glacier

Long term low-cost archiving service

Optimal for infrequently accessed data

Designed for 99999999999 durability

3-5 hours retrieval time

Less than $001 per GB month (depending on region)

43copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 + Amazon Glacier

S3 Lifecycle policies allow you to delete or move

objects based on age and set rules per S3 bucket

bucket with

objects

30 Days

Glacier

archive

365 Days

44copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Region Considerations

Amazon S3 creates a bucket in the region you

select

You can choose a region to

Optimize latency

Minimize costs

Address regulatory requirements

Objects stored in a region never leave the region

unless you explicitly transfer them to another

region

45copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Storage Classes

Storage Class Durability Availability Other Considerations

Amazon S3

Standard

99999999999 9999 None

Amazon S3

Standard -

Infrequent

Access (IA)

99999999999 9999 bull Retrieval fee associated

with objects

bull Most suitable for

infrequently accessed

data

Glacier 99999999999 9999 (after you

restore objects)

bull Not available for real-time

access

bull Must restore objects

before you can access

them

46copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Elastic Block Store (EBS)

Persistent block level storage volumes

offering consistent and low-latency performance

Automatically replicated within its Availability

Zone

Snapshots stored durably in Amazon S3 Amazon

EBS

47copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS Lifecycle

Vast amounts of

unused space Create

Call CreateVolume

1 GB to 16 TB

Attach

Call AttachVolume to affiliate with

one Amazon EC2 instance

Attached

and

In Use

bull Format from Amazon EC2

instance OS

bull Mount formatted drive

CreateSnapshotSnapshot to

Amazon S3Detach

Call DetachVolume

Deleted

Call DeleteVolume

48copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS Facts

You can create

EBS Magnetic volumes from 1 GiB to 1 TiB in size

EBS General Purpose (SSD) and Provisioned IOPS (SSD)

volumes up to 16 TiB in size

You can use encrypted EBS volumes to meet a wide

range of data at-rest encryption requirements for

regulatedaudited data and applications

You can create point-in-time snapshots of EBS volumes

which are persisted to Amazon S3

49copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS and Amazon S3

Amazon EBS Amazon S3

Paradigm Block storage with file system Object store

Performance Very fast Fast

Redundancy Across multiple servers in an

Availability Zone

Across multiple facilities in a Region

Security EBS Encryption ndash Data volumes

and Snapshots

Encryption

Access from the

Internet

No (1) Yes (2)

Typical use case It is a disk drive Online storage

(1) Accessible from the Internet if mounted to server and set up as FTP etc

(2) Only with proper credentials unless ACLs are world-readable

50copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Instance Storage

Local complimentary direct attached block storage resource

Availability number of disks and size is based on EC2

instance type

Storage optimized instances for up to 365000 Read IOPS

and 315000 First Write IOPS

SSD or magnetic

No persistence

All data is automatically deleted when an EC2 instance stops

fails or is terminated

51copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Reboot vs Stop vs Terminate

Characteristic Reboot StopStart (EBS-backed instances only)

Terminate

Host computer The instance stays on the

same host computer

The instance runs on a new

host computer

NA

Private and public

IP addresses

Stay the same Instance keeps its private IP

address and gets a new public

IP address

NA

Elastic IP addresses

(EIP)

EIP remains associated with

the instance

EIP remains associated with the

instance

The EIP is disassociated from the

instance

Instance store

volumes

The data is preserved The data is erased The data is erased

EBS volume The volume is preserved The volume is preserved The volume is deleted by default

Billing Instance billing hour doesnrsquot

change

You stop incurring charges as

soon as state is changed to

stopping

You stop incurring charges as

soon as state is changed to

shutting-down

52copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instructor Demo

Amazon S3

53copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Networking

Amazon VPC

54copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

Provision a private isolated virtual network

on the AWS cloud

Have complete control over your virtual

networking environmentAmazon

VPC

55copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

VPCs and Subnets

A subnet defines a range of IP addresses in your VPC

You can launch AWS resources into a subnet that you select

A private subnet should be used for resources that wonrsquot be accessible over the Internet

A public subnet should be used for resources that will be accessed over the Internet

Each subnet must reside entirely within one Availability Zone and cannot span zones

56copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon VPC Example

Availability Zone A

Virtual Private Cloud

AWS Cloud

Public Subnet

Internet

Virtual Private Cloud

Availability Zone B

Private Subnet

Availability Zone C

VPN Only Subnet

DB Server DB Server

App Server

DB Server DB Server

DB Server

Web Server Web Server

NAT

Customer

Network

R

57copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security in Your VPC

Security groups

Network access

control lists

(ACLs) Subnet

1000024Subnet

1001024

Internet GatewayVPN Gateway

VPC Router

1000016

Security Group Security

Group

Security

Group

Network ACL Network ACL

Routing Table Routing Table

instance instance instance instance

58copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answers

Q What AWS service would help support your web application to offload serving static assets and store user uploaded images and video off-instance

Q How would you find out the private and public IP addresses for an EC2 instance

Q What acts as an additional layer of security at the subnet level in a VPC

True or False S3 Provides unlimited storageTrue

Retrieve the instance metadata http169254169254latestmeta-data

Amazon S3

Network ACLs

59copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 3

Security Identity and Access

Management

60copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Shared Responsibility ndash AWS

AW

S

Client-side Data Encryption

and Data Integrity

Authentication

Server-side Encryption

(File System andor Data)Network Traffic Protection

(EncryptionIntegrityIdentity)

Platform Applications Identity and Access Management

Operating System Network and Firewall Configuration

Customer DataC

usto

mer

Foundation Services

Compute Storage Database Network

AWS Global

Infrastructure Regions

Availability Zones Edge

Locations

61copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Physical Security

247 trained security staff

AWS data centers in nondescript and undisclosed facilities

Two-factor authentication for authorized staff

Authorization for data center access

62copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Hardware Software and Network

Automated change-control process

Bastion servers that record all access attempts

Firewall and other boundary devices

AWS monitoring tools

63copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Certifications and Accreditations

ISO 9001 ISO 27001 ISO 27017 ISO 27018 IRAP (Australia) MLPS Level 3 (China)

MTCS Tier 3 Certification (Singapore) and more hellip

64copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SSL Endpoints

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

SSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

SSL Endpoints

65copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security Groups

SSL Endpoints Security Groups

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

66copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

VPCSSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

67copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Multi-Tier Security Groups

HTTP

SSHRDP

Ports 80 and 443 only

open to the Internet

Engineering staff have SSHRDP

access to Bastion Host

All other internet ports blocked by default

Bastion

68copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Identity and Access Management (IAM)

AWS IAM

3

Manage federated users

and their permissions

2

Manage AWS IAM roles

and their permissions

1

Manage AWS IAM users

and their access

69copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Authentication

AWS Management Console User Name and Password

IAM User

70copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Access Key ID AKIAIOSFODNN7EXAMPLE

Secret Access Key wJalrXUtnFEMIK7MDENGbPxRfiCYEXAMPLEKEY

Java Python NET

AWS SDK amp APIAWS CLI

Authentication

AWS CLI or SDK API Access Key and Secret Key

IAM User

71copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM User Management - Groups

User D

DevOps Group

User C

AWS Account

TestDev Group

User BUser A

72copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authorization

Authorization

Policies

Are JSON documents to

describe permissions

Are assigned to Users

Groups or Roles

IAM User IAM Group

IAM Roles

73copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Elements

Version 2012-10-17

Statement [

Sid Stmt1453690971587

Action [

ec2Describe

ec2StartInstances

ec2StopInstancesrdquo

]

Effect Allow

Resource

Condition

IpAddress

awsSourceIp 5464346532rdquo

Sid Stmt1453690998327

Action [

s3GetObjectrdquo

]

Effect Allow

Resource arnawss3example_bucketrdquo

]

IAM Policy

74copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

Assigned Assigned

IAM Policy

75copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

76copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Roles

An IAM role uses a policy

An IAM role has no associated credentials

IAM users applications and services may assume IAM

roles

IAM Roles

77copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

IAM User

Assumed Assumed

AWS Resources

78copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Access to AWS Resources

Python application hosted on an Amazon EC2 Instance

needs to interact with Amazon S3

AWS credentials are required

Option 1 Store AWS Credentials on the Amazon EC2 instance

Option 2 Securely distribute AWS credentials to AWS Services

and Applications

IAM Roles

79copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Authentication

AWS IAM Application

No Support No Support

OS

80copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication and Authorization

Authentication

AWS Management Console

bull User Name and Password

AWS CLI or SDK API

bull Access Key and Secret Key

Authorization

Policies

IAM User IAM Group

IAM Roles

81copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices

Delete AWS account (root) access keys

Create individual IAM users

Use groups to assign permissions to IAM users

Grant least privilege

Configure a strong password policy

Enable MFA for privileged users

82copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices (cont)

Use roles for applications that run on Amazon EC2

instances

Delegate by using roles instead of by sharing credentials

Rotate credentials regularly

Remove unnecessary users and credentials

Use policy conditions for extra security

Monitor activity in your AWS account

83copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Resource-Based Policies

Are an alternative to IAM and supported by some

services

Grant cross-account access to your resources

Use a principal to uniquely identify account in the policy

Supported AWS services include Amazon S3 Bucket Policy

Amazon SNS Topic Policy

Amazon SQS Queue Policy

Amazon Glacier Vault Policy

AWS OpsWorks Stack Policy

AWS Lambda Function Policy

84copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answer

Q Your web application needs to readwrite an Amazon DynamoDB table

and an Amazon S3 bucket This operation requires AWS credentials and

authorization to use AWS services What service would you use

AWS IAM Role

85copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 4

Databases

86copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SQL and NoSQL Databases

SQL NoSQL

Data Storage Rows and Columns Key-Value

Schemas Fixed Dynamic

Querying Using SQL Focused on collection of

documents

Scalability Vertical Horizontal

ISBN Title Author Format

9182932465265 Cloud Computing

Concepts

Wilson

Joe

Paperback

3142536475869 The Database

Guru

Gomez

Maria

eBook

SQL NoSQL

ISBN 9182932465265

Title ldquoCloud Computing Conceptsrdquo

Author ldquoWilson Joerdquo

Format ldquoPaperbackrdquo

87copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Data Storage Considerations

No one size fits all

Analyze your data requirements by considering

Data formats

Data size

Query frequency

Data access speed

Data retention period

88copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Managed Database Services

Compute Storage

AWS Global Infrastructure

Database

App Services

Deployment and Administration

Networking

Amazon DynamoDB

Amazon ElastiCache

Amazon RDS

Amazon Redshift

AWS Database Migration Service

89copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Relational Database Service (RDS)

Cost-efficient and resizable capacity

Manages time-consuming database

administration tasks

Access to the full capabilities of Amazon

Aurora MySQL MariaDB Microsoft SQL

Server Oracle and PostgreSQL databases

Amazon

RDS

90copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Use Case

We were able to go from

concept to delivered product

in about six months with just

a handful of engineers

Greg Scallan

Chief Architect Flipboard

rdquo

ldquoFlipboard is an online magazine

with millions of users and billions of

ldquoflipsrdquo per month

Flipboard is one of the worldrsquos first

social media magazines

Flipboard uses Amazon RDS and

its Multi-AZ capabilities to store

mission critical user data

91copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS

Simple and fast to deploy

Manages common database administrative tasks

Compatible with your applications

Fast predictable performance

Simple and fast to scale

Secure

Cost-effective

92copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

How Amazon RDS Backups Work

Automatic Backups

Restore your database to a

point in time

Are enabled by default

Let you choose a retention

period up to 35 days

Manual Snapshots

Let you build a new

database instance from a

snapshot

Are initiated by the user

Persist until the user deletes

them

Are stored in Amazon S3

93copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cross-Region Snapshots

Are a copy of a database

snapshot stored in a

different AWS Region

Provide a backup for

disaster recovery

Can be used as a base

for migration to a

different region

94copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Security

Run your DB instance in an Amazon VPC

Use IAM policies to grant access to Amazon RDS resources

Use security groups

Use Secure Socket Layer (SSL) connections with DB instances (Amazon Aurora Oracle MySQL MariaDB PostgreSQL Microsoft SQL Server)

Use Amazon RDS encryption to secure your RDS instances and snapshots at rest

Use network encryption and transparent data encryption (TDE) with Oracle DB and Microsoft SQL Server instances

Use the security features of your DB engine to control access to your DB instance

95copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

A Resilient Durable Application Architecture

Amazon RDS database

instances

Master and Multi-AZ standby

Application in Amazon

EC2 instances

Elastic Load Balancing

load balancer instance

DB snapshots in

Amazon S3

96copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Best Practices

Monitor your memory CPU and storage usage

Use Multi-AZ deployments to automatically provision and maintain a synchronous standby in a different Availability Zone

Enable automatic backups

Set the backup window to occur during the daily low in WriteIOPS

To increase the IO capacity of a DB instance Migrate to a DB instance class with high IO capacity

Convert from standard storage to provisioned IOPS storage and use a DB instance class optimized for provisioned IOPS

Provision additional throughput capacity (if using provisioned IOPS storage)

If your client application is caching the DNS data of your DB instances set a TTL of less than 30 seconds

Test failover for your DB instance

97copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon DynamoDB

Store any amount of data with no limits

Fast predictable performance using SSDs

Easily provision and change the request

capacity needed for each table

Fully managed NoSQL database serviceAmazon

DynamoDB

98copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Use Case

AdRoll an online advertising platform serves 50

billion impressions a day worldwide with its

global retargeting platforms

We spend more on snacks

than we do on Amazon

DynamoDB

Valentino Volonghi

CTO Adroll

rdquo

ldquoAdroll Uses AWS to grow by more than

15000 in a year

Needed high-performance flexible

platform to swiftly sync data for

worldwide audience

Processes 50 TB of data a day

Serves 50 billion impressions a day

Stores 15 PB of data

Worldwide deployment minimizes

latency

99copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Data Model

Table

MusicItems

Attributes (name-value pairs)

Artist Song

Title

Album

Title

Year Genre

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 12: AWSome Day Cork | Technical Track

12copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Global Infrastructure

Regions

Geographic locations

Consists of at least two Availability Zones(AZs)

Availability Zones

Clusters of data centers

Isolated from failures in other Availability Zones

13copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Achieving High Availability Using Multi-AZ

Availability

Zone - AAvailability

Zone - B

Availability

Zone - C

Region

14copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Global Infrastructure

15copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Global Infrastructure

50+ AWS Edge Locations

Local points-of-presence commonly supporting AWS

services like

Amazon Route 53

Amazon CloudFront

16copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check

Q What is the AWS term for physically distinct groups of data centers

within a region

True or False There are more regions than Edge locations

True or False AWS owns and maintains the infrastructure required

for application services and you provision and use them as needed

Q How do AZs in the same region differ

Availability Zone (AZ)

False

True

Each Availability Zone is isolated but the Availability Zones in a region are

connected through low-latency links

17copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Management

Console Demonstration

18copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 2

AWS Infrastructure

19copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Elastic Compute

Cloud (EC2)

20copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Elastic Compute Cloud (EC2)

Resizable compute capacity

Complete control of your computing resources

Reduces the time required to obtain and boot

new server instances to minutesAmazon

EC2

21copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Facts

Scale capacity as your computing requirements change

Pay only for capacity that you actually use

Choose Linux or Windows

Deploy across AWS Regions and Availability Zones for reliability

22copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launching an Amazon EC2 Instance via the Web

Console

1 Determine the AWS Region in which you want to launch the

Amazon EC2 instance

2 Launch an Amazon EC2 instance from a pre-configured

Amazon Machine Image (AMI)

3 Choose an instance type based on CPU memory storage

and network requirements

4 Configure network IP address security groups storage

volume tags and key pair

23copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AMI Details

An AMI includes the following

A template for the root volume for the instance (for

example an operating system an application server

and applications)

Launch permissions that control which AWS accounts

can use the AMI to launch instances

A block device mapping that specifies the volumes to

attach to the instance when its launched

24copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instances and AMIs

Select an AMI based on

Region

Operating system

Architecture (32-bit or 64-bit)

Launch permissions

Storage for the root deviceAMI

Instances

Instance

Launch

instances of any

type

Host computer

Host computer

25copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Instances

OS Applications

amp Configuration

AMI

Running or

Stopped VM

Instances

AZ

VPC

Region

EBS

S3

EBS

SnapshotsS3 Buckets

EBS EBS EBS EBS EBS

AZ

Instances Instances

26copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS vs Amazon EC2 Instance Store

Amazon EBS

Data stored on an Amazon EBS volume can persist

independently of the life of the instance

Storage is persistent

Amazon EC2 Instance Store

Data stored on a local instance store persists only as long as the

instance is alive

Storage is ephemeral

27copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Marketplace ndash IT Software Optimized for the

Cloud

AWS Marketplace

Is an online store to discover purchase and deploy IT software on top of the AWS infrastructure

Catalog of 2300+ IT software solutionsbull Including Paid BYOL Open Source SaaS amp free to try options

Pre-configured to operate on AWSbull Software checked by AWS for security and operability

Deploys to AWS environment in minutes

Flexible usage-based billing models

Software charges billed to AWS account

Includes AWS Test Drive

httpsawsamazoncommarketplace

28copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Choosing the Right Amazon EC2 Instance

EC2 instance types are optimized for different use cases and come

in multiple sizes This allows you to optimally scale resources to

your workload requirements

AWS uses Intelreg Xeonreg processors for EC2 instances providing

customers with high performance and value

Consider the following when choosing your instances Core count

memory size storage size and type network performance and

CPU technologies

Hurry Up and Go Idle - A larger compute instance can save you time

and money therefore paying more per hour for a shorter amount of

time can be less expensive

29copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Intelreg Processor Technologies

Intelreg AVX ndash Get dramatically better performance for highly parallel HPC workloads such as life science engineering data mining financial analysis or other technical computing applications AVX also enhances image video and audio processing

Intelreg AES-NI ndash Enhance your security with these new encryption instructions that reduce the performance penalty associated with encryptingdecrypting data

Intelreg Turbo Boost Technology ndash Get more computing power when you need it with performance that adapts to spikes in your workload with Intelreg Turbo Boost Technology 20

30copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Current Generation Instances

Instance Family Some Use Cases

General purpose (t2 m4 m3) bull Low-traffic websites and web applications

bull Small databases and mid-size databases

Compute optimized (c4 c3) bull High performance front-end fleets

bull Video-encoding

Memory optimized (r3) bull High performance databases

bull Distributed memory caches

Storage optimized (i2 d2) bull Data warehousing

bull Log or data-processing applications

GPU instances (g2) bull 3D application streaming

bull Machine learning

31copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instance Metadata amp User Data

Instance Metadata

Is data about your instance

Can be used to configure or manage a running instance

Instance User Data

Can be passed to the instance at launch

Can be used to perform common automated configuration tasks

Runs scripts after the instance starts

32copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Purchasing Options

On-Demand Instances

Pay by the hour

Reserved Instances

Purchase at significant discount

Instances are always available

1-year to 3-year terms

Scheduled Instances

Purchase a 1-year RI for a

recurring period of time

Spot Instances

Highest bidder uses instance at a

significant discount

Spot blocks supported

Dedicated Hosts

Physical host is fully dedicated to

run your instances Bring your per-socket per-core or per-

VM software licenses to reduce

cost

33copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instructor Demo

Amazon EC2

34copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Simple Storage Service (S3)

Amazon S3

Storage for the Internet

Natively online HTTP access

Store and retrieve any amount of data any

time from anywhere on the web

Highly scalable reliable fast and durable

35copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Facts

Able to store an unlimited number of objects in a bucket

Objects up to 5 TB no bucket size limit

Designed for 99999999999 durability and 9999 availability of

objects over a given year

HTTPS endpoint to store and retrieve any amount of data at any

time from anywhere on the web

Highly scalable reliable fast and inexpensive

Optional server-side encryption using AWS or customer-

managed provided client-side encryption

Access logs for auditing

Provides standards-based REST and SOAP interfaces

36copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Common Use Scenarios

Storage and Backup

Application File Hosting

Media Hosting

Software Delivery

Store AMIs and Snapshots

37copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Concepts

Amazon S3 stores data as objects

within buckets

An object is composed of a file and

optionally any metadata that

describes that file

You can have up to 100 buckets in

each account

You can control access to the

bucket and its objects

Amazon

S3

Bucket

with

Objects

Bucket

Object

38copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Object Keys

An object key is the unique identifier for an object in a

bucket

httpdocs3amazonawscom2006-03-01AmazonS3html

Bucket ObjectKey

39copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Security

You can control access to buckets and objects with

Access Control Lists (ACLs)

Bucket policies

Identity and Access Management (IAM) policies

You can upload or download data to Amazon S3 via SSL

encrypted endpoints

You can encrypt data using AWS SDKs

40copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Versioning

Protects from accidental overwrites and deletes with

no performance penalty

Generates a new version with every upload

Allows easily retrieval of deleted objects or roll back

to previous versions

Three states of an Amazon S3 bucket

Un-versioned (default)

Versioning-enabled

Versioning-suspendedVersioning Enabled

Key photogif

ID 121212

Key photogif

ID 111111

41copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Object Lifecycle

Lifecycle management defines how Amazon S3 manages

objects during their lifetime Some objects that you store in an

Amazon S3 bucket might have a well-defined lifecycle

Log files

Archive documents

Digital media archives

Financial and healthcare records

Raw genomics sequence data

Long-term database backups

Data that must be retained for regulatory compliance

42copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Glacier

Long term low-cost archiving service

Optimal for infrequently accessed data

Designed for 99999999999 durability

3-5 hours retrieval time

Less than $001 per GB month (depending on region)

43copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 + Amazon Glacier

S3 Lifecycle policies allow you to delete or move

objects based on age and set rules per S3 bucket

bucket with

objects

30 Days

Glacier

archive

365 Days

44copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Region Considerations

Amazon S3 creates a bucket in the region you

select

You can choose a region to

Optimize latency

Minimize costs

Address regulatory requirements

Objects stored in a region never leave the region

unless you explicitly transfer them to another

region

45copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Storage Classes

Storage Class Durability Availability Other Considerations

Amazon S3

Standard

99999999999 9999 None

Amazon S3

Standard -

Infrequent

Access (IA)

99999999999 9999 bull Retrieval fee associated

with objects

bull Most suitable for

infrequently accessed

data

Glacier 99999999999 9999 (after you

restore objects)

bull Not available for real-time

access

bull Must restore objects

before you can access

them

46copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Elastic Block Store (EBS)

Persistent block level storage volumes

offering consistent and low-latency performance

Automatically replicated within its Availability

Zone

Snapshots stored durably in Amazon S3 Amazon

EBS

47copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS Lifecycle

Vast amounts of

unused space Create

Call CreateVolume

1 GB to 16 TB

Attach

Call AttachVolume to affiliate with

one Amazon EC2 instance

Attached

and

In Use

bull Format from Amazon EC2

instance OS

bull Mount formatted drive

CreateSnapshotSnapshot to

Amazon S3Detach

Call DetachVolume

Deleted

Call DeleteVolume

48copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS Facts

You can create

EBS Magnetic volumes from 1 GiB to 1 TiB in size

EBS General Purpose (SSD) and Provisioned IOPS (SSD)

volumes up to 16 TiB in size

You can use encrypted EBS volumes to meet a wide

range of data at-rest encryption requirements for

regulatedaudited data and applications

You can create point-in-time snapshots of EBS volumes

which are persisted to Amazon S3

49copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS and Amazon S3

Amazon EBS Amazon S3

Paradigm Block storage with file system Object store

Performance Very fast Fast

Redundancy Across multiple servers in an

Availability Zone

Across multiple facilities in a Region

Security EBS Encryption ndash Data volumes

and Snapshots

Encryption

Access from the

Internet

No (1) Yes (2)

Typical use case It is a disk drive Online storage

(1) Accessible from the Internet if mounted to server and set up as FTP etc

(2) Only with proper credentials unless ACLs are world-readable

50copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Instance Storage

Local complimentary direct attached block storage resource

Availability number of disks and size is based on EC2

instance type

Storage optimized instances for up to 365000 Read IOPS

and 315000 First Write IOPS

SSD or magnetic

No persistence

All data is automatically deleted when an EC2 instance stops

fails or is terminated

51copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Reboot vs Stop vs Terminate

Characteristic Reboot StopStart (EBS-backed instances only)

Terminate

Host computer The instance stays on the

same host computer

The instance runs on a new

host computer

NA

Private and public

IP addresses

Stay the same Instance keeps its private IP

address and gets a new public

IP address

NA

Elastic IP addresses

(EIP)

EIP remains associated with

the instance

EIP remains associated with the

instance

The EIP is disassociated from the

instance

Instance store

volumes

The data is preserved The data is erased The data is erased

EBS volume The volume is preserved The volume is preserved The volume is deleted by default

Billing Instance billing hour doesnrsquot

change

You stop incurring charges as

soon as state is changed to

stopping

You stop incurring charges as

soon as state is changed to

shutting-down

52copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instructor Demo

Amazon S3

53copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Networking

Amazon VPC

54copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

Provision a private isolated virtual network

on the AWS cloud

Have complete control over your virtual

networking environmentAmazon

VPC

55copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

VPCs and Subnets

A subnet defines a range of IP addresses in your VPC

You can launch AWS resources into a subnet that you select

A private subnet should be used for resources that wonrsquot be accessible over the Internet

A public subnet should be used for resources that will be accessed over the Internet

Each subnet must reside entirely within one Availability Zone and cannot span zones

56copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon VPC Example

Availability Zone A

Virtual Private Cloud

AWS Cloud

Public Subnet

Internet

Virtual Private Cloud

Availability Zone B

Private Subnet

Availability Zone C

VPN Only Subnet

DB Server DB Server

App Server

DB Server DB Server

DB Server

Web Server Web Server

NAT

Customer

Network

R

57copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security in Your VPC

Security groups

Network access

control lists

(ACLs) Subnet

1000024Subnet

1001024

Internet GatewayVPN Gateway

VPC Router

1000016

Security Group Security

Group

Security

Group

Network ACL Network ACL

Routing Table Routing Table

instance instance instance instance

58copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answers

Q What AWS service would help support your web application to offload serving static assets and store user uploaded images and video off-instance

Q How would you find out the private and public IP addresses for an EC2 instance

Q What acts as an additional layer of security at the subnet level in a VPC

True or False S3 Provides unlimited storageTrue

Retrieve the instance metadata http169254169254latestmeta-data

Amazon S3

Network ACLs

59copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 3

Security Identity and Access

Management

60copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Shared Responsibility ndash AWS

AW

S

Client-side Data Encryption

and Data Integrity

Authentication

Server-side Encryption

(File System andor Data)Network Traffic Protection

(EncryptionIntegrityIdentity)

Platform Applications Identity and Access Management

Operating System Network and Firewall Configuration

Customer DataC

usto

mer

Foundation Services

Compute Storage Database Network

AWS Global

Infrastructure Regions

Availability Zones Edge

Locations

61copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Physical Security

247 trained security staff

AWS data centers in nondescript and undisclosed facilities

Two-factor authentication for authorized staff

Authorization for data center access

62copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Hardware Software and Network

Automated change-control process

Bastion servers that record all access attempts

Firewall and other boundary devices

AWS monitoring tools

63copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Certifications and Accreditations

ISO 9001 ISO 27001 ISO 27017 ISO 27018 IRAP (Australia) MLPS Level 3 (China)

MTCS Tier 3 Certification (Singapore) and more hellip

64copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SSL Endpoints

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

SSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

SSL Endpoints

65copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security Groups

SSL Endpoints Security Groups

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

66copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

VPCSSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

67copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Multi-Tier Security Groups

HTTP

SSHRDP

Ports 80 and 443 only

open to the Internet

Engineering staff have SSHRDP

access to Bastion Host

All other internet ports blocked by default

Bastion

68copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Identity and Access Management (IAM)

AWS IAM

3

Manage federated users

and their permissions

2

Manage AWS IAM roles

and their permissions

1

Manage AWS IAM users

and their access

69copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Authentication

AWS Management Console User Name and Password

IAM User

70copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Access Key ID AKIAIOSFODNN7EXAMPLE

Secret Access Key wJalrXUtnFEMIK7MDENGbPxRfiCYEXAMPLEKEY

Java Python NET

AWS SDK amp APIAWS CLI

Authentication

AWS CLI or SDK API Access Key and Secret Key

IAM User

71copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM User Management - Groups

User D

DevOps Group

User C

AWS Account

TestDev Group

User BUser A

72copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authorization

Authorization

Policies

Are JSON documents to

describe permissions

Are assigned to Users

Groups or Roles

IAM User IAM Group

IAM Roles

73copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Elements

Version 2012-10-17

Statement [

Sid Stmt1453690971587

Action [

ec2Describe

ec2StartInstances

ec2StopInstancesrdquo

]

Effect Allow

Resource

Condition

IpAddress

awsSourceIp 5464346532rdquo

Sid Stmt1453690998327

Action [

s3GetObjectrdquo

]

Effect Allow

Resource arnawss3example_bucketrdquo

]

IAM Policy

74copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

Assigned Assigned

IAM Policy

75copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

76copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Roles

An IAM role uses a policy

An IAM role has no associated credentials

IAM users applications and services may assume IAM

roles

IAM Roles

77copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

IAM User

Assumed Assumed

AWS Resources

78copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Access to AWS Resources

Python application hosted on an Amazon EC2 Instance

needs to interact with Amazon S3

AWS credentials are required

Option 1 Store AWS Credentials on the Amazon EC2 instance

Option 2 Securely distribute AWS credentials to AWS Services

and Applications

IAM Roles

79copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Authentication

AWS IAM Application

No Support No Support

OS

80copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication and Authorization

Authentication

AWS Management Console

bull User Name and Password

AWS CLI or SDK API

bull Access Key and Secret Key

Authorization

Policies

IAM User IAM Group

IAM Roles

81copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices

Delete AWS account (root) access keys

Create individual IAM users

Use groups to assign permissions to IAM users

Grant least privilege

Configure a strong password policy

Enable MFA for privileged users

82copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices (cont)

Use roles for applications that run on Amazon EC2

instances

Delegate by using roles instead of by sharing credentials

Rotate credentials regularly

Remove unnecessary users and credentials

Use policy conditions for extra security

Monitor activity in your AWS account

83copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Resource-Based Policies

Are an alternative to IAM and supported by some

services

Grant cross-account access to your resources

Use a principal to uniquely identify account in the policy

Supported AWS services include Amazon S3 Bucket Policy

Amazon SNS Topic Policy

Amazon SQS Queue Policy

Amazon Glacier Vault Policy

AWS OpsWorks Stack Policy

AWS Lambda Function Policy

84copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answer

Q Your web application needs to readwrite an Amazon DynamoDB table

and an Amazon S3 bucket This operation requires AWS credentials and

authorization to use AWS services What service would you use

AWS IAM Role

85copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 4

Databases

86copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SQL and NoSQL Databases

SQL NoSQL

Data Storage Rows and Columns Key-Value

Schemas Fixed Dynamic

Querying Using SQL Focused on collection of

documents

Scalability Vertical Horizontal

ISBN Title Author Format

9182932465265 Cloud Computing

Concepts

Wilson

Joe

Paperback

3142536475869 The Database

Guru

Gomez

Maria

eBook

SQL NoSQL

ISBN 9182932465265

Title ldquoCloud Computing Conceptsrdquo

Author ldquoWilson Joerdquo

Format ldquoPaperbackrdquo

87copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Data Storage Considerations

No one size fits all

Analyze your data requirements by considering

Data formats

Data size

Query frequency

Data access speed

Data retention period

88copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Managed Database Services

Compute Storage

AWS Global Infrastructure

Database

App Services

Deployment and Administration

Networking

Amazon DynamoDB

Amazon ElastiCache

Amazon RDS

Amazon Redshift

AWS Database Migration Service

89copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Relational Database Service (RDS)

Cost-efficient and resizable capacity

Manages time-consuming database

administration tasks

Access to the full capabilities of Amazon

Aurora MySQL MariaDB Microsoft SQL

Server Oracle and PostgreSQL databases

Amazon

RDS

90copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Use Case

We were able to go from

concept to delivered product

in about six months with just

a handful of engineers

Greg Scallan

Chief Architect Flipboard

rdquo

ldquoFlipboard is an online magazine

with millions of users and billions of

ldquoflipsrdquo per month

Flipboard is one of the worldrsquos first

social media magazines

Flipboard uses Amazon RDS and

its Multi-AZ capabilities to store

mission critical user data

91copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS

Simple and fast to deploy

Manages common database administrative tasks

Compatible with your applications

Fast predictable performance

Simple and fast to scale

Secure

Cost-effective

92copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

How Amazon RDS Backups Work

Automatic Backups

Restore your database to a

point in time

Are enabled by default

Let you choose a retention

period up to 35 days

Manual Snapshots

Let you build a new

database instance from a

snapshot

Are initiated by the user

Persist until the user deletes

them

Are stored in Amazon S3

93copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cross-Region Snapshots

Are a copy of a database

snapshot stored in a

different AWS Region

Provide a backup for

disaster recovery

Can be used as a base

for migration to a

different region

94copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Security

Run your DB instance in an Amazon VPC

Use IAM policies to grant access to Amazon RDS resources

Use security groups

Use Secure Socket Layer (SSL) connections with DB instances (Amazon Aurora Oracle MySQL MariaDB PostgreSQL Microsoft SQL Server)

Use Amazon RDS encryption to secure your RDS instances and snapshots at rest

Use network encryption and transparent data encryption (TDE) with Oracle DB and Microsoft SQL Server instances

Use the security features of your DB engine to control access to your DB instance

95copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

A Resilient Durable Application Architecture

Amazon RDS database

instances

Master and Multi-AZ standby

Application in Amazon

EC2 instances

Elastic Load Balancing

load balancer instance

DB snapshots in

Amazon S3

96copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Best Practices

Monitor your memory CPU and storage usage

Use Multi-AZ deployments to automatically provision and maintain a synchronous standby in a different Availability Zone

Enable automatic backups

Set the backup window to occur during the daily low in WriteIOPS

To increase the IO capacity of a DB instance Migrate to a DB instance class with high IO capacity

Convert from standard storage to provisioned IOPS storage and use a DB instance class optimized for provisioned IOPS

Provision additional throughput capacity (if using provisioned IOPS storage)

If your client application is caching the DNS data of your DB instances set a TTL of less than 30 seconds

Test failover for your DB instance

97copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon DynamoDB

Store any amount of data with no limits

Fast predictable performance using SSDs

Easily provision and change the request

capacity needed for each table

Fully managed NoSQL database serviceAmazon

DynamoDB

98copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Use Case

AdRoll an online advertising platform serves 50

billion impressions a day worldwide with its

global retargeting platforms

We spend more on snacks

than we do on Amazon

DynamoDB

Valentino Volonghi

CTO Adroll

rdquo

ldquoAdroll Uses AWS to grow by more than

15000 in a year

Needed high-performance flexible

platform to swiftly sync data for

worldwide audience

Processes 50 TB of data a day

Serves 50 billion impressions a day

Stores 15 PB of data

Worldwide deployment minimizes

latency

99copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Data Model

Table

MusicItems

Attributes (name-value pairs)

Artist Song

Title

Album

Title

Year Genre

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 13: AWSome Day Cork | Technical Track

13copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Achieving High Availability Using Multi-AZ

Availability

Zone - AAvailability

Zone - B

Availability

Zone - C

Region

14copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Global Infrastructure

15copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Global Infrastructure

50+ AWS Edge Locations

Local points-of-presence commonly supporting AWS

services like

Amazon Route 53

Amazon CloudFront

16copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check

Q What is the AWS term for physically distinct groups of data centers

within a region

True or False There are more regions than Edge locations

True or False AWS owns and maintains the infrastructure required

for application services and you provision and use them as needed

Q How do AZs in the same region differ

Availability Zone (AZ)

False

True

Each Availability Zone is isolated but the Availability Zones in a region are

connected through low-latency links

17copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Management

Console Demonstration

18copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 2

AWS Infrastructure

19copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Elastic Compute

Cloud (EC2)

20copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Elastic Compute Cloud (EC2)

Resizable compute capacity

Complete control of your computing resources

Reduces the time required to obtain and boot

new server instances to minutesAmazon

EC2

21copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Facts

Scale capacity as your computing requirements change

Pay only for capacity that you actually use

Choose Linux or Windows

Deploy across AWS Regions and Availability Zones for reliability

22copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launching an Amazon EC2 Instance via the Web

Console

1 Determine the AWS Region in which you want to launch the

Amazon EC2 instance

2 Launch an Amazon EC2 instance from a pre-configured

Amazon Machine Image (AMI)

3 Choose an instance type based on CPU memory storage

and network requirements

4 Configure network IP address security groups storage

volume tags and key pair

23copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AMI Details

An AMI includes the following

A template for the root volume for the instance (for

example an operating system an application server

and applications)

Launch permissions that control which AWS accounts

can use the AMI to launch instances

A block device mapping that specifies the volumes to

attach to the instance when its launched

24copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instances and AMIs

Select an AMI based on

Region

Operating system

Architecture (32-bit or 64-bit)

Launch permissions

Storage for the root deviceAMI

Instances

Instance

Launch

instances of any

type

Host computer

Host computer

25copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Instances

OS Applications

amp Configuration

AMI

Running or

Stopped VM

Instances

AZ

VPC

Region

EBS

S3

EBS

SnapshotsS3 Buckets

EBS EBS EBS EBS EBS

AZ

Instances Instances

26copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS vs Amazon EC2 Instance Store

Amazon EBS

Data stored on an Amazon EBS volume can persist

independently of the life of the instance

Storage is persistent

Amazon EC2 Instance Store

Data stored on a local instance store persists only as long as the

instance is alive

Storage is ephemeral

27copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Marketplace ndash IT Software Optimized for the

Cloud

AWS Marketplace

Is an online store to discover purchase and deploy IT software on top of the AWS infrastructure

Catalog of 2300+ IT software solutionsbull Including Paid BYOL Open Source SaaS amp free to try options

Pre-configured to operate on AWSbull Software checked by AWS for security and operability

Deploys to AWS environment in minutes

Flexible usage-based billing models

Software charges billed to AWS account

Includes AWS Test Drive

httpsawsamazoncommarketplace

28copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Choosing the Right Amazon EC2 Instance

EC2 instance types are optimized for different use cases and come

in multiple sizes This allows you to optimally scale resources to

your workload requirements

AWS uses Intelreg Xeonreg processors for EC2 instances providing

customers with high performance and value

Consider the following when choosing your instances Core count

memory size storage size and type network performance and

CPU technologies

Hurry Up and Go Idle - A larger compute instance can save you time

and money therefore paying more per hour for a shorter amount of

time can be less expensive

29copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Intelreg Processor Technologies

Intelreg AVX ndash Get dramatically better performance for highly parallel HPC workloads such as life science engineering data mining financial analysis or other technical computing applications AVX also enhances image video and audio processing

Intelreg AES-NI ndash Enhance your security with these new encryption instructions that reduce the performance penalty associated with encryptingdecrypting data

Intelreg Turbo Boost Technology ndash Get more computing power when you need it with performance that adapts to spikes in your workload with Intelreg Turbo Boost Technology 20

30copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Current Generation Instances

Instance Family Some Use Cases

General purpose (t2 m4 m3) bull Low-traffic websites and web applications

bull Small databases and mid-size databases

Compute optimized (c4 c3) bull High performance front-end fleets

bull Video-encoding

Memory optimized (r3) bull High performance databases

bull Distributed memory caches

Storage optimized (i2 d2) bull Data warehousing

bull Log or data-processing applications

GPU instances (g2) bull 3D application streaming

bull Machine learning

31copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instance Metadata amp User Data

Instance Metadata

Is data about your instance

Can be used to configure or manage a running instance

Instance User Data

Can be passed to the instance at launch

Can be used to perform common automated configuration tasks

Runs scripts after the instance starts

32copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Purchasing Options

On-Demand Instances

Pay by the hour

Reserved Instances

Purchase at significant discount

Instances are always available

1-year to 3-year terms

Scheduled Instances

Purchase a 1-year RI for a

recurring period of time

Spot Instances

Highest bidder uses instance at a

significant discount

Spot blocks supported

Dedicated Hosts

Physical host is fully dedicated to

run your instances Bring your per-socket per-core or per-

VM software licenses to reduce

cost

33copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instructor Demo

Amazon EC2

34copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Simple Storage Service (S3)

Amazon S3

Storage for the Internet

Natively online HTTP access

Store and retrieve any amount of data any

time from anywhere on the web

Highly scalable reliable fast and durable

35copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Facts

Able to store an unlimited number of objects in a bucket

Objects up to 5 TB no bucket size limit

Designed for 99999999999 durability and 9999 availability of

objects over a given year

HTTPS endpoint to store and retrieve any amount of data at any

time from anywhere on the web

Highly scalable reliable fast and inexpensive

Optional server-side encryption using AWS or customer-

managed provided client-side encryption

Access logs for auditing

Provides standards-based REST and SOAP interfaces

36copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Common Use Scenarios

Storage and Backup

Application File Hosting

Media Hosting

Software Delivery

Store AMIs and Snapshots

37copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Concepts

Amazon S3 stores data as objects

within buckets

An object is composed of a file and

optionally any metadata that

describes that file

You can have up to 100 buckets in

each account

You can control access to the

bucket and its objects

Amazon

S3

Bucket

with

Objects

Bucket

Object

38copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Object Keys

An object key is the unique identifier for an object in a

bucket

httpdocs3amazonawscom2006-03-01AmazonS3html

Bucket ObjectKey

39copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Security

You can control access to buckets and objects with

Access Control Lists (ACLs)

Bucket policies

Identity and Access Management (IAM) policies

You can upload or download data to Amazon S3 via SSL

encrypted endpoints

You can encrypt data using AWS SDKs

40copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Versioning

Protects from accidental overwrites and deletes with

no performance penalty

Generates a new version with every upload

Allows easily retrieval of deleted objects or roll back

to previous versions

Three states of an Amazon S3 bucket

Un-versioned (default)

Versioning-enabled

Versioning-suspendedVersioning Enabled

Key photogif

ID 121212

Key photogif

ID 111111

41copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Object Lifecycle

Lifecycle management defines how Amazon S3 manages

objects during their lifetime Some objects that you store in an

Amazon S3 bucket might have a well-defined lifecycle

Log files

Archive documents

Digital media archives

Financial and healthcare records

Raw genomics sequence data

Long-term database backups

Data that must be retained for regulatory compliance

42copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Glacier

Long term low-cost archiving service

Optimal for infrequently accessed data

Designed for 99999999999 durability

3-5 hours retrieval time

Less than $001 per GB month (depending on region)

43copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 + Amazon Glacier

S3 Lifecycle policies allow you to delete or move

objects based on age and set rules per S3 bucket

bucket with

objects

30 Days

Glacier

archive

365 Days

44copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Region Considerations

Amazon S3 creates a bucket in the region you

select

You can choose a region to

Optimize latency

Minimize costs

Address regulatory requirements

Objects stored in a region never leave the region

unless you explicitly transfer them to another

region

45copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Storage Classes

Storage Class Durability Availability Other Considerations

Amazon S3

Standard

99999999999 9999 None

Amazon S3

Standard -

Infrequent

Access (IA)

99999999999 9999 bull Retrieval fee associated

with objects

bull Most suitable for

infrequently accessed

data

Glacier 99999999999 9999 (after you

restore objects)

bull Not available for real-time

access

bull Must restore objects

before you can access

them

46copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Elastic Block Store (EBS)

Persistent block level storage volumes

offering consistent and low-latency performance

Automatically replicated within its Availability

Zone

Snapshots stored durably in Amazon S3 Amazon

EBS

47copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS Lifecycle

Vast amounts of

unused space Create

Call CreateVolume

1 GB to 16 TB

Attach

Call AttachVolume to affiliate with

one Amazon EC2 instance

Attached

and

In Use

bull Format from Amazon EC2

instance OS

bull Mount formatted drive

CreateSnapshotSnapshot to

Amazon S3Detach

Call DetachVolume

Deleted

Call DeleteVolume

48copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS Facts

You can create

EBS Magnetic volumes from 1 GiB to 1 TiB in size

EBS General Purpose (SSD) and Provisioned IOPS (SSD)

volumes up to 16 TiB in size

You can use encrypted EBS volumes to meet a wide

range of data at-rest encryption requirements for

regulatedaudited data and applications

You can create point-in-time snapshots of EBS volumes

which are persisted to Amazon S3

49copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS and Amazon S3

Amazon EBS Amazon S3

Paradigm Block storage with file system Object store

Performance Very fast Fast

Redundancy Across multiple servers in an

Availability Zone

Across multiple facilities in a Region

Security EBS Encryption ndash Data volumes

and Snapshots

Encryption

Access from the

Internet

No (1) Yes (2)

Typical use case It is a disk drive Online storage

(1) Accessible from the Internet if mounted to server and set up as FTP etc

(2) Only with proper credentials unless ACLs are world-readable

50copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Instance Storage

Local complimentary direct attached block storage resource

Availability number of disks and size is based on EC2

instance type

Storage optimized instances for up to 365000 Read IOPS

and 315000 First Write IOPS

SSD or magnetic

No persistence

All data is automatically deleted when an EC2 instance stops

fails or is terminated

51copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Reboot vs Stop vs Terminate

Characteristic Reboot StopStart (EBS-backed instances only)

Terminate

Host computer The instance stays on the

same host computer

The instance runs on a new

host computer

NA

Private and public

IP addresses

Stay the same Instance keeps its private IP

address and gets a new public

IP address

NA

Elastic IP addresses

(EIP)

EIP remains associated with

the instance

EIP remains associated with the

instance

The EIP is disassociated from the

instance

Instance store

volumes

The data is preserved The data is erased The data is erased

EBS volume The volume is preserved The volume is preserved The volume is deleted by default

Billing Instance billing hour doesnrsquot

change

You stop incurring charges as

soon as state is changed to

stopping

You stop incurring charges as

soon as state is changed to

shutting-down

52copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instructor Demo

Amazon S3

53copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Networking

Amazon VPC

54copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

Provision a private isolated virtual network

on the AWS cloud

Have complete control over your virtual

networking environmentAmazon

VPC

55copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

VPCs and Subnets

A subnet defines a range of IP addresses in your VPC

You can launch AWS resources into a subnet that you select

A private subnet should be used for resources that wonrsquot be accessible over the Internet

A public subnet should be used for resources that will be accessed over the Internet

Each subnet must reside entirely within one Availability Zone and cannot span zones

56copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon VPC Example

Availability Zone A

Virtual Private Cloud

AWS Cloud

Public Subnet

Internet

Virtual Private Cloud

Availability Zone B

Private Subnet

Availability Zone C

VPN Only Subnet

DB Server DB Server

App Server

DB Server DB Server

DB Server

Web Server Web Server

NAT

Customer

Network

R

57copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security in Your VPC

Security groups

Network access

control lists

(ACLs) Subnet

1000024Subnet

1001024

Internet GatewayVPN Gateway

VPC Router

1000016

Security Group Security

Group

Security

Group

Network ACL Network ACL

Routing Table Routing Table

instance instance instance instance

58copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answers

Q What AWS service would help support your web application to offload serving static assets and store user uploaded images and video off-instance

Q How would you find out the private and public IP addresses for an EC2 instance

Q What acts as an additional layer of security at the subnet level in a VPC

True or False S3 Provides unlimited storageTrue

Retrieve the instance metadata http169254169254latestmeta-data

Amazon S3

Network ACLs

59copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 3

Security Identity and Access

Management

60copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Shared Responsibility ndash AWS

AW

S

Client-side Data Encryption

and Data Integrity

Authentication

Server-side Encryption

(File System andor Data)Network Traffic Protection

(EncryptionIntegrityIdentity)

Platform Applications Identity and Access Management

Operating System Network and Firewall Configuration

Customer DataC

usto

mer

Foundation Services

Compute Storage Database Network

AWS Global

Infrastructure Regions

Availability Zones Edge

Locations

61copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Physical Security

247 trained security staff

AWS data centers in nondescript and undisclosed facilities

Two-factor authentication for authorized staff

Authorization for data center access

62copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Hardware Software and Network

Automated change-control process

Bastion servers that record all access attempts

Firewall and other boundary devices

AWS monitoring tools

63copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Certifications and Accreditations

ISO 9001 ISO 27001 ISO 27017 ISO 27018 IRAP (Australia) MLPS Level 3 (China)

MTCS Tier 3 Certification (Singapore) and more hellip

64copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SSL Endpoints

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

SSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

SSL Endpoints

65copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security Groups

SSL Endpoints Security Groups

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

66copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

VPCSSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

67copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Multi-Tier Security Groups

HTTP

SSHRDP

Ports 80 and 443 only

open to the Internet

Engineering staff have SSHRDP

access to Bastion Host

All other internet ports blocked by default

Bastion

68copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Identity and Access Management (IAM)

AWS IAM

3

Manage federated users

and their permissions

2

Manage AWS IAM roles

and their permissions

1

Manage AWS IAM users

and their access

69copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Authentication

AWS Management Console User Name and Password

IAM User

70copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Access Key ID AKIAIOSFODNN7EXAMPLE

Secret Access Key wJalrXUtnFEMIK7MDENGbPxRfiCYEXAMPLEKEY

Java Python NET

AWS SDK amp APIAWS CLI

Authentication

AWS CLI or SDK API Access Key and Secret Key

IAM User

71copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM User Management - Groups

User D

DevOps Group

User C

AWS Account

TestDev Group

User BUser A

72copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authorization

Authorization

Policies

Are JSON documents to

describe permissions

Are assigned to Users

Groups or Roles

IAM User IAM Group

IAM Roles

73copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Elements

Version 2012-10-17

Statement [

Sid Stmt1453690971587

Action [

ec2Describe

ec2StartInstances

ec2StopInstancesrdquo

]

Effect Allow

Resource

Condition

IpAddress

awsSourceIp 5464346532rdquo

Sid Stmt1453690998327

Action [

s3GetObjectrdquo

]

Effect Allow

Resource arnawss3example_bucketrdquo

]

IAM Policy

74copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

Assigned Assigned

IAM Policy

75copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

76copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Roles

An IAM role uses a policy

An IAM role has no associated credentials

IAM users applications and services may assume IAM

roles

IAM Roles

77copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

IAM User

Assumed Assumed

AWS Resources

78copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Access to AWS Resources

Python application hosted on an Amazon EC2 Instance

needs to interact with Amazon S3

AWS credentials are required

Option 1 Store AWS Credentials on the Amazon EC2 instance

Option 2 Securely distribute AWS credentials to AWS Services

and Applications

IAM Roles

79copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Authentication

AWS IAM Application

No Support No Support

OS

80copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication and Authorization

Authentication

AWS Management Console

bull User Name and Password

AWS CLI or SDK API

bull Access Key and Secret Key

Authorization

Policies

IAM User IAM Group

IAM Roles

81copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices

Delete AWS account (root) access keys

Create individual IAM users

Use groups to assign permissions to IAM users

Grant least privilege

Configure a strong password policy

Enable MFA for privileged users

82copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices (cont)

Use roles for applications that run on Amazon EC2

instances

Delegate by using roles instead of by sharing credentials

Rotate credentials regularly

Remove unnecessary users and credentials

Use policy conditions for extra security

Monitor activity in your AWS account

83copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Resource-Based Policies

Are an alternative to IAM and supported by some

services

Grant cross-account access to your resources

Use a principal to uniquely identify account in the policy

Supported AWS services include Amazon S3 Bucket Policy

Amazon SNS Topic Policy

Amazon SQS Queue Policy

Amazon Glacier Vault Policy

AWS OpsWorks Stack Policy

AWS Lambda Function Policy

84copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answer

Q Your web application needs to readwrite an Amazon DynamoDB table

and an Amazon S3 bucket This operation requires AWS credentials and

authorization to use AWS services What service would you use

AWS IAM Role

85copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 4

Databases

86copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SQL and NoSQL Databases

SQL NoSQL

Data Storage Rows and Columns Key-Value

Schemas Fixed Dynamic

Querying Using SQL Focused on collection of

documents

Scalability Vertical Horizontal

ISBN Title Author Format

9182932465265 Cloud Computing

Concepts

Wilson

Joe

Paperback

3142536475869 The Database

Guru

Gomez

Maria

eBook

SQL NoSQL

ISBN 9182932465265

Title ldquoCloud Computing Conceptsrdquo

Author ldquoWilson Joerdquo

Format ldquoPaperbackrdquo

87copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Data Storage Considerations

No one size fits all

Analyze your data requirements by considering

Data formats

Data size

Query frequency

Data access speed

Data retention period

88copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Managed Database Services

Compute Storage

AWS Global Infrastructure

Database

App Services

Deployment and Administration

Networking

Amazon DynamoDB

Amazon ElastiCache

Amazon RDS

Amazon Redshift

AWS Database Migration Service

89copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Relational Database Service (RDS)

Cost-efficient and resizable capacity

Manages time-consuming database

administration tasks

Access to the full capabilities of Amazon

Aurora MySQL MariaDB Microsoft SQL

Server Oracle and PostgreSQL databases

Amazon

RDS

90copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Use Case

We were able to go from

concept to delivered product

in about six months with just

a handful of engineers

Greg Scallan

Chief Architect Flipboard

rdquo

ldquoFlipboard is an online magazine

with millions of users and billions of

ldquoflipsrdquo per month

Flipboard is one of the worldrsquos first

social media magazines

Flipboard uses Amazon RDS and

its Multi-AZ capabilities to store

mission critical user data

91copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS

Simple and fast to deploy

Manages common database administrative tasks

Compatible with your applications

Fast predictable performance

Simple and fast to scale

Secure

Cost-effective

92copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

How Amazon RDS Backups Work

Automatic Backups

Restore your database to a

point in time

Are enabled by default

Let you choose a retention

period up to 35 days

Manual Snapshots

Let you build a new

database instance from a

snapshot

Are initiated by the user

Persist until the user deletes

them

Are stored in Amazon S3

93copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cross-Region Snapshots

Are a copy of a database

snapshot stored in a

different AWS Region

Provide a backup for

disaster recovery

Can be used as a base

for migration to a

different region

94copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Security

Run your DB instance in an Amazon VPC

Use IAM policies to grant access to Amazon RDS resources

Use security groups

Use Secure Socket Layer (SSL) connections with DB instances (Amazon Aurora Oracle MySQL MariaDB PostgreSQL Microsoft SQL Server)

Use Amazon RDS encryption to secure your RDS instances and snapshots at rest

Use network encryption and transparent data encryption (TDE) with Oracle DB and Microsoft SQL Server instances

Use the security features of your DB engine to control access to your DB instance

95copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

A Resilient Durable Application Architecture

Amazon RDS database

instances

Master and Multi-AZ standby

Application in Amazon

EC2 instances

Elastic Load Balancing

load balancer instance

DB snapshots in

Amazon S3

96copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Best Practices

Monitor your memory CPU and storage usage

Use Multi-AZ deployments to automatically provision and maintain a synchronous standby in a different Availability Zone

Enable automatic backups

Set the backup window to occur during the daily low in WriteIOPS

To increase the IO capacity of a DB instance Migrate to a DB instance class with high IO capacity

Convert from standard storage to provisioned IOPS storage and use a DB instance class optimized for provisioned IOPS

Provision additional throughput capacity (if using provisioned IOPS storage)

If your client application is caching the DNS data of your DB instances set a TTL of less than 30 seconds

Test failover for your DB instance

97copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon DynamoDB

Store any amount of data with no limits

Fast predictable performance using SSDs

Easily provision and change the request

capacity needed for each table

Fully managed NoSQL database serviceAmazon

DynamoDB

98copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Use Case

AdRoll an online advertising platform serves 50

billion impressions a day worldwide with its

global retargeting platforms

We spend more on snacks

than we do on Amazon

DynamoDB

Valentino Volonghi

CTO Adroll

rdquo

ldquoAdroll Uses AWS to grow by more than

15000 in a year

Needed high-performance flexible

platform to swiftly sync data for

worldwide audience

Processes 50 TB of data a day

Serves 50 billion impressions a day

Stores 15 PB of data

Worldwide deployment minimizes

latency

99copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Data Model

Table

MusicItems

Attributes (name-value pairs)

Artist Song

Title

Album

Title

Year Genre

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 14: AWSome Day Cork | Technical Track

14copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Global Infrastructure

15copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Global Infrastructure

50+ AWS Edge Locations

Local points-of-presence commonly supporting AWS

services like

Amazon Route 53

Amazon CloudFront

16copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check

Q What is the AWS term for physically distinct groups of data centers

within a region

True or False There are more regions than Edge locations

True or False AWS owns and maintains the infrastructure required

for application services and you provision and use them as needed

Q How do AZs in the same region differ

Availability Zone (AZ)

False

True

Each Availability Zone is isolated but the Availability Zones in a region are

connected through low-latency links

17copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Management

Console Demonstration

18copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 2

AWS Infrastructure

19copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Elastic Compute

Cloud (EC2)

20copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Elastic Compute Cloud (EC2)

Resizable compute capacity

Complete control of your computing resources

Reduces the time required to obtain and boot

new server instances to minutesAmazon

EC2

21copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Facts

Scale capacity as your computing requirements change

Pay only for capacity that you actually use

Choose Linux or Windows

Deploy across AWS Regions and Availability Zones for reliability

22copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launching an Amazon EC2 Instance via the Web

Console

1 Determine the AWS Region in which you want to launch the

Amazon EC2 instance

2 Launch an Amazon EC2 instance from a pre-configured

Amazon Machine Image (AMI)

3 Choose an instance type based on CPU memory storage

and network requirements

4 Configure network IP address security groups storage

volume tags and key pair

23copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AMI Details

An AMI includes the following

A template for the root volume for the instance (for

example an operating system an application server

and applications)

Launch permissions that control which AWS accounts

can use the AMI to launch instances

A block device mapping that specifies the volumes to

attach to the instance when its launched

24copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instances and AMIs

Select an AMI based on

Region

Operating system

Architecture (32-bit or 64-bit)

Launch permissions

Storage for the root deviceAMI

Instances

Instance

Launch

instances of any

type

Host computer

Host computer

25copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Instances

OS Applications

amp Configuration

AMI

Running or

Stopped VM

Instances

AZ

VPC

Region

EBS

S3

EBS

SnapshotsS3 Buckets

EBS EBS EBS EBS EBS

AZ

Instances Instances

26copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS vs Amazon EC2 Instance Store

Amazon EBS

Data stored on an Amazon EBS volume can persist

independently of the life of the instance

Storage is persistent

Amazon EC2 Instance Store

Data stored on a local instance store persists only as long as the

instance is alive

Storage is ephemeral

27copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Marketplace ndash IT Software Optimized for the

Cloud

AWS Marketplace

Is an online store to discover purchase and deploy IT software on top of the AWS infrastructure

Catalog of 2300+ IT software solutionsbull Including Paid BYOL Open Source SaaS amp free to try options

Pre-configured to operate on AWSbull Software checked by AWS for security and operability

Deploys to AWS environment in minutes

Flexible usage-based billing models

Software charges billed to AWS account

Includes AWS Test Drive

httpsawsamazoncommarketplace

28copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Choosing the Right Amazon EC2 Instance

EC2 instance types are optimized for different use cases and come

in multiple sizes This allows you to optimally scale resources to

your workload requirements

AWS uses Intelreg Xeonreg processors for EC2 instances providing

customers with high performance and value

Consider the following when choosing your instances Core count

memory size storage size and type network performance and

CPU technologies

Hurry Up and Go Idle - A larger compute instance can save you time

and money therefore paying more per hour for a shorter amount of

time can be less expensive

29copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Intelreg Processor Technologies

Intelreg AVX ndash Get dramatically better performance for highly parallel HPC workloads such as life science engineering data mining financial analysis or other technical computing applications AVX also enhances image video and audio processing

Intelreg AES-NI ndash Enhance your security with these new encryption instructions that reduce the performance penalty associated with encryptingdecrypting data

Intelreg Turbo Boost Technology ndash Get more computing power when you need it with performance that adapts to spikes in your workload with Intelreg Turbo Boost Technology 20

30copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Current Generation Instances

Instance Family Some Use Cases

General purpose (t2 m4 m3) bull Low-traffic websites and web applications

bull Small databases and mid-size databases

Compute optimized (c4 c3) bull High performance front-end fleets

bull Video-encoding

Memory optimized (r3) bull High performance databases

bull Distributed memory caches

Storage optimized (i2 d2) bull Data warehousing

bull Log or data-processing applications

GPU instances (g2) bull 3D application streaming

bull Machine learning

31copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instance Metadata amp User Data

Instance Metadata

Is data about your instance

Can be used to configure or manage a running instance

Instance User Data

Can be passed to the instance at launch

Can be used to perform common automated configuration tasks

Runs scripts after the instance starts

32copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Purchasing Options

On-Demand Instances

Pay by the hour

Reserved Instances

Purchase at significant discount

Instances are always available

1-year to 3-year terms

Scheduled Instances

Purchase a 1-year RI for a

recurring period of time

Spot Instances

Highest bidder uses instance at a

significant discount

Spot blocks supported

Dedicated Hosts

Physical host is fully dedicated to

run your instances Bring your per-socket per-core or per-

VM software licenses to reduce

cost

33copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instructor Demo

Amazon EC2

34copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Simple Storage Service (S3)

Amazon S3

Storage for the Internet

Natively online HTTP access

Store and retrieve any amount of data any

time from anywhere on the web

Highly scalable reliable fast and durable

35copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Facts

Able to store an unlimited number of objects in a bucket

Objects up to 5 TB no bucket size limit

Designed for 99999999999 durability and 9999 availability of

objects over a given year

HTTPS endpoint to store and retrieve any amount of data at any

time from anywhere on the web

Highly scalable reliable fast and inexpensive

Optional server-side encryption using AWS or customer-

managed provided client-side encryption

Access logs for auditing

Provides standards-based REST and SOAP interfaces

36copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Common Use Scenarios

Storage and Backup

Application File Hosting

Media Hosting

Software Delivery

Store AMIs and Snapshots

37copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Concepts

Amazon S3 stores data as objects

within buckets

An object is composed of a file and

optionally any metadata that

describes that file

You can have up to 100 buckets in

each account

You can control access to the

bucket and its objects

Amazon

S3

Bucket

with

Objects

Bucket

Object

38copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Object Keys

An object key is the unique identifier for an object in a

bucket

httpdocs3amazonawscom2006-03-01AmazonS3html

Bucket ObjectKey

39copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Security

You can control access to buckets and objects with

Access Control Lists (ACLs)

Bucket policies

Identity and Access Management (IAM) policies

You can upload or download data to Amazon S3 via SSL

encrypted endpoints

You can encrypt data using AWS SDKs

40copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Versioning

Protects from accidental overwrites and deletes with

no performance penalty

Generates a new version with every upload

Allows easily retrieval of deleted objects or roll back

to previous versions

Three states of an Amazon S3 bucket

Un-versioned (default)

Versioning-enabled

Versioning-suspendedVersioning Enabled

Key photogif

ID 121212

Key photogif

ID 111111

41copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Object Lifecycle

Lifecycle management defines how Amazon S3 manages

objects during their lifetime Some objects that you store in an

Amazon S3 bucket might have a well-defined lifecycle

Log files

Archive documents

Digital media archives

Financial and healthcare records

Raw genomics sequence data

Long-term database backups

Data that must be retained for regulatory compliance

42copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Glacier

Long term low-cost archiving service

Optimal for infrequently accessed data

Designed for 99999999999 durability

3-5 hours retrieval time

Less than $001 per GB month (depending on region)

43copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 + Amazon Glacier

S3 Lifecycle policies allow you to delete or move

objects based on age and set rules per S3 bucket

bucket with

objects

30 Days

Glacier

archive

365 Days

44copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Region Considerations

Amazon S3 creates a bucket in the region you

select

You can choose a region to

Optimize latency

Minimize costs

Address regulatory requirements

Objects stored in a region never leave the region

unless you explicitly transfer them to another

region

45copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Storage Classes

Storage Class Durability Availability Other Considerations

Amazon S3

Standard

99999999999 9999 None

Amazon S3

Standard -

Infrequent

Access (IA)

99999999999 9999 bull Retrieval fee associated

with objects

bull Most suitable for

infrequently accessed

data

Glacier 99999999999 9999 (after you

restore objects)

bull Not available for real-time

access

bull Must restore objects

before you can access

them

46copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Elastic Block Store (EBS)

Persistent block level storage volumes

offering consistent and low-latency performance

Automatically replicated within its Availability

Zone

Snapshots stored durably in Amazon S3 Amazon

EBS

47copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS Lifecycle

Vast amounts of

unused space Create

Call CreateVolume

1 GB to 16 TB

Attach

Call AttachVolume to affiliate with

one Amazon EC2 instance

Attached

and

In Use

bull Format from Amazon EC2

instance OS

bull Mount formatted drive

CreateSnapshotSnapshot to

Amazon S3Detach

Call DetachVolume

Deleted

Call DeleteVolume

48copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS Facts

You can create

EBS Magnetic volumes from 1 GiB to 1 TiB in size

EBS General Purpose (SSD) and Provisioned IOPS (SSD)

volumes up to 16 TiB in size

You can use encrypted EBS volumes to meet a wide

range of data at-rest encryption requirements for

regulatedaudited data and applications

You can create point-in-time snapshots of EBS volumes

which are persisted to Amazon S3

49copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS and Amazon S3

Amazon EBS Amazon S3

Paradigm Block storage with file system Object store

Performance Very fast Fast

Redundancy Across multiple servers in an

Availability Zone

Across multiple facilities in a Region

Security EBS Encryption ndash Data volumes

and Snapshots

Encryption

Access from the

Internet

No (1) Yes (2)

Typical use case It is a disk drive Online storage

(1) Accessible from the Internet if mounted to server and set up as FTP etc

(2) Only with proper credentials unless ACLs are world-readable

50copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Instance Storage

Local complimentary direct attached block storage resource

Availability number of disks and size is based on EC2

instance type

Storage optimized instances for up to 365000 Read IOPS

and 315000 First Write IOPS

SSD or magnetic

No persistence

All data is automatically deleted when an EC2 instance stops

fails or is terminated

51copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Reboot vs Stop vs Terminate

Characteristic Reboot StopStart (EBS-backed instances only)

Terminate

Host computer The instance stays on the

same host computer

The instance runs on a new

host computer

NA

Private and public

IP addresses

Stay the same Instance keeps its private IP

address and gets a new public

IP address

NA

Elastic IP addresses

(EIP)

EIP remains associated with

the instance

EIP remains associated with the

instance

The EIP is disassociated from the

instance

Instance store

volumes

The data is preserved The data is erased The data is erased

EBS volume The volume is preserved The volume is preserved The volume is deleted by default

Billing Instance billing hour doesnrsquot

change

You stop incurring charges as

soon as state is changed to

stopping

You stop incurring charges as

soon as state is changed to

shutting-down

52copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instructor Demo

Amazon S3

53copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Networking

Amazon VPC

54copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

Provision a private isolated virtual network

on the AWS cloud

Have complete control over your virtual

networking environmentAmazon

VPC

55copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

VPCs and Subnets

A subnet defines a range of IP addresses in your VPC

You can launch AWS resources into a subnet that you select

A private subnet should be used for resources that wonrsquot be accessible over the Internet

A public subnet should be used for resources that will be accessed over the Internet

Each subnet must reside entirely within one Availability Zone and cannot span zones

56copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon VPC Example

Availability Zone A

Virtual Private Cloud

AWS Cloud

Public Subnet

Internet

Virtual Private Cloud

Availability Zone B

Private Subnet

Availability Zone C

VPN Only Subnet

DB Server DB Server

App Server

DB Server DB Server

DB Server

Web Server Web Server

NAT

Customer

Network

R

57copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security in Your VPC

Security groups

Network access

control lists

(ACLs) Subnet

1000024Subnet

1001024

Internet GatewayVPN Gateway

VPC Router

1000016

Security Group Security

Group

Security

Group

Network ACL Network ACL

Routing Table Routing Table

instance instance instance instance

58copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answers

Q What AWS service would help support your web application to offload serving static assets and store user uploaded images and video off-instance

Q How would you find out the private and public IP addresses for an EC2 instance

Q What acts as an additional layer of security at the subnet level in a VPC

True or False S3 Provides unlimited storageTrue

Retrieve the instance metadata http169254169254latestmeta-data

Amazon S3

Network ACLs

59copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 3

Security Identity and Access

Management

60copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Shared Responsibility ndash AWS

AW

S

Client-side Data Encryption

and Data Integrity

Authentication

Server-side Encryption

(File System andor Data)Network Traffic Protection

(EncryptionIntegrityIdentity)

Platform Applications Identity and Access Management

Operating System Network and Firewall Configuration

Customer DataC

usto

mer

Foundation Services

Compute Storage Database Network

AWS Global

Infrastructure Regions

Availability Zones Edge

Locations

61copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Physical Security

247 trained security staff

AWS data centers in nondescript and undisclosed facilities

Two-factor authentication for authorized staff

Authorization for data center access

62copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Hardware Software and Network

Automated change-control process

Bastion servers that record all access attempts

Firewall and other boundary devices

AWS monitoring tools

63copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Certifications and Accreditations

ISO 9001 ISO 27001 ISO 27017 ISO 27018 IRAP (Australia) MLPS Level 3 (China)

MTCS Tier 3 Certification (Singapore) and more hellip

64copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SSL Endpoints

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

SSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

SSL Endpoints

65copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security Groups

SSL Endpoints Security Groups

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

66copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

VPCSSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

67copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Multi-Tier Security Groups

HTTP

SSHRDP

Ports 80 and 443 only

open to the Internet

Engineering staff have SSHRDP

access to Bastion Host

All other internet ports blocked by default

Bastion

68copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Identity and Access Management (IAM)

AWS IAM

3

Manage federated users

and their permissions

2

Manage AWS IAM roles

and their permissions

1

Manage AWS IAM users

and their access

69copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Authentication

AWS Management Console User Name and Password

IAM User

70copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Access Key ID AKIAIOSFODNN7EXAMPLE

Secret Access Key wJalrXUtnFEMIK7MDENGbPxRfiCYEXAMPLEKEY

Java Python NET

AWS SDK amp APIAWS CLI

Authentication

AWS CLI or SDK API Access Key and Secret Key

IAM User

71copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM User Management - Groups

User D

DevOps Group

User C

AWS Account

TestDev Group

User BUser A

72copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authorization

Authorization

Policies

Are JSON documents to

describe permissions

Are assigned to Users

Groups or Roles

IAM User IAM Group

IAM Roles

73copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Elements

Version 2012-10-17

Statement [

Sid Stmt1453690971587

Action [

ec2Describe

ec2StartInstances

ec2StopInstancesrdquo

]

Effect Allow

Resource

Condition

IpAddress

awsSourceIp 5464346532rdquo

Sid Stmt1453690998327

Action [

s3GetObjectrdquo

]

Effect Allow

Resource arnawss3example_bucketrdquo

]

IAM Policy

74copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

Assigned Assigned

IAM Policy

75copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

76copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Roles

An IAM role uses a policy

An IAM role has no associated credentials

IAM users applications and services may assume IAM

roles

IAM Roles

77copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

IAM User

Assumed Assumed

AWS Resources

78copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Access to AWS Resources

Python application hosted on an Amazon EC2 Instance

needs to interact with Amazon S3

AWS credentials are required

Option 1 Store AWS Credentials on the Amazon EC2 instance

Option 2 Securely distribute AWS credentials to AWS Services

and Applications

IAM Roles

79copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Authentication

AWS IAM Application

No Support No Support

OS

80copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication and Authorization

Authentication

AWS Management Console

bull User Name and Password

AWS CLI or SDK API

bull Access Key and Secret Key

Authorization

Policies

IAM User IAM Group

IAM Roles

81copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices

Delete AWS account (root) access keys

Create individual IAM users

Use groups to assign permissions to IAM users

Grant least privilege

Configure a strong password policy

Enable MFA for privileged users

82copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices (cont)

Use roles for applications that run on Amazon EC2

instances

Delegate by using roles instead of by sharing credentials

Rotate credentials regularly

Remove unnecessary users and credentials

Use policy conditions for extra security

Monitor activity in your AWS account

83copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Resource-Based Policies

Are an alternative to IAM and supported by some

services

Grant cross-account access to your resources

Use a principal to uniquely identify account in the policy

Supported AWS services include Amazon S3 Bucket Policy

Amazon SNS Topic Policy

Amazon SQS Queue Policy

Amazon Glacier Vault Policy

AWS OpsWorks Stack Policy

AWS Lambda Function Policy

84copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answer

Q Your web application needs to readwrite an Amazon DynamoDB table

and an Amazon S3 bucket This operation requires AWS credentials and

authorization to use AWS services What service would you use

AWS IAM Role

85copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 4

Databases

86copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SQL and NoSQL Databases

SQL NoSQL

Data Storage Rows and Columns Key-Value

Schemas Fixed Dynamic

Querying Using SQL Focused on collection of

documents

Scalability Vertical Horizontal

ISBN Title Author Format

9182932465265 Cloud Computing

Concepts

Wilson

Joe

Paperback

3142536475869 The Database

Guru

Gomez

Maria

eBook

SQL NoSQL

ISBN 9182932465265

Title ldquoCloud Computing Conceptsrdquo

Author ldquoWilson Joerdquo

Format ldquoPaperbackrdquo

87copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Data Storage Considerations

No one size fits all

Analyze your data requirements by considering

Data formats

Data size

Query frequency

Data access speed

Data retention period

88copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Managed Database Services

Compute Storage

AWS Global Infrastructure

Database

App Services

Deployment and Administration

Networking

Amazon DynamoDB

Amazon ElastiCache

Amazon RDS

Amazon Redshift

AWS Database Migration Service

89copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Relational Database Service (RDS)

Cost-efficient and resizable capacity

Manages time-consuming database

administration tasks

Access to the full capabilities of Amazon

Aurora MySQL MariaDB Microsoft SQL

Server Oracle and PostgreSQL databases

Amazon

RDS

90copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Use Case

We were able to go from

concept to delivered product

in about six months with just

a handful of engineers

Greg Scallan

Chief Architect Flipboard

rdquo

ldquoFlipboard is an online magazine

with millions of users and billions of

ldquoflipsrdquo per month

Flipboard is one of the worldrsquos first

social media magazines

Flipboard uses Amazon RDS and

its Multi-AZ capabilities to store

mission critical user data

91copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS

Simple and fast to deploy

Manages common database administrative tasks

Compatible with your applications

Fast predictable performance

Simple and fast to scale

Secure

Cost-effective

92copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

How Amazon RDS Backups Work

Automatic Backups

Restore your database to a

point in time

Are enabled by default

Let you choose a retention

period up to 35 days

Manual Snapshots

Let you build a new

database instance from a

snapshot

Are initiated by the user

Persist until the user deletes

them

Are stored in Amazon S3

93copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cross-Region Snapshots

Are a copy of a database

snapshot stored in a

different AWS Region

Provide a backup for

disaster recovery

Can be used as a base

for migration to a

different region

94copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Security

Run your DB instance in an Amazon VPC

Use IAM policies to grant access to Amazon RDS resources

Use security groups

Use Secure Socket Layer (SSL) connections with DB instances (Amazon Aurora Oracle MySQL MariaDB PostgreSQL Microsoft SQL Server)

Use Amazon RDS encryption to secure your RDS instances and snapshots at rest

Use network encryption and transparent data encryption (TDE) with Oracle DB and Microsoft SQL Server instances

Use the security features of your DB engine to control access to your DB instance

95copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

A Resilient Durable Application Architecture

Amazon RDS database

instances

Master and Multi-AZ standby

Application in Amazon

EC2 instances

Elastic Load Balancing

load balancer instance

DB snapshots in

Amazon S3

96copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Best Practices

Monitor your memory CPU and storage usage

Use Multi-AZ deployments to automatically provision and maintain a synchronous standby in a different Availability Zone

Enable automatic backups

Set the backup window to occur during the daily low in WriteIOPS

To increase the IO capacity of a DB instance Migrate to a DB instance class with high IO capacity

Convert from standard storage to provisioned IOPS storage and use a DB instance class optimized for provisioned IOPS

Provision additional throughput capacity (if using provisioned IOPS storage)

If your client application is caching the DNS data of your DB instances set a TTL of less than 30 seconds

Test failover for your DB instance

97copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon DynamoDB

Store any amount of data with no limits

Fast predictable performance using SSDs

Easily provision and change the request

capacity needed for each table

Fully managed NoSQL database serviceAmazon

DynamoDB

98copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Use Case

AdRoll an online advertising platform serves 50

billion impressions a day worldwide with its

global retargeting platforms

We spend more on snacks

than we do on Amazon

DynamoDB

Valentino Volonghi

CTO Adroll

rdquo

ldquoAdroll Uses AWS to grow by more than

15000 in a year

Needed high-performance flexible

platform to swiftly sync data for

worldwide audience

Processes 50 TB of data a day

Serves 50 billion impressions a day

Stores 15 PB of data

Worldwide deployment minimizes

latency

99copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Data Model

Table

MusicItems

Attributes (name-value pairs)

Artist Song

Title

Album

Title

Year Genre

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 15: AWSome Day Cork | Technical Track

15copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Global Infrastructure

50+ AWS Edge Locations

Local points-of-presence commonly supporting AWS

services like

Amazon Route 53

Amazon CloudFront

16copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check

Q What is the AWS term for physically distinct groups of data centers

within a region

True or False There are more regions than Edge locations

True or False AWS owns and maintains the infrastructure required

for application services and you provision and use them as needed

Q How do AZs in the same region differ

Availability Zone (AZ)

False

True

Each Availability Zone is isolated but the Availability Zones in a region are

connected through low-latency links

17copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Management

Console Demonstration

18copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 2

AWS Infrastructure

19copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Elastic Compute

Cloud (EC2)

20copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Elastic Compute Cloud (EC2)

Resizable compute capacity

Complete control of your computing resources

Reduces the time required to obtain and boot

new server instances to minutesAmazon

EC2

21copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Facts

Scale capacity as your computing requirements change

Pay only for capacity that you actually use

Choose Linux or Windows

Deploy across AWS Regions and Availability Zones for reliability

22copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launching an Amazon EC2 Instance via the Web

Console

1 Determine the AWS Region in which you want to launch the

Amazon EC2 instance

2 Launch an Amazon EC2 instance from a pre-configured

Amazon Machine Image (AMI)

3 Choose an instance type based on CPU memory storage

and network requirements

4 Configure network IP address security groups storage

volume tags and key pair

23copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AMI Details

An AMI includes the following

A template for the root volume for the instance (for

example an operating system an application server

and applications)

Launch permissions that control which AWS accounts

can use the AMI to launch instances

A block device mapping that specifies the volumes to

attach to the instance when its launched

24copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instances and AMIs

Select an AMI based on

Region

Operating system

Architecture (32-bit or 64-bit)

Launch permissions

Storage for the root deviceAMI

Instances

Instance

Launch

instances of any

type

Host computer

Host computer

25copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Instances

OS Applications

amp Configuration

AMI

Running or

Stopped VM

Instances

AZ

VPC

Region

EBS

S3

EBS

SnapshotsS3 Buckets

EBS EBS EBS EBS EBS

AZ

Instances Instances

26copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS vs Amazon EC2 Instance Store

Amazon EBS

Data stored on an Amazon EBS volume can persist

independently of the life of the instance

Storage is persistent

Amazon EC2 Instance Store

Data stored on a local instance store persists only as long as the

instance is alive

Storage is ephemeral

27copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Marketplace ndash IT Software Optimized for the

Cloud

AWS Marketplace

Is an online store to discover purchase and deploy IT software on top of the AWS infrastructure

Catalog of 2300+ IT software solutionsbull Including Paid BYOL Open Source SaaS amp free to try options

Pre-configured to operate on AWSbull Software checked by AWS for security and operability

Deploys to AWS environment in minutes

Flexible usage-based billing models

Software charges billed to AWS account

Includes AWS Test Drive

httpsawsamazoncommarketplace

28copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Choosing the Right Amazon EC2 Instance

EC2 instance types are optimized for different use cases and come

in multiple sizes This allows you to optimally scale resources to

your workload requirements

AWS uses Intelreg Xeonreg processors for EC2 instances providing

customers with high performance and value

Consider the following when choosing your instances Core count

memory size storage size and type network performance and

CPU technologies

Hurry Up and Go Idle - A larger compute instance can save you time

and money therefore paying more per hour for a shorter amount of

time can be less expensive

29copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Intelreg Processor Technologies

Intelreg AVX ndash Get dramatically better performance for highly parallel HPC workloads such as life science engineering data mining financial analysis or other technical computing applications AVX also enhances image video and audio processing

Intelreg AES-NI ndash Enhance your security with these new encryption instructions that reduce the performance penalty associated with encryptingdecrypting data

Intelreg Turbo Boost Technology ndash Get more computing power when you need it with performance that adapts to spikes in your workload with Intelreg Turbo Boost Technology 20

30copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Current Generation Instances

Instance Family Some Use Cases

General purpose (t2 m4 m3) bull Low-traffic websites and web applications

bull Small databases and mid-size databases

Compute optimized (c4 c3) bull High performance front-end fleets

bull Video-encoding

Memory optimized (r3) bull High performance databases

bull Distributed memory caches

Storage optimized (i2 d2) bull Data warehousing

bull Log or data-processing applications

GPU instances (g2) bull 3D application streaming

bull Machine learning

31copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instance Metadata amp User Data

Instance Metadata

Is data about your instance

Can be used to configure or manage a running instance

Instance User Data

Can be passed to the instance at launch

Can be used to perform common automated configuration tasks

Runs scripts after the instance starts

32copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Purchasing Options

On-Demand Instances

Pay by the hour

Reserved Instances

Purchase at significant discount

Instances are always available

1-year to 3-year terms

Scheduled Instances

Purchase a 1-year RI for a

recurring period of time

Spot Instances

Highest bidder uses instance at a

significant discount

Spot blocks supported

Dedicated Hosts

Physical host is fully dedicated to

run your instances Bring your per-socket per-core or per-

VM software licenses to reduce

cost

33copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instructor Demo

Amazon EC2

34copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Simple Storage Service (S3)

Amazon S3

Storage for the Internet

Natively online HTTP access

Store and retrieve any amount of data any

time from anywhere on the web

Highly scalable reliable fast and durable

35copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Facts

Able to store an unlimited number of objects in a bucket

Objects up to 5 TB no bucket size limit

Designed for 99999999999 durability and 9999 availability of

objects over a given year

HTTPS endpoint to store and retrieve any amount of data at any

time from anywhere on the web

Highly scalable reliable fast and inexpensive

Optional server-side encryption using AWS or customer-

managed provided client-side encryption

Access logs for auditing

Provides standards-based REST and SOAP interfaces

36copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Common Use Scenarios

Storage and Backup

Application File Hosting

Media Hosting

Software Delivery

Store AMIs and Snapshots

37copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Concepts

Amazon S3 stores data as objects

within buckets

An object is composed of a file and

optionally any metadata that

describes that file

You can have up to 100 buckets in

each account

You can control access to the

bucket and its objects

Amazon

S3

Bucket

with

Objects

Bucket

Object

38copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Object Keys

An object key is the unique identifier for an object in a

bucket

httpdocs3amazonawscom2006-03-01AmazonS3html

Bucket ObjectKey

39copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Security

You can control access to buckets and objects with

Access Control Lists (ACLs)

Bucket policies

Identity and Access Management (IAM) policies

You can upload or download data to Amazon S3 via SSL

encrypted endpoints

You can encrypt data using AWS SDKs

40copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Versioning

Protects from accidental overwrites and deletes with

no performance penalty

Generates a new version with every upload

Allows easily retrieval of deleted objects or roll back

to previous versions

Three states of an Amazon S3 bucket

Un-versioned (default)

Versioning-enabled

Versioning-suspendedVersioning Enabled

Key photogif

ID 121212

Key photogif

ID 111111

41copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Object Lifecycle

Lifecycle management defines how Amazon S3 manages

objects during their lifetime Some objects that you store in an

Amazon S3 bucket might have a well-defined lifecycle

Log files

Archive documents

Digital media archives

Financial and healthcare records

Raw genomics sequence data

Long-term database backups

Data that must be retained for regulatory compliance

42copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Glacier

Long term low-cost archiving service

Optimal for infrequently accessed data

Designed for 99999999999 durability

3-5 hours retrieval time

Less than $001 per GB month (depending on region)

43copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 + Amazon Glacier

S3 Lifecycle policies allow you to delete or move

objects based on age and set rules per S3 bucket

bucket with

objects

30 Days

Glacier

archive

365 Days

44copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Region Considerations

Amazon S3 creates a bucket in the region you

select

You can choose a region to

Optimize latency

Minimize costs

Address regulatory requirements

Objects stored in a region never leave the region

unless you explicitly transfer them to another

region

45copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Storage Classes

Storage Class Durability Availability Other Considerations

Amazon S3

Standard

99999999999 9999 None

Amazon S3

Standard -

Infrequent

Access (IA)

99999999999 9999 bull Retrieval fee associated

with objects

bull Most suitable for

infrequently accessed

data

Glacier 99999999999 9999 (after you

restore objects)

bull Not available for real-time

access

bull Must restore objects

before you can access

them

46copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Elastic Block Store (EBS)

Persistent block level storage volumes

offering consistent and low-latency performance

Automatically replicated within its Availability

Zone

Snapshots stored durably in Amazon S3 Amazon

EBS

47copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS Lifecycle

Vast amounts of

unused space Create

Call CreateVolume

1 GB to 16 TB

Attach

Call AttachVolume to affiliate with

one Amazon EC2 instance

Attached

and

In Use

bull Format from Amazon EC2

instance OS

bull Mount formatted drive

CreateSnapshotSnapshot to

Amazon S3Detach

Call DetachVolume

Deleted

Call DeleteVolume

48copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS Facts

You can create

EBS Magnetic volumes from 1 GiB to 1 TiB in size

EBS General Purpose (SSD) and Provisioned IOPS (SSD)

volumes up to 16 TiB in size

You can use encrypted EBS volumes to meet a wide

range of data at-rest encryption requirements for

regulatedaudited data and applications

You can create point-in-time snapshots of EBS volumes

which are persisted to Amazon S3

49copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS and Amazon S3

Amazon EBS Amazon S3

Paradigm Block storage with file system Object store

Performance Very fast Fast

Redundancy Across multiple servers in an

Availability Zone

Across multiple facilities in a Region

Security EBS Encryption ndash Data volumes

and Snapshots

Encryption

Access from the

Internet

No (1) Yes (2)

Typical use case It is a disk drive Online storage

(1) Accessible from the Internet if mounted to server and set up as FTP etc

(2) Only with proper credentials unless ACLs are world-readable

50copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Instance Storage

Local complimentary direct attached block storage resource

Availability number of disks and size is based on EC2

instance type

Storage optimized instances for up to 365000 Read IOPS

and 315000 First Write IOPS

SSD or magnetic

No persistence

All data is automatically deleted when an EC2 instance stops

fails or is terminated

51copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Reboot vs Stop vs Terminate

Characteristic Reboot StopStart (EBS-backed instances only)

Terminate

Host computer The instance stays on the

same host computer

The instance runs on a new

host computer

NA

Private and public

IP addresses

Stay the same Instance keeps its private IP

address and gets a new public

IP address

NA

Elastic IP addresses

(EIP)

EIP remains associated with

the instance

EIP remains associated with the

instance

The EIP is disassociated from the

instance

Instance store

volumes

The data is preserved The data is erased The data is erased

EBS volume The volume is preserved The volume is preserved The volume is deleted by default

Billing Instance billing hour doesnrsquot

change

You stop incurring charges as

soon as state is changed to

stopping

You stop incurring charges as

soon as state is changed to

shutting-down

52copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instructor Demo

Amazon S3

53copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Networking

Amazon VPC

54copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

Provision a private isolated virtual network

on the AWS cloud

Have complete control over your virtual

networking environmentAmazon

VPC

55copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

VPCs and Subnets

A subnet defines a range of IP addresses in your VPC

You can launch AWS resources into a subnet that you select

A private subnet should be used for resources that wonrsquot be accessible over the Internet

A public subnet should be used for resources that will be accessed over the Internet

Each subnet must reside entirely within one Availability Zone and cannot span zones

56copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon VPC Example

Availability Zone A

Virtual Private Cloud

AWS Cloud

Public Subnet

Internet

Virtual Private Cloud

Availability Zone B

Private Subnet

Availability Zone C

VPN Only Subnet

DB Server DB Server

App Server

DB Server DB Server

DB Server

Web Server Web Server

NAT

Customer

Network

R

57copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security in Your VPC

Security groups

Network access

control lists

(ACLs) Subnet

1000024Subnet

1001024

Internet GatewayVPN Gateway

VPC Router

1000016

Security Group Security

Group

Security

Group

Network ACL Network ACL

Routing Table Routing Table

instance instance instance instance

58copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answers

Q What AWS service would help support your web application to offload serving static assets and store user uploaded images and video off-instance

Q How would you find out the private and public IP addresses for an EC2 instance

Q What acts as an additional layer of security at the subnet level in a VPC

True or False S3 Provides unlimited storageTrue

Retrieve the instance metadata http169254169254latestmeta-data

Amazon S3

Network ACLs

59copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 3

Security Identity and Access

Management

60copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Shared Responsibility ndash AWS

AW

S

Client-side Data Encryption

and Data Integrity

Authentication

Server-side Encryption

(File System andor Data)Network Traffic Protection

(EncryptionIntegrityIdentity)

Platform Applications Identity and Access Management

Operating System Network and Firewall Configuration

Customer DataC

usto

mer

Foundation Services

Compute Storage Database Network

AWS Global

Infrastructure Regions

Availability Zones Edge

Locations

61copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Physical Security

247 trained security staff

AWS data centers in nondescript and undisclosed facilities

Two-factor authentication for authorized staff

Authorization for data center access

62copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Hardware Software and Network

Automated change-control process

Bastion servers that record all access attempts

Firewall and other boundary devices

AWS monitoring tools

63copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Certifications and Accreditations

ISO 9001 ISO 27001 ISO 27017 ISO 27018 IRAP (Australia) MLPS Level 3 (China)

MTCS Tier 3 Certification (Singapore) and more hellip

64copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SSL Endpoints

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

SSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

SSL Endpoints

65copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security Groups

SSL Endpoints Security Groups

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

66copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

VPCSSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

67copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Multi-Tier Security Groups

HTTP

SSHRDP

Ports 80 and 443 only

open to the Internet

Engineering staff have SSHRDP

access to Bastion Host

All other internet ports blocked by default

Bastion

68copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Identity and Access Management (IAM)

AWS IAM

3

Manage federated users

and their permissions

2

Manage AWS IAM roles

and their permissions

1

Manage AWS IAM users

and their access

69copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Authentication

AWS Management Console User Name and Password

IAM User

70copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Access Key ID AKIAIOSFODNN7EXAMPLE

Secret Access Key wJalrXUtnFEMIK7MDENGbPxRfiCYEXAMPLEKEY

Java Python NET

AWS SDK amp APIAWS CLI

Authentication

AWS CLI or SDK API Access Key and Secret Key

IAM User

71copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM User Management - Groups

User D

DevOps Group

User C

AWS Account

TestDev Group

User BUser A

72copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authorization

Authorization

Policies

Are JSON documents to

describe permissions

Are assigned to Users

Groups or Roles

IAM User IAM Group

IAM Roles

73copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Elements

Version 2012-10-17

Statement [

Sid Stmt1453690971587

Action [

ec2Describe

ec2StartInstances

ec2StopInstancesrdquo

]

Effect Allow

Resource

Condition

IpAddress

awsSourceIp 5464346532rdquo

Sid Stmt1453690998327

Action [

s3GetObjectrdquo

]

Effect Allow

Resource arnawss3example_bucketrdquo

]

IAM Policy

74copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

Assigned Assigned

IAM Policy

75copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

76copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Roles

An IAM role uses a policy

An IAM role has no associated credentials

IAM users applications and services may assume IAM

roles

IAM Roles

77copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

IAM User

Assumed Assumed

AWS Resources

78copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Access to AWS Resources

Python application hosted on an Amazon EC2 Instance

needs to interact with Amazon S3

AWS credentials are required

Option 1 Store AWS Credentials on the Amazon EC2 instance

Option 2 Securely distribute AWS credentials to AWS Services

and Applications

IAM Roles

79copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Authentication

AWS IAM Application

No Support No Support

OS

80copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication and Authorization

Authentication

AWS Management Console

bull User Name and Password

AWS CLI or SDK API

bull Access Key and Secret Key

Authorization

Policies

IAM User IAM Group

IAM Roles

81copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices

Delete AWS account (root) access keys

Create individual IAM users

Use groups to assign permissions to IAM users

Grant least privilege

Configure a strong password policy

Enable MFA for privileged users

82copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices (cont)

Use roles for applications that run on Amazon EC2

instances

Delegate by using roles instead of by sharing credentials

Rotate credentials regularly

Remove unnecessary users and credentials

Use policy conditions for extra security

Monitor activity in your AWS account

83copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Resource-Based Policies

Are an alternative to IAM and supported by some

services

Grant cross-account access to your resources

Use a principal to uniquely identify account in the policy

Supported AWS services include Amazon S3 Bucket Policy

Amazon SNS Topic Policy

Amazon SQS Queue Policy

Amazon Glacier Vault Policy

AWS OpsWorks Stack Policy

AWS Lambda Function Policy

84copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answer

Q Your web application needs to readwrite an Amazon DynamoDB table

and an Amazon S3 bucket This operation requires AWS credentials and

authorization to use AWS services What service would you use

AWS IAM Role

85copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 4

Databases

86copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SQL and NoSQL Databases

SQL NoSQL

Data Storage Rows and Columns Key-Value

Schemas Fixed Dynamic

Querying Using SQL Focused on collection of

documents

Scalability Vertical Horizontal

ISBN Title Author Format

9182932465265 Cloud Computing

Concepts

Wilson

Joe

Paperback

3142536475869 The Database

Guru

Gomez

Maria

eBook

SQL NoSQL

ISBN 9182932465265

Title ldquoCloud Computing Conceptsrdquo

Author ldquoWilson Joerdquo

Format ldquoPaperbackrdquo

87copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Data Storage Considerations

No one size fits all

Analyze your data requirements by considering

Data formats

Data size

Query frequency

Data access speed

Data retention period

88copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Managed Database Services

Compute Storage

AWS Global Infrastructure

Database

App Services

Deployment and Administration

Networking

Amazon DynamoDB

Amazon ElastiCache

Amazon RDS

Amazon Redshift

AWS Database Migration Service

89copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Relational Database Service (RDS)

Cost-efficient and resizable capacity

Manages time-consuming database

administration tasks

Access to the full capabilities of Amazon

Aurora MySQL MariaDB Microsoft SQL

Server Oracle and PostgreSQL databases

Amazon

RDS

90copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Use Case

We were able to go from

concept to delivered product

in about six months with just

a handful of engineers

Greg Scallan

Chief Architect Flipboard

rdquo

ldquoFlipboard is an online magazine

with millions of users and billions of

ldquoflipsrdquo per month

Flipboard is one of the worldrsquos first

social media magazines

Flipboard uses Amazon RDS and

its Multi-AZ capabilities to store

mission critical user data

91copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS

Simple and fast to deploy

Manages common database administrative tasks

Compatible with your applications

Fast predictable performance

Simple and fast to scale

Secure

Cost-effective

92copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

How Amazon RDS Backups Work

Automatic Backups

Restore your database to a

point in time

Are enabled by default

Let you choose a retention

period up to 35 days

Manual Snapshots

Let you build a new

database instance from a

snapshot

Are initiated by the user

Persist until the user deletes

them

Are stored in Amazon S3

93copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cross-Region Snapshots

Are a copy of a database

snapshot stored in a

different AWS Region

Provide a backup for

disaster recovery

Can be used as a base

for migration to a

different region

94copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Security

Run your DB instance in an Amazon VPC

Use IAM policies to grant access to Amazon RDS resources

Use security groups

Use Secure Socket Layer (SSL) connections with DB instances (Amazon Aurora Oracle MySQL MariaDB PostgreSQL Microsoft SQL Server)

Use Amazon RDS encryption to secure your RDS instances and snapshots at rest

Use network encryption and transparent data encryption (TDE) with Oracle DB and Microsoft SQL Server instances

Use the security features of your DB engine to control access to your DB instance

95copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

A Resilient Durable Application Architecture

Amazon RDS database

instances

Master and Multi-AZ standby

Application in Amazon

EC2 instances

Elastic Load Balancing

load balancer instance

DB snapshots in

Amazon S3

96copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Best Practices

Monitor your memory CPU and storage usage

Use Multi-AZ deployments to automatically provision and maintain a synchronous standby in a different Availability Zone

Enable automatic backups

Set the backup window to occur during the daily low in WriteIOPS

To increase the IO capacity of a DB instance Migrate to a DB instance class with high IO capacity

Convert from standard storage to provisioned IOPS storage and use a DB instance class optimized for provisioned IOPS

Provision additional throughput capacity (if using provisioned IOPS storage)

If your client application is caching the DNS data of your DB instances set a TTL of less than 30 seconds

Test failover for your DB instance

97copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon DynamoDB

Store any amount of data with no limits

Fast predictable performance using SSDs

Easily provision and change the request

capacity needed for each table

Fully managed NoSQL database serviceAmazon

DynamoDB

98copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Use Case

AdRoll an online advertising platform serves 50

billion impressions a day worldwide with its

global retargeting platforms

We spend more on snacks

than we do on Amazon

DynamoDB

Valentino Volonghi

CTO Adroll

rdquo

ldquoAdroll Uses AWS to grow by more than

15000 in a year

Needed high-performance flexible

platform to swiftly sync data for

worldwide audience

Processes 50 TB of data a day

Serves 50 billion impressions a day

Stores 15 PB of data

Worldwide deployment minimizes

latency

99copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Data Model

Table

MusicItems

Attributes (name-value pairs)

Artist Song

Title

Album

Title

Year Genre

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 16: AWSome Day Cork | Technical Track

16copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check

Q What is the AWS term for physically distinct groups of data centers

within a region

True or False There are more regions than Edge locations

True or False AWS owns and maintains the infrastructure required

for application services and you provision and use them as needed

Q How do AZs in the same region differ

Availability Zone (AZ)

False

True

Each Availability Zone is isolated but the Availability Zones in a region are

connected through low-latency links

17copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Management

Console Demonstration

18copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 2

AWS Infrastructure

19copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Elastic Compute

Cloud (EC2)

20copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Elastic Compute Cloud (EC2)

Resizable compute capacity

Complete control of your computing resources

Reduces the time required to obtain and boot

new server instances to minutesAmazon

EC2

21copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Facts

Scale capacity as your computing requirements change

Pay only for capacity that you actually use

Choose Linux or Windows

Deploy across AWS Regions and Availability Zones for reliability

22copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launching an Amazon EC2 Instance via the Web

Console

1 Determine the AWS Region in which you want to launch the

Amazon EC2 instance

2 Launch an Amazon EC2 instance from a pre-configured

Amazon Machine Image (AMI)

3 Choose an instance type based on CPU memory storage

and network requirements

4 Configure network IP address security groups storage

volume tags and key pair

23copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AMI Details

An AMI includes the following

A template for the root volume for the instance (for

example an operating system an application server

and applications)

Launch permissions that control which AWS accounts

can use the AMI to launch instances

A block device mapping that specifies the volumes to

attach to the instance when its launched

24copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instances and AMIs

Select an AMI based on

Region

Operating system

Architecture (32-bit or 64-bit)

Launch permissions

Storage for the root deviceAMI

Instances

Instance

Launch

instances of any

type

Host computer

Host computer

25copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Instances

OS Applications

amp Configuration

AMI

Running or

Stopped VM

Instances

AZ

VPC

Region

EBS

S3

EBS

SnapshotsS3 Buckets

EBS EBS EBS EBS EBS

AZ

Instances Instances

26copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS vs Amazon EC2 Instance Store

Amazon EBS

Data stored on an Amazon EBS volume can persist

independently of the life of the instance

Storage is persistent

Amazon EC2 Instance Store

Data stored on a local instance store persists only as long as the

instance is alive

Storage is ephemeral

27copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Marketplace ndash IT Software Optimized for the

Cloud

AWS Marketplace

Is an online store to discover purchase and deploy IT software on top of the AWS infrastructure

Catalog of 2300+ IT software solutionsbull Including Paid BYOL Open Source SaaS amp free to try options

Pre-configured to operate on AWSbull Software checked by AWS for security and operability

Deploys to AWS environment in minutes

Flexible usage-based billing models

Software charges billed to AWS account

Includes AWS Test Drive

httpsawsamazoncommarketplace

28copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Choosing the Right Amazon EC2 Instance

EC2 instance types are optimized for different use cases and come

in multiple sizes This allows you to optimally scale resources to

your workload requirements

AWS uses Intelreg Xeonreg processors for EC2 instances providing

customers with high performance and value

Consider the following when choosing your instances Core count

memory size storage size and type network performance and

CPU technologies

Hurry Up and Go Idle - A larger compute instance can save you time

and money therefore paying more per hour for a shorter amount of

time can be less expensive

29copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Intelreg Processor Technologies

Intelreg AVX ndash Get dramatically better performance for highly parallel HPC workloads such as life science engineering data mining financial analysis or other technical computing applications AVX also enhances image video and audio processing

Intelreg AES-NI ndash Enhance your security with these new encryption instructions that reduce the performance penalty associated with encryptingdecrypting data

Intelreg Turbo Boost Technology ndash Get more computing power when you need it with performance that adapts to spikes in your workload with Intelreg Turbo Boost Technology 20

30copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Current Generation Instances

Instance Family Some Use Cases

General purpose (t2 m4 m3) bull Low-traffic websites and web applications

bull Small databases and mid-size databases

Compute optimized (c4 c3) bull High performance front-end fleets

bull Video-encoding

Memory optimized (r3) bull High performance databases

bull Distributed memory caches

Storage optimized (i2 d2) bull Data warehousing

bull Log or data-processing applications

GPU instances (g2) bull 3D application streaming

bull Machine learning

31copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instance Metadata amp User Data

Instance Metadata

Is data about your instance

Can be used to configure or manage a running instance

Instance User Data

Can be passed to the instance at launch

Can be used to perform common automated configuration tasks

Runs scripts after the instance starts

32copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Purchasing Options

On-Demand Instances

Pay by the hour

Reserved Instances

Purchase at significant discount

Instances are always available

1-year to 3-year terms

Scheduled Instances

Purchase a 1-year RI for a

recurring period of time

Spot Instances

Highest bidder uses instance at a

significant discount

Spot blocks supported

Dedicated Hosts

Physical host is fully dedicated to

run your instances Bring your per-socket per-core or per-

VM software licenses to reduce

cost

33copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instructor Demo

Amazon EC2

34copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Simple Storage Service (S3)

Amazon S3

Storage for the Internet

Natively online HTTP access

Store and retrieve any amount of data any

time from anywhere on the web

Highly scalable reliable fast and durable

35copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Facts

Able to store an unlimited number of objects in a bucket

Objects up to 5 TB no bucket size limit

Designed for 99999999999 durability and 9999 availability of

objects over a given year

HTTPS endpoint to store and retrieve any amount of data at any

time from anywhere on the web

Highly scalable reliable fast and inexpensive

Optional server-side encryption using AWS or customer-

managed provided client-side encryption

Access logs for auditing

Provides standards-based REST and SOAP interfaces

36copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Common Use Scenarios

Storage and Backup

Application File Hosting

Media Hosting

Software Delivery

Store AMIs and Snapshots

37copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Concepts

Amazon S3 stores data as objects

within buckets

An object is composed of a file and

optionally any metadata that

describes that file

You can have up to 100 buckets in

each account

You can control access to the

bucket and its objects

Amazon

S3

Bucket

with

Objects

Bucket

Object

38copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Object Keys

An object key is the unique identifier for an object in a

bucket

httpdocs3amazonawscom2006-03-01AmazonS3html

Bucket ObjectKey

39copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Security

You can control access to buckets and objects with

Access Control Lists (ACLs)

Bucket policies

Identity and Access Management (IAM) policies

You can upload or download data to Amazon S3 via SSL

encrypted endpoints

You can encrypt data using AWS SDKs

40copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Versioning

Protects from accidental overwrites and deletes with

no performance penalty

Generates a new version with every upload

Allows easily retrieval of deleted objects or roll back

to previous versions

Three states of an Amazon S3 bucket

Un-versioned (default)

Versioning-enabled

Versioning-suspendedVersioning Enabled

Key photogif

ID 121212

Key photogif

ID 111111

41copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Object Lifecycle

Lifecycle management defines how Amazon S3 manages

objects during their lifetime Some objects that you store in an

Amazon S3 bucket might have a well-defined lifecycle

Log files

Archive documents

Digital media archives

Financial and healthcare records

Raw genomics sequence data

Long-term database backups

Data that must be retained for regulatory compliance

42copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Glacier

Long term low-cost archiving service

Optimal for infrequently accessed data

Designed for 99999999999 durability

3-5 hours retrieval time

Less than $001 per GB month (depending on region)

43copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 + Amazon Glacier

S3 Lifecycle policies allow you to delete or move

objects based on age and set rules per S3 bucket

bucket with

objects

30 Days

Glacier

archive

365 Days

44copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Region Considerations

Amazon S3 creates a bucket in the region you

select

You can choose a region to

Optimize latency

Minimize costs

Address regulatory requirements

Objects stored in a region never leave the region

unless you explicitly transfer them to another

region

45copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Storage Classes

Storage Class Durability Availability Other Considerations

Amazon S3

Standard

99999999999 9999 None

Amazon S3

Standard -

Infrequent

Access (IA)

99999999999 9999 bull Retrieval fee associated

with objects

bull Most suitable for

infrequently accessed

data

Glacier 99999999999 9999 (after you

restore objects)

bull Not available for real-time

access

bull Must restore objects

before you can access

them

46copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Elastic Block Store (EBS)

Persistent block level storage volumes

offering consistent and low-latency performance

Automatically replicated within its Availability

Zone

Snapshots stored durably in Amazon S3 Amazon

EBS

47copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS Lifecycle

Vast amounts of

unused space Create

Call CreateVolume

1 GB to 16 TB

Attach

Call AttachVolume to affiliate with

one Amazon EC2 instance

Attached

and

In Use

bull Format from Amazon EC2

instance OS

bull Mount formatted drive

CreateSnapshotSnapshot to

Amazon S3Detach

Call DetachVolume

Deleted

Call DeleteVolume

48copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS Facts

You can create

EBS Magnetic volumes from 1 GiB to 1 TiB in size

EBS General Purpose (SSD) and Provisioned IOPS (SSD)

volumes up to 16 TiB in size

You can use encrypted EBS volumes to meet a wide

range of data at-rest encryption requirements for

regulatedaudited data and applications

You can create point-in-time snapshots of EBS volumes

which are persisted to Amazon S3

49copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS and Amazon S3

Amazon EBS Amazon S3

Paradigm Block storage with file system Object store

Performance Very fast Fast

Redundancy Across multiple servers in an

Availability Zone

Across multiple facilities in a Region

Security EBS Encryption ndash Data volumes

and Snapshots

Encryption

Access from the

Internet

No (1) Yes (2)

Typical use case It is a disk drive Online storage

(1) Accessible from the Internet if mounted to server and set up as FTP etc

(2) Only with proper credentials unless ACLs are world-readable

50copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Instance Storage

Local complimentary direct attached block storage resource

Availability number of disks and size is based on EC2

instance type

Storage optimized instances for up to 365000 Read IOPS

and 315000 First Write IOPS

SSD or magnetic

No persistence

All data is automatically deleted when an EC2 instance stops

fails or is terminated

51copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Reboot vs Stop vs Terminate

Characteristic Reboot StopStart (EBS-backed instances only)

Terminate

Host computer The instance stays on the

same host computer

The instance runs on a new

host computer

NA

Private and public

IP addresses

Stay the same Instance keeps its private IP

address and gets a new public

IP address

NA

Elastic IP addresses

(EIP)

EIP remains associated with

the instance

EIP remains associated with the

instance

The EIP is disassociated from the

instance

Instance store

volumes

The data is preserved The data is erased The data is erased

EBS volume The volume is preserved The volume is preserved The volume is deleted by default

Billing Instance billing hour doesnrsquot

change

You stop incurring charges as

soon as state is changed to

stopping

You stop incurring charges as

soon as state is changed to

shutting-down

52copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instructor Demo

Amazon S3

53copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Networking

Amazon VPC

54copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

Provision a private isolated virtual network

on the AWS cloud

Have complete control over your virtual

networking environmentAmazon

VPC

55copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

VPCs and Subnets

A subnet defines a range of IP addresses in your VPC

You can launch AWS resources into a subnet that you select

A private subnet should be used for resources that wonrsquot be accessible over the Internet

A public subnet should be used for resources that will be accessed over the Internet

Each subnet must reside entirely within one Availability Zone and cannot span zones

56copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon VPC Example

Availability Zone A

Virtual Private Cloud

AWS Cloud

Public Subnet

Internet

Virtual Private Cloud

Availability Zone B

Private Subnet

Availability Zone C

VPN Only Subnet

DB Server DB Server

App Server

DB Server DB Server

DB Server

Web Server Web Server

NAT

Customer

Network

R

57copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security in Your VPC

Security groups

Network access

control lists

(ACLs) Subnet

1000024Subnet

1001024

Internet GatewayVPN Gateway

VPC Router

1000016

Security Group Security

Group

Security

Group

Network ACL Network ACL

Routing Table Routing Table

instance instance instance instance

58copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answers

Q What AWS service would help support your web application to offload serving static assets and store user uploaded images and video off-instance

Q How would you find out the private and public IP addresses for an EC2 instance

Q What acts as an additional layer of security at the subnet level in a VPC

True or False S3 Provides unlimited storageTrue

Retrieve the instance metadata http169254169254latestmeta-data

Amazon S3

Network ACLs

59copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 3

Security Identity and Access

Management

60copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Shared Responsibility ndash AWS

AW

S

Client-side Data Encryption

and Data Integrity

Authentication

Server-side Encryption

(File System andor Data)Network Traffic Protection

(EncryptionIntegrityIdentity)

Platform Applications Identity and Access Management

Operating System Network and Firewall Configuration

Customer DataC

usto

mer

Foundation Services

Compute Storage Database Network

AWS Global

Infrastructure Regions

Availability Zones Edge

Locations

61copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Physical Security

247 trained security staff

AWS data centers in nondescript and undisclosed facilities

Two-factor authentication for authorized staff

Authorization for data center access

62copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Hardware Software and Network

Automated change-control process

Bastion servers that record all access attempts

Firewall and other boundary devices

AWS monitoring tools

63copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Certifications and Accreditations

ISO 9001 ISO 27001 ISO 27017 ISO 27018 IRAP (Australia) MLPS Level 3 (China)

MTCS Tier 3 Certification (Singapore) and more hellip

64copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SSL Endpoints

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

SSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

SSL Endpoints

65copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security Groups

SSL Endpoints Security Groups

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

66copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

VPCSSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

67copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Multi-Tier Security Groups

HTTP

SSHRDP

Ports 80 and 443 only

open to the Internet

Engineering staff have SSHRDP

access to Bastion Host

All other internet ports blocked by default

Bastion

68copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Identity and Access Management (IAM)

AWS IAM

3

Manage federated users

and their permissions

2

Manage AWS IAM roles

and their permissions

1

Manage AWS IAM users

and their access

69copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Authentication

AWS Management Console User Name and Password

IAM User

70copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Access Key ID AKIAIOSFODNN7EXAMPLE

Secret Access Key wJalrXUtnFEMIK7MDENGbPxRfiCYEXAMPLEKEY

Java Python NET

AWS SDK amp APIAWS CLI

Authentication

AWS CLI or SDK API Access Key and Secret Key

IAM User

71copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM User Management - Groups

User D

DevOps Group

User C

AWS Account

TestDev Group

User BUser A

72copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authorization

Authorization

Policies

Are JSON documents to

describe permissions

Are assigned to Users

Groups or Roles

IAM User IAM Group

IAM Roles

73copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Elements

Version 2012-10-17

Statement [

Sid Stmt1453690971587

Action [

ec2Describe

ec2StartInstances

ec2StopInstancesrdquo

]

Effect Allow

Resource

Condition

IpAddress

awsSourceIp 5464346532rdquo

Sid Stmt1453690998327

Action [

s3GetObjectrdquo

]

Effect Allow

Resource arnawss3example_bucketrdquo

]

IAM Policy

74copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

Assigned Assigned

IAM Policy

75copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

76copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Roles

An IAM role uses a policy

An IAM role has no associated credentials

IAM users applications and services may assume IAM

roles

IAM Roles

77copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

IAM User

Assumed Assumed

AWS Resources

78copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Access to AWS Resources

Python application hosted on an Amazon EC2 Instance

needs to interact with Amazon S3

AWS credentials are required

Option 1 Store AWS Credentials on the Amazon EC2 instance

Option 2 Securely distribute AWS credentials to AWS Services

and Applications

IAM Roles

79copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Authentication

AWS IAM Application

No Support No Support

OS

80copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication and Authorization

Authentication

AWS Management Console

bull User Name and Password

AWS CLI or SDK API

bull Access Key and Secret Key

Authorization

Policies

IAM User IAM Group

IAM Roles

81copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices

Delete AWS account (root) access keys

Create individual IAM users

Use groups to assign permissions to IAM users

Grant least privilege

Configure a strong password policy

Enable MFA for privileged users

82copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices (cont)

Use roles for applications that run on Amazon EC2

instances

Delegate by using roles instead of by sharing credentials

Rotate credentials regularly

Remove unnecessary users and credentials

Use policy conditions for extra security

Monitor activity in your AWS account

83copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Resource-Based Policies

Are an alternative to IAM and supported by some

services

Grant cross-account access to your resources

Use a principal to uniquely identify account in the policy

Supported AWS services include Amazon S3 Bucket Policy

Amazon SNS Topic Policy

Amazon SQS Queue Policy

Amazon Glacier Vault Policy

AWS OpsWorks Stack Policy

AWS Lambda Function Policy

84copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answer

Q Your web application needs to readwrite an Amazon DynamoDB table

and an Amazon S3 bucket This operation requires AWS credentials and

authorization to use AWS services What service would you use

AWS IAM Role

85copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 4

Databases

86copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SQL and NoSQL Databases

SQL NoSQL

Data Storage Rows and Columns Key-Value

Schemas Fixed Dynamic

Querying Using SQL Focused on collection of

documents

Scalability Vertical Horizontal

ISBN Title Author Format

9182932465265 Cloud Computing

Concepts

Wilson

Joe

Paperback

3142536475869 The Database

Guru

Gomez

Maria

eBook

SQL NoSQL

ISBN 9182932465265

Title ldquoCloud Computing Conceptsrdquo

Author ldquoWilson Joerdquo

Format ldquoPaperbackrdquo

87copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Data Storage Considerations

No one size fits all

Analyze your data requirements by considering

Data formats

Data size

Query frequency

Data access speed

Data retention period

88copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Managed Database Services

Compute Storage

AWS Global Infrastructure

Database

App Services

Deployment and Administration

Networking

Amazon DynamoDB

Amazon ElastiCache

Amazon RDS

Amazon Redshift

AWS Database Migration Service

89copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Relational Database Service (RDS)

Cost-efficient and resizable capacity

Manages time-consuming database

administration tasks

Access to the full capabilities of Amazon

Aurora MySQL MariaDB Microsoft SQL

Server Oracle and PostgreSQL databases

Amazon

RDS

90copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Use Case

We were able to go from

concept to delivered product

in about six months with just

a handful of engineers

Greg Scallan

Chief Architect Flipboard

rdquo

ldquoFlipboard is an online magazine

with millions of users and billions of

ldquoflipsrdquo per month

Flipboard is one of the worldrsquos first

social media magazines

Flipboard uses Amazon RDS and

its Multi-AZ capabilities to store

mission critical user data

91copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS

Simple and fast to deploy

Manages common database administrative tasks

Compatible with your applications

Fast predictable performance

Simple and fast to scale

Secure

Cost-effective

92copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

How Amazon RDS Backups Work

Automatic Backups

Restore your database to a

point in time

Are enabled by default

Let you choose a retention

period up to 35 days

Manual Snapshots

Let you build a new

database instance from a

snapshot

Are initiated by the user

Persist until the user deletes

them

Are stored in Amazon S3

93copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cross-Region Snapshots

Are a copy of a database

snapshot stored in a

different AWS Region

Provide a backup for

disaster recovery

Can be used as a base

for migration to a

different region

94copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Security

Run your DB instance in an Amazon VPC

Use IAM policies to grant access to Amazon RDS resources

Use security groups

Use Secure Socket Layer (SSL) connections with DB instances (Amazon Aurora Oracle MySQL MariaDB PostgreSQL Microsoft SQL Server)

Use Amazon RDS encryption to secure your RDS instances and snapshots at rest

Use network encryption and transparent data encryption (TDE) with Oracle DB and Microsoft SQL Server instances

Use the security features of your DB engine to control access to your DB instance

95copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

A Resilient Durable Application Architecture

Amazon RDS database

instances

Master and Multi-AZ standby

Application in Amazon

EC2 instances

Elastic Load Balancing

load balancer instance

DB snapshots in

Amazon S3

96copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Best Practices

Monitor your memory CPU and storage usage

Use Multi-AZ deployments to automatically provision and maintain a synchronous standby in a different Availability Zone

Enable automatic backups

Set the backup window to occur during the daily low in WriteIOPS

To increase the IO capacity of a DB instance Migrate to a DB instance class with high IO capacity

Convert from standard storage to provisioned IOPS storage and use a DB instance class optimized for provisioned IOPS

Provision additional throughput capacity (if using provisioned IOPS storage)

If your client application is caching the DNS data of your DB instances set a TTL of less than 30 seconds

Test failover for your DB instance

97copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon DynamoDB

Store any amount of data with no limits

Fast predictable performance using SSDs

Easily provision and change the request

capacity needed for each table

Fully managed NoSQL database serviceAmazon

DynamoDB

98copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Use Case

AdRoll an online advertising platform serves 50

billion impressions a day worldwide with its

global retargeting platforms

We spend more on snacks

than we do on Amazon

DynamoDB

Valentino Volonghi

CTO Adroll

rdquo

ldquoAdroll Uses AWS to grow by more than

15000 in a year

Needed high-performance flexible

platform to swiftly sync data for

worldwide audience

Processes 50 TB of data a day

Serves 50 billion impressions a day

Stores 15 PB of data

Worldwide deployment minimizes

latency

99copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Data Model

Table

MusicItems

Attributes (name-value pairs)

Artist Song

Title

Album

Title

Year Genre

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 17: AWSome Day Cork | Technical Track

17copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Management

Console Demonstration

18copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 2

AWS Infrastructure

19copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Elastic Compute

Cloud (EC2)

20copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Elastic Compute Cloud (EC2)

Resizable compute capacity

Complete control of your computing resources

Reduces the time required to obtain and boot

new server instances to minutesAmazon

EC2

21copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Facts

Scale capacity as your computing requirements change

Pay only for capacity that you actually use

Choose Linux or Windows

Deploy across AWS Regions and Availability Zones for reliability

22copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launching an Amazon EC2 Instance via the Web

Console

1 Determine the AWS Region in which you want to launch the

Amazon EC2 instance

2 Launch an Amazon EC2 instance from a pre-configured

Amazon Machine Image (AMI)

3 Choose an instance type based on CPU memory storage

and network requirements

4 Configure network IP address security groups storage

volume tags and key pair

23copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AMI Details

An AMI includes the following

A template for the root volume for the instance (for

example an operating system an application server

and applications)

Launch permissions that control which AWS accounts

can use the AMI to launch instances

A block device mapping that specifies the volumes to

attach to the instance when its launched

24copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instances and AMIs

Select an AMI based on

Region

Operating system

Architecture (32-bit or 64-bit)

Launch permissions

Storage for the root deviceAMI

Instances

Instance

Launch

instances of any

type

Host computer

Host computer

25copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Instances

OS Applications

amp Configuration

AMI

Running or

Stopped VM

Instances

AZ

VPC

Region

EBS

S3

EBS

SnapshotsS3 Buckets

EBS EBS EBS EBS EBS

AZ

Instances Instances

26copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS vs Amazon EC2 Instance Store

Amazon EBS

Data stored on an Amazon EBS volume can persist

independently of the life of the instance

Storage is persistent

Amazon EC2 Instance Store

Data stored on a local instance store persists only as long as the

instance is alive

Storage is ephemeral

27copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Marketplace ndash IT Software Optimized for the

Cloud

AWS Marketplace

Is an online store to discover purchase and deploy IT software on top of the AWS infrastructure

Catalog of 2300+ IT software solutionsbull Including Paid BYOL Open Source SaaS amp free to try options

Pre-configured to operate on AWSbull Software checked by AWS for security and operability

Deploys to AWS environment in minutes

Flexible usage-based billing models

Software charges billed to AWS account

Includes AWS Test Drive

httpsawsamazoncommarketplace

28copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Choosing the Right Amazon EC2 Instance

EC2 instance types are optimized for different use cases and come

in multiple sizes This allows you to optimally scale resources to

your workload requirements

AWS uses Intelreg Xeonreg processors for EC2 instances providing

customers with high performance and value

Consider the following when choosing your instances Core count

memory size storage size and type network performance and

CPU technologies

Hurry Up and Go Idle - A larger compute instance can save you time

and money therefore paying more per hour for a shorter amount of

time can be less expensive

29copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Intelreg Processor Technologies

Intelreg AVX ndash Get dramatically better performance for highly parallel HPC workloads such as life science engineering data mining financial analysis or other technical computing applications AVX also enhances image video and audio processing

Intelreg AES-NI ndash Enhance your security with these new encryption instructions that reduce the performance penalty associated with encryptingdecrypting data

Intelreg Turbo Boost Technology ndash Get more computing power when you need it with performance that adapts to spikes in your workload with Intelreg Turbo Boost Technology 20

30copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Current Generation Instances

Instance Family Some Use Cases

General purpose (t2 m4 m3) bull Low-traffic websites and web applications

bull Small databases and mid-size databases

Compute optimized (c4 c3) bull High performance front-end fleets

bull Video-encoding

Memory optimized (r3) bull High performance databases

bull Distributed memory caches

Storage optimized (i2 d2) bull Data warehousing

bull Log or data-processing applications

GPU instances (g2) bull 3D application streaming

bull Machine learning

31copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instance Metadata amp User Data

Instance Metadata

Is data about your instance

Can be used to configure or manage a running instance

Instance User Data

Can be passed to the instance at launch

Can be used to perform common automated configuration tasks

Runs scripts after the instance starts

32copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Purchasing Options

On-Demand Instances

Pay by the hour

Reserved Instances

Purchase at significant discount

Instances are always available

1-year to 3-year terms

Scheduled Instances

Purchase a 1-year RI for a

recurring period of time

Spot Instances

Highest bidder uses instance at a

significant discount

Spot blocks supported

Dedicated Hosts

Physical host is fully dedicated to

run your instances Bring your per-socket per-core or per-

VM software licenses to reduce

cost

33copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instructor Demo

Amazon EC2

34copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Simple Storage Service (S3)

Amazon S3

Storage for the Internet

Natively online HTTP access

Store and retrieve any amount of data any

time from anywhere on the web

Highly scalable reliable fast and durable

35copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Facts

Able to store an unlimited number of objects in a bucket

Objects up to 5 TB no bucket size limit

Designed for 99999999999 durability and 9999 availability of

objects over a given year

HTTPS endpoint to store and retrieve any amount of data at any

time from anywhere on the web

Highly scalable reliable fast and inexpensive

Optional server-side encryption using AWS or customer-

managed provided client-side encryption

Access logs for auditing

Provides standards-based REST and SOAP interfaces

36copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Common Use Scenarios

Storage and Backup

Application File Hosting

Media Hosting

Software Delivery

Store AMIs and Snapshots

37copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Concepts

Amazon S3 stores data as objects

within buckets

An object is composed of a file and

optionally any metadata that

describes that file

You can have up to 100 buckets in

each account

You can control access to the

bucket and its objects

Amazon

S3

Bucket

with

Objects

Bucket

Object

38copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Object Keys

An object key is the unique identifier for an object in a

bucket

httpdocs3amazonawscom2006-03-01AmazonS3html

Bucket ObjectKey

39copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Security

You can control access to buckets and objects with

Access Control Lists (ACLs)

Bucket policies

Identity and Access Management (IAM) policies

You can upload or download data to Amazon S3 via SSL

encrypted endpoints

You can encrypt data using AWS SDKs

40copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Versioning

Protects from accidental overwrites and deletes with

no performance penalty

Generates a new version with every upload

Allows easily retrieval of deleted objects or roll back

to previous versions

Three states of an Amazon S3 bucket

Un-versioned (default)

Versioning-enabled

Versioning-suspendedVersioning Enabled

Key photogif

ID 121212

Key photogif

ID 111111

41copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Object Lifecycle

Lifecycle management defines how Amazon S3 manages

objects during their lifetime Some objects that you store in an

Amazon S3 bucket might have a well-defined lifecycle

Log files

Archive documents

Digital media archives

Financial and healthcare records

Raw genomics sequence data

Long-term database backups

Data that must be retained for regulatory compliance

42copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Glacier

Long term low-cost archiving service

Optimal for infrequently accessed data

Designed for 99999999999 durability

3-5 hours retrieval time

Less than $001 per GB month (depending on region)

43copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 + Amazon Glacier

S3 Lifecycle policies allow you to delete or move

objects based on age and set rules per S3 bucket

bucket with

objects

30 Days

Glacier

archive

365 Days

44copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Region Considerations

Amazon S3 creates a bucket in the region you

select

You can choose a region to

Optimize latency

Minimize costs

Address regulatory requirements

Objects stored in a region never leave the region

unless you explicitly transfer them to another

region

45copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Storage Classes

Storage Class Durability Availability Other Considerations

Amazon S3

Standard

99999999999 9999 None

Amazon S3

Standard -

Infrequent

Access (IA)

99999999999 9999 bull Retrieval fee associated

with objects

bull Most suitable for

infrequently accessed

data

Glacier 99999999999 9999 (after you

restore objects)

bull Not available for real-time

access

bull Must restore objects

before you can access

them

46copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Elastic Block Store (EBS)

Persistent block level storage volumes

offering consistent and low-latency performance

Automatically replicated within its Availability

Zone

Snapshots stored durably in Amazon S3 Amazon

EBS

47copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS Lifecycle

Vast amounts of

unused space Create

Call CreateVolume

1 GB to 16 TB

Attach

Call AttachVolume to affiliate with

one Amazon EC2 instance

Attached

and

In Use

bull Format from Amazon EC2

instance OS

bull Mount formatted drive

CreateSnapshotSnapshot to

Amazon S3Detach

Call DetachVolume

Deleted

Call DeleteVolume

48copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS Facts

You can create

EBS Magnetic volumes from 1 GiB to 1 TiB in size

EBS General Purpose (SSD) and Provisioned IOPS (SSD)

volumes up to 16 TiB in size

You can use encrypted EBS volumes to meet a wide

range of data at-rest encryption requirements for

regulatedaudited data and applications

You can create point-in-time snapshots of EBS volumes

which are persisted to Amazon S3

49copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS and Amazon S3

Amazon EBS Amazon S3

Paradigm Block storage with file system Object store

Performance Very fast Fast

Redundancy Across multiple servers in an

Availability Zone

Across multiple facilities in a Region

Security EBS Encryption ndash Data volumes

and Snapshots

Encryption

Access from the

Internet

No (1) Yes (2)

Typical use case It is a disk drive Online storage

(1) Accessible from the Internet if mounted to server and set up as FTP etc

(2) Only with proper credentials unless ACLs are world-readable

50copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Instance Storage

Local complimentary direct attached block storage resource

Availability number of disks and size is based on EC2

instance type

Storage optimized instances for up to 365000 Read IOPS

and 315000 First Write IOPS

SSD or magnetic

No persistence

All data is automatically deleted when an EC2 instance stops

fails or is terminated

51copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Reboot vs Stop vs Terminate

Characteristic Reboot StopStart (EBS-backed instances only)

Terminate

Host computer The instance stays on the

same host computer

The instance runs on a new

host computer

NA

Private and public

IP addresses

Stay the same Instance keeps its private IP

address and gets a new public

IP address

NA

Elastic IP addresses

(EIP)

EIP remains associated with

the instance

EIP remains associated with the

instance

The EIP is disassociated from the

instance

Instance store

volumes

The data is preserved The data is erased The data is erased

EBS volume The volume is preserved The volume is preserved The volume is deleted by default

Billing Instance billing hour doesnrsquot

change

You stop incurring charges as

soon as state is changed to

stopping

You stop incurring charges as

soon as state is changed to

shutting-down

52copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instructor Demo

Amazon S3

53copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Networking

Amazon VPC

54copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

Provision a private isolated virtual network

on the AWS cloud

Have complete control over your virtual

networking environmentAmazon

VPC

55copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

VPCs and Subnets

A subnet defines a range of IP addresses in your VPC

You can launch AWS resources into a subnet that you select

A private subnet should be used for resources that wonrsquot be accessible over the Internet

A public subnet should be used for resources that will be accessed over the Internet

Each subnet must reside entirely within one Availability Zone and cannot span zones

56copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon VPC Example

Availability Zone A

Virtual Private Cloud

AWS Cloud

Public Subnet

Internet

Virtual Private Cloud

Availability Zone B

Private Subnet

Availability Zone C

VPN Only Subnet

DB Server DB Server

App Server

DB Server DB Server

DB Server

Web Server Web Server

NAT

Customer

Network

R

57copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security in Your VPC

Security groups

Network access

control lists

(ACLs) Subnet

1000024Subnet

1001024

Internet GatewayVPN Gateway

VPC Router

1000016

Security Group Security

Group

Security

Group

Network ACL Network ACL

Routing Table Routing Table

instance instance instance instance

58copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answers

Q What AWS service would help support your web application to offload serving static assets and store user uploaded images and video off-instance

Q How would you find out the private and public IP addresses for an EC2 instance

Q What acts as an additional layer of security at the subnet level in a VPC

True or False S3 Provides unlimited storageTrue

Retrieve the instance metadata http169254169254latestmeta-data

Amazon S3

Network ACLs

59copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 3

Security Identity and Access

Management

60copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Shared Responsibility ndash AWS

AW

S

Client-side Data Encryption

and Data Integrity

Authentication

Server-side Encryption

(File System andor Data)Network Traffic Protection

(EncryptionIntegrityIdentity)

Platform Applications Identity and Access Management

Operating System Network and Firewall Configuration

Customer DataC

usto

mer

Foundation Services

Compute Storage Database Network

AWS Global

Infrastructure Regions

Availability Zones Edge

Locations

61copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Physical Security

247 trained security staff

AWS data centers in nondescript and undisclosed facilities

Two-factor authentication for authorized staff

Authorization for data center access

62copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Hardware Software and Network

Automated change-control process

Bastion servers that record all access attempts

Firewall and other boundary devices

AWS monitoring tools

63copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Certifications and Accreditations

ISO 9001 ISO 27001 ISO 27017 ISO 27018 IRAP (Australia) MLPS Level 3 (China)

MTCS Tier 3 Certification (Singapore) and more hellip

64copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SSL Endpoints

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

SSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

SSL Endpoints

65copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security Groups

SSL Endpoints Security Groups

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

66copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

VPCSSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

67copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Multi-Tier Security Groups

HTTP

SSHRDP

Ports 80 and 443 only

open to the Internet

Engineering staff have SSHRDP

access to Bastion Host

All other internet ports blocked by default

Bastion

68copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Identity and Access Management (IAM)

AWS IAM

3

Manage federated users

and their permissions

2

Manage AWS IAM roles

and their permissions

1

Manage AWS IAM users

and their access

69copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Authentication

AWS Management Console User Name and Password

IAM User

70copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Access Key ID AKIAIOSFODNN7EXAMPLE

Secret Access Key wJalrXUtnFEMIK7MDENGbPxRfiCYEXAMPLEKEY

Java Python NET

AWS SDK amp APIAWS CLI

Authentication

AWS CLI or SDK API Access Key and Secret Key

IAM User

71copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM User Management - Groups

User D

DevOps Group

User C

AWS Account

TestDev Group

User BUser A

72copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authorization

Authorization

Policies

Are JSON documents to

describe permissions

Are assigned to Users

Groups or Roles

IAM User IAM Group

IAM Roles

73copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Elements

Version 2012-10-17

Statement [

Sid Stmt1453690971587

Action [

ec2Describe

ec2StartInstances

ec2StopInstancesrdquo

]

Effect Allow

Resource

Condition

IpAddress

awsSourceIp 5464346532rdquo

Sid Stmt1453690998327

Action [

s3GetObjectrdquo

]

Effect Allow

Resource arnawss3example_bucketrdquo

]

IAM Policy

74copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

Assigned Assigned

IAM Policy

75copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

76copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Roles

An IAM role uses a policy

An IAM role has no associated credentials

IAM users applications and services may assume IAM

roles

IAM Roles

77copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

IAM User

Assumed Assumed

AWS Resources

78copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Access to AWS Resources

Python application hosted on an Amazon EC2 Instance

needs to interact with Amazon S3

AWS credentials are required

Option 1 Store AWS Credentials on the Amazon EC2 instance

Option 2 Securely distribute AWS credentials to AWS Services

and Applications

IAM Roles

79copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Authentication

AWS IAM Application

No Support No Support

OS

80copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication and Authorization

Authentication

AWS Management Console

bull User Name and Password

AWS CLI or SDK API

bull Access Key and Secret Key

Authorization

Policies

IAM User IAM Group

IAM Roles

81copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices

Delete AWS account (root) access keys

Create individual IAM users

Use groups to assign permissions to IAM users

Grant least privilege

Configure a strong password policy

Enable MFA for privileged users

82copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices (cont)

Use roles for applications that run on Amazon EC2

instances

Delegate by using roles instead of by sharing credentials

Rotate credentials regularly

Remove unnecessary users and credentials

Use policy conditions for extra security

Monitor activity in your AWS account

83copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Resource-Based Policies

Are an alternative to IAM and supported by some

services

Grant cross-account access to your resources

Use a principal to uniquely identify account in the policy

Supported AWS services include Amazon S3 Bucket Policy

Amazon SNS Topic Policy

Amazon SQS Queue Policy

Amazon Glacier Vault Policy

AWS OpsWorks Stack Policy

AWS Lambda Function Policy

84copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answer

Q Your web application needs to readwrite an Amazon DynamoDB table

and an Amazon S3 bucket This operation requires AWS credentials and

authorization to use AWS services What service would you use

AWS IAM Role

85copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 4

Databases

86copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SQL and NoSQL Databases

SQL NoSQL

Data Storage Rows and Columns Key-Value

Schemas Fixed Dynamic

Querying Using SQL Focused on collection of

documents

Scalability Vertical Horizontal

ISBN Title Author Format

9182932465265 Cloud Computing

Concepts

Wilson

Joe

Paperback

3142536475869 The Database

Guru

Gomez

Maria

eBook

SQL NoSQL

ISBN 9182932465265

Title ldquoCloud Computing Conceptsrdquo

Author ldquoWilson Joerdquo

Format ldquoPaperbackrdquo

87copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Data Storage Considerations

No one size fits all

Analyze your data requirements by considering

Data formats

Data size

Query frequency

Data access speed

Data retention period

88copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Managed Database Services

Compute Storage

AWS Global Infrastructure

Database

App Services

Deployment and Administration

Networking

Amazon DynamoDB

Amazon ElastiCache

Amazon RDS

Amazon Redshift

AWS Database Migration Service

89copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Relational Database Service (RDS)

Cost-efficient and resizable capacity

Manages time-consuming database

administration tasks

Access to the full capabilities of Amazon

Aurora MySQL MariaDB Microsoft SQL

Server Oracle and PostgreSQL databases

Amazon

RDS

90copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Use Case

We were able to go from

concept to delivered product

in about six months with just

a handful of engineers

Greg Scallan

Chief Architect Flipboard

rdquo

ldquoFlipboard is an online magazine

with millions of users and billions of

ldquoflipsrdquo per month

Flipboard is one of the worldrsquos first

social media magazines

Flipboard uses Amazon RDS and

its Multi-AZ capabilities to store

mission critical user data

91copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS

Simple and fast to deploy

Manages common database administrative tasks

Compatible with your applications

Fast predictable performance

Simple and fast to scale

Secure

Cost-effective

92copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

How Amazon RDS Backups Work

Automatic Backups

Restore your database to a

point in time

Are enabled by default

Let you choose a retention

period up to 35 days

Manual Snapshots

Let you build a new

database instance from a

snapshot

Are initiated by the user

Persist until the user deletes

them

Are stored in Amazon S3

93copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cross-Region Snapshots

Are a copy of a database

snapshot stored in a

different AWS Region

Provide a backup for

disaster recovery

Can be used as a base

for migration to a

different region

94copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Security

Run your DB instance in an Amazon VPC

Use IAM policies to grant access to Amazon RDS resources

Use security groups

Use Secure Socket Layer (SSL) connections with DB instances (Amazon Aurora Oracle MySQL MariaDB PostgreSQL Microsoft SQL Server)

Use Amazon RDS encryption to secure your RDS instances and snapshots at rest

Use network encryption and transparent data encryption (TDE) with Oracle DB and Microsoft SQL Server instances

Use the security features of your DB engine to control access to your DB instance

95copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

A Resilient Durable Application Architecture

Amazon RDS database

instances

Master and Multi-AZ standby

Application in Amazon

EC2 instances

Elastic Load Balancing

load balancer instance

DB snapshots in

Amazon S3

96copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Best Practices

Monitor your memory CPU and storage usage

Use Multi-AZ deployments to automatically provision and maintain a synchronous standby in a different Availability Zone

Enable automatic backups

Set the backup window to occur during the daily low in WriteIOPS

To increase the IO capacity of a DB instance Migrate to a DB instance class with high IO capacity

Convert from standard storage to provisioned IOPS storage and use a DB instance class optimized for provisioned IOPS

Provision additional throughput capacity (if using provisioned IOPS storage)

If your client application is caching the DNS data of your DB instances set a TTL of less than 30 seconds

Test failover for your DB instance

97copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon DynamoDB

Store any amount of data with no limits

Fast predictable performance using SSDs

Easily provision and change the request

capacity needed for each table

Fully managed NoSQL database serviceAmazon

DynamoDB

98copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Use Case

AdRoll an online advertising platform serves 50

billion impressions a day worldwide with its

global retargeting platforms

We spend more on snacks

than we do on Amazon

DynamoDB

Valentino Volonghi

CTO Adroll

rdquo

ldquoAdroll Uses AWS to grow by more than

15000 in a year

Needed high-performance flexible

platform to swiftly sync data for

worldwide audience

Processes 50 TB of data a day

Serves 50 billion impressions a day

Stores 15 PB of data

Worldwide deployment minimizes

latency

99copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Data Model

Table

MusicItems

Attributes (name-value pairs)

Artist Song

Title

Album

Title

Year Genre

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 18: AWSome Day Cork | Technical Track

18copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 2

AWS Infrastructure

19copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Elastic Compute

Cloud (EC2)

20copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Elastic Compute Cloud (EC2)

Resizable compute capacity

Complete control of your computing resources

Reduces the time required to obtain and boot

new server instances to minutesAmazon

EC2

21copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Facts

Scale capacity as your computing requirements change

Pay only for capacity that you actually use

Choose Linux or Windows

Deploy across AWS Regions and Availability Zones for reliability

22copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launching an Amazon EC2 Instance via the Web

Console

1 Determine the AWS Region in which you want to launch the

Amazon EC2 instance

2 Launch an Amazon EC2 instance from a pre-configured

Amazon Machine Image (AMI)

3 Choose an instance type based on CPU memory storage

and network requirements

4 Configure network IP address security groups storage

volume tags and key pair

23copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AMI Details

An AMI includes the following

A template for the root volume for the instance (for

example an operating system an application server

and applications)

Launch permissions that control which AWS accounts

can use the AMI to launch instances

A block device mapping that specifies the volumes to

attach to the instance when its launched

24copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instances and AMIs

Select an AMI based on

Region

Operating system

Architecture (32-bit or 64-bit)

Launch permissions

Storage for the root deviceAMI

Instances

Instance

Launch

instances of any

type

Host computer

Host computer

25copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Instances

OS Applications

amp Configuration

AMI

Running or

Stopped VM

Instances

AZ

VPC

Region

EBS

S3

EBS

SnapshotsS3 Buckets

EBS EBS EBS EBS EBS

AZ

Instances Instances

26copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS vs Amazon EC2 Instance Store

Amazon EBS

Data stored on an Amazon EBS volume can persist

independently of the life of the instance

Storage is persistent

Amazon EC2 Instance Store

Data stored on a local instance store persists only as long as the

instance is alive

Storage is ephemeral

27copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Marketplace ndash IT Software Optimized for the

Cloud

AWS Marketplace

Is an online store to discover purchase and deploy IT software on top of the AWS infrastructure

Catalog of 2300+ IT software solutionsbull Including Paid BYOL Open Source SaaS amp free to try options

Pre-configured to operate on AWSbull Software checked by AWS for security and operability

Deploys to AWS environment in minutes

Flexible usage-based billing models

Software charges billed to AWS account

Includes AWS Test Drive

httpsawsamazoncommarketplace

28copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Choosing the Right Amazon EC2 Instance

EC2 instance types are optimized for different use cases and come

in multiple sizes This allows you to optimally scale resources to

your workload requirements

AWS uses Intelreg Xeonreg processors for EC2 instances providing

customers with high performance and value

Consider the following when choosing your instances Core count

memory size storage size and type network performance and

CPU technologies

Hurry Up and Go Idle - A larger compute instance can save you time

and money therefore paying more per hour for a shorter amount of

time can be less expensive

29copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Intelreg Processor Technologies

Intelreg AVX ndash Get dramatically better performance for highly parallel HPC workloads such as life science engineering data mining financial analysis or other technical computing applications AVX also enhances image video and audio processing

Intelreg AES-NI ndash Enhance your security with these new encryption instructions that reduce the performance penalty associated with encryptingdecrypting data

Intelreg Turbo Boost Technology ndash Get more computing power when you need it with performance that adapts to spikes in your workload with Intelreg Turbo Boost Technology 20

30copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Current Generation Instances

Instance Family Some Use Cases

General purpose (t2 m4 m3) bull Low-traffic websites and web applications

bull Small databases and mid-size databases

Compute optimized (c4 c3) bull High performance front-end fleets

bull Video-encoding

Memory optimized (r3) bull High performance databases

bull Distributed memory caches

Storage optimized (i2 d2) bull Data warehousing

bull Log or data-processing applications

GPU instances (g2) bull 3D application streaming

bull Machine learning

31copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instance Metadata amp User Data

Instance Metadata

Is data about your instance

Can be used to configure or manage a running instance

Instance User Data

Can be passed to the instance at launch

Can be used to perform common automated configuration tasks

Runs scripts after the instance starts

32copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Purchasing Options

On-Demand Instances

Pay by the hour

Reserved Instances

Purchase at significant discount

Instances are always available

1-year to 3-year terms

Scheduled Instances

Purchase a 1-year RI for a

recurring period of time

Spot Instances

Highest bidder uses instance at a

significant discount

Spot blocks supported

Dedicated Hosts

Physical host is fully dedicated to

run your instances Bring your per-socket per-core or per-

VM software licenses to reduce

cost

33copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instructor Demo

Amazon EC2

34copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Simple Storage Service (S3)

Amazon S3

Storage for the Internet

Natively online HTTP access

Store and retrieve any amount of data any

time from anywhere on the web

Highly scalable reliable fast and durable

35copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Facts

Able to store an unlimited number of objects in a bucket

Objects up to 5 TB no bucket size limit

Designed for 99999999999 durability and 9999 availability of

objects over a given year

HTTPS endpoint to store and retrieve any amount of data at any

time from anywhere on the web

Highly scalable reliable fast and inexpensive

Optional server-side encryption using AWS or customer-

managed provided client-side encryption

Access logs for auditing

Provides standards-based REST and SOAP interfaces

36copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Common Use Scenarios

Storage and Backup

Application File Hosting

Media Hosting

Software Delivery

Store AMIs and Snapshots

37copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Concepts

Amazon S3 stores data as objects

within buckets

An object is composed of a file and

optionally any metadata that

describes that file

You can have up to 100 buckets in

each account

You can control access to the

bucket and its objects

Amazon

S3

Bucket

with

Objects

Bucket

Object

38copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Object Keys

An object key is the unique identifier for an object in a

bucket

httpdocs3amazonawscom2006-03-01AmazonS3html

Bucket ObjectKey

39copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Security

You can control access to buckets and objects with

Access Control Lists (ACLs)

Bucket policies

Identity and Access Management (IAM) policies

You can upload or download data to Amazon S3 via SSL

encrypted endpoints

You can encrypt data using AWS SDKs

40copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Versioning

Protects from accidental overwrites and deletes with

no performance penalty

Generates a new version with every upload

Allows easily retrieval of deleted objects or roll back

to previous versions

Three states of an Amazon S3 bucket

Un-versioned (default)

Versioning-enabled

Versioning-suspendedVersioning Enabled

Key photogif

ID 121212

Key photogif

ID 111111

41copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Object Lifecycle

Lifecycle management defines how Amazon S3 manages

objects during their lifetime Some objects that you store in an

Amazon S3 bucket might have a well-defined lifecycle

Log files

Archive documents

Digital media archives

Financial and healthcare records

Raw genomics sequence data

Long-term database backups

Data that must be retained for regulatory compliance

42copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Glacier

Long term low-cost archiving service

Optimal for infrequently accessed data

Designed for 99999999999 durability

3-5 hours retrieval time

Less than $001 per GB month (depending on region)

43copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 + Amazon Glacier

S3 Lifecycle policies allow you to delete or move

objects based on age and set rules per S3 bucket

bucket with

objects

30 Days

Glacier

archive

365 Days

44copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Region Considerations

Amazon S3 creates a bucket in the region you

select

You can choose a region to

Optimize latency

Minimize costs

Address regulatory requirements

Objects stored in a region never leave the region

unless you explicitly transfer them to another

region

45copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Storage Classes

Storage Class Durability Availability Other Considerations

Amazon S3

Standard

99999999999 9999 None

Amazon S3

Standard -

Infrequent

Access (IA)

99999999999 9999 bull Retrieval fee associated

with objects

bull Most suitable for

infrequently accessed

data

Glacier 99999999999 9999 (after you

restore objects)

bull Not available for real-time

access

bull Must restore objects

before you can access

them

46copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Elastic Block Store (EBS)

Persistent block level storage volumes

offering consistent and low-latency performance

Automatically replicated within its Availability

Zone

Snapshots stored durably in Amazon S3 Amazon

EBS

47copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS Lifecycle

Vast amounts of

unused space Create

Call CreateVolume

1 GB to 16 TB

Attach

Call AttachVolume to affiliate with

one Amazon EC2 instance

Attached

and

In Use

bull Format from Amazon EC2

instance OS

bull Mount formatted drive

CreateSnapshotSnapshot to

Amazon S3Detach

Call DetachVolume

Deleted

Call DeleteVolume

48copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS Facts

You can create

EBS Magnetic volumes from 1 GiB to 1 TiB in size

EBS General Purpose (SSD) and Provisioned IOPS (SSD)

volumes up to 16 TiB in size

You can use encrypted EBS volumes to meet a wide

range of data at-rest encryption requirements for

regulatedaudited data and applications

You can create point-in-time snapshots of EBS volumes

which are persisted to Amazon S3

49copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS and Amazon S3

Amazon EBS Amazon S3

Paradigm Block storage with file system Object store

Performance Very fast Fast

Redundancy Across multiple servers in an

Availability Zone

Across multiple facilities in a Region

Security EBS Encryption ndash Data volumes

and Snapshots

Encryption

Access from the

Internet

No (1) Yes (2)

Typical use case It is a disk drive Online storage

(1) Accessible from the Internet if mounted to server and set up as FTP etc

(2) Only with proper credentials unless ACLs are world-readable

50copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Instance Storage

Local complimentary direct attached block storage resource

Availability number of disks and size is based on EC2

instance type

Storage optimized instances for up to 365000 Read IOPS

and 315000 First Write IOPS

SSD or magnetic

No persistence

All data is automatically deleted when an EC2 instance stops

fails or is terminated

51copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Reboot vs Stop vs Terminate

Characteristic Reboot StopStart (EBS-backed instances only)

Terminate

Host computer The instance stays on the

same host computer

The instance runs on a new

host computer

NA

Private and public

IP addresses

Stay the same Instance keeps its private IP

address and gets a new public

IP address

NA

Elastic IP addresses

(EIP)

EIP remains associated with

the instance

EIP remains associated with the

instance

The EIP is disassociated from the

instance

Instance store

volumes

The data is preserved The data is erased The data is erased

EBS volume The volume is preserved The volume is preserved The volume is deleted by default

Billing Instance billing hour doesnrsquot

change

You stop incurring charges as

soon as state is changed to

stopping

You stop incurring charges as

soon as state is changed to

shutting-down

52copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instructor Demo

Amazon S3

53copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Networking

Amazon VPC

54copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

Provision a private isolated virtual network

on the AWS cloud

Have complete control over your virtual

networking environmentAmazon

VPC

55copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

VPCs and Subnets

A subnet defines a range of IP addresses in your VPC

You can launch AWS resources into a subnet that you select

A private subnet should be used for resources that wonrsquot be accessible over the Internet

A public subnet should be used for resources that will be accessed over the Internet

Each subnet must reside entirely within one Availability Zone and cannot span zones

56copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon VPC Example

Availability Zone A

Virtual Private Cloud

AWS Cloud

Public Subnet

Internet

Virtual Private Cloud

Availability Zone B

Private Subnet

Availability Zone C

VPN Only Subnet

DB Server DB Server

App Server

DB Server DB Server

DB Server

Web Server Web Server

NAT

Customer

Network

R

57copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security in Your VPC

Security groups

Network access

control lists

(ACLs) Subnet

1000024Subnet

1001024

Internet GatewayVPN Gateway

VPC Router

1000016

Security Group Security

Group

Security

Group

Network ACL Network ACL

Routing Table Routing Table

instance instance instance instance

58copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answers

Q What AWS service would help support your web application to offload serving static assets and store user uploaded images and video off-instance

Q How would you find out the private and public IP addresses for an EC2 instance

Q What acts as an additional layer of security at the subnet level in a VPC

True or False S3 Provides unlimited storageTrue

Retrieve the instance metadata http169254169254latestmeta-data

Amazon S3

Network ACLs

59copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 3

Security Identity and Access

Management

60copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Shared Responsibility ndash AWS

AW

S

Client-side Data Encryption

and Data Integrity

Authentication

Server-side Encryption

(File System andor Data)Network Traffic Protection

(EncryptionIntegrityIdentity)

Platform Applications Identity and Access Management

Operating System Network and Firewall Configuration

Customer DataC

usto

mer

Foundation Services

Compute Storage Database Network

AWS Global

Infrastructure Regions

Availability Zones Edge

Locations

61copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Physical Security

247 trained security staff

AWS data centers in nondescript and undisclosed facilities

Two-factor authentication for authorized staff

Authorization for data center access

62copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Hardware Software and Network

Automated change-control process

Bastion servers that record all access attempts

Firewall and other boundary devices

AWS monitoring tools

63copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Certifications and Accreditations

ISO 9001 ISO 27001 ISO 27017 ISO 27018 IRAP (Australia) MLPS Level 3 (China)

MTCS Tier 3 Certification (Singapore) and more hellip

64copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SSL Endpoints

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

SSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

SSL Endpoints

65copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security Groups

SSL Endpoints Security Groups

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

66copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

VPCSSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

67copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Multi-Tier Security Groups

HTTP

SSHRDP

Ports 80 and 443 only

open to the Internet

Engineering staff have SSHRDP

access to Bastion Host

All other internet ports blocked by default

Bastion

68copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Identity and Access Management (IAM)

AWS IAM

3

Manage federated users

and their permissions

2

Manage AWS IAM roles

and their permissions

1

Manage AWS IAM users

and their access

69copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Authentication

AWS Management Console User Name and Password

IAM User

70copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Access Key ID AKIAIOSFODNN7EXAMPLE

Secret Access Key wJalrXUtnFEMIK7MDENGbPxRfiCYEXAMPLEKEY

Java Python NET

AWS SDK amp APIAWS CLI

Authentication

AWS CLI or SDK API Access Key and Secret Key

IAM User

71copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM User Management - Groups

User D

DevOps Group

User C

AWS Account

TestDev Group

User BUser A

72copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authorization

Authorization

Policies

Are JSON documents to

describe permissions

Are assigned to Users

Groups or Roles

IAM User IAM Group

IAM Roles

73copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Elements

Version 2012-10-17

Statement [

Sid Stmt1453690971587

Action [

ec2Describe

ec2StartInstances

ec2StopInstancesrdquo

]

Effect Allow

Resource

Condition

IpAddress

awsSourceIp 5464346532rdquo

Sid Stmt1453690998327

Action [

s3GetObjectrdquo

]

Effect Allow

Resource arnawss3example_bucketrdquo

]

IAM Policy

74copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

Assigned Assigned

IAM Policy

75copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

76copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Roles

An IAM role uses a policy

An IAM role has no associated credentials

IAM users applications and services may assume IAM

roles

IAM Roles

77copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

IAM User

Assumed Assumed

AWS Resources

78copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Access to AWS Resources

Python application hosted on an Amazon EC2 Instance

needs to interact with Amazon S3

AWS credentials are required

Option 1 Store AWS Credentials on the Amazon EC2 instance

Option 2 Securely distribute AWS credentials to AWS Services

and Applications

IAM Roles

79copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Authentication

AWS IAM Application

No Support No Support

OS

80copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication and Authorization

Authentication

AWS Management Console

bull User Name and Password

AWS CLI or SDK API

bull Access Key and Secret Key

Authorization

Policies

IAM User IAM Group

IAM Roles

81copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices

Delete AWS account (root) access keys

Create individual IAM users

Use groups to assign permissions to IAM users

Grant least privilege

Configure a strong password policy

Enable MFA for privileged users

82copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices (cont)

Use roles for applications that run on Amazon EC2

instances

Delegate by using roles instead of by sharing credentials

Rotate credentials regularly

Remove unnecessary users and credentials

Use policy conditions for extra security

Monitor activity in your AWS account

83copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Resource-Based Policies

Are an alternative to IAM and supported by some

services

Grant cross-account access to your resources

Use a principal to uniquely identify account in the policy

Supported AWS services include Amazon S3 Bucket Policy

Amazon SNS Topic Policy

Amazon SQS Queue Policy

Amazon Glacier Vault Policy

AWS OpsWorks Stack Policy

AWS Lambda Function Policy

84copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answer

Q Your web application needs to readwrite an Amazon DynamoDB table

and an Amazon S3 bucket This operation requires AWS credentials and

authorization to use AWS services What service would you use

AWS IAM Role

85copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 4

Databases

86copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SQL and NoSQL Databases

SQL NoSQL

Data Storage Rows and Columns Key-Value

Schemas Fixed Dynamic

Querying Using SQL Focused on collection of

documents

Scalability Vertical Horizontal

ISBN Title Author Format

9182932465265 Cloud Computing

Concepts

Wilson

Joe

Paperback

3142536475869 The Database

Guru

Gomez

Maria

eBook

SQL NoSQL

ISBN 9182932465265

Title ldquoCloud Computing Conceptsrdquo

Author ldquoWilson Joerdquo

Format ldquoPaperbackrdquo

87copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Data Storage Considerations

No one size fits all

Analyze your data requirements by considering

Data formats

Data size

Query frequency

Data access speed

Data retention period

88copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Managed Database Services

Compute Storage

AWS Global Infrastructure

Database

App Services

Deployment and Administration

Networking

Amazon DynamoDB

Amazon ElastiCache

Amazon RDS

Amazon Redshift

AWS Database Migration Service

89copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Relational Database Service (RDS)

Cost-efficient and resizable capacity

Manages time-consuming database

administration tasks

Access to the full capabilities of Amazon

Aurora MySQL MariaDB Microsoft SQL

Server Oracle and PostgreSQL databases

Amazon

RDS

90copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Use Case

We were able to go from

concept to delivered product

in about six months with just

a handful of engineers

Greg Scallan

Chief Architect Flipboard

rdquo

ldquoFlipboard is an online magazine

with millions of users and billions of

ldquoflipsrdquo per month

Flipboard is one of the worldrsquos first

social media magazines

Flipboard uses Amazon RDS and

its Multi-AZ capabilities to store

mission critical user data

91copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS

Simple and fast to deploy

Manages common database administrative tasks

Compatible with your applications

Fast predictable performance

Simple and fast to scale

Secure

Cost-effective

92copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

How Amazon RDS Backups Work

Automatic Backups

Restore your database to a

point in time

Are enabled by default

Let you choose a retention

period up to 35 days

Manual Snapshots

Let you build a new

database instance from a

snapshot

Are initiated by the user

Persist until the user deletes

them

Are stored in Amazon S3

93copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cross-Region Snapshots

Are a copy of a database

snapshot stored in a

different AWS Region

Provide a backup for

disaster recovery

Can be used as a base

for migration to a

different region

94copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Security

Run your DB instance in an Amazon VPC

Use IAM policies to grant access to Amazon RDS resources

Use security groups

Use Secure Socket Layer (SSL) connections with DB instances (Amazon Aurora Oracle MySQL MariaDB PostgreSQL Microsoft SQL Server)

Use Amazon RDS encryption to secure your RDS instances and snapshots at rest

Use network encryption and transparent data encryption (TDE) with Oracle DB and Microsoft SQL Server instances

Use the security features of your DB engine to control access to your DB instance

95copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

A Resilient Durable Application Architecture

Amazon RDS database

instances

Master and Multi-AZ standby

Application in Amazon

EC2 instances

Elastic Load Balancing

load balancer instance

DB snapshots in

Amazon S3

96copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Best Practices

Monitor your memory CPU and storage usage

Use Multi-AZ deployments to automatically provision and maintain a synchronous standby in a different Availability Zone

Enable automatic backups

Set the backup window to occur during the daily low in WriteIOPS

To increase the IO capacity of a DB instance Migrate to a DB instance class with high IO capacity

Convert from standard storage to provisioned IOPS storage and use a DB instance class optimized for provisioned IOPS

Provision additional throughput capacity (if using provisioned IOPS storage)

If your client application is caching the DNS data of your DB instances set a TTL of less than 30 seconds

Test failover for your DB instance

97copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon DynamoDB

Store any amount of data with no limits

Fast predictable performance using SSDs

Easily provision and change the request

capacity needed for each table

Fully managed NoSQL database serviceAmazon

DynamoDB

98copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Use Case

AdRoll an online advertising platform serves 50

billion impressions a day worldwide with its

global retargeting platforms

We spend more on snacks

than we do on Amazon

DynamoDB

Valentino Volonghi

CTO Adroll

rdquo

ldquoAdroll Uses AWS to grow by more than

15000 in a year

Needed high-performance flexible

platform to swiftly sync data for

worldwide audience

Processes 50 TB of data a day

Serves 50 billion impressions a day

Stores 15 PB of data

Worldwide deployment minimizes

latency

99copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Data Model

Table

MusicItems

Attributes (name-value pairs)

Artist Song

Title

Album

Title

Year Genre

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 19: AWSome Day Cork | Technical Track

19copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Elastic Compute

Cloud (EC2)

20copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Elastic Compute Cloud (EC2)

Resizable compute capacity

Complete control of your computing resources

Reduces the time required to obtain and boot

new server instances to minutesAmazon

EC2

21copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Facts

Scale capacity as your computing requirements change

Pay only for capacity that you actually use

Choose Linux or Windows

Deploy across AWS Regions and Availability Zones for reliability

22copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launching an Amazon EC2 Instance via the Web

Console

1 Determine the AWS Region in which you want to launch the

Amazon EC2 instance

2 Launch an Amazon EC2 instance from a pre-configured

Amazon Machine Image (AMI)

3 Choose an instance type based on CPU memory storage

and network requirements

4 Configure network IP address security groups storage

volume tags and key pair

23copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AMI Details

An AMI includes the following

A template for the root volume for the instance (for

example an operating system an application server

and applications)

Launch permissions that control which AWS accounts

can use the AMI to launch instances

A block device mapping that specifies the volumes to

attach to the instance when its launched

24copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instances and AMIs

Select an AMI based on

Region

Operating system

Architecture (32-bit or 64-bit)

Launch permissions

Storage for the root deviceAMI

Instances

Instance

Launch

instances of any

type

Host computer

Host computer

25copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Instances

OS Applications

amp Configuration

AMI

Running or

Stopped VM

Instances

AZ

VPC

Region

EBS

S3

EBS

SnapshotsS3 Buckets

EBS EBS EBS EBS EBS

AZ

Instances Instances

26copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS vs Amazon EC2 Instance Store

Amazon EBS

Data stored on an Amazon EBS volume can persist

independently of the life of the instance

Storage is persistent

Amazon EC2 Instance Store

Data stored on a local instance store persists only as long as the

instance is alive

Storage is ephemeral

27copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Marketplace ndash IT Software Optimized for the

Cloud

AWS Marketplace

Is an online store to discover purchase and deploy IT software on top of the AWS infrastructure

Catalog of 2300+ IT software solutionsbull Including Paid BYOL Open Source SaaS amp free to try options

Pre-configured to operate on AWSbull Software checked by AWS for security and operability

Deploys to AWS environment in minutes

Flexible usage-based billing models

Software charges billed to AWS account

Includes AWS Test Drive

httpsawsamazoncommarketplace

28copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Choosing the Right Amazon EC2 Instance

EC2 instance types are optimized for different use cases and come

in multiple sizes This allows you to optimally scale resources to

your workload requirements

AWS uses Intelreg Xeonreg processors for EC2 instances providing

customers with high performance and value

Consider the following when choosing your instances Core count

memory size storage size and type network performance and

CPU technologies

Hurry Up and Go Idle - A larger compute instance can save you time

and money therefore paying more per hour for a shorter amount of

time can be less expensive

29copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Intelreg Processor Technologies

Intelreg AVX ndash Get dramatically better performance for highly parallel HPC workloads such as life science engineering data mining financial analysis or other technical computing applications AVX also enhances image video and audio processing

Intelreg AES-NI ndash Enhance your security with these new encryption instructions that reduce the performance penalty associated with encryptingdecrypting data

Intelreg Turbo Boost Technology ndash Get more computing power when you need it with performance that adapts to spikes in your workload with Intelreg Turbo Boost Technology 20

30copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Current Generation Instances

Instance Family Some Use Cases

General purpose (t2 m4 m3) bull Low-traffic websites and web applications

bull Small databases and mid-size databases

Compute optimized (c4 c3) bull High performance front-end fleets

bull Video-encoding

Memory optimized (r3) bull High performance databases

bull Distributed memory caches

Storage optimized (i2 d2) bull Data warehousing

bull Log or data-processing applications

GPU instances (g2) bull 3D application streaming

bull Machine learning

31copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instance Metadata amp User Data

Instance Metadata

Is data about your instance

Can be used to configure or manage a running instance

Instance User Data

Can be passed to the instance at launch

Can be used to perform common automated configuration tasks

Runs scripts after the instance starts

32copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Purchasing Options

On-Demand Instances

Pay by the hour

Reserved Instances

Purchase at significant discount

Instances are always available

1-year to 3-year terms

Scheduled Instances

Purchase a 1-year RI for a

recurring period of time

Spot Instances

Highest bidder uses instance at a

significant discount

Spot blocks supported

Dedicated Hosts

Physical host is fully dedicated to

run your instances Bring your per-socket per-core or per-

VM software licenses to reduce

cost

33copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instructor Demo

Amazon EC2

34copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Simple Storage Service (S3)

Amazon S3

Storage for the Internet

Natively online HTTP access

Store and retrieve any amount of data any

time from anywhere on the web

Highly scalable reliable fast and durable

35copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Facts

Able to store an unlimited number of objects in a bucket

Objects up to 5 TB no bucket size limit

Designed for 99999999999 durability and 9999 availability of

objects over a given year

HTTPS endpoint to store and retrieve any amount of data at any

time from anywhere on the web

Highly scalable reliable fast and inexpensive

Optional server-side encryption using AWS or customer-

managed provided client-side encryption

Access logs for auditing

Provides standards-based REST and SOAP interfaces

36copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Common Use Scenarios

Storage and Backup

Application File Hosting

Media Hosting

Software Delivery

Store AMIs and Snapshots

37copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Concepts

Amazon S3 stores data as objects

within buckets

An object is composed of a file and

optionally any metadata that

describes that file

You can have up to 100 buckets in

each account

You can control access to the

bucket and its objects

Amazon

S3

Bucket

with

Objects

Bucket

Object

38copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Object Keys

An object key is the unique identifier for an object in a

bucket

httpdocs3amazonawscom2006-03-01AmazonS3html

Bucket ObjectKey

39copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Security

You can control access to buckets and objects with

Access Control Lists (ACLs)

Bucket policies

Identity and Access Management (IAM) policies

You can upload or download data to Amazon S3 via SSL

encrypted endpoints

You can encrypt data using AWS SDKs

40copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Versioning

Protects from accidental overwrites and deletes with

no performance penalty

Generates a new version with every upload

Allows easily retrieval of deleted objects or roll back

to previous versions

Three states of an Amazon S3 bucket

Un-versioned (default)

Versioning-enabled

Versioning-suspendedVersioning Enabled

Key photogif

ID 121212

Key photogif

ID 111111

41copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Object Lifecycle

Lifecycle management defines how Amazon S3 manages

objects during their lifetime Some objects that you store in an

Amazon S3 bucket might have a well-defined lifecycle

Log files

Archive documents

Digital media archives

Financial and healthcare records

Raw genomics sequence data

Long-term database backups

Data that must be retained for regulatory compliance

42copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Glacier

Long term low-cost archiving service

Optimal for infrequently accessed data

Designed for 99999999999 durability

3-5 hours retrieval time

Less than $001 per GB month (depending on region)

43copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 + Amazon Glacier

S3 Lifecycle policies allow you to delete or move

objects based on age and set rules per S3 bucket

bucket with

objects

30 Days

Glacier

archive

365 Days

44copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Region Considerations

Amazon S3 creates a bucket in the region you

select

You can choose a region to

Optimize latency

Minimize costs

Address regulatory requirements

Objects stored in a region never leave the region

unless you explicitly transfer them to another

region

45copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Storage Classes

Storage Class Durability Availability Other Considerations

Amazon S3

Standard

99999999999 9999 None

Amazon S3

Standard -

Infrequent

Access (IA)

99999999999 9999 bull Retrieval fee associated

with objects

bull Most suitable for

infrequently accessed

data

Glacier 99999999999 9999 (after you

restore objects)

bull Not available for real-time

access

bull Must restore objects

before you can access

them

46copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Elastic Block Store (EBS)

Persistent block level storage volumes

offering consistent and low-latency performance

Automatically replicated within its Availability

Zone

Snapshots stored durably in Amazon S3 Amazon

EBS

47copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS Lifecycle

Vast amounts of

unused space Create

Call CreateVolume

1 GB to 16 TB

Attach

Call AttachVolume to affiliate with

one Amazon EC2 instance

Attached

and

In Use

bull Format from Amazon EC2

instance OS

bull Mount formatted drive

CreateSnapshotSnapshot to

Amazon S3Detach

Call DetachVolume

Deleted

Call DeleteVolume

48copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS Facts

You can create

EBS Magnetic volumes from 1 GiB to 1 TiB in size

EBS General Purpose (SSD) and Provisioned IOPS (SSD)

volumes up to 16 TiB in size

You can use encrypted EBS volumes to meet a wide

range of data at-rest encryption requirements for

regulatedaudited data and applications

You can create point-in-time snapshots of EBS volumes

which are persisted to Amazon S3

49copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS and Amazon S3

Amazon EBS Amazon S3

Paradigm Block storage with file system Object store

Performance Very fast Fast

Redundancy Across multiple servers in an

Availability Zone

Across multiple facilities in a Region

Security EBS Encryption ndash Data volumes

and Snapshots

Encryption

Access from the

Internet

No (1) Yes (2)

Typical use case It is a disk drive Online storage

(1) Accessible from the Internet if mounted to server and set up as FTP etc

(2) Only with proper credentials unless ACLs are world-readable

50copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Instance Storage

Local complimentary direct attached block storage resource

Availability number of disks and size is based on EC2

instance type

Storage optimized instances for up to 365000 Read IOPS

and 315000 First Write IOPS

SSD or magnetic

No persistence

All data is automatically deleted when an EC2 instance stops

fails or is terminated

51copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Reboot vs Stop vs Terminate

Characteristic Reboot StopStart (EBS-backed instances only)

Terminate

Host computer The instance stays on the

same host computer

The instance runs on a new

host computer

NA

Private and public

IP addresses

Stay the same Instance keeps its private IP

address and gets a new public

IP address

NA

Elastic IP addresses

(EIP)

EIP remains associated with

the instance

EIP remains associated with the

instance

The EIP is disassociated from the

instance

Instance store

volumes

The data is preserved The data is erased The data is erased

EBS volume The volume is preserved The volume is preserved The volume is deleted by default

Billing Instance billing hour doesnrsquot

change

You stop incurring charges as

soon as state is changed to

stopping

You stop incurring charges as

soon as state is changed to

shutting-down

52copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instructor Demo

Amazon S3

53copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Networking

Amazon VPC

54copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

Provision a private isolated virtual network

on the AWS cloud

Have complete control over your virtual

networking environmentAmazon

VPC

55copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

VPCs and Subnets

A subnet defines a range of IP addresses in your VPC

You can launch AWS resources into a subnet that you select

A private subnet should be used for resources that wonrsquot be accessible over the Internet

A public subnet should be used for resources that will be accessed over the Internet

Each subnet must reside entirely within one Availability Zone and cannot span zones

56copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon VPC Example

Availability Zone A

Virtual Private Cloud

AWS Cloud

Public Subnet

Internet

Virtual Private Cloud

Availability Zone B

Private Subnet

Availability Zone C

VPN Only Subnet

DB Server DB Server

App Server

DB Server DB Server

DB Server

Web Server Web Server

NAT

Customer

Network

R

57copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security in Your VPC

Security groups

Network access

control lists

(ACLs) Subnet

1000024Subnet

1001024

Internet GatewayVPN Gateway

VPC Router

1000016

Security Group Security

Group

Security

Group

Network ACL Network ACL

Routing Table Routing Table

instance instance instance instance

58copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answers

Q What AWS service would help support your web application to offload serving static assets and store user uploaded images and video off-instance

Q How would you find out the private and public IP addresses for an EC2 instance

Q What acts as an additional layer of security at the subnet level in a VPC

True or False S3 Provides unlimited storageTrue

Retrieve the instance metadata http169254169254latestmeta-data

Amazon S3

Network ACLs

59copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 3

Security Identity and Access

Management

60copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Shared Responsibility ndash AWS

AW

S

Client-side Data Encryption

and Data Integrity

Authentication

Server-side Encryption

(File System andor Data)Network Traffic Protection

(EncryptionIntegrityIdentity)

Platform Applications Identity and Access Management

Operating System Network and Firewall Configuration

Customer DataC

usto

mer

Foundation Services

Compute Storage Database Network

AWS Global

Infrastructure Regions

Availability Zones Edge

Locations

61copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Physical Security

247 trained security staff

AWS data centers in nondescript and undisclosed facilities

Two-factor authentication for authorized staff

Authorization for data center access

62copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Hardware Software and Network

Automated change-control process

Bastion servers that record all access attempts

Firewall and other boundary devices

AWS monitoring tools

63copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Certifications and Accreditations

ISO 9001 ISO 27001 ISO 27017 ISO 27018 IRAP (Australia) MLPS Level 3 (China)

MTCS Tier 3 Certification (Singapore) and more hellip

64copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SSL Endpoints

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

SSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

SSL Endpoints

65copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security Groups

SSL Endpoints Security Groups

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

66copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

VPCSSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

67copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Multi-Tier Security Groups

HTTP

SSHRDP

Ports 80 and 443 only

open to the Internet

Engineering staff have SSHRDP

access to Bastion Host

All other internet ports blocked by default

Bastion

68copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Identity and Access Management (IAM)

AWS IAM

3

Manage federated users

and their permissions

2

Manage AWS IAM roles

and their permissions

1

Manage AWS IAM users

and their access

69copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Authentication

AWS Management Console User Name and Password

IAM User

70copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Access Key ID AKIAIOSFODNN7EXAMPLE

Secret Access Key wJalrXUtnFEMIK7MDENGbPxRfiCYEXAMPLEKEY

Java Python NET

AWS SDK amp APIAWS CLI

Authentication

AWS CLI or SDK API Access Key and Secret Key

IAM User

71copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM User Management - Groups

User D

DevOps Group

User C

AWS Account

TestDev Group

User BUser A

72copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authorization

Authorization

Policies

Are JSON documents to

describe permissions

Are assigned to Users

Groups or Roles

IAM User IAM Group

IAM Roles

73copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Elements

Version 2012-10-17

Statement [

Sid Stmt1453690971587

Action [

ec2Describe

ec2StartInstances

ec2StopInstancesrdquo

]

Effect Allow

Resource

Condition

IpAddress

awsSourceIp 5464346532rdquo

Sid Stmt1453690998327

Action [

s3GetObjectrdquo

]

Effect Allow

Resource arnawss3example_bucketrdquo

]

IAM Policy

74copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

Assigned Assigned

IAM Policy

75copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

76copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Roles

An IAM role uses a policy

An IAM role has no associated credentials

IAM users applications and services may assume IAM

roles

IAM Roles

77copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

IAM User

Assumed Assumed

AWS Resources

78copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Access to AWS Resources

Python application hosted on an Amazon EC2 Instance

needs to interact with Amazon S3

AWS credentials are required

Option 1 Store AWS Credentials on the Amazon EC2 instance

Option 2 Securely distribute AWS credentials to AWS Services

and Applications

IAM Roles

79copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Authentication

AWS IAM Application

No Support No Support

OS

80copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication and Authorization

Authentication

AWS Management Console

bull User Name and Password

AWS CLI or SDK API

bull Access Key and Secret Key

Authorization

Policies

IAM User IAM Group

IAM Roles

81copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices

Delete AWS account (root) access keys

Create individual IAM users

Use groups to assign permissions to IAM users

Grant least privilege

Configure a strong password policy

Enable MFA for privileged users

82copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices (cont)

Use roles for applications that run on Amazon EC2

instances

Delegate by using roles instead of by sharing credentials

Rotate credentials regularly

Remove unnecessary users and credentials

Use policy conditions for extra security

Monitor activity in your AWS account

83copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Resource-Based Policies

Are an alternative to IAM and supported by some

services

Grant cross-account access to your resources

Use a principal to uniquely identify account in the policy

Supported AWS services include Amazon S3 Bucket Policy

Amazon SNS Topic Policy

Amazon SQS Queue Policy

Amazon Glacier Vault Policy

AWS OpsWorks Stack Policy

AWS Lambda Function Policy

84copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answer

Q Your web application needs to readwrite an Amazon DynamoDB table

and an Amazon S3 bucket This operation requires AWS credentials and

authorization to use AWS services What service would you use

AWS IAM Role

85copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 4

Databases

86copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SQL and NoSQL Databases

SQL NoSQL

Data Storage Rows and Columns Key-Value

Schemas Fixed Dynamic

Querying Using SQL Focused on collection of

documents

Scalability Vertical Horizontal

ISBN Title Author Format

9182932465265 Cloud Computing

Concepts

Wilson

Joe

Paperback

3142536475869 The Database

Guru

Gomez

Maria

eBook

SQL NoSQL

ISBN 9182932465265

Title ldquoCloud Computing Conceptsrdquo

Author ldquoWilson Joerdquo

Format ldquoPaperbackrdquo

87copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Data Storage Considerations

No one size fits all

Analyze your data requirements by considering

Data formats

Data size

Query frequency

Data access speed

Data retention period

88copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Managed Database Services

Compute Storage

AWS Global Infrastructure

Database

App Services

Deployment and Administration

Networking

Amazon DynamoDB

Amazon ElastiCache

Amazon RDS

Amazon Redshift

AWS Database Migration Service

89copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Relational Database Service (RDS)

Cost-efficient and resizable capacity

Manages time-consuming database

administration tasks

Access to the full capabilities of Amazon

Aurora MySQL MariaDB Microsoft SQL

Server Oracle and PostgreSQL databases

Amazon

RDS

90copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Use Case

We were able to go from

concept to delivered product

in about six months with just

a handful of engineers

Greg Scallan

Chief Architect Flipboard

rdquo

ldquoFlipboard is an online magazine

with millions of users and billions of

ldquoflipsrdquo per month

Flipboard is one of the worldrsquos first

social media magazines

Flipboard uses Amazon RDS and

its Multi-AZ capabilities to store

mission critical user data

91copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS

Simple and fast to deploy

Manages common database administrative tasks

Compatible with your applications

Fast predictable performance

Simple and fast to scale

Secure

Cost-effective

92copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

How Amazon RDS Backups Work

Automatic Backups

Restore your database to a

point in time

Are enabled by default

Let you choose a retention

period up to 35 days

Manual Snapshots

Let you build a new

database instance from a

snapshot

Are initiated by the user

Persist until the user deletes

them

Are stored in Amazon S3

93copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cross-Region Snapshots

Are a copy of a database

snapshot stored in a

different AWS Region

Provide a backup for

disaster recovery

Can be used as a base

for migration to a

different region

94copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Security

Run your DB instance in an Amazon VPC

Use IAM policies to grant access to Amazon RDS resources

Use security groups

Use Secure Socket Layer (SSL) connections with DB instances (Amazon Aurora Oracle MySQL MariaDB PostgreSQL Microsoft SQL Server)

Use Amazon RDS encryption to secure your RDS instances and snapshots at rest

Use network encryption and transparent data encryption (TDE) with Oracle DB and Microsoft SQL Server instances

Use the security features of your DB engine to control access to your DB instance

95copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

A Resilient Durable Application Architecture

Amazon RDS database

instances

Master and Multi-AZ standby

Application in Amazon

EC2 instances

Elastic Load Balancing

load balancer instance

DB snapshots in

Amazon S3

96copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Best Practices

Monitor your memory CPU and storage usage

Use Multi-AZ deployments to automatically provision and maintain a synchronous standby in a different Availability Zone

Enable automatic backups

Set the backup window to occur during the daily low in WriteIOPS

To increase the IO capacity of a DB instance Migrate to a DB instance class with high IO capacity

Convert from standard storage to provisioned IOPS storage and use a DB instance class optimized for provisioned IOPS

Provision additional throughput capacity (if using provisioned IOPS storage)

If your client application is caching the DNS data of your DB instances set a TTL of less than 30 seconds

Test failover for your DB instance

97copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon DynamoDB

Store any amount of data with no limits

Fast predictable performance using SSDs

Easily provision and change the request

capacity needed for each table

Fully managed NoSQL database serviceAmazon

DynamoDB

98copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Use Case

AdRoll an online advertising platform serves 50

billion impressions a day worldwide with its

global retargeting platforms

We spend more on snacks

than we do on Amazon

DynamoDB

Valentino Volonghi

CTO Adroll

rdquo

ldquoAdroll Uses AWS to grow by more than

15000 in a year

Needed high-performance flexible

platform to swiftly sync data for

worldwide audience

Processes 50 TB of data a day

Serves 50 billion impressions a day

Stores 15 PB of data

Worldwide deployment minimizes

latency

99copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Data Model

Table

MusicItems

Attributes (name-value pairs)

Artist Song

Title

Album

Title

Year Genre

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 20: AWSome Day Cork | Technical Track

20copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Elastic Compute Cloud (EC2)

Resizable compute capacity

Complete control of your computing resources

Reduces the time required to obtain and boot

new server instances to minutesAmazon

EC2

21copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Facts

Scale capacity as your computing requirements change

Pay only for capacity that you actually use

Choose Linux or Windows

Deploy across AWS Regions and Availability Zones for reliability

22copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launching an Amazon EC2 Instance via the Web

Console

1 Determine the AWS Region in which you want to launch the

Amazon EC2 instance

2 Launch an Amazon EC2 instance from a pre-configured

Amazon Machine Image (AMI)

3 Choose an instance type based on CPU memory storage

and network requirements

4 Configure network IP address security groups storage

volume tags and key pair

23copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AMI Details

An AMI includes the following

A template for the root volume for the instance (for

example an operating system an application server

and applications)

Launch permissions that control which AWS accounts

can use the AMI to launch instances

A block device mapping that specifies the volumes to

attach to the instance when its launched

24copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instances and AMIs

Select an AMI based on

Region

Operating system

Architecture (32-bit or 64-bit)

Launch permissions

Storage for the root deviceAMI

Instances

Instance

Launch

instances of any

type

Host computer

Host computer

25copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Instances

OS Applications

amp Configuration

AMI

Running or

Stopped VM

Instances

AZ

VPC

Region

EBS

S3

EBS

SnapshotsS3 Buckets

EBS EBS EBS EBS EBS

AZ

Instances Instances

26copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS vs Amazon EC2 Instance Store

Amazon EBS

Data stored on an Amazon EBS volume can persist

independently of the life of the instance

Storage is persistent

Amazon EC2 Instance Store

Data stored on a local instance store persists only as long as the

instance is alive

Storage is ephemeral

27copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Marketplace ndash IT Software Optimized for the

Cloud

AWS Marketplace

Is an online store to discover purchase and deploy IT software on top of the AWS infrastructure

Catalog of 2300+ IT software solutionsbull Including Paid BYOL Open Source SaaS amp free to try options

Pre-configured to operate on AWSbull Software checked by AWS for security and operability

Deploys to AWS environment in minutes

Flexible usage-based billing models

Software charges billed to AWS account

Includes AWS Test Drive

httpsawsamazoncommarketplace

28copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Choosing the Right Amazon EC2 Instance

EC2 instance types are optimized for different use cases and come

in multiple sizes This allows you to optimally scale resources to

your workload requirements

AWS uses Intelreg Xeonreg processors for EC2 instances providing

customers with high performance and value

Consider the following when choosing your instances Core count

memory size storage size and type network performance and

CPU technologies

Hurry Up and Go Idle - A larger compute instance can save you time

and money therefore paying more per hour for a shorter amount of

time can be less expensive

29copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Intelreg Processor Technologies

Intelreg AVX ndash Get dramatically better performance for highly parallel HPC workloads such as life science engineering data mining financial analysis or other technical computing applications AVX also enhances image video and audio processing

Intelreg AES-NI ndash Enhance your security with these new encryption instructions that reduce the performance penalty associated with encryptingdecrypting data

Intelreg Turbo Boost Technology ndash Get more computing power when you need it with performance that adapts to spikes in your workload with Intelreg Turbo Boost Technology 20

30copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Current Generation Instances

Instance Family Some Use Cases

General purpose (t2 m4 m3) bull Low-traffic websites and web applications

bull Small databases and mid-size databases

Compute optimized (c4 c3) bull High performance front-end fleets

bull Video-encoding

Memory optimized (r3) bull High performance databases

bull Distributed memory caches

Storage optimized (i2 d2) bull Data warehousing

bull Log or data-processing applications

GPU instances (g2) bull 3D application streaming

bull Machine learning

31copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instance Metadata amp User Data

Instance Metadata

Is data about your instance

Can be used to configure or manage a running instance

Instance User Data

Can be passed to the instance at launch

Can be used to perform common automated configuration tasks

Runs scripts after the instance starts

32copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Purchasing Options

On-Demand Instances

Pay by the hour

Reserved Instances

Purchase at significant discount

Instances are always available

1-year to 3-year terms

Scheduled Instances

Purchase a 1-year RI for a

recurring period of time

Spot Instances

Highest bidder uses instance at a

significant discount

Spot blocks supported

Dedicated Hosts

Physical host is fully dedicated to

run your instances Bring your per-socket per-core or per-

VM software licenses to reduce

cost

33copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instructor Demo

Amazon EC2

34copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Simple Storage Service (S3)

Amazon S3

Storage for the Internet

Natively online HTTP access

Store and retrieve any amount of data any

time from anywhere on the web

Highly scalable reliable fast and durable

35copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Facts

Able to store an unlimited number of objects in a bucket

Objects up to 5 TB no bucket size limit

Designed for 99999999999 durability and 9999 availability of

objects over a given year

HTTPS endpoint to store and retrieve any amount of data at any

time from anywhere on the web

Highly scalable reliable fast and inexpensive

Optional server-side encryption using AWS or customer-

managed provided client-side encryption

Access logs for auditing

Provides standards-based REST and SOAP interfaces

36copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Common Use Scenarios

Storage and Backup

Application File Hosting

Media Hosting

Software Delivery

Store AMIs and Snapshots

37copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Concepts

Amazon S3 stores data as objects

within buckets

An object is composed of a file and

optionally any metadata that

describes that file

You can have up to 100 buckets in

each account

You can control access to the

bucket and its objects

Amazon

S3

Bucket

with

Objects

Bucket

Object

38copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Object Keys

An object key is the unique identifier for an object in a

bucket

httpdocs3amazonawscom2006-03-01AmazonS3html

Bucket ObjectKey

39copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Security

You can control access to buckets and objects with

Access Control Lists (ACLs)

Bucket policies

Identity and Access Management (IAM) policies

You can upload or download data to Amazon S3 via SSL

encrypted endpoints

You can encrypt data using AWS SDKs

40copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Versioning

Protects from accidental overwrites and deletes with

no performance penalty

Generates a new version with every upload

Allows easily retrieval of deleted objects or roll back

to previous versions

Three states of an Amazon S3 bucket

Un-versioned (default)

Versioning-enabled

Versioning-suspendedVersioning Enabled

Key photogif

ID 121212

Key photogif

ID 111111

41copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Object Lifecycle

Lifecycle management defines how Amazon S3 manages

objects during their lifetime Some objects that you store in an

Amazon S3 bucket might have a well-defined lifecycle

Log files

Archive documents

Digital media archives

Financial and healthcare records

Raw genomics sequence data

Long-term database backups

Data that must be retained for regulatory compliance

42copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Glacier

Long term low-cost archiving service

Optimal for infrequently accessed data

Designed for 99999999999 durability

3-5 hours retrieval time

Less than $001 per GB month (depending on region)

43copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 + Amazon Glacier

S3 Lifecycle policies allow you to delete or move

objects based on age and set rules per S3 bucket

bucket with

objects

30 Days

Glacier

archive

365 Days

44copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Region Considerations

Amazon S3 creates a bucket in the region you

select

You can choose a region to

Optimize latency

Minimize costs

Address regulatory requirements

Objects stored in a region never leave the region

unless you explicitly transfer them to another

region

45copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Storage Classes

Storage Class Durability Availability Other Considerations

Amazon S3

Standard

99999999999 9999 None

Amazon S3

Standard -

Infrequent

Access (IA)

99999999999 9999 bull Retrieval fee associated

with objects

bull Most suitable for

infrequently accessed

data

Glacier 99999999999 9999 (after you

restore objects)

bull Not available for real-time

access

bull Must restore objects

before you can access

them

46copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Elastic Block Store (EBS)

Persistent block level storage volumes

offering consistent and low-latency performance

Automatically replicated within its Availability

Zone

Snapshots stored durably in Amazon S3 Amazon

EBS

47copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS Lifecycle

Vast amounts of

unused space Create

Call CreateVolume

1 GB to 16 TB

Attach

Call AttachVolume to affiliate with

one Amazon EC2 instance

Attached

and

In Use

bull Format from Amazon EC2

instance OS

bull Mount formatted drive

CreateSnapshotSnapshot to

Amazon S3Detach

Call DetachVolume

Deleted

Call DeleteVolume

48copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS Facts

You can create

EBS Magnetic volumes from 1 GiB to 1 TiB in size

EBS General Purpose (SSD) and Provisioned IOPS (SSD)

volumes up to 16 TiB in size

You can use encrypted EBS volumes to meet a wide

range of data at-rest encryption requirements for

regulatedaudited data and applications

You can create point-in-time snapshots of EBS volumes

which are persisted to Amazon S3

49copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS and Amazon S3

Amazon EBS Amazon S3

Paradigm Block storage with file system Object store

Performance Very fast Fast

Redundancy Across multiple servers in an

Availability Zone

Across multiple facilities in a Region

Security EBS Encryption ndash Data volumes

and Snapshots

Encryption

Access from the

Internet

No (1) Yes (2)

Typical use case It is a disk drive Online storage

(1) Accessible from the Internet if mounted to server and set up as FTP etc

(2) Only with proper credentials unless ACLs are world-readable

50copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Instance Storage

Local complimentary direct attached block storage resource

Availability number of disks and size is based on EC2

instance type

Storage optimized instances for up to 365000 Read IOPS

and 315000 First Write IOPS

SSD or magnetic

No persistence

All data is automatically deleted when an EC2 instance stops

fails or is terminated

51copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Reboot vs Stop vs Terminate

Characteristic Reboot StopStart (EBS-backed instances only)

Terminate

Host computer The instance stays on the

same host computer

The instance runs on a new

host computer

NA

Private and public

IP addresses

Stay the same Instance keeps its private IP

address and gets a new public

IP address

NA

Elastic IP addresses

(EIP)

EIP remains associated with

the instance

EIP remains associated with the

instance

The EIP is disassociated from the

instance

Instance store

volumes

The data is preserved The data is erased The data is erased

EBS volume The volume is preserved The volume is preserved The volume is deleted by default

Billing Instance billing hour doesnrsquot

change

You stop incurring charges as

soon as state is changed to

stopping

You stop incurring charges as

soon as state is changed to

shutting-down

52copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instructor Demo

Amazon S3

53copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Networking

Amazon VPC

54copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

Provision a private isolated virtual network

on the AWS cloud

Have complete control over your virtual

networking environmentAmazon

VPC

55copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

VPCs and Subnets

A subnet defines a range of IP addresses in your VPC

You can launch AWS resources into a subnet that you select

A private subnet should be used for resources that wonrsquot be accessible over the Internet

A public subnet should be used for resources that will be accessed over the Internet

Each subnet must reside entirely within one Availability Zone and cannot span zones

56copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon VPC Example

Availability Zone A

Virtual Private Cloud

AWS Cloud

Public Subnet

Internet

Virtual Private Cloud

Availability Zone B

Private Subnet

Availability Zone C

VPN Only Subnet

DB Server DB Server

App Server

DB Server DB Server

DB Server

Web Server Web Server

NAT

Customer

Network

R

57copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security in Your VPC

Security groups

Network access

control lists

(ACLs) Subnet

1000024Subnet

1001024

Internet GatewayVPN Gateway

VPC Router

1000016

Security Group Security

Group

Security

Group

Network ACL Network ACL

Routing Table Routing Table

instance instance instance instance

58copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answers

Q What AWS service would help support your web application to offload serving static assets and store user uploaded images and video off-instance

Q How would you find out the private and public IP addresses for an EC2 instance

Q What acts as an additional layer of security at the subnet level in a VPC

True or False S3 Provides unlimited storageTrue

Retrieve the instance metadata http169254169254latestmeta-data

Amazon S3

Network ACLs

59copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 3

Security Identity and Access

Management

60copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Shared Responsibility ndash AWS

AW

S

Client-side Data Encryption

and Data Integrity

Authentication

Server-side Encryption

(File System andor Data)Network Traffic Protection

(EncryptionIntegrityIdentity)

Platform Applications Identity and Access Management

Operating System Network and Firewall Configuration

Customer DataC

usto

mer

Foundation Services

Compute Storage Database Network

AWS Global

Infrastructure Regions

Availability Zones Edge

Locations

61copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Physical Security

247 trained security staff

AWS data centers in nondescript and undisclosed facilities

Two-factor authentication for authorized staff

Authorization for data center access

62copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Hardware Software and Network

Automated change-control process

Bastion servers that record all access attempts

Firewall and other boundary devices

AWS monitoring tools

63copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Certifications and Accreditations

ISO 9001 ISO 27001 ISO 27017 ISO 27018 IRAP (Australia) MLPS Level 3 (China)

MTCS Tier 3 Certification (Singapore) and more hellip

64copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SSL Endpoints

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

SSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

SSL Endpoints

65copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security Groups

SSL Endpoints Security Groups

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

66copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

VPCSSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

67copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Multi-Tier Security Groups

HTTP

SSHRDP

Ports 80 and 443 only

open to the Internet

Engineering staff have SSHRDP

access to Bastion Host

All other internet ports blocked by default

Bastion

68copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Identity and Access Management (IAM)

AWS IAM

3

Manage federated users

and their permissions

2

Manage AWS IAM roles

and their permissions

1

Manage AWS IAM users

and their access

69copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Authentication

AWS Management Console User Name and Password

IAM User

70copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Access Key ID AKIAIOSFODNN7EXAMPLE

Secret Access Key wJalrXUtnFEMIK7MDENGbPxRfiCYEXAMPLEKEY

Java Python NET

AWS SDK amp APIAWS CLI

Authentication

AWS CLI or SDK API Access Key and Secret Key

IAM User

71copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM User Management - Groups

User D

DevOps Group

User C

AWS Account

TestDev Group

User BUser A

72copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authorization

Authorization

Policies

Are JSON documents to

describe permissions

Are assigned to Users

Groups or Roles

IAM User IAM Group

IAM Roles

73copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Elements

Version 2012-10-17

Statement [

Sid Stmt1453690971587

Action [

ec2Describe

ec2StartInstances

ec2StopInstancesrdquo

]

Effect Allow

Resource

Condition

IpAddress

awsSourceIp 5464346532rdquo

Sid Stmt1453690998327

Action [

s3GetObjectrdquo

]

Effect Allow

Resource arnawss3example_bucketrdquo

]

IAM Policy

74copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

Assigned Assigned

IAM Policy

75copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

76copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Roles

An IAM role uses a policy

An IAM role has no associated credentials

IAM users applications and services may assume IAM

roles

IAM Roles

77copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

IAM User

Assumed Assumed

AWS Resources

78copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Access to AWS Resources

Python application hosted on an Amazon EC2 Instance

needs to interact with Amazon S3

AWS credentials are required

Option 1 Store AWS Credentials on the Amazon EC2 instance

Option 2 Securely distribute AWS credentials to AWS Services

and Applications

IAM Roles

79copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Authentication

AWS IAM Application

No Support No Support

OS

80copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication and Authorization

Authentication

AWS Management Console

bull User Name and Password

AWS CLI or SDK API

bull Access Key and Secret Key

Authorization

Policies

IAM User IAM Group

IAM Roles

81copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices

Delete AWS account (root) access keys

Create individual IAM users

Use groups to assign permissions to IAM users

Grant least privilege

Configure a strong password policy

Enable MFA for privileged users

82copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices (cont)

Use roles for applications that run on Amazon EC2

instances

Delegate by using roles instead of by sharing credentials

Rotate credentials regularly

Remove unnecessary users and credentials

Use policy conditions for extra security

Monitor activity in your AWS account

83copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Resource-Based Policies

Are an alternative to IAM and supported by some

services

Grant cross-account access to your resources

Use a principal to uniquely identify account in the policy

Supported AWS services include Amazon S3 Bucket Policy

Amazon SNS Topic Policy

Amazon SQS Queue Policy

Amazon Glacier Vault Policy

AWS OpsWorks Stack Policy

AWS Lambda Function Policy

84copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answer

Q Your web application needs to readwrite an Amazon DynamoDB table

and an Amazon S3 bucket This operation requires AWS credentials and

authorization to use AWS services What service would you use

AWS IAM Role

85copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 4

Databases

86copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SQL and NoSQL Databases

SQL NoSQL

Data Storage Rows and Columns Key-Value

Schemas Fixed Dynamic

Querying Using SQL Focused on collection of

documents

Scalability Vertical Horizontal

ISBN Title Author Format

9182932465265 Cloud Computing

Concepts

Wilson

Joe

Paperback

3142536475869 The Database

Guru

Gomez

Maria

eBook

SQL NoSQL

ISBN 9182932465265

Title ldquoCloud Computing Conceptsrdquo

Author ldquoWilson Joerdquo

Format ldquoPaperbackrdquo

87copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Data Storage Considerations

No one size fits all

Analyze your data requirements by considering

Data formats

Data size

Query frequency

Data access speed

Data retention period

88copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Managed Database Services

Compute Storage

AWS Global Infrastructure

Database

App Services

Deployment and Administration

Networking

Amazon DynamoDB

Amazon ElastiCache

Amazon RDS

Amazon Redshift

AWS Database Migration Service

89copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Relational Database Service (RDS)

Cost-efficient and resizable capacity

Manages time-consuming database

administration tasks

Access to the full capabilities of Amazon

Aurora MySQL MariaDB Microsoft SQL

Server Oracle and PostgreSQL databases

Amazon

RDS

90copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Use Case

We were able to go from

concept to delivered product

in about six months with just

a handful of engineers

Greg Scallan

Chief Architect Flipboard

rdquo

ldquoFlipboard is an online magazine

with millions of users and billions of

ldquoflipsrdquo per month

Flipboard is one of the worldrsquos first

social media magazines

Flipboard uses Amazon RDS and

its Multi-AZ capabilities to store

mission critical user data

91copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS

Simple and fast to deploy

Manages common database administrative tasks

Compatible with your applications

Fast predictable performance

Simple and fast to scale

Secure

Cost-effective

92copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

How Amazon RDS Backups Work

Automatic Backups

Restore your database to a

point in time

Are enabled by default

Let you choose a retention

period up to 35 days

Manual Snapshots

Let you build a new

database instance from a

snapshot

Are initiated by the user

Persist until the user deletes

them

Are stored in Amazon S3

93copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cross-Region Snapshots

Are a copy of a database

snapshot stored in a

different AWS Region

Provide a backup for

disaster recovery

Can be used as a base

for migration to a

different region

94copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Security

Run your DB instance in an Amazon VPC

Use IAM policies to grant access to Amazon RDS resources

Use security groups

Use Secure Socket Layer (SSL) connections with DB instances (Amazon Aurora Oracle MySQL MariaDB PostgreSQL Microsoft SQL Server)

Use Amazon RDS encryption to secure your RDS instances and snapshots at rest

Use network encryption and transparent data encryption (TDE) with Oracle DB and Microsoft SQL Server instances

Use the security features of your DB engine to control access to your DB instance

95copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

A Resilient Durable Application Architecture

Amazon RDS database

instances

Master and Multi-AZ standby

Application in Amazon

EC2 instances

Elastic Load Balancing

load balancer instance

DB snapshots in

Amazon S3

96copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Best Practices

Monitor your memory CPU and storage usage

Use Multi-AZ deployments to automatically provision and maintain a synchronous standby in a different Availability Zone

Enable automatic backups

Set the backup window to occur during the daily low in WriteIOPS

To increase the IO capacity of a DB instance Migrate to a DB instance class with high IO capacity

Convert from standard storage to provisioned IOPS storage and use a DB instance class optimized for provisioned IOPS

Provision additional throughput capacity (if using provisioned IOPS storage)

If your client application is caching the DNS data of your DB instances set a TTL of less than 30 seconds

Test failover for your DB instance

97copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon DynamoDB

Store any amount of data with no limits

Fast predictable performance using SSDs

Easily provision and change the request

capacity needed for each table

Fully managed NoSQL database serviceAmazon

DynamoDB

98copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Use Case

AdRoll an online advertising platform serves 50

billion impressions a day worldwide with its

global retargeting platforms

We spend more on snacks

than we do on Amazon

DynamoDB

Valentino Volonghi

CTO Adroll

rdquo

ldquoAdroll Uses AWS to grow by more than

15000 in a year

Needed high-performance flexible

platform to swiftly sync data for

worldwide audience

Processes 50 TB of data a day

Serves 50 billion impressions a day

Stores 15 PB of data

Worldwide deployment minimizes

latency

99copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Data Model

Table

MusicItems

Attributes (name-value pairs)

Artist Song

Title

Album

Title

Year Genre

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 21: AWSome Day Cork | Technical Track

21copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Facts

Scale capacity as your computing requirements change

Pay only for capacity that you actually use

Choose Linux or Windows

Deploy across AWS Regions and Availability Zones for reliability

22copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launching an Amazon EC2 Instance via the Web

Console

1 Determine the AWS Region in which you want to launch the

Amazon EC2 instance

2 Launch an Amazon EC2 instance from a pre-configured

Amazon Machine Image (AMI)

3 Choose an instance type based on CPU memory storage

and network requirements

4 Configure network IP address security groups storage

volume tags and key pair

23copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AMI Details

An AMI includes the following

A template for the root volume for the instance (for

example an operating system an application server

and applications)

Launch permissions that control which AWS accounts

can use the AMI to launch instances

A block device mapping that specifies the volumes to

attach to the instance when its launched

24copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instances and AMIs

Select an AMI based on

Region

Operating system

Architecture (32-bit or 64-bit)

Launch permissions

Storage for the root deviceAMI

Instances

Instance

Launch

instances of any

type

Host computer

Host computer

25copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Instances

OS Applications

amp Configuration

AMI

Running or

Stopped VM

Instances

AZ

VPC

Region

EBS

S3

EBS

SnapshotsS3 Buckets

EBS EBS EBS EBS EBS

AZ

Instances Instances

26copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS vs Amazon EC2 Instance Store

Amazon EBS

Data stored on an Amazon EBS volume can persist

independently of the life of the instance

Storage is persistent

Amazon EC2 Instance Store

Data stored on a local instance store persists only as long as the

instance is alive

Storage is ephemeral

27copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Marketplace ndash IT Software Optimized for the

Cloud

AWS Marketplace

Is an online store to discover purchase and deploy IT software on top of the AWS infrastructure

Catalog of 2300+ IT software solutionsbull Including Paid BYOL Open Source SaaS amp free to try options

Pre-configured to operate on AWSbull Software checked by AWS for security and operability

Deploys to AWS environment in minutes

Flexible usage-based billing models

Software charges billed to AWS account

Includes AWS Test Drive

httpsawsamazoncommarketplace

28copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Choosing the Right Amazon EC2 Instance

EC2 instance types are optimized for different use cases and come

in multiple sizes This allows you to optimally scale resources to

your workload requirements

AWS uses Intelreg Xeonreg processors for EC2 instances providing

customers with high performance and value

Consider the following when choosing your instances Core count

memory size storage size and type network performance and

CPU technologies

Hurry Up and Go Idle - A larger compute instance can save you time

and money therefore paying more per hour for a shorter amount of

time can be less expensive

29copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Intelreg Processor Technologies

Intelreg AVX ndash Get dramatically better performance for highly parallel HPC workloads such as life science engineering data mining financial analysis or other technical computing applications AVX also enhances image video and audio processing

Intelreg AES-NI ndash Enhance your security with these new encryption instructions that reduce the performance penalty associated with encryptingdecrypting data

Intelreg Turbo Boost Technology ndash Get more computing power when you need it with performance that adapts to spikes in your workload with Intelreg Turbo Boost Technology 20

30copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Current Generation Instances

Instance Family Some Use Cases

General purpose (t2 m4 m3) bull Low-traffic websites and web applications

bull Small databases and mid-size databases

Compute optimized (c4 c3) bull High performance front-end fleets

bull Video-encoding

Memory optimized (r3) bull High performance databases

bull Distributed memory caches

Storage optimized (i2 d2) bull Data warehousing

bull Log or data-processing applications

GPU instances (g2) bull 3D application streaming

bull Machine learning

31copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instance Metadata amp User Data

Instance Metadata

Is data about your instance

Can be used to configure or manage a running instance

Instance User Data

Can be passed to the instance at launch

Can be used to perform common automated configuration tasks

Runs scripts after the instance starts

32copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Purchasing Options

On-Demand Instances

Pay by the hour

Reserved Instances

Purchase at significant discount

Instances are always available

1-year to 3-year terms

Scheduled Instances

Purchase a 1-year RI for a

recurring period of time

Spot Instances

Highest bidder uses instance at a

significant discount

Spot blocks supported

Dedicated Hosts

Physical host is fully dedicated to

run your instances Bring your per-socket per-core or per-

VM software licenses to reduce

cost

33copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instructor Demo

Amazon EC2

34copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Simple Storage Service (S3)

Amazon S3

Storage for the Internet

Natively online HTTP access

Store and retrieve any amount of data any

time from anywhere on the web

Highly scalable reliable fast and durable

35copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Facts

Able to store an unlimited number of objects in a bucket

Objects up to 5 TB no bucket size limit

Designed for 99999999999 durability and 9999 availability of

objects over a given year

HTTPS endpoint to store and retrieve any amount of data at any

time from anywhere on the web

Highly scalable reliable fast and inexpensive

Optional server-side encryption using AWS or customer-

managed provided client-side encryption

Access logs for auditing

Provides standards-based REST and SOAP interfaces

36copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Common Use Scenarios

Storage and Backup

Application File Hosting

Media Hosting

Software Delivery

Store AMIs and Snapshots

37copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Concepts

Amazon S3 stores data as objects

within buckets

An object is composed of a file and

optionally any metadata that

describes that file

You can have up to 100 buckets in

each account

You can control access to the

bucket and its objects

Amazon

S3

Bucket

with

Objects

Bucket

Object

38copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Object Keys

An object key is the unique identifier for an object in a

bucket

httpdocs3amazonawscom2006-03-01AmazonS3html

Bucket ObjectKey

39copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Security

You can control access to buckets and objects with

Access Control Lists (ACLs)

Bucket policies

Identity and Access Management (IAM) policies

You can upload or download data to Amazon S3 via SSL

encrypted endpoints

You can encrypt data using AWS SDKs

40copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Versioning

Protects from accidental overwrites and deletes with

no performance penalty

Generates a new version with every upload

Allows easily retrieval of deleted objects or roll back

to previous versions

Three states of an Amazon S3 bucket

Un-versioned (default)

Versioning-enabled

Versioning-suspendedVersioning Enabled

Key photogif

ID 121212

Key photogif

ID 111111

41copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Object Lifecycle

Lifecycle management defines how Amazon S3 manages

objects during their lifetime Some objects that you store in an

Amazon S3 bucket might have a well-defined lifecycle

Log files

Archive documents

Digital media archives

Financial and healthcare records

Raw genomics sequence data

Long-term database backups

Data that must be retained for regulatory compliance

42copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Glacier

Long term low-cost archiving service

Optimal for infrequently accessed data

Designed for 99999999999 durability

3-5 hours retrieval time

Less than $001 per GB month (depending on region)

43copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 + Amazon Glacier

S3 Lifecycle policies allow you to delete or move

objects based on age and set rules per S3 bucket

bucket with

objects

30 Days

Glacier

archive

365 Days

44copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Region Considerations

Amazon S3 creates a bucket in the region you

select

You can choose a region to

Optimize latency

Minimize costs

Address regulatory requirements

Objects stored in a region never leave the region

unless you explicitly transfer them to another

region

45copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Storage Classes

Storage Class Durability Availability Other Considerations

Amazon S3

Standard

99999999999 9999 None

Amazon S3

Standard -

Infrequent

Access (IA)

99999999999 9999 bull Retrieval fee associated

with objects

bull Most suitable for

infrequently accessed

data

Glacier 99999999999 9999 (after you

restore objects)

bull Not available for real-time

access

bull Must restore objects

before you can access

them

46copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Elastic Block Store (EBS)

Persistent block level storage volumes

offering consistent and low-latency performance

Automatically replicated within its Availability

Zone

Snapshots stored durably in Amazon S3 Amazon

EBS

47copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS Lifecycle

Vast amounts of

unused space Create

Call CreateVolume

1 GB to 16 TB

Attach

Call AttachVolume to affiliate with

one Amazon EC2 instance

Attached

and

In Use

bull Format from Amazon EC2

instance OS

bull Mount formatted drive

CreateSnapshotSnapshot to

Amazon S3Detach

Call DetachVolume

Deleted

Call DeleteVolume

48copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS Facts

You can create

EBS Magnetic volumes from 1 GiB to 1 TiB in size

EBS General Purpose (SSD) and Provisioned IOPS (SSD)

volumes up to 16 TiB in size

You can use encrypted EBS volumes to meet a wide

range of data at-rest encryption requirements for

regulatedaudited data and applications

You can create point-in-time snapshots of EBS volumes

which are persisted to Amazon S3

49copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS and Amazon S3

Amazon EBS Amazon S3

Paradigm Block storage with file system Object store

Performance Very fast Fast

Redundancy Across multiple servers in an

Availability Zone

Across multiple facilities in a Region

Security EBS Encryption ndash Data volumes

and Snapshots

Encryption

Access from the

Internet

No (1) Yes (2)

Typical use case It is a disk drive Online storage

(1) Accessible from the Internet if mounted to server and set up as FTP etc

(2) Only with proper credentials unless ACLs are world-readable

50copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Instance Storage

Local complimentary direct attached block storage resource

Availability number of disks and size is based on EC2

instance type

Storage optimized instances for up to 365000 Read IOPS

and 315000 First Write IOPS

SSD or magnetic

No persistence

All data is automatically deleted when an EC2 instance stops

fails or is terminated

51copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Reboot vs Stop vs Terminate

Characteristic Reboot StopStart (EBS-backed instances only)

Terminate

Host computer The instance stays on the

same host computer

The instance runs on a new

host computer

NA

Private and public

IP addresses

Stay the same Instance keeps its private IP

address and gets a new public

IP address

NA

Elastic IP addresses

(EIP)

EIP remains associated with

the instance

EIP remains associated with the

instance

The EIP is disassociated from the

instance

Instance store

volumes

The data is preserved The data is erased The data is erased

EBS volume The volume is preserved The volume is preserved The volume is deleted by default

Billing Instance billing hour doesnrsquot

change

You stop incurring charges as

soon as state is changed to

stopping

You stop incurring charges as

soon as state is changed to

shutting-down

52copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instructor Demo

Amazon S3

53copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Networking

Amazon VPC

54copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

Provision a private isolated virtual network

on the AWS cloud

Have complete control over your virtual

networking environmentAmazon

VPC

55copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

VPCs and Subnets

A subnet defines a range of IP addresses in your VPC

You can launch AWS resources into a subnet that you select

A private subnet should be used for resources that wonrsquot be accessible over the Internet

A public subnet should be used for resources that will be accessed over the Internet

Each subnet must reside entirely within one Availability Zone and cannot span zones

56copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon VPC Example

Availability Zone A

Virtual Private Cloud

AWS Cloud

Public Subnet

Internet

Virtual Private Cloud

Availability Zone B

Private Subnet

Availability Zone C

VPN Only Subnet

DB Server DB Server

App Server

DB Server DB Server

DB Server

Web Server Web Server

NAT

Customer

Network

R

57copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security in Your VPC

Security groups

Network access

control lists

(ACLs) Subnet

1000024Subnet

1001024

Internet GatewayVPN Gateway

VPC Router

1000016

Security Group Security

Group

Security

Group

Network ACL Network ACL

Routing Table Routing Table

instance instance instance instance

58copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answers

Q What AWS service would help support your web application to offload serving static assets and store user uploaded images and video off-instance

Q How would you find out the private and public IP addresses for an EC2 instance

Q What acts as an additional layer of security at the subnet level in a VPC

True or False S3 Provides unlimited storageTrue

Retrieve the instance metadata http169254169254latestmeta-data

Amazon S3

Network ACLs

59copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 3

Security Identity and Access

Management

60copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Shared Responsibility ndash AWS

AW

S

Client-side Data Encryption

and Data Integrity

Authentication

Server-side Encryption

(File System andor Data)Network Traffic Protection

(EncryptionIntegrityIdentity)

Platform Applications Identity and Access Management

Operating System Network and Firewall Configuration

Customer DataC

usto

mer

Foundation Services

Compute Storage Database Network

AWS Global

Infrastructure Regions

Availability Zones Edge

Locations

61copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Physical Security

247 trained security staff

AWS data centers in nondescript and undisclosed facilities

Two-factor authentication for authorized staff

Authorization for data center access

62copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Hardware Software and Network

Automated change-control process

Bastion servers that record all access attempts

Firewall and other boundary devices

AWS monitoring tools

63copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Certifications and Accreditations

ISO 9001 ISO 27001 ISO 27017 ISO 27018 IRAP (Australia) MLPS Level 3 (China)

MTCS Tier 3 Certification (Singapore) and more hellip

64copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SSL Endpoints

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

SSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

SSL Endpoints

65copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security Groups

SSL Endpoints Security Groups

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

66copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

VPCSSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

67copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Multi-Tier Security Groups

HTTP

SSHRDP

Ports 80 and 443 only

open to the Internet

Engineering staff have SSHRDP

access to Bastion Host

All other internet ports blocked by default

Bastion

68copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Identity and Access Management (IAM)

AWS IAM

3

Manage federated users

and their permissions

2

Manage AWS IAM roles

and their permissions

1

Manage AWS IAM users

and their access

69copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Authentication

AWS Management Console User Name and Password

IAM User

70copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Access Key ID AKIAIOSFODNN7EXAMPLE

Secret Access Key wJalrXUtnFEMIK7MDENGbPxRfiCYEXAMPLEKEY

Java Python NET

AWS SDK amp APIAWS CLI

Authentication

AWS CLI or SDK API Access Key and Secret Key

IAM User

71copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM User Management - Groups

User D

DevOps Group

User C

AWS Account

TestDev Group

User BUser A

72copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authorization

Authorization

Policies

Are JSON documents to

describe permissions

Are assigned to Users

Groups or Roles

IAM User IAM Group

IAM Roles

73copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Elements

Version 2012-10-17

Statement [

Sid Stmt1453690971587

Action [

ec2Describe

ec2StartInstances

ec2StopInstancesrdquo

]

Effect Allow

Resource

Condition

IpAddress

awsSourceIp 5464346532rdquo

Sid Stmt1453690998327

Action [

s3GetObjectrdquo

]

Effect Allow

Resource arnawss3example_bucketrdquo

]

IAM Policy

74copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

Assigned Assigned

IAM Policy

75copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

76copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Roles

An IAM role uses a policy

An IAM role has no associated credentials

IAM users applications and services may assume IAM

roles

IAM Roles

77copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

IAM User

Assumed Assumed

AWS Resources

78copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Access to AWS Resources

Python application hosted on an Amazon EC2 Instance

needs to interact with Amazon S3

AWS credentials are required

Option 1 Store AWS Credentials on the Amazon EC2 instance

Option 2 Securely distribute AWS credentials to AWS Services

and Applications

IAM Roles

79copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Authentication

AWS IAM Application

No Support No Support

OS

80copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication and Authorization

Authentication

AWS Management Console

bull User Name and Password

AWS CLI or SDK API

bull Access Key and Secret Key

Authorization

Policies

IAM User IAM Group

IAM Roles

81copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices

Delete AWS account (root) access keys

Create individual IAM users

Use groups to assign permissions to IAM users

Grant least privilege

Configure a strong password policy

Enable MFA for privileged users

82copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices (cont)

Use roles for applications that run on Amazon EC2

instances

Delegate by using roles instead of by sharing credentials

Rotate credentials regularly

Remove unnecessary users and credentials

Use policy conditions for extra security

Monitor activity in your AWS account

83copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Resource-Based Policies

Are an alternative to IAM and supported by some

services

Grant cross-account access to your resources

Use a principal to uniquely identify account in the policy

Supported AWS services include Amazon S3 Bucket Policy

Amazon SNS Topic Policy

Amazon SQS Queue Policy

Amazon Glacier Vault Policy

AWS OpsWorks Stack Policy

AWS Lambda Function Policy

84copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answer

Q Your web application needs to readwrite an Amazon DynamoDB table

and an Amazon S3 bucket This operation requires AWS credentials and

authorization to use AWS services What service would you use

AWS IAM Role

85copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 4

Databases

86copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SQL and NoSQL Databases

SQL NoSQL

Data Storage Rows and Columns Key-Value

Schemas Fixed Dynamic

Querying Using SQL Focused on collection of

documents

Scalability Vertical Horizontal

ISBN Title Author Format

9182932465265 Cloud Computing

Concepts

Wilson

Joe

Paperback

3142536475869 The Database

Guru

Gomez

Maria

eBook

SQL NoSQL

ISBN 9182932465265

Title ldquoCloud Computing Conceptsrdquo

Author ldquoWilson Joerdquo

Format ldquoPaperbackrdquo

87copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Data Storage Considerations

No one size fits all

Analyze your data requirements by considering

Data formats

Data size

Query frequency

Data access speed

Data retention period

88copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Managed Database Services

Compute Storage

AWS Global Infrastructure

Database

App Services

Deployment and Administration

Networking

Amazon DynamoDB

Amazon ElastiCache

Amazon RDS

Amazon Redshift

AWS Database Migration Service

89copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Relational Database Service (RDS)

Cost-efficient and resizable capacity

Manages time-consuming database

administration tasks

Access to the full capabilities of Amazon

Aurora MySQL MariaDB Microsoft SQL

Server Oracle and PostgreSQL databases

Amazon

RDS

90copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Use Case

We were able to go from

concept to delivered product

in about six months with just

a handful of engineers

Greg Scallan

Chief Architect Flipboard

rdquo

ldquoFlipboard is an online magazine

with millions of users and billions of

ldquoflipsrdquo per month

Flipboard is one of the worldrsquos first

social media magazines

Flipboard uses Amazon RDS and

its Multi-AZ capabilities to store

mission critical user data

91copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS

Simple and fast to deploy

Manages common database administrative tasks

Compatible with your applications

Fast predictable performance

Simple and fast to scale

Secure

Cost-effective

92copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

How Amazon RDS Backups Work

Automatic Backups

Restore your database to a

point in time

Are enabled by default

Let you choose a retention

period up to 35 days

Manual Snapshots

Let you build a new

database instance from a

snapshot

Are initiated by the user

Persist until the user deletes

them

Are stored in Amazon S3

93copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cross-Region Snapshots

Are a copy of a database

snapshot stored in a

different AWS Region

Provide a backup for

disaster recovery

Can be used as a base

for migration to a

different region

94copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Security

Run your DB instance in an Amazon VPC

Use IAM policies to grant access to Amazon RDS resources

Use security groups

Use Secure Socket Layer (SSL) connections with DB instances (Amazon Aurora Oracle MySQL MariaDB PostgreSQL Microsoft SQL Server)

Use Amazon RDS encryption to secure your RDS instances and snapshots at rest

Use network encryption and transparent data encryption (TDE) with Oracle DB and Microsoft SQL Server instances

Use the security features of your DB engine to control access to your DB instance

95copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

A Resilient Durable Application Architecture

Amazon RDS database

instances

Master and Multi-AZ standby

Application in Amazon

EC2 instances

Elastic Load Balancing

load balancer instance

DB snapshots in

Amazon S3

96copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Best Practices

Monitor your memory CPU and storage usage

Use Multi-AZ deployments to automatically provision and maintain a synchronous standby in a different Availability Zone

Enable automatic backups

Set the backup window to occur during the daily low in WriteIOPS

To increase the IO capacity of a DB instance Migrate to a DB instance class with high IO capacity

Convert from standard storage to provisioned IOPS storage and use a DB instance class optimized for provisioned IOPS

Provision additional throughput capacity (if using provisioned IOPS storage)

If your client application is caching the DNS data of your DB instances set a TTL of less than 30 seconds

Test failover for your DB instance

97copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon DynamoDB

Store any amount of data with no limits

Fast predictable performance using SSDs

Easily provision and change the request

capacity needed for each table

Fully managed NoSQL database serviceAmazon

DynamoDB

98copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Use Case

AdRoll an online advertising platform serves 50

billion impressions a day worldwide with its

global retargeting platforms

We spend more on snacks

than we do on Amazon

DynamoDB

Valentino Volonghi

CTO Adroll

rdquo

ldquoAdroll Uses AWS to grow by more than

15000 in a year

Needed high-performance flexible

platform to swiftly sync data for

worldwide audience

Processes 50 TB of data a day

Serves 50 billion impressions a day

Stores 15 PB of data

Worldwide deployment minimizes

latency

99copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Data Model

Table

MusicItems

Attributes (name-value pairs)

Artist Song

Title

Album

Title

Year Genre

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 22: AWSome Day Cork | Technical Track

22copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launching an Amazon EC2 Instance via the Web

Console

1 Determine the AWS Region in which you want to launch the

Amazon EC2 instance

2 Launch an Amazon EC2 instance from a pre-configured

Amazon Machine Image (AMI)

3 Choose an instance type based on CPU memory storage

and network requirements

4 Configure network IP address security groups storage

volume tags and key pair

23copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AMI Details

An AMI includes the following

A template for the root volume for the instance (for

example an operating system an application server

and applications)

Launch permissions that control which AWS accounts

can use the AMI to launch instances

A block device mapping that specifies the volumes to

attach to the instance when its launched

24copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instances and AMIs

Select an AMI based on

Region

Operating system

Architecture (32-bit or 64-bit)

Launch permissions

Storage for the root deviceAMI

Instances

Instance

Launch

instances of any

type

Host computer

Host computer

25copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Instances

OS Applications

amp Configuration

AMI

Running or

Stopped VM

Instances

AZ

VPC

Region

EBS

S3

EBS

SnapshotsS3 Buckets

EBS EBS EBS EBS EBS

AZ

Instances Instances

26copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS vs Amazon EC2 Instance Store

Amazon EBS

Data stored on an Amazon EBS volume can persist

independently of the life of the instance

Storage is persistent

Amazon EC2 Instance Store

Data stored on a local instance store persists only as long as the

instance is alive

Storage is ephemeral

27copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Marketplace ndash IT Software Optimized for the

Cloud

AWS Marketplace

Is an online store to discover purchase and deploy IT software on top of the AWS infrastructure

Catalog of 2300+ IT software solutionsbull Including Paid BYOL Open Source SaaS amp free to try options

Pre-configured to operate on AWSbull Software checked by AWS for security and operability

Deploys to AWS environment in minutes

Flexible usage-based billing models

Software charges billed to AWS account

Includes AWS Test Drive

httpsawsamazoncommarketplace

28copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Choosing the Right Amazon EC2 Instance

EC2 instance types are optimized for different use cases and come

in multiple sizes This allows you to optimally scale resources to

your workload requirements

AWS uses Intelreg Xeonreg processors for EC2 instances providing

customers with high performance and value

Consider the following when choosing your instances Core count

memory size storage size and type network performance and

CPU technologies

Hurry Up and Go Idle - A larger compute instance can save you time

and money therefore paying more per hour for a shorter amount of

time can be less expensive

29copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Intelreg Processor Technologies

Intelreg AVX ndash Get dramatically better performance for highly parallel HPC workloads such as life science engineering data mining financial analysis or other technical computing applications AVX also enhances image video and audio processing

Intelreg AES-NI ndash Enhance your security with these new encryption instructions that reduce the performance penalty associated with encryptingdecrypting data

Intelreg Turbo Boost Technology ndash Get more computing power when you need it with performance that adapts to spikes in your workload with Intelreg Turbo Boost Technology 20

30copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Current Generation Instances

Instance Family Some Use Cases

General purpose (t2 m4 m3) bull Low-traffic websites and web applications

bull Small databases and mid-size databases

Compute optimized (c4 c3) bull High performance front-end fleets

bull Video-encoding

Memory optimized (r3) bull High performance databases

bull Distributed memory caches

Storage optimized (i2 d2) bull Data warehousing

bull Log or data-processing applications

GPU instances (g2) bull 3D application streaming

bull Machine learning

31copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instance Metadata amp User Data

Instance Metadata

Is data about your instance

Can be used to configure or manage a running instance

Instance User Data

Can be passed to the instance at launch

Can be used to perform common automated configuration tasks

Runs scripts after the instance starts

32copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Purchasing Options

On-Demand Instances

Pay by the hour

Reserved Instances

Purchase at significant discount

Instances are always available

1-year to 3-year terms

Scheduled Instances

Purchase a 1-year RI for a

recurring period of time

Spot Instances

Highest bidder uses instance at a

significant discount

Spot blocks supported

Dedicated Hosts

Physical host is fully dedicated to

run your instances Bring your per-socket per-core or per-

VM software licenses to reduce

cost

33copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instructor Demo

Amazon EC2

34copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Simple Storage Service (S3)

Amazon S3

Storage for the Internet

Natively online HTTP access

Store and retrieve any amount of data any

time from anywhere on the web

Highly scalable reliable fast and durable

35copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Facts

Able to store an unlimited number of objects in a bucket

Objects up to 5 TB no bucket size limit

Designed for 99999999999 durability and 9999 availability of

objects over a given year

HTTPS endpoint to store and retrieve any amount of data at any

time from anywhere on the web

Highly scalable reliable fast and inexpensive

Optional server-side encryption using AWS or customer-

managed provided client-side encryption

Access logs for auditing

Provides standards-based REST and SOAP interfaces

36copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Common Use Scenarios

Storage and Backup

Application File Hosting

Media Hosting

Software Delivery

Store AMIs and Snapshots

37copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Concepts

Amazon S3 stores data as objects

within buckets

An object is composed of a file and

optionally any metadata that

describes that file

You can have up to 100 buckets in

each account

You can control access to the

bucket and its objects

Amazon

S3

Bucket

with

Objects

Bucket

Object

38copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Object Keys

An object key is the unique identifier for an object in a

bucket

httpdocs3amazonawscom2006-03-01AmazonS3html

Bucket ObjectKey

39copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Security

You can control access to buckets and objects with

Access Control Lists (ACLs)

Bucket policies

Identity and Access Management (IAM) policies

You can upload or download data to Amazon S3 via SSL

encrypted endpoints

You can encrypt data using AWS SDKs

40copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Versioning

Protects from accidental overwrites and deletes with

no performance penalty

Generates a new version with every upload

Allows easily retrieval of deleted objects or roll back

to previous versions

Three states of an Amazon S3 bucket

Un-versioned (default)

Versioning-enabled

Versioning-suspendedVersioning Enabled

Key photogif

ID 121212

Key photogif

ID 111111

41copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Object Lifecycle

Lifecycle management defines how Amazon S3 manages

objects during their lifetime Some objects that you store in an

Amazon S3 bucket might have a well-defined lifecycle

Log files

Archive documents

Digital media archives

Financial and healthcare records

Raw genomics sequence data

Long-term database backups

Data that must be retained for regulatory compliance

42copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Glacier

Long term low-cost archiving service

Optimal for infrequently accessed data

Designed for 99999999999 durability

3-5 hours retrieval time

Less than $001 per GB month (depending on region)

43copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 + Amazon Glacier

S3 Lifecycle policies allow you to delete or move

objects based on age and set rules per S3 bucket

bucket with

objects

30 Days

Glacier

archive

365 Days

44copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Region Considerations

Amazon S3 creates a bucket in the region you

select

You can choose a region to

Optimize latency

Minimize costs

Address regulatory requirements

Objects stored in a region never leave the region

unless you explicitly transfer them to another

region

45copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Storage Classes

Storage Class Durability Availability Other Considerations

Amazon S3

Standard

99999999999 9999 None

Amazon S3

Standard -

Infrequent

Access (IA)

99999999999 9999 bull Retrieval fee associated

with objects

bull Most suitable for

infrequently accessed

data

Glacier 99999999999 9999 (after you

restore objects)

bull Not available for real-time

access

bull Must restore objects

before you can access

them

46copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Elastic Block Store (EBS)

Persistent block level storage volumes

offering consistent and low-latency performance

Automatically replicated within its Availability

Zone

Snapshots stored durably in Amazon S3 Amazon

EBS

47copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS Lifecycle

Vast amounts of

unused space Create

Call CreateVolume

1 GB to 16 TB

Attach

Call AttachVolume to affiliate with

one Amazon EC2 instance

Attached

and

In Use

bull Format from Amazon EC2

instance OS

bull Mount formatted drive

CreateSnapshotSnapshot to

Amazon S3Detach

Call DetachVolume

Deleted

Call DeleteVolume

48copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS Facts

You can create

EBS Magnetic volumes from 1 GiB to 1 TiB in size

EBS General Purpose (SSD) and Provisioned IOPS (SSD)

volumes up to 16 TiB in size

You can use encrypted EBS volumes to meet a wide

range of data at-rest encryption requirements for

regulatedaudited data and applications

You can create point-in-time snapshots of EBS volumes

which are persisted to Amazon S3

49copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS and Amazon S3

Amazon EBS Amazon S3

Paradigm Block storage with file system Object store

Performance Very fast Fast

Redundancy Across multiple servers in an

Availability Zone

Across multiple facilities in a Region

Security EBS Encryption ndash Data volumes

and Snapshots

Encryption

Access from the

Internet

No (1) Yes (2)

Typical use case It is a disk drive Online storage

(1) Accessible from the Internet if mounted to server and set up as FTP etc

(2) Only with proper credentials unless ACLs are world-readable

50copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Instance Storage

Local complimentary direct attached block storage resource

Availability number of disks and size is based on EC2

instance type

Storage optimized instances for up to 365000 Read IOPS

and 315000 First Write IOPS

SSD or magnetic

No persistence

All data is automatically deleted when an EC2 instance stops

fails or is terminated

51copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Reboot vs Stop vs Terminate

Characteristic Reboot StopStart (EBS-backed instances only)

Terminate

Host computer The instance stays on the

same host computer

The instance runs on a new

host computer

NA

Private and public

IP addresses

Stay the same Instance keeps its private IP

address and gets a new public

IP address

NA

Elastic IP addresses

(EIP)

EIP remains associated with

the instance

EIP remains associated with the

instance

The EIP is disassociated from the

instance

Instance store

volumes

The data is preserved The data is erased The data is erased

EBS volume The volume is preserved The volume is preserved The volume is deleted by default

Billing Instance billing hour doesnrsquot

change

You stop incurring charges as

soon as state is changed to

stopping

You stop incurring charges as

soon as state is changed to

shutting-down

52copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instructor Demo

Amazon S3

53copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Networking

Amazon VPC

54copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

Provision a private isolated virtual network

on the AWS cloud

Have complete control over your virtual

networking environmentAmazon

VPC

55copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

VPCs and Subnets

A subnet defines a range of IP addresses in your VPC

You can launch AWS resources into a subnet that you select

A private subnet should be used for resources that wonrsquot be accessible over the Internet

A public subnet should be used for resources that will be accessed over the Internet

Each subnet must reside entirely within one Availability Zone and cannot span zones

56copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon VPC Example

Availability Zone A

Virtual Private Cloud

AWS Cloud

Public Subnet

Internet

Virtual Private Cloud

Availability Zone B

Private Subnet

Availability Zone C

VPN Only Subnet

DB Server DB Server

App Server

DB Server DB Server

DB Server

Web Server Web Server

NAT

Customer

Network

R

57copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security in Your VPC

Security groups

Network access

control lists

(ACLs) Subnet

1000024Subnet

1001024

Internet GatewayVPN Gateway

VPC Router

1000016

Security Group Security

Group

Security

Group

Network ACL Network ACL

Routing Table Routing Table

instance instance instance instance

58copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answers

Q What AWS service would help support your web application to offload serving static assets and store user uploaded images and video off-instance

Q How would you find out the private and public IP addresses for an EC2 instance

Q What acts as an additional layer of security at the subnet level in a VPC

True or False S3 Provides unlimited storageTrue

Retrieve the instance metadata http169254169254latestmeta-data

Amazon S3

Network ACLs

59copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 3

Security Identity and Access

Management

60copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Shared Responsibility ndash AWS

AW

S

Client-side Data Encryption

and Data Integrity

Authentication

Server-side Encryption

(File System andor Data)Network Traffic Protection

(EncryptionIntegrityIdentity)

Platform Applications Identity and Access Management

Operating System Network and Firewall Configuration

Customer DataC

usto

mer

Foundation Services

Compute Storage Database Network

AWS Global

Infrastructure Regions

Availability Zones Edge

Locations

61copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Physical Security

247 trained security staff

AWS data centers in nondescript and undisclosed facilities

Two-factor authentication for authorized staff

Authorization for data center access

62copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Hardware Software and Network

Automated change-control process

Bastion servers that record all access attempts

Firewall and other boundary devices

AWS monitoring tools

63copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Certifications and Accreditations

ISO 9001 ISO 27001 ISO 27017 ISO 27018 IRAP (Australia) MLPS Level 3 (China)

MTCS Tier 3 Certification (Singapore) and more hellip

64copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SSL Endpoints

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

SSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

SSL Endpoints

65copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security Groups

SSL Endpoints Security Groups

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

66copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

VPCSSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

67copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Multi-Tier Security Groups

HTTP

SSHRDP

Ports 80 and 443 only

open to the Internet

Engineering staff have SSHRDP

access to Bastion Host

All other internet ports blocked by default

Bastion

68copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Identity and Access Management (IAM)

AWS IAM

3

Manage federated users

and their permissions

2

Manage AWS IAM roles

and their permissions

1

Manage AWS IAM users

and their access

69copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Authentication

AWS Management Console User Name and Password

IAM User

70copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Access Key ID AKIAIOSFODNN7EXAMPLE

Secret Access Key wJalrXUtnFEMIK7MDENGbPxRfiCYEXAMPLEKEY

Java Python NET

AWS SDK amp APIAWS CLI

Authentication

AWS CLI or SDK API Access Key and Secret Key

IAM User

71copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM User Management - Groups

User D

DevOps Group

User C

AWS Account

TestDev Group

User BUser A

72copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authorization

Authorization

Policies

Are JSON documents to

describe permissions

Are assigned to Users

Groups or Roles

IAM User IAM Group

IAM Roles

73copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Elements

Version 2012-10-17

Statement [

Sid Stmt1453690971587

Action [

ec2Describe

ec2StartInstances

ec2StopInstancesrdquo

]

Effect Allow

Resource

Condition

IpAddress

awsSourceIp 5464346532rdquo

Sid Stmt1453690998327

Action [

s3GetObjectrdquo

]

Effect Allow

Resource arnawss3example_bucketrdquo

]

IAM Policy

74copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

Assigned Assigned

IAM Policy

75copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

76copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Roles

An IAM role uses a policy

An IAM role has no associated credentials

IAM users applications and services may assume IAM

roles

IAM Roles

77copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

IAM User

Assumed Assumed

AWS Resources

78copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Access to AWS Resources

Python application hosted on an Amazon EC2 Instance

needs to interact with Amazon S3

AWS credentials are required

Option 1 Store AWS Credentials on the Amazon EC2 instance

Option 2 Securely distribute AWS credentials to AWS Services

and Applications

IAM Roles

79copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Authentication

AWS IAM Application

No Support No Support

OS

80copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication and Authorization

Authentication

AWS Management Console

bull User Name and Password

AWS CLI or SDK API

bull Access Key and Secret Key

Authorization

Policies

IAM User IAM Group

IAM Roles

81copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices

Delete AWS account (root) access keys

Create individual IAM users

Use groups to assign permissions to IAM users

Grant least privilege

Configure a strong password policy

Enable MFA for privileged users

82copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices (cont)

Use roles for applications that run on Amazon EC2

instances

Delegate by using roles instead of by sharing credentials

Rotate credentials regularly

Remove unnecessary users and credentials

Use policy conditions for extra security

Monitor activity in your AWS account

83copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Resource-Based Policies

Are an alternative to IAM and supported by some

services

Grant cross-account access to your resources

Use a principal to uniquely identify account in the policy

Supported AWS services include Amazon S3 Bucket Policy

Amazon SNS Topic Policy

Amazon SQS Queue Policy

Amazon Glacier Vault Policy

AWS OpsWorks Stack Policy

AWS Lambda Function Policy

84copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answer

Q Your web application needs to readwrite an Amazon DynamoDB table

and an Amazon S3 bucket This operation requires AWS credentials and

authorization to use AWS services What service would you use

AWS IAM Role

85copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 4

Databases

86copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SQL and NoSQL Databases

SQL NoSQL

Data Storage Rows and Columns Key-Value

Schemas Fixed Dynamic

Querying Using SQL Focused on collection of

documents

Scalability Vertical Horizontal

ISBN Title Author Format

9182932465265 Cloud Computing

Concepts

Wilson

Joe

Paperback

3142536475869 The Database

Guru

Gomez

Maria

eBook

SQL NoSQL

ISBN 9182932465265

Title ldquoCloud Computing Conceptsrdquo

Author ldquoWilson Joerdquo

Format ldquoPaperbackrdquo

87copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Data Storage Considerations

No one size fits all

Analyze your data requirements by considering

Data formats

Data size

Query frequency

Data access speed

Data retention period

88copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Managed Database Services

Compute Storage

AWS Global Infrastructure

Database

App Services

Deployment and Administration

Networking

Amazon DynamoDB

Amazon ElastiCache

Amazon RDS

Amazon Redshift

AWS Database Migration Service

89copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Relational Database Service (RDS)

Cost-efficient and resizable capacity

Manages time-consuming database

administration tasks

Access to the full capabilities of Amazon

Aurora MySQL MariaDB Microsoft SQL

Server Oracle and PostgreSQL databases

Amazon

RDS

90copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Use Case

We were able to go from

concept to delivered product

in about six months with just

a handful of engineers

Greg Scallan

Chief Architect Flipboard

rdquo

ldquoFlipboard is an online magazine

with millions of users and billions of

ldquoflipsrdquo per month

Flipboard is one of the worldrsquos first

social media magazines

Flipboard uses Amazon RDS and

its Multi-AZ capabilities to store

mission critical user data

91copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS

Simple and fast to deploy

Manages common database administrative tasks

Compatible with your applications

Fast predictable performance

Simple and fast to scale

Secure

Cost-effective

92copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

How Amazon RDS Backups Work

Automatic Backups

Restore your database to a

point in time

Are enabled by default

Let you choose a retention

period up to 35 days

Manual Snapshots

Let you build a new

database instance from a

snapshot

Are initiated by the user

Persist until the user deletes

them

Are stored in Amazon S3

93copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cross-Region Snapshots

Are a copy of a database

snapshot stored in a

different AWS Region

Provide a backup for

disaster recovery

Can be used as a base

for migration to a

different region

94copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Security

Run your DB instance in an Amazon VPC

Use IAM policies to grant access to Amazon RDS resources

Use security groups

Use Secure Socket Layer (SSL) connections with DB instances (Amazon Aurora Oracle MySQL MariaDB PostgreSQL Microsoft SQL Server)

Use Amazon RDS encryption to secure your RDS instances and snapshots at rest

Use network encryption and transparent data encryption (TDE) with Oracle DB and Microsoft SQL Server instances

Use the security features of your DB engine to control access to your DB instance

95copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

A Resilient Durable Application Architecture

Amazon RDS database

instances

Master and Multi-AZ standby

Application in Amazon

EC2 instances

Elastic Load Balancing

load balancer instance

DB snapshots in

Amazon S3

96copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Best Practices

Monitor your memory CPU and storage usage

Use Multi-AZ deployments to automatically provision and maintain a synchronous standby in a different Availability Zone

Enable automatic backups

Set the backup window to occur during the daily low in WriteIOPS

To increase the IO capacity of a DB instance Migrate to a DB instance class with high IO capacity

Convert from standard storage to provisioned IOPS storage and use a DB instance class optimized for provisioned IOPS

Provision additional throughput capacity (if using provisioned IOPS storage)

If your client application is caching the DNS data of your DB instances set a TTL of less than 30 seconds

Test failover for your DB instance

97copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon DynamoDB

Store any amount of data with no limits

Fast predictable performance using SSDs

Easily provision and change the request

capacity needed for each table

Fully managed NoSQL database serviceAmazon

DynamoDB

98copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Use Case

AdRoll an online advertising platform serves 50

billion impressions a day worldwide with its

global retargeting platforms

We spend more on snacks

than we do on Amazon

DynamoDB

Valentino Volonghi

CTO Adroll

rdquo

ldquoAdroll Uses AWS to grow by more than

15000 in a year

Needed high-performance flexible

platform to swiftly sync data for

worldwide audience

Processes 50 TB of data a day

Serves 50 billion impressions a day

Stores 15 PB of data

Worldwide deployment minimizes

latency

99copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Data Model

Table

MusicItems

Attributes (name-value pairs)

Artist Song

Title

Album

Title

Year Genre

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 23: AWSome Day Cork | Technical Track

23copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AMI Details

An AMI includes the following

A template for the root volume for the instance (for

example an operating system an application server

and applications)

Launch permissions that control which AWS accounts

can use the AMI to launch instances

A block device mapping that specifies the volumes to

attach to the instance when its launched

24copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instances and AMIs

Select an AMI based on

Region

Operating system

Architecture (32-bit or 64-bit)

Launch permissions

Storage for the root deviceAMI

Instances

Instance

Launch

instances of any

type

Host computer

Host computer

25copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Instances

OS Applications

amp Configuration

AMI

Running or

Stopped VM

Instances

AZ

VPC

Region

EBS

S3

EBS

SnapshotsS3 Buckets

EBS EBS EBS EBS EBS

AZ

Instances Instances

26copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS vs Amazon EC2 Instance Store

Amazon EBS

Data stored on an Amazon EBS volume can persist

independently of the life of the instance

Storage is persistent

Amazon EC2 Instance Store

Data stored on a local instance store persists only as long as the

instance is alive

Storage is ephemeral

27copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Marketplace ndash IT Software Optimized for the

Cloud

AWS Marketplace

Is an online store to discover purchase and deploy IT software on top of the AWS infrastructure

Catalog of 2300+ IT software solutionsbull Including Paid BYOL Open Source SaaS amp free to try options

Pre-configured to operate on AWSbull Software checked by AWS for security and operability

Deploys to AWS environment in minutes

Flexible usage-based billing models

Software charges billed to AWS account

Includes AWS Test Drive

httpsawsamazoncommarketplace

28copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Choosing the Right Amazon EC2 Instance

EC2 instance types are optimized for different use cases and come

in multiple sizes This allows you to optimally scale resources to

your workload requirements

AWS uses Intelreg Xeonreg processors for EC2 instances providing

customers with high performance and value

Consider the following when choosing your instances Core count

memory size storage size and type network performance and

CPU technologies

Hurry Up and Go Idle - A larger compute instance can save you time

and money therefore paying more per hour for a shorter amount of

time can be less expensive

29copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Intelreg Processor Technologies

Intelreg AVX ndash Get dramatically better performance for highly parallel HPC workloads such as life science engineering data mining financial analysis or other technical computing applications AVX also enhances image video and audio processing

Intelreg AES-NI ndash Enhance your security with these new encryption instructions that reduce the performance penalty associated with encryptingdecrypting data

Intelreg Turbo Boost Technology ndash Get more computing power when you need it with performance that adapts to spikes in your workload with Intelreg Turbo Boost Technology 20

30copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Current Generation Instances

Instance Family Some Use Cases

General purpose (t2 m4 m3) bull Low-traffic websites and web applications

bull Small databases and mid-size databases

Compute optimized (c4 c3) bull High performance front-end fleets

bull Video-encoding

Memory optimized (r3) bull High performance databases

bull Distributed memory caches

Storage optimized (i2 d2) bull Data warehousing

bull Log or data-processing applications

GPU instances (g2) bull 3D application streaming

bull Machine learning

31copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instance Metadata amp User Data

Instance Metadata

Is data about your instance

Can be used to configure or manage a running instance

Instance User Data

Can be passed to the instance at launch

Can be used to perform common automated configuration tasks

Runs scripts after the instance starts

32copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Purchasing Options

On-Demand Instances

Pay by the hour

Reserved Instances

Purchase at significant discount

Instances are always available

1-year to 3-year terms

Scheduled Instances

Purchase a 1-year RI for a

recurring period of time

Spot Instances

Highest bidder uses instance at a

significant discount

Spot blocks supported

Dedicated Hosts

Physical host is fully dedicated to

run your instances Bring your per-socket per-core or per-

VM software licenses to reduce

cost

33copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instructor Demo

Amazon EC2

34copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Simple Storage Service (S3)

Amazon S3

Storage for the Internet

Natively online HTTP access

Store and retrieve any amount of data any

time from anywhere on the web

Highly scalable reliable fast and durable

35copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Facts

Able to store an unlimited number of objects in a bucket

Objects up to 5 TB no bucket size limit

Designed for 99999999999 durability and 9999 availability of

objects over a given year

HTTPS endpoint to store and retrieve any amount of data at any

time from anywhere on the web

Highly scalable reliable fast and inexpensive

Optional server-side encryption using AWS or customer-

managed provided client-side encryption

Access logs for auditing

Provides standards-based REST and SOAP interfaces

36copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Common Use Scenarios

Storage and Backup

Application File Hosting

Media Hosting

Software Delivery

Store AMIs and Snapshots

37copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Concepts

Amazon S3 stores data as objects

within buckets

An object is composed of a file and

optionally any metadata that

describes that file

You can have up to 100 buckets in

each account

You can control access to the

bucket and its objects

Amazon

S3

Bucket

with

Objects

Bucket

Object

38copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Object Keys

An object key is the unique identifier for an object in a

bucket

httpdocs3amazonawscom2006-03-01AmazonS3html

Bucket ObjectKey

39copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Security

You can control access to buckets and objects with

Access Control Lists (ACLs)

Bucket policies

Identity and Access Management (IAM) policies

You can upload or download data to Amazon S3 via SSL

encrypted endpoints

You can encrypt data using AWS SDKs

40copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Versioning

Protects from accidental overwrites and deletes with

no performance penalty

Generates a new version with every upload

Allows easily retrieval of deleted objects or roll back

to previous versions

Three states of an Amazon S3 bucket

Un-versioned (default)

Versioning-enabled

Versioning-suspendedVersioning Enabled

Key photogif

ID 121212

Key photogif

ID 111111

41copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Object Lifecycle

Lifecycle management defines how Amazon S3 manages

objects during their lifetime Some objects that you store in an

Amazon S3 bucket might have a well-defined lifecycle

Log files

Archive documents

Digital media archives

Financial and healthcare records

Raw genomics sequence data

Long-term database backups

Data that must be retained for regulatory compliance

42copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Glacier

Long term low-cost archiving service

Optimal for infrequently accessed data

Designed for 99999999999 durability

3-5 hours retrieval time

Less than $001 per GB month (depending on region)

43copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 + Amazon Glacier

S3 Lifecycle policies allow you to delete or move

objects based on age and set rules per S3 bucket

bucket with

objects

30 Days

Glacier

archive

365 Days

44copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Region Considerations

Amazon S3 creates a bucket in the region you

select

You can choose a region to

Optimize latency

Minimize costs

Address regulatory requirements

Objects stored in a region never leave the region

unless you explicitly transfer them to another

region

45copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Storage Classes

Storage Class Durability Availability Other Considerations

Amazon S3

Standard

99999999999 9999 None

Amazon S3

Standard -

Infrequent

Access (IA)

99999999999 9999 bull Retrieval fee associated

with objects

bull Most suitable for

infrequently accessed

data

Glacier 99999999999 9999 (after you

restore objects)

bull Not available for real-time

access

bull Must restore objects

before you can access

them

46copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Elastic Block Store (EBS)

Persistent block level storage volumes

offering consistent and low-latency performance

Automatically replicated within its Availability

Zone

Snapshots stored durably in Amazon S3 Amazon

EBS

47copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS Lifecycle

Vast amounts of

unused space Create

Call CreateVolume

1 GB to 16 TB

Attach

Call AttachVolume to affiliate with

one Amazon EC2 instance

Attached

and

In Use

bull Format from Amazon EC2

instance OS

bull Mount formatted drive

CreateSnapshotSnapshot to

Amazon S3Detach

Call DetachVolume

Deleted

Call DeleteVolume

48copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS Facts

You can create

EBS Magnetic volumes from 1 GiB to 1 TiB in size

EBS General Purpose (SSD) and Provisioned IOPS (SSD)

volumes up to 16 TiB in size

You can use encrypted EBS volumes to meet a wide

range of data at-rest encryption requirements for

regulatedaudited data and applications

You can create point-in-time snapshots of EBS volumes

which are persisted to Amazon S3

49copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS and Amazon S3

Amazon EBS Amazon S3

Paradigm Block storage with file system Object store

Performance Very fast Fast

Redundancy Across multiple servers in an

Availability Zone

Across multiple facilities in a Region

Security EBS Encryption ndash Data volumes

and Snapshots

Encryption

Access from the

Internet

No (1) Yes (2)

Typical use case It is a disk drive Online storage

(1) Accessible from the Internet if mounted to server and set up as FTP etc

(2) Only with proper credentials unless ACLs are world-readable

50copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Instance Storage

Local complimentary direct attached block storage resource

Availability number of disks and size is based on EC2

instance type

Storage optimized instances for up to 365000 Read IOPS

and 315000 First Write IOPS

SSD or magnetic

No persistence

All data is automatically deleted when an EC2 instance stops

fails or is terminated

51copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Reboot vs Stop vs Terminate

Characteristic Reboot StopStart (EBS-backed instances only)

Terminate

Host computer The instance stays on the

same host computer

The instance runs on a new

host computer

NA

Private and public

IP addresses

Stay the same Instance keeps its private IP

address and gets a new public

IP address

NA

Elastic IP addresses

(EIP)

EIP remains associated with

the instance

EIP remains associated with the

instance

The EIP is disassociated from the

instance

Instance store

volumes

The data is preserved The data is erased The data is erased

EBS volume The volume is preserved The volume is preserved The volume is deleted by default

Billing Instance billing hour doesnrsquot

change

You stop incurring charges as

soon as state is changed to

stopping

You stop incurring charges as

soon as state is changed to

shutting-down

52copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instructor Demo

Amazon S3

53copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Networking

Amazon VPC

54copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

Provision a private isolated virtual network

on the AWS cloud

Have complete control over your virtual

networking environmentAmazon

VPC

55copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

VPCs and Subnets

A subnet defines a range of IP addresses in your VPC

You can launch AWS resources into a subnet that you select

A private subnet should be used for resources that wonrsquot be accessible over the Internet

A public subnet should be used for resources that will be accessed over the Internet

Each subnet must reside entirely within one Availability Zone and cannot span zones

56copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon VPC Example

Availability Zone A

Virtual Private Cloud

AWS Cloud

Public Subnet

Internet

Virtual Private Cloud

Availability Zone B

Private Subnet

Availability Zone C

VPN Only Subnet

DB Server DB Server

App Server

DB Server DB Server

DB Server

Web Server Web Server

NAT

Customer

Network

R

57copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security in Your VPC

Security groups

Network access

control lists

(ACLs) Subnet

1000024Subnet

1001024

Internet GatewayVPN Gateway

VPC Router

1000016

Security Group Security

Group

Security

Group

Network ACL Network ACL

Routing Table Routing Table

instance instance instance instance

58copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answers

Q What AWS service would help support your web application to offload serving static assets and store user uploaded images and video off-instance

Q How would you find out the private and public IP addresses for an EC2 instance

Q What acts as an additional layer of security at the subnet level in a VPC

True or False S3 Provides unlimited storageTrue

Retrieve the instance metadata http169254169254latestmeta-data

Amazon S3

Network ACLs

59copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 3

Security Identity and Access

Management

60copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Shared Responsibility ndash AWS

AW

S

Client-side Data Encryption

and Data Integrity

Authentication

Server-side Encryption

(File System andor Data)Network Traffic Protection

(EncryptionIntegrityIdentity)

Platform Applications Identity and Access Management

Operating System Network and Firewall Configuration

Customer DataC

usto

mer

Foundation Services

Compute Storage Database Network

AWS Global

Infrastructure Regions

Availability Zones Edge

Locations

61copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Physical Security

247 trained security staff

AWS data centers in nondescript and undisclosed facilities

Two-factor authentication for authorized staff

Authorization for data center access

62copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Hardware Software and Network

Automated change-control process

Bastion servers that record all access attempts

Firewall and other boundary devices

AWS monitoring tools

63copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Certifications and Accreditations

ISO 9001 ISO 27001 ISO 27017 ISO 27018 IRAP (Australia) MLPS Level 3 (China)

MTCS Tier 3 Certification (Singapore) and more hellip

64copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SSL Endpoints

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

SSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

SSL Endpoints

65copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security Groups

SSL Endpoints Security Groups

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

66copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

VPCSSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

67copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Multi-Tier Security Groups

HTTP

SSHRDP

Ports 80 and 443 only

open to the Internet

Engineering staff have SSHRDP

access to Bastion Host

All other internet ports blocked by default

Bastion

68copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Identity and Access Management (IAM)

AWS IAM

3

Manage federated users

and their permissions

2

Manage AWS IAM roles

and their permissions

1

Manage AWS IAM users

and their access

69copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Authentication

AWS Management Console User Name and Password

IAM User

70copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Access Key ID AKIAIOSFODNN7EXAMPLE

Secret Access Key wJalrXUtnFEMIK7MDENGbPxRfiCYEXAMPLEKEY

Java Python NET

AWS SDK amp APIAWS CLI

Authentication

AWS CLI or SDK API Access Key and Secret Key

IAM User

71copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM User Management - Groups

User D

DevOps Group

User C

AWS Account

TestDev Group

User BUser A

72copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authorization

Authorization

Policies

Are JSON documents to

describe permissions

Are assigned to Users

Groups or Roles

IAM User IAM Group

IAM Roles

73copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Elements

Version 2012-10-17

Statement [

Sid Stmt1453690971587

Action [

ec2Describe

ec2StartInstances

ec2StopInstancesrdquo

]

Effect Allow

Resource

Condition

IpAddress

awsSourceIp 5464346532rdquo

Sid Stmt1453690998327

Action [

s3GetObjectrdquo

]

Effect Allow

Resource arnawss3example_bucketrdquo

]

IAM Policy

74copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

Assigned Assigned

IAM Policy

75copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

76copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Roles

An IAM role uses a policy

An IAM role has no associated credentials

IAM users applications and services may assume IAM

roles

IAM Roles

77copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

IAM User

Assumed Assumed

AWS Resources

78copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Access to AWS Resources

Python application hosted on an Amazon EC2 Instance

needs to interact with Amazon S3

AWS credentials are required

Option 1 Store AWS Credentials on the Amazon EC2 instance

Option 2 Securely distribute AWS credentials to AWS Services

and Applications

IAM Roles

79copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Authentication

AWS IAM Application

No Support No Support

OS

80copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication and Authorization

Authentication

AWS Management Console

bull User Name and Password

AWS CLI or SDK API

bull Access Key and Secret Key

Authorization

Policies

IAM User IAM Group

IAM Roles

81copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices

Delete AWS account (root) access keys

Create individual IAM users

Use groups to assign permissions to IAM users

Grant least privilege

Configure a strong password policy

Enable MFA for privileged users

82copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices (cont)

Use roles for applications that run on Amazon EC2

instances

Delegate by using roles instead of by sharing credentials

Rotate credentials regularly

Remove unnecessary users and credentials

Use policy conditions for extra security

Monitor activity in your AWS account

83copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Resource-Based Policies

Are an alternative to IAM and supported by some

services

Grant cross-account access to your resources

Use a principal to uniquely identify account in the policy

Supported AWS services include Amazon S3 Bucket Policy

Amazon SNS Topic Policy

Amazon SQS Queue Policy

Amazon Glacier Vault Policy

AWS OpsWorks Stack Policy

AWS Lambda Function Policy

84copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answer

Q Your web application needs to readwrite an Amazon DynamoDB table

and an Amazon S3 bucket This operation requires AWS credentials and

authorization to use AWS services What service would you use

AWS IAM Role

85copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 4

Databases

86copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SQL and NoSQL Databases

SQL NoSQL

Data Storage Rows and Columns Key-Value

Schemas Fixed Dynamic

Querying Using SQL Focused on collection of

documents

Scalability Vertical Horizontal

ISBN Title Author Format

9182932465265 Cloud Computing

Concepts

Wilson

Joe

Paperback

3142536475869 The Database

Guru

Gomez

Maria

eBook

SQL NoSQL

ISBN 9182932465265

Title ldquoCloud Computing Conceptsrdquo

Author ldquoWilson Joerdquo

Format ldquoPaperbackrdquo

87copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Data Storage Considerations

No one size fits all

Analyze your data requirements by considering

Data formats

Data size

Query frequency

Data access speed

Data retention period

88copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Managed Database Services

Compute Storage

AWS Global Infrastructure

Database

App Services

Deployment and Administration

Networking

Amazon DynamoDB

Amazon ElastiCache

Amazon RDS

Amazon Redshift

AWS Database Migration Service

89copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Relational Database Service (RDS)

Cost-efficient and resizable capacity

Manages time-consuming database

administration tasks

Access to the full capabilities of Amazon

Aurora MySQL MariaDB Microsoft SQL

Server Oracle and PostgreSQL databases

Amazon

RDS

90copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Use Case

We were able to go from

concept to delivered product

in about six months with just

a handful of engineers

Greg Scallan

Chief Architect Flipboard

rdquo

ldquoFlipboard is an online magazine

with millions of users and billions of

ldquoflipsrdquo per month

Flipboard is one of the worldrsquos first

social media magazines

Flipboard uses Amazon RDS and

its Multi-AZ capabilities to store

mission critical user data

91copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS

Simple and fast to deploy

Manages common database administrative tasks

Compatible with your applications

Fast predictable performance

Simple and fast to scale

Secure

Cost-effective

92copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

How Amazon RDS Backups Work

Automatic Backups

Restore your database to a

point in time

Are enabled by default

Let you choose a retention

period up to 35 days

Manual Snapshots

Let you build a new

database instance from a

snapshot

Are initiated by the user

Persist until the user deletes

them

Are stored in Amazon S3

93copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cross-Region Snapshots

Are a copy of a database

snapshot stored in a

different AWS Region

Provide a backup for

disaster recovery

Can be used as a base

for migration to a

different region

94copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Security

Run your DB instance in an Amazon VPC

Use IAM policies to grant access to Amazon RDS resources

Use security groups

Use Secure Socket Layer (SSL) connections with DB instances (Amazon Aurora Oracle MySQL MariaDB PostgreSQL Microsoft SQL Server)

Use Amazon RDS encryption to secure your RDS instances and snapshots at rest

Use network encryption and transparent data encryption (TDE) with Oracle DB and Microsoft SQL Server instances

Use the security features of your DB engine to control access to your DB instance

95copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

A Resilient Durable Application Architecture

Amazon RDS database

instances

Master and Multi-AZ standby

Application in Amazon

EC2 instances

Elastic Load Balancing

load balancer instance

DB snapshots in

Amazon S3

96copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Best Practices

Monitor your memory CPU and storage usage

Use Multi-AZ deployments to automatically provision and maintain a synchronous standby in a different Availability Zone

Enable automatic backups

Set the backup window to occur during the daily low in WriteIOPS

To increase the IO capacity of a DB instance Migrate to a DB instance class with high IO capacity

Convert from standard storage to provisioned IOPS storage and use a DB instance class optimized for provisioned IOPS

Provision additional throughput capacity (if using provisioned IOPS storage)

If your client application is caching the DNS data of your DB instances set a TTL of less than 30 seconds

Test failover for your DB instance

97copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon DynamoDB

Store any amount of data with no limits

Fast predictable performance using SSDs

Easily provision and change the request

capacity needed for each table

Fully managed NoSQL database serviceAmazon

DynamoDB

98copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Use Case

AdRoll an online advertising platform serves 50

billion impressions a day worldwide with its

global retargeting platforms

We spend more on snacks

than we do on Amazon

DynamoDB

Valentino Volonghi

CTO Adroll

rdquo

ldquoAdroll Uses AWS to grow by more than

15000 in a year

Needed high-performance flexible

platform to swiftly sync data for

worldwide audience

Processes 50 TB of data a day

Serves 50 billion impressions a day

Stores 15 PB of data

Worldwide deployment minimizes

latency

99copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Data Model

Table

MusicItems

Attributes (name-value pairs)

Artist Song

Title

Album

Title

Year Genre

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 24: AWSome Day Cork | Technical Track

24copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instances and AMIs

Select an AMI based on

Region

Operating system

Architecture (32-bit or 64-bit)

Launch permissions

Storage for the root deviceAMI

Instances

Instance

Launch

instances of any

type

Host computer

Host computer

25copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Instances

OS Applications

amp Configuration

AMI

Running or

Stopped VM

Instances

AZ

VPC

Region

EBS

S3

EBS

SnapshotsS3 Buckets

EBS EBS EBS EBS EBS

AZ

Instances Instances

26copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS vs Amazon EC2 Instance Store

Amazon EBS

Data stored on an Amazon EBS volume can persist

independently of the life of the instance

Storage is persistent

Amazon EC2 Instance Store

Data stored on a local instance store persists only as long as the

instance is alive

Storage is ephemeral

27copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Marketplace ndash IT Software Optimized for the

Cloud

AWS Marketplace

Is an online store to discover purchase and deploy IT software on top of the AWS infrastructure

Catalog of 2300+ IT software solutionsbull Including Paid BYOL Open Source SaaS amp free to try options

Pre-configured to operate on AWSbull Software checked by AWS for security and operability

Deploys to AWS environment in minutes

Flexible usage-based billing models

Software charges billed to AWS account

Includes AWS Test Drive

httpsawsamazoncommarketplace

28copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Choosing the Right Amazon EC2 Instance

EC2 instance types are optimized for different use cases and come

in multiple sizes This allows you to optimally scale resources to

your workload requirements

AWS uses Intelreg Xeonreg processors for EC2 instances providing

customers with high performance and value

Consider the following when choosing your instances Core count

memory size storage size and type network performance and

CPU technologies

Hurry Up and Go Idle - A larger compute instance can save you time

and money therefore paying more per hour for a shorter amount of

time can be less expensive

29copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Intelreg Processor Technologies

Intelreg AVX ndash Get dramatically better performance for highly parallel HPC workloads such as life science engineering data mining financial analysis or other technical computing applications AVX also enhances image video and audio processing

Intelreg AES-NI ndash Enhance your security with these new encryption instructions that reduce the performance penalty associated with encryptingdecrypting data

Intelreg Turbo Boost Technology ndash Get more computing power when you need it with performance that adapts to spikes in your workload with Intelreg Turbo Boost Technology 20

30copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Current Generation Instances

Instance Family Some Use Cases

General purpose (t2 m4 m3) bull Low-traffic websites and web applications

bull Small databases and mid-size databases

Compute optimized (c4 c3) bull High performance front-end fleets

bull Video-encoding

Memory optimized (r3) bull High performance databases

bull Distributed memory caches

Storage optimized (i2 d2) bull Data warehousing

bull Log or data-processing applications

GPU instances (g2) bull 3D application streaming

bull Machine learning

31copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instance Metadata amp User Data

Instance Metadata

Is data about your instance

Can be used to configure or manage a running instance

Instance User Data

Can be passed to the instance at launch

Can be used to perform common automated configuration tasks

Runs scripts after the instance starts

32copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Purchasing Options

On-Demand Instances

Pay by the hour

Reserved Instances

Purchase at significant discount

Instances are always available

1-year to 3-year terms

Scheduled Instances

Purchase a 1-year RI for a

recurring period of time

Spot Instances

Highest bidder uses instance at a

significant discount

Spot blocks supported

Dedicated Hosts

Physical host is fully dedicated to

run your instances Bring your per-socket per-core or per-

VM software licenses to reduce

cost

33copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instructor Demo

Amazon EC2

34copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Simple Storage Service (S3)

Amazon S3

Storage for the Internet

Natively online HTTP access

Store and retrieve any amount of data any

time from anywhere on the web

Highly scalable reliable fast and durable

35copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Facts

Able to store an unlimited number of objects in a bucket

Objects up to 5 TB no bucket size limit

Designed for 99999999999 durability and 9999 availability of

objects over a given year

HTTPS endpoint to store and retrieve any amount of data at any

time from anywhere on the web

Highly scalable reliable fast and inexpensive

Optional server-side encryption using AWS or customer-

managed provided client-side encryption

Access logs for auditing

Provides standards-based REST and SOAP interfaces

36copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Common Use Scenarios

Storage and Backup

Application File Hosting

Media Hosting

Software Delivery

Store AMIs and Snapshots

37copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Concepts

Amazon S3 stores data as objects

within buckets

An object is composed of a file and

optionally any metadata that

describes that file

You can have up to 100 buckets in

each account

You can control access to the

bucket and its objects

Amazon

S3

Bucket

with

Objects

Bucket

Object

38copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Object Keys

An object key is the unique identifier for an object in a

bucket

httpdocs3amazonawscom2006-03-01AmazonS3html

Bucket ObjectKey

39copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Security

You can control access to buckets and objects with

Access Control Lists (ACLs)

Bucket policies

Identity and Access Management (IAM) policies

You can upload or download data to Amazon S3 via SSL

encrypted endpoints

You can encrypt data using AWS SDKs

40copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Versioning

Protects from accidental overwrites and deletes with

no performance penalty

Generates a new version with every upload

Allows easily retrieval of deleted objects or roll back

to previous versions

Three states of an Amazon S3 bucket

Un-versioned (default)

Versioning-enabled

Versioning-suspendedVersioning Enabled

Key photogif

ID 121212

Key photogif

ID 111111

41copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Object Lifecycle

Lifecycle management defines how Amazon S3 manages

objects during their lifetime Some objects that you store in an

Amazon S3 bucket might have a well-defined lifecycle

Log files

Archive documents

Digital media archives

Financial and healthcare records

Raw genomics sequence data

Long-term database backups

Data that must be retained for regulatory compliance

42copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Glacier

Long term low-cost archiving service

Optimal for infrequently accessed data

Designed for 99999999999 durability

3-5 hours retrieval time

Less than $001 per GB month (depending on region)

43copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 + Amazon Glacier

S3 Lifecycle policies allow you to delete or move

objects based on age and set rules per S3 bucket

bucket with

objects

30 Days

Glacier

archive

365 Days

44copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Region Considerations

Amazon S3 creates a bucket in the region you

select

You can choose a region to

Optimize latency

Minimize costs

Address regulatory requirements

Objects stored in a region never leave the region

unless you explicitly transfer them to another

region

45copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Storage Classes

Storage Class Durability Availability Other Considerations

Amazon S3

Standard

99999999999 9999 None

Amazon S3

Standard -

Infrequent

Access (IA)

99999999999 9999 bull Retrieval fee associated

with objects

bull Most suitable for

infrequently accessed

data

Glacier 99999999999 9999 (after you

restore objects)

bull Not available for real-time

access

bull Must restore objects

before you can access

them

46copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Elastic Block Store (EBS)

Persistent block level storage volumes

offering consistent and low-latency performance

Automatically replicated within its Availability

Zone

Snapshots stored durably in Amazon S3 Amazon

EBS

47copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS Lifecycle

Vast amounts of

unused space Create

Call CreateVolume

1 GB to 16 TB

Attach

Call AttachVolume to affiliate with

one Amazon EC2 instance

Attached

and

In Use

bull Format from Amazon EC2

instance OS

bull Mount formatted drive

CreateSnapshotSnapshot to

Amazon S3Detach

Call DetachVolume

Deleted

Call DeleteVolume

48copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS Facts

You can create

EBS Magnetic volumes from 1 GiB to 1 TiB in size

EBS General Purpose (SSD) and Provisioned IOPS (SSD)

volumes up to 16 TiB in size

You can use encrypted EBS volumes to meet a wide

range of data at-rest encryption requirements for

regulatedaudited data and applications

You can create point-in-time snapshots of EBS volumes

which are persisted to Amazon S3

49copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS and Amazon S3

Amazon EBS Amazon S3

Paradigm Block storage with file system Object store

Performance Very fast Fast

Redundancy Across multiple servers in an

Availability Zone

Across multiple facilities in a Region

Security EBS Encryption ndash Data volumes

and Snapshots

Encryption

Access from the

Internet

No (1) Yes (2)

Typical use case It is a disk drive Online storage

(1) Accessible from the Internet if mounted to server and set up as FTP etc

(2) Only with proper credentials unless ACLs are world-readable

50copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Instance Storage

Local complimentary direct attached block storage resource

Availability number of disks and size is based on EC2

instance type

Storage optimized instances for up to 365000 Read IOPS

and 315000 First Write IOPS

SSD or magnetic

No persistence

All data is automatically deleted when an EC2 instance stops

fails or is terminated

51copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Reboot vs Stop vs Terminate

Characteristic Reboot StopStart (EBS-backed instances only)

Terminate

Host computer The instance stays on the

same host computer

The instance runs on a new

host computer

NA

Private and public

IP addresses

Stay the same Instance keeps its private IP

address and gets a new public

IP address

NA

Elastic IP addresses

(EIP)

EIP remains associated with

the instance

EIP remains associated with the

instance

The EIP is disassociated from the

instance

Instance store

volumes

The data is preserved The data is erased The data is erased

EBS volume The volume is preserved The volume is preserved The volume is deleted by default

Billing Instance billing hour doesnrsquot

change

You stop incurring charges as

soon as state is changed to

stopping

You stop incurring charges as

soon as state is changed to

shutting-down

52copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instructor Demo

Amazon S3

53copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Networking

Amazon VPC

54copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

Provision a private isolated virtual network

on the AWS cloud

Have complete control over your virtual

networking environmentAmazon

VPC

55copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

VPCs and Subnets

A subnet defines a range of IP addresses in your VPC

You can launch AWS resources into a subnet that you select

A private subnet should be used for resources that wonrsquot be accessible over the Internet

A public subnet should be used for resources that will be accessed over the Internet

Each subnet must reside entirely within one Availability Zone and cannot span zones

56copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon VPC Example

Availability Zone A

Virtual Private Cloud

AWS Cloud

Public Subnet

Internet

Virtual Private Cloud

Availability Zone B

Private Subnet

Availability Zone C

VPN Only Subnet

DB Server DB Server

App Server

DB Server DB Server

DB Server

Web Server Web Server

NAT

Customer

Network

R

57copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security in Your VPC

Security groups

Network access

control lists

(ACLs) Subnet

1000024Subnet

1001024

Internet GatewayVPN Gateway

VPC Router

1000016

Security Group Security

Group

Security

Group

Network ACL Network ACL

Routing Table Routing Table

instance instance instance instance

58copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answers

Q What AWS service would help support your web application to offload serving static assets and store user uploaded images and video off-instance

Q How would you find out the private and public IP addresses for an EC2 instance

Q What acts as an additional layer of security at the subnet level in a VPC

True or False S3 Provides unlimited storageTrue

Retrieve the instance metadata http169254169254latestmeta-data

Amazon S3

Network ACLs

59copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 3

Security Identity and Access

Management

60copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Shared Responsibility ndash AWS

AW

S

Client-side Data Encryption

and Data Integrity

Authentication

Server-side Encryption

(File System andor Data)Network Traffic Protection

(EncryptionIntegrityIdentity)

Platform Applications Identity and Access Management

Operating System Network and Firewall Configuration

Customer DataC

usto

mer

Foundation Services

Compute Storage Database Network

AWS Global

Infrastructure Regions

Availability Zones Edge

Locations

61copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Physical Security

247 trained security staff

AWS data centers in nondescript and undisclosed facilities

Two-factor authentication for authorized staff

Authorization for data center access

62copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Hardware Software and Network

Automated change-control process

Bastion servers that record all access attempts

Firewall and other boundary devices

AWS monitoring tools

63copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Certifications and Accreditations

ISO 9001 ISO 27001 ISO 27017 ISO 27018 IRAP (Australia) MLPS Level 3 (China)

MTCS Tier 3 Certification (Singapore) and more hellip

64copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SSL Endpoints

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

SSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

SSL Endpoints

65copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security Groups

SSL Endpoints Security Groups

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

66copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

VPCSSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

67copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Multi-Tier Security Groups

HTTP

SSHRDP

Ports 80 and 443 only

open to the Internet

Engineering staff have SSHRDP

access to Bastion Host

All other internet ports blocked by default

Bastion

68copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Identity and Access Management (IAM)

AWS IAM

3

Manage federated users

and their permissions

2

Manage AWS IAM roles

and their permissions

1

Manage AWS IAM users

and their access

69copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Authentication

AWS Management Console User Name and Password

IAM User

70copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Access Key ID AKIAIOSFODNN7EXAMPLE

Secret Access Key wJalrXUtnFEMIK7MDENGbPxRfiCYEXAMPLEKEY

Java Python NET

AWS SDK amp APIAWS CLI

Authentication

AWS CLI or SDK API Access Key and Secret Key

IAM User

71copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM User Management - Groups

User D

DevOps Group

User C

AWS Account

TestDev Group

User BUser A

72copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authorization

Authorization

Policies

Are JSON documents to

describe permissions

Are assigned to Users

Groups or Roles

IAM User IAM Group

IAM Roles

73copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Elements

Version 2012-10-17

Statement [

Sid Stmt1453690971587

Action [

ec2Describe

ec2StartInstances

ec2StopInstancesrdquo

]

Effect Allow

Resource

Condition

IpAddress

awsSourceIp 5464346532rdquo

Sid Stmt1453690998327

Action [

s3GetObjectrdquo

]

Effect Allow

Resource arnawss3example_bucketrdquo

]

IAM Policy

74copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

Assigned Assigned

IAM Policy

75copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

76copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Roles

An IAM role uses a policy

An IAM role has no associated credentials

IAM users applications and services may assume IAM

roles

IAM Roles

77copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

IAM User

Assumed Assumed

AWS Resources

78copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Access to AWS Resources

Python application hosted on an Amazon EC2 Instance

needs to interact with Amazon S3

AWS credentials are required

Option 1 Store AWS Credentials on the Amazon EC2 instance

Option 2 Securely distribute AWS credentials to AWS Services

and Applications

IAM Roles

79copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Authentication

AWS IAM Application

No Support No Support

OS

80copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication and Authorization

Authentication

AWS Management Console

bull User Name and Password

AWS CLI or SDK API

bull Access Key and Secret Key

Authorization

Policies

IAM User IAM Group

IAM Roles

81copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices

Delete AWS account (root) access keys

Create individual IAM users

Use groups to assign permissions to IAM users

Grant least privilege

Configure a strong password policy

Enable MFA for privileged users

82copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices (cont)

Use roles for applications that run on Amazon EC2

instances

Delegate by using roles instead of by sharing credentials

Rotate credentials regularly

Remove unnecessary users and credentials

Use policy conditions for extra security

Monitor activity in your AWS account

83copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Resource-Based Policies

Are an alternative to IAM and supported by some

services

Grant cross-account access to your resources

Use a principal to uniquely identify account in the policy

Supported AWS services include Amazon S3 Bucket Policy

Amazon SNS Topic Policy

Amazon SQS Queue Policy

Amazon Glacier Vault Policy

AWS OpsWorks Stack Policy

AWS Lambda Function Policy

84copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answer

Q Your web application needs to readwrite an Amazon DynamoDB table

and an Amazon S3 bucket This operation requires AWS credentials and

authorization to use AWS services What service would you use

AWS IAM Role

85copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 4

Databases

86copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SQL and NoSQL Databases

SQL NoSQL

Data Storage Rows and Columns Key-Value

Schemas Fixed Dynamic

Querying Using SQL Focused on collection of

documents

Scalability Vertical Horizontal

ISBN Title Author Format

9182932465265 Cloud Computing

Concepts

Wilson

Joe

Paperback

3142536475869 The Database

Guru

Gomez

Maria

eBook

SQL NoSQL

ISBN 9182932465265

Title ldquoCloud Computing Conceptsrdquo

Author ldquoWilson Joerdquo

Format ldquoPaperbackrdquo

87copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Data Storage Considerations

No one size fits all

Analyze your data requirements by considering

Data formats

Data size

Query frequency

Data access speed

Data retention period

88copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Managed Database Services

Compute Storage

AWS Global Infrastructure

Database

App Services

Deployment and Administration

Networking

Amazon DynamoDB

Amazon ElastiCache

Amazon RDS

Amazon Redshift

AWS Database Migration Service

89copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Relational Database Service (RDS)

Cost-efficient and resizable capacity

Manages time-consuming database

administration tasks

Access to the full capabilities of Amazon

Aurora MySQL MariaDB Microsoft SQL

Server Oracle and PostgreSQL databases

Amazon

RDS

90copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Use Case

We were able to go from

concept to delivered product

in about six months with just

a handful of engineers

Greg Scallan

Chief Architect Flipboard

rdquo

ldquoFlipboard is an online magazine

with millions of users and billions of

ldquoflipsrdquo per month

Flipboard is one of the worldrsquos first

social media magazines

Flipboard uses Amazon RDS and

its Multi-AZ capabilities to store

mission critical user data

91copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS

Simple and fast to deploy

Manages common database administrative tasks

Compatible with your applications

Fast predictable performance

Simple and fast to scale

Secure

Cost-effective

92copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

How Amazon RDS Backups Work

Automatic Backups

Restore your database to a

point in time

Are enabled by default

Let you choose a retention

period up to 35 days

Manual Snapshots

Let you build a new

database instance from a

snapshot

Are initiated by the user

Persist until the user deletes

them

Are stored in Amazon S3

93copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cross-Region Snapshots

Are a copy of a database

snapshot stored in a

different AWS Region

Provide a backup for

disaster recovery

Can be used as a base

for migration to a

different region

94copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Security

Run your DB instance in an Amazon VPC

Use IAM policies to grant access to Amazon RDS resources

Use security groups

Use Secure Socket Layer (SSL) connections with DB instances (Amazon Aurora Oracle MySQL MariaDB PostgreSQL Microsoft SQL Server)

Use Amazon RDS encryption to secure your RDS instances and snapshots at rest

Use network encryption and transparent data encryption (TDE) with Oracle DB and Microsoft SQL Server instances

Use the security features of your DB engine to control access to your DB instance

95copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

A Resilient Durable Application Architecture

Amazon RDS database

instances

Master and Multi-AZ standby

Application in Amazon

EC2 instances

Elastic Load Balancing

load balancer instance

DB snapshots in

Amazon S3

96copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Best Practices

Monitor your memory CPU and storage usage

Use Multi-AZ deployments to automatically provision and maintain a synchronous standby in a different Availability Zone

Enable automatic backups

Set the backup window to occur during the daily low in WriteIOPS

To increase the IO capacity of a DB instance Migrate to a DB instance class with high IO capacity

Convert from standard storage to provisioned IOPS storage and use a DB instance class optimized for provisioned IOPS

Provision additional throughput capacity (if using provisioned IOPS storage)

If your client application is caching the DNS data of your DB instances set a TTL of less than 30 seconds

Test failover for your DB instance

97copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon DynamoDB

Store any amount of data with no limits

Fast predictable performance using SSDs

Easily provision and change the request

capacity needed for each table

Fully managed NoSQL database serviceAmazon

DynamoDB

98copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Use Case

AdRoll an online advertising platform serves 50

billion impressions a day worldwide with its

global retargeting platforms

We spend more on snacks

than we do on Amazon

DynamoDB

Valentino Volonghi

CTO Adroll

rdquo

ldquoAdroll Uses AWS to grow by more than

15000 in a year

Needed high-performance flexible

platform to swiftly sync data for

worldwide audience

Processes 50 TB of data a day

Serves 50 billion impressions a day

Stores 15 PB of data

Worldwide deployment minimizes

latency

99copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Data Model

Table

MusicItems

Attributes (name-value pairs)

Artist Song

Title

Album

Title

Year Genre

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 25: AWSome Day Cork | Technical Track

25copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Instances

OS Applications

amp Configuration

AMI

Running or

Stopped VM

Instances

AZ

VPC

Region

EBS

S3

EBS

SnapshotsS3 Buckets

EBS EBS EBS EBS EBS

AZ

Instances Instances

26copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS vs Amazon EC2 Instance Store

Amazon EBS

Data stored on an Amazon EBS volume can persist

independently of the life of the instance

Storage is persistent

Amazon EC2 Instance Store

Data stored on a local instance store persists only as long as the

instance is alive

Storage is ephemeral

27copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Marketplace ndash IT Software Optimized for the

Cloud

AWS Marketplace

Is an online store to discover purchase and deploy IT software on top of the AWS infrastructure

Catalog of 2300+ IT software solutionsbull Including Paid BYOL Open Source SaaS amp free to try options

Pre-configured to operate on AWSbull Software checked by AWS for security and operability

Deploys to AWS environment in minutes

Flexible usage-based billing models

Software charges billed to AWS account

Includes AWS Test Drive

httpsawsamazoncommarketplace

28copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Choosing the Right Amazon EC2 Instance

EC2 instance types are optimized for different use cases and come

in multiple sizes This allows you to optimally scale resources to

your workload requirements

AWS uses Intelreg Xeonreg processors for EC2 instances providing

customers with high performance and value

Consider the following when choosing your instances Core count

memory size storage size and type network performance and

CPU technologies

Hurry Up and Go Idle - A larger compute instance can save you time

and money therefore paying more per hour for a shorter amount of

time can be less expensive

29copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Intelreg Processor Technologies

Intelreg AVX ndash Get dramatically better performance for highly parallel HPC workloads such as life science engineering data mining financial analysis or other technical computing applications AVX also enhances image video and audio processing

Intelreg AES-NI ndash Enhance your security with these new encryption instructions that reduce the performance penalty associated with encryptingdecrypting data

Intelreg Turbo Boost Technology ndash Get more computing power when you need it with performance that adapts to spikes in your workload with Intelreg Turbo Boost Technology 20

30copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Current Generation Instances

Instance Family Some Use Cases

General purpose (t2 m4 m3) bull Low-traffic websites and web applications

bull Small databases and mid-size databases

Compute optimized (c4 c3) bull High performance front-end fleets

bull Video-encoding

Memory optimized (r3) bull High performance databases

bull Distributed memory caches

Storage optimized (i2 d2) bull Data warehousing

bull Log or data-processing applications

GPU instances (g2) bull 3D application streaming

bull Machine learning

31copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instance Metadata amp User Data

Instance Metadata

Is data about your instance

Can be used to configure or manage a running instance

Instance User Data

Can be passed to the instance at launch

Can be used to perform common automated configuration tasks

Runs scripts after the instance starts

32copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Purchasing Options

On-Demand Instances

Pay by the hour

Reserved Instances

Purchase at significant discount

Instances are always available

1-year to 3-year terms

Scheduled Instances

Purchase a 1-year RI for a

recurring period of time

Spot Instances

Highest bidder uses instance at a

significant discount

Spot blocks supported

Dedicated Hosts

Physical host is fully dedicated to

run your instances Bring your per-socket per-core or per-

VM software licenses to reduce

cost

33copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instructor Demo

Amazon EC2

34copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Simple Storage Service (S3)

Amazon S3

Storage for the Internet

Natively online HTTP access

Store and retrieve any amount of data any

time from anywhere on the web

Highly scalable reliable fast and durable

35copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Facts

Able to store an unlimited number of objects in a bucket

Objects up to 5 TB no bucket size limit

Designed for 99999999999 durability and 9999 availability of

objects over a given year

HTTPS endpoint to store and retrieve any amount of data at any

time from anywhere on the web

Highly scalable reliable fast and inexpensive

Optional server-side encryption using AWS or customer-

managed provided client-side encryption

Access logs for auditing

Provides standards-based REST and SOAP interfaces

36copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Common Use Scenarios

Storage and Backup

Application File Hosting

Media Hosting

Software Delivery

Store AMIs and Snapshots

37copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Concepts

Amazon S3 stores data as objects

within buckets

An object is composed of a file and

optionally any metadata that

describes that file

You can have up to 100 buckets in

each account

You can control access to the

bucket and its objects

Amazon

S3

Bucket

with

Objects

Bucket

Object

38copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Object Keys

An object key is the unique identifier for an object in a

bucket

httpdocs3amazonawscom2006-03-01AmazonS3html

Bucket ObjectKey

39copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Security

You can control access to buckets and objects with

Access Control Lists (ACLs)

Bucket policies

Identity and Access Management (IAM) policies

You can upload or download data to Amazon S3 via SSL

encrypted endpoints

You can encrypt data using AWS SDKs

40copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Versioning

Protects from accidental overwrites and deletes with

no performance penalty

Generates a new version with every upload

Allows easily retrieval of deleted objects or roll back

to previous versions

Three states of an Amazon S3 bucket

Un-versioned (default)

Versioning-enabled

Versioning-suspendedVersioning Enabled

Key photogif

ID 121212

Key photogif

ID 111111

41copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Object Lifecycle

Lifecycle management defines how Amazon S3 manages

objects during their lifetime Some objects that you store in an

Amazon S3 bucket might have a well-defined lifecycle

Log files

Archive documents

Digital media archives

Financial and healthcare records

Raw genomics sequence data

Long-term database backups

Data that must be retained for regulatory compliance

42copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Glacier

Long term low-cost archiving service

Optimal for infrequently accessed data

Designed for 99999999999 durability

3-5 hours retrieval time

Less than $001 per GB month (depending on region)

43copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 + Amazon Glacier

S3 Lifecycle policies allow you to delete or move

objects based on age and set rules per S3 bucket

bucket with

objects

30 Days

Glacier

archive

365 Days

44copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Region Considerations

Amazon S3 creates a bucket in the region you

select

You can choose a region to

Optimize latency

Minimize costs

Address regulatory requirements

Objects stored in a region never leave the region

unless you explicitly transfer them to another

region

45copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Storage Classes

Storage Class Durability Availability Other Considerations

Amazon S3

Standard

99999999999 9999 None

Amazon S3

Standard -

Infrequent

Access (IA)

99999999999 9999 bull Retrieval fee associated

with objects

bull Most suitable for

infrequently accessed

data

Glacier 99999999999 9999 (after you

restore objects)

bull Not available for real-time

access

bull Must restore objects

before you can access

them

46copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Elastic Block Store (EBS)

Persistent block level storage volumes

offering consistent and low-latency performance

Automatically replicated within its Availability

Zone

Snapshots stored durably in Amazon S3 Amazon

EBS

47copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS Lifecycle

Vast amounts of

unused space Create

Call CreateVolume

1 GB to 16 TB

Attach

Call AttachVolume to affiliate with

one Amazon EC2 instance

Attached

and

In Use

bull Format from Amazon EC2

instance OS

bull Mount formatted drive

CreateSnapshotSnapshot to

Amazon S3Detach

Call DetachVolume

Deleted

Call DeleteVolume

48copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS Facts

You can create

EBS Magnetic volumes from 1 GiB to 1 TiB in size

EBS General Purpose (SSD) and Provisioned IOPS (SSD)

volumes up to 16 TiB in size

You can use encrypted EBS volumes to meet a wide

range of data at-rest encryption requirements for

regulatedaudited data and applications

You can create point-in-time snapshots of EBS volumes

which are persisted to Amazon S3

49copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS and Amazon S3

Amazon EBS Amazon S3

Paradigm Block storage with file system Object store

Performance Very fast Fast

Redundancy Across multiple servers in an

Availability Zone

Across multiple facilities in a Region

Security EBS Encryption ndash Data volumes

and Snapshots

Encryption

Access from the

Internet

No (1) Yes (2)

Typical use case It is a disk drive Online storage

(1) Accessible from the Internet if mounted to server and set up as FTP etc

(2) Only with proper credentials unless ACLs are world-readable

50copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Instance Storage

Local complimentary direct attached block storage resource

Availability number of disks and size is based on EC2

instance type

Storage optimized instances for up to 365000 Read IOPS

and 315000 First Write IOPS

SSD or magnetic

No persistence

All data is automatically deleted when an EC2 instance stops

fails or is terminated

51copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Reboot vs Stop vs Terminate

Characteristic Reboot StopStart (EBS-backed instances only)

Terminate

Host computer The instance stays on the

same host computer

The instance runs on a new

host computer

NA

Private and public

IP addresses

Stay the same Instance keeps its private IP

address and gets a new public

IP address

NA

Elastic IP addresses

(EIP)

EIP remains associated with

the instance

EIP remains associated with the

instance

The EIP is disassociated from the

instance

Instance store

volumes

The data is preserved The data is erased The data is erased

EBS volume The volume is preserved The volume is preserved The volume is deleted by default

Billing Instance billing hour doesnrsquot

change

You stop incurring charges as

soon as state is changed to

stopping

You stop incurring charges as

soon as state is changed to

shutting-down

52copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instructor Demo

Amazon S3

53copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Networking

Amazon VPC

54copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

Provision a private isolated virtual network

on the AWS cloud

Have complete control over your virtual

networking environmentAmazon

VPC

55copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

VPCs and Subnets

A subnet defines a range of IP addresses in your VPC

You can launch AWS resources into a subnet that you select

A private subnet should be used for resources that wonrsquot be accessible over the Internet

A public subnet should be used for resources that will be accessed over the Internet

Each subnet must reside entirely within one Availability Zone and cannot span zones

56copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon VPC Example

Availability Zone A

Virtual Private Cloud

AWS Cloud

Public Subnet

Internet

Virtual Private Cloud

Availability Zone B

Private Subnet

Availability Zone C

VPN Only Subnet

DB Server DB Server

App Server

DB Server DB Server

DB Server

Web Server Web Server

NAT

Customer

Network

R

57copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security in Your VPC

Security groups

Network access

control lists

(ACLs) Subnet

1000024Subnet

1001024

Internet GatewayVPN Gateway

VPC Router

1000016

Security Group Security

Group

Security

Group

Network ACL Network ACL

Routing Table Routing Table

instance instance instance instance

58copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answers

Q What AWS service would help support your web application to offload serving static assets and store user uploaded images and video off-instance

Q How would you find out the private and public IP addresses for an EC2 instance

Q What acts as an additional layer of security at the subnet level in a VPC

True or False S3 Provides unlimited storageTrue

Retrieve the instance metadata http169254169254latestmeta-data

Amazon S3

Network ACLs

59copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 3

Security Identity and Access

Management

60copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Shared Responsibility ndash AWS

AW

S

Client-side Data Encryption

and Data Integrity

Authentication

Server-side Encryption

(File System andor Data)Network Traffic Protection

(EncryptionIntegrityIdentity)

Platform Applications Identity and Access Management

Operating System Network and Firewall Configuration

Customer DataC

usto

mer

Foundation Services

Compute Storage Database Network

AWS Global

Infrastructure Regions

Availability Zones Edge

Locations

61copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Physical Security

247 trained security staff

AWS data centers in nondescript and undisclosed facilities

Two-factor authentication for authorized staff

Authorization for data center access

62copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Hardware Software and Network

Automated change-control process

Bastion servers that record all access attempts

Firewall and other boundary devices

AWS monitoring tools

63copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Certifications and Accreditations

ISO 9001 ISO 27001 ISO 27017 ISO 27018 IRAP (Australia) MLPS Level 3 (China)

MTCS Tier 3 Certification (Singapore) and more hellip

64copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SSL Endpoints

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

SSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

SSL Endpoints

65copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security Groups

SSL Endpoints Security Groups

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

66copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

VPCSSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

67copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Multi-Tier Security Groups

HTTP

SSHRDP

Ports 80 and 443 only

open to the Internet

Engineering staff have SSHRDP

access to Bastion Host

All other internet ports blocked by default

Bastion

68copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Identity and Access Management (IAM)

AWS IAM

3

Manage federated users

and their permissions

2

Manage AWS IAM roles

and their permissions

1

Manage AWS IAM users

and their access

69copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Authentication

AWS Management Console User Name and Password

IAM User

70copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Access Key ID AKIAIOSFODNN7EXAMPLE

Secret Access Key wJalrXUtnFEMIK7MDENGbPxRfiCYEXAMPLEKEY

Java Python NET

AWS SDK amp APIAWS CLI

Authentication

AWS CLI or SDK API Access Key and Secret Key

IAM User

71copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM User Management - Groups

User D

DevOps Group

User C

AWS Account

TestDev Group

User BUser A

72copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authorization

Authorization

Policies

Are JSON documents to

describe permissions

Are assigned to Users

Groups or Roles

IAM User IAM Group

IAM Roles

73copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Elements

Version 2012-10-17

Statement [

Sid Stmt1453690971587

Action [

ec2Describe

ec2StartInstances

ec2StopInstancesrdquo

]

Effect Allow

Resource

Condition

IpAddress

awsSourceIp 5464346532rdquo

Sid Stmt1453690998327

Action [

s3GetObjectrdquo

]

Effect Allow

Resource arnawss3example_bucketrdquo

]

IAM Policy

74copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

Assigned Assigned

IAM Policy

75copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

76copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Roles

An IAM role uses a policy

An IAM role has no associated credentials

IAM users applications and services may assume IAM

roles

IAM Roles

77copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

IAM User

Assumed Assumed

AWS Resources

78copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Access to AWS Resources

Python application hosted on an Amazon EC2 Instance

needs to interact with Amazon S3

AWS credentials are required

Option 1 Store AWS Credentials on the Amazon EC2 instance

Option 2 Securely distribute AWS credentials to AWS Services

and Applications

IAM Roles

79copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Authentication

AWS IAM Application

No Support No Support

OS

80copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication and Authorization

Authentication

AWS Management Console

bull User Name and Password

AWS CLI or SDK API

bull Access Key and Secret Key

Authorization

Policies

IAM User IAM Group

IAM Roles

81copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices

Delete AWS account (root) access keys

Create individual IAM users

Use groups to assign permissions to IAM users

Grant least privilege

Configure a strong password policy

Enable MFA for privileged users

82copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices (cont)

Use roles for applications that run on Amazon EC2

instances

Delegate by using roles instead of by sharing credentials

Rotate credentials regularly

Remove unnecessary users and credentials

Use policy conditions for extra security

Monitor activity in your AWS account

83copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Resource-Based Policies

Are an alternative to IAM and supported by some

services

Grant cross-account access to your resources

Use a principal to uniquely identify account in the policy

Supported AWS services include Amazon S3 Bucket Policy

Amazon SNS Topic Policy

Amazon SQS Queue Policy

Amazon Glacier Vault Policy

AWS OpsWorks Stack Policy

AWS Lambda Function Policy

84copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answer

Q Your web application needs to readwrite an Amazon DynamoDB table

and an Amazon S3 bucket This operation requires AWS credentials and

authorization to use AWS services What service would you use

AWS IAM Role

85copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 4

Databases

86copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SQL and NoSQL Databases

SQL NoSQL

Data Storage Rows and Columns Key-Value

Schemas Fixed Dynamic

Querying Using SQL Focused on collection of

documents

Scalability Vertical Horizontal

ISBN Title Author Format

9182932465265 Cloud Computing

Concepts

Wilson

Joe

Paperback

3142536475869 The Database

Guru

Gomez

Maria

eBook

SQL NoSQL

ISBN 9182932465265

Title ldquoCloud Computing Conceptsrdquo

Author ldquoWilson Joerdquo

Format ldquoPaperbackrdquo

87copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Data Storage Considerations

No one size fits all

Analyze your data requirements by considering

Data formats

Data size

Query frequency

Data access speed

Data retention period

88copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Managed Database Services

Compute Storage

AWS Global Infrastructure

Database

App Services

Deployment and Administration

Networking

Amazon DynamoDB

Amazon ElastiCache

Amazon RDS

Amazon Redshift

AWS Database Migration Service

89copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Relational Database Service (RDS)

Cost-efficient and resizable capacity

Manages time-consuming database

administration tasks

Access to the full capabilities of Amazon

Aurora MySQL MariaDB Microsoft SQL

Server Oracle and PostgreSQL databases

Amazon

RDS

90copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Use Case

We were able to go from

concept to delivered product

in about six months with just

a handful of engineers

Greg Scallan

Chief Architect Flipboard

rdquo

ldquoFlipboard is an online magazine

with millions of users and billions of

ldquoflipsrdquo per month

Flipboard is one of the worldrsquos first

social media magazines

Flipboard uses Amazon RDS and

its Multi-AZ capabilities to store

mission critical user data

91copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS

Simple and fast to deploy

Manages common database administrative tasks

Compatible with your applications

Fast predictable performance

Simple and fast to scale

Secure

Cost-effective

92copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

How Amazon RDS Backups Work

Automatic Backups

Restore your database to a

point in time

Are enabled by default

Let you choose a retention

period up to 35 days

Manual Snapshots

Let you build a new

database instance from a

snapshot

Are initiated by the user

Persist until the user deletes

them

Are stored in Amazon S3

93copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cross-Region Snapshots

Are a copy of a database

snapshot stored in a

different AWS Region

Provide a backup for

disaster recovery

Can be used as a base

for migration to a

different region

94copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Security

Run your DB instance in an Amazon VPC

Use IAM policies to grant access to Amazon RDS resources

Use security groups

Use Secure Socket Layer (SSL) connections with DB instances (Amazon Aurora Oracle MySQL MariaDB PostgreSQL Microsoft SQL Server)

Use Amazon RDS encryption to secure your RDS instances and snapshots at rest

Use network encryption and transparent data encryption (TDE) with Oracle DB and Microsoft SQL Server instances

Use the security features of your DB engine to control access to your DB instance

95copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

A Resilient Durable Application Architecture

Amazon RDS database

instances

Master and Multi-AZ standby

Application in Amazon

EC2 instances

Elastic Load Balancing

load balancer instance

DB snapshots in

Amazon S3

96copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Best Practices

Monitor your memory CPU and storage usage

Use Multi-AZ deployments to automatically provision and maintain a synchronous standby in a different Availability Zone

Enable automatic backups

Set the backup window to occur during the daily low in WriteIOPS

To increase the IO capacity of a DB instance Migrate to a DB instance class with high IO capacity

Convert from standard storage to provisioned IOPS storage and use a DB instance class optimized for provisioned IOPS

Provision additional throughput capacity (if using provisioned IOPS storage)

If your client application is caching the DNS data of your DB instances set a TTL of less than 30 seconds

Test failover for your DB instance

97copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon DynamoDB

Store any amount of data with no limits

Fast predictable performance using SSDs

Easily provision and change the request

capacity needed for each table

Fully managed NoSQL database serviceAmazon

DynamoDB

98copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Use Case

AdRoll an online advertising platform serves 50

billion impressions a day worldwide with its

global retargeting platforms

We spend more on snacks

than we do on Amazon

DynamoDB

Valentino Volonghi

CTO Adroll

rdquo

ldquoAdroll Uses AWS to grow by more than

15000 in a year

Needed high-performance flexible

platform to swiftly sync data for

worldwide audience

Processes 50 TB of data a day

Serves 50 billion impressions a day

Stores 15 PB of data

Worldwide deployment minimizes

latency

99copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Data Model

Table

MusicItems

Attributes (name-value pairs)

Artist Song

Title

Album

Title

Year Genre

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 26: AWSome Day Cork | Technical Track

26copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS vs Amazon EC2 Instance Store

Amazon EBS

Data stored on an Amazon EBS volume can persist

independently of the life of the instance

Storage is persistent

Amazon EC2 Instance Store

Data stored on a local instance store persists only as long as the

instance is alive

Storage is ephemeral

27copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Marketplace ndash IT Software Optimized for the

Cloud

AWS Marketplace

Is an online store to discover purchase and deploy IT software on top of the AWS infrastructure

Catalog of 2300+ IT software solutionsbull Including Paid BYOL Open Source SaaS amp free to try options

Pre-configured to operate on AWSbull Software checked by AWS for security and operability

Deploys to AWS environment in minutes

Flexible usage-based billing models

Software charges billed to AWS account

Includes AWS Test Drive

httpsawsamazoncommarketplace

28copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Choosing the Right Amazon EC2 Instance

EC2 instance types are optimized for different use cases and come

in multiple sizes This allows you to optimally scale resources to

your workload requirements

AWS uses Intelreg Xeonreg processors for EC2 instances providing

customers with high performance and value

Consider the following when choosing your instances Core count

memory size storage size and type network performance and

CPU technologies

Hurry Up and Go Idle - A larger compute instance can save you time

and money therefore paying more per hour for a shorter amount of

time can be less expensive

29copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Intelreg Processor Technologies

Intelreg AVX ndash Get dramatically better performance for highly parallel HPC workloads such as life science engineering data mining financial analysis or other technical computing applications AVX also enhances image video and audio processing

Intelreg AES-NI ndash Enhance your security with these new encryption instructions that reduce the performance penalty associated with encryptingdecrypting data

Intelreg Turbo Boost Technology ndash Get more computing power when you need it with performance that adapts to spikes in your workload with Intelreg Turbo Boost Technology 20

30copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Current Generation Instances

Instance Family Some Use Cases

General purpose (t2 m4 m3) bull Low-traffic websites and web applications

bull Small databases and mid-size databases

Compute optimized (c4 c3) bull High performance front-end fleets

bull Video-encoding

Memory optimized (r3) bull High performance databases

bull Distributed memory caches

Storage optimized (i2 d2) bull Data warehousing

bull Log or data-processing applications

GPU instances (g2) bull 3D application streaming

bull Machine learning

31copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instance Metadata amp User Data

Instance Metadata

Is data about your instance

Can be used to configure or manage a running instance

Instance User Data

Can be passed to the instance at launch

Can be used to perform common automated configuration tasks

Runs scripts after the instance starts

32copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Purchasing Options

On-Demand Instances

Pay by the hour

Reserved Instances

Purchase at significant discount

Instances are always available

1-year to 3-year terms

Scheduled Instances

Purchase a 1-year RI for a

recurring period of time

Spot Instances

Highest bidder uses instance at a

significant discount

Spot blocks supported

Dedicated Hosts

Physical host is fully dedicated to

run your instances Bring your per-socket per-core or per-

VM software licenses to reduce

cost

33copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instructor Demo

Amazon EC2

34copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Simple Storage Service (S3)

Amazon S3

Storage for the Internet

Natively online HTTP access

Store and retrieve any amount of data any

time from anywhere on the web

Highly scalable reliable fast and durable

35copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Facts

Able to store an unlimited number of objects in a bucket

Objects up to 5 TB no bucket size limit

Designed for 99999999999 durability and 9999 availability of

objects over a given year

HTTPS endpoint to store and retrieve any amount of data at any

time from anywhere on the web

Highly scalable reliable fast and inexpensive

Optional server-side encryption using AWS or customer-

managed provided client-side encryption

Access logs for auditing

Provides standards-based REST and SOAP interfaces

36copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Common Use Scenarios

Storage and Backup

Application File Hosting

Media Hosting

Software Delivery

Store AMIs and Snapshots

37copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Concepts

Amazon S3 stores data as objects

within buckets

An object is composed of a file and

optionally any metadata that

describes that file

You can have up to 100 buckets in

each account

You can control access to the

bucket and its objects

Amazon

S3

Bucket

with

Objects

Bucket

Object

38copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Object Keys

An object key is the unique identifier for an object in a

bucket

httpdocs3amazonawscom2006-03-01AmazonS3html

Bucket ObjectKey

39copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Security

You can control access to buckets and objects with

Access Control Lists (ACLs)

Bucket policies

Identity and Access Management (IAM) policies

You can upload or download data to Amazon S3 via SSL

encrypted endpoints

You can encrypt data using AWS SDKs

40copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Versioning

Protects from accidental overwrites and deletes with

no performance penalty

Generates a new version with every upload

Allows easily retrieval of deleted objects or roll back

to previous versions

Three states of an Amazon S3 bucket

Un-versioned (default)

Versioning-enabled

Versioning-suspendedVersioning Enabled

Key photogif

ID 121212

Key photogif

ID 111111

41copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Object Lifecycle

Lifecycle management defines how Amazon S3 manages

objects during their lifetime Some objects that you store in an

Amazon S3 bucket might have a well-defined lifecycle

Log files

Archive documents

Digital media archives

Financial and healthcare records

Raw genomics sequence data

Long-term database backups

Data that must be retained for regulatory compliance

42copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Glacier

Long term low-cost archiving service

Optimal for infrequently accessed data

Designed for 99999999999 durability

3-5 hours retrieval time

Less than $001 per GB month (depending on region)

43copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 + Amazon Glacier

S3 Lifecycle policies allow you to delete or move

objects based on age and set rules per S3 bucket

bucket with

objects

30 Days

Glacier

archive

365 Days

44copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Region Considerations

Amazon S3 creates a bucket in the region you

select

You can choose a region to

Optimize latency

Minimize costs

Address regulatory requirements

Objects stored in a region never leave the region

unless you explicitly transfer them to another

region

45copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Storage Classes

Storage Class Durability Availability Other Considerations

Amazon S3

Standard

99999999999 9999 None

Amazon S3

Standard -

Infrequent

Access (IA)

99999999999 9999 bull Retrieval fee associated

with objects

bull Most suitable for

infrequently accessed

data

Glacier 99999999999 9999 (after you

restore objects)

bull Not available for real-time

access

bull Must restore objects

before you can access

them

46copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Elastic Block Store (EBS)

Persistent block level storage volumes

offering consistent and low-latency performance

Automatically replicated within its Availability

Zone

Snapshots stored durably in Amazon S3 Amazon

EBS

47copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS Lifecycle

Vast amounts of

unused space Create

Call CreateVolume

1 GB to 16 TB

Attach

Call AttachVolume to affiliate with

one Amazon EC2 instance

Attached

and

In Use

bull Format from Amazon EC2

instance OS

bull Mount formatted drive

CreateSnapshotSnapshot to

Amazon S3Detach

Call DetachVolume

Deleted

Call DeleteVolume

48copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS Facts

You can create

EBS Magnetic volumes from 1 GiB to 1 TiB in size

EBS General Purpose (SSD) and Provisioned IOPS (SSD)

volumes up to 16 TiB in size

You can use encrypted EBS volumes to meet a wide

range of data at-rest encryption requirements for

regulatedaudited data and applications

You can create point-in-time snapshots of EBS volumes

which are persisted to Amazon S3

49copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS and Amazon S3

Amazon EBS Amazon S3

Paradigm Block storage with file system Object store

Performance Very fast Fast

Redundancy Across multiple servers in an

Availability Zone

Across multiple facilities in a Region

Security EBS Encryption ndash Data volumes

and Snapshots

Encryption

Access from the

Internet

No (1) Yes (2)

Typical use case It is a disk drive Online storage

(1) Accessible from the Internet if mounted to server and set up as FTP etc

(2) Only with proper credentials unless ACLs are world-readable

50copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Instance Storage

Local complimentary direct attached block storage resource

Availability number of disks and size is based on EC2

instance type

Storage optimized instances for up to 365000 Read IOPS

and 315000 First Write IOPS

SSD or magnetic

No persistence

All data is automatically deleted when an EC2 instance stops

fails or is terminated

51copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Reboot vs Stop vs Terminate

Characteristic Reboot StopStart (EBS-backed instances only)

Terminate

Host computer The instance stays on the

same host computer

The instance runs on a new

host computer

NA

Private and public

IP addresses

Stay the same Instance keeps its private IP

address and gets a new public

IP address

NA

Elastic IP addresses

(EIP)

EIP remains associated with

the instance

EIP remains associated with the

instance

The EIP is disassociated from the

instance

Instance store

volumes

The data is preserved The data is erased The data is erased

EBS volume The volume is preserved The volume is preserved The volume is deleted by default

Billing Instance billing hour doesnrsquot

change

You stop incurring charges as

soon as state is changed to

stopping

You stop incurring charges as

soon as state is changed to

shutting-down

52copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instructor Demo

Amazon S3

53copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Networking

Amazon VPC

54copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

Provision a private isolated virtual network

on the AWS cloud

Have complete control over your virtual

networking environmentAmazon

VPC

55copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

VPCs and Subnets

A subnet defines a range of IP addresses in your VPC

You can launch AWS resources into a subnet that you select

A private subnet should be used for resources that wonrsquot be accessible over the Internet

A public subnet should be used for resources that will be accessed over the Internet

Each subnet must reside entirely within one Availability Zone and cannot span zones

56copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon VPC Example

Availability Zone A

Virtual Private Cloud

AWS Cloud

Public Subnet

Internet

Virtual Private Cloud

Availability Zone B

Private Subnet

Availability Zone C

VPN Only Subnet

DB Server DB Server

App Server

DB Server DB Server

DB Server

Web Server Web Server

NAT

Customer

Network

R

57copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security in Your VPC

Security groups

Network access

control lists

(ACLs) Subnet

1000024Subnet

1001024

Internet GatewayVPN Gateway

VPC Router

1000016

Security Group Security

Group

Security

Group

Network ACL Network ACL

Routing Table Routing Table

instance instance instance instance

58copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answers

Q What AWS service would help support your web application to offload serving static assets and store user uploaded images and video off-instance

Q How would you find out the private and public IP addresses for an EC2 instance

Q What acts as an additional layer of security at the subnet level in a VPC

True or False S3 Provides unlimited storageTrue

Retrieve the instance metadata http169254169254latestmeta-data

Amazon S3

Network ACLs

59copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 3

Security Identity and Access

Management

60copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Shared Responsibility ndash AWS

AW

S

Client-side Data Encryption

and Data Integrity

Authentication

Server-side Encryption

(File System andor Data)Network Traffic Protection

(EncryptionIntegrityIdentity)

Platform Applications Identity and Access Management

Operating System Network and Firewall Configuration

Customer DataC

usto

mer

Foundation Services

Compute Storage Database Network

AWS Global

Infrastructure Regions

Availability Zones Edge

Locations

61copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Physical Security

247 trained security staff

AWS data centers in nondescript and undisclosed facilities

Two-factor authentication for authorized staff

Authorization for data center access

62copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Hardware Software and Network

Automated change-control process

Bastion servers that record all access attempts

Firewall and other boundary devices

AWS monitoring tools

63copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Certifications and Accreditations

ISO 9001 ISO 27001 ISO 27017 ISO 27018 IRAP (Australia) MLPS Level 3 (China)

MTCS Tier 3 Certification (Singapore) and more hellip

64copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SSL Endpoints

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

SSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

SSL Endpoints

65copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security Groups

SSL Endpoints Security Groups

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

66copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

VPCSSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

67copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Multi-Tier Security Groups

HTTP

SSHRDP

Ports 80 and 443 only

open to the Internet

Engineering staff have SSHRDP

access to Bastion Host

All other internet ports blocked by default

Bastion

68copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Identity and Access Management (IAM)

AWS IAM

3

Manage federated users

and their permissions

2

Manage AWS IAM roles

and their permissions

1

Manage AWS IAM users

and their access

69copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Authentication

AWS Management Console User Name and Password

IAM User

70copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Access Key ID AKIAIOSFODNN7EXAMPLE

Secret Access Key wJalrXUtnFEMIK7MDENGbPxRfiCYEXAMPLEKEY

Java Python NET

AWS SDK amp APIAWS CLI

Authentication

AWS CLI or SDK API Access Key and Secret Key

IAM User

71copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM User Management - Groups

User D

DevOps Group

User C

AWS Account

TestDev Group

User BUser A

72copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authorization

Authorization

Policies

Are JSON documents to

describe permissions

Are assigned to Users

Groups or Roles

IAM User IAM Group

IAM Roles

73copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Elements

Version 2012-10-17

Statement [

Sid Stmt1453690971587

Action [

ec2Describe

ec2StartInstances

ec2StopInstancesrdquo

]

Effect Allow

Resource

Condition

IpAddress

awsSourceIp 5464346532rdquo

Sid Stmt1453690998327

Action [

s3GetObjectrdquo

]

Effect Allow

Resource arnawss3example_bucketrdquo

]

IAM Policy

74copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

Assigned Assigned

IAM Policy

75copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

76copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Roles

An IAM role uses a policy

An IAM role has no associated credentials

IAM users applications and services may assume IAM

roles

IAM Roles

77copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

IAM User

Assumed Assumed

AWS Resources

78copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Access to AWS Resources

Python application hosted on an Amazon EC2 Instance

needs to interact with Amazon S3

AWS credentials are required

Option 1 Store AWS Credentials on the Amazon EC2 instance

Option 2 Securely distribute AWS credentials to AWS Services

and Applications

IAM Roles

79copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Authentication

AWS IAM Application

No Support No Support

OS

80copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication and Authorization

Authentication

AWS Management Console

bull User Name and Password

AWS CLI or SDK API

bull Access Key and Secret Key

Authorization

Policies

IAM User IAM Group

IAM Roles

81copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices

Delete AWS account (root) access keys

Create individual IAM users

Use groups to assign permissions to IAM users

Grant least privilege

Configure a strong password policy

Enable MFA for privileged users

82copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices (cont)

Use roles for applications that run on Amazon EC2

instances

Delegate by using roles instead of by sharing credentials

Rotate credentials regularly

Remove unnecessary users and credentials

Use policy conditions for extra security

Monitor activity in your AWS account

83copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Resource-Based Policies

Are an alternative to IAM and supported by some

services

Grant cross-account access to your resources

Use a principal to uniquely identify account in the policy

Supported AWS services include Amazon S3 Bucket Policy

Amazon SNS Topic Policy

Amazon SQS Queue Policy

Amazon Glacier Vault Policy

AWS OpsWorks Stack Policy

AWS Lambda Function Policy

84copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answer

Q Your web application needs to readwrite an Amazon DynamoDB table

and an Amazon S3 bucket This operation requires AWS credentials and

authorization to use AWS services What service would you use

AWS IAM Role

85copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 4

Databases

86copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SQL and NoSQL Databases

SQL NoSQL

Data Storage Rows and Columns Key-Value

Schemas Fixed Dynamic

Querying Using SQL Focused on collection of

documents

Scalability Vertical Horizontal

ISBN Title Author Format

9182932465265 Cloud Computing

Concepts

Wilson

Joe

Paperback

3142536475869 The Database

Guru

Gomez

Maria

eBook

SQL NoSQL

ISBN 9182932465265

Title ldquoCloud Computing Conceptsrdquo

Author ldquoWilson Joerdquo

Format ldquoPaperbackrdquo

87copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Data Storage Considerations

No one size fits all

Analyze your data requirements by considering

Data formats

Data size

Query frequency

Data access speed

Data retention period

88copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Managed Database Services

Compute Storage

AWS Global Infrastructure

Database

App Services

Deployment and Administration

Networking

Amazon DynamoDB

Amazon ElastiCache

Amazon RDS

Amazon Redshift

AWS Database Migration Service

89copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Relational Database Service (RDS)

Cost-efficient and resizable capacity

Manages time-consuming database

administration tasks

Access to the full capabilities of Amazon

Aurora MySQL MariaDB Microsoft SQL

Server Oracle and PostgreSQL databases

Amazon

RDS

90copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Use Case

We were able to go from

concept to delivered product

in about six months with just

a handful of engineers

Greg Scallan

Chief Architect Flipboard

rdquo

ldquoFlipboard is an online magazine

with millions of users and billions of

ldquoflipsrdquo per month

Flipboard is one of the worldrsquos first

social media magazines

Flipboard uses Amazon RDS and

its Multi-AZ capabilities to store

mission critical user data

91copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS

Simple and fast to deploy

Manages common database administrative tasks

Compatible with your applications

Fast predictable performance

Simple and fast to scale

Secure

Cost-effective

92copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

How Amazon RDS Backups Work

Automatic Backups

Restore your database to a

point in time

Are enabled by default

Let you choose a retention

period up to 35 days

Manual Snapshots

Let you build a new

database instance from a

snapshot

Are initiated by the user

Persist until the user deletes

them

Are stored in Amazon S3

93copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cross-Region Snapshots

Are a copy of a database

snapshot stored in a

different AWS Region

Provide a backup for

disaster recovery

Can be used as a base

for migration to a

different region

94copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Security

Run your DB instance in an Amazon VPC

Use IAM policies to grant access to Amazon RDS resources

Use security groups

Use Secure Socket Layer (SSL) connections with DB instances (Amazon Aurora Oracle MySQL MariaDB PostgreSQL Microsoft SQL Server)

Use Amazon RDS encryption to secure your RDS instances and snapshots at rest

Use network encryption and transparent data encryption (TDE) with Oracle DB and Microsoft SQL Server instances

Use the security features of your DB engine to control access to your DB instance

95copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

A Resilient Durable Application Architecture

Amazon RDS database

instances

Master and Multi-AZ standby

Application in Amazon

EC2 instances

Elastic Load Balancing

load balancer instance

DB snapshots in

Amazon S3

96copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Best Practices

Monitor your memory CPU and storage usage

Use Multi-AZ deployments to automatically provision and maintain a synchronous standby in a different Availability Zone

Enable automatic backups

Set the backup window to occur during the daily low in WriteIOPS

To increase the IO capacity of a DB instance Migrate to a DB instance class with high IO capacity

Convert from standard storage to provisioned IOPS storage and use a DB instance class optimized for provisioned IOPS

Provision additional throughput capacity (if using provisioned IOPS storage)

If your client application is caching the DNS data of your DB instances set a TTL of less than 30 seconds

Test failover for your DB instance

97copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon DynamoDB

Store any amount of data with no limits

Fast predictable performance using SSDs

Easily provision and change the request

capacity needed for each table

Fully managed NoSQL database serviceAmazon

DynamoDB

98copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Use Case

AdRoll an online advertising platform serves 50

billion impressions a day worldwide with its

global retargeting platforms

We spend more on snacks

than we do on Amazon

DynamoDB

Valentino Volonghi

CTO Adroll

rdquo

ldquoAdroll Uses AWS to grow by more than

15000 in a year

Needed high-performance flexible

platform to swiftly sync data for

worldwide audience

Processes 50 TB of data a day

Serves 50 billion impressions a day

Stores 15 PB of data

Worldwide deployment minimizes

latency

99copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Data Model

Table

MusicItems

Attributes (name-value pairs)

Artist Song

Title

Album

Title

Year Genre

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 27: AWSome Day Cork | Technical Track

27copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Marketplace ndash IT Software Optimized for the

Cloud

AWS Marketplace

Is an online store to discover purchase and deploy IT software on top of the AWS infrastructure

Catalog of 2300+ IT software solutionsbull Including Paid BYOL Open Source SaaS amp free to try options

Pre-configured to operate on AWSbull Software checked by AWS for security and operability

Deploys to AWS environment in minutes

Flexible usage-based billing models

Software charges billed to AWS account

Includes AWS Test Drive

httpsawsamazoncommarketplace

28copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Choosing the Right Amazon EC2 Instance

EC2 instance types are optimized for different use cases and come

in multiple sizes This allows you to optimally scale resources to

your workload requirements

AWS uses Intelreg Xeonreg processors for EC2 instances providing

customers with high performance and value

Consider the following when choosing your instances Core count

memory size storage size and type network performance and

CPU technologies

Hurry Up and Go Idle - A larger compute instance can save you time

and money therefore paying more per hour for a shorter amount of

time can be less expensive

29copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Intelreg Processor Technologies

Intelreg AVX ndash Get dramatically better performance for highly parallel HPC workloads such as life science engineering data mining financial analysis or other technical computing applications AVX also enhances image video and audio processing

Intelreg AES-NI ndash Enhance your security with these new encryption instructions that reduce the performance penalty associated with encryptingdecrypting data

Intelreg Turbo Boost Technology ndash Get more computing power when you need it with performance that adapts to spikes in your workload with Intelreg Turbo Boost Technology 20

30copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Current Generation Instances

Instance Family Some Use Cases

General purpose (t2 m4 m3) bull Low-traffic websites and web applications

bull Small databases and mid-size databases

Compute optimized (c4 c3) bull High performance front-end fleets

bull Video-encoding

Memory optimized (r3) bull High performance databases

bull Distributed memory caches

Storage optimized (i2 d2) bull Data warehousing

bull Log or data-processing applications

GPU instances (g2) bull 3D application streaming

bull Machine learning

31copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instance Metadata amp User Data

Instance Metadata

Is data about your instance

Can be used to configure or manage a running instance

Instance User Data

Can be passed to the instance at launch

Can be used to perform common automated configuration tasks

Runs scripts after the instance starts

32copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Purchasing Options

On-Demand Instances

Pay by the hour

Reserved Instances

Purchase at significant discount

Instances are always available

1-year to 3-year terms

Scheduled Instances

Purchase a 1-year RI for a

recurring period of time

Spot Instances

Highest bidder uses instance at a

significant discount

Spot blocks supported

Dedicated Hosts

Physical host is fully dedicated to

run your instances Bring your per-socket per-core or per-

VM software licenses to reduce

cost

33copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instructor Demo

Amazon EC2

34copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Simple Storage Service (S3)

Amazon S3

Storage for the Internet

Natively online HTTP access

Store and retrieve any amount of data any

time from anywhere on the web

Highly scalable reliable fast and durable

35copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Facts

Able to store an unlimited number of objects in a bucket

Objects up to 5 TB no bucket size limit

Designed for 99999999999 durability and 9999 availability of

objects over a given year

HTTPS endpoint to store and retrieve any amount of data at any

time from anywhere on the web

Highly scalable reliable fast and inexpensive

Optional server-side encryption using AWS or customer-

managed provided client-side encryption

Access logs for auditing

Provides standards-based REST and SOAP interfaces

36copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Common Use Scenarios

Storage and Backup

Application File Hosting

Media Hosting

Software Delivery

Store AMIs and Snapshots

37copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Concepts

Amazon S3 stores data as objects

within buckets

An object is composed of a file and

optionally any metadata that

describes that file

You can have up to 100 buckets in

each account

You can control access to the

bucket and its objects

Amazon

S3

Bucket

with

Objects

Bucket

Object

38copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Object Keys

An object key is the unique identifier for an object in a

bucket

httpdocs3amazonawscom2006-03-01AmazonS3html

Bucket ObjectKey

39copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Security

You can control access to buckets and objects with

Access Control Lists (ACLs)

Bucket policies

Identity and Access Management (IAM) policies

You can upload or download data to Amazon S3 via SSL

encrypted endpoints

You can encrypt data using AWS SDKs

40copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Versioning

Protects from accidental overwrites and deletes with

no performance penalty

Generates a new version with every upload

Allows easily retrieval of deleted objects or roll back

to previous versions

Three states of an Amazon S3 bucket

Un-versioned (default)

Versioning-enabled

Versioning-suspendedVersioning Enabled

Key photogif

ID 121212

Key photogif

ID 111111

41copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Object Lifecycle

Lifecycle management defines how Amazon S3 manages

objects during their lifetime Some objects that you store in an

Amazon S3 bucket might have a well-defined lifecycle

Log files

Archive documents

Digital media archives

Financial and healthcare records

Raw genomics sequence data

Long-term database backups

Data that must be retained for regulatory compliance

42copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Glacier

Long term low-cost archiving service

Optimal for infrequently accessed data

Designed for 99999999999 durability

3-5 hours retrieval time

Less than $001 per GB month (depending on region)

43copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 + Amazon Glacier

S3 Lifecycle policies allow you to delete or move

objects based on age and set rules per S3 bucket

bucket with

objects

30 Days

Glacier

archive

365 Days

44copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Region Considerations

Amazon S3 creates a bucket in the region you

select

You can choose a region to

Optimize latency

Minimize costs

Address regulatory requirements

Objects stored in a region never leave the region

unless you explicitly transfer them to another

region

45copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Storage Classes

Storage Class Durability Availability Other Considerations

Amazon S3

Standard

99999999999 9999 None

Amazon S3

Standard -

Infrequent

Access (IA)

99999999999 9999 bull Retrieval fee associated

with objects

bull Most suitable for

infrequently accessed

data

Glacier 99999999999 9999 (after you

restore objects)

bull Not available for real-time

access

bull Must restore objects

before you can access

them

46copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Elastic Block Store (EBS)

Persistent block level storage volumes

offering consistent and low-latency performance

Automatically replicated within its Availability

Zone

Snapshots stored durably in Amazon S3 Amazon

EBS

47copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS Lifecycle

Vast amounts of

unused space Create

Call CreateVolume

1 GB to 16 TB

Attach

Call AttachVolume to affiliate with

one Amazon EC2 instance

Attached

and

In Use

bull Format from Amazon EC2

instance OS

bull Mount formatted drive

CreateSnapshotSnapshot to

Amazon S3Detach

Call DetachVolume

Deleted

Call DeleteVolume

48copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS Facts

You can create

EBS Magnetic volumes from 1 GiB to 1 TiB in size

EBS General Purpose (SSD) and Provisioned IOPS (SSD)

volumes up to 16 TiB in size

You can use encrypted EBS volumes to meet a wide

range of data at-rest encryption requirements for

regulatedaudited data and applications

You can create point-in-time snapshots of EBS volumes

which are persisted to Amazon S3

49copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS and Amazon S3

Amazon EBS Amazon S3

Paradigm Block storage with file system Object store

Performance Very fast Fast

Redundancy Across multiple servers in an

Availability Zone

Across multiple facilities in a Region

Security EBS Encryption ndash Data volumes

and Snapshots

Encryption

Access from the

Internet

No (1) Yes (2)

Typical use case It is a disk drive Online storage

(1) Accessible from the Internet if mounted to server and set up as FTP etc

(2) Only with proper credentials unless ACLs are world-readable

50copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Instance Storage

Local complimentary direct attached block storage resource

Availability number of disks and size is based on EC2

instance type

Storage optimized instances for up to 365000 Read IOPS

and 315000 First Write IOPS

SSD or magnetic

No persistence

All data is automatically deleted when an EC2 instance stops

fails or is terminated

51copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Reboot vs Stop vs Terminate

Characteristic Reboot StopStart (EBS-backed instances only)

Terminate

Host computer The instance stays on the

same host computer

The instance runs on a new

host computer

NA

Private and public

IP addresses

Stay the same Instance keeps its private IP

address and gets a new public

IP address

NA

Elastic IP addresses

(EIP)

EIP remains associated with

the instance

EIP remains associated with the

instance

The EIP is disassociated from the

instance

Instance store

volumes

The data is preserved The data is erased The data is erased

EBS volume The volume is preserved The volume is preserved The volume is deleted by default

Billing Instance billing hour doesnrsquot

change

You stop incurring charges as

soon as state is changed to

stopping

You stop incurring charges as

soon as state is changed to

shutting-down

52copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instructor Demo

Amazon S3

53copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Networking

Amazon VPC

54copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

Provision a private isolated virtual network

on the AWS cloud

Have complete control over your virtual

networking environmentAmazon

VPC

55copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

VPCs and Subnets

A subnet defines a range of IP addresses in your VPC

You can launch AWS resources into a subnet that you select

A private subnet should be used for resources that wonrsquot be accessible over the Internet

A public subnet should be used for resources that will be accessed over the Internet

Each subnet must reside entirely within one Availability Zone and cannot span zones

56copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon VPC Example

Availability Zone A

Virtual Private Cloud

AWS Cloud

Public Subnet

Internet

Virtual Private Cloud

Availability Zone B

Private Subnet

Availability Zone C

VPN Only Subnet

DB Server DB Server

App Server

DB Server DB Server

DB Server

Web Server Web Server

NAT

Customer

Network

R

57copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security in Your VPC

Security groups

Network access

control lists

(ACLs) Subnet

1000024Subnet

1001024

Internet GatewayVPN Gateway

VPC Router

1000016

Security Group Security

Group

Security

Group

Network ACL Network ACL

Routing Table Routing Table

instance instance instance instance

58copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answers

Q What AWS service would help support your web application to offload serving static assets and store user uploaded images and video off-instance

Q How would you find out the private and public IP addresses for an EC2 instance

Q What acts as an additional layer of security at the subnet level in a VPC

True or False S3 Provides unlimited storageTrue

Retrieve the instance metadata http169254169254latestmeta-data

Amazon S3

Network ACLs

59copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 3

Security Identity and Access

Management

60copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Shared Responsibility ndash AWS

AW

S

Client-side Data Encryption

and Data Integrity

Authentication

Server-side Encryption

(File System andor Data)Network Traffic Protection

(EncryptionIntegrityIdentity)

Platform Applications Identity and Access Management

Operating System Network and Firewall Configuration

Customer DataC

usto

mer

Foundation Services

Compute Storage Database Network

AWS Global

Infrastructure Regions

Availability Zones Edge

Locations

61copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Physical Security

247 trained security staff

AWS data centers in nondescript and undisclosed facilities

Two-factor authentication for authorized staff

Authorization for data center access

62copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Hardware Software and Network

Automated change-control process

Bastion servers that record all access attempts

Firewall and other boundary devices

AWS monitoring tools

63copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Certifications and Accreditations

ISO 9001 ISO 27001 ISO 27017 ISO 27018 IRAP (Australia) MLPS Level 3 (China)

MTCS Tier 3 Certification (Singapore) and more hellip

64copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SSL Endpoints

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

SSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

SSL Endpoints

65copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security Groups

SSL Endpoints Security Groups

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

66copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

VPCSSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

67copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Multi-Tier Security Groups

HTTP

SSHRDP

Ports 80 and 443 only

open to the Internet

Engineering staff have SSHRDP

access to Bastion Host

All other internet ports blocked by default

Bastion

68copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Identity and Access Management (IAM)

AWS IAM

3

Manage federated users

and their permissions

2

Manage AWS IAM roles

and their permissions

1

Manage AWS IAM users

and their access

69copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Authentication

AWS Management Console User Name and Password

IAM User

70copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Access Key ID AKIAIOSFODNN7EXAMPLE

Secret Access Key wJalrXUtnFEMIK7MDENGbPxRfiCYEXAMPLEKEY

Java Python NET

AWS SDK amp APIAWS CLI

Authentication

AWS CLI or SDK API Access Key and Secret Key

IAM User

71copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM User Management - Groups

User D

DevOps Group

User C

AWS Account

TestDev Group

User BUser A

72copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authorization

Authorization

Policies

Are JSON documents to

describe permissions

Are assigned to Users

Groups or Roles

IAM User IAM Group

IAM Roles

73copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Elements

Version 2012-10-17

Statement [

Sid Stmt1453690971587

Action [

ec2Describe

ec2StartInstances

ec2StopInstancesrdquo

]

Effect Allow

Resource

Condition

IpAddress

awsSourceIp 5464346532rdquo

Sid Stmt1453690998327

Action [

s3GetObjectrdquo

]

Effect Allow

Resource arnawss3example_bucketrdquo

]

IAM Policy

74copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

Assigned Assigned

IAM Policy

75copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

76copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Roles

An IAM role uses a policy

An IAM role has no associated credentials

IAM users applications and services may assume IAM

roles

IAM Roles

77copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

IAM User

Assumed Assumed

AWS Resources

78copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Access to AWS Resources

Python application hosted on an Amazon EC2 Instance

needs to interact with Amazon S3

AWS credentials are required

Option 1 Store AWS Credentials on the Amazon EC2 instance

Option 2 Securely distribute AWS credentials to AWS Services

and Applications

IAM Roles

79copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Authentication

AWS IAM Application

No Support No Support

OS

80copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication and Authorization

Authentication

AWS Management Console

bull User Name and Password

AWS CLI or SDK API

bull Access Key and Secret Key

Authorization

Policies

IAM User IAM Group

IAM Roles

81copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices

Delete AWS account (root) access keys

Create individual IAM users

Use groups to assign permissions to IAM users

Grant least privilege

Configure a strong password policy

Enable MFA for privileged users

82copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices (cont)

Use roles for applications that run on Amazon EC2

instances

Delegate by using roles instead of by sharing credentials

Rotate credentials regularly

Remove unnecessary users and credentials

Use policy conditions for extra security

Monitor activity in your AWS account

83copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Resource-Based Policies

Are an alternative to IAM and supported by some

services

Grant cross-account access to your resources

Use a principal to uniquely identify account in the policy

Supported AWS services include Amazon S3 Bucket Policy

Amazon SNS Topic Policy

Amazon SQS Queue Policy

Amazon Glacier Vault Policy

AWS OpsWorks Stack Policy

AWS Lambda Function Policy

84copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answer

Q Your web application needs to readwrite an Amazon DynamoDB table

and an Amazon S3 bucket This operation requires AWS credentials and

authorization to use AWS services What service would you use

AWS IAM Role

85copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 4

Databases

86copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SQL and NoSQL Databases

SQL NoSQL

Data Storage Rows and Columns Key-Value

Schemas Fixed Dynamic

Querying Using SQL Focused on collection of

documents

Scalability Vertical Horizontal

ISBN Title Author Format

9182932465265 Cloud Computing

Concepts

Wilson

Joe

Paperback

3142536475869 The Database

Guru

Gomez

Maria

eBook

SQL NoSQL

ISBN 9182932465265

Title ldquoCloud Computing Conceptsrdquo

Author ldquoWilson Joerdquo

Format ldquoPaperbackrdquo

87copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Data Storage Considerations

No one size fits all

Analyze your data requirements by considering

Data formats

Data size

Query frequency

Data access speed

Data retention period

88copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Managed Database Services

Compute Storage

AWS Global Infrastructure

Database

App Services

Deployment and Administration

Networking

Amazon DynamoDB

Amazon ElastiCache

Amazon RDS

Amazon Redshift

AWS Database Migration Service

89copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Relational Database Service (RDS)

Cost-efficient and resizable capacity

Manages time-consuming database

administration tasks

Access to the full capabilities of Amazon

Aurora MySQL MariaDB Microsoft SQL

Server Oracle and PostgreSQL databases

Amazon

RDS

90copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Use Case

We were able to go from

concept to delivered product

in about six months with just

a handful of engineers

Greg Scallan

Chief Architect Flipboard

rdquo

ldquoFlipboard is an online magazine

with millions of users and billions of

ldquoflipsrdquo per month

Flipboard is one of the worldrsquos first

social media magazines

Flipboard uses Amazon RDS and

its Multi-AZ capabilities to store

mission critical user data

91copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS

Simple and fast to deploy

Manages common database administrative tasks

Compatible with your applications

Fast predictable performance

Simple and fast to scale

Secure

Cost-effective

92copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

How Amazon RDS Backups Work

Automatic Backups

Restore your database to a

point in time

Are enabled by default

Let you choose a retention

period up to 35 days

Manual Snapshots

Let you build a new

database instance from a

snapshot

Are initiated by the user

Persist until the user deletes

them

Are stored in Amazon S3

93copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cross-Region Snapshots

Are a copy of a database

snapshot stored in a

different AWS Region

Provide a backup for

disaster recovery

Can be used as a base

for migration to a

different region

94copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Security

Run your DB instance in an Amazon VPC

Use IAM policies to grant access to Amazon RDS resources

Use security groups

Use Secure Socket Layer (SSL) connections with DB instances (Amazon Aurora Oracle MySQL MariaDB PostgreSQL Microsoft SQL Server)

Use Amazon RDS encryption to secure your RDS instances and snapshots at rest

Use network encryption and transparent data encryption (TDE) with Oracle DB and Microsoft SQL Server instances

Use the security features of your DB engine to control access to your DB instance

95copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

A Resilient Durable Application Architecture

Amazon RDS database

instances

Master and Multi-AZ standby

Application in Amazon

EC2 instances

Elastic Load Balancing

load balancer instance

DB snapshots in

Amazon S3

96copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Best Practices

Monitor your memory CPU and storage usage

Use Multi-AZ deployments to automatically provision and maintain a synchronous standby in a different Availability Zone

Enable automatic backups

Set the backup window to occur during the daily low in WriteIOPS

To increase the IO capacity of a DB instance Migrate to a DB instance class with high IO capacity

Convert from standard storage to provisioned IOPS storage and use a DB instance class optimized for provisioned IOPS

Provision additional throughput capacity (if using provisioned IOPS storage)

If your client application is caching the DNS data of your DB instances set a TTL of less than 30 seconds

Test failover for your DB instance

97copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon DynamoDB

Store any amount of data with no limits

Fast predictable performance using SSDs

Easily provision and change the request

capacity needed for each table

Fully managed NoSQL database serviceAmazon

DynamoDB

98copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Use Case

AdRoll an online advertising platform serves 50

billion impressions a day worldwide with its

global retargeting platforms

We spend more on snacks

than we do on Amazon

DynamoDB

Valentino Volonghi

CTO Adroll

rdquo

ldquoAdroll Uses AWS to grow by more than

15000 in a year

Needed high-performance flexible

platform to swiftly sync data for

worldwide audience

Processes 50 TB of data a day

Serves 50 billion impressions a day

Stores 15 PB of data

Worldwide deployment minimizes

latency

99copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Data Model

Table

MusicItems

Attributes (name-value pairs)

Artist Song

Title

Album

Title

Year Genre

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 28: AWSome Day Cork | Technical Track

28copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Choosing the Right Amazon EC2 Instance

EC2 instance types are optimized for different use cases and come

in multiple sizes This allows you to optimally scale resources to

your workload requirements

AWS uses Intelreg Xeonreg processors for EC2 instances providing

customers with high performance and value

Consider the following when choosing your instances Core count

memory size storage size and type network performance and

CPU technologies

Hurry Up and Go Idle - A larger compute instance can save you time

and money therefore paying more per hour for a shorter amount of

time can be less expensive

29copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Intelreg Processor Technologies

Intelreg AVX ndash Get dramatically better performance for highly parallel HPC workloads such as life science engineering data mining financial analysis or other technical computing applications AVX also enhances image video and audio processing

Intelreg AES-NI ndash Enhance your security with these new encryption instructions that reduce the performance penalty associated with encryptingdecrypting data

Intelreg Turbo Boost Technology ndash Get more computing power when you need it with performance that adapts to spikes in your workload with Intelreg Turbo Boost Technology 20

30copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Current Generation Instances

Instance Family Some Use Cases

General purpose (t2 m4 m3) bull Low-traffic websites and web applications

bull Small databases and mid-size databases

Compute optimized (c4 c3) bull High performance front-end fleets

bull Video-encoding

Memory optimized (r3) bull High performance databases

bull Distributed memory caches

Storage optimized (i2 d2) bull Data warehousing

bull Log or data-processing applications

GPU instances (g2) bull 3D application streaming

bull Machine learning

31copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instance Metadata amp User Data

Instance Metadata

Is data about your instance

Can be used to configure or manage a running instance

Instance User Data

Can be passed to the instance at launch

Can be used to perform common automated configuration tasks

Runs scripts after the instance starts

32copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Purchasing Options

On-Demand Instances

Pay by the hour

Reserved Instances

Purchase at significant discount

Instances are always available

1-year to 3-year terms

Scheduled Instances

Purchase a 1-year RI for a

recurring period of time

Spot Instances

Highest bidder uses instance at a

significant discount

Spot blocks supported

Dedicated Hosts

Physical host is fully dedicated to

run your instances Bring your per-socket per-core or per-

VM software licenses to reduce

cost

33copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instructor Demo

Amazon EC2

34copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Simple Storage Service (S3)

Amazon S3

Storage for the Internet

Natively online HTTP access

Store and retrieve any amount of data any

time from anywhere on the web

Highly scalable reliable fast and durable

35copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Facts

Able to store an unlimited number of objects in a bucket

Objects up to 5 TB no bucket size limit

Designed for 99999999999 durability and 9999 availability of

objects over a given year

HTTPS endpoint to store and retrieve any amount of data at any

time from anywhere on the web

Highly scalable reliable fast and inexpensive

Optional server-side encryption using AWS or customer-

managed provided client-side encryption

Access logs for auditing

Provides standards-based REST and SOAP interfaces

36copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Common Use Scenarios

Storage and Backup

Application File Hosting

Media Hosting

Software Delivery

Store AMIs and Snapshots

37copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Concepts

Amazon S3 stores data as objects

within buckets

An object is composed of a file and

optionally any metadata that

describes that file

You can have up to 100 buckets in

each account

You can control access to the

bucket and its objects

Amazon

S3

Bucket

with

Objects

Bucket

Object

38copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Object Keys

An object key is the unique identifier for an object in a

bucket

httpdocs3amazonawscom2006-03-01AmazonS3html

Bucket ObjectKey

39copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Security

You can control access to buckets and objects with

Access Control Lists (ACLs)

Bucket policies

Identity and Access Management (IAM) policies

You can upload or download data to Amazon S3 via SSL

encrypted endpoints

You can encrypt data using AWS SDKs

40copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Versioning

Protects from accidental overwrites and deletes with

no performance penalty

Generates a new version with every upload

Allows easily retrieval of deleted objects or roll back

to previous versions

Three states of an Amazon S3 bucket

Un-versioned (default)

Versioning-enabled

Versioning-suspendedVersioning Enabled

Key photogif

ID 121212

Key photogif

ID 111111

41copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Object Lifecycle

Lifecycle management defines how Amazon S3 manages

objects during their lifetime Some objects that you store in an

Amazon S3 bucket might have a well-defined lifecycle

Log files

Archive documents

Digital media archives

Financial and healthcare records

Raw genomics sequence data

Long-term database backups

Data that must be retained for regulatory compliance

42copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Glacier

Long term low-cost archiving service

Optimal for infrequently accessed data

Designed for 99999999999 durability

3-5 hours retrieval time

Less than $001 per GB month (depending on region)

43copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 + Amazon Glacier

S3 Lifecycle policies allow you to delete or move

objects based on age and set rules per S3 bucket

bucket with

objects

30 Days

Glacier

archive

365 Days

44copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Region Considerations

Amazon S3 creates a bucket in the region you

select

You can choose a region to

Optimize latency

Minimize costs

Address regulatory requirements

Objects stored in a region never leave the region

unless you explicitly transfer them to another

region

45copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Storage Classes

Storage Class Durability Availability Other Considerations

Amazon S3

Standard

99999999999 9999 None

Amazon S3

Standard -

Infrequent

Access (IA)

99999999999 9999 bull Retrieval fee associated

with objects

bull Most suitable for

infrequently accessed

data

Glacier 99999999999 9999 (after you

restore objects)

bull Not available for real-time

access

bull Must restore objects

before you can access

them

46copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Elastic Block Store (EBS)

Persistent block level storage volumes

offering consistent and low-latency performance

Automatically replicated within its Availability

Zone

Snapshots stored durably in Amazon S3 Amazon

EBS

47copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS Lifecycle

Vast amounts of

unused space Create

Call CreateVolume

1 GB to 16 TB

Attach

Call AttachVolume to affiliate with

one Amazon EC2 instance

Attached

and

In Use

bull Format from Amazon EC2

instance OS

bull Mount formatted drive

CreateSnapshotSnapshot to

Amazon S3Detach

Call DetachVolume

Deleted

Call DeleteVolume

48copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS Facts

You can create

EBS Magnetic volumes from 1 GiB to 1 TiB in size

EBS General Purpose (SSD) and Provisioned IOPS (SSD)

volumes up to 16 TiB in size

You can use encrypted EBS volumes to meet a wide

range of data at-rest encryption requirements for

regulatedaudited data and applications

You can create point-in-time snapshots of EBS volumes

which are persisted to Amazon S3

49copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS and Amazon S3

Amazon EBS Amazon S3

Paradigm Block storage with file system Object store

Performance Very fast Fast

Redundancy Across multiple servers in an

Availability Zone

Across multiple facilities in a Region

Security EBS Encryption ndash Data volumes

and Snapshots

Encryption

Access from the

Internet

No (1) Yes (2)

Typical use case It is a disk drive Online storage

(1) Accessible from the Internet if mounted to server and set up as FTP etc

(2) Only with proper credentials unless ACLs are world-readable

50copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Instance Storage

Local complimentary direct attached block storage resource

Availability number of disks and size is based on EC2

instance type

Storage optimized instances for up to 365000 Read IOPS

and 315000 First Write IOPS

SSD or magnetic

No persistence

All data is automatically deleted when an EC2 instance stops

fails or is terminated

51copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Reboot vs Stop vs Terminate

Characteristic Reboot StopStart (EBS-backed instances only)

Terminate

Host computer The instance stays on the

same host computer

The instance runs on a new

host computer

NA

Private and public

IP addresses

Stay the same Instance keeps its private IP

address and gets a new public

IP address

NA

Elastic IP addresses

(EIP)

EIP remains associated with

the instance

EIP remains associated with the

instance

The EIP is disassociated from the

instance

Instance store

volumes

The data is preserved The data is erased The data is erased

EBS volume The volume is preserved The volume is preserved The volume is deleted by default

Billing Instance billing hour doesnrsquot

change

You stop incurring charges as

soon as state is changed to

stopping

You stop incurring charges as

soon as state is changed to

shutting-down

52copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instructor Demo

Amazon S3

53copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Networking

Amazon VPC

54copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

Provision a private isolated virtual network

on the AWS cloud

Have complete control over your virtual

networking environmentAmazon

VPC

55copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

VPCs and Subnets

A subnet defines a range of IP addresses in your VPC

You can launch AWS resources into a subnet that you select

A private subnet should be used for resources that wonrsquot be accessible over the Internet

A public subnet should be used for resources that will be accessed over the Internet

Each subnet must reside entirely within one Availability Zone and cannot span zones

56copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon VPC Example

Availability Zone A

Virtual Private Cloud

AWS Cloud

Public Subnet

Internet

Virtual Private Cloud

Availability Zone B

Private Subnet

Availability Zone C

VPN Only Subnet

DB Server DB Server

App Server

DB Server DB Server

DB Server

Web Server Web Server

NAT

Customer

Network

R

57copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security in Your VPC

Security groups

Network access

control lists

(ACLs) Subnet

1000024Subnet

1001024

Internet GatewayVPN Gateway

VPC Router

1000016

Security Group Security

Group

Security

Group

Network ACL Network ACL

Routing Table Routing Table

instance instance instance instance

58copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answers

Q What AWS service would help support your web application to offload serving static assets and store user uploaded images and video off-instance

Q How would you find out the private and public IP addresses for an EC2 instance

Q What acts as an additional layer of security at the subnet level in a VPC

True or False S3 Provides unlimited storageTrue

Retrieve the instance metadata http169254169254latestmeta-data

Amazon S3

Network ACLs

59copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 3

Security Identity and Access

Management

60copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Shared Responsibility ndash AWS

AW

S

Client-side Data Encryption

and Data Integrity

Authentication

Server-side Encryption

(File System andor Data)Network Traffic Protection

(EncryptionIntegrityIdentity)

Platform Applications Identity and Access Management

Operating System Network and Firewall Configuration

Customer DataC

usto

mer

Foundation Services

Compute Storage Database Network

AWS Global

Infrastructure Regions

Availability Zones Edge

Locations

61copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Physical Security

247 trained security staff

AWS data centers in nondescript and undisclosed facilities

Two-factor authentication for authorized staff

Authorization for data center access

62copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Hardware Software and Network

Automated change-control process

Bastion servers that record all access attempts

Firewall and other boundary devices

AWS monitoring tools

63copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Certifications and Accreditations

ISO 9001 ISO 27001 ISO 27017 ISO 27018 IRAP (Australia) MLPS Level 3 (China)

MTCS Tier 3 Certification (Singapore) and more hellip

64copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SSL Endpoints

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

SSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

SSL Endpoints

65copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security Groups

SSL Endpoints Security Groups

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

66copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

VPCSSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

67copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Multi-Tier Security Groups

HTTP

SSHRDP

Ports 80 and 443 only

open to the Internet

Engineering staff have SSHRDP

access to Bastion Host

All other internet ports blocked by default

Bastion

68copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Identity and Access Management (IAM)

AWS IAM

3

Manage federated users

and their permissions

2

Manage AWS IAM roles

and their permissions

1

Manage AWS IAM users

and their access

69copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Authentication

AWS Management Console User Name and Password

IAM User

70copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Access Key ID AKIAIOSFODNN7EXAMPLE

Secret Access Key wJalrXUtnFEMIK7MDENGbPxRfiCYEXAMPLEKEY

Java Python NET

AWS SDK amp APIAWS CLI

Authentication

AWS CLI or SDK API Access Key and Secret Key

IAM User

71copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM User Management - Groups

User D

DevOps Group

User C

AWS Account

TestDev Group

User BUser A

72copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authorization

Authorization

Policies

Are JSON documents to

describe permissions

Are assigned to Users

Groups or Roles

IAM User IAM Group

IAM Roles

73copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Elements

Version 2012-10-17

Statement [

Sid Stmt1453690971587

Action [

ec2Describe

ec2StartInstances

ec2StopInstancesrdquo

]

Effect Allow

Resource

Condition

IpAddress

awsSourceIp 5464346532rdquo

Sid Stmt1453690998327

Action [

s3GetObjectrdquo

]

Effect Allow

Resource arnawss3example_bucketrdquo

]

IAM Policy

74copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

Assigned Assigned

IAM Policy

75copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

76copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Roles

An IAM role uses a policy

An IAM role has no associated credentials

IAM users applications and services may assume IAM

roles

IAM Roles

77copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

IAM User

Assumed Assumed

AWS Resources

78copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Access to AWS Resources

Python application hosted on an Amazon EC2 Instance

needs to interact with Amazon S3

AWS credentials are required

Option 1 Store AWS Credentials on the Amazon EC2 instance

Option 2 Securely distribute AWS credentials to AWS Services

and Applications

IAM Roles

79copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Authentication

AWS IAM Application

No Support No Support

OS

80copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication and Authorization

Authentication

AWS Management Console

bull User Name and Password

AWS CLI or SDK API

bull Access Key and Secret Key

Authorization

Policies

IAM User IAM Group

IAM Roles

81copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices

Delete AWS account (root) access keys

Create individual IAM users

Use groups to assign permissions to IAM users

Grant least privilege

Configure a strong password policy

Enable MFA for privileged users

82copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices (cont)

Use roles for applications that run on Amazon EC2

instances

Delegate by using roles instead of by sharing credentials

Rotate credentials regularly

Remove unnecessary users and credentials

Use policy conditions for extra security

Monitor activity in your AWS account

83copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Resource-Based Policies

Are an alternative to IAM and supported by some

services

Grant cross-account access to your resources

Use a principal to uniquely identify account in the policy

Supported AWS services include Amazon S3 Bucket Policy

Amazon SNS Topic Policy

Amazon SQS Queue Policy

Amazon Glacier Vault Policy

AWS OpsWorks Stack Policy

AWS Lambda Function Policy

84copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answer

Q Your web application needs to readwrite an Amazon DynamoDB table

and an Amazon S3 bucket This operation requires AWS credentials and

authorization to use AWS services What service would you use

AWS IAM Role

85copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 4

Databases

86copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SQL and NoSQL Databases

SQL NoSQL

Data Storage Rows and Columns Key-Value

Schemas Fixed Dynamic

Querying Using SQL Focused on collection of

documents

Scalability Vertical Horizontal

ISBN Title Author Format

9182932465265 Cloud Computing

Concepts

Wilson

Joe

Paperback

3142536475869 The Database

Guru

Gomez

Maria

eBook

SQL NoSQL

ISBN 9182932465265

Title ldquoCloud Computing Conceptsrdquo

Author ldquoWilson Joerdquo

Format ldquoPaperbackrdquo

87copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Data Storage Considerations

No one size fits all

Analyze your data requirements by considering

Data formats

Data size

Query frequency

Data access speed

Data retention period

88copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Managed Database Services

Compute Storage

AWS Global Infrastructure

Database

App Services

Deployment and Administration

Networking

Amazon DynamoDB

Amazon ElastiCache

Amazon RDS

Amazon Redshift

AWS Database Migration Service

89copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Relational Database Service (RDS)

Cost-efficient and resizable capacity

Manages time-consuming database

administration tasks

Access to the full capabilities of Amazon

Aurora MySQL MariaDB Microsoft SQL

Server Oracle and PostgreSQL databases

Amazon

RDS

90copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Use Case

We were able to go from

concept to delivered product

in about six months with just

a handful of engineers

Greg Scallan

Chief Architect Flipboard

rdquo

ldquoFlipboard is an online magazine

with millions of users and billions of

ldquoflipsrdquo per month

Flipboard is one of the worldrsquos first

social media magazines

Flipboard uses Amazon RDS and

its Multi-AZ capabilities to store

mission critical user data

91copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS

Simple and fast to deploy

Manages common database administrative tasks

Compatible with your applications

Fast predictable performance

Simple and fast to scale

Secure

Cost-effective

92copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

How Amazon RDS Backups Work

Automatic Backups

Restore your database to a

point in time

Are enabled by default

Let you choose a retention

period up to 35 days

Manual Snapshots

Let you build a new

database instance from a

snapshot

Are initiated by the user

Persist until the user deletes

them

Are stored in Amazon S3

93copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cross-Region Snapshots

Are a copy of a database

snapshot stored in a

different AWS Region

Provide a backup for

disaster recovery

Can be used as a base

for migration to a

different region

94copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Security

Run your DB instance in an Amazon VPC

Use IAM policies to grant access to Amazon RDS resources

Use security groups

Use Secure Socket Layer (SSL) connections with DB instances (Amazon Aurora Oracle MySQL MariaDB PostgreSQL Microsoft SQL Server)

Use Amazon RDS encryption to secure your RDS instances and snapshots at rest

Use network encryption and transparent data encryption (TDE) with Oracle DB and Microsoft SQL Server instances

Use the security features of your DB engine to control access to your DB instance

95copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

A Resilient Durable Application Architecture

Amazon RDS database

instances

Master and Multi-AZ standby

Application in Amazon

EC2 instances

Elastic Load Balancing

load balancer instance

DB snapshots in

Amazon S3

96copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Best Practices

Monitor your memory CPU and storage usage

Use Multi-AZ deployments to automatically provision and maintain a synchronous standby in a different Availability Zone

Enable automatic backups

Set the backup window to occur during the daily low in WriteIOPS

To increase the IO capacity of a DB instance Migrate to a DB instance class with high IO capacity

Convert from standard storage to provisioned IOPS storage and use a DB instance class optimized for provisioned IOPS

Provision additional throughput capacity (if using provisioned IOPS storage)

If your client application is caching the DNS data of your DB instances set a TTL of less than 30 seconds

Test failover for your DB instance

97copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon DynamoDB

Store any amount of data with no limits

Fast predictable performance using SSDs

Easily provision and change the request

capacity needed for each table

Fully managed NoSQL database serviceAmazon

DynamoDB

98copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Use Case

AdRoll an online advertising platform serves 50

billion impressions a day worldwide with its

global retargeting platforms

We spend more on snacks

than we do on Amazon

DynamoDB

Valentino Volonghi

CTO Adroll

rdquo

ldquoAdroll Uses AWS to grow by more than

15000 in a year

Needed high-performance flexible

platform to swiftly sync data for

worldwide audience

Processes 50 TB of data a day

Serves 50 billion impressions a day

Stores 15 PB of data

Worldwide deployment minimizes

latency

99copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Data Model

Table

MusicItems

Attributes (name-value pairs)

Artist Song

Title

Album

Title

Year Genre

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 29: AWSome Day Cork | Technical Track

29copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Intelreg Processor Technologies

Intelreg AVX ndash Get dramatically better performance for highly parallel HPC workloads such as life science engineering data mining financial analysis or other technical computing applications AVX also enhances image video and audio processing

Intelreg AES-NI ndash Enhance your security with these new encryption instructions that reduce the performance penalty associated with encryptingdecrypting data

Intelreg Turbo Boost Technology ndash Get more computing power when you need it with performance that adapts to spikes in your workload with Intelreg Turbo Boost Technology 20

30copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Current Generation Instances

Instance Family Some Use Cases

General purpose (t2 m4 m3) bull Low-traffic websites and web applications

bull Small databases and mid-size databases

Compute optimized (c4 c3) bull High performance front-end fleets

bull Video-encoding

Memory optimized (r3) bull High performance databases

bull Distributed memory caches

Storage optimized (i2 d2) bull Data warehousing

bull Log or data-processing applications

GPU instances (g2) bull 3D application streaming

bull Machine learning

31copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instance Metadata amp User Data

Instance Metadata

Is data about your instance

Can be used to configure or manage a running instance

Instance User Data

Can be passed to the instance at launch

Can be used to perform common automated configuration tasks

Runs scripts after the instance starts

32copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Purchasing Options

On-Demand Instances

Pay by the hour

Reserved Instances

Purchase at significant discount

Instances are always available

1-year to 3-year terms

Scheduled Instances

Purchase a 1-year RI for a

recurring period of time

Spot Instances

Highest bidder uses instance at a

significant discount

Spot blocks supported

Dedicated Hosts

Physical host is fully dedicated to

run your instances Bring your per-socket per-core or per-

VM software licenses to reduce

cost

33copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instructor Demo

Amazon EC2

34copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Simple Storage Service (S3)

Amazon S3

Storage for the Internet

Natively online HTTP access

Store and retrieve any amount of data any

time from anywhere on the web

Highly scalable reliable fast and durable

35copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Facts

Able to store an unlimited number of objects in a bucket

Objects up to 5 TB no bucket size limit

Designed for 99999999999 durability and 9999 availability of

objects over a given year

HTTPS endpoint to store and retrieve any amount of data at any

time from anywhere on the web

Highly scalable reliable fast and inexpensive

Optional server-side encryption using AWS or customer-

managed provided client-side encryption

Access logs for auditing

Provides standards-based REST and SOAP interfaces

36copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Common Use Scenarios

Storage and Backup

Application File Hosting

Media Hosting

Software Delivery

Store AMIs and Snapshots

37copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Concepts

Amazon S3 stores data as objects

within buckets

An object is composed of a file and

optionally any metadata that

describes that file

You can have up to 100 buckets in

each account

You can control access to the

bucket and its objects

Amazon

S3

Bucket

with

Objects

Bucket

Object

38copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Object Keys

An object key is the unique identifier for an object in a

bucket

httpdocs3amazonawscom2006-03-01AmazonS3html

Bucket ObjectKey

39copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Security

You can control access to buckets and objects with

Access Control Lists (ACLs)

Bucket policies

Identity and Access Management (IAM) policies

You can upload or download data to Amazon S3 via SSL

encrypted endpoints

You can encrypt data using AWS SDKs

40copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Versioning

Protects from accidental overwrites and deletes with

no performance penalty

Generates a new version with every upload

Allows easily retrieval of deleted objects or roll back

to previous versions

Three states of an Amazon S3 bucket

Un-versioned (default)

Versioning-enabled

Versioning-suspendedVersioning Enabled

Key photogif

ID 121212

Key photogif

ID 111111

41copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Object Lifecycle

Lifecycle management defines how Amazon S3 manages

objects during their lifetime Some objects that you store in an

Amazon S3 bucket might have a well-defined lifecycle

Log files

Archive documents

Digital media archives

Financial and healthcare records

Raw genomics sequence data

Long-term database backups

Data that must be retained for regulatory compliance

42copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Glacier

Long term low-cost archiving service

Optimal for infrequently accessed data

Designed for 99999999999 durability

3-5 hours retrieval time

Less than $001 per GB month (depending on region)

43copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 + Amazon Glacier

S3 Lifecycle policies allow you to delete or move

objects based on age and set rules per S3 bucket

bucket with

objects

30 Days

Glacier

archive

365 Days

44copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Region Considerations

Amazon S3 creates a bucket in the region you

select

You can choose a region to

Optimize latency

Minimize costs

Address regulatory requirements

Objects stored in a region never leave the region

unless you explicitly transfer them to another

region

45copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Storage Classes

Storage Class Durability Availability Other Considerations

Amazon S3

Standard

99999999999 9999 None

Amazon S3

Standard -

Infrequent

Access (IA)

99999999999 9999 bull Retrieval fee associated

with objects

bull Most suitable for

infrequently accessed

data

Glacier 99999999999 9999 (after you

restore objects)

bull Not available for real-time

access

bull Must restore objects

before you can access

them

46copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Elastic Block Store (EBS)

Persistent block level storage volumes

offering consistent and low-latency performance

Automatically replicated within its Availability

Zone

Snapshots stored durably in Amazon S3 Amazon

EBS

47copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS Lifecycle

Vast amounts of

unused space Create

Call CreateVolume

1 GB to 16 TB

Attach

Call AttachVolume to affiliate with

one Amazon EC2 instance

Attached

and

In Use

bull Format from Amazon EC2

instance OS

bull Mount formatted drive

CreateSnapshotSnapshot to

Amazon S3Detach

Call DetachVolume

Deleted

Call DeleteVolume

48copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS Facts

You can create

EBS Magnetic volumes from 1 GiB to 1 TiB in size

EBS General Purpose (SSD) and Provisioned IOPS (SSD)

volumes up to 16 TiB in size

You can use encrypted EBS volumes to meet a wide

range of data at-rest encryption requirements for

regulatedaudited data and applications

You can create point-in-time snapshots of EBS volumes

which are persisted to Amazon S3

49copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS and Amazon S3

Amazon EBS Amazon S3

Paradigm Block storage with file system Object store

Performance Very fast Fast

Redundancy Across multiple servers in an

Availability Zone

Across multiple facilities in a Region

Security EBS Encryption ndash Data volumes

and Snapshots

Encryption

Access from the

Internet

No (1) Yes (2)

Typical use case It is a disk drive Online storage

(1) Accessible from the Internet if mounted to server and set up as FTP etc

(2) Only with proper credentials unless ACLs are world-readable

50copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Instance Storage

Local complimentary direct attached block storage resource

Availability number of disks and size is based on EC2

instance type

Storage optimized instances for up to 365000 Read IOPS

and 315000 First Write IOPS

SSD or magnetic

No persistence

All data is automatically deleted when an EC2 instance stops

fails or is terminated

51copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Reboot vs Stop vs Terminate

Characteristic Reboot StopStart (EBS-backed instances only)

Terminate

Host computer The instance stays on the

same host computer

The instance runs on a new

host computer

NA

Private and public

IP addresses

Stay the same Instance keeps its private IP

address and gets a new public

IP address

NA

Elastic IP addresses

(EIP)

EIP remains associated with

the instance

EIP remains associated with the

instance

The EIP is disassociated from the

instance

Instance store

volumes

The data is preserved The data is erased The data is erased

EBS volume The volume is preserved The volume is preserved The volume is deleted by default

Billing Instance billing hour doesnrsquot

change

You stop incurring charges as

soon as state is changed to

stopping

You stop incurring charges as

soon as state is changed to

shutting-down

52copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instructor Demo

Amazon S3

53copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Networking

Amazon VPC

54copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

Provision a private isolated virtual network

on the AWS cloud

Have complete control over your virtual

networking environmentAmazon

VPC

55copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

VPCs and Subnets

A subnet defines a range of IP addresses in your VPC

You can launch AWS resources into a subnet that you select

A private subnet should be used for resources that wonrsquot be accessible over the Internet

A public subnet should be used for resources that will be accessed over the Internet

Each subnet must reside entirely within one Availability Zone and cannot span zones

56copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon VPC Example

Availability Zone A

Virtual Private Cloud

AWS Cloud

Public Subnet

Internet

Virtual Private Cloud

Availability Zone B

Private Subnet

Availability Zone C

VPN Only Subnet

DB Server DB Server

App Server

DB Server DB Server

DB Server

Web Server Web Server

NAT

Customer

Network

R

57copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security in Your VPC

Security groups

Network access

control lists

(ACLs) Subnet

1000024Subnet

1001024

Internet GatewayVPN Gateway

VPC Router

1000016

Security Group Security

Group

Security

Group

Network ACL Network ACL

Routing Table Routing Table

instance instance instance instance

58copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answers

Q What AWS service would help support your web application to offload serving static assets and store user uploaded images and video off-instance

Q How would you find out the private and public IP addresses for an EC2 instance

Q What acts as an additional layer of security at the subnet level in a VPC

True or False S3 Provides unlimited storageTrue

Retrieve the instance metadata http169254169254latestmeta-data

Amazon S3

Network ACLs

59copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 3

Security Identity and Access

Management

60copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Shared Responsibility ndash AWS

AW

S

Client-side Data Encryption

and Data Integrity

Authentication

Server-side Encryption

(File System andor Data)Network Traffic Protection

(EncryptionIntegrityIdentity)

Platform Applications Identity and Access Management

Operating System Network and Firewall Configuration

Customer DataC

usto

mer

Foundation Services

Compute Storage Database Network

AWS Global

Infrastructure Regions

Availability Zones Edge

Locations

61copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Physical Security

247 trained security staff

AWS data centers in nondescript and undisclosed facilities

Two-factor authentication for authorized staff

Authorization for data center access

62copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Hardware Software and Network

Automated change-control process

Bastion servers that record all access attempts

Firewall and other boundary devices

AWS monitoring tools

63copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Certifications and Accreditations

ISO 9001 ISO 27001 ISO 27017 ISO 27018 IRAP (Australia) MLPS Level 3 (China)

MTCS Tier 3 Certification (Singapore) and more hellip

64copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SSL Endpoints

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

SSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

SSL Endpoints

65copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security Groups

SSL Endpoints Security Groups

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

66copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

VPCSSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

67copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Multi-Tier Security Groups

HTTP

SSHRDP

Ports 80 and 443 only

open to the Internet

Engineering staff have SSHRDP

access to Bastion Host

All other internet ports blocked by default

Bastion

68copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Identity and Access Management (IAM)

AWS IAM

3

Manage federated users

and their permissions

2

Manage AWS IAM roles

and their permissions

1

Manage AWS IAM users

and their access

69copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Authentication

AWS Management Console User Name and Password

IAM User

70copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Access Key ID AKIAIOSFODNN7EXAMPLE

Secret Access Key wJalrXUtnFEMIK7MDENGbPxRfiCYEXAMPLEKEY

Java Python NET

AWS SDK amp APIAWS CLI

Authentication

AWS CLI or SDK API Access Key and Secret Key

IAM User

71copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM User Management - Groups

User D

DevOps Group

User C

AWS Account

TestDev Group

User BUser A

72copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authorization

Authorization

Policies

Are JSON documents to

describe permissions

Are assigned to Users

Groups or Roles

IAM User IAM Group

IAM Roles

73copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Elements

Version 2012-10-17

Statement [

Sid Stmt1453690971587

Action [

ec2Describe

ec2StartInstances

ec2StopInstancesrdquo

]

Effect Allow

Resource

Condition

IpAddress

awsSourceIp 5464346532rdquo

Sid Stmt1453690998327

Action [

s3GetObjectrdquo

]

Effect Allow

Resource arnawss3example_bucketrdquo

]

IAM Policy

74copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

Assigned Assigned

IAM Policy

75copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

76copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Roles

An IAM role uses a policy

An IAM role has no associated credentials

IAM users applications and services may assume IAM

roles

IAM Roles

77copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

IAM User

Assumed Assumed

AWS Resources

78copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Access to AWS Resources

Python application hosted on an Amazon EC2 Instance

needs to interact with Amazon S3

AWS credentials are required

Option 1 Store AWS Credentials on the Amazon EC2 instance

Option 2 Securely distribute AWS credentials to AWS Services

and Applications

IAM Roles

79copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Authentication

AWS IAM Application

No Support No Support

OS

80copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication and Authorization

Authentication

AWS Management Console

bull User Name and Password

AWS CLI or SDK API

bull Access Key and Secret Key

Authorization

Policies

IAM User IAM Group

IAM Roles

81copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices

Delete AWS account (root) access keys

Create individual IAM users

Use groups to assign permissions to IAM users

Grant least privilege

Configure a strong password policy

Enable MFA for privileged users

82copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices (cont)

Use roles for applications that run on Amazon EC2

instances

Delegate by using roles instead of by sharing credentials

Rotate credentials regularly

Remove unnecessary users and credentials

Use policy conditions for extra security

Monitor activity in your AWS account

83copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Resource-Based Policies

Are an alternative to IAM and supported by some

services

Grant cross-account access to your resources

Use a principal to uniquely identify account in the policy

Supported AWS services include Amazon S3 Bucket Policy

Amazon SNS Topic Policy

Amazon SQS Queue Policy

Amazon Glacier Vault Policy

AWS OpsWorks Stack Policy

AWS Lambda Function Policy

84copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answer

Q Your web application needs to readwrite an Amazon DynamoDB table

and an Amazon S3 bucket This operation requires AWS credentials and

authorization to use AWS services What service would you use

AWS IAM Role

85copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 4

Databases

86copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SQL and NoSQL Databases

SQL NoSQL

Data Storage Rows and Columns Key-Value

Schemas Fixed Dynamic

Querying Using SQL Focused on collection of

documents

Scalability Vertical Horizontal

ISBN Title Author Format

9182932465265 Cloud Computing

Concepts

Wilson

Joe

Paperback

3142536475869 The Database

Guru

Gomez

Maria

eBook

SQL NoSQL

ISBN 9182932465265

Title ldquoCloud Computing Conceptsrdquo

Author ldquoWilson Joerdquo

Format ldquoPaperbackrdquo

87copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Data Storage Considerations

No one size fits all

Analyze your data requirements by considering

Data formats

Data size

Query frequency

Data access speed

Data retention period

88copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Managed Database Services

Compute Storage

AWS Global Infrastructure

Database

App Services

Deployment and Administration

Networking

Amazon DynamoDB

Amazon ElastiCache

Amazon RDS

Amazon Redshift

AWS Database Migration Service

89copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Relational Database Service (RDS)

Cost-efficient and resizable capacity

Manages time-consuming database

administration tasks

Access to the full capabilities of Amazon

Aurora MySQL MariaDB Microsoft SQL

Server Oracle and PostgreSQL databases

Amazon

RDS

90copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Use Case

We were able to go from

concept to delivered product

in about six months with just

a handful of engineers

Greg Scallan

Chief Architect Flipboard

rdquo

ldquoFlipboard is an online magazine

with millions of users and billions of

ldquoflipsrdquo per month

Flipboard is one of the worldrsquos first

social media magazines

Flipboard uses Amazon RDS and

its Multi-AZ capabilities to store

mission critical user data

91copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS

Simple and fast to deploy

Manages common database administrative tasks

Compatible with your applications

Fast predictable performance

Simple and fast to scale

Secure

Cost-effective

92copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

How Amazon RDS Backups Work

Automatic Backups

Restore your database to a

point in time

Are enabled by default

Let you choose a retention

period up to 35 days

Manual Snapshots

Let you build a new

database instance from a

snapshot

Are initiated by the user

Persist until the user deletes

them

Are stored in Amazon S3

93copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cross-Region Snapshots

Are a copy of a database

snapshot stored in a

different AWS Region

Provide a backup for

disaster recovery

Can be used as a base

for migration to a

different region

94copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Security

Run your DB instance in an Amazon VPC

Use IAM policies to grant access to Amazon RDS resources

Use security groups

Use Secure Socket Layer (SSL) connections with DB instances (Amazon Aurora Oracle MySQL MariaDB PostgreSQL Microsoft SQL Server)

Use Amazon RDS encryption to secure your RDS instances and snapshots at rest

Use network encryption and transparent data encryption (TDE) with Oracle DB and Microsoft SQL Server instances

Use the security features of your DB engine to control access to your DB instance

95copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

A Resilient Durable Application Architecture

Amazon RDS database

instances

Master and Multi-AZ standby

Application in Amazon

EC2 instances

Elastic Load Balancing

load balancer instance

DB snapshots in

Amazon S3

96copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Best Practices

Monitor your memory CPU and storage usage

Use Multi-AZ deployments to automatically provision and maintain a synchronous standby in a different Availability Zone

Enable automatic backups

Set the backup window to occur during the daily low in WriteIOPS

To increase the IO capacity of a DB instance Migrate to a DB instance class with high IO capacity

Convert from standard storage to provisioned IOPS storage and use a DB instance class optimized for provisioned IOPS

Provision additional throughput capacity (if using provisioned IOPS storage)

If your client application is caching the DNS data of your DB instances set a TTL of less than 30 seconds

Test failover for your DB instance

97copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon DynamoDB

Store any amount of data with no limits

Fast predictable performance using SSDs

Easily provision and change the request

capacity needed for each table

Fully managed NoSQL database serviceAmazon

DynamoDB

98copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Use Case

AdRoll an online advertising platform serves 50

billion impressions a day worldwide with its

global retargeting platforms

We spend more on snacks

than we do on Amazon

DynamoDB

Valentino Volonghi

CTO Adroll

rdquo

ldquoAdroll Uses AWS to grow by more than

15000 in a year

Needed high-performance flexible

platform to swiftly sync data for

worldwide audience

Processes 50 TB of data a day

Serves 50 billion impressions a day

Stores 15 PB of data

Worldwide deployment minimizes

latency

99copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Data Model

Table

MusicItems

Attributes (name-value pairs)

Artist Song

Title

Album

Title

Year Genre

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 30: AWSome Day Cork | Technical Track

30copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Current Generation Instances

Instance Family Some Use Cases

General purpose (t2 m4 m3) bull Low-traffic websites and web applications

bull Small databases and mid-size databases

Compute optimized (c4 c3) bull High performance front-end fleets

bull Video-encoding

Memory optimized (r3) bull High performance databases

bull Distributed memory caches

Storage optimized (i2 d2) bull Data warehousing

bull Log or data-processing applications

GPU instances (g2) bull 3D application streaming

bull Machine learning

31copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instance Metadata amp User Data

Instance Metadata

Is data about your instance

Can be used to configure or manage a running instance

Instance User Data

Can be passed to the instance at launch

Can be used to perform common automated configuration tasks

Runs scripts after the instance starts

32copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Purchasing Options

On-Demand Instances

Pay by the hour

Reserved Instances

Purchase at significant discount

Instances are always available

1-year to 3-year terms

Scheduled Instances

Purchase a 1-year RI for a

recurring period of time

Spot Instances

Highest bidder uses instance at a

significant discount

Spot blocks supported

Dedicated Hosts

Physical host is fully dedicated to

run your instances Bring your per-socket per-core or per-

VM software licenses to reduce

cost

33copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instructor Demo

Amazon EC2

34copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Simple Storage Service (S3)

Amazon S3

Storage for the Internet

Natively online HTTP access

Store and retrieve any amount of data any

time from anywhere on the web

Highly scalable reliable fast and durable

35copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Facts

Able to store an unlimited number of objects in a bucket

Objects up to 5 TB no bucket size limit

Designed for 99999999999 durability and 9999 availability of

objects over a given year

HTTPS endpoint to store and retrieve any amount of data at any

time from anywhere on the web

Highly scalable reliable fast and inexpensive

Optional server-side encryption using AWS or customer-

managed provided client-side encryption

Access logs for auditing

Provides standards-based REST and SOAP interfaces

36copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Common Use Scenarios

Storage and Backup

Application File Hosting

Media Hosting

Software Delivery

Store AMIs and Snapshots

37copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Concepts

Amazon S3 stores data as objects

within buckets

An object is composed of a file and

optionally any metadata that

describes that file

You can have up to 100 buckets in

each account

You can control access to the

bucket and its objects

Amazon

S3

Bucket

with

Objects

Bucket

Object

38copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Object Keys

An object key is the unique identifier for an object in a

bucket

httpdocs3amazonawscom2006-03-01AmazonS3html

Bucket ObjectKey

39copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Security

You can control access to buckets and objects with

Access Control Lists (ACLs)

Bucket policies

Identity and Access Management (IAM) policies

You can upload or download data to Amazon S3 via SSL

encrypted endpoints

You can encrypt data using AWS SDKs

40copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Versioning

Protects from accidental overwrites and deletes with

no performance penalty

Generates a new version with every upload

Allows easily retrieval of deleted objects or roll back

to previous versions

Three states of an Amazon S3 bucket

Un-versioned (default)

Versioning-enabled

Versioning-suspendedVersioning Enabled

Key photogif

ID 121212

Key photogif

ID 111111

41copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Object Lifecycle

Lifecycle management defines how Amazon S3 manages

objects during their lifetime Some objects that you store in an

Amazon S3 bucket might have a well-defined lifecycle

Log files

Archive documents

Digital media archives

Financial and healthcare records

Raw genomics sequence data

Long-term database backups

Data that must be retained for regulatory compliance

42copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Glacier

Long term low-cost archiving service

Optimal for infrequently accessed data

Designed for 99999999999 durability

3-5 hours retrieval time

Less than $001 per GB month (depending on region)

43copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 + Amazon Glacier

S3 Lifecycle policies allow you to delete or move

objects based on age and set rules per S3 bucket

bucket with

objects

30 Days

Glacier

archive

365 Days

44copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Region Considerations

Amazon S3 creates a bucket in the region you

select

You can choose a region to

Optimize latency

Minimize costs

Address regulatory requirements

Objects stored in a region never leave the region

unless you explicitly transfer them to another

region

45copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Storage Classes

Storage Class Durability Availability Other Considerations

Amazon S3

Standard

99999999999 9999 None

Amazon S3

Standard -

Infrequent

Access (IA)

99999999999 9999 bull Retrieval fee associated

with objects

bull Most suitable for

infrequently accessed

data

Glacier 99999999999 9999 (after you

restore objects)

bull Not available for real-time

access

bull Must restore objects

before you can access

them

46copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Elastic Block Store (EBS)

Persistent block level storage volumes

offering consistent and low-latency performance

Automatically replicated within its Availability

Zone

Snapshots stored durably in Amazon S3 Amazon

EBS

47copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS Lifecycle

Vast amounts of

unused space Create

Call CreateVolume

1 GB to 16 TB

Attach

Call AttachVolume to affiliate with

one Amazon EC2 instance

Attached

and

In Use

bull Format from Amazon EC2

instance OS

bull Mount formatted drive

CreateSnapshotSnapshot to

Amazon S3Detach

Call DetachVolume

Deleted

Call DeleteVolume

48copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS Facts

You can create

EBS Magnetic volumes from 1 GiB to 1 TiB in size

EBS General Purpose (SSD) and Provisioned IOPS (SSD)

volumes up to 16 TiB in size

You can use encrypted EBS volumes to meet a wide

range of data at-rest encryption requirements for

regulatedaudited data and applications

You can create point-in-time snapshots of EBS volumes

which are persisted to Amazon S3

49copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS and Amazon S3

Amazon EBS Amazon S3

Paradigm Block storage with file system Object store

Performance Very fast Fast

Redundancy Across multiple servers in an

Availability Zone

Across multiple facilities in a Region

Security EBS Encryption ndash Data volumes

and Snapshots

Encryption

Access from the

Internet

No (1) Yes (2)

Typical use case It is a disk drive Online storage

(1) Accessible from the Internet if mounted to server and set up as FTP etc

(2) Only with proper credentials unless ACLs are world-readable

50copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Instance Storage

Local complimentary direct attached block storage resource

Availability number of disks and size is based on EC2

instance type

Storage optimized instances for up to 365000 Read IOPS

and 315000 First Write IOPS

SSD or magnetic

No persistence

All data is automatically deleted when an EC2 instance stops

fails or is terminated

51copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Reboot vs Stop vs Terminate

Characteristic Reboot StopStart (EBS-backed instances only)

Terminate

Host computer The instance stays on the

same host computer

The instance runs on a new

host computer

NA

Private and public

IP addresses

Stay the same Instance keeps its private IP

address and gets a new public

IP address

NA

Elastic IP addresses

(EIP)

EIP remains associated with

the instance

EIP remains associated with the

instance

The EIP is disassociated from the

instance

Instance store

volumes

The data is preserved The data is erased The data is erased

EBS volume The volume is preserved The volume is preserved The volume is deleted by default

Billing Instance billing hour doesnrsquot

change

You stop incurring charges as

soon as state is changed to

stopping

You stop incurring charges as

soon as state is changed to

shutting-down

52copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instructor Demo

Amazon S3

53copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Networking

Amazon VPC

54copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

Provision a private isolated virtual network

on the AWS cloud

Have complete control over your virtual

networking environmentAmazon

VPC

55copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

VPCs and Subnets

A subnet defines a range of IP addresses in your VPC

You can launch AWS resources into a subnet that you select

A private subnet should be used for resources that wonrsquot be accessible over the Internet

A public subnet should be used for resources that will be accessed over the Internet

Each subnet must reside entirely within one Availability Zone and cannot span zones

56copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon VPC Example

Availability Zone A

Virtual Private Cloud

AWS Cloud

Public Subnet

Internet

Virtual Private Cloud

Availability Zone B

Private Subnet

Availability Zone C

VPN Only Subnet

DB Server DB Server

App Server

DB Server DB Server

DB Server

Web Server Web Server

NAT

Customer

Network

R

57copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security in Your VPC

Security groups

Network access

control lists

(ACLs) Subnet

1000024Subnet

1001024

Internet GatewayVPN Gateway

VPC Router

1000016

Security Group Security

Group

Security

Group

Network ACL Network ACL

Routing Table Routing Table

instance instance instance instance

58copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answers

Q What AWS service would help support your web application to offload serving static assets and store user uploaded images and video off-instance

Q How would you find out the private and public IP addresses for an EC2 instance

Q What acts as an additional layer of security at the subnet level in a VPC

True or False S3 Provides unlimited storageTrue

Retrieve the instance metadata http169254169254latestmeta-data

Amazon S3

Network ACLs

59copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 3

Security Identity and Access

Management

60copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Shared Responsibility ndash AWS

AW

S

Client-side Data Encryption

and Data Integrity

Authentication

Server-side Encryption

(File System andor Data)Network Traffic Protection

(EncryptionIntegrityIdentity)

Platform Applications Identity and Access Management

Operating System Network and Firewall Configuration

Customer DataC

usto

mer

Foundation Services

Compute Storage Database Network

AWS Global

Infrastructure Regions

Availability Zones Edge

Locations

61copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Physical Security

247 trained security staff

AWS data centers in nondescript and undisclosed facilities

Two-factor authentication for authorized staff

Authorization for data center access

62copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Hardware Software and Network

Automated change-control process

Bastion servers that record all access attempts

Firewall and other boundary devices

AWS monitoring tools

63copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Certifications and Accreditations

ISO 9001 ISO 27001 ISO 27017 ISO 27018 IRAP (Australia) MLPS Level 3 (China)

MTCS Tier 3 Certification (Singapore) and more hellip

64copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SSL Endpoints

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

SSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

SSL Endpoints

65copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security Groups

SSL Endpoints Security Groups

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

66copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

VPCSSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

67copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Multi-Tier Security Groups

HTTP

SSHRDP

Ports 80 and 443 only

open to the Internet

Engineering staff have SSHRDP

access to Bastion Host

All other internet ports blocked by default

Bastion

68copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Identity and Access Management (IAM)

AWS IAM

3

Manage federated users

and their permissions

2

Manage AWS IAM roles

and their permissions

1

Manage AWS IAM users

and their access

69copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Authentication

AWS Management Console User Name and Password

IAM User

70copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Access Key ID AKIAIOSFODNN7EXAMPLE

Secret Access Key wJalrXUtnFEMIK7MDENGbPxRfiCYEXAMPLEKEY

Java Python NET

AWS SDK amp APIAWS CLI

Authentication

AWS CLI or SDK API Access Key and Secret Key

IAM User

71copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM User Management - Groups

User D

DevOps Group

User C

AWS Account

TestDev Group

User BUser A

72copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authorization

Authorization

Policies

Are JSON documents to

describe permissions

Are assigned to Users

Groups or Roles

IAM User IAM Group

IAM Roles

73copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Elements

Version 2012-10-17

Statement [

Sid Stmt1453690971587

Action [

ec2Describe

ec2StartInstances

ec2StopInstancesrdquo

]

Effect Allow

Resource

Condition

IpAddress

awsSourceIp 5464346532rdquo

Sid Stmt1453690998327

Action [

s3GetObjectrdquo

]

Effect Allow

Resource arnawss3example_bucketrdquo

]

IAM Policy

74copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

Assigned Assigned

IAM Policy

75copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

76copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Roles

An IAM role uses a policy

An IAM role has no associated credentials

IAM users applications and services may assume IAM

roles

IAM Roles

77copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

IAM User

Assumed Assumed

AWS Resources

78copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Access to AWS Resources

Python application hosted on an Amazon EC2 Instance

needs to interact with Amazon S3

AWS credentials are required

Option 1 Store AWS Credentials on the Amazon EC2 instance

Option 2 Securely distribute AWS credentials to AWS Services

and Applications

IAM Roles

79copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Authentication

AWS IAM Application

No Support No Support

OS

80copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication and Authorization

Authentication

AWS Management Console

bull User Name and Password

AWS CLI or SDK API

bull Access Key and Secret Key

Authorization

Policies

IAM User IAM Group

IAM Roles

81copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices

Delete AWS account (root) access keys

Create individual IAM users

Use groups to assign permissions to IAM users

Grant least privilege

Configure a strong password policy

Enable MFA for privileged users

82copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices (cont)

Use roles for applications that run on Amazon EC2

instances

Delegate by using roles instead of by sharing credentials

Rotate credentials regularly

Remove unnecessary users and credentials

Use policy conditions for extra security

Monitor activity in your AWS account

83copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Resource-Based Policies

Are an alternative to IAM and supported by some

services

Grant cross-account access to your resources

Use a principal to uniquely identify account in the policy

Supported AWS services include Amazon S3 Bucket Policy

Amazon SNS Topic Policy

Amazon SQS Queue Policy

Amazon Glacier Vault Policy

AWS OpsWorks Stack Policy

AWS Lambda Function Policy

84copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answer

Q Your web application needs to readwrite an Amazon DynamoDB table

and an Amazon S3 bucket This operation requires AWS credentials and

authorization to use AWS services What service would you use

AWS IAM Role

85copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 4

Databases

86copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SQL and NoSQL Databases

SQL NoSQL

Data Storage Rows and Columns Key-Value

Schemas Fixed Dynamic

Querying Using SQL Focused on collection of

documents

Scalability Vertical Horizontal

ISBN Title Author Format

9182932465265 Cloud Computing

Concepts

Wilson

Joe

Paperback

3142536475869 The Database

Guru

Gomez

Maria

eBook

SQL NoSQL

ISBN 9182932465265

Title ldquoCloud Computing Conceptsrdquo

Author ldquoWilson Joerdquo

Format ldquoPaperbackrdquo

87copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Data Storage Considerations

No one size fits all

Analyze your data requirements by considering

Data formats

Data size

Query frequency

Data access speed

Data retention period

88copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Managed Database Services

Compute Storage

AWS Global Infrastructure

Database

App Services

Deployment and Administration

Networking

Amazon DynamoDB

Amazon ElastiCache

Amazon RDS

Amazon Redshift

AWS Database Migration Service

89copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Relational Database Service (RDS)

Cost-efficient and resizable capacity

Manages time-consuming database

administration tasks

Access to the full capabilities of Amazon

Aurora MySQL MariaDB Microsoft SQL

Server Oracle and PostgreSQL databases

Amazon

RDS

90copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Use Case

We were able to go from

concept to delivered product

in about six months with just

a handful of engineers

Greg Scallan

Chief Architect Flipboard

rdquo

ldquoFlipboard is an online magazine

with millions of users and billions of

ldquoflipsrdquo per month

Flipboard is one of the worldrsquos first

social media magazines

Flipboard uses Amazon RDS and

its Multi-AZ capabilities to store

mission critical user data

91copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS

Simple and fast to deploy

Manages common database administrative tasks

Compatible with your applications

Fast predictable performance

Simple and fast to scale

Secure

Cost-effective

92copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

How Amazon RDS Backups Work

Automatic Backups

Restore your database to a

point in time

Are enabled by default

Let you choose a retention

period up to 35 days

Manual Snapshots

Let you build a new

database instance from a

snapshot

Are initiated by the user

Persist until the user deletes

them

Are stored in Amazon S3

93copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cross-Region Snapshots

Are a copy of a database

snapshot stored in a

different AWS Region

Provide a backup for

disaster recovery

Can be used as a base

for migration to a

different region

94copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Security

Run your DB instance in an Amazon VPC

Use IAM policies to grant access to Amazon RDS resources

Use security groups

Use Secure Socket Layer (SSL) connections with DB instances (Amazon Aurora Oracle MySQL MariaDB PostgreSQL Microsoft SQL Server)

Use Amazon RDS encryption to secure your RDS instances and snapshots at rest

Use network encryption and transparent data encryption (TDE) with Oracle DB and Microsoft SQL Server instances

Use the security features of your DB engine to control access to your DB instance

95copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

A Resilient Durable Application Architecture

Amazon RDS database

instances

Master and Multi-AZ standby

Application in Amazon

EC2 instances

Elastic Load Balancing

load balancer instance

DB snapshots in

Amazon S3

96copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Best Practices

Monitor your memory CPU and storage usage

Use Multi-AZ deployments to automatically provision and maintain a synchronous standby in a different Availability Zone

Enable automatic backups

Set the backup window to occur during the daily low in WriteIOPS

To increase the IO capacity of a DB instance Migrate to a DB instance class with high IO capacity

Convert from standard storage to provisioned IOPS storage and use a DB instance class optimized for provisioned IOPS

Provision additional throughput capacity (if using provisioned IOPS storage)

If your client application is caching the DNS data of your DB instances set a TTL of less than 30 seconds

Test failover for your DB instance

97copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon DynamoDB

Store any amount of data with no limits

Fast predictable performance using SSDs

Easily provision and change the request

capacity needed for each table

Fully managed NoSQL database serviceAmazon

DynamoDB

98copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Use Case

AdRoll an online advertising platform serves 50

billion impressions a day worldwide with its

global retargeting platforms

We spend more on snacks

than we do on Amazon

DynamoDB

Valentino Volonghi

CTO Adroll

rdquo

ldquoAdroll Uses AWS to grow by more than

15000 in a year

Needed high-performance flexible

platform to swiftly sync data for

worldwide audience

Processes 50 TB of data a day

Serves 50 billion impressions a day

Stores 15 PB of data

Worldwide deployment minimizes

latency

99copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Data Model

Table

MusicItems

Attributes (name-value pairs)

Artist Song

Title

Album

Title

Year Genre

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 31: AWSome Day Cork | Technical Track

31copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instance Metadata amp User Data

Instance Metadata

Is data about your instance

Can be used to configure or manage a running instance

Instance User Data

Can be passed to the instance at launch

Can be used to perform common automated configuration tasks

Runs scripts after the instance starts

32copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Purchasing Options

On-Demand Instances

Pay by the hour

Reserved Instances

Purchase at significant discount

Instances are always available

1-year to 3-year terms

Scheduled Instances

Purchase a 1-year RI for a

recurring period of time

Spot Instances

Highest bidder uses instance at a

significant discount

Spot blocks supported

Dedicated Hosts

Physical host is fully dedicated to

run your instances Bring your per-socket per-core or per-

VM software licenses to reduce

cost

33copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instructor Demo

Amazon EC2

34copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Simple Storage Service (S3)

Amazon S3

Storage for the Internet

Natively online HTTP access

Store and retrieve any amount of data any

time from anywhere on the web

Highly scalable reliable fast and durable

35copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Facts

Able to store an unlimited number of objects in a bucket

Objects up to 5 TB no bucket size limit

Designed for 99999999999 durability and 9999 availability of

objects over a given year

HTTPS endpoint to store and retrieve any amount of data at any

time from anywhere on the web

Highly scalable reliable fast and inexpensive

Optional server-side encryption using AWS or customer-

managed provided client-side encryption

Access logs for auditing

Provides standards-based REST and SOAP interfaces

36copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Common Use Scenarios

Storage and Backup

Application File Hosting

Media Hosting

Software Delivery

Store AMIs and Snapshots

37copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Concepts

Amazon S3 stores data as objects

within buckets

An object is composed of a file and

optionally any metadata that

describes that file

You can have up to 100 buckets in

each account

You can control access to the

bucket and its objects

Amazon

S3

Bucket

with

Objects

Bucket

Object

38copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Object Keys

An object key is the unique identifier for an object in a

bucket

httpdocs3amazonawscom2006-03-01AmazonS3html

Bucket ObjectKey

39copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Security

You can control access to buckets and objects with

Access Control Lists (ACLs)

Bucket policies

Identity and Access Management (IAM) policies

You can upload or download data to Amazon S3 via SSL

encrypted endpoints

You can encrypt data using AWS SDKs

40copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Versioning

Protects from accidental overwrites and deletes with

no performance penalty

Generates a new version with every upload

Allows easily retrieval of deleted objects or roll back

to previous versions

Three states of an Amazon S3 bucket

Un-versioned (default)

Versioning-enabled

Versioning-suspendedVersioning Enabled

Key photogif

ID 121212

Key photogif

ID 111111

41copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Object Lifecycle

Lifecycle management defines how Amazon S3 manages

objects during their lifetime Some objects that you store in an

Amazon S3 bucket might have a well-defined lifecycle

Log files

Archive documents

Digital media archives

Financial and healthcare records

Raw genomics sequence data

Long-term database backups

Data that must be retained for regulatory compliance

42copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Glacier

Long term low-cost archiving service

Optimal for infrequently accessed data

Designed for 99999999999 durability

3-5 hours retrieval time

Less than $001 per GB month (depending on region)

43copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 + Amazon Glacier

S3 Lifecycle policies allow you to delete or move

objects based on age and set rules per S3 bucket

bucket with

objects

30 Days

Glacier

archive

365 Days

44copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Region Considerations

Amazon S3 creates a bucket in the region you

select

You can choose a region to

Optimize latency

Minimize costs

Address regulatory requirements

Objects stored in a region never leave the region

unless you explicitly transfer them to another

region

45copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Storage Classes

Storage Class Durability Availability Other Considerations

Amazon S3

Standard

99999999999 9999 None

Amazon S3

Standard -

Infrequent

Access (IA)

99999999999 9999 bull Retrieval fee associated

with objects

bull Most suitable for

infrequently accessed

data

Glacier 99999999999 9999 (after you

restore objects)

bull Not available for real-time

access

bull Must restore objects

before you can access

them

46copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Elastic Block Store (EBS)

Persistent block level storage volumes

offering consistent and low-latency performance

Automatically replicated within its Availability

Zone

Snapshots stored durably in Amazon S3 Amazon

EBS

47copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS Lifecycle

Vast amounts of

unused space Create

Call CreateVolume

1 GB to 16 TB

Attach

Call AttachVolume to affiliate with

one Amazon EC2 instance

Attached

and

In Use

bull Format from Amazon EC2

instance OS

bull Mount formatted drive

CreateSnapshotSnapshot to

Amazon S3Detach

Call DetachVolume

Deleted

Call DeleteVolume

48copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS Facts

You can create

EBS Magnetic volumes from 1 GiB to 1 TiB in size

EBS General Purpose (SSD) and Provisioned IOPS (SSD)

volumes up to 16 TiB in size

You can use encrypted EBS volumes to meet a wide

range of data at-rest encryption requirements for

regulatedaudited data and applications

You can create point-in-time snapshots of EBS volumes

which are persisted to Amazon S3

49copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS and Amazon S3

Amazon EBS Amazon S3

Paradigm Block storage with file system Object store

Performance Very fast Fast

Redundancy Across multiple servers in an

Availability Zone

Across multiple facilities in a Region

Security EBS Encryption ndash Data volumes

and Snapshots

Encryption

Access from the

Internet

No (1) Yes (2)

Typical use case It is a disk drive Online storage

(1) Accessible from the Internet if mounted to server and set up as FTP etc

(2) Only with proper credentials unless ACLs are world-readable

50copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Instance Storage

Local complimentary direct attached block storage resource

Availability number of disks and size is based on EC2

instance type

Storage optimized instances for up to 365000 Read IOPS

and 315000 First Write IOPS

SSD or magnetic

No persistence

All data is automatically deleted when an EC2 instance stops

fails or is terminated

51copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Reboot vs Stop vs Terminate

Characteristic Reboot StopStart (EBS-backed instances only)

Terminate

Host computer The instance stays on the

same host computer

The instance runs on a new

host computer

NA

Private and public

IP addresses

Stay the same Instance keeps its private IP

address and gets a new public

IP address

NA

Elastic IP addresses

(EIP)

EIP remains associated with

the instance

EIP remains associated with the

instance

The EIP is disassociated from the

instance

Instance store

volumes

The data is preserved The data is erased The data is erased

EBS volume The volume is preserved The volume is preserved The volume is deleted by default

Billing Instance billing hour doesnrsquot

change

You stop incurring charges as

soon as state is changed to

stopping

You stop incurring charges as

soon as state is changed to

shutting-down

52copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instructor Demo

Amazon S3

53copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Networking

Amazon VPC

54copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

Provision a private isolated virtual network

on the AWS cloud

Have complete control over your virtual

networking environmentAmazon

VPC

55copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

VPCs and Subnets

A subnet defines a range of IP addresses in your VPC

You can launch AWS resources into a subnet that you select

A private subnet should be used for resources that wonrsquot be accessible over the Internet

A public subnet should be used for resources that will be accessed over the Internet

Each subnet must reside entirely within one Availability Zone and cannot span zones

56copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon VPC Example

Availability Zone A

Virtual Private Cloud

AWS Cloud

Public Subnet

Internet

Virtual Private Cloud

Availability Zone B

Private Subnet

Availability Zone C

VPN Only Subnet

DB Server DB Server

App Server

DB Server DB Server

DB Server

Web Server Web Server

NAT

Customer

Network

R

57copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security in Your VPC

Security groups

Network access

control lists

(ACLs) Subnet

1000024Subnet

1001024

Internet GatewayVPN Gateway

VPC Router

1000016

Security Group Security

Group

Security

Group

Network ACL Network ACL

Routing Table Routing Table

instance instance instance instance

58copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answers

Q What AWS service would help support your web application to offload serving static assets and store user uploaded images and video off-instance

Q How would you find out the private and public IP addresses for an EC2 instance

Q What acts as an additional layer of security at the subnet level in a VPC

True or False S3 Provides unlimited storageTrue

Retrieve the instance metadata http169254169254latestmeta-data

Amazon S3

Network ACLs

59copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 3

Security Identity and Access

Management

60copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Shared Responsibility ndash AWS

AW

S

Client-side Data Encryption

and Data Integrity

Authentication

Server-side Encryption

(File System andor Data)Network Traffic Protection

(EncryptionIntegrityIdentity)

Platform Applications Identity and Access Management

Operating System Network and Firewall Configuration

Customer DataC

usto

mer

Foundation Services

Compute Storage Database Network

AWS Global

Infrastructure Regions

Availability Zones Edge

Locations

61copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Physical Security

247 trained security staff

AWS data centers in nondescript and undisclosed facilities

Two-factor authentication for authorized staff

Authorization for data center access

62copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Hardware Software and Network

Automated change-control process

Bastion servers that record all access attempts

Firewall and other boundary devices

AWS monitoring tools

63copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Certifications and Accreditations

ISO 9001 ISO 27001 ISO 27017 ISO 27018 IRAP (Australia) MLPS Level 3 (China)

MTCS Tier 3 Certification (Singapore) and more hellip

64copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SSL Endpoints

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

SSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

SSL Endpoints

65copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security Groups

SSL Endpoints Security Groups

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

66copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

VPCSSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

67copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Multi-Tier Security Groups

HTTP

SSHRDP

Ports 80 and 443 only

open to the Internet

Engineering staff have SSHRDP

access to Bastion Host

All other internet ports blocked by default

Bastion

68copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Identity and Access Management (IAM)

AWS IAM

3

Manage federated users

and their permissions

2

Manage AWS IAM roles

and their permissions

1

Manage AWS IAM users

and their access

69copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Authentication

AWS Management Console User Name and Password

IAM User

70copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Access Key ID AKIAIOSFODNN7EXAMPLE

Secret Access Key wJalrXUtnFEMIK7MDENGbPxRfiCYEXAMPLEKEY

Java Python NET

AWS SDK amp APIAWS CLI

Authentication

AWS CLI or SDK API Access Key and Secret Key

IAM User

71copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM User Management - Groups

User D

DevOps Group

User C

AWS Account

TestDev Group

User BUser A

72copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authorization

Authorization

Policies

Are JSON documents to

describe permissions

Are assigned to Users

Groups or Roles

IAM User IAM Group

IAM Roles

73copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Elements

Version 2012-10-17

Statement [

Sid Stmt1453690971587

Action [

ec2Describe

ec2StartInstances

ec2StopInstancesrdquo

]

Effect Allow

Resource

Condition

IpAddress

awsSourceIp 5464346532rdquo

Sid Stmt1453690998327

Action [

s3GetObjectrdquo

]

Effect Allow

Resource arnawss3example_bucketrdquo

]

IAM Policy

74copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

Assigned Assigned

IAM Policy

75copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

76copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Roles

An IAM role uses a policy

An IAM role has no associated credentials

IAM users applications and services may assume IAM

roles

IAM Roles

77copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

IAM User

Assumed Assumed

AWS Resources

78copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Access to AWS Resources

Python application hosted on an Amazon EC2 Instance

needs to interact with Amazon S3

AWS credentials are required

Option 1 Store AWS Credentials on the Amazon EC2 instance

Option 2 Securely distribute AWS credentials to AWS Services

and Applications

IAM Roles

79copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Authentication

AWS IAM Application

No Support No Support

OS

80copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication and Authorization

Authentication

AWS Management Console

bull User Name and Password

AWS CLI or SDK API

bull Access Key and Secret Key

Authorization

Policies

IAM User IAM Group

IAM Roles

81copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices

Delete AWS account (root) access keys

Create individual IAM users

Use groups to assign permissions to IAM users

Grant least privilege

Configure a strong password policy

Enable MFA for privileged users

82copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices (cont)

Use roles for applications that run on Amazon EC2

instances

Delegate by using roles instead of by sharing credentials

Rotate credentials regularly

Remove unnecessary users and credentials

Use policy conditions for extra security

Monitor activity in your AWS account

83copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Resource-Based Policies

Are an alternative to IAM and supported by some

services

Grant cross-account access to your resources

Use a principal to uniquely identify account in the policy

Supported AWS services include Amazon S3 Bucket Policy

Amazon SNS Topic Policy

Amazon SQS Queue Policy

Amazon Glacier Vault Policy

AWS OpsWorks Stack Policy

AWS Lambda Function Policy

84copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answer

Q Your web application needs to readwrite an Amazon DynamoDB table

and an Amazon S3 bucket This operation requires AWS credentials and

authorization to use AWS services What service would you use

AWS IAM Role

85copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 4

Databases

86copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SQL and NoSQL Databases

SQL NoSQL

Data Storage Rows and Columns Key-Value

Schemas Fixed Dynamic

Querying Using SQL Focused on collection of

documents

Scalability Vertical Horizontal

ISBN Title Author Format

9182932465265 Cloud Computing

Concepts

Wilson

Joe

Paperback

3142536475869 The Database

Guru

Gomez

Maria

eBook

SQL NoSQL

ISBN 9182932465265

Title ldquoCloud Computing Conceptsrdquo

Author ldquoWilson Joerdquo

Format ldquoPaperbackrdquo

87copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Data Storage Considerations

No one size fits all

Analyze your data requirements by considering

Data formats

Data size

Query frequency

Data access speed

Data retention period

88copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Managed Database Services

Compute Storage

AWS Global Infrastructure

Database

App Services

Deployment and Administration

Networking

Amazon DynamoDB

Amazon ElastiCache

Amazon RDS

Amazon Redshift

AWS Database Migration Service

89copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Relational Database Service (RDS)

Cost-efficient and resizable capacity

Manages time-consuming database

administration tasks

Access to the full capabilities of Amazon

Aurora MySQL MariaDB Microsoft SQL

Server Oracle and PostgreSQL databases

Amazon

RDS

90copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Use Case

We were able to go from

concept to delivered product

in about six months with just

a handful of engineers

Greg Scallan

Chief Architect Flipboard

rdquo

ldquoFlipboard is an online magazine

with millions of users and billions of

ldquoflipsrdquo per month

Flipboard is one of the worldrsquos first

social media magazines

Flipboard uses Amazon RDS and

its Multi-AZ capabilities to store

mission critical user data

91copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS

Simple and fast to deploy

Manages common database administrative tasks

Compatible with your applications

Fast predictable performance

Simple and fast to scale

Secure

Cost-effective

92copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

How Amazon RDS Backups Work

Automatic Backups

Restore your database to a

point in time

Are enabled by default

Let you choose a retention

period up to 35 days

Manual Snapshots

Let you build a new

database instance from a

snapshot

Are initiated by the user

Persist until the user deletes

them

Are stored in Amazon S3

93copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cross-Region Snapshots

Are a copy of a database

snapshot stored in a

different AWS Region

Provide a backup for

disaster recovery

Can be used as a base

for migration to a

different region

94copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Security

Run your DB instance in an Amazon VPC

Use IAM policies to grant access to Amazon RDS resources

Use security groups

Use Secure Socket Layer (SSL) connections with DB instances (Amazon Aurora Oracle MySQL MariaDB PostgreSQL Microsoft SQL Server)

Use Amazon RDS encryption to secure your RDS instances and snapshots at rest

Use network encryption and transparent data encryption (TDE) with Oracle DB and Microsoft SQL Server instances

Use the security features of your DB engine to control access to your DB instance

95copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

A Resilient Durable Application Architecture

Amazon RDS database

instances

Master and Multi-AZ standby

Application in Amazon

EC2 instances

Elastic Load Balancing

load balancer instance

DB snapshots in

Amazon S3

96copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Best Practices

Monitor your memory CPU and storage usage

Use Multi-AZ deployments to automatically provision and maintain a synchronous standby in a different Availability Zone

Enable automatic backups

Set the backup window to occur during the daily low in WriteIOPS

To increase the IO capacity of a DB instance Migrate to a DB instance class with high IO capacity

Convert from standard storage to provisioned IOPS storage and use a DB instance class optimized for provisioned IOPS

Provision additional throughput capacity (if using provisioned IOPS storage)

If your client application is caching the DNS data of your DB instances set a TTL of less than 30 seconds

Test failover for your DB instance

97copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon DynamoDB

Store any amount of data with no limits

Fast predictable performance using SSDs

Easily provision and change the request

capacity needed for each table

Fully managed NoSQL database serviceAmazon

DynamoDB

98copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Use Case

AdRoll an online advertising platform serves 50

billion impressions a day worldwide with its

global retargeting platforms

We spend more on snacks

than we do on Amazon

DynamoDB

Valentino Volonghi

CTO Adroll

rdquo

ldquoAdroll Uses AWS to grow by more than

15000 in a year

Needed high-performance flexible

platform to swiftly sync data for

worldwide audience

Processes 50 TB of data a day

Serves 50 billion impressions a day

Stores 15 PB of data

Worldwide deployment minimizes

latency

99copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Data Model

Table

MusicItems

Attributes (name-value pairs)

Artist Song

Title

Album

Title

Year Genre

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 32: AWSome Day Cork | Technical Track

32copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Purchasing Options

On-Demand Instances

Pay by the hour

Reserved Instances

Purchase at significant discount

Instances are always available

1-year to 3-year terms

Scheduled Instances

Purchase a 1-year RI for a

recurring period of time

Spot Instances

Highest bidder uses instance at a

significant discount

Spot blocks supported

Dedicated Hosts

Physical host is fully dedicated to

run your instances Bring your per-socket per-core or per-

VM software licenses to reduce

cost

33copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instructor Demo

Amazon EC2

34copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Simple Storage Service (S3)

Amazon S3

Storage for the Internet

Natively online HTTP access

Store and retrieve any amount of data any

time from anywhere on the web

Highly scalable reliable fast and durable

35copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Facts

Able to store an unlimited number of objects in a bucket

Objects up to 5 TB no bucket size limit

Designed for 99999999999 durability and 9999 availability of

objects over a given year

HTTPS endpoint to store and retrieve any amount of data at any

time from anywhere on the web

Highly scalable reliable fast and inexpensive

Optional server-side encryption using AWS or customer-

managed provided client-side encryption

Access logs for auditing

Provides standards-based REST and SOAP interfaces

36copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Common Use Scenarios

Storage and Backup

Application File Hosting

Media Hosting

Software Delivery

Store AMIs and Snapshots

37copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Concepts

Amazon S3 stores data as objects

within buckets

An object is composed of a file and

optionally any metadata that

describes that file

You can have up to 100 buckets in

each account

You can control access to the

bucket and its objects

Amazon

S3

Bucket

with

Objects

Bucket

Object

38copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Object Keys

An object key is the unique identifier for an object in a

bucket

httpdocs3amazonawscom2006-03-01AmazonS3html

Bucket ObjectKey

39copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Security

You can control access to buckets and objects with

Access Control Lists (ACLs)

Bucket policies

Identity and Access Management (IAM) policies

You can upload or download data to Amazon S3 via SSL

encrypted endpoints

You can encrypt data using AWS SDKs

40copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Versioning

Protects from accidental overwrites and deletes with

no performance penalty

Generates a new version with every upload

Allows easily retrieval of deleted objects or roll back

to previous versions

Three states of an Amazon S3 bucket

Un-versioned (default)

Versioning-enabled

Versioning-suspendedVersioning Enabled

Key photogif

ID 121212

Key photogif

ID 111111

41copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Object Lifecycle

Lifecycle management defines how Amazon S3 manages

objects during their lifetime Some objects that you store in an

Amazon S3 bucket might have a well-defined lifecycle

Log files

Archive documents

Digital media archives

Financial and healthcare records

Raw genomics sequence data

Long-term database backups

Data that must be retained for regulatory compliance

42copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Glacier

Long term low-cost archiving service

Optimal for infrequently accessed data

Designed for 99999999999 durability

3-5 hours retrieval time

Less than $001 per GB month (depending on region)

43copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 + Amazon Glacier

S3 Lifecycle policies allow you to delete or move

objects based on age and set rules per S3 bucket

bucket with

objects

30 Days

Glacier

archive

365 Days

44copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Region Considerations

Amazon S3 creates a bucket in the region you

select

You can choose a region to

Optimize latency

Minimize costs

Address regulatory requirements

Objects stored in a region never leave the region

unless you explicitly transfer them to another

region

45copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Storage Classes

Storage Class Durability Availability Other Considerations

Amazon S3

Standard

99999999999 9999 None

Amazon S3

Standard -

Infrequent

Access (IA)

99999999999 9999 bull Retrieval fee associated

with objects

bull Most suitable for

infrequently accessed

data

Glacier 99999999999 9999 (after you

restore objects)

bull Not available for real-time

access

bull Must restore objects

before you can access

them

46copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Elastic Block Store (EBS)

Persistent block level storage volumes

offering consistent and low-latency performance

Automatically replicated within its Availability

Zone

Snapshots stored durably in Amazon S3 Amazon

EBS

47copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS Lifecycle

Vast amounts of

unused space Create

Call CreateVolume

1 GB to 16 TB

Attach

Call AttachVolume to affiliate with

one Amazon EC2 instance

Attached

and

In Use

bull Format from Amazon EC2

instance OS

bull Mount formatted drive

CreateSnapshotSnapshot to

Amazon S3Detach

Call DetachVolume

Deleted

Call DeleteVolume

48copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS Facts

You can create

EBS Magnetic volumes from 1 GiB to 1 TiB in size

EBS General Purpose (SSD) and Provisioned IOPS (SSD)

volumes up to 16 TiB in size

You can use encrypted EBS volumes to meet a wide

range of data at-rest encryption requirements for

regulatedaudited data and applications

You can create point-in-time snapshots of EBS volumes

which are persisted to Amazon S3

49copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS and Amazon S3

Amazon EBS Amazon S3

Paradigm Block storage with file system Object store

Performance Very fast Fast

Redundancy Across multiple servers in an

Availability Zone

Across multiple facilities in a Region

Security EBS Encryption ndash Data volumes

and Snapshots

Encryption

Access from the

Internet

No (1) Yes (2)

Typical use case It is a disk drive Online storage

(1) Accessible from the Internet if mounted to server and set up as FTP etc

(2) Only with proper credentials unless ACLs are world-readable

50copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Instance Storage

Local complimentary direct attached block storage resource

Availability number of disks and size is based on EC2

instance type

Storage optimized instances for up to 365000 Read IOPS

and 315000 First Write IOPS

SSD or magnetic

No persistence

All data is automatically deleted when an EC2 instance stops

fails or is terminated

51copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Reboot vs Stop vs Terminate

Characteristic Reboot StopStart (EBS-backed instances only)

Terminate

Host computer The instance stays on the

same host computer

The instance runs on a new

host computer

NA

Private and public

IP addresses

Stay the same Instance keeps its private IP

address and gets a new public

IP address

NA

Elastic IP addresses

(EIP)

EIP remains associated with

the instance

EIP remains associated with the

instance

The EIP is disassociated from the

instance

Instance store

volumes

The data is preserved The data is erased The data is erased

EBS volume The volume is preserved The volume is preserved The volume is deleted by default

Billing Instance billing hour doesnrsquot

change

You stop incurring charges as

soon as state is changed to

stopping

You stop incurring charges as

soon as state is changed to

shutting-down

52copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instructor Demo

Amazon S3

53copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Networking

Amazon VPC

54copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

Provision a private isolated virtual network

on the AWS cloud

Have complete control over your virtual

networking environmentAmazon

VPC

55copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

VPCs and Subnets

A subnet defines a range of IP addresses in your VPC

You can launch AWS resources into a subnet that you select

A private subnet should be used for resources that wonrsquot be accessible over the Internet

A public subnet should be used for resources that will be accessed over the Internet

Each subnet must reside entirely within one Availability Zone and cannot span zones

56copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon VPC Example

Availability Zone A

Virtual Private Cloud

AWS Cloud

Public Subnet

Internet

Virtual Private Cloud

Availability Zone B

Private Subnet

Availability Zone C

VPN Only Subnet

DB Server DB Server

App Server

DB Server DB Server

DB Server

Web Server Web Server

NAT

Customer

Network

R

57copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security in Your VPC

Security groups

Network access

control lists

(ACLs) Subnet

1000024Subnet

1001024

Internet GatewayVPN Gateway

VPC Router

1000016

Security Group Security

Group

Security

Group

Network ACL Network ACL

Routing Table Routing Table

instance instance instance instance

58copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answers

Q What AWS service would help support your web application to offload serving static assets and store user uploaded images and video off-instance

Q How would you find out the private and public IP addresses for an EC2 instance

Q What acts as an additional layer of security at the subnet level in a VPC

True or False S3 Provides unlimited storageTrue

Retrieve the instance metadata http169254169254latestmeta-data

Amazon S3

Network ACLs

59copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 3

Security Identity and Access

Management

60copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Shared Responsibility ndash AWS

AW

S

Client-side Data Encryption

and Data Integrity

Authentication

Server-side Encryption

(File System andor Data)Network Traffic Protection

(EncryptionIntegrityIdentity)

Platform Applications Identity and Access Management

Operating System Network and Firewall Configuration

Customer DataC

usto

mer

Foundation Services

Compute Storage Database Network

AWS Global

Infrastructure Regions

Availability Zones Edge

Locations

61copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Physical Security

247 trained security staff

AWS data centers in nondescript and undisclosed facilities

Two-factor authentication for authorized staff

Authorization for data center access

62copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Hardware Software and Network

Automated change-control process

Bastion servers that record all access attempts

Firewall and other boundary devices

AWS monitoring tools

63copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Certifications and Accreditations

ISO 9001 ISO 27001 ISO 27017 ISO 27018 IRAP (Australia) MLPS Level 3 (China)

MTCS Tier 3 Certification (Singapore) and more hellip

64copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SSL Endpoints

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

SSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

SSL Endpoints

65copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security Groups

SSL Endpoints Security Groups

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

66copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

VPCSSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

67copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Multi-Tier Security Groups

HTTP

SSHRDP

Ports 80 and 443 only

open to the Internet

Engineering staff have SSHRDP

access to Bastion Host

All other internet ports blocked by default

Bastion

68copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Identity and Access Management (IAM)

AWS IAM

3

Manage federated users

and their permissions

2

Manage AWS IAM roles

and their permissions

1

Manage AWS IAM users

and their access

69copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Authentication

AWS Management Console User Name and Password

IAM User

70copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Access Key ID AKIAIOSFODNN7EXAMPLE

Secret Access Key wJalrXUtnFEMIK7MDENGbPxRfiCYEXAMPLEKEY

Java Python NET

AWS SDK amp APIAWS CLI

Authentication

AWS CLI or SDK API Access Key and Secret Key

IAM User

71copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM User Management - Groups

User D

DevOps Group

User C

AWS Account

TestDev Group

User BUser A

72copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authorization

Authorization

Policies

Are JSON documents to

describe permissions

Are assigned to Users

Groups or Roles

IAM User IAM Group

IAM Roles

73copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Elements

Version 2012-10-17

Statement [

Sid Stmt1453690971587

Action [

ec2Describe

ec2StartInstances

ec2StopInstancesrdquo

]

Effect Allow

Resource

Condition

IpAddress

awsSourceIp 5464346532rdquo

Sid Stmt1453690998327

Action [

s3GetObjectrdquo

]

Effect Allow

Resource arnawss3example_bucketrdquo

]

IAM Policy

74copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

Assigned Assigned

IAM Policy

75copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

76copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Roles

An IAM role uses a policy

An IAM role has no associated credentials

IAM users applications and services may assume IAM

roles

IAM Roles

77copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

IAM User

Assumed Assumed

AWS Resources

78copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Access to AWS Resources

Python application hosted on an Amazon EC2 Instance

needs to interact with Amazon S3

AWS credentials are required

Option 1 Store AWS Credentials on the Amazon EC2 instance

Option 2 Securely distribute AWS credentials to AWS Services

and Applications

IAM Roles

79copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Authentication

AWS IAM Application

No Support No Support

OS

80copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication and Authorization

Authentication

AWS Management Console

bull User Name and Password

AWS CLI or SDK API

bull Access Key and Secret Key

Authorization

Policies

IAM User IAM Group

IAM Roles

81copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices

Delete AWS account (root) access keys

Create individual IAM users

Use groups to assign permissions to IAM users

Grant least privilege

Configure a strong password policy

Enable MFA for privileged users

82copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices (cont)

Use roles for applications that run on Amazon EC2

instances

Delegate by using roles instead of by sharing credentials

Rotate credentials regularly

Remove unnecessary users and credentials

Use policy conditions for extra security

Monitor activity in your AWS account

83copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Resource-Based Policies

Are an alternative to IAM and supported by some

services

Grant cross-account access to your resources

Use a principal to uniquely identify account in the policy

Supported AWS services include Amazon S3 Bucket Policy

Amazon SNS Topic Policy

Amazon SQS Queue Policy

Amazon Glacier Vault Policy

AWS OpsWorks Stack Policy

AWS Lambda Function Policy

84copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answer

Q Your web application needs to readwrite an Amazon DynamoDB table

and an Amazon S3 bucket This operation requires AWS credentials and

authorization to use AWS services What service would you use

AWS IAM Role

85copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 4

Databases

86copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SQL and NoSQL Databases

SQL NoSQL

Data Storage Rows and Columns Key-Value

Schemas Fixed Dynamic

Querying Using SQL Focused on collection of

documents

Scalability Vertical Horizontal

ISBN Title Author Format

9182932465265 Cloud Computing

Concepts

Wilson

Joe

Paperback

3142536475869 The Database

Guru

Gomez

Maria

eBook

SQL NoSQL

ISBN 9182932465265

Title ldquoCloud Computing Conceptsrdquo

Author ldquoWilson Joerdquo

Format ldquoPaperbackrdquo

87copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Data Storage Considerations

No one size fits all

Analyze your data requirements by considering

Data formats

Data size

Query frequency

Data access speed

Data retention period

88copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Managed Database Services

Compute Storage

AWS Global Infrastructure

Database

App Services

Deployment and Administration

Networking

Amazon DynamoDB

Amazon ElastiCache

Amazon RDS

Amazon Redshift

AWS Database Migration Service

89copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Relational Database Service (RDS)

Cost-efficient and resizable capacity

Manages time-consuming database

administration tasks

Access to the full capabilities of Amazon

Aurora MySQL MariaDB Microsoft SQL

Server Oracle and PostgreSQL databases

Amazon

RDS

90copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Use Case

We were able to go from

concept to delivered product

in about six months with just

a handful of engineers

Greg Scallan

Chief Architect Flipboard

rdquo

ldquoFlipboard is an online magazine

with millions of users and billions of

ldquoflipsrdquo per month

Flipboard is one of the worldrsquos first

social media magazines

Flipboard uses Amazon RDS and

its Multi-AZ capabilities to store

mission critical user data

91copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS

Simple and fast to deploy

Manages common database administrative tasks

Compatible with your applications

Fast predictable performance

Simple and fast to scale

Secure

Cost-effective

92copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

How Amazon RDS Backups Work

Automatic Backups

Restore your database to a

point in time

Are enabled by default

Let you choose a retention

period up to 35 days

Manual Snapshots

Let you build a new

database instance from a

snapshot

Are initiated by the user

Persist until the user deletes

them

Are stored in Amazon S3

93copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cross-Region Snapshots

Are a copy of a database

snapshot stored in a

different AWS Region

Provide a backup for

disaster recovery

Can be used as a base

for migration to a

different region

94copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Security

Run your DB instance in an Amazon VPC

Use IAM policies to grant access to Amazon RDS resources

Use security groups

Use Secure Socket Layer (SSL) connections with DB instances (Amazon Aurora Oracle MySQL MariaDB PostgreSQL Microsoft SQL Server)

Use Amazon RDS encryption to secure your RDS instances and snapshots at rest

Use network encryption and transparent data encryption (TDE) with Oracle DB and Microsoft SQL Server instances

Use the security features of your DB engine to control access to your DB instance

95copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

A Resilient Durable Application Architecture

Amazon RDS database

instances

Master and Multi-AZ standby

Application in Amazon

EC2 instances

Elastic Load Balancing

load balancer instance

DB snapshots in

Amazon S3

96copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Best Practices

Monitor your memory CPU and storage usage

Use Multi-AZ deployments to automatically provision and maintain a synchronous standby in a different Availability Zone

Enable automatic backups

Set the backup window to occur during the daily low in WriteIOPS

To increase the IO capacity of a DB instance Migrate to a DB instance class with high IO capacity

Convert from standard storage to provisioned IOPS storage and use a DB instance class optimized for provisioned IOPS

Provision additional throughput capacity (if using provisioned IOPS storage)

If your client application is caching the DNS data of your DB instances set a TTL of less than 30 seconds

Test failover for your DB instance

97copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon DynamoDB

Store any amount of data with no limits

Fast predictable performance using SSDs

Easily provision and change the request

capacity needed for each table

Fully managed NoSQL database serviceAmazon

DynamoDB

98copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Use Case

AdRoll an online advertising platform serves 50

billion impressions a day worldwide with its

global retargeting platforms

We spend more on snacks

than we do on Amazon

DynamoDB

Valentino Volonghi

CTO Adroll

rdquo

ldquoAdroll Uses AWS to grow by more than

15000 in a year

Needed high-performance flexible

platform to swiftly sync data for

worldwide audience

Processes 50 TB of data a day

Serves 50 billion impressions a day

Stores 15 PB of data

Worldwide deployment minimizes

latency

99copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Data Model

Table

MusicItems

Attributes (name-value pairs)

Artist Song

Title

Album

Title

Year Genre

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 33: AWSome Day Cork | Technical Track

33copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instructor Demo

Amazon EC2

34copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Simple Storage Service (S3)

Amazon S3

Storage for the Internet

Natively online HTTP access

Store and retrieve any amount of data any

time from anywhere on the web

Highly scalable reliable fast and durable

35copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Facts

Able to store an unlimited number of objects in a bucket

Objects up to 5 TB no bucket size limit

Designed for 99999999999 durability and 9999 availability of

objects over a given year

HTTPS endpoint to store and retrieve any amount of data at any

time from anywhere on the web

Highly scalable reliable fast and inexpensive

Optional server-side encryption using AWS or customer-

managed provided client-side encryption

Access logs for auditing

Provides standards-based REST and SOAP interfaces

36copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Common Use Scenarios

Storage and Backup

Application File Hosting

Media Hosting

Software Delivery

Store AMIs and Snapshots

37copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Concepts

Amazon S3 stores data as objects

within buckets

An object is composed of a file and

optionally any metadata that

describes that file

You can have up to 100 buckets in

each account

You can control access to the

bucket and its objects

Amazon

S3

Bucket

with

Objects

Bucket

Object

38copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Object Keys

An object key is the unique identifier for an object in a

bucket

httpdocs3amazonawscom2006-03-01AmazonS3html

Bucket ObjectKey

39copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Security

You can control access to buckets and objects with

Access Control Lists (ACLs)

Bucket policies

Identity and Access Management (IAM) policies

You can upload or download data to Amazon S3 via SSL

encrypted endpoints

You can encrypt data using AWS SDKs

40copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Versioning

Protects from accidental overwrites and deletes with

no performance penalty

Generates a new version with every upload

Allows easily retrieval of deleted objects or roll back

to previous versions

Three states of an Amazon S3 bucket

Un-versioned (default)

Versioning-enabled

Versioning-suspendedVersioning Enabled

Key photogif

ID 121212

Key photogif

ID 111111

41copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Object Lifecycle

Lifecycle management defines how Amazon S3 manages

objects during their lifetime Some objects that you store in an

Amazon S3 bucket might have a well-defined lifecycle

Log files

Archive documents

Digital media archives

Financial and healthcare records

Raw genomics sequence data

Long-term database backups

Data that must be retained for regulatory compliance

42copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Glacier

Long term low-cost archiving service

Optimal for infrequently accessed data

Designed for 99999999999 durability

3-5 hours retrieval time

Less than $001 per GB month (depending on region)

43copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 + Amazon Glacier

S3 Lifecycle policies allow you to delete or move

objects based on age and set rules per S3 bucket

bucket with

objects

30 Days

Glacier

archive

365 Days

44copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Region Considerations

Amazon S3 creates a bucket in the region you

select

You can choose a region to

Optimize latency

Minimize costs

Address regulatory requirements

Objects stored in a region never leave the region

unless you explicitly transfer them to another

region

45copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Storage Classes

Storage Class Durability Availability Other Considerations

Amazon S3

Standard

99999999999 9999 None

Amazon S3

Standard -

Infrequent

Access (IA)

99999999999 9999 bull Retrieval fee associated

with objects

bull Most suitable for

infrequently accessed

data

Glacier 99999999999 9999 (after you

restore objects)

bull Not available for real-time

access

bull Must restore objects

before you can access

them

46copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Elastic Block Store (EBS)

Persistent block level storage volumes

offering consistent and low-latency performance

Automatically replicated within its Availability

Zone

Snapshots stored durably in Amazon S3 Amazon

EBS

47copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS Lifecycle

Vast amounts of

unused space Create

Call CreateVolume

1 GB to 16 TB

Attach

Call AttachVolume to affiliate with

one Amazon EC2 instance

Attached

and

In Use

bull Format from Amazon EC2

instance OS

bull Mount formatted drive

CreateSnapshotSnapshot to

Amazon S3Detach

Call DetachVolume

Deleted

Call DeleteVolume

48copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS Facts

You can create

EBS Magnetic volumes from 1 GiB to 1 TiB in size

EBS General Purpose (SSD) and Provisioned IOPS (SSD)

volumes up to 16 TiB in size

You can use encrypted EBS volumes to meet a wide

range of data at-rest encryption requirements for

regulatedaudited data and applications

You can create point-in-time snapshots of EBS volumes

which are persisted to Amazon S3

49copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS and Amazon S3

Amazon EBS Amazon S3

Paradigm Block storage with file system Object store

Performance Very fast Fast

Redundancy Across multiple servers in an

Availability Zone

Across multiple facilities in a Region

Security EBS Encryption ndash Data volumes

and Snapshots

Encryption

Access from the

Internet

No (1) Yes (2)

Typical use case It is a disk drive Online storage

(1) Accessible from the Internet if mounted to server and set up as FTP etc

(2) Only with proper credentials unless ACLs are world-readable

50copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Instance Storage

Local complimentary direct attached block storage resource

Availability number of disks and size is based on EC2

instance type

Storage optimized instances for up to 365000 Read IOPS

and 315000 First Write IOPS

SSD or magnetic

No persistence

All data is automatically deleted when an EC2 instance stops

fails or is terminated

51copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Reboot vs Stop vs Terminate

Characteristic Reboot StopStart (EBS-backed instances only)

Terminate

Host computer The instance stays on the

same host computer

The instance runs on a new

host computer

NA

Private and public

IP addresses

Stay the same Instance keeps its private IP

address and gets a new public

IP address

NA

Elastic IP addresses

(EIP)

EIP remains associated with

the instance

EIP remains associated with the

instance

The EIP is disassociated from the

instance

Instance store

volumes

The data is preserved The data is erased The data is erased

EBS volume The volume is preserved The volume is preserved The volume is deleted by default

Billing Instance billing hour doesnrsquot

change

You stop incurring charges as

soon as state is changed to

stopping

You stop incurring charges as

soon as state is changed to

shutting-down

52copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instructor Demo

Amazon S3

53copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Networking

Amazon VPC

54copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

Provision a private isolated virtual network

on the AWS cloud

Have complete control over your virtual

networking environmentAmazon

VPC

55copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

VPCs and Subnets

A subnet defines a range of IP addresses in your VPC

You can launch AWS resources into a subnet that you select

A private subnet should be used for resources that wonrsquot be accessible over the Internet

A public subnet should be used for resources that will be accessed over the Internet

Each subnet must reside entirely within one Availability Zone and cannot span zones

56copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon VPC Example

Availability Zone A

Virtual Private Cloud

AWS Cloud

Public Subnet

Internet

Virtual Private Cloud

Availability Zone B

Private Subnet

Availability Zone C

VPN Only Subnet

DB Server DB Server

App Server

DB Server DB Server

DB Server

Web Server Web Server

NAT

Customer

Network

R

57copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security in Your VPC

Security groups

Network access

control lists

(ACLs) Subnet

1000024Subnet

1001024

Internet GatewayVPN Gateway

VPC Router

1000016

Security Group Security

Group

Security

Group

Network ACL Network ACL

Routing Table Routing Table

instance instance instance instance

58copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answers

Q What AWS service would help support your web application to offload serving static assets and store user uploaded images and video off-instance

Q How would you find out the private and public IP addresses for an EC2 instance

Q What acts as an additional layer of security at the subnet level in a VPC

True or False S3 Provides unlimited storageTrue

Retrieve the instance metadata http169254169254latestmeta-data

Amazon S3

Network ACLs

59copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 3

Security Identity and Access

Management

60copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Shared Responsibility ndash AWS

AW

S

Client-side Data Encryption

and Data Integrity

Authentication

Server-side Encryption

(File System andor Data)Network Traffic Protection

(EncryptionIntegrityIdentity)

Platform Applications Identity and Access Management

Operating System Network and Firewall Configuration

Customer DataC

usto

mer

Foundation Services

Compute Storage Database Network

AWS Global

Infrastructure Regions

Availability Zones Edge

Locations

61copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Physical Security

247 trained security staff

AWS data centers in nondescript and undisclosed facilities

Two-factor authentication for authorized staff

Authorization for data center access

62copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Hardware Software and Network

Automated change-control process

Bastion servers that record all access attempts

Firewall and other boundary devices

AWS monitoring tools

63copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Certifications and Accreditations

ISO 9001 ISO 27001 ISO 27017 ISO 27018 IRAP (Australia) MLPS Level 3 (China)

MTCS Tier 3 Certification (Singapore) and more hellip

64copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SSL Endpoints

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

SSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

SSL Endpoints

65copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security Groups

SSL Endpoints Security Groups

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

66copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

VPCSSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

67copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Multi-Tier Security Groups

HTTP

SSHRDP

Ports 80 and 443 only

open to the Internet

Engineering staff have SSHRDP

access to Bastion Host

All other internet ports blocked by default

Bastion

68copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Identity and Access Management (IAM)

AWS IAM

3

Manage federated users

and their permissions

2

Manage AWS IAM roles

and their permissions

1

Manage AWS IAM users

and their access

69copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Authentication

AWS Management Console User Name and Password

IAM User

70copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Access Key ID AKIAIOSFODNN7EXAMPLE

Secret Access Key wJalrXUtnFEMIK7MDENGbPxRfiCYEXAMPLEKEY

Java Python NET

AWS SDK amp APIAWS CLI

Authentication

AWS CLI or SDK API Access Key and Secret Key

IAM User

71copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM User Management - Groups

User D

DevOps Group

User C

AWS Account

TestDev Group

User BUser A

72copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authorization

Authorization

Policies

Are JSON documents to

describe permissions

Are assigned to Users

Groups or Roles

IAM User IAM Group

IAM Roles

73copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Elements

Version 2012-10-17

Statement [

Sid Stmt1453690971587

Action [

ec2Describe

ec2StartInstances

ec2StopInstancesrdquo

]

Effect Allow

Resource

Condition

IpAddress

awsSourceIp 5464346532rdquo

Sid Stmt1453690998327

Action [

s3GetObjectrdquo

]

Effect Allow

Resource arnawss3example_bucketrdquo

]

IAM Policy

74copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

Assigned Assigned

IAM Policy

75copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

76copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Roles

An IAM role uses a policy

An IAM role has no associated credentials

IAM users applications and services may assume IAM

roles

IAM Roles

77copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

IAM User

Assumed Assumed

AWS Resources

78copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Access to AWS Resources

Python application hosted on an Amazon EC2 Instance

needs to interact with Amazon S3

AWS credentials are required

Option 1 Store AWS Credentials on the Amazon EC2 instance

Option 2 Securely distribute AWS credentials to AWS Services

and Applications

IAM Roles

79copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Authentication

AWS IAM Application

No Support No Support

OS

80copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication and Authorization

Authentication

AWS Management Console

bull User Name and Password

AWS CLI or SDK API

bull Access Key and Secret Key

Authorization

Policies

IAM User IAM Group

IAM Roles

81copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices

Delete AWS account (root) access keys

Create individual IAM users

Use groups to assign permissions to IAM users

Grant least privilege

Configure a strong password policy

Enable MFA for privileged users

82copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices (cont)

Use roles for applications that run on Amazon EC2

instances

Delegate by using roles instead of by sharing credentials

Rotate credentials regularly

Remove unnecessary users and credentials

Use policy conditions for extra security

Monitor activity in your AWS account

83copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Resource-Based Policies

Are an alternative to IAM and supported by some

services

Grant cross-account access to your resources

Use a principal to uniquely identify account in the policy

Supported AWS services include Amazon S3 Bucket Policy

Amazon SNS Topic Policy

Amazon SQS Queue Policy

Amazon Glacier Vault Policy

AWS OpsWorks Stack Policy

AWS Lambda Function Policy

84copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answer

Q Your web application needs to readwrite an Amazon DynamoDB table

and an Amazon S3 bucket This operation requires AWS credentials and

authorization to use AWS services What service would you use

AWS IAM Role

85copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 4

Databases

86copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SQL and NoSQL Databases

SQL NoSQL

Data Storage Rows and Columns Key-Value

Schemas Fixed Dynamic

Querying Using SQL Focused on collection of

documents

Scalability Vertical Horizontal

ISBN Title Author Format

9182932465265 Cloud Computing

Concepts

Wilson

Joe

Paperback

3142536475869 The Database

Guru

Gomez

Maria

eBook

SQL NoSQL

ISBN 9182932465265

Title ldquoCloud Computing Conceptsrdquo

Author ldquoWilson Joerdquo

Format ldquoPaperbackrdquo

87copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Data Storage Considerations

No one size fits all

Analyze your data requirements by considering

Data formats

Data size

Query frequency

Data access speed

Data retention period

88copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Managed Database Services

Compute Storage

AWS Global Infrastructure

Database

App Services

Deployment and Administration

Networking

Amazon DynamoDB

Amazon ElastiCache

Amazon RDS

Amazon Redshift

AWS Database Migration Service

89copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Relational Database Service (RDS)

Cost-efficient and resizable capacity

Manages time-consuming database

administration tasks

Access to the full capabilities of Amazon

Aurora MySQL MariaDB Microsoft SQL

Server Oracle and PostgreSQL databases

Amazon

RDS

90copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Use Case

We were able to go from

concept to delivered product

in about six months with just

a handful of engineers

Greg Scallan

Chief Architect Flipboard

rdquo

ldquoFlipboard is an online magazine

with millions of users and billions of

ldquoflipsrdquo per month

Flipboard is one of the worldrsquos first

social media magazines

Flipboard uses Amazon RDS and

its Multi-AZ capabilities to store

mission critical user data

91copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS

Simple and fast to deploy

Manages common database administrative tasks

Compatible with your applications

Fast predictable performance

Simple and fast to scale

Secure

Cost-effective

92copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

How Amazon RDS Backups Work

Automatic Backups

Restore your database to a

point in time

Are enabled by default

Let you choose a retention

period up to 35 days

Manual Snapshots

Let you build a new

database instance from a

snapshot

Are initiated by the user

Persist until the user deletes

them

Are stored in Amazon S3

93copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cross-Region Snapshots

Are a copy of a database

snapshot stored in a

different AWS Region

Provide a backup for

disaster recovery

Can be used as a base

for migration to a

different region

94copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Security

Run your DB instance in an Amazon VPC

Use IAM policies to grant access to Amazon RDS resources

Use security groups

Use Secure Socket Layer (SSL) connections with DB instances (Amazon Aurora Oracle MySQL MariaDB PostgreSQL Microsoft SQL Server)

Use Amazon RDS encryption to secure your RDS instances and snapshots at rest

Use network encryption and transparent data encryption (TDE) with Oracle DB and Microsoft SQL Server instances

Use the security features of your DB engine to control access to your DB instance

95copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

A Resilient Durable Application Architecture

Amazon RDS database

instances

Master and Multi-AZ standby

Application in Amazon

EC2 instances

Elastic Load Balancing

load balancer instance

DB snapshots in

Amazon S3

96copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Best Practices

Monitor your memory CPU and storage usage

Use Multi-AZ deployments to automatically provision and maintain a synchronous standby in a different Availability Zone

Enable automatic backups

Set the backup window to occur during the daily low in WriteIOPS

To increase the IO capacity of a DB instance Migrate to a DB instance class with high IO capacity

Convert from standard storage to provisioned IOPS storage and use a DB instance class optimized for provisioned IOPS

Provision additional throughput capacity (if using provisioned IOPS storage)

If your client application is caching the DNS data of your DB instances set a TTL of less than 30 seconds

Test failover for your DB instance

97copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon DynamoDB

Store any amount of data with no limits

Fast predictable performance using SSDs

Easily provision and change the request

capacity needed for each table

Fully managed NoSQL database serviceAmazon

DynamoDB

98copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Use Case

AdRoll an online advertising platform serves 50

billion impressions a day worldwide with its

global retargeting platforms

We spend more on snacks

than we do on Amazon

DynamoDB

Valentino Volonghi

CTO Adroll

rdquo

ldquoAdroll Uses AWS to grow by more than

15000 in a year

Needed high-performance flexible

platform to swiftly sync data for

worldwide audience

Processes 50 TB of data a day

Serves 50 billion impressions a day

Stores 15 PB of data

Worldwide deployment minimizes

latency

99copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Data Model

Table

MusicItems

Attributes (name-value pairs)

Artist Song

Title

Album

Title

Year Genre

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 34: AWSome Day Cork | Technical Track

34copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Simple Storage Service (S3)

Amazon S3

Storage for the Internet

Natively online HTTP access

Store and retrieve any amount of data any

time from anywhere on the web

Highly scalable reliable fast and durable

35copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Facts

Able to store an unlimited number of objects in a bucket

Objects up to 5 TB no bucket size limit

Designed for 99999999999 durability and 9999 availability of

objects over a given year

HTTPS endpoint to store and retrieve any amount of data at any

time from anywhere on the web

Highly scalable reliable fast and inexpensive

Optional server-side encryption using AWS or customer-

managed provided client-side encryption

Access logs for auditing

Provides standards-based REST and SOAP interfaces

36copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Common Use Scenarios

Storage and Backup

Application File Hosting

Media Hosting

Software Delivery

Store AMIs and Snapshots

37copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Concepts

Amazon S3 stores data as objects

within buckets

An object is composed of a file and

optionally any metadata that

describes that file

You can have up to 100 buckets in

each account

You can control access to the

bucket and its objects

Amazon

S3

Bucket

with

Objects

Bucket

Object

38copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Object Keys

An object key is the unique identifier for an object in a

bucket

httpdocs3amazonawscom2006-03-01AmazonS3html

Bucket ObjectKey

39copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Security

You can control access to buckets and objects with

Access Control Lists (ACLs)

Bucket policies

Identity and Access Management (IAM) policies

You can upload or download data to Amazon S3 via SSL

encrypted endpoints

You can encrypt data using AWS SDKs

40copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Versioning

Protects from accidental overwrites and deletes with

no performance penalty

Generates a new version with every upload

Allows easily retrieval of deleted objects or roll back

to previous versions

Three states of an Amazon S3 bucket

Un-versioned (default)

Versioning-enabled

Versioning-suspendedVersioning Enabled

Key photogif

ID 121212

Key photogif

ID 111111

41copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Object Lifecycle

Lifecycle management defines how Amazon S3 manages

objects during their lifetime Some objects that you store in an

Amazon S3 bucket might have a well-defined lifecycle

Log files

Archive documents

Digital media archives

Financial and healthcare records

Raw genomics sequence data

Long-term database backups

Data that must be retained for regulatory compliance

42copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Glacier

Long term low-cost archiving service

Optimal for infrequently accessed data

Designed for 99999999999 durability

3-5 hours retrieval time

Less than $001 per GB month (depending on region)

43copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 + Amazon Glacier

S3 Lifecycle policies allow you to delete or move

objects based on age and set rules per S3 bucket

bucket with

objects

30 Days

Glacier

archive

365 Days

44copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Region Considerations

Amazon S3 creates a bucket in the region you

select

You can choose a region to

Optimize latency

Minimize costs

Address regulatory requirements

Objects stored in a region never leave the region

unless you explicitly transfer them to another

region

45copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Storage Classes

Storage Class Durability Availability Other Considerations

Amazon S3

Standard

99999999999 9999 None

Amazon S3

Standard -

Infrequent

Access (IA)

99999999999 9999 bull Retrieval fee associated

with objects

bull Most suitable for

infrequently accessed

data

Glacier 99999999999 9999 (after you

restore objects)

bull Not available for real-time

access

bull Must restore objects

before you can access

them

46copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Elastic Block Store (EBS)

Persistent block level storage volumes

offering consistent and low-latency performance

Automatically replicated within its Availability

Zone

Snapshots stored durably in Amazon S3 Amazon

EBS

47copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS Lifecycle

Vast amounts of

unused space Create

Call CreateVolume

1 GB to 16 TB

Attach

Call AttachVolume to affiliate with

one Amazon EC2 instance

Attached

and

In Use

bull Format from Amazon EC2

instance OS

bull Mount formatted drive

CreateSnapshotSnapshot to

Amazon S3Detach

Call DetachVolume

Deleted

Call DeleteVolume

48copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS Facts

You can create

EBS Magnetic volumes from 1 GiB to 1 TiB in size

EBS General Purpose (SSD) and Provisioned IOPS (SSD)

volumes up to 16 TiB in size

You can use encrypted EBS volumes to meet a wide

range of data at-rest encryption requirements for

regulatedaudited data and applications

You can create point-in-time snapshots of EBS volumes

which are persisted to Amazon S3

49copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS and Amazon S3

Amazon EBS Amazon S3

Paradigm Block storage with file system Object store

Performance Very fast Fast

Redundancy Across multiple servers in an

Availability Zone

Across multiple facilities in a Region

Security EBS Encryption ndash Data volumes

and Snapshots

Encryption

Access from the

Internet

No (1) Yes (2)

Typical use case It is a disk drive Online storage

(1) Accessible from the Internet if mounted to server and set up as FTP etc

(2) Only with proper credentials unless ACLs are world-readable

50copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Instance Storage

Local complimentary direct attached block storage resource

Availability number of disks and size is based on EC2

instance type

Storage optimized instances for up to 365000 Read IOPS

and 315000 First Write IOPS

SSD or magnetic

No persistence

All data is automatically deleted when an EC2 instance stops

fails or is terminated

51copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Reboot vs Stop vs Terminate

Characteristic Reboot StopStart (EBS-backed instances only)

Terminate

Host computer The instance stays on the

same host computer

The instance runs on a new

host computer

NA

Private and public

IP addresses

Stay the same Instance keeps its private IP

address and gets a new public

IP address

NA

Elastic IP addresses

(EIP)

EIP remains associated with

the instance

EIP remains associated with the

instance

The EIP is disassociated from the

instance

Instance store

volumes

The data is preserved The data is erased The data is erased

EBS volume The volume is preserved The volume is preserved The volume is deleted by default

Billing Instance billing hour doesnrsquot

change

You stop incurring charges as

soon as state is changed to

stopping

You stop incurring charges as

soon as state is changed to

shutting-down

52copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instructor Demo

Amazon S3

53copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Networking

Amazon VPC

54copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

Provision a private isolated virtual network

on the AWS cloud

Have complete control over your virtual

networking environmentAmazon

VPC

55copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

VPCs and Subnets

A subnet defines a range of IP addresses in your VPC

You can launch AWS resources into a subnet that you select

A private subnet should be used for resources that wonrsquot be accessible over the Internet

A public subnet should be used for resources that will be accessed over the Internet

Each subnet must reside entirely within one Availability Zone and cannot span zones

56copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon VPC Example

Availability Zone A

Virtual Private Cloud

AWS Cloud

Public Subnet

Internet

Virtual Private Cloud

Availability Zone B

Private Subnet

Availability Zone C

VPN Only Subnet

DB Server DB Server

App Server

DB Server DB Server

DB Server

Web Server Web Server

NAT

Customer

Network

R

57copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security in Your VPC

Security groups

Network access

control lists

(ACLs) Subnet

1000024Subnet

1001024

Internet GatewayVPN Gateway

VPC Router

1000016

Security Group Security

Group

Security

Group

Network ACL Network ACL

Routing Table Routing Table

instance instance instance instance

58copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answers

Q What AWS service would help support your web application to offload serving static assets and store user uploaded images and video off-instance

Q How would you find out the private and public IP addresses for an EC2 instance

Q What acts as an additional layer of security at the subnet level in a VPC

True or False S3 Provides unlimited storageTrue

Retrieve the instance metadata http169254169254latestmeta-data

Amazon S3

Network ACLs

59copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 3

Security Identity and Access

Management

60copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Shared Responsibility ndash AWS

AW

S

Client-side Data Encryption

and Data Integrity

Authentication

Server-side Encryption

(File System andor Data)Network Traffic Protection

(EncryptionIntegrityIdentity)

Platform Applications Identity and Access Management

Operating System Network and Firewall Configuration

Customer DataC

usto

mer

Foundation Services

Compute Storage Database Network

AWS Global

Infrastructure Regions

Availability Zones Edge

Locations

61copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Physical Security

247 trained security staff

AWS data centers in nondescript and undisclosed facilities

Two-factor authentication for authorized staff

Authorization for data center access

62copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Hardware Software and Network

Automated change-control process

Bastion servers that record all access attempts

Firewall and other boundary devices

AWS monitoring tools

63copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Certifications and Accreditations

ISO 9001 ISO 27001 ISO 27017 ISO 27018 IRAP (Australia) MLPS Level 3 (China)

MTCS Tier 3 Certification (Singapore) and more hellip

64copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SSL Endpoints

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

SSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

SSL Endpoints

65copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security Groups

SSL Endpoints Security Groups

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

66copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

VPCSSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

67copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Multi-Tier Security Groups

HTTP

SSHRDP

Ports 80 and 443 only

open to the Internet

Engineering staff have SSHRDP

access to Bastion Host

All other internet ports blocked by default

Bastion

68copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Identity and Access Management (IAM)

AWS IAM

3

Manage federated users

and their permissions

2

Manage AWS IAM roles

and their permissions

1

Manage AWS IAM users

and their access

69copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Authentication

AWS Management Console User Name and Password

IAM User

70copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Access Key ID AKIAIOSFODNN7EXAMPLE

Secret Access Key wJalrXUtnFEMIK7MDENGbPxRfiCYEXAMPLEKEY

Java Python NET

AWS SDK amp APIAWS CLI

Authentication

AWS CLI or SDK API Access Key and Secret Key

IAM User

71copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM User Management - Groups

User D

DevOps Group

User C

AWS Account

TestDev Group

User BUser A

72copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authorization

Authorization

Policies

Are JSON documents to

describe permissions

Are assigned to Users

Groups or Roles

IAM User IAM Group

IAM Roles

73copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Elements

Version 2012-10-17

Statement [

Sid Stmt1453690971587

Action [

ec2Describe

ec2StartInstances

ec2StopInstancesrdquo

]

Effect Allow

Resource

Condition

IpAddress

awsSourceIp 5464346532rdquo

Sid Stmt1453690998327

Action [

s3GetObjectrdquo

]

Effect Allow

Resource arnawss3example_bucketrdquo

]

IAM Policy

74copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

Assigned Assigned

IAM Policy

75copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

76copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Roles

An IAM role uses a policy

An IAM role has no associated credentials

IAM users applications and services may assume IAM

roles

IAM Roles

77copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

IAM User

Assumed Assumed

AWS Resources

78copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Access to AWS Resources

Python application hosted on an Amazon EC2 Instance

needs to interact with Amazon S3

AWS credentials are required

Option 1 Store AWS Credentials on the Amazon EC2 instance

Option 2 Securely distribute AWS credentials to AWS Services

and Applications

IAM Roles

79copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Authentication

AWS IAM Application

No Support No Support

OS

80copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication and Authorization

Authentication

AWS Management Console

bull User Name and Password

AWS CLI or SDK API

bull Access Key and Secret Key

Authorization

Policies

IAM User IAM Group

IAM Roles

81copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices

Delete AWS account (root) access keys

Create individual IAM users

Use groups to assign permissions to IAM users

Grant least privilege

Configure a strong password policy

Enable MFA for privileged users

82copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices (cont)

Use roles for applications that run on Amazon EC2

instances

Delegate by using roles instead of by sharing credentials

Rotate credentials regularly

Remove unnecessary users and credentials

Use policy conditions for extra security

Monitor activity in your AWS account

83copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Resource-Based Policies

Are an alternative to IAM and supported by some

services

Grant cross-account access to your resources

Use a principal to uniquely identify account in the policy

Supported AWS services include Amazon S3 Bucket Policy

Amazon SNS Topic Policy

Amazon SQS Queue Policy

Amazon Glacier Vault Policy

AWS OpsWorks Stack Policy

AWS Lambda Function Policy

84copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answer

Q Your web application needs to readwrite an Amazon DynamoDB table

and an Amazon S3 bucket This operation requires AWS credentials and

authorization to use AWS services What service would you use

AWS IAM Role

85copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 4

Databases

86copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SQL and NoSQL Databases

SQL NoSQL

Data Storage Rows and Columns Key-Value

Schemas Fixed Dynamic

Querying Using SQL Focused on collection of

documents

Scalability Vertical Horizontal

ISBN Title Author Format

9182932465265 Cloud Computing

Concepts

Wilson

Joe

Paperback

3142536475869 The Database

Guru

Gomez

Maria

eBook

SQL NoSQL

ISBN 9182932465265

Title ldquoCloud Computing Conceptsrdquo

Author ldquoWilson Joerdquo

Format ldquoPaperbackrdquo

87copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Data Storage Considerations

No one size fits all

Analyze your data requirements by considering

Data formats

Data size

Query frequency

Data access speed

Data retention period

88copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Managed Database Services

Compute Storage

AWS Global Infrastructure

Database

App Services

Deployment and Administration

Networking

Amazon DynamoDB

Amazon ElastiCache

Amazon RDS

Amazon Redshift

AWS Database Migration Service

89copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Relational Database Service (RDS)

Cost-efficient and resizable capacity

Manages time-consuming database

administration tasks

Access to the full capabilities of Amazon

Aurora MySQL MariaDB Microsoft SQL

Server Oracle and PostgreSQL databases

Amazon

RDS

90copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Use Case

We were able to go from

concept to delivered product

in about six months with just

a handful of engineers

Greg Scallan

Chief Architect Flipboard

rdquo

ldquoFlipboard is an online magazine

with millions of users and billions of

ldquoflipsrdquo per month

Flipboard is one of the worldrsquos first

social media magazines

Flipboard uses Amazon RDS and

its Multi-AZ capabilities to store

mission critical user data

91copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS

Simple and fast to deploy

Manages common database administrative tasks

Compatible with your applications

Fast predictable performance

Simple and fast to scale

Secure

Cost-effective

92copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

How Amazon RDS Backups Work

Automatic Backups

Restore your database to a

point in time

Are enabled by default

Let you choose a retention

period up to 35 days

Manual Snapshots

Let you build a new

database instance from a

snapshot

Are initiated by the user

Persist until the user deletes

them

Are stored in Amazon S3

93copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cross-Region Snapshots

Are a copy of a database

snapshot stored in a

different AWS Region

Provide a backup for

disaster recovery

Can be used as a base

for migration to a

different region

94copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Security

Run your DB instance in an Amazon VPC

Use IAM policies to grant access to Amazon RDS resources

Use security groups

Use Secure Socket Layer (SSL) connections with DB instances (Amazon Aurora Oracle MySQL MariaDB PostgreSQL Microsoft SQL Server)

Use Amazon RDS encryption to secure your RDS instances and snapshots at rest

Use network encryption and transparent data encryption (TDE) with Oracle DB and Microsoft SQL Server instances

Use the security features of your DB engine to control access to your DB instance

95copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

A Resilient Durable Application Architecture

Amazon RDS database

instances

Master and Multi-AZ standby

Application in Amazon

EC2 instances

Elastic Load Balancing

load balancer instance

DB snapshots in

Amazon S3

96copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Best Practices

Monitor your memory CPU and storage usage

Use Multi-AZ deployments to automatically provision and maintain a synchronous standby in a different Availability Zone

Enable automatic backups

Set the backup window to occur during the daily low in WriteIOPS

To increase the IO capacity of a DB instance Migrate to a DB instance class with high IO capacity

Convert from standard storage to provisioned IOPS storage and use a DB instance class optimized for provisioned IOPS

Provision additional throughput capacity (if using provisioned IOPS storage)

If your client application is caching the DNS data of your DB instances set a TTL of less than 30 seconds

Test failover for your DB instance

97copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon DynamoDB

Store any amount of data with no limits

Fast predictable performance using SSDs

Easily provision and change the request

capacity needed for each table

Fully managed NoSQL database serviceAmazon

DynamoDB

98copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Use Case

AdRoll an online advertising platform serves 50

billion impressions a day worldwide with its

global retargeting platforms

We spend more on snacks

than we do on Amazon

DynamoDB

Valentino Volonghi

CTO Adroll

rdquo

ldquoAdroll Uses AWS to grow by more than

15000 in a year

Needed high-performance flexible

platform to swiftly sync data for

worldwide audience

Processes 50 TB of data a day

Serves 50 billion impressions a day

Stores 15 PB of data

Worldwide deployment minimizes

latency

99copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Data Model

Table

MusicItems

Attributes (name-value pairs)

Artist Song

Title

Album

Title

Year Genre

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 35: AWSome Day Cork | Technical Track

35copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Facts

Able to store an unlimited number of objects in a bucket

Objects up to 5 TB no bucket size limit

Designed for 99999999999 durability and 9999 availability of

objects over a given year

HTTPS endpoint to store and retrieve any amount of data at any

time from anywhere on the web

Highly scalable reliable fast and inexpensive

Optional server-side encryption using AWS or customer-

managed provided client-side encryption

Access logs for auditing

Provides standards-based REST and SOAP interfaces

36copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Common Use Scenarios

Storage and Backup

Application File Hosting

Media Hosting

Software Delivery

Store AMIs and Snapshots

37copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Concepts

Amazon S3 stores data as objects

within buckets

An object is composed of a file and

optionally any metadata that

describes that file

You can have up to 100 buckets in

each account

You can control access to the

bucket and its objects

Amazon

S3

Bucket

with

Objects

Bucket

Object

38copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Object Keys

An object key is the unique identifier for an object in a

bucket

httpdocs3amazonawscom2006-03-01AmazonS3html

Bucket ObjectKey

39copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Security

You can control access to buckets and objects with

Access Control Lists (ACLs)

Bucket policies

Identity and Access Management (IAM) policies

You can upload or download data to Amazon S3 via SSL

encrypted endpoints

You can encrypt data using AWS SDKs

40copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Versioning

Protects from accidental overwrites and deletes with

no performance penalty

Generates a new version with every upload

Allows easily retrieval of deleted objects or roll back

to previous versions

Three states of an Amazon S3 bucket

Un-versioned (default)

Versioning-enabled

Versioning-suspendedVersioning Enabled

Key photogif

ID 121212

Key photogif

ID 111111

41copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Object Lifecycle

Lifecycle management defines how Amazon S3 manages

objects during their lifetime Some objects that you store in an

Amazon S3 bucket might have a well-defined lifecycle

Log files

Archive documents

Digital media archives

Financial and healthcare records

Raw genomics sequence data

Long-term database backups

Data that must be retained for regulatory compliance

42copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Glacier

Long term low-cost archiving service

Optimal for infrequently accessed data

Designed for 99999999999 durability

3-5 hours retrieval time

Less than $001 per GB month (depending on region)

43copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 + Amazon Glacier

S3 Lifecycle policies allow you to delete or move

objects based on age and set rules per S3 bucket

bucket with

objects

30 Days

Glacier

archive

365 Days

44copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Region Considerations

Amazon S3 creates a bucket in the region you

select

You can choose a region to

Optimize latency

Minimize costs

Address regulatory requirements

Objects stored in a region never leave the region

unless you explicitly transfer them to another

region

45copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Storage Classes

Storage Class Durability Availability Other Considerations

Amazon S3

Standard

99999999999 9999 None

Amazon S3

Standard -

Infrequent

Access (IA)

99999999999 9999 bull Retrieval fee associated

with objects

bull Most suitable for

infrequently accessed

data

Glacier 99999999999 9999 (after you

restore objects)

bull Not available for real-time

access

bull Must restore objects

before you can access

them

46copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Elastic Block Store (EBS)

Persistent block level storage volumes

offering consistent and low-latency performance

Automatically replicated within its Availability

Zone

Snapshots stored durably in Amazon S3 Amazon

EBS

47copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS Lifecycle

Vast amounts of

unused space Create

Call CreateVolume

1 GB to 16 TB

Attach

Call AttachVolume to affiliate with

one Amazon EC2 instance

Attached

and

In Use

bull Format from Amazon EC2

instance OS

bull Mount formatted drive

CreateSnapshotSnapshot to

Amazon S3Detach

Call DetachVolume

Deleted

Call DeleteVolume

48copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS Facts

You can create

EBS Magnetic volumes from 1 GiB to 1 TiB in size

EBS General Purpose (SSD) and Provisioned IOPS (SSD)

volumes up to 16 TiB in size

You can use encrypted EBS volumes to meet a wide

range of data at-rest encryption requirements for

regulatedaudited data and applications

You can create point-in-time snapshots of EBS volumes

which are persisted to Amazon S3

49copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS and Amazon S3

Amazon EBS Amazon S3

Paradigm Block storage with file system Object store

Performance Very fast Fast

Redundancy Across multiple servers in an

Availability Zone

Across multiple facilities in a Region

Security EBS Encryption ndash Data volumes

and Snapshots

Encryption

Access from the

Internet

No (1) Yes (2)

Typical use case It is a disk drive Online storage

(1) Accessible from the Internet if mounted to server and set up as FTP etc

(2) Only with proper credentials unless ACLs are world-readable

50copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Instance Storage

Local complimentary direct attached block storage resource

Availability number of disks and size is based on EC2

instance type

Storage optimized instances for up to 365000 Read IOPS

and 315000 First Write IOPS

SSD or magnetic

No persistence

All data is automatically deleted when an EC2 instance stops

fails or is terminated

51copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Reboot vs Stop vs Terminate

Characteristic Reboot StopStart (EBS-backed instances only)

Terminate

Host computer The instance stays on the

same host computer

The instance runs on a new

host computer

NA

Private and public

IP addresses

Stay the same Instance keeps its private IP

address and gets a new public

IP address

NA

Elastic IP addresses

(EIP)

EIP remains associated with

the instance

EIP remains associated with the

instance

The EIP is disassociated from the

instance

Instance store

volumes

The data is preserved The data is erased The data is erased

EBS volume The volume is preserved The volume is preserved The volume is deleted by default

Billing Instance billing hour doesnrsquot

change

You stop incurring charges as

soon as state is changed to

stopping

You stop incurring charges as

soon as state is changed to

shutting-down

52copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instructor Demo

Amazon S3

53copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Networking

Amazon VPC

54copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

Provision a private isolated virtual network

on the AWS cloud

Have complete control over your virtual

networking environmentAmazon

VPC

55copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

VPCs and Subnets

A subnet defines a range of IP addresses in your VPC

You can launch AWS resources into a subnet that you select

A private subnet should be used for resources that wonrsquot be accessible over the Internet

A public subnet should be used for resources that will be accessed over the Internet

Each subnet must reside entirely within one Availability Zone and cannot span zones

56copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon VPC Example

Availability Zone A

Virtual Private Cloud

AWS Cloud

Public Subnet

Internet

Virtual Private Cloud

Availability Zone B

Private Subnet

Availability Zone C

VPN Only Subnet

DB Server DB Server

App Server

DB Server DB Server

DB Server

Web Server Web Server

NAT

Customer

Network

R

57copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security in Your VPC

Security groups

Network access

control lists

(ACLs) Subnet

1000024Subnet

1001024

Internet GatewayVPN Gateway

VPC Router

1000016

Security Group Security

Group

Security

Group

Network ACL Network ACL

Routing Table Routing Table

instance instance instance instance

58copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answers

Q What AWS service would help support your web application to offload serving static assets and store user uploaded images and video off-instance

Q How would you find out the private and public IP addresses for an EC2 instance

Q What acts as an additional layer of security at the subnet level in a VPC

True or False S3 Provides unlimited storageTrue

Retrieve the instance metadata http169254169254latestmeta-data

Amazon S3

Network ACLs

59copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 3

Security Identity and Access

Management

60copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Shared Responsibility ndash AWS

AW

S

Client-side Data Encryption

and Data Integrity

Authentication

Server-side Encryption

(File System andor Data)Network Traffic Protection

(EncryptionIntegrityIdentity)

Platform Applications Identity and Access Management

Operating System Network and Firewall Configuration

Customer DataC

usto

mer

Foundation Services

Compute Storage Database Network

AWS Global

Infrastructure Regions

Availability Zones Edge

Locations

61copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Physical Security

247 trained security staff

AWS data centers in nondescript and undisclosed facilities

Two-factor authentication for authorized staff

Authorization for data center access

62copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Hardware Software and Network

Automated change-control process

Bastion servers that record all access attempts

Firewall and other boundary devices

AWS monitoring tools

63copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Certifications and Accreditations

ISO 9001 ISO 27001 ISO 27017 ISO 27018 IRAP (Australia) MLPS Level 3 (China)

MTCS Tier 3 Certification (Singapore) and more hellip

64copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SSL Endpoints

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

SSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

SSL Endpoints

65copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security Groups

SSL Endpoints Security Groups

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

66copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

VPCSSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

67copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Multi-Tier Security Groups

HTTP

SSHRDP

Ports 80 and 443 only

open to the Internet

Engineering staff have SSHRDP

access to Bastion Host

All other internet ports blocked by default

Bastion

68copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Identity and Access Management (IAM)

AWS IAM

3

Manage federated users

and their permissions

2

Manage AWS IAM roles

and their permissions

1

Manage AWS IAM users

and their access

69copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Authentication

AWS Management Console User Name and Password

IAM User

70copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Access Key ID AKIAIOSFODNN7EXAMPLE

Secret Access Key wJalrXUtnFEMIK7MDENGbPxRfiCYEXAMPLEKEY

Java Python NET

AWS SDK amp APIAWS CLI

Authentication

AWS CLI or SDK API Access Key and Secret Key

IAM User

71copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM User Management - Groups

User D

DevOps Group

User C

AWS Account

TestDev Group

User BUser A

72copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authorization

Authorization

Policies

Are JSON documents to

describe permissions

Are assigned to Users

Groups or Roles

IAM User IAM Group

IAM Roles

73copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Elements

Version 2012-10-17

Statement [

Sid Stmt1453690971587

Action [

ec2Describe

ec2StartInstances

ec2StopInstancesrdquo

]

Effect Allow

Resource

Condition

IpAddress

awsSourceIp 5464346532rdquo

Sid Stmt1453690998327

Action [

s3GetObjectrdquo

]

Effect Allow

Resource arnawss3example_bucketrdquo

]

IAM Policy

74copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

Assigned Assigned

IAM Policy

75copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

76copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Roles

An IAM role uses a policy

An IAM role has no associated credentials

IAM users applications and services may assume IAM

roles

IAM Roles

77copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

IAM User

Assumed Assumed

AWS Resources

78copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Access to AWS Resources

Python application hosted on an Amazon EC2 Instance

needs to interact with Amazon S3

AWS credentials are required

Option 1 Store AWS Credentials on the Amazon EC2 instance

Option 2 Securely distribute AWS credentials to AWS Services

and Applications

IAM Roles

79copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Authentication

AWS IAM Application

No Support No Support

OS

80copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication and Authorization

Authentication

AWS Management Console

bull User Name and Password

AWS CLI or SDK API

bull Access Key and Secret Key

Authorization

Policies

IAM User IAM Group

IAM Roles

81copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices

Delete AWS account (root) access keys

Create individual IAM users

Use groups to assign permissions to IAM users

Grant least privilege

Configure a strong password policy

Enable MFA for privileged users

82copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices (cont)

Use roles for applications that run on Amazon EC2

instances

Delegate by using roles instead of by sharing credentials

Rotate credentials regularly

Remove unnecessary users and credentials

Use policy conditions for extra security

Monitor activity in your AWS account

83copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Resource-Based Policies

Are an alternative to IAM and supported by some

services

Grant cross-account access to your resources

Use a principal to uniquely identify account in the policy

Supported AWS services include Amazon S3 Bucket Policy

Amazon SNS Topic Policy

Amazon SQS Queue Policy

Amazon Glacier Vault Policy

AWS OpsWorks Stack Policy

AWS Lambda Function Policy

84copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answer

Q Your web application needs to readwrite an Amazon DynamoDB table

and an Amazon S3 bucket This operation requires AWS credentials and

authorization to use AWS services What service would you use

AWS IAM Role

85copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 4

Databases

86copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SQL and NoSQL Databases

SQL NoSQL

Data Storage Rows and Columns Key-Value

Schemas Fixed Dynamic

Querying Using SQL Focused on collection of

documents

Scalability Vertical Horizontal

ISBN Title Author Format

9182932465265 Cloud Computing

Concepts

Wilson

Joe

Paperback

3142536475869 The Database

Guru

Gomez

Maria

eBook

SQL NoSQL

ISBN 9182932465265

Title ldquoCloud Computing Conceptsrdquo

Author ldquoWilson Joerdquo

Format ldquoPaperbackrdquo

87copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Data Storage Considerations

No one size fits all

Analyze your data requirements by considering

Data formats

Data size

Query frequency

Data access speed

Data retention period

88copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Managed Database Services

Compute Storage

AWS Global Infrastructure

Database

App Services

Deployment and Administration

Networking

Amazon DynamoDB

Amazon ElastiCache

Amazon RDS

Amazon Redshift

AWS Database Migration Service

89copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Relational Database Service (RDS)

Cost-efficient and resizable capacity

Manages time-consuming database

administration tasks

Access to the full capabilities of Amazon

Aurora MySQL MariaDB Microsoft SQL

Server Oracle and PostgreSQL databases

Amazon

RDS

90copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Use Case

We were able to go from

concept to delivered product

in about six months with just

a handful of engineers

Greg Scallan

Chief Architect Flipboard

rdquo

ldquoFlipboard is an online magazine

with millions of users and billions of

ldquoflipsrdquo per month

Flipboard is one of the worldrsquos first

social media magazines

Flipboard uses Amazon RDS and

its Multi-AZ capabilities to store

mission critical user data

91copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS

Simple and fast to deploy

Manages common database administrative tasks

Compatible with your applications

Fast predictable performance

Simple and fast to scale

Secure

Cost-effective

92copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

How Amazon RDS Backups Work

Automatic Backups

Restore your database to a

point in time

Are enabled by default

Let you choose a retention

period up to 35 days

Manual Snapshots

Let you build a new

database instance from a

snapshot

Are initiated by the user

Persist until the user deletes

them

Are stored in Amazon S3

93copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cross-Region Snapshots

Are a copy of a database

snapshot stored in a

different AWS Region

Provide a backup for

disaster recovery

Can be used as a base

for migration to a

different region

94copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Security

Run your DB instance in an Amazon VPC

Use IAM policies to grant access to Amazon RDS resources

Use security groups

Use Secure Socket Layer (SSL) connections with DB instances (Amazon Aurora Oracle MySQL MariaDB PostgreSQL Microsoft SQL Server)

Use Amazon RDS encryption to secure your RDS instances and snapshots at rest

Use network encryption and transparent data encryption (TDE) with Oracle DB and Microsoft SQL Server instances

Use the security features of your DB engine to control access to your DB instance

95copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

A Resilient Durable Application Architecture

Amazon RDS database

instances

Master and Multi-AZ standby

Application in Amazon

EC2 instances

Elastic Load Balancing

load balancer instance

DB snapshots in

Amazon S3

96copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Best Practices

Monitor your memory CPU and storage usage

Use Multi-AZ deployments to automatically provision and maintain a synchronous standby in a different Availability Zone

Enable automatic backups

Set the backup window to occur during the daily low in WriteIOPS

To increase the IO capacity of a DB instance Migrate to a DB instance class with high IO capacity

Convert from standard storage to provisioned IOPS storage and use a DB instance class optimized for provisioned IOPS

Provision additional throughput capacity (if using provisioned IOPS storage)

If your client application is caching the DNS data of your DB instances set a TTL of less than 30 seconds

Test failover for your DB instance

97copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon DynamoDB

Store any amount of data with no limits

Fast predictable performance using SSDs

Easily provision and change the request

capacity needed for each table

Fully managed NoSQL database serviceAmazon

DynamoDB

98copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Use Case

AdRoll an online advertising platform serves 50

billion impressions a day worldwide with its

global retargeting platforms

We spend more on snacks

than we do on Amazon

DynamoDB

Valentino Volonghi

CTO Adroll

rdquo

ldquoAdroll Uses AWS to grow by more than

15000 in a year

Needed high-performance flexible

platform to swiftly sync data for

worldwide audience

Processes 50 TB of data a day

Serves 50 billion impressions a day

Stores 15 PB of data

Worldwide deployment minimizes

latency

99copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Data Model

Table

MusicItems

Attributes (name-value pairs)

Artist Song

Title

Album

Title

Year Genre

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 36: AWSome Day Cork | Technical Track

36copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Common Use Scenarios

Storage and Backup

Application File Hosting

Media Hosting

Software Delivery

Store AMIs and Snapshots

37copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Concepts

Amazon S3 stores data as objects

within buckets

An object is composed of a file and

optionally any metadata that

describes that file

You can have up to 100 buckets in

each account

You can control access to the

bucket and its objects

Amazon

S3

Bucket

with

Objects

Bucket

Object

38copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Object Keys

An object key is the unique identifier for an object in a

bucket

httpdocs3amazonawscom2006-03-01AmazonS3html

Bucket ObjectKey

39copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Security

You can control access to buckets and objects with

Access Control Lists (ACLs)

Bucket policies

Identity and Access Management (IAM) policies

You can upload or download data to Amazon S3 via SSL

encrypted endpoints

You can encrypt data using AWS SDKs

40copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Versioning

Protects from accidental overwrites and deletes with

no performance penalty

Generates a new version with every upload

Allows easily retrieval of deleted objects or roll back

to previous versions

Three states of an Amazon S3 bucket

Un-versioned (default)

Versioning-enabled

Versioning-suspendedVersioning Enabled

Key photogif

ID 121212

Key photogif

ID 111111

41copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Object Lifecycle

Lifecycle management defines how Amazon S3 manages

objects during their lifetime Some objects that you store in an

Amazon S3 bucket might have a well-defined lifecycle

Log files

Archive documents

Digital media archives

Financial and healthcare records

Raw genomics sequence data

Long-term database backups

Data that must be retained for regulatory compliance

42copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Glacier

Long term low-cost archiving service

Optimal for infrequently accessed data

Designed for 99999999999 durability

3-5 hours retrieval time

Less than $001 per GB month (depending on region)

43copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 + Amazon Glacier

S3 Lifecycle policies allow you to delete or move

objects based on age and set rules per S3 bucket

bucket with

objects

30 Days

Glacier

archive

365 Days

44copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Region Considerations

Amazon S3 creates a bucket in the region you

select

You can choose a region to

Optimize latency

Minimize costs

Address regulatory requirements

Objects stored in a region never leave the region

unless you explicitly transfer them to another

region

45copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Storage Classes

Storage Class Durability Availability Other Considerations

Amazon S3

Standard

99999999999 9999 None

Amazon S3

Standard -

Infrequent

Access (IA)

99999999999 9999 bull Retrieval fee associated

with objects

bull Most suitable for

infrequently accessed

data

Glacier 99999999999 9999 (after you

restore objects)

bull Not available for real-time

access

bull Must restore objects

before you can access

them

46copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Elastic Block Store (EBS)

Persistent block level storage volumes

offering consistent and low-latency performance

Automatically replicated within its Availability

Zone

Snapshots stored durably in Amazon S3 Amazon

EBS

47copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS Lifecycle

Vast amounts of

unused space Create

Call CreateVolume

1 GB to 16 TB

Attach

Call AttachVolume to affiliate with

one Amazon EC2 instance

Attached

and

In Use

bull Format from Amazon EC2

instance OS

bull Mount formatted drive

CreateSnapshotSnapshot to

Amazon S3Detach

Call DetachVolume

Deleted

Call DeleteVolume

48copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS Facts

You can create

EBS Magnetic volumes from 1 GiB to 1 TiB in size

EBS General Purpose (SSD) and Provisioned IOPS (SSD)

volumes up to 16 TiB in size

You can use encrypted EBS volumes to meet a wide

range of data at-rest encryption requirements for

regulatedaudited data and applications

You can create point-in-time snapshots of EBS volumes

which are persisted to Amazon S3

49copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS and Amazon S3

Amazon EBS Amazon S3

Paradigm Block storage with file system Object store

Performance Very fast Fast

Redundancy Across multiple servers in an

Availability Zone

Across multiple facilities in a Region

Security EBS Encryption ndash Data volumes

and Snapshots

Encryption

Access from the

Internet

No (1) Yes (2)

Typical use case It is a disk drive Online storage

(1) Accessible from the Internet if mounted to server and set up as FTP etc

(2) Only with proper credentials unless ACLs are world-readable

50copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Instance Storage

Local complimentary direct attached block storage resource

Availability number of disks and size is based on EC2

instance type

Storage optimized instances for up to 365000 Read IOPS

and 315000 First Write IOPS

SSD or magnetic

No persistence

All data is automatically deleted when an EC2 instance stops

fails or is terminated

51copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Reboot vs Stop vs Terminate

Characteristic Reboot StopStart (EBS-backed instances only)

Terminate

Host computer The instance stays on the

same host computer

The instance runs on a new

host computer

NA

Private and public

IP addresses

Stay the same Instance keeps its private IP

address and gets a new public

IP address

NA

Elastic IP addresses

(EIP)

EIP remains associated with

the instance

EIP remains associated with the

instance

The EIP is disassociated from the

instance

Instance store

volumes

The data is preserved The data is erased The data is erased

EBS volume The volume is preserved The volume is preserved The volume is deleted by default

Billing Instance billing hour doesnrsquot

change

You stop incurring charges as

soon as state is changed to

stopping

You stop incurring charges as

soon as state is changed to

shutting-down

52copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instructor Demo

Amazon S3

53copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Networking

Amazon VPC

54copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

Provision a private isolated virtual network

on the AWS cloud

Have complete control over your virtual

networking environmentAmazon

VPC

55copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

VPCs and Subnets

A subnet defines a range of IP addresses in your VPC

You can launch AWS resources into a subnet that you select

A private subnet should be used for resources that wonrsquot be accessible over the Internet

A public subnet should be used for resources that will be accessed over the Internet

Each subnet must reside entirely within one Availability Zone and cannot span zones

56copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon VPC Example

Availability Zone A

Virtual Private Cloud

AWS Cloud

Public Subnet

Internet

Virtual Private Cloud

Availability Zone B

Private Subnet

Availability Zone C

VPN Only Subnet

DB Server DB Server

App Server

DB Server DB Server

DB Server

Web Server Web Server

NAT

Customer

Network

R

57copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security in Your VPC

Security groups

Network access

control lists

(ACLs) Subnet

1000024Subnet

1001024

Internet GatewayVPN Gateway

VPC Router

1000016

Security Group Security

Group

Security

Group

Network ACL Network ACL

Routing Table Routing Table

instance instance instance instance

58copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answers

Q What AWS service would help support your web application to offload serving static assets and store user uploaded images and video off-instance

Q How would you find out the private and public IP addresses for an EC2 instance

Q What acts as an additional layer of security at the subnet level in a VPC

True or False S3 Provides unlimited storageTrue

Retrieve the instance metadata http169254169254latestmeta-data

Amazon S3

Network ACLs

59copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 3

Security Identity and Access

Management

60copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Shared Responsibility ndash AWS

AW

S

Client-side Data Encryption

and Data Integrity

Authentication

Server-side Encryption

(File System andor Data)Network Traffic Protection

(EncryptionIntegrityIdentity)

Platform Applications Identity and Access Management

Operating System Network and Firewall Configuration

Customer DataC

usto

mer

Foundation Services

Compute Storage Database Network

AWS Global

Infrastructure Regions

Availability Zones Edge

Locations

61copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Physical Security

247 trained security staff

AWS data centers in nondescript and undisclosed facilities

Two-factor authentication for authorized staff

Authorization for data center access

62copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Hardware Software and Network

Automated change-control process

Bastion servers that record all access attempts

Firewall and other boundary devices

AWS monitoring tools

63copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Certifications and Accreditations

ISO 9001 ISO 27001 ISO 27017 ISO 27018 IRAP (Australia) MLPS Level 3 (China)

MTCS Tier 3 Certification (Singapore) and more hellip

64copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SSL Endpoints

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

SSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

SSL Endpoints

65copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security Groups

SSL Endpoints Security Groups

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

66copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

VPCSSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

67copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Multi-Tier Security Groups

HTTP

SSHRDP

Ports 80 and 443 only

open to the Internet

Engineering staff have SSHRDP

access to Bastion Host

All other internet ports blocked by default

Bastion

68copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Identity and Access Management (IAM)

AWS IAM

3

Manage federated users

and their permissions

2

Manage AWS IAM roles

and their permissions

1

Manage AWS IAM users

and their access

69copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Authentication

AWS Management Console User Name and Password

IAM User

70copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Access Key ID AKIAIOSFODNN7EXAMPLE

Secret Access Key wJalrXUtnFEMIK7MDENGbPxRfiCYEXAMPLEKEY

Java Python NET

AWS SDK amp APIAWS CLI

Authentication

AWS CLI or SDK API Access Key and Secret Key

IAM User

71copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM User Management - Groups

User D

DevOps Group

User C

AWS Account

TestDev Group

User BUser A

72copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authorization

Authorization

Policies

Are JSON documents to

describe permissions

Are assigned to Users

Groups or Roles

IAM User IAM Group

IAM Roles

73copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Elements

Version 2012-10-17

Statement [

Sid Stmt1453690971587

Action [

ec2Describe

ec2StartInstances

ec2StopInstancesrdquo

]

Effect Allow

Resource

Condition

IpAddress

awsSourceIp 5464346532rdquo

Sid Stmt1453690998327

Action [

s3GetObjectrdquo

]

Effect Allow

Resource arnawss3example_bucketrdquo

]

IAM Policy

74copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

Assigned Assigned

IAM Policy

75copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

76copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Roles

An IAM role uses a policy

An IAM role has no associated credentials

IAM users applications and services may assume IAM

roles

IAM Roles

77copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

IAM User

Assumed Assumed

AWS Resources

78copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Access to AWS Resources

Python application hosted on an Amazon EC2 Instance

needs to interact with Amazon S3

AWS credentials are required

Option 1 Store AWS Credentials on the Amazon EC2 instance

Option 2 Securely distribute AWS credentials to AWS Services

and Applications

IAM Roles

79copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Authentication

AWS IAM Application

No Support No Support

OS

80copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication and Authorization

Authentication

AWS Management Console

bull User Name and Password

AWS CLI or SDK API

bull Access Key and Secret Key

Authorization

Policies

IAM User IAM Group

IAM Roles

81copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices

Delete AWS account (root) access keys

Create individual IAM users

Use groups to assign permissions to IAM users

Grant least privilege

Configure a strong password policy

Enable MFA for privileged users

82copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices (cont)

Use roles for applications that run on Amazon EC2

instances

Delegate by using roles instead of by sharing credentials

Rotate credentials regularly

Remove unnecessary users and credentials

Use policy conditions for extra security

Monitor activity in your AWS account

83copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Resource-Based Policies

Are an alternative to IAM and supported by some

services

Grant cross-account access to your resources

Use a principal to uniquely identify account in the policy

Supported AWS services include Amazon S3 Bucket Policy

Amazon SNS Topic Policy

Amazon SQS Queue Policy

Amazon Glacier Vault Policy

AWS OpsWorks Stack Policy

AWS Lambda Function Policy

84copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answer

Q Your web application needs to readwrite an Amazon DynamoDB table

and an Amazon S3 bucket This operation requires AWS credentials and

authorization to use AWS services What service would you use

AWS IAM Role

85copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 4

Databases

86copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SQL and NoSQL Databases

SQL NoSQL

Data Storage Rows and Columns Key-Value

Schemas Fixed Dynamic

Querying Using SQL Focused on collection of

documents

Scalability Vertical Horizontal

ISBN Title Author Format

9182932465265 Cloud Computing

Concepts

Wilson

Joe

Paperback

3142536475869 The Database

Guru

Gomez

Maria

eBook

SQL NoSQL

ISBN 9182932465265

Title ldquoCloud Computing Conceptsrdquo

Author ldquoWilson Joerdquo

Format ldquoPaperbackrdquo

87copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Data Storage Considerations

No one size fits all

Analyze your data requirements by considering

Data formats

Data size

Query frequency

Data access speed

Data retention period

88copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Managed Database Services

Compute Storage

AWS Global Infrastructure

Database

App Services

Deployment and Administration

Networking

Amazon DynamoDB

Amazon ElastiCache

Amazon RDS

Amazon Redshift

AWS Database Migration Service

89copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Relational Database Service (RDS)

Cost-efficient and resizable capacity

Manages time-consuming database

administration tasks

Access to the full capabilities of Amazon

Aurora MySQL MariaDB Microsoft SQL

Server Oracle and PostgreSQL databases

Amazon

RDS

90copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Use Case

We were able to go from

concept to delivered product

in about six months with just

a handful of engineers

Greg Scallan

Chief Architect Flipboard

rdquo

ldquoFlipboard is an online magazine

with millions of users and billions of

ldquoflipsrdquo per month

Flipboard is one of the worldrsquos first

social media magazines

Flipboard uses Amazon RDS and

its Multi-AZ capabilities to store

mission critical user data

91copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS

Simple and fast to deploy

Manages common database administrative tasks

Compatible with your applications

Fast predictable performance

Simple and fast to scale

Secure

Cost-effective

92copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

How Amazon RDS Backups Work

Automatic Backups

Restore your database to a

point in time

Are enabled by default

Let you choose a retention

period up to 35 days

Manual Snapshots

Let you build a new

database instance from a

snapshot

Are initiated by the user

Persist until the user deletes

them

Are stored in Amazon S3

93copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cross-Region Snapshots

Are a copy of a database

snapshot stored in a

different AWS Region

Provide a backup for

disaster recovery

Can be used as a base

for migration to a

different region

94copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Security

Run your DB instance in an Amazon VPC

Use IAM policies to grant access to Amazon RDS resources

Use security groups

Use Secure Socket Layer (SSL) connections with DB instances (Amazon Aurora Oracle MySQL MariaDB PostgreSQL Microsoft SQL Server)

Use Amazon RDS encryption to secure your RDS instances and snapshots at rest

Use network encryption and transparent data encryption (TDE) with Oracle DB and Microsoft SQL Server instances

Use the security features of your DB engine to control access to your DB instance

95copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

A Resilient Durable Application Architecture

Amazon RDS database

instances

Master and Multi-AZ standby

Application in Amazon

EC2 instances

Elastic Load Balancing

load balancer instance

DB snapshots in

Amazon S3

96copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Best Practices

Monitor your memory CPU and storage usage

Use Multi-AZ deployments to automatically provision and maintain a synchronous standby in a different Availability Zone

Enable automatic backups

Set the backup window to occur during the daily low in WriteIOPS

To increase the IO capacity of a DB instance Migrate to a DB instance class with high IO capacity

Convert from standard storage to provisioned IOPS storage and use a DB instance class optimized for provisioned IOPS

Provision additional throughput capacity (if using provisioned IOPS storage)

If your client application is caching the DNS data of your DB instances set a TTL of less than 30 seconds

Test failover for your DB instance

97copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon DynamoDB

Store any amount of data with no limits

Fast predictable performance using SSDs

Easily provision and change the request

capacity needed for each table

Fully managed NoSQL database serviceAmazon

DynamoDB

98copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Use Case

AdRoll an online advertising platform serves 50

billion impressions a day worldwide with its

global retargeting platforms

We spend more on snacks

than we do on Amazon

DynamoDB

Valentino Volonghi

CTO Adroll

rdquo

ldquoAdroll Uses AWS to grow by more than

15000 in a year

Needed high-performance flexible

platform to swiftly sync data for

worldwide audience

Processes 50 TB of data a day

Serves 50 billion impressions a day

Stores 15 PB of data

Worldwide deployment minimizes

latency

99copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Data Model

Table

MusicItems

Attributes (name-value pairs)

Artist Song

Title

Album

Title

Year Genre

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 37: AWSome Day Cork | Technical Track

37copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Concepts

Amazon S3 stores data as objects

within buckets

An object is composed of a file and

optionally any metadata that

describes that file

You can have up to 100 buckets in

each account

You can control access to the

bucket and its objects

Amazon

S3

Bucket

with

Objects

Bucket

Object

38copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Object Keys

An object key is the unique identifier for an object in a

bucket

httpdocs3amazonawscom2006-03-01AmazonS3html

Bucket ObjectKey

39copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Security

You can control access to buckets and objects with

Access Control Lists (ACLs)

Bucket policies

Identity and Access Management (IAM) policies

You can upload or download data to Amazon S3 via SSL

encrypted endpoints

You can encrypt data using AWS SDKs

40copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Versioning

Protects from accidental overwrites and deletes with

no performance penalty

Generates a new version with every upload

Allows easily retrieval of deleted objects or roll back

to previous versions

Three states of an Amazon S3 bucket

Un-versioned (default)

Versioning-enabled

Versioning-suspendedVersioning Enabled

Key photogif

ID 121212

Key photogif

ID 111111

41copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Object Lifecycle

Lifecycle management defines how Amazon S3 manages

objects during their lifetime Some objects that you store in an

Amazon S3 bucket might have a well-defined lifecycle

Log files

Archive documents

Digital media archives

Financial and healthcare records

Raw genomics sequence data

Long-term database backups

Data that must be retained for regulatory compliance

42copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Glacier

Long term low-cost archiving service

Optimal for infrequently accessed data

Designed for 99999999999 durability

3-5 hours retrieval time

Less than $001 per GB month (depending on region)

43copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 + Amazon Glacier

S3 Lifecycle policies allow you to delete or move

objects based on age and set rules per S3 bucket

bucket with

objects

30 Days

Glacier

archive

365 Days

44copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Region Considerations

Amazon S3 creates a bucket in the region you

select

You can choose a region to

Optimize latency

Minimize costs

Address regulatory requirements

Objects stored in a region never leave the region

unless you explicitly transfer them to another

region

45copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Storage Classes

Storage Class Durability Availability Other Considerations

Amazon S3

Standard

99999999999 9999 None

Amazon S3

Standard -

Infrequent

Access (IA)

99999999999 9999 bull Retrieval fee associated

with objects

bull Most suitable for

infrequently accessed

data

Glacier 99999999999 9999 (after you

restore objects)

bull Not available for real-time

access

bull Must restore objects

before you can access

them

46copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Elastic Block Store (EBS)

Persistent block level storage volumes

offering consistent and low-latency performance

Automatically replicated within its Availability

Zone

Snapshots stored durably in Amazon S3 Amazon

EBS

47copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS Lifecycle

Vast amounts of

unused space Create

Call CreateVolume

1 GB to 16 TB

Attach

Call AttachVolume to affiliate with

one Amazon EC2 instance

Attached

and

In Use

bull Format from Amazon EC2

instance OS

bull Mount formatted drive

CreateSnapshotSnapshot to

Amazon S3Detach

Call DetachVolume

Deleted

Call DeleteVolume

48copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS Facts

You can create

EBS Magnetic volumes from 1 GiB to 1 TiB in size

EBS General Purpose (SSD) and Provisioned IOPS (SSD)

volumes up to 16 TiB in size

You can use encrypted EBS volumes to meet a wide

range of data at-rest encryption requirements for

regulatedaudited data and applications

You can create point-in-time snapshots of EBS volumes

which are persisted to Amazon S3

49copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS and Amazon S3

Amazon EBS Amazon S3

Paradigm Block storage with file system Object store

Performance Very fast Fast

Redundancy Across multiple servers in an

Availability Zone

Across multiple facilities in a Region

Security EBS Encryption ndash Data volumes

and Snapshots

Encryption

Access from the

Internet

No (1) Yes (2)

Typical use case It is a disk drive Online storage

(1) Accessible from the Internet if mounted to server and set up as FTP etc

(2) Only with proper credentials unless ACLs are world-readable

50copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Instance Storage

Local complimentary direct attached block storage resource

Availability number of disks and size is based on EC2

instance type

Storage optimized instances for up to 365000 Read IOPS

and 315000 First Write IOPS

SSD or magnetic

No persistence

All data is automatically deleted when an EC2 instance stops

fails or is terminated

51copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Reboot vs Stop vs Terminate

Characteristic Reboot StopStart (EBS-backed instances only)

Terminate

Host computer The instance stays on the

same host computer

The instance runs on a new

host computer

NA

Private and public

IP addresses

Stay the same Instance keeps its private IP

address and gets a new public

IP address

NA

Elastic IP addresses

(EIP)

EIP remains associated with

the instance

EIP remains associated with the

instance

The EIP is disassociated from the

instance

Instance store

volumes

The data is preserved The data is erased The data is erased

EBS volume The volume is preserved The volume is preserved The volume is deleted by default

Billing Instance billing hour doesnrsquot

change

You stop incurring charges as

soon as state is changed to

stopping

You stop incurring charges as

soon as state is changed to

shutting-down

52copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instructor Demo

Amazon S3

53copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Networking

Amazon VPC

54copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

Provision a private isolated virtual network

on the AWS cloud

Have complete control over your virtual

networking environmentAmazon

VPC

55copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

VPCs and Subnets

A subnet defines a range of IP addresses in your VPC

You can launch AWS resources into a subnet that you select

A private subnet should be used for resources that wonrsquot be accessible over the Internet

A public subnet should be used for resources that will be accessed over the Internet

Each subnet must reside entirely within one Availability Zone and cannot span zones

56copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon VPC Example

Availability Zone A

Virtual Private Cloud

AWS Cloud

Public Subnet

Internet

Virtual Private Cloud

Availability Zone B

Private Subnet

Availability Zone C

VPN Only Subnet

DB Server DB Server

App Server

DB Server DB Server

DB Server

Web Server Web Server

NAT

Customer

Network

R

57copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security in Your VPC

Security groups

Network access

control lists

(ACLs) Subnet

1000024Subnet

1001024

Internet GatewayVPN Gateway

VPC Router

1000016

Security Group Security

Group

Security

Group

Network ACL Network ACL

Routing Table Routing Table

instance instance instance instance

58copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answers

Q What AWS service would help support your web application to offload serving static assets and store user uploaded images and video off-instance

Q How would you find out the private and public IP addresses for an EC2 instance

Q What acts as an additional layer of security at the subnet level in a VPC

True or False S3 Provides unlimited storageTrue

Retrieve the instance metadata http169254169254latestmeta-data

Amazon S3

Network ACLs

59copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 3

Security Identity and Access

Management

60copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Shared Responsibility ndash AWS

AW

S

Client-side Data Encryption

and Data Integrity

Authentication

Server-side Encryption

(File System andor Data)Network Traffic Protection

(EncryptionIntegrityIdentity)

Platform Applications Identity and Access Management

Operating System Network and Firewall Configuration

Customer DataC

usto

mer

Foundation Services

Compute Storage Database Network

AWS Global

Infrastructure Regions

Availability Zones Edge

Locations

61copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Physical Security

247 trained security staff

AWS data centers in nondescript and undisclosed facilities

Two-factor authentication for authorized staff

Authorization for data center access

62copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Hardware Software and Network

Automated change-control process

Bastion servers that record all access attempts

Firewall and other boundary devices

AWS monitoring tools

63copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Certifications and Accreditations

ISO 9001 ISO 27001 ISO 27017 ISO 27018 IRAP (Australia) MLPS Level 3 (China)

MTCS Tier 3 Certification (Singapore) and more hellip

64copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SSL Endpoints

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

SSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

SSL Endpoints

65copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security Groups

SSL Endpoints Security Groups

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

66copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

VPCSSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

67copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Multi-Tier Security Groups

HTTP

SSHRDP

Ports 80 and 443 only

open to the Internet

Engineering staff have SSHRDP

access to Bastion Host

All other internet ports blocked by default

Bastion

68copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Identity and Access Management (IAM)

AWS IAM

3

Manage federated users

and their permissions

2

Manage AWS IAM roles

and their permissions

1

Manage AWS IAM users

and their access

69copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Authentication

AWS Management Console User Name and Password

IAM User

70copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Access Key ID AKIAIOSFODNN7EXAMPLE

Secret Access Key wJalrXUtnFEMIK7MDENGbPxRfiCYEXAMPLEKEY

Java Python NET

AWS SDK amp APIAWS CLI

Authentication

AWS CLI or SDK API Access Key and Secret Key

IAM User

71copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM User Management - Groups

User D

DevOps Group

User C

AWS Account

TestDev Group

User BUser A

72copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authorization

Authorization

Policies

Are JSON documents to

describe permissions

Are assigned to Users

Groups or Roles

IAM User IAM Group

IAM Roles

73copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Elements

Version 2012-10-17

Statement [

Sid Stmt1453690971587

Action [

ec2Describe

ec2StartInstances

ec2StopInstancesrdquo

]

Effect Allow

Resource

Condition

IpAddress

awsSourceIp 5464346532rdquo

Sid Stmt1453690998327

Action [

s3GetObjectrdquo

]

Effect Allow

Resource arnawss3example_bucketrdquo

]

IAM Policy

74copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

Assigned Assigned

IAM Policy

75copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

76copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Roles

An IAM role uses a policy

An IAM role has no associated credentials

IAM users applications and services may assume IAM

roles

IAM Roles

77copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

IAM User

Assumed Assumed

AWS Resources

78copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Access to AWS Resources

Python application hosted on an Amazon EC2 Instance

needs to interact with Amazon S3

AWS credentials are required

Option 1 Store AWS Credentials on the Amazon EC2 instance

Option 2 Securely distribute AWS credentials to AWS Services

and Applications

IAM Roles

79copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Authentication

AWS IAM Application

No Support No Support

OS

80copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication and Authorization

Authentication

AWS Management Console

bull User Name and Password

AWS CLI or SDK API

bull Access Key and Secret Key

Authorization

Policies

IAM User IAM Group

IAM Roles

81copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices

Delete AWS account (root) access keys

Create individual IAM users

Use groups to assign permissions to IAM users

Grant least privilege

Configure a strong password policy

Enable MFA for privileged users

82copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices (cont)

Use roles for applications that run on Amazon EC2

instances

Delegate by using roles instead of by sharing credentials

Rotate credentials regularly

Remove unnecessary users and credentials

Use policy conditions for extra security

Monitor activity in your AWS account

83copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Resource-Based Policies

Are an alternative to IAM and supported by some

services

Grant cross-account access to your resources

Use a principal to uniquely identify account in the policy

Supported AWS services include Amazon S3 Bucket Policy

Amazon SNS Topic Policy

Amazon SQS Queue Policy

Amazon Glacier Vault Policy

AWS OpsWorks Stack Policy

AWS Lambda Function Policy

84copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answer

Q Your web application needs to readwrite an Amazon DynamoDB table

and an Amazon S3 bucket This operation requires AWS credentials and

authorization to use AWS services What service would you use

AWS IAM Role

85copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 4

Databases

86copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SQL and NoSQL Databases

SQL NoSQL

Data Storage Rows and Columns Key-Value

Schemas Fixed Dynamic

Querying Using SQL Focused on collection of

documents

Scalability Vertical Horizontal

ISBN Title Author Format

9182932465265 Cloud Computing

Concepts

Wilson

Joe

Paperback

3142536475869 The Database

Guru

Gomez

Maria

eBook

SQL NoSQL

ISBN 9182932465265

Title ldquoCloud Computing Conceptsrdquo

Author ldquoWilson Joerdquo

Format ldquoPaperbackrdquo

87copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Data Storage Considerations

No one size fits all

Analyze your data requirements by considering

Data formats

Data size

Query frequency

Data access speed

Data retention period

88copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Managed Database Services

Compute Storage

AWS Global Infrastructure

Database

App Services

Deployment and Administration

Networking

Amazon DynamoDB

Amazon ElastiCache

Amazon RDS

Amazon Redshift

AWS Database Migration Service

89copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Relational Database Service (RDS)

Cost-efficient and resizable capacity

Manages time-consuming database

administration tasks

Access to the full capabilities of Amazon

Aurora MySQL MariaDB Microsoft SQL

Server Oracle and PostgreSQL databases

Amazon

RDS

90copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Use Case

We were able to go from

concept to delivered product

in about six months with just

a handful of engineers

Greg Scallan

Chief Architect Flipboard

rdquo

ldquoFlipboard is an online magazine

with millions of users and billions of

ldquoflipsrdquo per month

Flipboard is one of the worldrsquos first

social media magazines

Flipboard uses Amazon RDS and

its Multi-AZ capabilities to store

mission critical user data

91copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS

Simple and fast to deploy

Manages common database administrative tasks

Compatible with your applications

Fast predictable performance

Simple and fast to scale

Secure

Cost-effective

92copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

How Amazon RDS Backups Work

Automatic Backups

Restore your database to a

point in time

Are enabled by default

Let you choose a retention

period up to 35 days

Manual Snapshots

Let you build a new

database instance from a

snapshot

Are initiated by the user

Persist until the user deletes

them

Are stored in Amazon S3

93copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cross-Region Snapshots

Are a copy of a database

snapshot stored in a

different AWS Region

Provide a backup for

disaster recovery

Can be used as a base

for migration to a

different region

94copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Security

Run your DB instance in an Amazon VPC

Use IAM policies to grant access to Amazon RDS resources

Use security groups

Use Secure Socket Layer (SSL) connections with DB instances (Amazon Aurora Oracle MySQL MariaDB PostgreSQL Microsoft SQL Server)

Use Amazon RDS encryption to secure your RDS instances and snapshots at rest

Use network encryption and transparent data encryption (TDE) with Oracle DB and Microsoft SQL Server instances

Use the security features of your DB engine to control access to your DB instance

95copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

A Resilient Durable Application Architecture

Amazon RDS database

instances

Master and Multi-AZ standby

Application in Amazon

EC2 instances

Elastic Load Balancing

load balancer instance

DB snapshots in

Amazon S3

96copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Best Practices

Monitor your memory CPU and storage usage

Use Multi-AZ deployments to automatically provision and maintain a synchronous standby in a different Availability Zone

Enable automatic backups

Set the backup window to occur during the daily low in WriteIOPS

To increase the IO capacity of a DB instance Migrate to a DB instance class with high IO capacity

Convert from standard storage to provisioned IOPS storage and use a DB instance class optimized for provisioned IOPS

Provision additional throughput capacity (if using provisioned IOPS storage)

If your client application is caching the DNS data of your DB instances set a TTL of less than 30 seconds

Test failover for your DB instance

97copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon DynamoDB

Store any amount of data with no limits

Fast predictable performance using SSDs

Easily provision and change the request

capacity needed for each table

Fully managed NoSQL database serviceAmazon

DynamoDB

98copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Use Case

AdRoll an online advertising platform serves 50

billion impressions a day worldwide with its

global retargeting platforms

We spend more on snacks

than we do on Amazon

DynamoDB

Valentino Volonghi

CTO Adroll

rdquo

ldquoAdroll Uses AWS to grow by more than

15000 in a year

Needed high-performance flexible

platform to swiftly sync data for

worldwide audience

Processes 50 TB of data a day

Serves 50 billion impressions a day

Stores 15 PB of data

Worldwide deployment minimizes

latency

99copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Data Model

Table

MusicItems

Attributes (name-value pairs)

Artist Song

Title

Album

Title

Year Genre

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 38: AWSome Day Cork | Technical Track

38copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Object Keys

An object key is the unique identifier for an object in a

bucket

httpdocs3amazonawscom2006-03-01AmazonS3html

Bucket ObjectKey

39copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Security

You can control access to buckets and objects with

Access Control Lists (ACLs)

Bucket policies

Identity and Access Management (IAM) policies

You can upload or download data to Amazon S3 via SSL

encrypted endpoints

You can encrypt data using AWS SDKs

40copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Versioning

Protects from accidental overwrites and deletes with

no performance penalty

Generates a new version with every upload

Allows easily retrieval of deleted objects or roll back

to previous versions

Three states of an Amazon S3 bucket

Un-versioned (default)

Versioning-enabled

Versioning-suspendedVersioning Enabled

Key photogif

ID 121212

Key photogif

ID 111111

41copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Object Lifecycle

Lifecycle management defines how Amazon S3 manages

objects during their lifetime Some objects that you store in an

Amazon S3 bucket might have a well-defined lifecycle

Log files

Archive documents

Digital media archives

Financial and healthcare records

Raw genomics sequence data

Long-term database backups

Data that must be retained for regulatory compliance

42copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Glacier

Long term low-cost archiving service

Optimal for infrequently accessed data

Designed for 99999999999 durability

3-5 hours retrieval time

Less than $001 per GB month (depending on region)

43copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 + Amazon Glacier

S3 Lifecycle policies allow you to delete or move

objects based on age and set rules per S3 bucket

bucket with

objects

30 Days

Glacier

archive

365 Days

44copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Region Considerations

Amazon S3 creates a bucket in the region you

select

You can choose a region to

Optimize latency

Minimize costs

Address regulatory requirements

Objects stored in a region never leave the region

unless you explicitly transfer them to another

region

45copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Storage Classes

Storage Class Durability Availability Other Considerations

Amazon S3

Standard

99999999999 9999 None

Amazon S3

Standard -

Infrequent

Access (IA)

99999999999 9999 bull Retrieval fee associated

with objects

bull Most suitable for

infrequently accessed

data

Glacier 99999999999 9999 (after you

restore objects)

bull Not available for real-time

access

bull Must restore objects

before you can access

them

46copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Elastic Block Store (EBS)

Persistent block level storage volumes

offering consistent and low-latency performance

Automatically replicated within its Availability

Zone

Snapshots stored durably in Amazon S3 Amazon

EBS

47copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS Lifecycle

Vast amounts of

unused space Create

Call CreateVolume

1 GB to 16 TB

Attach

Call AttachVolume to affiliate with

one Amazon EC2 instance

Attached

and

In Use

bull Format from Amazon EC2

instance OS

bull Mount formatted drive

CreateSnapshotSnapshot to

Amazon S3Detach

Call DetachVolume

Deleted

Call DeleteVolume

48copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS Facts

You can create

EBS Magnetic volumes from 1 GiB to 1 TiB in size

EBS General Purpose (SSD) and Provisioned IOPS (SSD)

volumes up to 16 TiB in size

You can use encrypted EBS volumes to meet a wide

range of data at-rest encryption requirements for

regulatedaudited data and applications

You can create point-in-time snapshots of EBS volumes

which are persisted to Amazon S3

49copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS and Amazon S3

Amazon EBS Amazon S3

Paradigm Block storage with file system Object store

Performance Very fast Fast

Redundancy Across multiple servers in an

Availability Zone

Across multiple facilities in a Region

Security EBS Encryption ndash Data volumes

and Snapshots

Encryption

Access from the

Internet

No (1) Yes (2)

Typical use case It is a disk drive Online storage

(1) Accessible from the Internet if mounted to server and set up as FTP etc

(2) Only with proper credentials unless ACLs are world-readable

50copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Instance Storage

Local complimentary direct attached block storage resource

Availability number of disks and size is based on EC2

instance type

Storage optimized instances for up to 365000 Read IOPS

and 315000 First Write IOPS

SSD or magnetic

No persistence

All data is automatically deleted when an EC2 instance stops

fails or is terminated

51copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Reboot vs Stop vs Terminate

Characteristic Reboot StopStart (EBS-backed instances only)

Terminate

Host computer The instance stays on the

same host computer

The instance runs on a new

host computer

NA

Private and public

IP addresses

Stay the same Instance keeps its private IP

address and gets a new public

IP address

NA

Elastic IP addresses

(EIP)

EIP remains associated with

the instance

EIP remains associated with the

instance

The EIP is disassociated from the

instance

Instance store

volumes

The data is preserved The data is erased The data is erased

EBS volume The volume is preserved The volume is preserved The volume is deleted by default

Billing Instance billing hour doesnrsquot

change

You stop incurring charges as

soon as state is changed to

stopping

You stop incurring charges as

soon as state is changed to

shutting-down

52copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instructor Demo

Amazon S3

53copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Networking

Amazon VPC

54copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

Provision a private isolated virtual network

on the AWS cloud

Have complete control over your virtual

networking environmentAmazon

VPC

55copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

VPCs and Subnets

A subnet defines a range of IP addresses in your VPC

You can launch AWS resources into a subnet that you select

A private subnet should be used for resources that wonrsquot be accessible over the Internet

A public subnet should be used for resources that will be accessed over the Internet

Each subnet must reside entirely within one Availability Zone and cannot span zones

56copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon VPC Example

Availability Zone A

Virtual Private Cloud

AWS Cloud

Public Subnet

Internet

Virtual Private Cloud

Availability Zone B

Private Subnet

Availability Zone C

VPN Only Subnet

DB Server DB Server

App Server

DB Server DB Server

DB Server

Web Server Web Server

NAT

Customer

Network

R

57copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security in Your VPC

Security groups

Network access

control lists

(ACLs) Subnet

1000024Subnet

1001024

Internet GatewayVPN Gateway

VPC Router

1000016

Security Group Security

Group

Security

Group

Network ACL Network ACL

Routing Table Routing Table

instance instance instance instance

58copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answers

Q What AWS service would help support your web application to offload serving static assets and store user uploaded images and video off-instance

Q How would you find out the private and public IP addresses for an EC2 instance

Q What acts as an additional layer of security at the subnet level in a VPC

True or False S3 Provides unlimited storageTrue

Retrieve the instance metadata http169254169254latestmeta-data

Amazon S3

Network ACLs

59copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 3

Security Identity and Access

Management

60copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Shared Responsibility ndash AWS

AW

S

Client-side Data Encryption

and Data Integrity

Authentication

Server-side Encryption

(File System andor Data)Network Traffic Protection

(EncryptionIntegrityIdentity)

Platform Applications Identity and Access Management

Operating System Network and Firewall Configuration

Customer DataC

usto

mer

Foundation Services

Compute Storage Database Network

AWS Global

Infrastructure Regions

Availability Zones Edge

Locations

61copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Physical Security

247 trained security staff

AWS data centers in nondescript and undisclosed facilities

Two-factor authentication for authorized staff

Authorization for data center access

62copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Hardware Software and Network

Automated change-control process

Bastion servers that record all access attempts

Firewall and other boundary devices

AWS monitoring tools

63copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Certifications and Accreditations

ISO 9001 ISO 27001 ISO 27017 ISO 27018 IRAP (Australia) MLPS Level 3 (China)

MTCS Tier 3 Certification (Singapore) and more hellip

64copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SSL Endpoints

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

SSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

SSL Endpoints

65copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security Groups

SSL Endpoints Security Groups

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

66copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

VPCSSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

67copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Multi-Tier Security Groups

HTTP

SSHRDP

Ports 80 and 443 only

open to the Internet

Engineering staff have SSHRDP

access to Bastion Host

All other internet ports blocked by default

Bastion

68copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Identity and Access Management (IAM)

AWS IAM

3

Manage federated users

and their permissions

2

Manage AWS IAM roles

and their permissions

1

Manage AWS IAM users

and their access

69copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Authentication

AWS Management Console User Name and Password

IAM User

70copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Access Key ID AKIAIOSFODNN7EXAMPLE

Secret Access Key wJalrXUtnFEMIK7MDENGbPxRfiCYEXAMPLEKEY

Java Python NET

AWS SDK amp APIAWS CLI

Authentication

AWS CLI or SDK API Access Key and Secret Key

IAM User

71copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM User Management - Groups

User D

DevOps Group

User C

AWS Account

TestDev Group

User BUser A

72copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authorization

Authorization

Policies

Are JSON documents to

describe permissions

Are assigned to Users

Groups or Roles

IAM User IAM Group

IAM Roles

73copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Elements

Version 2012-10-17

Statement [

Sid Stmt1453690971587

Action [

ec2Describe

ec2StartInstances

ec2StopInstancesrdquo

]

Effect Allow

Resource

Condition

IpAddress

awsSourceIp 5464346532rdquo

Sid Stmt1453690998327

Action [

s3GetObjectrdquo

]

Effect Allow

Resource arnawss3example_bucketrdquo

]

IAM Policy

74copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

Assigned Assigned

IAM Policy

75copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

76copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Roles

An IAM role uses a policy

An IAM role has no associated credentials

IAM users applications and services may assume IAM

roles

IAM Roles

77copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

IAM User

Assumed Assumed

AWS Resources

78copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Access to AWS Resources

Python application hosted on an Amazon EC2 Instance

needs to interact with Amazon S3

AWS credentials are required

Option 1 Store AWS Credentials on the Amazon EC2 instance

Option 2 Securely distribute AWS credentials to AWS Services

and Applications

IAM Roles

79copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Authentication

AWS IAM Application

No Support No Support

OS

80copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication and Authorization

Authentication

AWS Management Console

bull User Name and Password

AWS CLI or SDK API

bull Access Key and Secret Key

Authorization

Policies

IAM User IAM Group

IAM Roles

81copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices

Delete AWS account (root) access keys

Create individual IAM users

Use groups to assign permissions to IAM users

Grant least privilege

Configure a strong password policy

Enable MFA for privileged users

82copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices (cont)

Use roles for applications that run on Amazon EC2

instances

Delegate by using roles instead of by sharing credentials

Rotate credentials regularly

Remove unnecessary users and credentials

Use policy conditions for extra security

Monitor activity in your AWS account

83copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Resource-Based Policies

Are an alternative to IAM and supported by some

services

Grant cross-account access to your resources

Use a principal to uniquely identify account in the policy

Supported AWS services include Amazon S3 Bucket Policy

Amazon SNS Topic Policy

Amazon SQS Queue Policy

Amazon Glacier Vault Policy

AWS OpsWorks Stack Policy

AWS Lambda Function Policy

84copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answer

Q Your web application needs to readwrite an Amazon DynamoDB table

and an Amazon S3 bucket This operation requires AWS credentials and

authorization to use AWS services What service would you use

AWS IAM Role

85copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 4

Databases

86copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SQL and NoSQL Databases

SQL NoSQL

Data Storage Rows and Columns Key-Value

Schemas Fixed Dynamic

Querying Using SQL Focused on collection of

documents

Scalability Vertical Horizontal

ISBN Title Author Format

9182932465265 Cloud Computing

Concepts

Wilson

Joe

Paperback

3142536475869 The Database

Guru

Gomez

Maria

eBook

SQL NoSQL

ISBN 9182932465265

Title ldquoCloud Computing Conceptsrdquo

Author ldquoWilson Joerdquo

Format ldquoPaperbackrdquo

87copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Data Storage Considerations

No one size fits all

Analyze your data requirements by considering

Data formats

Data size

Query frequency

Data access speed

Data retention period

88copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Managed Database Services

Compute Storage

AWS Global Infrastructure

Database

App Services

Deployment and Administration

Networking

Amazon DynamoDB

Amazon ElastiCache

Amazon RDS

Amazon Redshift

AWS Database Migration Service

89copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Relational Database Service (RDS)

Cost-efficient and resizable capacity

Manages time-consuming database

administration tasks

Access to the full capabilities of Amazon

Aurora MySQL MariaDB Microsoft SQL

Server Oracle and PostgreSQL databases

Amazon

RDS

90copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Use Case

We were able to go from

concept to delivered product

in about six months with just

a handful of engineers

Greg Scallan

Chief Architect Flipboard

rdquo

ldquoFlipboard is an online magazine

with millions of users and billions of

ldquoflipsrdquo per month

Flipboard is one of the worldrsquos first

social media magazines

Flipboard uses Amazon RDS and

its Multi-AZ capabilities to store

mission critical user data

91copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS

Simple and fast to deploy

Manages common database administrative tasks

Compatible with your applications

Fast predictable performance

Simple and fast to scale

Secure

Cost-effective

92copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

How Amazon RDS Backups Work

Automatic Backups

Restore your database to a

point in time

Are enabled by default

Let you choose a retention

period up to 35 days

Manual Snapshots

Let you build a new

database instance from a

snapshot

Are initiated by the user

Persist until the user deletes

them

Are stored in Amazon S3

93copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cross-Region Snapshots

Are a copy of a database

snapshot stored in a

different AWS Region

Provide a backup for

disaster recovery

Can be used as a base

for migration to a

different region

94copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Security

Run your DB instance in an Amazon VPC

Use IAM policies to grant access to Amazon RDS resources

Use security groups

Use Secure Socket Layer (SSL) connections with DB instances (Amazon Aurora Oracle MySQL MariaDB PostgreSQL Microsoft SQL Server)

Use Amazon RDS encryption to secure your RDS instances and snapshots at rest

Use network encryption and transparent data encryption (TDE) with Oracle DB and Microsoft SQL Server instances

Use the security features of your DB engine to control access to your DB instance

95copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

A Resilient Durable Application Architecture

Amazon RDS database

instances

Master and Multi-AZ standby

Application in Amazon

EC2 instances

Elastic Load Balancing

load balancer instance

DB snapshots in

Amazon S3

96copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Best Practices

Monitor your memory CPU and storage usage

Use Multi-AZ deployments to automatically provision and maintain a synchronous standby in a different Availability Zone

Enable automatic backups

Set the backup window to occur during the daily low in WriteIOPS

To increase the IO capacity of a DB instance Migrate to a DB instance class with high IO capacity

Convert from standard storage to provisioned IOPS storage and use a DB instance class optimized for provisioned IOPS

Provision additional throughput capacity (if using provisioned IOPS storage)

If your client application is caching the DNS data of your DB instances set a TTL of less than 30 seconds

Test failover for your DB instance

97copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon DynamoDB

Store any amount of data with no limits

Fast predictable performance using SSDs

Easily provision and change the request

capacity needed for each table

Fully managed NoSQL database serviceAmazon

DynamoDB

98copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Use Case

AdRoll an online advertising platform serves 50

billion impressions a day worldwide with its

global retargeting platforms

We spend more on snacks

than we do on Amazon

DynamoDB

Valentino Volonghi

CTO Adroll

rdquo

ldquoAdroll Uses AWS to grow by more than

15000 in a year

Needed high-performance flexible

platform to swiftly sync data for

worldwide audience

Processes 50 TB of data a day

Serves 50 billion impressions a day

Stores 15 PB of data

Worldwide deployment minimizes

latency

99copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Data Model

Table

MusicItems

Attributes (name-value pairs)

Artist Song

Title

Album

Title

Year Genre

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 39: AWSome Day Cork | Technical Track

39copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Security

You can control access to buckets and objects with

Access Control Lists (ACLs)

Bucket policies

Identity and Access Management (IAM) policies

You can upload or download data to Amazon S3 via SSL

encrypted endpoints

You can encrypt data using AWS SDKs

40copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Versioning

Protects from accidental overwrites and deletes with

no performance penalty

Generates a new version with every upload

Allows easily retrieval of deleted objects or roll back

to previous versions

Three states of an Amazon S3 bucket

Un-versioned (default)

Versioning-enabled

Versioning-suspendedVersioning Enabled

Key photogif

ID 121212

Key photogif

ID 111111

41copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Object Lifecycle

Lifecycle management defines how Amazon S3 manages

objects during their lifetime Some objects that you store in an

Amazon S3 bucket might have a well-defined lifecycle

Log files

Archive documents

Digital media archives

Financial and healthcare records

Raw genomics sequence data

Long-term database backups

Data that must be retained for regulatory compliance

42copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Glacier

Long term low-cost archiving service

Optimal for infrequently accessed data

Designed for 99999999999 durability

3-5 hours retrieval time

Less than $001 per GB month (depending on region)

43copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 + Amazon Glacier

S3 Lifecycle policies allow you to delete or move

objects based on age and set rules per S3 bucket

bucket with

objects

30 Days

Glacier

archive

365 Days

44copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Region Considerations

Amazon S3 creates a bucket in the region you

select

You can choose a region to

Optimize latency

Minimize costs

Address regulatory requirements

Objects stored in a region never leave the region

unless you explicitly transfer them to another

region

45copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Storage Classes

Storage Class Durability Availability Other Considerations

Amazon S3

Standard

99999999999 9999 None

Amazon S3

Standard -

Infrequent

Access (IA)

99999999999 9999 bull Retrieval fee associated

with objects

bull Most suitable for

infrequently accessed

data

Glacier 99999999999 9999 (after you

restore objects)

bull Not available for real-time

access

bull Must restore objects

before you can access

them

46copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Elastic Block Store (EBS)

Persistent block level storage volumes

offering consistent and low-latency performance

Automatically replicated within its Availability

Zone

Snapshots stored durably in Amazon S3 Amazon

EBS

47copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS Lifecycle

Vast amounts of

unused space Create

Call CreateVolume

1 GB to 16 TB

Attach

Call AttachVolume to affiliate with

one Amazon EC2 instance

Attached

and

In Use

bull Format from Amazon EC2

instance OS

bull Mount formatted drive

CreateSnapshotSnapshot to

Amazon S3Detach

Call DetachVolume

Deleted

Call DeleteVolume

48copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS Facts

You can create

EBS Magnetic volumes from 1 GiB to 1 TiB in size

EBS General Purpose (SSD) and Provisioned IOPS (SSD)

volumes up to 16 TiB in size

You can use encrypted EBS volumes to meet a wide

range of data at-rest encryption requirements for

regulatedaudited data and applications

You can create point-in-time snapshots of EBS volumes

which are persisted to Amazon S3

49copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS and Amazon S3

Amazon EBS Amazon S3

Paradigm Block storage with file system Object store

Performance Very fast Fast

Redundancy Across multiple servers in an

Availability Zone

Across multiple facilities in a Region

Security EBS Encryption ndash Data volumes

and Snapshots

Encryption

Access from the

Internet

No (1) Yes (2)

Typical use case It is a disk drive Online storage

(1) Accessible from the Internet if mounted to server and set up as FTP etc

(2) Only with proper credentials unless ACLs are world-readable

50copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Instance Storage

Local complimentary direct attached block storage resource

Availability number of disks and size is based on EC2

instance type

Storage optimized instances for up to 365000 Read IOPS

and 315000 First Write IOPS

SSD or magnetic

No persistence

All data is automatically deleted when an EC2 instance stops

fails or is terminated

51copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Reboot vs Stop vs Terminate

Characteristic Reboot StopStart (EBS-backed instances only)

Terminate

Host computer The instance stays on the

same host computer

The instance runs on a new

host computer

NA

Private and public

IP addresses

Stay the same Instance keeps its private IP

address and gets a new public

IP address

NA

Elastic IP addresses

(EIP)

EIP remains associated with

the instance

EIP remains associated with the

instance

The EIP is disassociated from the

instance

Instance store

volumes

The data is preserved The data is erased The data is erased

EBS volume The volume is preserved The volume is preserved The volume is deleted by default

Billing Instance billing hour doesnrsquot

change

You stop incurring charges as

soon as state is changed to

stopping

You stop incurring charges as

soon as state is changed to

shutting-down

52copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instructor Demo

Amazon S3

53copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Networking

Amazon VPC

54copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

Provision a private isolated virtual network

on the AWS cloud

Have complete control over your virtual

networking environmentAmazon

VPC

55copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

VPCs and Subnets

A subnet defines a range of IP addresses in your VPC

You can launch AWS resources into a subnet that you select

A private subnet should be used for resources that wonrsquot be accessible over the Internet

A public subnet should be used for resources that will be accessed over the Internet

Each subnet must reside entirely within one Availability Zone and cannot span zones

56copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon VPC Example

Availability Zone A

Virtual Private Cloud

AWS Cloud

Public Subnet

Internet

Virtual Private Cloud

Availability Zone B

Private Subnet

Availability Zone C

VPN Only Subnet

DB Server DB Server

App Server

DB Server DB Server

DB Server

Web Server Web Server

NAT

Customer

Network

R

57copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security in Your VPC

Security groups

Network access

control lists

(ACLs) Subnet

1000024Subnet

1001024

Internet GatewayVPN Gateway

VPC Router

1000016

Security Group Security

Group

Security

Group

Network ACL Network ACL

Routing Table Routing Table

instance instance instance instance

58copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answers

Q What AWS service would help support your web application to offload serving static assets and store user uploaded images and video off-instance

Q How would you find out the private and public IP addresses for an EC2 instance

Q What acts as an additional layer of security at the subnet level in a VPC

True or False S3 Provides unlimited storageTrue

Retrieve the instance metadata http169254169254latestmeta-data

Amazon S3

Network ACLs

59copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 3

Security Identity and Access

Management

60copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Shared Responsibility ndash AWS

AW

S

Client-side Data Encryption

and Data Integrity

Authentication

Server-side Encryption

(File System andor Data)Network Traffic Protection

(EncryptionIntegrityIdentity)

Platform Applications Identity and Access Management

Operating System Network and Firewall Configuration

Customer DataC

usto

mer

Foundation Services

Compute Storage Database Network

AWS Global

Infrastructure Regions

Availability Zones Edge

Locations

61copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Physical Security

247 trained security staff

AWS data centers in nondescript and undisclosed facilities

Two-factor authentication for authorized staff

Authorization for data center access

62copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Hardware Software and Network

Automated change-control process

Bastion servers that record all access attempts

Firewall and other boundary devices

AWS monitoring tools

63copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Certifications and Accreditations

ISO 9001 ISO 27001 ISO 27017 ISO 27018 IRAP (Australia) MLPS Level 3 (China)

MTCS Tier 3 Certification (Singapore) and more hellip

64copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SSL Endpoints

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

SSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

SSL Endpoints

65copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security Groups

SSL Endpoints Security Groups

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

66copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

VPCSSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

67copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Multi-Tier Security Groups

HTTP

SSHRDP

Ports 80 and 443 only

open to the Internet

Engineering staff have SSHRDP

access to Bastion Host

All other internet ports blocked by default

Bastion

68copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Identity and Access Management (IAM)

AWS IAM

3

Manage federated users

and their permissions

2

Manage AWS IAM roles

and their permissions

1

Manage AWS IAM users

and their access

69copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Authentication

AWS Management Console User Name and Password

IAM User

70copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Access Key ID AKIAIOSFODNN7EXAMPLE

Secret Access Key wJalrXUtnFEMIK7MDENGbPxRfiCYEXAMPLEKEY

Java Python NET

AWS SDK amp APIAWS CLI

Authentication

AWS CLI or SDK API Access Key and Secret Key

IAM User

71copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM User Management - Groups

User D

DevOps Group

User C

AWS Account

TestDev Group

User BUser A

72copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authorization

Authorization

Policies

Are JSON documents to

describe permissions

Are assigned to Users

Groups or Roles

IAM User IAM Group

IAM Roles

73copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Elements

Version 2012-10-17

Statement [

Sid Stmt1453690971587

Action [

ec2Describe

ec2StartInstances

ec2StopInstancesrdquo

]

Effect Allow

Resource

Condition

IpAddress

awsSourceIp 5464346532rdquo

Sid Stmt1453690998327

Action [

s3GetObjectrdquo

]

Effect Allow

Resource arnawss3example_bucketrdquo

]

IAM Policy

74copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

Assigned Assigned

IAM Policy

75copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

76copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Roles

An IAM role uses a policy

An IAM role has no associated credentials

IAM users applications and services may assume IAM

roles

IAM Roles

77copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

IAM User

Assumed Assumed

AWS Resources

78copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Access to AWS Resources

Python application hosted on an Amazon EC2 Instance

needs to interact with Amazon S3

AWS credentials are required

Option 1 Store AWS Credentials on the Amazon EC2 instance

Option 2 Securely distribute AWS credentials to AWS Services

and Applications

IAM Roles

79copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Authentication

AWS IAM Application

No Support No Support

OS

80copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication and Authorization

Authentication

AWS Management Console

bull User Name and Password

AWS CLI or SDK API

bull Access Key and Secret Key

Authorization

Policies

IAM User IAM Group

IAM Roles

81copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices

Delete AWS account (root) access keys

Create individual IAM users

Use groups to assign permissions to IAM users

Grant least privilege

Configure a strong password policy

Enable MFA for privileged users

82copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices (cont)

Use roles for applications that run on Amazon EC2

instances

Delegate by using roles instead of by sharing credentials

Rotate credentials regularly

Remove unnecessary users and credentials

Use policy conditions for extra security

Monitor activity in your AWS account

83copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Resource-Based Policies

Are an alternative to IAM and supported by some

services

Grant cross-account access to your resources

Use a principal to uniquely identify account in the policy

Supported AWS services include Amazon S3 Bucket Policy

Amazon SNS Topic Policy

Amazon SQS Queue Policy

Amazon Glacier Vault Policy

AWS OpsWorks Stack Policy

AWS Lambda Function Policy

84copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answer

Q Your web application needs to readwrite an Amazon DynamoDB table

and an Amazon S3 bucket This operation requires AWS credentials and

authorization to use AWS services What service would you use

AWS IAM Role

85copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 4

Databases

86copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SQL and NoSQL Databases

SQL NoSQL

Data Storage Rows and Columns Key-Value

Schemas Fixed Dynamic

Querying Using SQL Focused on collection of

documents

Scalability Vertical Horizontal

ISBN Title Author Format

9182932465265 Cloud Computing

Concepts

Wilson

Joe

Paperback

3142536475869 The Database

Guru

Gomez

Maria

eBook

SQL NoSQL

ISBN 9182932465265

Title ldquoCloud Computing Conceptsrdquo

Author ldquoWilson Joerdquo

Format ldquoPaperbackrdquo

87copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Data Storage Considerations

No one size fits all

Analyze your data requirements by considering

Data formats

Data size

Query frequency

Data access speed

Data retention period

88copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Managed Database Services

Compute Storage

AWS Global Infrastructure

Database

App Services

Deployment and Administration

Networking

Amazon DynamoDB

Amazon ElastiCache

Amazon RDS

Amazon Redshift

AWS Database Migration Service

89copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Relational Database Service (RDS)

Cost-efficient and resizable capacity

Manages time-consuming database

administration tasks

Access to the full capabilities of Amazon

Aurora MySQL MariaDB Microsoft SQL

Server Oracle and PostgreSQL databases

Amazon

RDS

90copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Use Case

We were able to go from

concept to delivered product

in about six months with just

a handful of engineers

Greg Scallan

Chief Architect Flipboard

rdquo

ldquoFlipboard is an online magazine

with millions of users and billions of

ldquoflipsrdquo per month

Flipboard is one of the worldrsquos first

social media magazines

Flipboard uses Amazon RDS and

its Multi-AZ capabilities to store

mission critical user data

91copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS

Simple and fast to deploy

Manages common database administrative tasks

Compatible with your applications

Fast predictable performance

Simple and fast to scale

Secure

Cost-effective

92copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

How Amazon RDS Backups Work

Automatic Backups

Restore your database to a

point in time

Are enabled by default

Let you choose a retention

period up to 35 days

Manual Snapshots

Let you build a new

database instance from a

snapshot

Are initiated by the user

Persist until the user deletes

them

Are stored in Amazon S3

93copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cross-Region Snapshots

Are a copy of a database

snapshot stored in a

different AWS Region

Provide a backup for

disaster recovery

Can be used as a base

for migration to a

different region

94copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Security

Run your DB instance in an Amazon VPC

Use IAM policies to grant access to Amazon RDS resources

Use security groups

Use Secure Socket Layer (SSL) connections with DB instances (Amazon Aurora Oracle MySQL MariaDB PostgreSQL Microsoft SQL Server)

Use Amazon RDS encryption to secure your RDS instances and snapshots at rest

Use network encryption and transparent data encryption (TDE) with Oracle DB and Microsoft SQL Server instances

Use the security features of your DB engine to control access to your DB instance

95copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

A Resilient Durable Application Architecture

Amazon RDS database

instances

Master and Multi-AZ standby

Application in Amazon

EC2 instances

Elastic Load Balancing

load balancer instance

DB snapshots in

Amazon S3

96copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Best Practices

Monitor your memory CPU and storage usage

Use Multi-AZ deployments to automatically provision and maintain a synchronous standby in a different Availability Zone

Enable automatic backups

Set the backup window to occur during the daily low in WriteIOPS

To increase the IO capacity of a DB instance Migrate to a DB instance class with high IO capacity

Convert from standard storage to provisioned IOPS storage and use a DB instance class optimized for provisioned IOPS

Provision additional throughput capacity (if using provisioned IOPS storage)

If your client application is caching the DNS data of your DB instances set a TTL of less than 30 seconds

Test failover for your DB instance

97copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon DynamoDB

Store any amount of data with no limits

Fast predictable performance using SSDs

Easily provision and change the request

capacity needed for each table

Fully managed NoSQL database serviceAmazon

DynamoDB

98copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Use Case

AdRoll an online advertising platform serves 50

billion impressions a day worldwide with its

global retargeting platforms

We spend more on snacks

than we do on Amazon

DynamoDB

Valentino Volonghi

CTO Adroll

rdquo

ldquoAdroll Uses AWS to grow by more than

15000 in a year

Needed high-performance flexible

platform to swiftly sync data for

worldwide audience

Processes 50 TB of data a day

Serves 50 billion impressions a day

Stores 15 PB of data

Worldwide deployment minimizes

latency

99copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Data Model

Table

MusicItems

Attributes (name-value pairs)

Artist Song

Title

Album

Title

Year Genre

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 40: AWSome Day Cork | Technical Track

40copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Versioning

Protects from accidental overwrites and deletes with

no performance penalty

Generates a new version with every upload

Allows easily retrieval of deleted objects or roll back

to previous versions

Three states of an Amazon S3 bucket

Un-versioned (default)

Versioning-enabled

Versioning-suspendedVersioning Enabled

Key photogif

ID 121212

Key photogif

ID 111111

41copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Object Lifecycle

Lifecycle management defines how Amazon S3 manages

objects during their lifetime Some objects that you store in an

Amazon S3 bucket might have a well-defined lifecycle

Log files

Archive documents

Digital media archives

Financial and healthcare records

Raw genomics sequence data

Long-term database backups

Data that must be retained for regulatory compliance

42copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Glacier

Long term low-cost archiving service

Optimal for infrequently accessed data

Designed for 99999999999 durability

3-5 hours retrieval time

Less than $001 per GB month (depending on region)

43copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 + Amazon Glacier

S3 Lifecycle policies allow you to delete or move

objects based on age and set rules per S3 bucket

bucket with

objects

30 Days

Glacier

archive

365 Days

44copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Region Considerations

Amazon S3 creates a bucket in the region you

select

You can choose a region to

Optimize latency

Minimize costs

Address regulatory requirements

Objects stored in a region never leave the region

unless you explicitly transfer them to another

region

45copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Storage Classes

Storage Class Durability Availability Other Considerations

Amazon S3

Standard

99999999999 9999 None

Amazon S3

Standard -

Infrequent

Access (IA)

99999999999 9999 bull Retrieval fee associated

with objects

bull Most suitable for

infrequently accessed

data

Glacier 99999999999 9999 (after you

restore objects)

bull Not available for real-time

access

bull Must restore objects

before you can access

them

46copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Elastic Block Store (EBS)

Persistent block level storage volumes

offering consistent and low-latency performance

Automatically replicated within its Availability

Zone

Snapshots stored durably in Amazon S3 Amazon

EBS

47copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS Lifecycle

Vast amounts of

unused space Create

Call CreateVolume

1 GB to 16 TB

Attach

Call AttachVolume to affiliate with

one Amazon EC2 instance

Attached

and

In Use

bull Format from Amazon EC2

instance OS

bull Mount formatted drive

CreateSnapshotSnapshot to

Amazon S3Detach

Call DetachVolume

Deleted

Call DeleteVolume

48copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS Facts

You can create

EBS Magnetic volumes from 1 GiB to 1 TiB in size

EBS General Purpose (SSD) and Provisioned IOPS (SSD)

volumes up to 16 TiB in size

You can use encrypted EBS volumes to meet a wide

range of data at-rest encryption requirements for

regulatedaudited data and applications

You can create point-in-time snapshots of EBS volumes

which are persisted to Amazon S3

49copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS and Amazon S3

Amazon EBS Amazon S3

Paradigm Block storage with file system Object store

Performance Very fast Fast

Redundancy Across multiple servers in an

Availability Zone

Across multiple facilities in a Region

Security EBS Encryption ndash Data volumes

and Snapshots

Encryption

Access from the

Internet

No (1) Yes (2)

Typical use case It is a disk drive Online storage

(1) Accessible from the Internet if mounted to server and set up as FTP etc

(2) Only with proper credentials unless ACLs are world-readable

50copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Instance Storage

Local complimentary direct attached block storage resource

Availability number of disks and size is based on EC2

instance type

Storage optimized instances for up to 365000 Read IOPS

and 315000 First Write IOPS

SSD or magnetic

No persistence

All data is automatically deleted when an EC2 instance stops

fails or is terminated

51copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Reboot vs Stop vs Terminate

Characteristic Reboot StopStart (EBS-backed instances only)

Terminate

Host computer The instance stays on the

same host computer

The instance runs on a new

host computer

NA

Private and public

IP addresses

Stay the same Instance keeps its private IP

address and gets a new public

IP address

NA

Elastic IP addresses

(EIP)

EIP remains associated with

the instance

EIP remains associated with the

instance

The EIP is disassociated from the

instance

Instance store

volumes

The data is preserved The data is erased The data is erased

EBS volume The volume is preserved The volume is preserved The volume is deleted by default

Billing Instance billing hour doesnrsquot

change

You stop incurring charges as

soon as state is changed to

stopping

You stop incurring charges as

soon as state is changed to

shutting-down

52copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instructor Demo

Amazon S3

53copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Networking

Amazon VPC

54copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

Provision a private isolated virtual network

on the AWS cloud

Have complete control over your virtual

networking environmentAmazon

VPC

55copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

VPCs and Subnets

A subnet defines a range of IP addresses in your VPC

You can launch AWS resources into a subnet that you select

A private subnet should be used for resources that wonrsquot be accessible over the Internet

A public subnet should be used for resources that will be accessed over the Internet

Each subnet must reside entirely within one Availability Zone and cannot span zones

56copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon VPC Example

Availability Zone A

Virtual Private Cloud

AWS Cloud

Public Subnet

Internet

Virtual Private Cloud

Availability Zone B

Private Subnet

Availability Zone C

VPN Only Subnet

DB Server DB Server

App Server

DB Server DB Server

DB Server

Web Server Web Server

NAT

Customer

Network

R

57copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security in Your VPC

Security groups

Network access

control lists

(ACLs) Subnet

1000024Subnet

1001024

Internet GatewayVPN Gateway

VPC Router

1000016

Security Group Security

Group

Security

Group

Network ACL Network ACL

Routing Table Routing Table

instance instance instance instance

58copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answers

Q What AWS service would help support your web application to offload serving static assets and store user uploaded images and video off-instance

Q How would you find out the private and public IP addresses for an EC2 instance

Q What acts as an additional layer of security at the subnet level in a VPC

True or False S3 Provides unlimited storageTrue

Retrieve the instance metadata http169254169254latestmeta-data

Amazon S3

Network ACLs

59copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 3

Security Identity and Access

Management

60copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Shared Responsibility ndash AWS

AW

S

Client-side Data Encryption

and Data Integrity

Authentication

Server-side Encryption

(File System andor Data)Network Traffic Protection

(EncryptionIntegrityIdentity)

Platform Applications Identity and Access Management

Operating System Network and Firewall Configuration

Customer DataC

usto

mer

Foundation Services

Compute Storage Database Network

AWS Global

Infrastructure Regions

Availability Zones Edge

Locations

61copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Physical Security

247 trained security staff

AWS data centers in nondescript and undisclosed facilities

Two-factor authentication for authorized staff

Authorization for data center access

62copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Hardware Software and Network

Automated change-control process

Bastion servers that record all access attempts

Firewall and other boundary devices

AWS monitoring tools

63copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Certifications and Accreditations

ISO 9001 ISO 27001 ISO 27017 ISO 27018 IRAP (Australia) MLPS Level 3 (China)

MTCS Tier 3 Certification (Singapore) and more hellip

64copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SSL Endpoints

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

SSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

SSL Endpoints

65copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security Groups

SSL Endpoints Security Groups

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

66copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

VPCSSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

67copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Multi-Tier Security Groups

HTTP

SSHRDP

Ports 80 and 443 only

open to the Internet

Engineering staff have SSHRDP

access to Bastion Host

All other internet ports blocked by default

Bastion

68copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Identity and Access Management (IAM)

AWS IAM

3

Manage federated users

and their permissions

2

Manage AWS IAM roles

and their permissions

1

Manage AWS IAM users

and their access

69copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Authentication

AWS Management Console User Name and Password

IAM User

70copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Access Key ID AKIAIOSFODNN7EXAMPLE

Secret Access Key wJalrXUtnFEMIK7MDENGbPxRfiCYEXAMPLEKEY

Java Python NET

AWS SDK amp APIAWS CLI

Authentication

AWS CLI or SDK API Access Key and Secret Key

IAM User

71copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM User Management - Groups

User D

DevOps Group

User C

AWS Account

TestDev Group

User BUser A

72copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authorization

Authorization

Policies

Are JSON documents to

describe permissions

Are assigned to Users

Groups or Roles

IAM User IAM Group

IAM Roles

73copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Elements

Version 2012-10-17

Statement [

Sid Stmt1453690971587

Action [

ec2Describe

ec2StartInstances

ec2StopInstancesrdquo

]

Effect Allow

Resource

Condition

IpAddress

awsSourceIp 5464346532rdquo

Sid Stmt1453690998327

Action [

s3GetObjectrdquo

]

Effect Allow

Resource arnawss3example_bucketrdquo

]

IAM Policy

74copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

Assigned Assigned

IAM Policy

75copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

76copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Roles

An IAM role uses a policy

An IAM role has no associated credentials

IAM users applications and services may assume IAM

roles

IAM Roles

77copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

IAM User

Assumed Assumed

AWS Resources

78copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Access to AWS Resources

Python application hosted on an Amazon EC2 Instance

needs to interact with Amazon S3

AWS credentials are required

Option 1 Store AWS Credentials on the Amazon EC2 instance

Option 2 Securely distribute AWS credentials to AWS Services

and Applications

IAM Roles

79copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Authentication

AWS IAM Application

No Support No Support

OS

80copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication and Authorization

Authentication

AWS Management Console

bull User Name and Password

AWS CLI or SDK API

bull Access Key and Secret Key

Authorization

Policies

IAM User IAM Group

IAM Roles

81copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices

Delete AWS account (root) access keys

Create individual IAM users

Use groups to assign permissions to IAM users

Grant least privilege

Configure a strong password policy

Enable MFA for privileged users

82copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices (cont)

Use roles for applications that run on Amazon EC2

instances

Delegate by using roles instead of by sharing credentials

Rotate credentials regularly

Remove unnecessary users and credentials

Use policy conditions for extra security

Monitor activity in your AWS account

83copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Resource-Based Policies

Are an alternative to IAM and supported by some

services

Grant cross-account access to your resources

Use a principal to uniquely identify account in the policy

Supported AWS services include Amazon S3 Bucket Policy

Amazon SNS Topic Policy

Amazon SQS Queue Policy

Amazon Glacier Vault Policy

AWS OpsWorks Stack Policy

AWS Lambda Function Policy

84copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answer

Q Your web application needs to readwrite an Amazon DynamoDB table

and an Amazon S3 bucket This operation requires AWS credentials and

authorization to use AWS services What service would you use

AWS IAM Role

85copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 4

Databases

86copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SQL and NoSQL Databases

SQL NoSQL

Data Storage Rows and Columns Key-Value

Schemas Fixed Dynamic

Querying Using SQL Focused on collection of

documents

Scalability Vertical Horizontal

ISBN Title Author Format

9182932465265 Cloud Computing

Concepts

Wilson

Joe

Paperback

3142536475869 The Database

Guru

Gomez

Maria

eBook

SQL NoSQL

ISBN 9182932465265

Title ldquoCloud Computing Conceptsrdquo

Author ldquoWilson Joerdquo

Format ldquoPaperbackrdquo

87copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Data Storage Considerations

No one size fits all

Analyze your data requirements by considering

Data formats

Data size

Query frequency

Data access speed

Data retention period

88copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Managed Database Services

Compute Storage

AWS Global Infrastructure

Database

App Services

Deployment and Administration

Networking

Amazon DynamoDB

Amazon ElastiCache

Amazon RDS

Amazon Redshift

AWS Database Migration Service

89copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Relational Database Service (RDS)

Cost-efficient and resizable capacity

Manages time-consuming database

administration tasks

Access to the full capabilities of Amazon

Aurora MySQL MariaDB Microsoft SQL

Server Oracle and PostgreSQL databases

Amazon

RDS

90copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Use Case

We were able to go from

concept to delivered product

in about six months with just

a handful of engineers

Greg Scallan

Chief Architect Flipboard

rdquo

ldquoFlipboard is an online magazine

with millions of users and billions of

ldquoflipsrdquo per month

Flipboard is one of the worldrsquos first

social media magazines

Flipboard uses Amazon RDS and

its Multi-AZ capabilities to store

mission critical user data

91copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS

Simple and fast to deploy

Manages common database administrative tasks

Compatible with your applications

Fast predictable performance

Simple and fast to scale

Secure

Cost-effective

92copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

How Amazon RDS Backups Work

Automatic Backups

Restore your database to a

point in time

Are enabled by default

Let you choose a retention

period up to 35 days

Manual Snapshots

Let you build a new

database instance from a

snapshot

Are initiated by the user

Persist until the user deletes

them

Are stored in Amazon S3

93copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cross-Region Snapshots

Are a copy of a database

snapshot stored in a

different AWS Region

Provide a backup for

disaster recovery

Can be used as a base

for migration to a

different region

94copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Security

Run your DB instance in an Amazon VPC

Use IAM policies to grant access to Amazon RDS resources

Use security groups

Use Secure Socket Layer (SSL) connections with DB instances (Amazon Aurora Oracle MySQL MariaDB PostgreSQL Microsoft SQL Server)

Use Amazon RDS encryption to secure your RDS instances and snapshots at rest

Use network encryption and transparent data encryption (TDE) with Oracle DB and Microsoft SQL Server instances

Use the security features of your DB engine to control access to your DB instance

95copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

A Resilient Durable Application Architecture

Amazon RDS database

instances

Master and Multi-AZ standby

Application in Amazon

EC2 instances

Elastic Load Balancing

load balancer instance

DB snapshots in

Amazon S3

96copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Best Practices

Monitor your memory CPU and storage usage

Use Multi-AZ deployments to automatically provision and maintain a synchronous standby in a different Availability Zone

Enable automatic backups

Set the backup window to occur during the daily low in WriteIOPS

To increase the IO capacity of a DB instance Migrate to a DB instance class with high IO capacity

Convert from standard storage to provisioned IOPS storage and use a DB instance class optimized for provisioned IOPS

Provision additional throughput capacity (if using provisioned IOPS storage)

If your client application is caching the DNS data of your DB instances set a TTL of less than 30 seconds

Test failover for your DB instance

97copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon DynamoDB

Store any amount of data with no limits

Fast predictable performance using SSDs

Easily provision and change the request

capacity needed for each table

Fully managed NoSQL database serviceAmazon

DynamoDB

98copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Use Case

AdRoll an online advertising platform serves 50

billion impressions a day worldwide with its

global retargeting platforms

We spend more on snacks

than we do on Amazon

DynamoDB

Valentino Volonghi

CTO Adroll

rdquo

ldquoAdroll Uses AWS to grow by more than

15000 in a year

Needed high-performance flexible

platform to swiftly sync data for

worldwide audience

Processes 50 TB of data a day

Serves 50 billion impressions a day

Stores 15 PB of data

Worldwide deployment minimizes

latency

99copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Data Model

Table

MusicItems

Attributes (name-value pairs)

Artist Song

Title

Album

Title

Year Genre

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 41: AWSome Day Cork | Technical Track

41copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Object Lifecycle

Lifecycle management defines how Amazon S3 manages

objects during their lifetime Some objects that you store in an

Amazon S3 bucket might have a well-defined lifecycle

Log files

Archive documents

Digital media archives

Financial and healthcare records

Raw genomics sequence data

Long-term database backups

Data that must be retained for regulatory compliance

42copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Glacier

Long term low-cost archiving service

Optimal for infrequently accessed data

Designed for 99999999999 durability

3-5 hours retrieval time

Less than $001 per GB month (depending on region)

43copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 + Amazon Glacier

S3 Lifecycle policies allow you to delete or move

objects based on age and set rules per S3 bucket

bucket with

objects

30 Days

Glacier

archive

365 Days

44copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Region Considerations

Amazon S3 creates a bucket in the region you

select

You can choose a region to

Optimize latency

Minimize costs

Address regulatory requirements

Objects stored in a region never leave the region

unless you explicitly transfer them to another

region

45copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Storage Classes

Storage Class Durability Availability Other Considerations

Amazon S3

Standard

99999999999 9999 None

Amazon S3

Standard -

Infrequent

Access (IA)

99999999999 9999 bull Retrieval fee associated

with objects

bull Most suitable for

infrequently accessed

data

Glacier 99999999999 9999 (after you

restore objects)

bull Not available for real-time

access

bull Must restore objects

before you can access

them

46copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Elastic Block Store (EBS)

Persistent block level storage volumes

offering consistent and low-latency performance

Automatically replicated within its Availability

Zone

Snapshots stored durably in Amazon S3 Amazon

EBS

47copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS Lifecycle

Vast amounts of

unused space Create

Call CreateVolume

1 GB to 16 TB

Attach

Call AttachVolume to affiliate with

one Amazon EC2 instance

Attached

and

In Use

bull Format from Amazon EC2

instance OS

bull Mount formatted drive

CreateSnapshotSnapshot to

Amazon S3Detach

Call DetachVolume

Deleted

Call DeleteVolume

48copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS Facts

You can create

EBS Magnetic volumes from 1 GiB to 1 TiB in size

EBS General Purpose (SSD) and Provisioned IOPS (SSD)

volumes up to 16 TiB in size

You can use encrypted EBS volumes to meet a wide

range of data at-rest encryption requirements for

regulatedaudited data and applications

You can create point-in-time snapshots of EBS volumes

which are persisted to Amazon S3

49copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS and Amazon S3

Amazon EBS Amazon S3

Paradigm Block storage with file system Object store

Performance Very fast Fast

Redundancy Across multiple servers in an

Availability Zone

Across multiple facilities in a Region

Security EBS Encryption ndash Data volumes

and Snapshots

Encryption

Access from the

Internet

No (1) Yes (2)

Typical use case It is a disk drive Online storage

(1) Accessible from the Internet if mounted to server and set up as FTP etc

(2) Only with proper credentials unless ACLs are world-readable

50copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Instance Storage

Local complimentary direct attached block storage resource

Availability number of disks and size is based on EC2

instance type

Storage optimized instances for up to 365000 Read IOPS

and 315000 First Write IOPS

SSD or magnetic

No persistence

All data is automatically deleted when an EC2 instance stops

fails or is terminated

51copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Reboot vs Stop vs Terminate

Characteristic Reboot StopStart (EBS-backed instances only)

Terminate

Host computer The instance stays on the

same host computer

The instance runs on a new

host computer

NA

Private and public

IP addresses

Stay the same Instance keeps its private IP

address and gets a new public

IP address

NA

Elastic IP addresses

(EIP)

EIP remains associated with

the instance

EIP remains associated with the

instance

The EIP is disassociated from the

instance

Instance store

volumes

The data is preserved The data is erased The data is erased

EBS volume The volume is preserved The volume is preserved The volume is deleted by default

Billing Instance billing hour doesnrsquot

change

You stop incurring charges as

soon as state is changed to

stopping

You stop incurring charges as

soon as state is changed to

shutting-down

52copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instructor Demo

Amazon S3

53copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Networking

Amazon VPC

54copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

Provision a private isolated virtual network

on the AWS cloud

Have complete control over your virtual

networking environmentAmazon

VPC

55copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

VPCs and Subnets

A subnet defines a range of IP addresses in your VPC

You can launch AWS resources into a subnet that you select

A private subnet should be used for resources that wonrsquot be accessible over the Internet

A public subnet should be used for resources that will be accessed over the Internet

Each subnet must reside entirely within one Availability Zone and cannot span zones

56copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon VPC Example

Availability Zone A

Virtual Private Cloud

AWS Cloud

Public Subnet

Internet

Virtual Private Cloud

Availability Zone B

Private Subnet

Availability Zone C

VPN Only Subnet

DB Server DB Server

App Server

DB Server DB Server

DB Server

Web Server Web Server

NAT

Customer

Network

R

57copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security in Your VPC

Security groups

Network access

control lists

(ACLs) Subnet

1000024Subnet

1001024

Internet GatewayVPN Gateway

VPC Router

1000016

Security Group Security

Group

Security

Group

Network ACL Network ACL

Routing Table Routing Table

instance instance instance instance

58copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answers

Q What AWS service would help support your web application to offload serving static assets and store user uploaded images and video off-instance

Q How would you find out the private and public IP addresses for an EC2 instance

Q What acts as an additional layer of security at the subnet level in a VPC

True or False S3 Provides unlimited storageTrue

Retrieve the instance metadata http169254169254latestmeta-data

Amazon S3

Network ACLs

59copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 3

Security Identity and Access

Management

60copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Shared Responsibility ndash AWS

AW

S

Client-side Data Encryption

and Data Integrity

Authentication

Server-side Encryption

(File System andor Data)Network Traffic Protection

(EncryptionIntegrityIdentity)

Platform Applications Identity and Access Management

Operating System Network and Firewall Configuration

Customer DataC

usto

mer

Foundation Services

Compute Storage Database Network

AWS Global

Infrastructure Regions

Availability Zones Edge

Locations

61copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Physical Security

247 trained security staff

AWS data centers in nondescript and undisclosed facilities

Two-factor authentication for authorized staff

Authorization for data center access

62copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Hardware Software and Network

Automated change-control process

Bastion servers that record all access attempts

Firewall and other boundary devices

AWS monitoring tools

63copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Certifications and Accreditations

ISO 9001 ISO 27001 ISO 27017 ISO 27018 IRAP (Australia) MLPS Level 3 (China)

MTCS Tier 3 Certification (Singapore) and more hellip

64copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SSL Endpoints

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

SSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

SSL Endpoints

65copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security Groups

SSL Endpoints Security Groups

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

66copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

VPCSSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

67copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Multi-Tier Security Groups

HTTP

SSHRDP

Ports 80 and 443 only

open to the Internet

Engineering staff have SSHRDP

access to Bastion Host

All other internet ports blocked by default

Bastion

68copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Identity and Access Management (IAM)

AWS IAM

3

Manage federated users

and their permissions

2

Manage AWS IAM roles

and their permissions

1

Manage AWS IAM users

and their access

69copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Authentication

AWS Management Console User Name and Password

IAM User

70copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Access Key ID AKIAIOSFODNN7EXAMPLE

Secret Access Key wJalrXUtnFEMIK7MDENGbPxRfiCYEXAMPLEKEY

Java Python NET

AWS SDK amp APIAWS CLI

Authentication

AWS CLI or SDK API Access Key and Secret Key

IAM User

71copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM User Management - Groups

User D

DevOps Group

User C

AWS Account

TestDev Group

User BUser A

72copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authorization

Authorization

Policies

Are JSON documents to

describe permissions

Are assigned to Users

Groups or Roles

IAM User IAM Group

IAM Roles

73copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Elements

Version 2012-10-17

Statement [

Sid Stmt1453690971587

Action [

ec2Describe

ec2StartInstances

ec2StopInstancesrdquo

]

Effect Allow

Resource

Condition

IpAddress

awsSourceIp 5464346532rdquo

Sid Stmt1453690998327

Action [

s3GetObjectrdquo

]

Effect Allow

Resource arnawss3example_bucketrdquo

]

IAM Policy

74copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

Assigned Assigned

IAM Policy

75copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

76copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Roles

An IAM role uses a policy

An IAM role has no associated credentials

IAM users applications and services may assume IAM

roles

IAM Roles

77copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

IAM User

Assumed Assumed

AWS Resources

78copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Access to AWS Resources

Python application hosted on an Amazon EC2 Instance

needs to interact with Amazon S3

AWS credentials are required

Option 1 Store AWS Credentials on the Amazon EC2 instance

Option 2 Securely distribute AWS credentials to AWS Services

and Applications

IAM Roles

79copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Authentication

AWS IAM Application

No Support No Support

OS

80copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication and Authorization

Authentication

AWS Management Console

bull User Name and Password

AWS CLI or SDK API

bull Access Key and Secret Key

Authorization

Policies

IAM User IAM Group

IAM Roles

81copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices

Delete AWS account (root) access keys

Create individual IAM users

Use groups to assign permissions to IAM users

Grant least privilege

Configure a strong password policy

Enable MFA for privileged users

82copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices (cont)

Use roles for applications that run on Amazon EC2

instances

Delegate by using roles instead of by sharing credentials

Rotate credentials regularly

Remove unnecessary users and credentials

Use policy conditions for extra security

Monitor activity in your AWS account

83copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Resource-Based Policies

Are an alternative to IAM and supported by some

services

Grant cross-account access to your resources

Use a principal to uniquely identify account in the policy

Supported AWS services include Amazon S3 Bucket Policy

Amazon SNS Topic Policy

Amazon SQS Queue Policy

Amazon Glacier Vault Policy

AWS OpsWorks Stack Policy

AWS Lambda Function Policy

84copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answer

Q Your web application needs to readwrite an Amazon DynamoDB table

and an Amazon S3 bucket This operation requires AWS credentials and

authorization to use AWS services What service would you use

AWS IAM Role

85copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 4

Databases

86copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SQL and NoSQL Databases

SQL NoSQL

Data Storage Rows and Columns Key-Value

Schemas Fixed Dynamic

Querying Using SQL Focused on collection of

documents

Scalability Vertical Horizontal

ISBN Title Author Format

9182932465265 Cloud Computing

Concepts

Wilson

Joe

Paperback

3142536475869 The Database

Guru

Gomez

Maria

eBook

SQL NoSQL

ISBN 9182932465265

Title ldquoCloud Computing Conceptsrdquo

Author ldquoWilson Joerdquo

Format ldquoPaperbackrdquo

87copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Data Storage Considerations

No one size fits all

Analyze your data requirements by considering

Data formats

Data size

Query frequency

Data access speed

Data retention period

88copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Managed Database Services

Compute Storage

AWS Global Infrastructure

Database

App Services

Deployment and Administration

Networking

Amazon DynamoDB

Amazon ElastiCache

Amazon RDS

Amazon Redshift

AWS Database Migration Service

89copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Relational Database Service (RDS)

Cost-efficient and resizable capacity

Manages time-consuming database

administration tasks

Access to the full capabilities of Amazon

Aurora MySQL MariaDB Microsoft SQL

Server Oracle and PostgreSQL databases

Amazon

RDS

90copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Use Case

We were able to go from

concept to delivered product

in about six months with just

a handful of engineers

Greg Scallan

Chief Architect Flipboard

rdquo

ldquoFlipboard is an online magazine

with millions of users and billions of

ldquoflipsrdquo per month

Flipboard is one of the worldrsquos first

social media magazines

Flipboard uses Amazon RDS and

its Multi-AZ capabilities to store

mission critical user data

91copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS

Simple and fast to deploy

Manages common database administrative tasks

Compatible with your applications

Fast predictable performance

Simple and fast to scale

Secure

Cost-effective

92copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

How Amazon RDS Backups Work

Automatic Backups

Restore your database to a

point in time

Are enabled by default

Let you choose a retention

period up to 35 days

Manual Snapshots

Let you build a new

database instance from a

snapshot

Are initiated by the user

Persist until the user deletes

them

Are stored in Amazon S3

93copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cross-Region Snapshots

Are a copy of a database

snapshot stored in a

different AWS Region

Provide a backup for

disaster recovery

Can be used as a base

for migration to a

different region

94copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Security

Run your DB instance in an Amazon VPC

Use IAM policies to grant access to Amazon RDS resources

Use security groups

Use Secure Socket Layer (SSL) connections with DB instances (Amazon Aurora Oracle MySQL MariaDB PostgreSQL Microsoft SQL Server)

Use Amazon RDS encryption to secure your RDS instances and snapshots at rest

Use network encryption and transparent data encryption (TDE) with Oracle DB and Microsoft SQL Server instances

Use the security features of your DB engine to control access to your DB instance

95copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

A Resilient Durable Application Architecture

Amazon RDS database

instances

Master and Multi-AZ standby

Application in Amazon

EC2 instances

Elastic Load Balancing

load balancer instance

DB snapshots in

Amazon S3

96copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Best Practices

Monitor your memory CPU and storage usage

Use Multi-AZ deployments to automatically provision and maintain a synchronous standby in a different Availability Zone

Enable automatic backups

Set the backup window to occur during the daily low in WriteIOPS

To increase the IO capacity of a DB instance Migrate to a DB instance class with high IO capacity

Convert from standard storage to provisioned IOPS storage and use a DB instance class optimized for provisioned IOPS

Provision additional throughput capacity (if using provisioned IOPS storage)

If your client application is caching the DNS data of your DB instances set a TTL of less than 30 seconds

Test failover for your DB instance

97copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon DynamoDB

Store any amount of data with no limits

Fast predictable performance using SSDs

Easily provision and change the request

capacity needed for each table

Fully managed NoSQL database serviceAmazon

DynamoDB

98copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Use Case

AdRoll an online advertising platform serves 50

billion impressions a day worldwide with its

global retargeting platforms

We spend more on snacks

than we do on Amazon

DynamoDB

Valentino Volonghi

CTO Adroll

rdquo

ldquoAdroll Uses AWS to grow by more than

15000 in a year

Needed high-performance flexible

platform to swiftly sync data for

worldwide audience

Processes 50 TB of data a day

Serves 50 billion impressions a day

Stores 15 PB of data

Worldwide deployment minimizes

latency

99copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Data Model

Table

MusicItems

Attributes (name-value pairs)

Artist Song

Title

Album

Title

Year Genre

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 42: AWSome Day Cork | Technical Track

42copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Glacier

Long term low-cost archiving service

Optimal for infrequently accessed data

Designed for 99999999999 durability

3-5 hours retrieval time

Less than $001 per GB month (depending on region)

43copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 + Amazon Glacier

S3 Lifecycle policies allow you to delete or move

objects based on age and set rules per S3 bucket

bucket with

objects

30 Days

Glacier

archive

365 Days

44copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Region Considerations

Amazon S3 creates a bucket in the region you

select

You can choose a region to

Optimize latency

Minimize costs

Address regulatory requirements

Objects stored in a region never leave the region

unless you explicitly transfer them to another

region

45copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Storage Classes

Storage Class Durability Availability Other Considerations

Amazon S3

Standard

99999999999 9999 None

Amazon S3

Standard -

Infrequent

Access (IA)

99999999999 9999 bull Retrieval fee associated

with objects

bull Most suitable for

infrequently accessed

data

Glacier 99999999999 9999 (after you

restore objects)

bull Not available for real-time

access

bull Must restore objects

before you can access

them

46copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Elastic Block Store (EBS)

Persistent block level storage volumes

offering consistent and low-latency performance

Automatically replicated within its Availability

Zone

Snapshots stored durably in Amazon S3 Amazon

EBS

47copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS Lifecycle

Vast amounts of

unused space Create

Call CreateVolume

1 GB to 16 TB

Attach

Call AttachVolume to affiliate with

one Amazon EC2 instance

Attached

and

In Use

bull Format from Amazon EC2

instance OS

bull Mount formatted drive

CreateSnapshotSnapshot to

Amazon S3Detach

Call DetachVolume

Deleted

Call DeleteVolume

48copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS Facts

You can create

EBS Magnetic volumes from 1 GiB to 1 TiB in size

EBS General Purpose (SSD) and Provisioned IOPS (SSD)

volumes up to 16 TiB in size

You can use encrypted EBS volumes to meet a wide

range of data at-rest encryption requirements for

regulatedaudited data and applications

You can create point-in-time snapshots of EBS volumes

which are persisted to Amazon S3

49copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS and Amazon S3

Amazon EBS Amazon S3

Paradigm Block storage with file system Object store

Performance Very fast Fast

Redundancy Across multiple servers in an

Availability Zone

Across multiple facilities in a Region

Security EBS Encryption ndash Data volumes

and Snapshots

Encryption

Access from the

Internet

No (1) Yes (2)

Typical use case It is a disk drive Online storage

(1) Accessible from the Internet if mounted to server and set up as FTP etc

(2) Only with proper credentials unless ACLs are world-readable

50copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Instance Storage

Local complimentary direct attached block storage resource

Availability number of disks and size is based on EC2

instance type

Storage optimized instances for up to 365000 Read IOPS

and 315000 First Write IOPS

SSD or magnetic

No persistence

All data is automatically deleted when an EC2 instance stops

fails or is terminated

51copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Reboot vs Stop vs Terminate

Characteristic Reboot StopStart (EBS-backed instances only)

Terminate

Host computer The instance stays on the

same host computer

The instance runs on a new

host computer

NA

Private and public

IP addresses

Stay the same Instance keeps its private IP

address and gets a new public

IP address

NA

Elastic IP addresses

(EIP)

EIP remains associated with

the instance

EIP remains associated with the

instance

The EIP is disassociated from the

instance

Instance store

volumes

The data is preserved The data is erased The data is erased

EBS volume The volume is preserved The volume is preserved The volume is deleted by default

Billing Instance billing hour doesnrsquot

change

You stop incurring charges as

soon as state is changed to

stopping

You stop incurring charges as

soon as state is changed to

shutting-down

52copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instructor Demo

Amazon S3

53copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Networking

Amazon VPC

54copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

Provision a private isolated virtual network

on the AWS cloud

Have complete control over your virtual

networking environmentAmazon

VPC

55copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

VPCs and Subnets

A subnet defines a range of IP addresses in your VPC

You can launch AWS resources into a subnet that you select

A private subnet should be used for resources that wonrsquot be accessible over the Internet

A public subnet should be used for resources that will be accessed over the Internet

Each subnet must reside entirely within one Availability Zone and cannot span zones

56copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon VPC Example

Availability Zone A

Virtual Private Cloud

AWS Cloud

Public Subnet

Internet

Virtual Private Cloud

Availability Zone B

Private Subnet

Availability Zone C

VPN Only Subnet

DB Server DB Server

App Server

DB Server DB Server

DB Server

Web Server Web Server

NAT

Customer

Network

R

57copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security in Your VPC

Security groups

Network access

control lists

(ACLs) Subnet

1000024Subnet

1001024

Internet GatewayVPN Gateway

VPC Router

1000016

Security Group Security

Group

Security

Group

Network ACL Network ACL

Routing Table Routing Table

instance instance instance instance

58copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answers

Q What AWS service would help support your web application to offload serving static assets and store user uploaded images and video off-instance

Q How would you find out the private and public IP addresses for an EC2 instance

Q What acts as an additional layer of security at the subnet level in a VPC

True or False S3 Provides unlimited storageTrue

Retrieve the instance metadata http169254169254latestmeta-data

Amazon S3

Network ACLs

59copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 3

Security Identity and Access

Management

60copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Shared Responsibility ndash AWS

AW

S

Client-side Data Encryption

and Data Integrity

Authentication

Server-side Encryption

(File System andor Data)Network Traffic Protection

(EncryptionIntegrityIdentity)

Platform Applications Identity and Access Management

Operating System Network and Firewall Configuration

Customer DataC

usto

mer

Foundation Services

Compute Storage Database Network

AWS Global

Infrastructure Regions

Availability Zones Edge

Locations

61copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Physical Security

247 trained security staff

AWS data centers in nondescript and undisclosed facilities

Two-factor authentication for authorized staff

Authorization for data center access

62copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Hardware Software and Network

Automated change-control process

Bastion servers that record all access attempts

Firewall and other boundary devices

AWS monitoring tools

63copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Certifications and Accreditations

ISO 9001 ISO 27001 ISO 27017 ISO 27018 IRAP (Australia) MLPS Level 3 (China)

MTCS Tier 3 Certification (Singapore) and more hellip

64copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SSL Endpoints

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

SSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

SSL Endpoints

65copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security Groups

SSL Endpoints Security Groups

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

66copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

VPCSSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

67copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Multi-Tier Security Groups

HTTP

SSHRDP

Ports 80 and 443 only

open to the Internet

Engineering staff have SSHRDP

access to Bastion Host

All other internet ports blocked by default

Bastion

68copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Identity and Access Management (IAM)

AWS IAM

3

Manage federated users

and their permissions

2

Manage AWS IAM roles

and their permissions

1

Manage AWS IAM users

and their access

69copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Authentication

AWS Management Console User Name and Password

IAM User

70copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Access Key ID AKIAIOSFODNN7EXAMPLE

Secret Access Key wJalrXUtnFEMIK7MDENGbPxRfiCYEXAMPLEKEY

Java Python NET

AWS SDK amp APIAWS CLI

Authentication

AWS CLI or SDK API Access Key and Secret Key

IAM User

71copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM User Management - Groups

User D

DevOps Group

User C

AWS Account

TestDev Group

User BUser A

72copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authorization

Authorization

Policies

Are JSON documents to

describe permissions

Are assigned to Users

Groups or Roles

IAM User IAM Group

IAM Roles

73copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Elements

Version 2012-10-17

Statement [

Sid Stmt1453690971587

Action [

ec2Describe

ec2StartInstances

ec2StopInstancesrdquo

]

Effect Allow

Resource

Condition

IpAddress

awsSourceIp 5464346532rdquo

Sid Stmt1453690998327

Action [

s3GetObjectrdquo

]

Effect Allow

Resource arnawss3example_bucketrdquo

]

IAM Policy

74copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

Assigned Assigned

IAM Policy

75copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

76copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Roles

An IAM role uses a policy

An IAM role has no associated credentials

IAM users applications and services may assume IAM

roles

IAM Roles

77copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

IAM User

Assumed Assumed

AWS Resources

78copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Access to AWS Resources

Python application hosted on an Amazon EC2 Instance

needs to interact with Amazon S3

AWS credentials are required

Option 1 Store AWS Credentials on the Amazon EC2 instance

Option 2 Securely distribute AWS credentials to AWS Services

and Applications

IAM Roles

79copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Authentication

AWS IAM Application

No Support No Support

OS

80copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication and Authorization

Authentication

AWS Management Console

bull User Name and Password

AWS CLI or SDK API

bull Access Key and Secret Key

Authorization

Policies

IAM User IAM Group

IAM Roles

81copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices

Delete AWS account (root) access keys

Create individual IAM users

Use groups to assign permissions to IAM users

Grant least privilege

Configure a strong password policy

Enable MFA for privileged users

82copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices (cont)

Use roles for applications that run on Amazon EC2

instances

Delegate by using roles instead of by sharing credentials

Rotate credentials regularly

Remove unnecessary users and credentials

Use policy conditions for extra security

Monitor activity in your AWS account

83copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Resource-Based Policies

Are an alternative to IAM and supported by some

services

Grant cross-account access to your resources

Use a principal to uniquely identify account in the policy

Supported AWS services include Amazon S3 Bucket Policy

Amazon SNS Topic Policy

Amazon SQS Queue Policy

Amazon Glacier Vault Policy

AWS OpsWorks Stack Policy

AWS Lambda Function Policy

84copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answer

Q Your web application needs to readwrite an Amazon DynamoDB table

and an Amazon S3 bucket This operation requires AWS credentials and

authorization to use AWS services What service would you use

AWS IAM Role

85copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 4

Databases

86copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SQL and NoSQL Databases

SQL NoSQL

Data Storage Rows and Columns Key-Value

Schemas Fixed Dynamic

Querying Using SQL Focused on collection of

documents

Scalability Vertical Horizontal

ISBN Title Author Format

9182932465265 Cloud Computing

Concepts

Wilson

Joe

Paperback

3142536475869 The Database

Guru

Gomez

Maria

eBook

SQL NoSQL

ISBN 9182932465265

Title ldquoCloud Computing Conceptsrdquo

Author ldquoWilson Joerdquo

Format ldquoPaperbackrdquo

87copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Data Storage Considerations

No one size fits all

Analyze your data requirements by considering

Data formats

Data size

Query frequency

Data access speed

Data retention period

88copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Managed Database Services

Compute Storage

AWS Global Infrastructure

Database

App Services

Deployment and Administration

Networking

Amazon DynamoDB

Amazon ElastiCache

Amazon RDS

Amazon Redshift

AWS Database Migration Service

89copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Relational Database Service (RDS)

Cost-efficient and resizable capacity

Manages time-consuming database

administration tasks

Access to the full capabilities of Amazon

Aurora MySQL MariaDB Microsoft SQL

Server Oracle and PostgreSQL databases

Amazon

RDS

90copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Use Case

We were able to go from

concept to delivered product

in about six months with just

a handful of engineers

Greg Scallan

Chief Architect Flipboard

rdquo

ldquoFlipboard is an online magazine

with millions of users and billions of

ldquoflipsrdquo per month

Flipboard is one of the worldrsquos first

social media magazines

Flipboard uses Amazon RDS and

its Multi-AZ capabilities to store

mission critical user data

91copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS

Simple and fast to deploy

Manages common database administrative tasks

Compatible with your applications

Fast predictable performance

Simple and fast to scale

Secure

Cost-effective

92copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

How Amazon RDS Backups Work

Automatic Backups

Restore your database to a

point in time

Are enabled by default

Let you choose a retention

period up to 35 days

Manual Snapshots

Let you build a new

database instance from a

snapshot

Are initiated by the user

Persist until the user deletes

them

Are stored in Amazon S3

93copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cross-Region Snapshots

Are a copy of a database

snapshot stored in a

different AWS Region

Provide a backup for

disaster recovery

Can be used as a base

for migration to a

different region

94copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Security

Run your DB instance in an Amazon VPC

Use IAM policies to grant access to Amazon RDS resources

Use security groups

Use Secure Socket Layer (SSL) connections with DB instances (Amazon Aurora Oracle MySQL MariaDB PostgreSQL Microsoft SQL Server)

Use Amazon RDS encryption to secure your RDS instances and snapshots at rest

Use network encryption and transparent data encryption (TDE) with Oracle DB and Microsoft SQL Server instances

Use the security features of your DB engine to control access to your DB instance

95copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

A Resilient Durable Application Architecture

Amazon RDS database

instances

Master and Multi-AZ standby

Application in Amazon

EC2 instances

Elastic Load Balancing

load balancer instance

DB snapshots in

Amazon S3

96copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Best Practices

Monitor your memory CPU and storage usage

Use Multi-AZ deployments to automatically provision and maintain a synchronous standby in a different Availability Zone

Enable automatic backups

Set the backup window to occur during the daily low in WriteIOPS

To increase the IO capacity of a DB instance Migrate to a DB instance class with high IO capacity

Convert from standard storage to provisioned IOPS storage and use a DB instance class optimized for provisioned IOPS

Provision additional throughput capacity (if using provisioned IOPS storage)

If your client application is caching the DNS data of your DB instances set a TTL of less than 30 seconds

Test failover for your DB instance

97copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon DynamoDB

Store any amount of data with no limits

Fast predictable performance using SSDs

Easily provision and change the request

capacity needed for each table

Fully managed NoSQL database serviceAmazon

DynamoDB

98copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Use Case

AdRoll an online advertising platform serves 50

billion impressions a day worldwide with its

global retargeting platforms

We spend more on snacks

than we do on Amazon

DynamoDB

Valentino Volonghi

CTO Adroll

rdquo

ldquoAdroll Uses AWS to grow by more than

15000 in a year

Needed high-performance flexible

platform to swiftly sync data for

worldwide audience

Processes 50 TB of data a day

Serves 50 billion impressions a day

Stores 15 PB of data

Worldwide deployment minimizes

latency

99copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Data Model

Table

MusicItems

Attributes (name-value pairs)

Artist Song

Title

Album

Title

Year Genre

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 43: AWSome Day Cork | Technical Track

43copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 + Amazon Glacier

S3 Lifecycle policies allow you to delete or move

objects based on age and set rules per S3 bucket

bucket with

objects

30 Days

Glacier

archive

365 Days

44copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Region Considerations

Amazon S3 creates a bucket in the region you

select

You can choose a region to

Optimize latency

Minimize costs

Address regulatory requirements

Objects stored in a region never leave the region

unless you explicitly transfer them to another

region

45copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Storage Classes

Storage Class Durability Availability Other Considerations

Amazon S3

Standard

99999999999 9999 None

Amazon S3

Standard -

Infrequent

Access (IA)

99999999999 9999 bull Retrieval fee associated

with objects

bull Most suitable for

infrequently accessed

data

Glacier 99999999999 9999 (after you

restore objects)

bull Not available for real-time

access

bull Must restore objects

before you can access

them

46copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Elastic Block Store (EBS)

Persistent block level storage volumes

offering consistent and low-latency performance

Automatically replicated within its Availability

Zone

Snapshots stored durably in Amazon S3 Amazon

EBS

47copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS Lifecycle

Vast amounts of

unused space Create

Call CreateVolume

1 GB to 16 TB

Attach

Call AttachVolume to affiliate with

one Amazon EC2 instance

Attached

and

In Use

bull Format from Amazon EC2

instance OS

bull Mount formatted drive

CreateSnapshotSnapshot to

Amazon S3Detach

Call DetachVolume

Deleted

Call DeleteVolume

48copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS Facts

You can create

EBS Magnetic volumes from 1 GiB to 1 TiB in size

EBS General Purpose (SSD) and Provisioned IOPS (SSD)

volumes up to 16 TiB in size

You can use encrypted EBS volumes to meet a wide

range of data at-rest encryption requirements for

regulatedaudited data and applications

You can create point-in-time snapshots of EBS volumes

which are persisted to Amazon S3

49copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS and Amazon S3

Amazon EBS Amazon S3

Paradigm Block storage with file system Object store

Performance Very fast Fast

Redundancy Across multiple servers in an

Availability Zone

Across multiple facilities in a Region

Security EBS Encryption ndash Data volumes

and Snapshots

Encryption

Access from the

Internet

No (1) Yes (2)

Typical use case It is a disk drive Online storage

(1) Accessible from the Internet if mounted to server and set up as FTP etc

(2) Only with proper credentials unless ACLs are world-readable

50copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Instance Storage

Local complimentary direct attached block storage resource

Availability number of disks and size is based on EC2

instance type

Storage optimized instances for up to 365000 Read IOPS

and 315000 First Write IOPS

SSD or magnetic

No persistence

All data is automatically deleted when an EC2 instance stops

fails or is terminated

51copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Reboot vs Stop vs Terminate

Characteristic Reboot StopStart (EBS-backed instances only)

Terminate

Host computer The instance stays on the

same host computer

The instance runs on a new

host computer

NA

Private and public

IP addresses

Stay the same Instance keeps its private IP

address and gets a new public

IP address

NA

Elastic IP addresses

(EIP)

EIP remains associated with

the instance

EIP remains associated with the

instance

The EIP is disassociated from the

instance

Instance store

volumes

The data is preserved The data is erased The data is erased

EBS volume The volume is preserved The volume is preserved The volume is deleted by default

Billing Instance billing hour doesnrsquot

change

You stop incurring charges as

soon as state is changed to

stopping

You stop incurring charges as

soon as state is changed to

shutting-down

52copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instructor Demo

Amazon S3

53copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Networking

Amazon VPC

54copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

Provision a private isolated virtual network

on the AWS cloud

Have complete control over your virtual

networking environmentAmazon

VPC

55copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

VPCs and Subnets

A subnet defines a range of IP addresses in your VPC

You can launch AWS resources into a subnet that you select

A private subnet should be used for resources that wonrsquot be accessible over the Internet

A public subnet should be used for resources that will be accessed over the Internet

Each subnet must reside entirely within one Availability Zone and cannot span zones

56copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon VPC Example

Availability Zone A

Virtual Private Cloud

AWS Cloud

Public Subnet

Internet

Virtual Private Cloud

Availability Zone B

Private Subnet

Availability Zone C

VPN Only Subnet

DB Server DB Server

App Server

DB Server DB Server

DB Server

Web Server Web Server

NAT

Customer

Network

R

57copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security in Your VPC

Security groups

Network access

control lists

(ACLs) Subnet

1000024Subnet

1001024

Internet GatewayVPN Gateway

VPC Router

1000016

Security Group Security

Group

Security

Group

Network ACL Network ACL

Routing Table Routing Table

instance instance instance instance

58copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answers

Q What AWS service would help support your web application to offload serving static assets and store user uploaded images and video off-instance

Q How would you find out the private and public IP addresses for an EC2 instance

Q What acts as an additional layer of security at the subnet level in a VPC

True or False S3 Provides unlimited storageTrue

Retrieve the instance metadata http169254169254latestmeta-data

Amazon S3

Network ACLs

59copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 3

Security Identity and Access

Management

60copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Shared Responsibility ndash AWS

AW

S

Client-side Data Encryption

and Data Integrity

Authentication

Server-side Encryption

(File System andor Data)Network Traffic Protection

(EncryptionIntegrityIdentity)

Platform Applications Identity and Access Management

Operating System Network and Firewall Configuration

Customer DataC

usto

mer

Foundation Services

Compute Storage Database Network

AWS Global

Infrastructure Regions

Availability Zones Edge

Locations

61copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Physical Security

247 trained security staff

AWS data centers in nondescript and undisclosed facilities

Two-factor authentication for authorized staff

Authorization for data center access

62copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Hardware Software and Network

Automated change-control process

Bastion servers that record all access attempts

Firewall and other boundary devices

AWS monitoring tools

63copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Certifications and Accreditations

ISO 9001 ISO 27001 ISO 27017 ISO 27018 IRAP (Australia) MLPS Level 3 (China)

MTCS Tier 3 Certification (Singapore) and more hellip

64copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SSL Endpoints

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

SSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

SSL Endpoints

65copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security Groups

SSL Endpoints Security Groups

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

66copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

VPCSSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

67copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Multi-Tier Security Groups

HTTP

SSHRDP

Ports 80 and 443 only

open to the Internet

Engineering staff have SSHRDP

access to Bastion Host

All other internet ports blocked by default

Bastion

68copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Identity and Access Management (IAM)

AWS IAM

3

Manage federated users

and their permissions

2

Manage AWS IAM roles

and their permissions

1

Manage AWS IAM users

and their access

69copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Authentication

AWS Management Console User Name and Password

IAM User

70copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Access Key ID AKIAIOSFODNN7EXAMPLE

Secret Access Key wJalrXUtnFEMIK7MDENGbPxRfiCYEXAMPLEKEY

Java Python NET

AWS SDK amp APIAWS CLI

Authentication

AWS CLI or SDK API Access Key and Secret Key

IAM User

71copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM User Management - Groups

User D

DevOps Group

User C

AWS Account

TestDev Group

User BUser A

72copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authorization

Authorization

Policies

Are JSON documents to

describe permissions

Are assigned to Users

Groups or Roles

IAM User IAM Group

IAM Roles

73copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Elements

Version 2012-10-17

Statement [

Sid Stmt1453690971587

Action [

ec2Describe

ec2StartInstances

ec2StopInstancesrdquo

]

Effect Allow

Resource

Condition

IpAddress

awsSourceIp 5464346532rdquo

Sid Stmt1453690998327

Action [

s3GetObjectrdquo

]

Effect Allow

Resource arnawss3example_bucketrdquo

]

IAM Policy

74copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

Assigned Assigned

IAM Policy

75copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

76copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Roles

An IAM role uses a policy

An IAM role has no associated credentials

IAM users applications and services may assume IAM

roles

IAM Roles

77copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

IAM User

Assumed Assumed

AWS Resources

78copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Access to AWS Resources

Python application hosted on an Amazon EC2 Instance

needs to interact with Amazon S3

AWS credentials are required

Option 1 Store AWS Credentials on the Amazon EC2 instance

Option 2 Securely distribute AWS credentials to AWS Services

and Applications

IAM Roles

79copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Authentication

AWS IAM Application

No Support No Support

OS

80copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication and Authorization

Authentication

AWS Management Console

bull User Name and Password

AWS CLI or SDK API

bull Access Key and Secret Key

Authorization

Policies

IAM User IAM Group

IAM Roles

81copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices

Delete AWS account (root) access keys

Create individual IAM users

Use groups to assign permissions to IAM users

Grant least privilege

Configure a strong password policy

Enable MFA for privileged users

82copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices (cont)

Use roles for applications that run on Amazon EC2

instances

Delegate by using roles instead of by sharing credentials

Rotate credentials regularly

Remove unnecessary users and credentials

Use policy conditions for extra security

Monitor activity in your AWS account

83copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Resource-Based Policies

Are an alternative to IAM and supported by some

services

Grant cross-account access to your resources

Use a principal to uniquely identify account in the policy

Supported AWS services include Amazon S3 Bucket Policy

Amazon SNS Topic Policy

Amazon SQS Queue Policy

Amazon Glacier Vault Policy

AWS OpsWorks Stack Policy

AWS Lambda Function Policy

84copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answer

Q Your web application needs to readwrite an Amazon DynamoDB table

and an Amazon S3 bucket This operation requires AWS credentials and

authorization to use AWS services What service would you use

AWS IAM Role

85copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 4

Databases

86copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SQL and NoSQL Databases

SQL NoSQL

Data Storage Rows and Columns Key-Value

Schemas Fixed Dynamic

Querying Using SQL Focused on collection of

documents

Scalability Vertical Horizontal

ISBN Title Author Format

9182932465265 Cloud Computing

Concepts

Wilson

Joe

Paperback

3142536475869 The Database

Guru

Gomez

Maria

eBook

SQL NoSQL

ISBN 9182932465265

Title ldquoCloud Computing Conceptsrdquo

Author ldquoWilson Joerdquo

Format ldquoPaperbackrdquo

87copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Data Storage Considerations

No one size fits all

Analyze your data requirements by considering

Data formats

Data size

Query frequency

Data access speed

Data retention period

88copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Managed Database Services

Compute Storage

AWS Global Infrastructure

Database

App Services

Deployment and Administration

Networking

Amazon DynamoDB

Amazon ElastiCache

Amazon RDS

Amazon Redshift

AWS Database Migration Service

89copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Relational Database Service (RDS)

Cost-efficient and resizable capacity

Manages time-consuming database

administration tasks

Access to the full capabilities of Amazon

Aurora MySQL MariaDB Microsoft SQL

Server Oracle and PostgreSQL databases

Amazon

RDS

90copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Use Case

We were able to go from

concept to delivered product

in about six months with just

a handful of engineers

Greg Scallan

Chief Architect Flipboard

rdquo

ldquoFlipboard is an online magazine

with millions of users and billions of

ldquoflipsrdquo per month

Flipboard is one of the worldrsquos first

social media magazines

Flipboard uses Amazon RDS and

its Multi-AZ capabilities to store

mission critical user data

91copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS

Simple and fast to deploy

Manages common database administrative tasks

Compatible with your applications

Fast predictable performance

Simple and fast to scale

Secure

Cost-effective

92copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

How Amazon RDS Backups Work

Automatic Backups

Restore your database to a

point in time

Are enabled by default

Let you choose a retention

period up to 35 days

Manual Snapshots

Let you build a new

database instance from a

snapshot

Are initiated by the user

Persist until the user deletes

them

Are stored in Amazon S3

93copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cross-Region Snapshots

Are a copy of a database

snapshot stored in a

different AWS Region

Provide a backup for

disaster recovery

Can be used as a base

for migration to a

different region

94copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Security

Run your DB instance in an Amazon VPC

Use IAM policies to grant access to Amazon RDS resources

Use security groups

Use Secure Socket Layer (SSL) connections with DB instances (Amazon Aurora Oracle MySQL MariaDB PostgreSQL Microsoft SQL Server)

Use Amazon RDS encryption to secure your RDS instances and snapshots at rest

Use network encryption and transparent data encryption (TDE) with Oracle DB and Microsoft SQL Server instances

Use the security features of your DB engine to control access to your DB instance

95copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

A Resilient Durable Application Architecture

Amazon RDS database

instances

Master and Multi-AZ standby

Application in Amazon

EC2 instances

Elastic Load Balancing

load balancer instance

DB snapshots in

Amazon S3

96copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Best Practices

Monitor your memory CPU and storage usage

Use Multi-AZ deployments to automatically provision and maintain a synchronous standby in a different Availability Zone

Enable automatic backups

Set the backup window to occur during the daily low in WriteIOPS

To increase the IO capacity of a DB instance Migrate to a DB instance class with high IO capacity

Convert from standard storage to provisioned IOPS storage and use a DB instance class optimized for provisioned IOPS

Provision additional throughput capacity (if using provisioned IOPS storage)

If your client application is caching the DNS data of your DB instances set a TTL of less than 30 seconds

Test failover for your DB instance

97copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon DynamoDB

Store any amount of data with no limits

Fast predictable performance using SSDs

Easily provision and change the request

capacity needed for each table

Fully managed NoSQL database serviceAmazon

DynamoDB

98copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Use Case

AdRoll an online advertising platform serves 50

billion impressions a day worldwide with its

global retargeting platforms

We spend more on snacks

than we do on Amazon

DynamoDB

Valentino Volonghi

CTO Adroll

rdquo

ldquoAdroll Uses AWS to grow by more than

15000 in a year

Needed high-performance flexible

platform to swiftly sync data for

worldwide audience

Processes 50 TB of data a day

Serves 50 billion impressions a day

Stores 15 PB of data

Worldwide deployment minimizes

latency

99copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Data Model

Table

MusicItems

Attributes (name-value pairs)

Artist Song

Title

Album

Title

Year Genre

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 44: AWSome Day Cork | Technical Track

44copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Region Considerations

Amazon S3 creates a bucket in the region you

select

You can choose a region to

Optimize latency

Minimize costs

Address regulatory requirements

Objects stored in a region never leave the region

unless you explicitly transfer them to another

region

45copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Storage Classes

Storage Class Durability Availability Other Considerations

Amazon S3

Standard

99999999999 9999 None

Amazon S3

Standard -

Infrequent

Access (IA)

99999999999 9999 bull Retrieval fee associated

with objects

bull Most suitable for

infrequently accessed

data

Glacier 99999999999 9999 (after you

restore objects)

bull Not available for real-time

access

bull Must restore objects

before you can access

them

46copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Elastic Block Store (EBS)

Persistent block level storage volumes

offering consistent and low-latency performance

Automatically replicated within its Availability

Zone

Snapshots stored durably in Amazon S3 Amazon

EBS

47copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS Lifecycle

Vast amounts of

unused space Create

Call CreateVolume

1 GB to 16 TB

Attach

Call AttachVolume to affiliate with

one Amazon EC2 instance

Attached

and

In Use

bull Format from Amazon EC2

instance OS

bull Mount formatted drive

CreateSnapshotSnapshot to

Amazon S3Detach

Call DetachVolume

Deleted

Call DeleteVolume

48copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS Facts

You can create

EBS Magnetic volumes from 1 GiB to 1 TiB in size

EBS General Purpose (SSD) and Provisioned IOPS (SSD)

volumes up to 16 TiB in size

You can use encrypted EBS volumes to meet a wide

range of data at-rest encryption requirements for

regulatedaudited data and applications

You can create point-in-time snapshots of EBS volumes

which are persisted to Amazon S3

49copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS and Amazon S3

Amazon EBS Amazon S3

Paradigm Block storage with file system Object store

Performance Very fast Fast

Redundancy Across multiple servers in an

Availability Zone

Across multiple facilities in a Region

Security EBS Encryption ndash Data volumes

and Snapshots

Encryption

Access from the

Internet

No (1) Yes (2)

Typical use case It is a disk drive Online storage

(1) Accessible from the Internet if mounted to server and set up as FTP etc

(2) Only with proper credentials unless ACLs are world-readable

50copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Instance Storage

Local complimentary direct attached block storage resource

Availability number of disks and size is based on EC2

instance type

Storage optimized instances for up to 365000 Read IOPS

and 315000 First Write IOPS

SSD or magnetic

No persistence

All data is automatically deleted when an EC2 instance stops

fails or is terminated

51copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Reboot vs Stop vs Terminate

Characteristic Reboot StopStart (EBS-backed instances only)

Terminate

Host computer The instance stays on the

same host computer

The instance runs on a new

host computer

NA

Private and public

IP addresses

Stay the same Instance keeps its private IP

address and gets a new public

IP address

NA

Elastic IP addresses

(EIP)

EIP remains associated with

the instance

EIP remains associated with the

instance

The EIP is disassociated from the

instance

Instance store

volumes

The data is preserved The data is erased The data is erased

EBS volume The volume is preserved The volume is preserved The volume is deleted by default

Billing Instance billing hour doesnrsquot

change

You stop incurring charges as

soon as state is changed to

stopping

You stop incurring charges as

soon as state is changed to

shutting-down

52copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instructor Demo

Amazon S3

53copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Networking

Amazon VPC

54copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

Provision a private isolated virtual network

on the AWS cloud

Have complete control over your virtual

networking environmentAmazon

VPC

55copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

VPCs and Subnets

A subnet defines a range of IP addresses in your VPC

You can launch AWS resources into a subnet that you select

A private subnet should be used for resources that wonrsquot be accessible over the Internet

A public subnet should be used for resources that will be accessed over the Internet

Each subnet must reside entirely within one Availability Zone and cannot span zones

56copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon VPC Example

Availability Zone A

Virtual Private Cloud

AWS Cloud

Public Subnet

Internet

Virtual Private Cloud

Availability Zone B

Private Subnet

Availability Zone C

VPN Only Subnet

DB Server DB Server

App Server

DB Server DB Server

DB Server

Web Server Web Server

NAT

Customer

Network

R

57copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security in Your VPC

Security groups

Network access

control lists

(ACLs) Subnet

1000024Subnet

1001024

Internet GatewayVPN Gateway

VPC Router

1000016

Security Group Security

Group

Security

Group

Network ACL Network ACL

Routing Table Routing Table

instance instance instance instance

58copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answers

Q What AWS service would help support your web application to offload serving static assets and store user uploaded images and video off-instance

Q How would you find out the private and public IP addresses for an EC2 instance

Q What acts as an additional layer of security at the subnet level in a VPC

True or False S3 Provides unlimited storageTrue

Retrieve the instance metadata http169254169254latestmeta-data

Amazon S3

Network ACLs

59copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 3

Security Identity and Access

Management

60copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Shared Responsibility ndash AWS

AW

S

Client-side Data Encryption

and Data Integrity

Authentication

Server-side Encryption

(File System andor Data)Network Traffic Protection

(EncryptionIntegrityIdentity)

Platform Applications Identity and Access Management

Operating System Network and Firewall Configuration

Customer DataC

usto

mer

Foundation Services

Compute Storage Database Network

AWS Global

Infrastructure Regions

Availability Zones Edge

Locations

61copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Physical Security

247 trained security staff

AWS data centers in nondescript and undisclosed facilities

Two-factor authentication for authorized staff

Authorization for data center access

62copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Hardware Software and Network

Automated change-control process

Bastion servers that record all access attempts

Firewall and other boundary devices

AWS monitoring tools

63copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Certifications and Accreditations

ISO 9001 ISO 27001 ISO 27017 ISO 27018 IRAP (Australia) MLPS Level 3 (China)

MTCS Tier 3 Certification (Singapore) and more hellip

64copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SSL Endpoints

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

SSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

SSL Endpoints

65copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security Groups

SSL Endpoints Security Groups

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

66copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

VPCSSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

67copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Multi-Tier Security Groups

HTTP

SSHRDP

Ports 80 and 443 only

open to the Internet

Engineering staff have SSHRDP

access to Bastion Host

All other internet ports blocked by default

Bastion

68copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Identity and Access Management (IAM)

AWS IAM

3

Manage federated users

and their permissions

2

Manage AWS IAM roles

and their permissions

1

Manage AWS IAM users

and their access

69copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Authentication

AWS Management Console User Name and Password

IAM User

70copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Access Key ID AKIAIOSFODNN7EXAMPLE

Secret Access Key wJalrXUtnFEMIK7MDENGbPxRfiCYEXAMPLEKEY

Java Python NET

AWS SDK amp APIAWS CLI

Authentication

AWS CLI or SDK API Access Key and Secret Key

IAM User

71copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM User Management - Groups

User D

DevOps Group

User C

AWS Account

TestDev Group

User BUser A

72copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authorization

Authorization

Policies

Are JSON documents to

describe permissions

Are assigned to Users

Groups or Roles

IAM User IAM Group

IAM Roles

73copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Elements

Version 2012-10-17

Statement [

Sid Stmt1453690971587

Action [

ec2Describe

ec2StartInstances

ec2StopInstancesrdquo

]

Effect Allow

Resource

Condition

IpAddress

awsSourceIp 5464346532rdquo

Sid Stmt1453690998327

Action [

s3GetObjectrdquo

]

Effect Allow

Resource arnawss3example_bucketrdquo

]

IAM Policy

74copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

Assigned Assigned

IAM Policy

75copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

76copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Roles

An IAM role uses a policy

An IAM role has no associated credentials

IAM users applications and services may assume IAM

roles

IAM Roles

77copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

IAM User

Assumed Assumed

AWS Resources

78copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Access to AWS Resources

Python application hosted on an Amazon EC2 Instance

needs to interact with Amazon S3

AWS credentials are required

Option 1 Store AWS Credentials on the Amazon EC2 instance

Option 2 Securely distribute AWS credentials to AWS Services

and Applications

IAM Roles

79copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Authentication

AWS IAM Application

No Support No Support

OS

80copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication and Authorization

Authentication

AWS Management Console

bull User Name and Password

AWS CLI or SDK API

bull Access Key and Secret Key

Authorization

Policies

IAM User IAM Group

IAM Roles

81copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices

Delete AWS account (root) access keys

Create individual IAM users

Use groups to assign permissions to IAM users

Grant least privilege

Configure a strong password policy

Enable MFA for privileged users

82copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices (cont)

Use roles for applications that run on Amazon EC2

instances

Delegate by using roles instead of by sharing credentials

Rotate credentials regularly

Remove unnecessary users and credentials

Use policy conditions for extra security

Monitor activity in your AWS account

83copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Resource-Based Policies

Are an alternative to IAM and supported by some

services

Grant cross-account access to your resources

Use a principal to uniquely identify account in the policy

Supported AWS services include Amazon S3 Bucket Policy

Amazon SNS Topic Policy

Amazon SQS Queue Policy

Amazon Glacier Vault Policy

AWS OpsWorks Stack Policy

AWS Lambda Function Policy

84copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answer

Q Your web application needs to readwrite an Amazon DynamoDB table

and an Amazon S3 bucket This operation requires AWS credentials and

authorization to use AWS services What service would you use

AWS IAM Role

85copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 4

Databases

86copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SQL and NoSQL Databases

SQL NoSQL

Data Storage Rows and Columns Key-Value

Schemas Fixed Dynamic

Querying Using SQL Focused on collection of

documents

Scalability Vertical Horizontal

ISBN Title Author Format

9182932465265 Cloud Computing

Concepts

Wilson

Joe

Paperback

3142536475869 The Database

Guru

Gomez

Maria

eBook

SQL NoSQL

ISBN 9182932465265

Title ldquoCloud Computing Conceptsrdquo

Author ldquoWilson Joerdquo

Format ldquoPaperbackrdquo

87copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Data Storage Considerations

No one size fits all

Analyze your data requirements by considering

Data formats

Data size

Query frequency

Data access speed

Data retention period

88copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Managed Database Services

Compute Storage

AWS Global Infrastructure

Database

App Services

Deployment and Administration

Networking

Amazon DynamoDB

Amazon ElastiCache

Amazon RDS

Amazon Redshift

AWS Database Migration Service

89copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Relational Database Service (RDS)

Cost-efficient and resizable capacity

Manages time-consuming database

administration tasks

Access to the full capabilities of Amazon

Aurora MySQL MariaDB Microsoft SQL

Server Oracle and PostgreSQL databases

Amazon

RDS

90copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Use Case

We were able to go from

concept to delivered product

in about six months with just

a handful of engineers

Greg Scallan

Chief Architect Flipboard

rdquo

ldquoFlipboard is an online magazine

with millions of users and billions of

ldquoflipsrdquo per month

Flipboard is one of the worldrsquos first

social media magazines

Flipboard uses Amazon RDS and

its Multi-AZ capabilities to store

mission critical user data

91copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS

Simple and fast to deploy

Manages common database administrative tasks

Compatible with your applications

Fast predictable performance

Simple and fast to scale

Secure

Cost-effective

92copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

How Amazon RDS Backups Work

Automatic Backups

Restore your database to a

point in time

Are enabled by default

Let you choose a retention

period up to 35 days

Manual Snapshots

Let you build a new

database instance from a

snapshot

Are initiated by the user

Persist until the user deletes

them

Are stored in Amazon S3

93copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cross-Region Snapshots

Are a copy of a database

snapshot stored in a

different AWS Region

Provide a backup for

disaster recovery

Can be used as a base

for migration to a

different region

94copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Security

Run your DB instance in an Amazon VPC

Use IAM policies to grant access to Amazon RDS resources

Use security groups

Use Secure Socket Layer (SSL) connections with DB instances (Amazon Aurora Oracle MySQL MariaDB PostgreSQL Microsoft SQL Server)

Use Amazon RDS encryption to secure your RDS instances and snapshots at rest

Use network encryption and transparent data encryption (TDE) with Oracle DB and Microsoft SQL Server instances

Use the security features of your DB engine to control access to your DB instance

95copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

A Resilient Durable Application Architecture

Amazon RDS database

instances

Master and Multi-AZ standby

Application in Amazon

EC2 instances

Elastic Load Balancing

load balancer instance

DB snapshots in

Amazon S3

96copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Best Practices

Monitor your memory CPU and storage usage

Use Multi-AZ deployments to automatically provision and maintain a synchronous standby in a different Availability Zone

Enable automatic backups

Set the backup window to occur during the daily low in WriteIOPS

To increase the IO capacity of a DB instance Migrate to a DB instance class with high IO capacity

Convert from standard storage to provisioned IOPS storage and use a DB instance class optimized for provisioned IOPS

Provision additional throughput capacity (if using provisioned IOPS storage)

If your client application is caching the DNS data of your DB instances set a TTL of less than 30 seconds

Test failover for your DB instance

97copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon DynamoDB

Store any amount of data with no limits

Fast predictable performance using SSDs

Easily provision and change the request

capacity needed for each table

Fully managed NoSQL database serviceAmazon

DynamoDB

98copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Use Case

AdRoll an online advertising platform serves 50

billion impressions a day worldwide with its

global retargeting platforms

We spend more on snacks

than we do on Amazon

DynamoDB

Valentino Volonghi

CTO Adroll

rdquo

ldquoAdroll Uses AWS to grow by more than

15000 in a year

Needed high-performance flexible

platform to swiftly sync data for

worldwide audience

Processes 50 TB of data a day

Serves 50 billion impressions a day

Stores 15 PB of data

Worldwide deployment minimizes

latency

99copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Data Model

Table

MusicItems

Attributes (name-value pairs)

Artist Song

Title

Album

Title

Year Genre

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 45: AWSome Day Cork | Technical Track

45copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon S3 Storage Classes

Storage Class Durability Availability Other Considerations

Amazon S3

Standard

99999999999 9999 None

Amazon S3

Standard -

Infrequent

Access (IA)

99999999999 9999 bull Retrieval fee associated

with objects

bull Most suitable for

infrequently accessed

data

Glacier 99999999999 9999 (after you

restore objects)

bull Not available for real-time

access

bull Must restore objects

before you can access

them

46copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Elastic Block Store (EBS)

Persistent block level storage volumes

offering consistent and low-latency performance

Automatically replicated within its Availability

Zone

Snapshots stored durably in Amazon S3 Amazon

EBS

47copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS Lifecycle

Vast amounts of

unused space Create

Call CreateVolume

1 GB to 16 TB

Attach

Call AttachVolume to affiliate with

one Amazon EC2 instance

Attached

and

In Use

bull Format from Amazon EC2

instance OS

bull Mount formatted drive

CreateSnapshotSnapshot to

Amazon S3Detach

Call DetachVolume

Deleted

Call DeleteVolume

48copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS Facts

You can create

EBS Magnetic volumes from 1 GiB to 1 TiB in size

EBS General Purpose (SSD) and Provisioned IOPS (SSD)

volumes up to 16 TiB in size

You can use encrypted EBS volumes to meet a wide

range of data at-rest encryption requirements for

regulatedaudited data and applications

You can create point-in-time snapshots of EBS volumes

which are persisted to Amazon S3

49copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS and Amazon S3

Amazon EBS Amazon S3

Paradigm Block storage with file system Object store

Performance Very fast Fast

Redundancy Across multiple servers in an

Availability Zone

Across multiple facilities in a Region

Security EBS Encryption ndash Data volumes

and Snapshots

Encryption

Access from the

Internet

No (1) Yes (2)

Typical use case It is a disk drive Online storage

(1) Accessible from the Internet if mounted to server and set up as FTP etc

(2) Only with proper credentials unless ACLs are world-readable

50copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Instance Storage

Local complimentary direct attached block storage resource

Availability number of disks and size is based on EC2

instance type

Storage optimized instances for up to 365000 Read IOPS

and 315000 First Write IOPS

SSD or magnetic

No persistence

All data is automatically deleted when an EC2 instance stops

fails or is terminated

51copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Reboot vs Stop vs Terminate

Characteristic Reboot StopStart (EBS-backed instances only)

Terminate

Host computer The instance stays on the

same host computer

The instance runs on a new

host computer

NA

Private and public

IP addresses

Stay the same Instance keeps its private IP

address and gets a new public

IP address

NA

Elastic IP addresses

(EIP)

EIP remains associated with

the instance

EIP remains associated with the

instance

The EIP is disassociated from the

instance

Instance store

volumes

The data is preserved The data is erased The data is erased

EBS volume The volume is preserved The volume is preserved The volume is deleted by default

Billing Instance billing hour doesnrsquot

change

You stop incurring charges as

soon as state is changed to

stopping

You stop incurring charges as

soon as state is changed to

shutting-down

52copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instructor Demo

Amazon S3

53copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Networking

Amazon VPC

54copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

Provision a private isolated virtual network

on the AWS cloud

Have complete control over your virtual

networking environmentAmazon

VPC

55copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

VPCs and Subnets

A subnet defines a range of IP addresses in your VPC

You can launch AWS resources into a subnet that you select

A private subnet should be used for resources that wonrsquot be accessible over the Internet

A public subnet should be used for resources that will be accessed over the Internet

Each subnet must reside entirely within one Availability Zone and cannot span zones

56copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon VPC Example

Availability Zone A

Virtual Private Cloud

AWS Cloud

Public Subnet

Internet

Virtual Private Cloud

Availability Zone B

Private Subnet

Availability Zone C

VPN Only Subnet

DB Server DB Server

App Server

DB Server DB Server

DB Server

Web Server Web Server

NAT

Customer

Network

R

57copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security in Your VPC

Security groups

Network access

control lists

(ACLs) Subnet

1000024Subnet

1001024

Internet GatewayVPN Gateway

VPC Router

1000016

Security Group Security

Group

Security

Group

Network ACL Network ACL

Routing Table Routing Table

instance instance instance instance

58copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answers

Q What AWS service would help support your web application to offload serving static assets and store user uploaded images and video off-instance

Q How would you find out the private and public IP addresses for an EC2 instance

Q What acts as an additional layer of security at the subnet level in a VPC

True or False S3 Provides unlimited storageTrue

Retrieve the instance metadata http169254169254latestmeta-data

Amazon S3

Network ACLs

59copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 3

Security Identity and Access

Management

60copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Shared Responsibility ndash AWS

AW

S

Client-side Data Encryption

and Data Integrity

Authentication

Server-side Encryption

(File System andor Data)Network Traffic Protection

(EncryptionIntegrityIdentity)

Platform Applications Identity and Access Management

Operating System Network and Firewall Configuration

Customer DataC

usto

mer

Foundation Services

Compute Storage Database Network

AWS Global

Infrastructure Regions

Availability Zones Edge

Locations

61copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Physical Security

247 trained security staff

AWS data centers in nondescript and undisclosed facilities

Two-factor authentication for authorized staff

Authorization for data center access

62copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Hardware Software and Network

Automated change-control process

Bastion servers that record all access attempts

Firewall and other boundary devices

AWS monitoring tools

63copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Certifications and Accreditations

ISO 9001 ISO 27001 ISO 27017 ISO 27018 IRAP (Australia) MLPS Level 3 (China)

MTCS Tier 3 Certification (Singapore) and more hellip

64copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SSL Endpoints

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

SSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

SSL Endpoints

65copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security Groups

SSL Endpoints Security Groups

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

66copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

VPCSSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

67copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Multi-Tier Security Groups

HTTP

SSHRDP

Ports 80 and 443 only

open to the Internet

Engineering staff have SSHRDP

access to Bastion Host

All other internet ports blocked by default

Bastion

68copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Identity and Access Management (IAM)

AWS IAM

3

Manage federated users

and their permissions

2

Manage AWS IAM roles

and their permissions

1

Manage AWS IAM users

and their access

69copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Authentication

AWS Management Console User Name and Password

IAM User

70copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Access Key ID AKIAIOSFODNN7EXAMPLE

Secret Access Key wJalrXUtnFEMIK7MDENGbPxRfiCYEXAMPLEKEY

Java Python NET

AWS SDK amp APIAWS CLI

Authentication

AWS CLI or SDK API Access Key and Secret Key

IAM User

71copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM User Management - Groups

User D

DevOps Group

User C

AWS Account

TestDev Group

User BUser A

72copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authorization

Authorization

Policies

Are JSON documents to

describe permissions

Are assigned to Users

Groups or Roles

IAM User IAM Group

IAM Roles

73copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Elements

Version 2012-10-17

Statement [

Sid Stmt1453690971587

Action [

ec2Describe

ec2StartInstances

ec2StopInstancesrdquo

]

Effect Allow

Resource

Condition

IpAddress

awsSourceIp 5464346532rdquo

Sid Stmt1453690998327

Action [

s3GetObjectrdquo

]

Effect Allow

Resource arnawss3example_bucketrdquo

]

IAM Policy

74copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

Assigned Assigned

IAM Policy

75copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

76copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Roles

An IAM role uses a policy

An IAM role has no associated credentials

IAM users applications and services may assume IAM

roles

IAM Roles

77copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

IAM User

Assumed Assumed

AWS Resources

78copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Access to AWS Resources

Python application hosted on an Amazon EC2 Instance

needs to interact with Amazon S3

AWS credentials are required

Option 1 Store AWS Credentials on the Amazon EC2 instance

Option 2 Securely distribute AWS credentials to AWS Services

and Applications

IAM Roles

79copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Authentication

AWS IAM Application

No Support No Support

OS

80copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication and Authorization

Authentication

AWS Management Console

bull User Name and Password

AWS CLI or SDK API

bull Access Key and Secret Key

Authorization

Policies

IAM User IAM Group

IAM Roles

81copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices

Delete AWS account (root) access keys

Create individual IAM users

Use groups to assign permissions to IAM users

Grant least privilege

Configure a strong password policy

Enable MFA for privileged users

82copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices (cont)

Use roles for applications that run on Amazon EC2

instances

Delegate by using roles instead of by sharing credentials

Rotate credentials regularly

Remove unnecessary users and credentials

Use policy conditions for extra security

Monitor activity in your AWS account

83copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Resource-Based Policies

Are an alternative to IAM and supported by some

services

Grant cross-account access to your resources

Use a principal to uniquely identify account in the policy

Supported AWS services include Amazon S3 Bucket Policy

Amazon SNS Topic Policy

Amazon SQS Queue Policy

Amazon Glacier Vault Policy

AWS OpsWorks Stack Policy

AWS Lambda Function Policy

84copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answer

Q Your web application needs to readwrite an Amazon DynamoDB table

and an Amazon S3 bucket This operation requires AWS credentials and

authorization to use AWS services What service would you use

AWS IAM Role

85copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 4

Databases

86copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SQL and NoSQL Databases

SQL NoSQL

Data Storage Rows and Columns Key-Value

Schemas Fixed Dynamic

Querying Using SQL Focused on collection of

documents

Scalability Vertical Horizontal

ISBN Title Author Format

9182932465265 Cloud Computing

Concepts

Wilson

Joe

Paperback

3142536475869 The Database

Guru

Gomez

Maria

eBook

SQL NoSQL

ISBN 9182932465265

Title ldquoCloud Computing Conceptsrdquo

Author ldquoWilson Joerdquo

Format ldquoPaperbackrdquo

87copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Data Storage Considerations

No one size fits all

Analyze your data requirements by considering

Data formats

Data size

Query frequency

Data access speed

Data retention period

88copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Managed Database Services

Compute Storage

AWS Global Infrastructure

Database

App Services

Deployment and Administration

Networking

Amazon DynamoDB

Amazon ElastiCache

Amazon RDS

Amazon Redshift

AWS Database Migration Service

89copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Relational Database Service (RDS)

Cost-efficient and resizable capacity

Manages time-consuming database

administration tasks

Access to the full capabilities of Amazon

Aurora MySQL MariaDB Microsoft SQL

Server Oracle and PostgreSQL databases

Amazon

RDS

90copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Use Case

We were able to go from

concept to delivered product

in about six months with just

a handful of engineers

Greg Scallan

Chief Architect Flipboard

rdquo

ldquoFlipboard is an online magazine

with millions of users and billions of

ldquoflipsrdquo per month

Flipboard is one of the worldrsquos first

social media magazines

Flipboard uses Amazon RDS and

its Multi-AZ capabilities to store

mission critical user data

91copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS

Simple and fast to deploy

Manages common database administrative tasks

Compatible with your applications

Fast predictable performance

Simple and fast to scale

Secure

Cost-effective

92copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

How Amazon RDS Backups Work

Automatic Backups

Restore your database to a

point in time

Are enabled by default

Let you choose a retention

period up to 35 days

Manual Snapshots

Let you build a new

database instance from a

snapshot

Are initiated by the user

Persist until the user deletes

them

Are stored in Amazon S3

93copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cross-Region Snapshots

Are a copy of a database

snapshot stored in a

different AWS Region

Provide a backup for

disaster recovery

Can be used as a base

for migration to a

different region

94copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Security

Run your DB instance in an Amazon VPC

Use IAM policies to grant access to Amazon RDS resources

Use security groups

Use Secure Socket Layer (SSL) connections with DB instances (Amazon Aurora Oracle MySQL MariaDB PostgreSQL Microsoft SQL Server)

Use Amazon RDS encryption to secure your RDS instances and snapshots at rest

Use network encryption and transparent data encryption (TDE) with Oracle DB and Microsoft SQL Server instances

Use the security features of your DB engine to control access to your DB instance

95copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

A Resilient Durable Application Architecture

Amazon RDS database

instances

Master and Multi-AZ standby

Application in Amazon

EC2 instances

Elastic Load Balancing

load balancer instance

DB snapshots in

Amazon S3

96copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Best Practices

Monitor your memory CPU and storage usage

Use Multi-AZ deployments to automatically provision and maintain a synchronous standby in a different Availability Zone

Enable automatic backups

Set the backup window to occur during the daily low in WriteIOPS

To increase the IO capacity of a DB instance Migrate to a DB instance class with high IO capacity

Convert from standard storage to provisioned IOPS storage and use a DB instance class optimized for provisioned IOPS

Provision additional throughput capacity (if using provisioned IOPS storage)

If your client application is caching the DNS data of your DB instances set a TTL of less than 30 seconds

Test failover for your DB instance

97copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon DynamoDB

Store any amount of data with no limits

Fast predictable performance using SSDs

Easily provision and change the request

capacity needed for each table

Fully managed NoSQL database serviceAmazon

DynamoDB

98copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Use Case

AdRoll an online advertising platform serves 50

billion impressions a day worldwide with its

global retargeting platforms

We spend more on snacks

than we do on Amazon

DynamoDB

Valentino Volonghi

CTO Adroll

rdquo

ldquoAdroll Uses AWS to grow by more than

15000 in a year

Needed high-performance flexible

platform to swiftly sync data for

worldwide audience

Processes 50 TB of data a day

Serves 50 billion impressions a day

Stores 15 PB of data

Worldwide deployment minimizes

latency

99copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Data Model

Table

MusicItems

Attributes (name-value pairs)

Artist Song

Title

Album

Title

Year Genre

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 46: AWSome Day Cork | Technical Track

46copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Elastic Block Store (EBS)

Persistent block level storage volumes

offering consistent and low-latency performance

Automatically replicated within its Availability

Zone

Snapshots stored durably in Amazon S3 Amazon

EBS

47copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS Lifecycle

Vast amounts of

unused space Create

Call CreateVolume

1 GB to 16 TB

Attach

Call AttachVolume to affiliate with

one Amazon EC2 instance

Attached

and

In Use

bull Format from Amazon EC2

instance OS

bull Mount formatted drive

CreateSnapshotSnapshot to

Amazon S3Detach

Call DetachVolume

Deleted

Call DeleteVolume

48copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS Facts

You can create

EBS Magnetic volumes from 1 GiB to 1 TiB in size

EBS General Purpose (SSD) and Provisioned IOPS (SSD)

volumes up to 16 TiB in size

You can use encrypted EBS volumes to meet a wide

range of data at-rest encryption requirements for

regulatedaudited data and applications

You can create point-in-time snapshots of EBS volumes

which are persisted to Amazon S3

49copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS and Amazon S3

Amazon EBS Amazon S3

Paradigm Block storage with file system Object store

Performance Very fast Fast

Redundancy Across multiple servers in an

Availability Zone

Across multiple facilities in a Region

Security EBS Encryption ndash Data volumes

and Snapshots

Encryption

Access from the

Internet

No (1) Yes (2)

Typical use case It is a disk drive Online storage

(1) Accessible from the Internet if mounted to server and set up as FTP etc

(2) Only with proper credentials unless ACLs are world-readable

50copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Instance Storage

Local complimentary direct attached block storage resource

Availability number of disks and size is based on EC2

instance type

Storage optimized instances for up to 365000 Read IOPS

and 315000 First Write IOPS

SSD or magnetic

No persistence

All data is automatically deleted when an EC2 instance stops

fails or is terminated

51copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Reboot vs Stop vs Terminate

Characteristic Reboot StopStart (EBS-backed instances only)

Terminate

Host computer The instance stays on the

same host computer

The instance runs on a new

host computer

NA

Private and public

IP addresses

Stay the same Instance keeps its private IP

address and gets a new public

IP address

NA

Elastic IP addresses

(EIP)

EIP remains associated with

the instance

EIP remains associated with the

instance

The EIP is disassociated from the

instance

Instance store

volumes

The data is preserved The data is erased The data is erased

EBS volume The volume is preserved The volume is preserved The volume is deleted by default

Billing Instance billing hour doesnrsquot

change

You stop incurring charges as

soon as state is changed to

stopping

You stop incurring charges as

soon as state is changed to

shutting-down

52copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instructor Demo

Amazon S3

53copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Networking

Amazon VPC

54copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

Provision a private isolated virtual network

on the AWS cloud

Have complete control over your virtual

networking environmentAmazon

VPC

55copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

VPCs and Subnets

A subnet defines a range of IP addresses in your VPC

You can launch AWS resources into a subnet that you select

A private subnet should be used for resources that wonrsquot be accessible over the Internet

A public subnet should be used for resources that will be accessed over the Internet

Each subnet must reside entirely within one Availability Zone and cannot span zones

56copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon VPC Example

Availability Zone A

Virtual Private Cloud

AWS Cloud

Public Subnet

Internet

Virtual Private Cloud

Availability Zone B

Private Subnet

Availability Zone C

VPN Only Subnet

DB Server DB Server

App Server

DB Server DB Server

DB Server

Web Server Web Server

NAT

Customer

Network

R

57copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security in Your VPC

Security groups

Network access

control lists

(ACLs) Subnet

1000024Subnet

1001024

Internet GatewayVPN Gateway

VPC Router

1000016

Security Group Security

Group

Security

Group

Network ACL Network ACL

Routing Table Routing Table

instance instance instance instance

58copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answers

Q What AWS service would help support your web application to offload serving static assets and store user uploaded images and video off-instance

Q How would you find out the private and public IP addresses for an EC2 instance

Q What acts as an additional layer of security at the subnet level in a VPC

True or False S3 Provides unlimited storageTrue

Retrieve the instance metadata http169254169254latestmeta-data

Amazon S3

Network ACLs

59copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 3

Security Identity and Access

Management

60copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Shared Responsibility ndash AWS

AW

S

Client-side Data Encryption

and Data Integrity

Authentication

Server-side Encryption

(File System andor Data)Network Traffic Protection

(EncryptionIntegrityIdentity)

Platform Applications Identity and Access Management

Operating System Network and Firewall Configuration

Customer DataC

usto

mer

Foundation Services

Compute Storage Database Network

AWS Global

Infrastructure Regions

Availability Zones Edge

Locations

61copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Physical Security

247 trained security staff

AWS data centers in nondescript and undisclosed facilities

Two-factor authentication for authorized staff

Authorization for data center access

62copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Hardware Software and Network

Automated change-control process

Bastion servers that record all access attempts

Firewall and other boundary devices

AWS monitoring tools

63copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Certifications and Accreditations

ISO 9001 ISO 27001 ISO 27017 ISO 27018 IRAP (Australia) MLPS Level 3 (China)

MTCS Tier 3 Certification (Singapore) and more hellip

64copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SSL Endpoints

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

SSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

SSL Endpoints

65copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security Groups

SSL Endpoints Security Groups

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

66copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

VPCSSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

67copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Multi-Tier Security Groups

HTTP

SSHRDP

Ports 80 and 443 only

open to the Internet

Engineering staff have SSHRDP

access to Bastion Host

All other internet ports blocked by default

Bastion

68copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Identity and Access Management (IAM)

AWS IAM

3

Manage federated users

and their permissions

2

Manage AWS IAM roles

and their permissions

1

Manage AWS IAM users

and their access

69copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Authentication

AWS Management Console User Name and Password

IAM User

70copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Access Key ID AKIAIOSFODNN7EXAMPLE

Secret Access Key wJalrXUtnFEMIK7MDENGbPxRfiCYEXAMPLEKEY

Java Python NET

AWS SDK amp APIAWS CLI

Authentication

AWS CLI or SDK API Access Key and Secret Key

IAM User

71copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM User Management - Groups

User D

DevOps Group

User C

AWS Account

TestDev Group

User BUser A

72copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authorization

Authorization

Policies

Are JSON documents to

describe permissions

Are assigned to Users

Groups or Roles

IAM User IAM Group

IAM Roles

73copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Elements

Version 2012-10-17

Statement [

Sid Stmt1453690971587

Action [

ec2Describe

ec2StartInstances

ec2StopInstancesrdquo

]

Effect Allow

Resource

Condition

IpAddress

awsSourceIp 5464346532rdquo

Sid Stmt1453690998327

Action [

s3GetObjectrdquo

]

Effect Allow

Resource arnawss3example_bucketrdquo

]

IAM Policy

74copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

Assigned Assigned

IAM Policy

75copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

76copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Roles

An IAM role uses a policy

An IAM role has no associated credentials

IAM users applications and services may assume IAM

roles

IAM Roles

77copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

IAM User

Assumed Assumed

AWS Resources

78copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Access to AWS Resources

Python application hosted on an Amazon EC2 Instance

needs to interact with Amazon S3

AWS credentials are required

Option 1 Store AWS Credentials on the Amazon EC2 instance

Option 2 Securely distribute AWS credentials to AWS Services

and Applications

IAM Roles

79copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Authentication

AWS IAM Application

No Support No Support

OS

80copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication and Authorization

Authentication

AWS Management Console

bull User Name and Password

AWS CLI or SDK API

bull Access Key and Secret Key

Authorization

Policies

IAM User IAM Group

IAM Roles

81copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices

Delete AWS account (root) access keys

Create individual IAM users

Use groups to assign permissions to IAM users

Grant least privilege

Configure a strong password policy

Enable MFA for privileged users

82copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices (cont)

Use roles for applications that run on Amazon EC2

instances

Delegate by using roles instead of by sharing credentials

Rotate credentials regularly

Remove unnecessary users and credentials

Use policy conditions for extra security

Monitor activity in your AWS account

83copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Resource-Based Policies

Are an alternative to IAM and supported by some

services

Grant cross-account access to your resources

Use a principal to uniquely identify account in the policy

Supported AWS services include Amazon S3 Bucket Policy

Amazon SNS Topic Policy

Amazon SQS Queue Policy

Amazon Glacier Vault Policy

AWS OpsWorks Stack Policy

AWS Lambda Function Policy

84copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answer

Q Your web application needs to readwrite an Amazon DynamoDB table

and an Amazon S3 bucket This operation requires AWS credentials and

authorization to use AWS services What service would you use

AWS IAM Role

85copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 4

Databases

86copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SQL and NoSQL Databases

SQL NoSQL

Data Storage Rows and Columns Key-Value

Schemas Fixed Dynamic

Querying Using SQL Focused on collection of

documents

Scalability Vertical Horizontal

ISBN Title Author Format

9182932465265 Cloud Computing

Concepts

Wilson

Joe

Paperback

3142536475869 The Database

Guru

Gomez

Maria

eBook

SQL NoSQL

ISBN 9182932465265

Title ldquoCloud Computing Conceptsrdquo

Author ldquoWilson Joerdquo

Format ldquoPaperbackrdquo

87copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Data Storage Considerations

No one size fits all

Analyze your data requirements by considering

Data formats

Data size

Query frequency

Data access speed

Data retention period

88copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Managed Database Services

Compute Storage

AWS Global Infrastructure

Database

App Services

Deployment and Administration

Networking

Amazon DynamoDB

Amazon ElastiCache

Amazon RDS

Amazon Redshift

AWS Database Migration Service

89copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Relational Database Service (RDS)

Cost-efficient and resizable capacity

Manages time-consuming database

administration tasks

Access to the full capabilities of Amazon

Aurora MySQL MariaDB Microsoft SQL

Server Oracle and PostgreSQL databases

Amazon

RDS

90copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Use Case

We were able to go from

concept to delivered product

in about six months with just

a handful of engineers

Greg Scallan

Chief Architect Flipboard

rdquo

ldquoFlipboard is an online magazine

with millions of users and billions of

ldquoflipsrdquo per month

Flipboard is one of the worldrsquos first

social media magazines

Flipboard uses Amazon RDS and

its Multi-AZ capabilities to store

mission critical user data

91copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS

Simple and fast to deploy

Manages common database administrative tasks

Compatible with your applications

Fast predictable performance

Simple and fast to scale

Secure

Cost-effective

92copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

How Amazon RDS Backups Work

Automatic Backups

Restore your database to a

point in time

Are enabled by default

Let you choose a retention

period up to 35 days

Manual Snapshots

Let you build a new

database instance from a

snapshot

Are initiated by the user

Persist until the user deletes

them

Are stored in Amazon S3

93copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cross-Region Snapshots

Are a copy of a database

snapshot stored in a

different AWS Region

Provide a backup for

disaster recovery

Can be used as a base

for migration to a

different region

94copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Security

Run your DB instance in an Amazon VPC

Use IAM policies to grant access to Amazon RDS resources

Use security groups

Use Secure Socket Layer (SSL) connections with DB instances (Amazon Aurora Oracle MySQL MariaDB PostgreSQL Microsoft SQL Server)

Use Amazon RDS encryption to secure your RDS instances and snapshots at rest

Use network encryption and transparent data encryption (TDE) with Oracle DB and Microsoft SQL Server instances

Use the security features of your DB engine to control access to your DB instance

95copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

A Resilient Durable Application Architecture

Amazon RDS database

instances

Master and Multi-AZ standby

Application in Amazon

EC2 instances

Elastic Load Balancing

load balancer instance

DB snapshots in

Amazon S3

96copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Best Practices

Monitor your memory CPU and storage usage

Use Multi-AZ deployments to automatically provision and maintain a synchronous standby in a different Availability Zone

Enable automatic backups

Set the backup window to occur during the daily low in WriteIOPS

To increase the IO capacity of a DB instance Migrate to a DB instance class with high IO capacity

Convert from standard storage to provisioned IOPS storage and use a DB instance class optimized for provisioned IOPS

Provision additional throughput capacity (if using provisioned IOPS storage)

If your client application is caching the DNS data of your DB instances set a TTL of less than 30 seconds

Test failover for your DB instance

97copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon DynamoDB

Store any amount of data with no limits

Fast predictable performance using SSDs

Easily provision and change the request

capacity needed for each table

Fully managed NoSQL database serviceAmazon

DynamoDB

98copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Use Case

AdRoll an online advertising platform serves 50

billion impressions a day worldwide with its

global retargeting platforms

We spend more on snacks

than we do on Amazon

DynamoDB

Valentino Volonghi

CTO Adroll

rdquo

ldquoAdroll Uses AWS to grow by more than

15000 in a year

Needed high-performance flexible

platform to swiftly sync data for

worldwide audience

Processes 50 TB of data a day

Serves 50 billion impressions a day

Stores 15 PB of data

Worldwide deployment minimizes

latency

99copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Data Model

Table

MusicItems

Attributes (name-value pairs)

Artist Song

Title

Album

Title

Year Genre

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 47: AWSome Day Cork | Technical Track

47copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS Lifecycle

Vast amounts of

unused space Create

Call CreateVolume

1 GB to 16 TB

Attach

Call AttachVolume to affiliate with

one Amazon EC2 instance

Attached

and

In Use

bull Format from Amazon EC2

instance OS

bull Mount formatted drive

CreateSnapshotSnapshot to

Amazon S3Detach

Call DetachVolume

Deleted

Call DeleteVolume

48copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS Facts

You can create

EBS Magnetic volumes from 1 GiB to 1 TiB in size

EBS General Purpose (SSD) and Provisioned IOPS (SSD)

volumes up to 16 TiB in size

You can use encrypted EBS volumes to meet a wide

range of data at-rest encryption requirements for

regulatedaudited data and applications

You can create point-in-time snapshots of EBS volumes

which are persisted to Amazon S3

49copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS and Amazon S3

Amazon EBS Amazon S3

Paradigm Block storage with file system Object store

Performance Very fast Fast

Redundancy Across multiple servers in an

Availability Zone

Across multiple facilities in a Region

Security EBS Encryption ndash Data volumes

and Snapshots

Encryption

Access from the

Internet

No (1) Yes (2)

Typical use case It is a disk drive Online storage

(1) Accessible from the Internet if mounted to server and set up as FTP etc

(2) Only with proper credentials unless ACLs are world-readable

50copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Instance Storage

Local complimentary direct attached block storage resource

Availability number of disks and size is based on EC2

instance type

Storage optimized instances for up to 365000 Read IOPS

and 315000 First Write IOPS

SSD or magnetic

No persistence

All data is automatically deleted when an EC2 instance stops

fails or is terminated

51copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Reboot vs Stop vs Terminate

Characteristic Reboot StopStart (EBS-backed instances only)

Terminate

Host computer The instance stays on the

same host computer

The instance runs on a new

host computer

NA

Private and public

IP addresses

Stay the same Instance keeps its private IP

address and gets a new public

IP address

NA

Elastic IP addresses

(EIP)

EIP remains associated with

the instance

EIP remains associated with the

instance

The EIP is disassociated from the

instance

Instance store

volumes

The data is preserved The data is erased The data is erased

EBS volume The volume is preserved The volume is preserved The volume is deleted by default

Billing Instance billing hour doesnrsquot

change

You stop incurring charges as

soon as state is changed to

stopping

You stop incurring charges as

soon as state is changed to

shutting-down

52copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instructor Demo

Amazon S3

53copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Networking

Amazon VPC

54copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

Provision a private isolated virtual network

on the AWS cloud

Have complete control over your virtual

networking environmentAmazon

VPC

55copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

VPCs and Subnets

A subnet defines a range of IP addresses in your VPC

You can launch AWS resources into a subnet that you select

A private subnet should be used for resources that wonrsquot be accessible over the Internet

A public subnet should be used for resources that will be accessed over the Internet

Each subnet must reside entirely within one Availability Zone and cannot span zones

56copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon VPC Example

Availability Zone A

Virtual Private Cloud

AWS Cloud

Public Subnet

Internet

Virtual Private Cloud

Availability Zone B

Private Subnet

Availability Zone C

VPN Only Subnet

DB Server DB Server

App Server

DB Server DB Server

DB Server

Web Server Web Server

NAT

Customer

Network

R

57copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security in Your VPC

Security groups

Network access

control lists

(ACLs) Subnet

1000024Subnet

1001024

Internet GatewayVPN Gateway

VPC Router

1000016

Security Group Security

Group

Security

Group

Network ACL Network ACL

Routing Table Routing Table

instance instance instance instance

58copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answers

Q What AWS service would help support your web application to offload serving static assets and store user uploaded images and video off-instance

Q How would you find out the private and public IP addresses for an EC2 instance

Q What acts as an additional layer of security at the subnet level in a VPC

True or False S3 Provides unlimited storageTrue

Retrieve the instance metadata http169254169254latestmeta-data

Amazon S3

Network ACLs

59copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 3

Security Identity and Access

Management

60copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Shared Responsibility ndash AWS

AW

S

Client-side Data Encryption

and Data Integrity

Authentication

Server-side Encryption

(File System andor Data)Network Traffic Protection

(EncryptionIntegrityIdentity)

Platform Applications Identity and Access Management

Operating System Network and Firewall Configuration

Customer DataC

usto

mer

Foundation Services

Compute Storage Database Network

AWS Global

Infrastructure Regions

Availability Zones Edge

Locations

61copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Physical Security

247 trained security staff

AWS data centers in nondescript and undisclosed facilities

Two-factor authentication for authorized staff

Authorization for data center access

62copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Hardware Software and Network

Automated change-control process

Bastion servers that record all access attempts

Firewall and other boundary devices

AWS monitoring tools

63copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Certifications and Accreditations

ISO 9001 ISO 27001 ISO 27017 ISO 27018 IRAP (Australia) MLPS Level 3 (China)

MTCS Tier 3 Certification (Singapore) and more hellip

64copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SSL Endpoints

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

SSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

SSL Endpoints

65copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security Groups

SSL Endpoints Security Groups

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

66copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

VPCSSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

67copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Multi-Tier Security Groups

HTTP

SSHRDP

Ports 80 and 443 only

open to the Internet

Engineering staff have SSHRDP

access to Bastion Host

All other internet ports blocked by default

Bastion

68copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Identity and Access Management (IAM)

AWS IAM

3

Manage federated users

and their permissions

2

Manage AWS IAM roles

and their permissions

1

Manage AWS IAM users

and their access

69copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Authentication

AWS Management Console User Name and Password

IAM User

70copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Access Key ID AKIAIOSFODNN7EXAMPLE

Secret Access Key wJalrXUtnFEMIK7MDENGbPxRfiCYEXAMPLEKEY

Java Python NET

AWS SDK amp APIAWS CLI

Authentication

AWS CLI or SDK API Access Key and Secret Key

IAM User

71copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM User Management - Groups

User D

DevOps Group

User C

AWS Account

TestDev Group

User BUser A

72copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authorization

Authorization

Policies

Are JSON documents to

describe permissions

Are assigned to Users

Groups or Roles

IAM User IAM Group

IAM Roles

73copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Elements

Version 2012-10-17

Statement [

Sid Stmt1453690971587

Action [

ec2Describe

ec2StartInstances

ec2StopInstancesrdquo

]

Effect Allow

Resource

Condition

IpAddress

awsSourceIp 5464346532rdquo

Sid Stmt1453690998327

Action [

s3GetObjectrdquo

]

Effect Allow

Resource arnawss3example_bucketrdquo

]

IAM Policy

74copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

Assigned Assigned

IAM Policy

75copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

76copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Roles

An IAM role uses a policy

An IAM role has no associated credentials

IAM users applications and services may assume IAM

roles

IAM Roles

77copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

IAM User

Assumed Assumed

AWS Resources

78copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Access to AWS Resources

Python application hosted on an Amazon EC2 Instance

needs to interact with Amazon S3

AWS credentials are required

Option 1 Store AWS Credentials on the Amazon EC2 instance

Option 2 Securely distribute AWS credentials to AWS Services

and Applications

IAM Roles

79copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Authentication

AWS IAM Application

No Support No Support

OS

80copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication and Authorization

Authentication

AWS Management Console

bull User Name and Password

AWS CLI or SDK API

bull Access Key and Secret Key

Authorization

Policies

IAM User IAM Group

IAM Roles

81copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices

Delete AWS account (root) access keys

Create individual IAM users

Use groups to assign permissions to IAM users

Grant least privilege

Configure a strong password policy

Enable MFA for privileged users

82copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices (cont)

Use roles for applications that run on Amazon EC2

instances

Delegate by using roles instead of by sharing credentials

Rotate credentials regularly

Remove unnecessary users and credentials

Use policy conditions for extra security

Monitor activity in your AWS account

83copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Resource-Based Policies

Are an alternative to IAM and supported by some

services

Grant cross-account access to your resources

Use a principal to uniquely identify account in the policy

Supported AWS services include Amazon S3 Bucket Policy

Amazon SNS Topic Policy

Amazon SQS Queue Policy

Amazon Glacier Vault Policy

AWS OpsWorks Stack Policy

AWS Lambda Function Policy

84copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answer

Q Your web application needs to readwrite an Amazon DynamoDB table

and an Amazon S3 bucket This operation requires AWS credentials and

authorization to use AWS services What service would you use

AWS IAM Role

85copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 4

Databases

86copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SQL and NoSQL Databases

SQL NoSQL

Data Storage Rows and Columns Key-Value

Schemas Fixed Dynamic

Querying Using SQL Focused on collection of

documents

Scalability Vertical Horizontal

ISBN Title Author Format

9182932465265 Cloud Computing

Concepts

Wilson

Joe

Paperback

3142536475869 The Database

Guru

Gomez

Maria

eBook

SQL NoSQL

ISBN 9182932465265

Title ldquoCloud Computing Conceptsrdquo

Author ldquoWilson Joerdquo

Format ldquoPaperbackrdquo

87copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Data Storage Considerations

No one size fits all

Analyze your data requirements by considering

Data formats

Data size

Query frequency

Data access speed

Data retention period

88copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Managed Database Services

Compute Storage

AWS Global Infrastructure

Database

App Services

Deployment and Administration

Networking

Amazon DynamoDB

Amazon ElastiCache

Amazon RDS

Amazon Redshift

AWS Database Migration Service

89copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Relational Database Service (RDS)

Cost-efficient and resizable capacity

Manages time-consuming database

administration tasks

Access to the full capabilities of Amazon

Aurora MySQL MariaDB Microsoft SQL

Server Oracle and PostgreSQL databases

Amazon

RDS

90copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Use Case

We were able to go from

concept to delivered product

in about six months with just

a handful of engineers

Greg Scallan

Chief Architect Flipboard

rdquo

ldquoFlipboard is an online magazine

with millions of users and billions of

ldquoflipsrdquo per month

Flipboard is one of the worldrsquos first

social media magazines

Flipboard uses Amazon RDS and

its Multi-AZ capabilities to store

mission critical user data

91copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS

Simple and fast to deploy

Manages common database administrative tasks

Compatible with your applications

Fast predictable performance

Simple and fast to scale

Secure

Cost-effective

92copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

How Amazon RDS Backups Work

Automatic Backups

Restore your database to a

point in time

Are enabled by default

Let you choose a retention

period up to 35 days

Manual Snapshots

Let you build a new

database instance from a

snapshot

Are initiated by the user

Persist until the user deletes

them

Are stored in Amazon S3

93copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cross-Region Snapshots

Are a copy of a database

snapshot stored in a

different AWS Region

Provide a backup for

disaster recovery

Can be used as a base

for migration to a

different region

94copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Security

Run your DB instance in an Amazon VPC

Use IAM policies to grant access to Amazon RDS resources

Use security groups

Use Secure Socket Layer (SSL) connections with DB instances (Amazon Aurora Oracle MySQL MariaDB PostgreSQL Microsoft SQL Server)

Use Amazon RDS encryption to secure your RDS instances and snapshots at rest

Use network encryption and transparent data encryption (TDE) with Oracle DB and Microsoft SQL Server instances

Use the security features of your DB engine to control access to your DB instance

95copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

A Resilient Durable Application Architecture

Amazon RDS database

instances

Master and Multi-AZ standby

Application in Amazon

EC2 instances

Elastic Load Balancing

load balancer instance

DB snapshots in

Amazon S3

96copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Best Practices

Monitor your memory CPU and storage usage

Use Multi-AZ deployments to automatically provision and maintain a synchronous standby in a different Availability Zone

Enable automatic backups

Set the backup window to occur during the daily low in WriteIOPS

To increase the IO capacity of a DB instance Migrate to a DB instance class with high IO capacity

Convert from standard storage to provisioned IOPS storage and use a DB instance class optimized for provisioned IOPS

Provision additional throughput capacity (if using provisioned IOPS storage)

If your client application is caching the DNS data of your DB instances set a TTL of less than 30 seconds

Test failover for your DB instance

97copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon DynamoDB

Store any amount of data with no limits

Fast predictable performance using SSDs

Easily provision and change the request

capacity needed for each table

Fully managed NoSQL database serviceAmazon

DynamoDB

98copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Use Case

AdRoll an online advertising platform serves 50

billion impressions a day worldwide with its

global retargeting platforms

We spend more on snacks

than we do on Amazon

DynamoDB

Valentino Volonghi

CTO Adroll

rdquo

ldquoAdroll Uses AWS to grow by more than

15000 in a year

Needed high-performance flexible

platform to swiftly sync data for

worldwide audience

Processes 50 TB of data a day

Serves 50 billion impressions a day

Stores 15 PB of data

Worldwide deployment minimizes

latency

99copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Data Model

Table

MusicItems

Attributes (name-value pairs)

Artist Song

Title

Album

Title

Year Genre

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 48: AWSome Day Cork | Technical Track

48copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS Facts

You can create

EBS Magnetic volumes from 1 GiB to 1 TiB in size

EBS General Purpose (SSD) and Provisioned IOPS (SSD)

volumes up to 16 TiB in size

You can use encrypted EBS volumes to meet a wide

range of data at-rest encryption requirements for

regulatedaudited data and applications

You can create point-in-time snapshots of EBS volumes

which are persisted to Amazon S3

49copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS and Amazon S3

Amazon EBS Amazon S3

Paradigm Block storage with file system Object store

Performance Very fast Fast

Redundancy Across multiple servers in an

Availability Zone

Across multiple facilities in a Region

Security EBS Encryption ndash Data volumes

and Snapshots

Encryption

Access from the

Internet

No (1) Yes (2)

Typical use case It is a disk drive Online storage

(1) Accessible from the Internet if mounted to server and set up as FTP etc

(2) Only with proper credentials unless ACLs are world-readable

50copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Instance Storage

Local complimentary direct attached block storage resource

Availability number of disks and size is based on EC2

instance type

Storage optimized instances for up to 365000 Read IOPS

and 315000 First Write IOPS

SSD or magnetic

No persistence

All data is automatically deleted when an EC2 instance stops

fails or is terminated

51copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Reboot vs Stop vs Terminate

Characteristic Reboot StopStart (EBS-backed instances only)

Terminate

Host computer The instance stays on the

same host computer

The instance runs on a new

host computer

NA

Private and public

IP addresses

Stay the same Instance keeps its private IP

address and gets a new public

IP address

NA

Elastic IP addresses

(EIP)

EIP remains associated with

the instance

EIP remains associated with the

instance

The EIP is disassociated from the

instance

Instance store

volumes

The data is preserved The data is erased The data is erased

EBS volume The volume is preserved The volume is preserved The volume is deleted by default

Billing Instance billing hour doesnrsquot

change

You stop incurring charges as

soon as state is changed to

stopping

You stop incurring charges as

soon as state is changed to

shutting-down

52copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instructor Demo

Amazon S3

53copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Networking

Amazon VPC

54copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

Provision a private isolated virtual network

on the AWS cloud

Have complete control over your virtual

networking environmentAmazon

VPC

55copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

VPCs and Subnets

A subnet defines a range of IP addresses in your VPC

You can launch AWS resources into a subnet that you select

A private subnet should be used for resources that wonrsquot be accessible over the Internet

A public subnet should be used for resources that will be accessed over the Internet

Each subnet must reside entirely within one Availability Zone and cannot span zones

56copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon VPC Example

Availability Zone A

Virtual Private Cloud

AWS Cloud

Public Subnet

Internet

Virtual Private Cloud

Availability Zone B

Private Subnet

Availability Zone C

VPN Only Subnet

DB Server DB Server

App Server

DB Server DB Server

DB Server

Web Server Web Server

NAT

Customer

Network

R

57copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security in Your VPC

Security groups

Network access

control lists

(ACLs) Subnet

1000024Subnet

1001024

Internet GatewayVPN Gateway

VPC Router

1000016

Security Group Security

Group

Security

Group

Network ACL Network ACL

Routing Table Routing Table

instance instance instance instance

58copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answers

Q What AWS service would help support your web application to offload serving static assets and store user uploaded images and video off-instance

Q How would you find out the private and public IP addresses for an EC2 instance

Q What acts as an additional layer of security at the subnet level in a VPC

True or False S3 Provides unlimited storageTrue

Retrieve the instance metadata http169254169254latestmeta-data

Amazon S3

Network ACLs

59copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 3

Security Identity and Access

Management

60copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Shared Responsibility ndash AWS

AW

S

Client-side Data Encryption

and Data Integrity

Authentication

Server-side Encryption

(File System andor Data)Network Traffic Protection

(EncryptionIntegrityIdentity)

Platform Applications Identity and Access Management

Operating System Network and Firewall Configuration

Customer DataC

usto

mer

Foundation Services

Compute Storage Database Network

AWS Global

Infrastructure Regions

Availability Zones Edge

Locations

61copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Physical Security

247 trained security staff

AWS data centers in nondescript and undisclosed facilities

Two-factor authentication for authorized staff

Authorization for data center access

62copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Hardware Software and Network

Automated change-control process

Bastion servers that record all access attempts

Firewall and other boundary devices

AWS monitoring tools

63copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Certifications and Accreditations

ISO 9001 ISO 27001 ISO 27017 ISO 27018 IRAP (Australia) MLPS Level 3 (China)

MTCS Tier 3 Certification (Singapore) and more hellip

64copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SSL Endpoints

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

SSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

SSL Endpoints

65copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security Groups

SSL Endpoints Security Groups

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

66copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

VPCSSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

67copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Multi-Tier Security Groups

HTTP

SSHRDP

Ports 80 and 443 only

open to the Internet

Engineering staff have SSHRDP

access to Bastion Host

All other internet ports blocked by default

Bastion

68copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Identity and Access Management (IAM)

AWS IAM

3

Manage federated users

and their permissions

2

Manage AWS IAM roles

and their permissions

1

Manage AWS IAM users

and their access

69copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Authentication

AWS Management Console User Name and Password

IAM User

70copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Access Key ID AKIAIOSFODNN7EXAMPLE

Secret Access Key wJalrXUtnFEMIK7MDENGbPxRfiCYEXAMPLEKEY

Java Python NET

AWS SDK amp APIAWS CLI

Authentication

AWS CLI or SDK API Access Key and Secret Key

IAM User

71copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM User Management - Groups

User D

DevOps Group

User C

AWS Account

TestDev Group

User BUser A

72copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authorization

Authorization

Policies

Are JSON documents to

describe permissions

Are assigned to Users

Groups or Roles

IAM User IAM Group

IAM Roles

73copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Elements

Version 2012-10-17

Statement [

Sid Stmt1453690971587

Action [

ec2Describe

ec2StartInstances

ec2StopInstancesrdquo

]

Effect Allow

Resource

Condition

IpAddress

awsSourceIp 5464346532rdquo

Sid Stmt1453690998327

Action [

s3GetObjectrdquo

]

Effect Allow

Resource arnawss3example_bucketrdquo

]

IAM Policy

74copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

Assigned Assigned

IAM Policy

75copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

76copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Roles

An IAM role uses a policy

An IAM role has no associated credentials

IAM users applications and services may assume IAM

roles

IAM Roles

77copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

IAM User

Assumed Assumed

AWS Resources

78copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Access to AWS Resources

Python application hosted on an Amazon EC2 Instance

needs to interact with Amazon S3

AWS credentials are required

Option 1 Store AWS Credentials on the Amazon EC2 instance

Option 2 Securely distribute AWS credentials to AWS Services

and Applications

IAM Roles

79copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Authentication

AWS IAM Application

No Support No Support

OS

80copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication and Authorization

Authentication

AWS Management Console

bull User Name and Password

AWS CLI or SDK API

bull Access Key and Secret Key

Authorization

Policies

IAM User IAM Group

IAM Roles

81copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices

Delete AWS account (root) access keys

Create individual IAM users

Use groups to assign permissions to IAM users

Grant least privilege

Configure a strong password policy

Enable MFA for privileged users

82copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices (cont)

Use roles for applications that run on Amazon EC2

instances

Delegate by using roles instead of by sharing credentials

Rotate credentials regularly

Remove unnecessary users and credentials

Use policy conditions for extra security

Monitor activity in your AWS account

83copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Resource-Based Policies

Are an alternative to IAM and supported by some

services

Grant cross-account access to your resources

Use a principal to uniquely identify account in the policy

Supported AWS services include Amazon S3 Bucket Policy

Amazon SNS Topic Policy

Amazon SQS Queue Policy

Amazon Glacier Vault Policy

AWS OpsWorks Stack Policy

AWS Lambda Function Policy

84copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answer

Q Your web application needs to readwrite an Amazon DynamoDB table

and an Amazon S3 bucket This operation requires AWS credentials and

authorization to use AWS services What service would you use

AWS IAM Role

85copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 4

Databases

86copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SQL and NoSQL Databases

SQL NoSQL

Data Storage Rows and Columns Key-Value

Schemas Fixed Dynamic

Querying Using SQL Focused on collection of

documents

Scalability Vertical Horizontal

ISBN Title Author Format

9182932465265 Cloud Computing

Concepts

Wilson

Joe

Paperback

3142536475869 The Database

Guru

Gomez

Maria

eBook

SQL NoSQL

ISBN 9182932465265

Title ldquoCloud Computing Conceptsrdquo

Author ldquoWilson Joerdquo

Format ldquoPaperbackrdquo

87copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Data Storage Considerations

No one size fits all

Analyze your data requirements by considering

Data formats

Data size

Query frequency

Data access speed

Data retention period

88copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Managed Database Services

Compute Storage

AWS Global Infrastructure

Database

App Services

Deployment and Administration

Networking

Amazon DynamoDB

Amazon ElastiCache

Amazon RDS

Amazon Redshift

AWS Database Migration Service

89copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Relational Database Service (RDS)

Cost-efficient and resizable capacity

Manages time-consuming database

administration tasks

Access to the full capabilities of Amazon

Aurora MySQL MariaDB Microsoft SQL

Server Oracle and PostgreSQL databases

Amazon

RDS

90copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Use Case

We were able to go from

concept to delivered product

in about six months with just

a handful of engineers

Greg Scallan

Chief Architect Flipboard

rdquo

ldquoFlipboard is an online magazine

with millions of users and billions of

ldquoflipsrdquo per month

Flipboard is one of the worldrsquos first

social media magazines

Flipboard uses Amazon RDS and

its Multi-AZ capabilities to store

mission critical user data

91copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS

Simple and fast to deploy

Manages common database administrative tasks

Compatible with your applications

Fast predictable performance

Simple and fast to scale

Secure

Cost-effective

92copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

How Amazon RDS Backups Work

Automatic Backups

Restore your database to a

point in time

Are enabled by default

Let you choose a retention

period up to 35 days

Manual Snapshots

Let you build a new

database instance from a

snapshot

Are initiated by the user

Persist until the user deletes

them

Are stored in Amazon S3

93copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cross-Region Snapshots

Are a copy of a database

snapshot stored in a

different AWS Region

Provide a backup for

disaster recovery

Can be used as a base

for migration to a

different region

94copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Security

Run your DB instance in an Amazon VPC

Use IAM policies to grant access to Amazon RDS resources

Use security groups

Use Secure Socket Layer (SSL) connections with DB instances (Amazon Aurora Oracle MySQL MariaDB PostgreSQL Microsoft SQL Server)

Use Amazon RDS encryption to secure your RDS instances and snapshots at rest

Use network encryption and transparent data encryption (TDE) with Oracle DB and Microsoft SQL Server instances

Use the security features of your DB engine to control access to your DB instance

95copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

A Resilient Durable Application Architecture

Amazon RDS database

instances

Master and Multi-AZ standby

Application in Amazon

EC2 instances

Elastic Load Balancing

load balancer instance

DB snapshots in

Amazon S3

96copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Best Practices

Monitor your memory CPU and storage usage

Use Multi-AZ deployments to automatically provision and maintain a synchronous standby in a different Availability Zone

Enable automatic backups

Set the backup window to occur during the daily low in WriteIOPS

To increase the IO capacity of a DB instance Migrate to a DB instance class with high IO capacity

Convert from standard storage to provisioned IOPS storage and use a DB instance class optimized for provisioned IOPS

Provision additional throughput capacity (if using provisioned IOPS storage)

If your client application is caching the DNS data of your DB instances set a TTL of less than 30 seconds

Test failover for your DB instance

97copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon DynamoDB

Store any amount of data with no limits

Fast predictable performance using SSDs

Easily provision and change the request

capacity needed for each table

Fully managed NoSQL database serviceAmazon

DynamoDB

98copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Use Case

AdRoll an online advertising platform serves 50

billion impressions a day worldwide with its

global retargeting platforms

We spend more on snacks

than we do on Amazon

DynamoDB

Valentino Volonghi

CTO Adroll

rdquo

ldquoAdroll Uses AWS to grow by more than

15000 in a year

Needed high-performance flexible

platform to swiftly sync data for

worldwide audience

Processes 50 TB of data a day

Serves 50 billion impressions a day

Stores 15 PB of data

Worldwide deployment minimizes

latency

99copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Data Model

Table

MusicItems

Attributes (name-value pairs)

Artist Song

Title

Album

Title

Year Genre

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 49: AWSome Day Cork | Technical Track

49copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EBS and Amazon S3

Amazon EBS Amazon S3

Paradigm Block storage with file system Object store

Performance Very fast Fast

Redundancy Across multiple servers in an

Availability Zone

Across multiple facilities in a Region

Security EBS Encryption ndash Data volumes

and Snapshots

Encryption

Access from the

Internet

No (1) Yes (2)

Typical use case It is a disk drive Online storage

(1) Accessible from the Internet if mounted to server and set up as FTP etc

(2) Only with proper credentials unless ACLs are world-readable

50copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Instance Storage

Local complimentary direct attached block storage resource

Availability number of disks and size is based on EC2

instance type

Storage optimized instances for up to 365000 Read IOPS

and 315000 First Write IOPS

SSD or magnetic

No persistence

All data is automatically deleted when an EC2 instance stops

fails or is terminated

51copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Reboot vs Stop vs Terminate

Characteristic Reboot StopStart (EBS-backed instances only)

Terminate

Host computer The instance stays on the

same host computer

The instance runs on a new

host computer

NA

Private and public

IP addresses

Stay the same Instance keeps its private IP

address and gets a new public

IP address

NA

Elastic IP addresses

(EIP)

EIP remains associated with

the instance

EIP remains associated with the

instance

The EIP is disassociated from the

instance

Instance store

volumes

The data is preserved The data is erased The data is erased

EBS volume The volume is preserved The volume is preserved The volume is deleted by default

Billing Instance billing hour doesnrsquot

change

You stop incurring charges as

soon as state is changed to

stopping

You stop incurring charges as

soon as state is changed to

shutting-down

52copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instructor Demo

Amazon S3

53copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Networking

Amazon VPC

54copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

Provision a private isolated virtual network

on the AWS cloud

Have complete control over your virtual

networking environmentAmazon

VPC

55copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

VPCs and Subnets

A subnet defines a range of IP addresses in your VPC

You can launch AWS resources into a subnet that you select

A private subnet should be used for resources that wonrsquot be accessible over the Internet

A public subnet should be used for resources that will be accessed over the Internet

Each subnet must reside entirely within one Availability Zone and cannot span zones

56copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon VPC Example

Availability Zone A

Virtual Private Cloud

AWS Cloud

Public Subnet

Internet

Virtual Private Cloud

Availability Zone B

Private Subnet

Availability Zone C

VPN Only Subnet

DB Server DB Server

App Server

DB Server DB Server

DB Server

Web Server Web Server

NAT

Customer

Network

R

57copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security in Your VPC

Security groups

Network access

control lists

(ACLs) Subnet

1000024Subnet

1001024

Internet GatewayVPN Gateway

VPC Router

1000016

Security Group Security

Group

Security

Group

Network ACL Network ACL

Routing Table Routing Table

instance instance instance instance

58copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answers

Q What AWS service would help support your web application to offload serving static assets and store user uploaded images and video off-instance

Q How would you find out the private and public IP addresses for an EC2 instance

Q What acts as an additional layer of security at the subnet level in a VPC

True or False S3 Provides unlimited storageTrue

Retrieve the instance metadata http169254169254latestmeta-data

Amazon S3

Network ACLs

59copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 3

Security Identity and Access

Management

60copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Shared Responsibility ndash AWS

AW

S

Client-side Data Encryption

and Data Integrity

Authentication

Server-side Encryption

(File System andor Data)Network Traffic Protection

(EncryptionIntegrityIdentity)

Platform Applications Identity and Access Management

Operating System Network and Firewall Configuration

Customer DataC

usto

mer

Foundation Services

Compute Storage Database Network

AWS Global

Infrastructure Regions

Availability Zones Edge

Locations

61copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Physical Security

247 trained security staff

AWS data centers in nondescript and undisclosed facilities

Two-factor authentication for authorized staff

Authorization for data center access

62copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Hardware Software and Network

Automated change-control process

Bastion servers that record all access attempts

Firewall and other boundary devices

AWS monitoring tools

63copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Certifications and Accreditations

ISO 9001 ISO 27001 ISO 27017 ISO 27018 IRAP (Australia) MLPS Level 3 (China)

MTCS Tier 3 Certification (Singapore) and more hellip

64copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SSL Endpoints

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

SSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

SSL Endpoints

65copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security Groups

SSL Endpoints Security Groups

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

66copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

VPCSSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

67copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Multi-Tier Security Groups

HTTP

SSHRDP

Ports 80 and 443 only

open to the Internet

Engineering staff have SSHRDP

access to Bastion Host

All other internet ports blocked by default

Bastion

68copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Identity and Access Management (IAM)

AWS IAM

3

Manage federated users

and their permissions

2

Manage AWS IAM roles

and their permissions

1

Manage AWS IAM users

and their access

69copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Authentication

AWS Management Console User Name and Password

IAM User

70copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Access Key ID AKIAIOSFODNN7EXAMPLE

Secret Access Key wJalrXUtnFEMIK7MDENGbPxRfiCYEXAMPLEKEY

Java Python NET

AWS SDK amp APIAWS CLI

Authentication

AWS CLI or SDK API Access Key and Secret Key

IAM User

71copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM User Management - Groups

User D

DevOps Group

User C

AWS Account

TestDev Group

User BUser A

72copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authorization

Authorization

Policies

Are JSON documents to

describe permissions

Are assigned to Users

Groups or Roles

IAM User IAM Group

IAM Roles

73copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Elements

Version 2012-10-17

Statement [

Sid Stmt1453690971587

Action [

ec2Describe

ec2StartInstances

ec2StopInstancesrdquo

]

Effect Allow

Resource

Condition

IpAddress

awsSourceIp 5464346532rdquo

Sid Stmt1453690998327

Action [

s3GetObjectrdquo

]

Effect Allow

Resource arnawss3example_bucketrdquo

]

IAM Policy

74copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

Assigned Assigned

IAM Policy

75copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

76copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Roles

An IAM role uses a policy

An IAM role has no associated credentials

IAM users applications and services may assume IAM

roles

IAM Roles

77copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

IAM User

Assumed Assumed

AWS Resources

78copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Access to AWS Resources

Python application hosted on an Amazon EC2 Instance

needs to interact with Amazon S3

AWS credentials are required

Option 1 Store AWS Credentials on the Amazon EC2 instance

Option 2 Securely distribute AWS credentials to AWS Services

and Applications

IAM Roles

79copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Authentication

AWS IAM Application

No Support No Support

OS

80copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication and Authorization

Authentication

AWS Management Console

bull User Name and Password

AWS CLI or SDK API

bull Access Key and Secret Key

Authorization

Policies

IAM User IAM Group

IAM Roles

81copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices

Delete AWS account (root) access keys

Create individual IAM users

Use groups to assign permissions to IAM users

Grant least privilege

Configure a strong password policy

Enable MFA for privileged users

82copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices (cont)

Use roles for applications that run on Amazon EC2

instances

Delegate by using roles instead of by sharing credentials

Rotate credentials regularly

Remove unnecessary users and credentials

Use policy conditions for extra security

Monitor activity in your AWS account

83copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Resource-Based Policies

Are an alternative to IAM and supported by some

services

Grant cross-account access to your resources

Use a principal to uniquely identify account in the policy

Supported AWS services include Amazon S3 Bucket Policy

Amazon SNS Topic Policy

Amazon SQS Queue Policy

Amazon Glacier Vault Policy

AWS OpsWorks Stack Policy

AWS Lambda Function Policy

84copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answer

Q Your web application needs to readwrite an Amazon DynamoDB table

and an Amazon S3 bucket This operation requires AWS credentials and

authorization to use AWS services What service would you use

AWS IAM Role

85copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 4

Databases

86copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SQL and NoSQL Databases

SQL NoSQL

Data Storage Rows and Columns Key-Value

Schemas Fixed Dynamic

Querying Using SQL Focused on collection of

documents

Scalability Vertical Horizontal

ISBN Title Author Format

9182932465265 Cloud Computing

Concepts

Wilson

Joe

Paperback

3142536475869 The Database

Guru

Gomez

Maria

eBook

SQL NoSQL

ISBN 9182932465265

Title ldquoCloud Computing Conceptsrdquo

Author ldquoWilson Joerdquo

Format ldquoPaperbackrdquo

87copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Data Storage Considerations

No one size fits all

Analyze your data requirements by considering

Data formats

Data size

Query frequency

Data access speed

Data retention period

88copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Managed Database Services

Compute Storage

AWS Global Infrastructure

Database

App Services

Deployment and Administration

Networking

Amazon DynamoDB

Amazon ElastiCache

Amazon RDS

Amazon Redshift

AWS Database Migration Service

89copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Relational Database Service (RDS)

Cost-efficient and resizable capacity

Manages time-consuming database

administration tasks

Access to the full capabilities of Amazon

Aurora MySQL MariaDB Microsoft SQL

Server Oracle and PostgreSQL databases

Amazon

RDS

90copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Use Case

We were able to go from

concept to delivered product

in about six months with just

a handful of engineers

Greg Scallan

Chief Architect Flipboard

rdquo

ldquoFlipboard is an online magazine

with millions of users and billions of

ldquoflipsrdquo per month

Flipboard is one of the worldrsquos first

social media magazines

Flipboard uses Amazon RDS and

its Multi-AZ capabilities to store

mission critical user data

91copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS

Simple and fast to deploy

Manages common database administrative tasks

Compatible with your applications

Fast predictable performance

Simple and fast to scale

Secure

Cost-effective

92copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

How Amazon RDS Backups Work

Automatic Backups

Restore your database to a

point in time

Are enabled by default

Let you choose a retention

period up to 35 days

Manual Snapshots

Let you build a new

database instance from a

snapshot

Are initiated by the user

Persist until the user deletes

them

Are stored in Amazon S3

93copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cross-Region Snapshots

Are a copy of a database

snapshot stored in a

different AWS Region

Provide a backup for

disaster recovery

Can be used as a base

for migration to a

different region

94copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Security

Run your DB instance in an Amazon VPC

Use IAM policies to grant access to Amazon RDS resources

Use security groups

Use Secure Socket Layer (SSL) connections with DB instances (Amazon Aurora Oracle MySQL MariaDB PostgreSQL Microsoft SQL Server)

Use Amazon RDS encryption to secure your RDS instances and snapshots at rest

Use network encryption and transparent data encryption (TDE) with Oracle DB and Microsoft SQL Server instances

Use the security features of your DB engine to control access to your DB instance

95copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

A Resilient Durable Application Architecture

Amazon RDS database

instances

Master and Multi-AZ standby

Application in Amazon

EC2 instances

Elastic Load Balancing

load balancer instance

DB snapshots in

Amazon S3

96copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Best Practices

Monitor your memory CPU and storage usage

Use Multi-AZ deployments to automatically provision and maintain a synchronous standby in a different Availability Zone

Enable automatic backups

Set the backup window to occur during the daily low in WriteIOPS

To increase the IO capacity of a DB instance Migrate to a DB instance class with high IO capacity

Convert from standard storage to provisioned IOPS storage and use a DB instance class optimized for provisioned IOPS

Provision additional throughput capacity (if using provisioned IOPS storage)

If your client application is caching the DNS data of your DB instances set a TTL of less than 30 seconds

Test failover for your DB instance

97copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon DynamoDB

Store any amount of data with no limits

Fast predictable performance using SSDs

Easily provision and change the request

capacity needed for each table

Fully managed NoSQL database serviceAmazon

DynamoDB

98copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Use Case

AdRoll an online advertising platform serves 50

billion impressions a day worldwide with its

global retargeting platforms

We spend more on snacks

than we do on Amazon

DynamoDB

Valentino Volonghi

CTO Adroll

rdquo

ldquoAdroll Uses AWS to grow by more than

15000 in a year

Needed high-performance flexible

platform to swiftly sync data for

worldwide audience

Processes 50 TB of data a day

Serves 50 billion impressions a day

Stores 15 PB of data

Worldwide deployment minimizes

latency

99copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Data Model

Table

MusicItems

Attributes (name-value pairs)

Artist Song

Title

Album

Title

Year Genre

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 50: AWSome Day Cork | Technical Track

50copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon EC2 Instance Storage

Local complimentary direct attached block storage resource

Availability number of disks and size is based on EC2

instance type

Storage optimized instances for up to 365000 Read IOPS

and 315000 First Write IOPS

SSD or magnetic

No persistence

All data is automatically deleted when an EC2 instance stops

fails or is terminated

51copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Reboot vs Stop vs Terminate

Characteristic Reboot StopStart (EBS-backed instances only)

Terminate

Host computer The instance stays on the

same host computer

The instance runs on a new

host computer

NA

Private and public

IP addresses

Stay the same Instance keeps its private IP

address and gets a new public

IP address

NA

Elastic IP addresses

(EIP)

EIP remains associated with

the instance

EIP remains associated with the

instance

The EIP is disassociated from the

instance

Instance store

volumes

The data is preserved The data is erased The data is erased

EBS volume The volume is preserved The volume is preserved The volume is deleted by default

Billing Instance billing hour doesnrsquot

change

You stop incurring charges as

soon as state is changed to

stopping

You stop incurring charges as

soon as state is changed to

shutting-down

52copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instructor Demo

Amazon S3

53copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Networking

Amazon VPC

54copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

Provision a private isolated virtual network

on the AWS cloud

Have complete control over your virtual

networking environmentAmazon

VPC

55copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

VPCs and Subnets

A subnet defines a range of IP addresses in your VPC

You can launch AWS resources into a subnet that you select

A private subnet should be used for resources that wonrsquot be accessible over the Internet

A public subnet should be used for resources that will be accessed over the Internet

Each subnet must reside entirely within one Availability Zone and cannot span zones

56copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon VPC Example

Availability Zone A

Virtual Private Cloud

AWS Cloud

Public Subnet

Internet

Virtual Private Cloud

Availability Zone B

Private Subnet

Availability Zone C

VPN Only Subnet

DB Server DB Server

App Server

DB Server DB Server

DB Server

Web Server Web Server

NAT

Customer

Network

R

57copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security in Your VPC

Security groups

Network access

control lists

(ACLs) Subnet

1000024Subnet

1001024

Internet GatewayVPN Gateway

VPC Router

1000016

Security Group Security

Group

Security

Group

Network ACL Network ACL

Routing Table Routing Table

instance instance instance instance

58copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answers

Q What AWS service would help support your web application to offload serving static assets and store user uploaded images and video off-instance

Q How would you find out the private and public IP addresses for an EC2 instance

Q What acts as an additional layer of security at the subnet level in a VPC

True or False S3 Provides unlimited storageTrue

Retrieve the instance metadata http169254169254latestmeta-data

Amazon S3

Network ACLs

59copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 3

Security Identity and Access

Management

60copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Shared Responsibility ndash AWS

AW

S

Client-side Data Encryption

and Data Integrity

Authentication

Server-side Encryption

(File System andor Data)Network Traffic Protection

(EncryptionIntegrityIdentity)

Platform Applications Identity and Access Management

Operating System Network and Firewall Configuration

Customer DataC

usto

mer

Foundation Services

Compute Storage Database Network

AWS Global

Infrastructure Regions

Availability Zones Edge

Locations

61copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Physical Security

247 trained security staff

AWS data centers in nondescript and undisclosed facilities

Two-factor authentication for authorized staff

Authorization for data center access

62copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Hardware Software and Network

Automated change-control process

Bastion servers that record all access attempts

Firewall and other boundary devices

AWS monitoring tools

63copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Certifications and Accreditations

ISO 9001 ISO 27001 ISO 27017 ISO 27018 IRAP (Australia) MLPS Level 3 (China)

MTCS Tier 3 Certification (Singapore) and more hellip

64copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SSL Endpoints

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

SSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

SSL Endpoints

65copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security Groups

SSL Endpoints Security Groups

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

66copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

VPCSSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

67copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Multi-Tier Security Groups

HTTP

SSHRDP

Ports 80 and 443 only

open to the Internet

Engineering staff have SSHRDP

access to Bastion Host

All other internet ports blocked by default

Bastion

68copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Identity and Access Management (IAM)

AWS IAM

3

Manage federated users

and their permissions

2

Manage AWS IAM roles

and their permissions

1

Manage AWS IAM users

and their access

69copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Authentication

AWS Management Console User Name and Password

IAM User

70copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Access Key ID AKIAIOSFODNN7EXAMPLE

Secret Access Key wJalrXUtnFEMIK7MDENGbPxRfiCYEXAMPLEKEY

Java Python NET

AWS SDK amp APIAWS CLI

Authentication

AWS CLI or SDK API Access Key and Secret Key

IAM User

71copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM User Management - Groups

User D

DevOps Group

User C

AWS Account

TestDev Group

User BUser A

72copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authorization

Authorization

Policies

Are JSON documents to

describe permissions

Are assigned to Users

Groups or Roles

IAM User IAM Group

IAM Roles

73copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Elements

Version 2012-10-17

Statement [

Sid Stmt1453690971587

Action [

ec2Describe

ec2StartInstances

ec2StopInstancesrdquo

]

Effect Allow

Resource

Condition

IpAddress

awsSourceIp 5464346532rdquo

Sid Stmt1453690998327

Action [

s3GetObjectrdquo

]

Effect Allow

Resource arnawss3example_bucketrdquo

]

IAM Policy

74copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

Assigned Assigned

IAM Policy

75copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

76copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Roles

An IAM role uses a policy

An IAM role has no associated credentials

IAM users applications and services may assume IAM

roles

IAM Roles

77copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

IAM User

Assumed Assumed

AWS Resources

78copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Access to AWS Resources

Python application hosted on an Amazon EC2 Instance

needs to interact with Amazon S3

AWS credentials are required

Option 1 Store AWS Credentials on the Amazon EC2 instance

Option 2 Securely distribute AWS credentials to AWS Services

and Applications

IAM Roles

79copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Authentication

AWS IAM Application

No Support No Support

OS

80copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication and Authorization

Authentication

AWS Management Console

bull User Name and Password

AWS CLI or SDK API

bull Access Key and Secret Key

Authorization

Policies

IAM User IAM Group

IAM Roles

81copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices

Delete AWS account (root) access keys

Create individual IAM users

Use groups to assign permissions to IAM users

Grant least privilege

Configure a strong password policy

Enable MFA for privileged users

82copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices (cont)

Use roles for applications that run on Amazon EC2

instances

Delegate by using roles instead of by sharing credentials

Rotate credentials regularly

Remove unnecessary users and credentials

Use policy conditions for extra security

Monitor activity in your AWS account

83copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Resource-Based Policies

Are an alternative to IAM and supported by some

services

Grant cross-account access to your resources

Use a principal to uniquely identify account in the policy

Supported AWS services include Amazon S3 Bucket Policy

Amazon SNS Topic Policy

Amazon SQS Queue Policy

Amazon Glacier Vault Policy

AWS OpsWorks Stack Policy

AWS Lambda Function Policy

84copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answer

Q Your web application needs to readwrite an Amazon DynamoDB table

and an Amazon S3 bucket This operation requires AWS credentials and

authorization to use AWS services What service would you use

AWS IAM Role

85copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 4

Databases

86copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SQL and NoSQL Databases

SQL NoSQL

Data Storage Rows and Columns Key-Value

Schemas Fixed Dynamic

Querying Using SQL Focused on collection of

documents

Scalability Vertical Horizontal

ISBN Title Author Format

9182932465265 Cloud Computing

Concepts

Wilson

Joe

Paperback

3142536475869 The Database

Guru

Gomez

Maria

eBook

SQL NoSQL

ISBN 9182932465265

Title ldquoCloud Computing Conceptsrdquo

Author ldquoWilson Joerdquo

Format ldquoPaperbackrdquo

87copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Data Storage Considerations

No one size fits all

Analyze your data requirements by considering

Data formats

Data size

Query frequency

Data access speed

Data retention period

88copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Managed Database Services

Compute Storage

AWS Global Infrastructure

Database

App Services

Deployment and Administration

Networking

Amazon DynamoDB

Amazon ElastiCache

Amazon RDS

Amazon Redshift

AWS Database Migration Service

89copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Relational Database Service (RDS)

Cost-efficient and resizable capacity

Manages time-consuming database

administration tasks

Access to the full capabilities of Amazon

Aurora MySQL MariaDB Microsoft SQL

Server Oracle and PostgreSQL databases

Amazon

RDS

90copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Use Case

We were able to go from

concept to delivered product

in about six months with just

a handful of engineers

Greg Scallan

Chief Architect Flipboard

rdquo

ldquoFlipboard is an online magazine

with millions of users and billions of

ldquoflipsrdquo per month

Flipboard is one of the worldrsquos first

social media magazines

Flipboard uses Amazon RDS and

its Multi-AZ capabilities to store

mission critical user data

91copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS

Simple and fast to deploy

Manages common database administrative tasks

Compatible with your applications

Fast predictable performance

Simple and fast to scale

Secure

Cost-effective

92copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

How Amazon RDS Backups Work

Automatic Backups

Restore your database to a

point in time

Are enabled by default

Let you choose a retention

period up to 35 days

Manual Snapshots

Let you build a new

database instance from a

snapshot

Are initiated by the user

Persist until the user deletes

them

Are stored in Amazon S3

93copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cross-Region Snapshots

Are a copy of a database

snapshot stored in a

different AWS Region

Provide a backup for

disaster recovery

Can be used as a base

for migration to a

different region

94copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Security

Run your DB instance in an Amazon VPC

Use IAM policies to grant access to Amazon RDS resources

Use security groups

Use Secure Socket Layer (SSL) connections with DB instances (Amazon Aurora Oracle MySQL MariaDB PostgreSQL Microsoft SQL Server)

Use Amazon RDS encryption to secure your RDS instances and snapshots at rest

Use network encryption and transparent data encryption (TDE) with Oracle DB and Microsoft SQL Server instances

Use the security features of your DB engine to control access to your DB instance

95copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

A Resilient Durable Application Architecture

Amazon RDS database

instances

Master and Multi-AZ standby

Application in Amazon

EC2 instances

Elastic Load Balancing

load balancer instance

DB snapshots in

Amazon S3

96copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Best Practices

Monitor your memory CPU and storage usage

Use Multi-AZ deployments to automatically provision and maintain a synchronous standby in a different Availability Zone

Enable automatic backups

Set the backup window to occur during the daily low in WriteIOPS

To increase the IO capacity of a DB instance Migrate to a DB instance class with high IO capacity

Convert from standard storage to provisioned IOPS storage and use a DB instance class optimized for provisioned IOPS

Provision additional throughput capacity (if using provisioned IOPS storage)

If your client application is caching the DNS data of your DB instances set a TTL of less than 30 seconds

Test failover for your DB instance

97copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon DynamoDB

Store any amount of data with no limits

Fast predictable performance using SSDs

Easily provision and change the request

capacity needed for each table

Fully managed NoSQL database serviceAmazon

DynamoDB

98copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Use Case

AdRoll an online advertising platform serves 50

billion impressions a day worldwide with its

global retargeting platforms

We spend more on snacks

than we do on Amazon

DynamoDB

Valentino Volonghi

CTO Adroll

rdquo

ldquoAdroll Uses AWS to grow by more than

15000 in a year

Needed high-performance flexible

platform to swiftly sync data for

worldwide audience

Processes 50 TB of data a day

Serves 50 billion impressions a day

Stores 15 PB of data

Worldwide deployment minimizes

latency

99copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Data Model

Table

MusicItems

Attributes (name-value pairs)

Artist Song

Title

Album

Title

Year Genre

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 51: AWSome Day Cork | Technical Track

51copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Reboot vs Stop vs Terminate

Characteristic Reboot StopStart (EBS-backed instances only)

Terminate

Host computer The instance stays on the

same host computer

The instance runs on a new

host computer

NA

Private and public

IP addresses

Stay the same Instance keeps its private IP

address and gets a new public

IP address

NA

Elastic IP addresses

(EIP)

EIP remains associated with

the instance

EIP remains associated with the

instance

The EIP is disassociated from the

instance

Instance store

volumes

The data is preserved The data is erased The data is erased

EBS volume The volume is preserved The volume is preserved The volume is deleted by default

Billing Instance billing hour doesnrsquot

change

You stop incurring charges as

soon as state is changed to

stopping

You stop incurring charges as

soon as state is changed to

shutting-down

52copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instructor Demo

Amazon S3

53copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Networking

Amazon VPC

54copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

Provision a private isolated virtual network

on the AWS cloud

Have complete control over your virtual

networking environmentAmazon

VPC

55copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

VPCs and Subnets

A subnet defines a range of IP addresses in your VPC

You can launch AWS resources into a subnet that you select

A private subnet should be used for resources that wonrsquot be accessible over the Internet

A public subnet should be used for resources that will be accessed over the Internet

Each subnet must reside entirely within one Availability Zone and cannot span zones

56copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon VPC Example

Availability Zone A

Virtual Private Cloud

AWS Cloud

Public Subnet

Internet

Virtual Private Cloud

Availability Zone B

Private Subnet

Availability Zone C

VPN Only Subnet

DB Server DB Server

App Server

DB Server DB Server

DB Server

Web Server Web Server

NAT

Customer

Network

R

57copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security in Your VPC

Security groups

Network access

control lists

(ACLs) Subnet

1000024Subnet

1001024

Internet GatewayVPN Gateway

VPC Router

1000016

Security Group Security

Group

Security

Group

Network ACL Network ACL

Routing Table Routing Table

instance instance instance instance

58copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answers

Q What AWS service would help support your web application to offload serving static assets and store user uploaded images and video off-instance

Q How would you find out the private and public IP addresses for an EC2 instance

Q What acts as an additional layer of security at the subnet level in a VPC

True or False S3 Provides unlimited storageTrue

Retrieve the instance metadata http169254169254latestmeta-data

Amazon S3

Network ACLs

59copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 3

Security Identity and Access

Management

60copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Shared Responsibility ndash AWS

AW

S

Client-side Data Encryption

and Data Integrity

Authentication

Server-side Encryption

(File System andor Data)Network Traffic Protection

(EncryptionIntegrityIdentity)

Platform Applications Identity and Access Management

Operating System Network and Firewall Configuration

Customer DataC

usto

mer

Foundation Services

Compute Storage Database Network

AWS Global

Infrastructure Regions

Availability Zones Edge

Locations

61copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Physical Security

247 trained security staff

AWS data centers in nondescript and undisclosed facilities

Two-factor authentication for authorized staff

Authorization for data center access

62copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Hardware Software and Network

Automated change-control process

Bastion servers that record all access attempts

Firewall and other boundary devices

AWS monitoring tools

63copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Certifications and Accreditations

ISO 9001 ISO 27001 ISO 27017 ISO 27018 IRAP (Australia) MLPS Level 3 (China)

MTCS Tier 3 Certification (Singapore) and more hellip

64copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SSL Endpoints

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

SSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

SSL Endpoints

65copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security Groups

SSL Endpoints Security Groups

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

66copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

VPCSSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

67copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Multi-Tier Security Groups

HTTP

SSHRDP

Ports 80 and 443 only

open to the Internet

Engineering staff have SSHRDP

access to Bastion Host

All other internet ports blocked by default

Bastion

68copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Identity and Access Management (IAM)

AWS IAM

3

Manage federated users

and their permissions

2

Manage AWS IAM roles

and their permissions

1

Manage AWS IAM users

and their access

69copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Authentication

AWS Management Console User Name and Password

IAM User

70copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Access Key ID AKIAIOSFODNN7EXAMPLE

Secret Access Key wJalrXUtnFEMIK7MDENGbPxRfiCYEXAMPLEKEY

Java Python NET

AWS SDK amp APIAWS CLI

Authentication

AWS CLI or SDK API Access Key and Secret Key

IAM User

71copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM User Management - Groups

User D

DevOps Group

User C

AWS Account

TestDev Group

User BUser A

72copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authorization

Authorization

Policies

Are JSON documents to

describe permissions

Are assigned to Users

Groups or Roles

IAM User IAM Group

IAM Roles

73copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Elements

Version 2012-10-17

Statement [

Sid Stmt1453690971587

Action [

ec2Describe

ec2StartInstances

ec2StopInstancesrdquo

]

Effect Allow

Resource

Condition

IpAddress

awsSourceIp 5464346532rdquo

Sid Stmt1453690998327

Action [

s3GetObjectrdquo

]

Effect Allow

Resource arnawss3example_bucketrdquo

]

IAM Policy

74copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

Assigned Assigned

IAM Policy

75copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

76copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Roles

An IAM role uses a policy

An IAM role has no associated credentials

IAM users applications and services may assume IAM

roles

IAM Roles

77copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

IAM User

Assumed Assumed

AWS Resources

78copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Access to AWS Resources

Python application hosted on an Amazon EC2 Instance

needs to interact with Amazon S3

AWS credentials are required

Option 1 Store AWS Credentials on the Amazon EC2 instance

Option 2 Securely distribute AWS credentials to AWS Services

and Applications

IAM Roles

79copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Authentication

AWS IAM Application

No Support No Support

OS

80copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication and Authorization

Authentication

AWS Management Console

bull User Name and Password

AWS CLI or SDK API

bull Access Key and Secret Key

Authorization

Policies

IAM User IAM Group

IAM Roles

81copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices

Delete AWS account (root) access keys

Create individual IAM users

Use groups to assign permissions to IAM users

Grant least privilege

Configure a strong password policy

Enable MFA for privileged users

82copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices (cont)

Use roles for applications that run on Amazon EC2

instances

Delegate by using roles instead of by sharing credentials

Rotate credentials regularly

Remove unnecessary users and credentials

Use policy conditions for extra security

Monitor activity in your AWS account

83copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Resource-Based Policies

Are an alternative to IAM and supported by some

services

Grant cross-account access to your resources

Use a principal to uniquely identify account in the policy

Supported AWS services include Amazon S3 Bucket Policy

Amazon SNS Topic Policy

Amazon SQS Queue Policy

Amazon Glacier Vault Policy

AWS OpsWorks Stack Policy

AWS Lambda Function Policy

84copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answer

Q Your web application needs to readwrite an Amazon DynamoDB table

and an Amazon S3 bucket This operation requires AWS credentials and

authorization to use AWS services What service would you use

AWS IAM Role

85copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 4

Databases

86copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SQL and NoSQL Databases

SQL NoSQL

Data Storage Rows and Columns Key-Value

Schemas Fixed Dynamic

Querying Using SQL Focused on collection of

documents

Scalability Vertical Horizontal

ISBN Title Author Format

9182932465265 Cloud Computing

Concepts

Wilson

Joe

Paperback

3142536475869 The Database

Guru

Gomez

Maria

eBook

SQL NoSQL

ISBN 9182932465265

Title ldquoCloud Computing Conceptsrdquo

Author ldquoWilson Joerdquo

Format ldquoPaperbackrdquo

87copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Data Storage Considerations

No one size fits all

Analyze your data requirements by considering

Data formats

Data size

Query frequency

Data access speed

Data retention period

88copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Managed Database Services

Compute Storage

AWS Global Infrastructure

Database

App Services

Deployment and Administration

Networking

Amazon DynamoDB

Amazon ElastiCache

Amazon RDS

Amazon Redshift

AWS Database Migration Service

89copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Relational Database Service (RDS)

Cost-efficient and resizable capacity

Manages time-consuming database

administration tasks

Access to the full capabilities of Amazon

Aurora MySQL MariaDB Microsoft SQL

Server Oracle and PostgreSQL databases

Amazon

RDS

90copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Use Case

We were able to go from

concept to delivered product

in about six months with just

a handful of engineers

Greg Scallan

Chief Architect Flipboard

rdquo

ldquoFlipboard is an online magazine

with millions of users and billions of

ldquoflipsrdquo per month

Flipboard is one of the worldrsquos first

social media magazines

Flipboard uses Amazon RDS and

its Multi-AZ capabilities to store

mission critical user data

91copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS

Simple and fast to deploy

Manages common database administrative tasks

Compatible with your applications

Fast predictable performance

Simple and fast to scale

Secure

Cost-effective

92copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

How Amazon RDS Backups Work

Automatic Backups

Restore your database to a

point in time

Are enabled by default

Let you choose a retention

period up to 35 days

Manual Snapshots

Let you build a new

database instance from a

snapshot

Are initiated by the user

Persist until the user deletes

them

Are stored in Amazon S3

93copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cross-Region Snapshots

Are a copy of a database

snapshot stored in a

different AWS Region

Provide a backup for

disaster recovery

Can be used as a base

for migration to a

different region

94copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Security

Run your DB instance in an Amazon VPC

Use IAM policies to grant access to Amazon RDS resources

Use security groups

Use Secure Socket Layer (SSL) connections with DB instances (Amazon Aurora Oracle MySQL MariaDB PostgreSQL Microsoft SQL Server)

Use Amazon RDS encryption to secure your RDS instances and snapshots at rest

Use network encryption and transparent data encryption (TDE) with Oracle DB and Microsoft SQL Server instances

Use the security features of your DB engine to control access to your DB instance

95copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

A Resilient Durable Application Architecture

Amazon RDS database

instances

Master and Multi-AZ standby

Application in Amazon

EC2 instances

Elastic Load Balancing

load balancer instance

DB snapshots in

Amazon S3

96copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Best Practices

Monitor your memory CPU and storage usage

Use Multi-AZ deployments to automatically provision and maintain a synchronous standby in a different Availability Zone

Enable automatic backups

Set the backup window to occur during the daily low in WriteIOPS

To increase the IO capacity of a DB instance Migrate to a DB instance class with high IO capacity

Convert from standard storage to provisioned IOPS storage and use a DB instance class optimized for provisioned IOPS

Provision additional throughput capacity (if using provisioned IOPS storage)

If your client application is caching the DNS data of your DB instances set a TTL of less than 30 seconds

Test failover for your DB instance

97copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon DynamoDB

Store any amount of data with no limits

Fast predictable performance using SSDs

Easily provision and change the request

capacity needed for each table

Fully managed NoSQL database serviceAmazon

DynamoDB

98copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Use Case

AdRoll an online advertising platform serves 50

billion impressions a day worldwide with its

global retargeting platforms

We spend more on snacks

than we do on Amazon

DynamoDB

Valentino Volonghi

CTO Adroll

rdquo

ldquoAdroll Uses AWS to grow by more than

15000 in a year

Needed high-performance flexible

platform to swiftly sync data for

worldwide audience

Processes 50 TB of data a day

Serves 50 billion impressions a day

Stores 15 PB of data

Worldwide deployment minimizes

latency

99copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Data Model

Table

MusicItems

Attributes (name-value pairs)

Artist Song

Title

Album

Title

Year Genre

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 52: AWSome Day Cork | Technical Track

52copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Instructor Demo

Amazon S3

53copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Networking

Amazon VPC

54copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

Provision a private isolated virtual network

on the AWS cloud

Have complete control over your virtual

networking environmentAmazon

VPC

55copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

VPCs and Subnets

A subnet defines a range of IP addresses in your VPC

You can launch AWS resources into a subnet that you select

A private subnet should be used for resources that wonrsquot be accessible over the Internet

A public subnet should be used for resources that will be accessed over the Internet

Each subnet must reside entirely within one Availability Zone and cannot span zones

56copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon VPC Example

Availability Zone A

Virtual Private Cloud

AWS Cloud

Public Subnet

Internet

Virtual Private Cloud

Availability Zone B

Private Subnet

Availability Zone C

VPN Only Subnet

DB Server DB Server

App Server

DB Server DB Server

DB Server

Web Server Web Server

NAT

Customer

Network

R

57copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security in Your VPC

Security groups

Network access

control lists

(ACLs) Subnet

1000024Subnet

1001024

Internet GatewayVPN Gateway

VPC Router

1000016

Security Group Security

Group

Security

Group

Network ACL Network ACL

Routing Table Routing Table

instance instance instance instance

58copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answers

Q What AWS service would help support your web application to offload serving static assets and store user uploaded images and video off-instance

Q How would you find out the private and public IP addresses for an EC2 instance

Q What acts as an additional layer of security at the subnet level in a VPC

True or False S3 Provides unlimited storageTrue

Retrieve the instance metadata http169254169254latestmeta-data

Amazon S3

Network ACLs

59copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 3

Security Identity and Access

Management

60copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Shared Responsibility ndash AWS

AW

S

Client-side Data Encryption

and Data Integrity

Authentication

Server-side Encryption

(File System andor Data)Network Traffic Protection

(EncryptionIntegrityIdentity)

Platform Applications Identity and Access Management

Operating System Network and Firewall Configuration

Customer DataC

usto

mer

Foundation Services

Compute Storage Database Network

AWS Global

Infrastructure Regions

Availability Zones Edge

Locations

61copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Physical Security

247 trained security staff

AWS data centers in nondescript and undisclosed facilities

Two-factor authentication for authorized staff

Authorization for data center access

62copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Hardware Software and Network

Automated change-control process

Bastion servers that record all access attempts

Firewall and other boundary devices

AWS monitoring tools

63copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Certifications and Accreditations

ISO 9001 ISO 27001 ISO 27017 ISO 27018 IRAP (Australia) MLPS Level 3 (China)

MTCS Tier 3 Certification (Singapore) and more hellip

64copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SSL Endpoints

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

SSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

SSL Endpoints

65copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security Groups

SSL Endpoints Security Groups

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

66copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

VPCSSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

67copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Multi-Tier Security Groups

HTTP

SSHRDP

Ports 80 and 443 only

open to the Internet

Engineering staff have SSHRDP

access to Bastion Host

All other internet ports blocked by default

Bastion

68copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Identity and Access Management (IAM)

AWS IAM

3

Manage federated users

and their permissions

2

Manage AWS IAM roles

and their permissions

1

Manage AWS IAM users

and their access

69copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Authentication

AWS Management Console User Name and Password

IAM User

70copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Access Key ID AKIAIOSFODNN7EXAMPLE

Secret Access Key wJalrXUtnFEMIK7MDENGbPxRfiCYEXAMPLEKEY

Java Python NET

AWS SDK amp APIAWS CLI

Authentication

AWS CLI or SDK API Access Key and Secret Key

IAM User

71copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM User Management - Groups

User D

DevOps Group

User C

AWS Account

TestDev Group

User BUser A

72copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authorization

Authorization

Policies

Are JSON documents to

describe permissions

Are assigned to Users

Groups or Roles

IAM User IAM Group

IAM Roles

73copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Elements

Version 2012-10-17

Statement [

Sid Stmt1453690971587

Action [

ec2Describe

ec2StartInstances

ec2StopInstancesrdquo

]

Effect Allow

Resource

Condition

IpAddress

awsSourceIp 5464346532rdquo

Sid Stmt1453690998327

Action [

s3GetObjectrdquo

]

Effect Allow

Resource arnawss3example_bucketrdquo

]

IAM Policy

74copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

Assigned Assigned

IAM Policy

75copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

76copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Roles

An IAM role uses a policy

An IAM role has no associated credentials

IAM users applications and services may assume IAM

roles

IAM Roles

77copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

IAM User

Assumed Assumed

AWS Resources

78copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Access to AWS Resources

Python application hosted on an Amazon EC2 Instance

needs to interact with Amazon S3

AWS credentials are required

Option 1 Store AWS Credentials on the Amazon EC2 instance

Option 2 Securely distribute AWS credentials to AWS Services

and Applications

IAM Roles

79copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Authentication

AWS IAM Application

No Support No Support

OS

80copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication and Authorization

Authentication

AWS Management Console

bull User Name and Password

AWS CLI or SDK API

bull Access Key and Secret Key

Authorization

Policies

IAM User IAM Group

IAM Roles

81copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices

Delete AWS account (root) access keys

Create individual IAM users

Use groups to assign permissions to IAM users

Grant least privilege

Configure a strong password policy

Enable MFA for privileged users

82copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices (cont)

Use roles for applications that run on Amazon EC2

instances

Delegate by using roles instead of by sharing credentials

Rotate credentials regularly

Remove unnecessary users and credentials

Use policy conditions for extra security

Monitor activity in your AWS account

83copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Resource-Based Policies

Are an alternative to IAM and supported by some

services

Grant cross-account access to your resources

Use a principal to uniquely identify account in the policy

Supported AWS services include Amazon S3 Bucket Policy

Amazon SNS Topic Policy

Amazon SQS Queue Policy

Amazon Glacier Vault Policy

AWS OpsWorks Stack Policy

AWS Lambda Function Policy

84copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answer

Q Your web application needs to readwrite an Amazon DynamoDB table

and an Amazon S3 bucket This operation requires AWS credentials and

authorization to use AWS services What service would you use

AWS IAM Role

85copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 4

Databases

86copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SQL and NoSQL Databases

SQL NoSQL

Data Storage Rows and Columns Key-Value

Schemas Fixed Dynamic

Querying Using SQL Focused on collection of

documents

Scalability Vertical Horizontal

ISBN Title Author Format

9182932465265 Cloud Computing

Concepts

Wilson

Joe

Paperback

3142536475869 The Database

Guru

Gomez

Maria

eBook

SQL NoSQL

ISBN 9182932465265

Title ldquoCloud Computing Conceptsrdquo

Author ldquoWilson Joerdquo

Format ldquoPaperbackrdquo

87copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Data Storage Considerations

No one size fits all

Analyze your data requirements by considering

Data formats

Data size

Query frequency

Data access speed

Data retention period

88copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Managed Database Services

Compute Storage

AWS Global Infrastructure

Database

App Services

Deployment and Administration

Networking

Amazon DynamoDB

Amazon ElastiCache

Amazon RDS

Amazon Redshift

AWS Database Migration Service

89copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Relational Database Service (RDS)

Cost-efficient and resizable capacity

Manages time-consuming database

administration tasks

Access to the full capabilities of Amazon

Aurora MySQL MariaDB Microsoft SQL

Server Oracle and PostgreSQL databases

Amazon

RDS

90copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Use Case

We were able to go from

concept to delivered product

in about six months with just

a handful of engineers

Greg Scallan

Chief Architect Flipboard

rdquo

ldquoFlipboard is an online magazine

with millions of users and billions of

ldquoflipsrdquo per month

Flipboard is one of the worldrsquos first

social media magazines

Flipboard uses Amazon RDS and

its Multi-AZ capabilities to store

mission critical user data

91copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS

Simple and fast to deploy

Manages common database administrative tasks

Compatible with your applications

Fast predictable performance

Simple and fast to scale

Secure

Cost-effective

92copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

How Amazon RDS Backups Work

Automatic Backups

Restore your database to a

point in time

Are enabled by default

Let you choose a retention

period up to 35 days

Manual Snapshots

Let you build a new

database instance from a

snapshot

Are initiated by the user

Persist until the user deletes

them

Are stored in Amazon S3

93copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cross-Region Snapshots

Are a copy of a database

snapshot stored in a

different AWS Region

Provide a backup for

disaster recovery

Can be used as a base

for migration to a

different region

94copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Security

Run your DB instance in an Amazon VPC

Use IAM policies to grant access to Amazon RDS resources

Use security groups

Use Secure Socket Layer (SSL) connections with DB instances (Amazon Aurora Oracle MySQL MariaDB PostgreSQL Microsoft SQL Server)

Use Amazon RDS encryption to secure your RDS instances and snapshots at rest

Use network encryption and transparent data encryption (TDE) with Oracle DB and Microsoft SQL Server instances

Use the security features of your DB engine to control access to your DB instance

95copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

A Resilient Durable Application Architecture

Amazon RDS database

instances

Master and Multi-AZ standby

Application in Amazon

EC2 instances

Elastic Load Balancing

load balancer instance

DB snapshots in

Amazon S3

96copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Best Practices

Monitor your memory CPU and storage usage

Use Multi-AZ deployments to automatically provision and maintain a synchronous standby in a different Availability Zone

Enable automatic backups

Set the backup window to occur during the daily low in WriteIOPS

To increase the IO capacity of a DB instance Migrate to a DB instance class with high IO capacity

Convert from standard storage to provisioned IOPS storage and use a DB instance class optimized for provisioned IOPS

Provision additional throughput capacity (if using provisioned IOPS storage)

If your client application is caching the DNS data of your DB instances set a TTL of less than 30 seconds

Test failover for your DB instance

97copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon DynamoDB

Store any amount of data with no limits

Fast predictable performance using SSDs

Easily provision and change the request

capacity needed for each table

Fully managed NoSQL database serviceAmazon

DynamoDB

98copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Use Case

AdRoll an online advertising platform serves 50

billion impressions a day worldwide with its

global retargeting platforms

We spend more on snacks

than we do on Amazon

DynamoDB

Valentino Volonghi

CTO Adroll

rdquo

ldquoAdroll Uses AWS to grow by more than

15000 in a year

Needed high-performance flexible

platform to swiftly sync data for

worldwide audience

Processes 50 TB of data a day

Serves 50 billion impressions a day

Stores 15 PB of data

Worldwide deployment minimizes

latency

99copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Data Model

Table

MusicItems

Attributes (name-value pairs)

Artist Song

Title

Album

Title

Year Genre

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 53: AWSome Day Cork | Technical Track

53copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Networking

Amazon VPC

54copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

Provision a private isolated virtual network

on the AWS cloud

Have complete control over your virtual

networking environmentAmazon

VPC

55copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

VPCs and Subnets

A subnet defines a range of IP addresses in your VPC

You can launch AWS resources into a subnet that you select

A private subnet should be used for resources that wonrsquot be accessible over the Internet

A public subnet should be used for resources that will be accessed over the Internet

Each subnet must reside entirely within one Availability Zone and cannot span zones

56copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon VPC Example

Availability Zone A

Virtual Private Cloud

AWS Cloud

Public Subnet

Internet

Virtual Private Cloud

Availability Zone B

Private Subnet

Availability Zone C

VPN Only Subnet

DB Server DB Server

App Server

DB Server DB Server

DB Server

Web Server Web Server

NAT

Customer

Network

R

57copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security in Your VPC

Security groups

Network access

control lists

(ACLs) Subnet

1000024Subnet

1001024

Internet GatewayVPN Gateway

VPC Router

1000016

Security Group Security

Group

Security

Group

Network ACL Network ACL

Routing Table Routing Table

instance instance instance instance

58copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answers

Q What AWS service would help support your web application to offload serving static assets and store user uploaded images and video off-instance

Q How would you find out the private and public IP addresses for an EC2 instance

Q What acts as an additional layer of security at the subnet level in a VPC

True or False S3 Provides unlimited storageTrue

Retrieve the instance metadata http169254169254latestmeta-data

Amazon S3

Network ACLs

59copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 3

Security Identity and Access

Management

60copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Shared Responsibility ndash AWS

AW

S

Client-side Data Encryption

and Data Integrity

Authentication

Server-side Encryption

(File System andor Data)Network Traffic Protection

(EncryptionIntegrityIdentity)

Platform Applications Identity and Access Management

Operating System Network and Firewall Configuration

Customer DataC

usto

mer

Foundation Services

Compute Storage Database Network

AWS Global

Infrastructure Regions

Availability Zones Edge

Locations

61copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Physical Security

247 trained security staff

AWS data centers in nondescript and undisclosed facilities

Two-factor authentication for authorized staff

Authorization for data center access

62copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Hardware Software and Network

Automated change-control process

Bastion servers that record all access attempts

Firewall and other boundary devices

AWS monitoring tools

63copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Certifications and Accreditations

ISO 9001 ISO 27001 ISO 27017 ISO 27018 IRAP (Australia) MLPS Level 3 (China)

MTCS Tier 3 Certification (Singapore) and more hellip

64copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SSL Endpoints

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

SSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

SSL Endpoints

65copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security Groups

SSL Endpoints Security Groups

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

66copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

VPCSSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

67copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Multi-Tier Security Groups

HTTP

SSHRDP

Ports 80 and 443 only

open to the Internet

Engineering staff have SSHRDP

access to Bastion Host

All other internet ports blocked by default

Bastion

68copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Identity and Access Management (IAM)

AWS IAM

3

Manage federated users

and their permissions

2

Manage AWS IAM roles

and their permissions

1

Manage AWS IAM users

and their access

69copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Authentication

AWS Management Console User Name and Password

IAM User

70copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Access Key ID AKIAIOSFODNN7EXAMPLE

Secret Access Key wJalrXUtnFEMIK7MDENGbPxRfiCYEXAMPLEKEY

Java Python NET

AWS SDK amp APIAWS CLI

Authentication

AWS CLI or SDK API Access Key and Secret Key

IAM User

71copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM User Management - Groups

User D

DevOps Group

User C

AWS Account

TestDev Group

User BUser A

72copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authorization

Authorization

Policies

Are JSON documents to

describe permissions

Are assigned to Users

Groups or Roles

IAM User IAM Group

IAM Roles

73copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Elements

Version 2012-10-17

Statement [

Sid Stmt1453690971587

Action [

ec2Describe

ec2StartInstances

ec2StopInstancesrdquo

]

Effect Allow

Resource

Condition

IpAddress

awsSourceIp 5464346532rdquo

Sid Stmt1453690998327

Action [

s3GetObjectrdquo

]

Effect Allow

Resource arnawss3example_bucketrdquo

]

IAM Policy

74copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

Assigned Assigned

IAM Policy

75copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

76copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Roles

An IAM role uses a policy

An IAM role has no associated credentials

IAM users applications and services may assume IAM

roles

IAM Roles

77copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

IAM User

Assumed Assumed

AWS Resources

78copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Access to AWS Resources

Python application hosted on an Amazon EC2 Instance

needs to interact with Amazon S3

AWS credentials are required

Option 1 Store AWS Credentials on the Amazon EC2 instance

Option 2 Securely distribute AWS credentials to AWS Services

and Applications

IAM Roles

79copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Authentication

AWS IAM Application

No Support No Support

OS

80copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication and Authorization

Authentication

AWS Management Console

bull User Name and Password

AWS CLI or SDK API

bull Access Key and Secret Key

Authorization

Policies

IAM User IAM Group

IAM Roles

81copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices

Delete AWS account (root) access keys

Create individual IAM users

Use groups to assign permissions to IAM users

Grant least privilege

Configure a strong password policy

Enable MFA for privileged users

82copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices (cont)

Use roles for applications that run on Amazon EC2

instances

Delegate by using roles instead of by sharing credentials

Rotate credentials regularly

Remove unnecessary users and credentials

Use policy conditions for extra security

Monitor activity in your AWS account

83copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Resource-Based Policies

Are an alternative to IAM and supported by some

services

Grant cross-account access to your resources

Use a principal to uniquely identify account in the policy

Supported AWS services include Amazon S3 Bucket Policy

Amazon SNS Topic Policy

Amazon SQS Queue Policy

Amazon Glacier Vault Policy

AWS OpsWorks Stack Policy

AWS Lambda Function Policy

84copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answer

Q Your web application needs to readwrite an Amazon DynamoDB table

and an Amazon S3 bucket This operation requires AWS credentials and

authorization to use AWS services What service would you use

AWS IAM Role

85copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 4

Databases

86copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SQL and NoSQL Databases

SQL NoSQL

Data Storage Rows and Columns Key-Value

Schemas Fixed Dynamic

Querying Using SQL Focused on collection of

documents

Scalability Vertical Horizontal

ISBN Title Author Format

9182932465265 Cloud Computing

Concepts

Wilson

Joe

Paperback

3142536475869 The Database

Guru

Gomez

Maria

eBook

SQL NoSQL

ISBN 9182932465265

Title ldquoCloud Computing Conceptsrdquo

Author ldquoWilson Joerdquo

Format ldquoPaperbackrdquo

87copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Data Storage Considerations

No one size fits all

Analyze your data requirements by considering

Data formats

Data size

Query frequency

Data access speed

Data retention period

88copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Managed Database Services

Compute Storage

AWS Global Infrastructure

Database

App Services

Deployment and Administration

Networking

Amazon DynamoDB

Amazon ElastiCache

Amazon RDS

Amazon Redshift

AWS Database Migration Service

89copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Relational Database Service (RDS)

Cost-efficient and resizable capacity

Manages time-consuming database

administration tasks

Access to the full capabilities of Amazon

Aurora MySQL MariaDB Microsoft SQL

Server Oracle and PostgreSQL databases

Amazon

RDS

90copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Use Case

We were able to go from

concept to delivered product

in about six months with just

a handful of engineers

Greg Scallan

Chief Architect Flipboard

rdquo

ldquoFlipboard is an online magazine

with millions of users and billions of

ldquoflipsrdquo per month

Flipboard is one of the worldrsquos first

social media magazines

Flipboard uses Amazon RDS and

its Multi-AZ capabilities to store

mission critical user data

91copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS

Simple and fast to deploy

Manages common database administrative tasks

Compatible with your applications

Fast predictable performance

Simple and fast to scale

Secure

Cost-effective

92copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

How Amazon RDS Backups Work

Automatic Backups

Restore your database to a

point in time

Are enabled by default

Let you choose a retention

period up to 35 days

Manual Snapshots

Let you build a new

database instance from a

snapshot

Are initiated by the user

Persist until the user deletes

them

Are stored in Amazon S3

93copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cross-Region Snapshots

Are a copy of a database

snapshot stored in a

different AWS Region

Provide a backup for

disaster recovery

Can be used as a base

for migration to a

different region

94copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Security

Run your DB instance in an Amazon VPC

Use IAM policies to grant access to Amazon RDS resources

Use security groups

Use Secure Socket Layer (SSL) connections with DB instances (Amazon Aurora Oracle MySQL MariaDB PostgreSQL Microsoft SQL Server)

Use Amazon RDS encryption to secure your RDS instances and snapshots at rest

Use network encryption and transparent data encryption (TDE) with Oracle DB and Microsoft SQL Server instances

Use the security features of your DB engine to control access to your DB instance

95copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

A Resilient Durable Application Architecture

Amazon RDS database

instances

Master and Multi-AZ standby

Application in Amazon

EC2 instances

Elastic Load Balancing

load balancer instance

DB snapshots in

Amazon S3

96copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Best Practices

Monitor your memory CPU and storage usage

Use Multi-AZ deployments to automatically provision and maintain a synchronous standby in a different Availability Zone

Enable automatic backups

Set the backup window to occur during the daily low in WriteIOPS

To increase the IO capacity of a DB instance Migrate to a DB instance class with high IO capacity

Convert from standard storage to provisioned IOPS storage and use a DB instance class optimized for provisioned IOPS

Provision additional throughput capacity (if using provisioned IOPS storage)

If your client application is caching the DNS data of your DB instances set a TTL of less than 30 seconds

Test failover for your DB instance

97copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon DynamoDB

Store any amount of data with no limits

Fast predictable performance using SSDs

Easily provision and change the request

capacity needed for each table

Fully managed NoSQL database serviceAmazon

DynamoDB

98copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Use Case

AdRoll an online advertising platform serves 50

billion impressions a day worldwide with its

global retargeting platforms

We spend more on snacks

than we do on Amazon

DynamoDB

Valentino Volonghi

CTO Adroll

rdquo

ldquoAdroll Uses AWS to grow by more than

15000 in a year

Needed high-performance flexible

platform to swiftly sync data for

worldwide audience

Processes 50 TB of data a day

Serves 50 billion impressions a day

Stores 15 PB of data

Worldwide deployment minimizes

latency

99copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Data Model

Table

MusicItems

Attributes (name-value pairs)

Artist Song

Title

Album

Title

Year Genre

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 54: AWSome Day Cork | Technical Track

54copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

Provision a private isolated virtual network

on the AWS cloud

Have complete control over your virtual

networking environmentAmazon

VPC

55copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

VPCs and Subnets

A subnet defines a range of IP addresses in your VPC

You can launch AWS resources into a subnet that you select

A private subnet should be used for resources that wonrsquot be accessible over the Internet

A public subnet should be used for resources that will be accessed over the Internet

Each subnet must reside entirely within one Availability Zone and cannot span zones

56copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon VPC Example

Availability Zone A

Virtual Private Cloud

AWS Cloud

Public Subnet

Internet

Virtual Private Cloud

Availability Zone B

Private Subnet

Availability Zone C

VPN Only Subnet

DB Server DB Server

App Server

DB Server DB Server

DB Server

Web Server Web Server

NAT

Customer

Network

R

57copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security in Your VPC

Security groups

Network access

control lists

(ACLs) Subnet

1000024Subnet

1001024

Internet GatewayVPN Gateway

VPC Router

1000016

Security Group Security

Group

Security

Group

Network ACL Network ACL

Routing Table Routing Table

instance instance instance instance

58copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answers

Q What AWS service would help support your web application to offload serving static assets and store user uploaded images and video off-instance

Q How would you find out the private and public IP addresses for an EC2 instance

Q What acts as an additional layer of security at the subnet level in a VPC

True or False S3 Provides unlimited storageTrue

Retrieve the instance metadata http169254169254latestmeta-data

Amazon S3

Network ACLs

59copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 3

Security Identity and Access

Management

60copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Shared Responsibility ndash AWS

AW

S

Client-side Data Encryption

and Data Integrity

Authentication

Server-side Encryption

(File System andor Data)Network Traffic Protection

(EncryptionIntegrityIdentity)

Platform Applications Identity and Access Management

Operating System Network and Firewall Configuration

Customer DataC

usto

mer

Foundation Services

Compute Storage Database Network

AWS Global

Infrastructure Regions

Availability Zones Edge

Locations

61copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Physical Security

247 trained security staff

AWS data centers in nondescript and undisclosed facilities

Two-factor authentication for authorized staff

Authorization for data center access

62copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Hardware Software and Network

Automated change-control process

Bastion servers that record all access attempts

Firewall and other boundary devices

AWS monitoring tools

63copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Certifications and Accreditations

ISO 9001 ISO 27001 ISO 27017 ISO 27018 IRAP (Australia) MLPS Level 3 (China)

MTCS Tier 3 Certification (Singapore) and more hellip

64copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SSL Endpoints

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

SSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

SSL Endpoints

65copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security Groups

SSL Endpoints Security Groups

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

66copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

VPCSSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

67copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Multi-Tier Security Groups

HTTP

SSHRDP

Ports 80 and 443 only

open to the Internet

Engineering staff have SSHRDP

access to Bastion Host

All other internet ports blocked by default

Bastion

68copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Identity and Access Management (IAM)

AWS IAM

3

Manage federated users

and their permissions

2

Manage AWS IAM roles

and their permissions

1

Manage AWS IAM users

and their access

69copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Authentication

AWS Management Console User Name and Password

IAM User

70copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Access Key ID AKIAIOSFODNN7EXAMPLE

Secret Access Key wJalrXUtnFEMIK7MDENGbPxRfiCYEXAMPLEKEY

Java Python NET

AWS SDK amp APIAWS CLI

Authentication

AWS CLI or SDK API Access Key and Secret Key

IAM User

71copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM User Management - Groups

User D

DevOps Group

User C

AWS Account

TestDev Group

User BUser A

72copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authorization

Authorization

Policies

Are JSON documents to

describe permissions

Are assigned to Users

Groups or Roles

IAM User IAM Group

IAM Roles

73copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Elements

Version 2012-10-17

Statement [

Sid Stmt1453690971587

Action [

ec2Describe

ec2StartInstances

ec2StopInstancesrdquo

]

Effect Allow

Resource

Condition

IpAddress

awsSourceIp 5464346532rdquo

Sid Stmt1453690998327

Action [

s3GetObjectrdquo

]

Effect Allow

Resource arnawss3example_bucketrdquo

]

IAM Policy

74copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

Assigned Assigned

IAM Policy

75copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

76copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Roles

An IAM role uses a policy

An IAM role has no associated credentials

IAM users applications and services may assume IAM

roles

IAM Roles

77copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

IAM User

Assumed Assumed

AWS Resources

78copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Access to AWS Resources

Python application hosted on an Amazon EC2 Instance

needs to interact with Amazon S3

AWS credentials are required

Option 1 Store AWS Credentials on the Amazon EC2 instance

Option 2 Securely distribute AWS credentials to AWS Services

and Applications

IAM Roles

79copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Authentication

AWS IAM Application

No Support No Support

OS

80copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication and Authorization

Authentication

AWS Management Console

bull User Name and Password

AWS CLI or SDK API

bull Access Key and Secret Key

Authorization

Policies

IAM User IAM Group

IAM Roles

81copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices

Delete AWS account (root) access keys

Create individual IAM users

Use groups to assign permissions to IAM users

Grant least privilege

Configure a strong password policy

Enable MFA for privileged users

82copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices (cont)

Use roles for applications that run on Amazon EC2

instances

Delegate by using roles instead of by sharing credentials

Rotate credentials regularly

Remove unnecessary users and credentials

Use policy conditions for extra security

Monitor activity in your AWS account

83copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Resource-Based Policies

Are an alternative to IAM and supported by some

services

Grant cross-account access to your resources

Use a principal to uniquely identify account in the policy

Supported AWS services include Amazon S3 Bucket Policy

Amazon SNS Topic Policy

Amazon SQS Queue Policy

Amazon Glacier Vault Policy

AWS OpsWorks Stack Policy

AWS Lambda Function Policy

84copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answer

Q Your web application needs to readwrite an Amazon DynamoDB table

and an Amazon S3 bucket This operation requires AWS credentials and

authorization to use AWS services What service would you use

AWS IAM Role

85copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 4

Databases

86copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SQL and NoSQL Databases

SQL NoSQL

Data Storage Rows and Columns Key-Value

Schemas Fixed Dynamic

Querying Using SQL Focused on collection of

documents

Scalability Vertical Horizontal

ISBN Title Author Format

9182932465265 Cloud Computing

Concepts

Wilson

Joe

Paperback

3142536475869 The Database

Guru

Gomez

Maria

eBook

SQL NoSQL

ISBN 9182932465265

Title ldquoCloud Computing Conceptsrdquo

Author ldquoWilson Joerdquo

Format ldquoPaperbackrdquo

87copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Data Storage Considerations

No one size fits all

Analyze your data requirements by considering

Data formats

Data size

Query frequency

Data access speed

Data retention period

88copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Managed Database Services

Compute Storage

AWS Global Infrastructure

Database

App Services

Deployment and Administration

Networking

Amazon DynamoDB

Amazon ElastiCache

Amazon RDS

Amazon Redshift

AWS Database Migration Service

89copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Relational Database Service (RDS)

Cost-efficient and resizable capacity

Manages time-consuming database

administration tasks

Access to the full capabilities of Amazon

Aurora MySQL MariaDB Microsoft SQL

Server Oracle and PostgreSQL databases

Amazon

RDS

90copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Use Case

We were able to go from

concept to delivered product

in about six months with just

a handful of engineers

Greg Scallan

Chief Architect Flipboard

rdquo

ldquoFlipboard is an online magazine

with millions of users and billions of

ldquoflipsrdquo per month

Flipboard is one of the worldrsquos first

social media magazines

Flipboard uses Amazon RDS and

its Multi-AZ capabilities to store

mission critical user data

91copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS

Simple and fast to deploy

Manages common database administrative tasks

Compatible with your applications

Fast predictable performance

Simple and fast to scale

Secure

Cost-effective

92copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

How Amazon RDS Backups Work

Automatic Backups

Restore your database to a

point in time

Are enabled by default

Let you choose a retention

period up to 35 days

Manual Snapshots

Let you build a new

database instance from a

snapshot

Are initiated by the user

Persist until the user deletes

them

Are stored in Amazon S3

93copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cross-Region Snapshots

Are a copy of a database

snapshot stored in a

different AWS Region

Provide a backup for

disaster recovery

Can be used as a base

for migration to a

different region

94copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Security

Run your DB instance in an Amazon VPC

Use IAM policies to grant access to Amazon RDS resources

Use security groups

Use Secure Socket Layer (SSL) connections with DB instances (Amazon Aurora Oracle MySQL MariaDB PostgreSQL Microsoft SQL Server)

Use Amazon RDS encryption to secure your RDS instances and snapshots at rest

Use network encryption and transparent data encryption (TDE) with Oracle DB and Microsoft SQL Server instances

Use the security features of your DB engine to control access to your DB instance

95copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

A Resilient Durable Application Architecture

Amazon RDS database

instances

Master and Multi-AZ standby

Application in Amazon

EC2 instances

Elastic Load Balancing

load balancer instance

DB snapshots in

Amazon S3

96copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Best Practices

Monitor your memory CPU and storage usage

Use Multi-AZ deployments to automatically provision and maintain a synchronous standby in a different Availability Zone

Enable automatic backups

Set the backup window to occur during the daily low in WriteIOPS

To increase the IO capacity of a DB instance Migrate to a DB instance class with high IO capacity

Convert from standard storage to provisioned IOPS storage and use a DB instance class optimized for provisioned IOPS

Provision additional throughput capacity (if using provisioned IOPS storage)

If your client application is caching the DNS data of your DB instances set a TTL of less than 30 seconds

Test failover for your DB instance

97copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon DynamoDB

Store any amount of data with no limits

Fast predictable performance using SSDs

Easily provision and change the request

capacity needed for each table

Fully managed NoSQL database serviceAmazon

DynamoDB

98copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Use Case

AdRoll an online advertising platform serves 50

billion impressions a day worldwide with its

global retargeting platforms

We spend more on snacks

than we do on Amazon

DynamoDB

Valentino Volonghi

CTO Adroll

rdquo

ldquoAdroll Uses AWS to grow by more than

15000 in a year

Needed high-performance flexible

platform to swiftly sync data for

worldwide audience

Processes 50 TB of data a day

Serves 50 billion impressions a day

Stores 15 PB of data

Worldwide deployment minimizes

latency

99copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Data Model

Table

MusicItems

Attributes (name-value pairs)

Artist Song

Title

Album

Title

Year Genre

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 55: AWSome Day Cork | Technical Track

55copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

VPCs and Subnets

A subnet defines a range of IP addresses in your VPC

You can launch AWS resources into a subnet that you select

A private subnet should be used for resources that wonrsquot be accessible over the Internet

A public subnet should be used for resources that will be accessed over the Internet

Each subnet must reside entirely within one Availability Zone and cannot span zones

56copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon VPC Example

Availability Zone A

Virtual Private Cloud

AWS Cloud

Public Subnet

Internet

Virtual Private Cloud

Availability Zone B

Private Subnet

Availability Zone C

VPN Only Subnet

DB Server DB Server

App Server

DB Server DB Server

DB Server

Web Server Web Server

NAT

Customer

Network

R

57copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security in Your VPC

Security groups

Network access

control lists

(ACLs) Subnet

1000024Subnet

1001024

Internet GatewayVPN Gateway

VPC Router

1000016

Security Group Security

Group

Security

Group

Network ACL Network ACL

Routing Table Routing Table

instance instance instance instance

58copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answers

Q What AWS service would help support your web application to offload serving static assets and store user uploaded images and video off-instance

Q How would you find out the private and public IP addresses for an EC2 instance

Q What acts as an additional layer of security at the subnet level in a VPC

True or False S3 Provides unlimited storageTrue

Retrieve the instance metadata http169254169254latestmeta-data

Amazon S3

Network ACLs

59copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 3

Security Identity and Access

Management

60copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Shared Responsibility ndash AWS

AW

S

Client-side Data Encryption

and Data Integrity

Authentication

Server-side Encryption

(File System andor Data)Network Traffic Protection

(EncryptionIntegrityIdentity)

Platform Applications Identity and Access Management

Operating System Network and Firewall Configuration

Customer DataC

usto

mer

Foundation Services

Compute Storage Database Network

AWS Global

Infrastructure Regions

Availability Zones Edge

Locations

61copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Physical Security

247 trained security staff

AWS data centers in nondescript and undisclosed facilities

Two-factor authentication for authorized staff

Authorization for data center access

62copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Hardware Software and Network

Automated change-control process

Bastion servers that record all access attempts

Firewall and other boundary devices

AWS monitoring tools

63copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Certifications and Accreditations

ISO 9001 ISO 27001 ISO 27017 ISO 27018 IRAP (Australia) MLPS Level 3 (China)

MTCS Tier 3 Certification (Singapore) and more hellip

64copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SSL Endpoints

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

SSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

SSL Endpoints

65copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security Groups

SSL Endpoints Security Groups

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

66copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

VPCSSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

67copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Multi-Tier Security Groups

HTTP

SSHRDP

Ports 80 and 443 only

open to the Internet

Engineering staff have SSHRDP

access to Bastion Host

All other internet ports blocked by default

Bastion

68copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Identity and Access Management (IAM)

AWS IAM

3

Manage federated users

and their permissions

2

Manage AWS IAM roles

and their permissions

1

Manage AWS IAM users

and their access

69copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Authentication

AWS Management Console User Name and Password

IAM User

70copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Access Key ID AKIAIOSFODNN7EXAMPLE

Secret Access Key wJalrXUtnFEMIK7MDENGbPxRfiCYEXAMPLEKEY

Java Python NET

AWS SDK amp APIAWS CLI

Authentication

AWS CLI or SDK API Access Key and Secret Key

IAM User

71copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM User Management - Groups

User D

DevOps Group

User C

AWS Account

TestDev Group

User BUser A

72copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authorization

Authorization

Policies

Are JSON documents to

describe permissions

Are assigned to Users

Groups or Roles

IAM User IAM Group

IAM Roles

73copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Elements

Version 2012-10-17

Statement [

Sid Stmt1453690971587

Action [

ec2Describe

ec2StartInstances

ec2StopInstancesrdquo

]

Effect Allow

Resource

Condition

IpAddress

awsSourceIp 5464346532rdquo

Sid Stmt1453690998327

Action [

s3GetObjectrdquo

]

Effect Allow

Resource arnawss3example_bucketrdquo

]

IAM Policy

74copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

Assigned Assigned

IAM Policy

75copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

76copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Roles

An IAM role uses a policy

An IAM role has no associated credentials

IAM users applications and services may assume IAM

roles

IAM Roles

77copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

IAM User

Assumed Assumed

AWS Resources

78copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Access to AWS Resources

Python application hosted on an Amazon EC2 Instance

needs to interact with Amazon S3

AWS credentials are required

Option 1 Store AWS Credentials on the Amazon EC2 instance

Option 2 Securely distribute AWS credentials to AWS Services

and Applications

IAM Roles

79copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Authentication

AWS IAM Application

No Support No Support

OS

80copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication and Authorization

Authentication

AWS Management Console

bull User Name and Password

AWS CLI or SDK API

bull Access Key and Secret Key

Authorization

Policies

IAM User IAM Group

IAM Roles

81copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices

Delete AWS account (root) access keys

Create individual IAM users

Use groups to assign permissions to IAM users

Grant least privilege

Configure a strong password policy

Enable MFA for privileged users

82copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices (cont)

Use roles for applications that run on Amazon EC2

instances

Delegate by using roles instead of by sharing credentials

Rotate credentials regularly

Remove unnecessary users and credentials

Use policy conditions for extra security

Monitor activity in your AWS account

83copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Resource-Based Policies

Are an alternative to IAM and supported by some

services

Grant cross-account access to your resources

Use a principal to uniquely identify account in the policy

Supported AWS services include Amazon S3 Bucket Policy

Amazon SNS Topic Policy

Amazon SQS Queue Policy

Amazon Glacier Vault Policy

AWS OpsWorks Stack Policy

AWS Lambda Function Policy

84copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answer

Q Your web application needs to readwrite an Amazon DynamoDB table

and an Amazon S3 bucket This operation requires AWS credentials and

authorization to use AWS services What service would you use

AWS IAM Role

85copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 4

Databases

86copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SQL and NoSQL Databases

SQL NoSQL

Data Storage Rows and Columns Key-Value

Schemas Fixed Dynamic

Querying Using SQL Focused on collection of

documents

Scalability Vertical Horizontal

ISBN Title Author Format

9182932465265 Cloud Computing

Concepts

Wilson

Joe

Paperback

3142536475869 The Database

Guru

Gomez

Maria

eBook

SQL NoSQL

ISBN 9182932465265

Title ldquoCloud Computing Conceptsrdquo

Author ldquoWilson Joerdquo

Format ldquoPaperbackrdquo

87copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Data Storage Considerations

No one size fits all

Analyze your data requirements by considering

Data formats

Data size

Query frequency

Data access speed

Data retention period

88copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Managed Database Services

Compute Storage

AWS Global Infrastructure

Database

App Services

Deployment and Administration

Networking

Amazon DynamoDB

Amazon ElastiCache

Amazon RDS

Amazon Redshift

AWS Database Migration Service

89copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Relational Database Service (RDS)

Cost-efficient and resizable capacity

Manages time-consuming database

administration tasks

Access to the full capabilities of Amazon

Aurora MySQL MariaDB Microsoft SQL

Server Oracle and PostgreSQL databases

Amazon

RDS

90copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Use Case

We were able to go from

concept to delivered product

in about six months with just

a handful of engineers

Greg Scallan

Chief Architect Flipboard

rdquo

ldquoFlipboard is an online magazine

with millions of users and billions of

ldquoflipsrdquo per month

Flipboard is one of the worldrsquos first

social media magazines

Flipboard uses Amazon RDS and

its Multi-AZ capabilities to store

mission critical user data

91copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS

Simple and fast to deploy

Manages common database administrative tasks

Compatible with your applications

Fast predictable performance

Simple and fast to scale

Secure

Cost-effective

92copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

How Amazon RDS Backups Work

Automatic Backups

Restore your database to a

point in time

Are enabled by default

Let you choose a retention

period up to 35 days

Manual Snapshots

Let you build a new

database instance from a

snapshot

Are initiated by the user

Persist until the user deletes

them

Are stored in Amazon S3

93copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cross-Region Snapshots

Are a copy of a database

snapshot stored in a

different AWS Region

Provide a backup for

disaster recovery

Can be used as a base

for migration to a

different region

94copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Security

Run your DB instance in an Amazon VPC

Use IAM policies to grant access to Amazon RDS resources

Use security groups

Use Secure Socket Layer (SSL) connections with DB instances (Amazon Aurora Oracle MySQL MariaDB PostgreSQL Microsoft SQL Server)

Use Amazon RDS encryption to secure your RDS instances and snapshots at rest

Use network encryption and transparent data encryption (TDE) with Oracle DB and Microsoft SQL Server instances

Use the security features of your DB engine to control access to your DB instance

95copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

A Resilient Durable Application Architecture

Amazon RDS database

instances

Master and Multi-AZ standby

Application in Amazon

EC2 instances

Elastic Load Balancing

load balancer instance

DB snapshots in

Amazon S3

96copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Best Practices

Monitor your memory CPU and storage usage

Use Multi-AZ deployments to automatically provision and maintain a synchronous standby in a different Availability Zone

Enable automatic backups

Set the backup window to occur during the daily low in WriteIOPS

To increase the IO capacity of a DB instance Migrate to a DB instance class with high IO capacity

Convert from standard storage to provisioned IOPS storage and use a DB instance class optimized for provisioned IOPS

Provision additional throughput capacity (if using provisioned IOPS storage)

If your client application is caching the DNS data of your DB instances set a TTL of less than 30 seconds

Test failover for your DB instance

97copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon DynamoDB

Store any amount of data with no limits

Fast predictable performance using SSDs

Easily provision and change the request

capacity needed for each table

Fully managed NoSQL database serviceAmazon

DynamoDB

98copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Use Case

AdRoll an online advertising platform serves 50

billion impressions a day worldwide with its

global retargeting platforms

We spend more on snacks

than we do on Amazon

DynamoDB

Valentino Volonghi

CTO Adroll

rdquo

ldquoAdroll Uses AWS to grow by more than

15000 in a year

Needed high-performance flexible

platform to swiftly sync data for

worldwide audience

Processes 50 TB of data a day

Serves 50 billion impressions a day

Stores 15 PB of data

Worldwide deployment minimizes

latency

99copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Data Model

Table

MusicItems

Attributes (name-value pairs)

Artist Song

Title

Album

Title

Year Genre

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 56: AWSome Day Cork | Technical Track

56copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon VPC Example

Availability Zone A

Virtual Private Cloud

AWS Cloud

Public Subnet

Internet

Virtual Private Cloud

Availability Zone B

Private Subnet

Availability Zone C

VPN Only Subnet

DB Server DB Server

App Server

DB Server DB Server

DB Server

Web Server Web Server

NAT

Customer

Network

R

57copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security in Your VPC

Security groups

Network access

control lists

(ACLs) Subnet

1000024Subnet

1001024

Internet GatewayVPN Gateway

VPC Router

1000016

Security Group Security

Group

Security

Group

Network ACL Network ACL

Routing Table Routing Table

instance instance instance instance

58copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answers

Q What AWS service would help support your web application to offload serving static assets and store user uploaded images and video off-instance

Q How would you find out the private and public IP addresses for an EC2 instance

Q What acts as an additional layer of security at the subnet level in a VPC

True or False S3 Provides unlimited storageTrue

Retrieve the instance metadata http169254169254latestmeta-data

Amazon S3

Network ACLs

59copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 3

Security Identity and Access

Management

60copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Shared Responsibility ndash AWS

AW

S

Client-side Data Encryption

and Data Integrity

Authentication

Server-side Encryption

(File System andor Data)Network Traffic Protection

(EncryptionIntegrityIdentity)

Platform Applications Identity and Access Management

Operating System Network and Firewall Configuration

Customer DataC

usto

mer

Foundation Services

Compute Storage Database Network

AWS Global

Infrastructure Regions

Availability Zones Edge

Locations

61copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Physical Security

247 trained security staff

AWS data centers in nondescript and undisclosed facilities

Two-factor authentication for authorized staff

Authorization for data center access

62copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Hardware Software and Network

Automated change-control process

Bastion servers that record all access attempts

Firewall and other boundary devices

AWS monitoring tools

63copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Certifications and Accreditations

ISO 9001 ISO 27001 ISO 27017 ISO 27018 IRAP (Australia) MLPS Level 3 (China)

MTCS Tier 3 Certification (Singapore) and more hellip

64copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SSL Endpoints

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

SSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

SSL Endpoints

65copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security Groups

SSL Endpoints Security Groups

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

66copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

VPCSSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

67copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Multi-Tier Security Groups

HTTP

SSHRDP

Ports 80 and 443 only

open to the Internet

Engineering staff have SSHRDP

access to Bastion Host

All other internet ports blocked by default

Bastion

68copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Identity and Access Management (IAM)

AWS IAM

3

Manage federated users

and their permissions

2

Manage AWS IAM roles

and their permissions

1

Manage AWS IAM users

and their access

69copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Authentication

AWS Management Console User Name and Password

IAM User

70copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Access Key ID AKIAIOSFODNN7EXAMPLE

Secret Access Key wJalrXUtnFEMIK7MDENGbPxRfiCYEXAMPLEKEY

Java Python NET

AWS SDK amp APIAWS CLI

Authentication

AWS CLI or SDK API Access Key and Secret Key

IAM User

71copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM User Management - Groups

User D

DevOps Group

User C

AWS Account

TestDev Group

User BUser A

72copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authorization

Authorization

Policies

Are JSON documents to

describe permissions

Are assigned to Users

Groups or Roles

IAM User IAM Group

IAM Roles

73copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Elements

Version 2012-10-17

Statement [

Sid Stmt1453690971587

Action [

ec2Describe

ec2StartInstances

ec2StopInstancesrdquo

]

Effect Allow

Resource

Condition

IpAddress

awsSourceIp 5464346532rdquo

Sid Stmt1453690998327

Action [

s3GetObjectrdquo

]

Effect Allow

Resource arnawss3example_bucketrdquo

]

IAM Policy

74copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

Assigned Assigned

IAM Policy

75copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

76copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Roles

An IAM role uses a policy

An IAM role has no associated credentials

IAM users applications and services may assume IAM

roles

IAM Roles

77copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

IAM User

Assumed Assumed

AWS Resources

78copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Access to AWS Resources

Python application hosted on an Amazon EC2 Instance

needs to interact with Amazon S3

AWS credentials are required

Option 1 Store AWS Credentials on the Amazon EC2 instance

Option 2 Securely distribute AWS credentials to AWS Services

and Applications

IAM Roles

79copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Authentication

AWS IAM Application

No Support No Support

OS

80copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication and Authorization

Authentication

AWS Management Console

bull User Name and Password

AWS CLI or SDK API

bull Access Key and Secret Key

Authorization

Policies

IAM User IAM Group

IAM Roles

81copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices

Delete AWS account (root) access keys

Create individual IAM users

Use groups to assign permissions to IAM users

Grant least privilege

Configure a strong password policy

Enable MFA for privileged users

82copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices (cont)

Use roles for applications that run on Amazon EC2

instances

Delegate by using roles instead of by sharing credentials

Rotate credentials regularly

Remove unnecessary users and credentials

Use policy conditions for extra security

Monitor activity in your AWS account

83copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Resource-Based Policies

Are an alternative to IAM and supported by some

services

Grant cross-account access to your resources

Use a principal to uniquely identify account in the policy

Supported AWS services include Amazon S3 Bucket Policy

Amazon SNS Topic Policy

Amazon SQS Queue Policy

Amazon Glacier Vault Policy

AWS OpsWorks Stack Policy

AWS Lambda Function Policy

84copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answer

Q Your web application needs to readwrite an Amazon DynamoDB table

and an Amazon S3 bucket This operation requires AWS credentials and

authorization to use AWS services What service would you use

AWS IAM Role

85copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 4

Databases

86copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SQL and NoSQL Databases

SQL NoSQL

Data Storage Rows and Columns Key-Value

Schemas Fixed Dynamic

Querying Using SQL Focused on collection of

documents

Scalability Vertical Horizontal

ISBN Title Author Format

9182932465265 Cloud Computing

Concepts

Wilson

Joe

Paperback

3142536475869 The Database

Guru

Gomez

Maria

eBook

SQL NoSQL

ISBN 9182932465265

Title ldquoCloud Computing Conceptsrdquo

Author ldquoWilson Joerdquo

Format ldquoPaperbackrdquo

87copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Data Storage Considerations

No one size fits all

Analyze your data requirements by considering

Data formats

Data size

Query frequency

Data access speed

Data retention period

88copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Managed Database Services

Compute Storage

AWS Global Infrastructure

Database

App Services

Deployment and Administration

Networking

Amazon DynamoDB

Amazon ElastiCache

Amazon RDS

Amazon Redshift

AWS Database Migration Service

89copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Relational Database Service (RDS)

Cost-efficient and resizable capacity

Manages time-consuming database

administration tasks

Access to the full capabilities of Amazon

Aurora MySQL MariaDB Microsoft SQL

Server Oracle and PostgreSQL databases

Amazon

RDS

90copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Use Case

We were able to go from

concept to delivered product

in about six months with just

a handful of engineers

Greg Scallan

Chief Architect Flipboard

rdquo

ldquoFlipboard is an online magazine

with millions of users and billions of

ldquoflipsrdquo per month

Flipboard is one of the worldrsquos first

social media magazines

Flipboard uses Amazon RDS and

its Multi-AZ capabilities to store

mission critical user data

91copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS

Simple and fast to deploy

Manages common database administrative tasks

Compatible with your applications

Fast predictable performance

Simple and fast to scale

Secure

Cost-effective

92copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

How Amazon RDS Backups Work

Automatic Backups

Restore your database to a

point in time

Are enabled by default

Let you choose a retention

period up to 35 days

Manual Snapshots

Let you build a new

database instance from a

snapshot

Are initiated by the user

Persist until the user deletes

them

Are stored in Amazon S3

93copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cross-Region Snapshots

Are a copy of a database

snapshot stored in a

different AWS Region

Provide a backup for

disaster recovery

Can be used as a base

for migration to a

different region

94copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Security

Run your DB instance in an Amazon VPC

Use IAM policies to grant access to Amazon RDS resources

Use security groups

Use Secure Socket Layer (SSL) connections with DB instances (Amazon Aurora Oracle MySQL MariaDB PostgreSQL Microsoft SQL Server)

Use Amazon RDS encryption to secure your RDS instances and snapshots at rest

Use network encryption and transparent data encryption (TDE) with Oracle DB and Microsoft SQL Server instances

Use the security features of your DB engine to control access to your DB instance

95copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

A Resilient Durable Application Architecture

Amazon RDS database

instances

Master and Multi-AZ standby

Application in Amazon

EC2 instances

Elastic Load Balancing

load balancer instance

DB snapshots in

Amazon S3

96copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Best Practices

Monitor your memory CPU and storage usage

Use Multi-AZ deployments to automatically provision and maintain a synchronous standby in a different Availability Zone

Enable automatic backups

Set the backup window to occur during the daily low in WriteIOPS

To increase the IO capacity of a DB instance Migrate to a DB instance class with high IO capacity

Convert from standard storage to provisioned IOPS storage and use a DB instance class optimized for provisioned IOPS

Provision additional throughput capacity (if using provisioned IOPS storage)

If your client application is caching the DNS data of your DB instances set a TTL of less than 30 seconds

Test failover for your DB instance

97copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon DynamoDB

Store any amount of data with no limits

Fast predictable performance using SSDs

Easily provision and change the request

capacity needed for each table

Fully managed NoSQL database serviceAmazon

DynamoDB

98copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Use Case

AdRoll an online advertising platform serves 50

billion impressions a day worldwide with its

global retargeting platforms

We spend more on snacks

than we do on Amazon

DynamoDB

Valentino Volonghi

CTO Adroll

rdquo

ldquoAdroll Uses AWS to grow by more than

15000 in a year

Needed high-performance flexible

platform to swiftly sync data for

worldwide audience

Processes 50 TB of data a day

Serves 50 billion impressions a day

Stores 15 PB of data

Worldwide deployment minimizes

latency

99copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Data Model

Table

MusicItems

Attributes (name-value pairs)

Artist Song

Title

Album

Title

Year Genre

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 57: AWSome Day Cork | Technical Track

57copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security in Your VPC

Security groups

Network access

control lists

(ACLs) Subnet

1000024Subnet

1001024

Internet GatewayVPN Gateway

VPC Router

1000016

Security Group Security

Group

Security

Group

Network ACL Network ACL

Routing Table Routing Table

instance instance instance instance

58copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answers

Q What AWS service would help support your web application to offload serving static assets and store user uploaded images and video off-instance

Q How would you find out the private and public IP addresses for an EC2 instance

Q What acts as an additional layer of security at the subnet level in a VPC

True or False S3 Provides unlimited storageTrue

Retrieve the instance metadata http169254169254latestmeta-data

Amazon S3

Network ACLs

59copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 3

Security Identity and Access

Management

60copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Shared Responsibility ndash AWS

AW

S

Client-side Data Encryption

and Data Integrity

Authentication

Server-side Encryption

(File System andor Data)Network Traffic Protection

(EncryptionIntegrityIdentity)

Platform Applications Identity and Access Management

Operating System Network and Firewall Configuration

Customer DataC

usto

mer

Foundation Services

Compute Storage Database Network

AWS Global

Infrastructure Regions

Availability Zones Edge

Locations

61copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Physical Security

247 trained security staff

AWS data centers in nondescript and undisclosed facilities

Two-factor authentication for authorized staff

Authorization for data center access

62copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Hardware Software and Network

Automated change-control process

Bastion servers that record all access attempts

Firewall and other boundary devices

AWS monitoring tools

63copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Certifications and Accreditations

ISO 9001 ISO 27001 ISO 27017 ISO 27018 IRAP (Australia) MLPS Level 3 (China)

MTCS Tier 3 Certification (Singapore) and more hellip

64copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SSL Endpoints

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

SSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

SSL Endpoints

65copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security Groups

SSL Endpoints Security Groups

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

66copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

VPCSSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

67copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Multi-Tier Security Groups

HTTP

SSHRDP

Ports 80 and 443 only

open to the Internet

Engineering staff have SSHRDP

access to Bastion Host

All other internet ports blocked by default

Bastion

68copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Identity and Access Management (IAM)

AWS IAM

3

Manage federated users

and their permissions

2

Manage AWS IAM roles

and their permissions

1

Manage AWS IAM users

and their access

69copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Authentication

AWS Management Console User Name and Password

IAM User

70copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Access Key ID AKIAIOSFODNN7EXAMPLE

Secret Access Key wJalrXUtnFEMIK7MDENGbPxRfiCYEXAMPLEKEY

Java Python NET

AWS SDK amp APIAWS CLI

Authentication

AWS CLI or SDK API Access Key and Secret Key

IAM User

71copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM User Management - Groups

User D

DevOps Group

User C

AWS Account

TestDev Group

User BUser A

72copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authorization

Authorization

Policies

Are JSON documents to

describe permissions

Are assigned to Users

Groups or Roles

IAM User IAM Group

IAM Roles

73copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Elements

Version 2012-10-17

Statement [

Sid Stmt1453690971587

Action [

ec2Describe

ec2StartInstances

ec2StopInstancesrdquo

]

Effect Allow

Resource

Condition

IpAddress

awsSourceIp 5464346532rdquo

Sid Stmt1453690998327

Action [

s3GetObjectrdquo

]

Effect Allow

Resource arnawss3example_bucketrdquo

]

IAM Policy

74copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

Assigned Assigned

IAM Policy

75copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

76copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Roles

An IAM role uses a policy

An IAM role has no associated credentials

IAM users applications and services may assume IAM

roles

IAM Roles

77copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

IAM User

Assumed Assumed

AWS Resources

78copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Access to AWS Resources

Python application hosted on an Amazon EC2 Instance

needs to interact with Amazon S3

AWS credentials are required

Option 1 Store AWS Credentials on the Amazon EC2 instance

Option 2 Securely distribute AWS credentials to AWS Services

and Applications

IAM Roles

79copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Authentication

AWS IAM Application

No Support No Support

OS

80copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication and Authorization

Authentication

AWS Management Console

bull User Name and Password

AWS CLI or SDK API

bull Access Key and Secret Key

Authorization

Policies

IAM User IAM Group

IAM Roles

81copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices

Delete AWS account (root) access keys

Create individual IAM users

Use groups to assign permissions to IAM users

Grant least privilege

Configure a strong password policy

Enable MFA for privileged users

82copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices (cont)

Use roles for applications that run on Amazon EC2

instances

Delegate by using roles instead of by sharing credentials

Rotate credentials regularly

Remove unnecessary users and credentials

Use policy conditions for extra security

Monitor activity in your AWS account

83copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Resource-Based Policies

Are an alternative to IAM and supported by some

services

Grant cross-account access to your resources

Use a principal to uniquely identify account in the policy

Supported AWS services include Amazon S3 Bucket Policy

Amazon SNS Topic Policy

Amazon SQS Queue Policy

Amazon Glacier Vault Policy

AWS OpsWorks Stack Policy

AWS Lambda Function Policy

84copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answer

Q Your web application needs to readwrite an Amazon DynamoDB table

and an Amazon S3 bucket This operation requires AWS credentials and

authorization to use AWS services What service would you use

AWS IAM Role

85copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 4

Databases

86copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SQL and NoSQL Databases

SQL NoSQL

Data Storage Rows and Columns Key-Value

Schemas Fixed Dynamic

Querying Using SQL Focused on collection of

documents

Scalability Vertical Horizontal

ISBN Title Author Format

9182932465265 Cloud Computing

Concepts

Wilson

Joe

Paperback

3142536475869 The Database

Guru

Gomez

Maria

eBook

SQL NoSQL

ISBN 9182932465265

Title ldquoCloud Computing Conceptsrdquo

Author ldquoWilson Joerdquo

Format ldquoPaperbackrdquo

87copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Data Storage Considerations

No one size fits all

Analyze your data requirements by considering

Data formats

Data size

Query frequency

Data access speed

Data retention period

88copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Managed Database Services

Compute Storage

AWS Global Infrastructure

Database

App Services

Deployment and Administration

Networking

Amazon DynamoDB

Amazon ElastiCache

Amazon RDS

Amazon Redshift

AWS Database Migration Service

89copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Relational Database Service (RDS)

Cost-efficient and resizable capacity

Manages time-consuming database

administration tasks

Access to the full capabilities of Amazon

Aurora MySQL MariaDB Microsoft SQL

Server Oracle and PostgreSQL databases

Amazon

RDS

90copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Use Case

We were able to go from

concept to delivered product

in about six months with just

a handful of engineers

Greg Scallan

Chief Architect Flipboard

rdquo

ldquoFlipboard is an online magazine

with millions of users and billions of

ldquoflipsrdquo per month

Flipboard is one of the worldrsquos first

social media magazines

Flipboard uses Amazon RDS and

its Multi-AZ capabilities to store

mission critical user data

91copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS

Simple and fast to deploy

Manages common database administrative tasks

Compatible with your applications

Fast predictable performance

Simple and fast to scale

Secure

Cost-effective

92copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

How Amazon RDS Backups Work

Automatic Backups

Restore your database to a

point in time

Are enabled by default

Let you choose a retention

period up to 35 days

Manual Snapshots

Let you build a new

database instance from a

snapshot

Are initiated by the user

Persist until the user deletes

them

Are stored in Amazon S3

93copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cross-Region Snapshots

Are a copy of a database

snapshot stored in a

different AWS Region

Provide a backup for

disaster recovery

Can be used as a base

for migration to a

different region

94copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Security

Run your DB instance in an Amazon VPC

Use IAM policies to grant access to Amazon RDS resources

Use security groups

Use Secure Socket Layer (SSL) connections with DB instances (Amazon Aurora Oracle MySQL MariaDB PostgreSQL Microsoft SQL Server)

Use Amazon RDS encryption to secure your RDS instances and snapshots at rest

Use network encryption and transparent data encryption (TDE) with Oracle DB and Microsoft SQL Server instances

Use the security features of your DB engine to control access to your DB instance

95copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

A Resilient Durable Application Architecture

Amazon RDS database

instances

Master and Multi-AZ standby

Application in Amazon

EC2 instances

Elastic Load Balancing

load balancer instance

DB snapshots in

Amazon S3

96copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Best Practices

Monitor your memory CPU and storage usage

Use Multi-AZ deployments to automatically provision and maintain a synchronous standby in a different Availability Zone

Enable automatic backups

Set the backup window to occur during the daily low in WriteIOPS

To increase the IO capacity of a DB instance Migrate to a DB instance class with high IO capacity

Convert from standard storage to provisioned IOPS storage and use a DB instance class optimized for provisioned IOPS

Provision additional throughput capacity (if using provisioned IOPS storage)

If your client application is caching the DNS data of your DB instances set a TTL of less than 30 seconds

Test failover for your DB instance

97copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon DynamoDB

Store any amount of data with no limits

Fast predictable performance using SSDs

Easily provision and change the request

capacity needed for each table

Fully managed NoSQL database serviceAmazon

DynamoDB

98copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Use Case

AdRoll an online advertising platform serves 50

billion impressions a day worldwide with its

global retargeting platforms

We spend more on snacks

than we do on Amazon

DynamoDB

Valentino Volonghi

CTO Adroll

rdquo

ldquoAdroll Uses AWS to grow by more than

15000 in a year

Needed high-performance flexible

platform to swiftly sync data for

worldwide audience

Processes 50 TB of data a day

Serves 50 billion impressions a day

Stores 15 PB of data

Worldwide deployment minimizes

latency

99copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Data Model

Table

MusicItems

Attributes (name-value pairs)

Artist Song

Title

Album

Title

Year Genre

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 58: AWSome Day Cork | Technical Track

58copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answers

Q What AWS service would help support your web application to offload serving static assets and store user uploaded images and video off-instance

Q How would you find out the private and public IP addresses for an EC2 instance

Q What acts as an additional layer of security at the subnet level in a VPC

True or False S3 Provides unlimited storageTrue

Retrieve the instance metadata http169254169254latestmeta-data

Amazon S3

Network ACLs

59copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 3

Security Identity and Access

Management

60copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Shared Responsibility ndash AWS

AW

S

Client-side Data Encryption

and Data Integrity

Authentication

Server-side Encryption

(File System andor Data)Network Traffic Protection

(EncryptionIntegrityIdentity)

Platform Applications Identity and Access Management

Operating System Network and Firewall Configuration

Customer DataC

usto

mer

Foundation Services

Compute Storage Database Network

AWS Global

Infrastructure Regions

Availability Zones Edge

Locations

61copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Physical Security

247 trained security staff

AWS data centers in nondescript and undisclosed facilities

Two-factor authentication for authorized staff

Authorization for data center access

62copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Hardware Software and Network

Automated change-control process

Bastion servers that record all access attempts

Firewall and other boundary devices

AWS monitoring tools

63copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Certifications and Accreditations

ISO 9001 ISO 27001 ISO 27017 ISO 27018 IRAP (Australia) MLPS Level 3 (China)

MTCS Tier 3 Certification (Singapore) and more hellip

64copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SSL Endpoints

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

SSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

SSL Endpoints

65copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security Groups

SSL Endpoints Security Groups

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

66copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

VPCSSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

67copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Multi-Tier Security Groups

HTTP

SSHRDP

Ports 80 and 443 only

open to the Internet

Engineering staff have SSHRDP

access to Bastion Host

All other internet ports blocked by default

Bastion

68copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Identity and Access Management (IAM)

AWS IAM

3

Manage federated users

and their permissions

2

Manage AWS IAM roles

and their permissions

1

Manage AWS IAM users

and their access

69copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Authentication

AWS Management Console User Name and Password

IAM User

70copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Access Key ID AKIAIOSFODNN7EXAMPLE

Secret Access Key wJalrXUtnFEMIK7MDENGbPxRfiCYEXAMPLEKEY

Java Python NET

AWS SDK amp APIAWS CLI

Authentication

AWS CLI or SDK API Access Key and Secret Key

IAM User

71copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM User Management - Groups

User D

DevOps Group

User C

AWS Account

TestDev Group

User BUser A

72copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authorization

Authorization

Policies

Are JSON documents to

describe permissions

Are assigned to Users

Groups or Roles

IAM User IAM Group

IAM Roles

73copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Elements

Version 2012-10-17

Statement [

Sid Stmt1453690971587

Action [

ec2Describe

ec2StartInstances

ec2StopInstancesrdquo

]

Effect Allow

Resource

Condition

IpAddress

awsSourceIp 5464346532rdquo

Sid Stmt1453690998327

Action [

s3GetObjectrdquo

]

Effect Allow

Resource arnawss3example_bucketrdquo

]

IAM Policy

74copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

Assigned Assigned

IAM Policy

75copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

76copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Roles

An IAM role uses a policy

An IAM role has no associated credentials

IAM users applications and services may assume IAM

roles

IAM Roles

77copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

IAM User

Assumed Assumed

AWS Resources

78copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Access to AWS Resources

Python application hosted on an Amazon EC2 Instance

needs to interact with Amazon S3

AWS credentials are required

Option 1 Store AWS Credentials on the Amazon EC2 instance

Option 2 Securely distribute AWS credentials to AWS Services

and Applications

IAM Roles

79copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Authentication

AWS IAM Application

No Support No Support

OS

80copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication and Authorization

Authentication

AWS Management Console

bull User Name and Password

AWS CLI or SDK API

bull Access Key and Secret Key

Authorization

Policies

IAM User IAM Group

IAM Roles

81copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices

Delete AWS account (root) access keys

Create individual IAM users

Use groups to assign permissions to IAM users

Grant least privilege

Configure a strong password policy

Enable MFA for privileged users

82copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices (cont)

Use roles for applications that run on Amazon EC2

instances

Delegate by using roles instead of by sharing credentials

Rotate credentials regularly

Remove unnecessary users and credentials

Use policy conditions for extra security

Monitor activity in your AWS account

83copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Resource-Based Policies

Are an alternative to IAM and supported by some

services

Grant cross-account access to your resources

Use a principal to uniquely identify account in the policy

Supported AWS services include Amazon S3 Bucket Policy

Amazon SNS Topic Policy

Amazon SQS Queue Policy

Amazon Glacier Vault Policy

AWS OpsWorks Stack Policy

AWS Lambda Function Policy

84copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answer

Q Your web application needs to readwrite an Amazon DynamoDB table

and an Amazon S3 bucket This operation requires AWS credentials and

authorization to use AWS services What service would you use

AWS IAM Role

85copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 4

Databases

86copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SQL and NoSQL Databases

SQL NoSQL

Data Storage Rows and Columns Key-Value

Schemas Fixed Dynamic

Querying Using SQL Focused on collection of

documents

Scalability Vertical Horizontal

ISBN Title Author Format

9182932465265 Cloud Computing

Concepts

Wilson

Joe

Paperback

3142536475869 The Database

Guru

Gomez

Maria

eBook

SQL NoSQL

ISBN 9182932465265

Title ldquoCloud Computing Conceptsrdquo

Author ldquoWilson Joerdquo

Format ldquoPaperbackrdquo

87copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Data Storage Considerations

No one size fits all

Analyze your data requirements by considering

Data formats

Data size

Query frequency

Data access speed

Data retention period

88copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Managed Database Services

Compute Storage

AWS Global Infrastructure

Database

App Services

Deployment and Administration

Networking

Amazon DynamoDB

Amazon ElastiCache

Amazon RDS

Amazon Redshift

AWS Database Migration Service

89copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Relational Database Service (RDS)

Cost-efficient and resizable capacity

Manages time-consuming database

administration tasks

Access to the full capabilities of Amazon

Aurora MySQL MariaDB Microsoft SQL

Server Oracle and PostgreSQL databases

Amazon

RDS

90copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Use Case

We were able to go from

concept to delivered product

in about six months with just

a handful of engineers

Greg Scallan

Chief Architect Flipboard

rdquo

ldquoFlipboard is an online magazine

with millions of users and billions of

ldquoflipsrdquo per month

Flipboard is one of the worldrsquos first

social media magazines

Flipboard uses Amazon RDS and

its Multi-AZ capabilities to store

mission critical user data

91copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS

Simple and fast to deploy

Manages common database administrative tasks

Compatible with your applications

Fast predictable performance

Simple and fast to scale

Secure

Cost-effective

92copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

How Amazon RDS Backups Work

Automatic Backups

Restore your database to a

point in time

Are enabled by default

Let you choose a retention

period up to 35 days

Manual Snapshots

Let you build a new

database instance from a

snapshot

Are initiated by the user

Persist until the user deletes

them

Are stored in Amazon S3

93copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cross-Region Snapshots

Are a copy of a database

snapshot stored in a

different AWS Region

Provide a backup for

disaster recovery

Can be used as a base

for migration to a

different region

94copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Security

Run your DB instance in an Amazon VPC

Use IAM policies to grant access to Amazon RDS resources

Use security groups

Use Secure Socket Layer (SSL) connections with DB instances (Amazon Aurora Oracle MySQL MariaDB PostgreSQL Microsoft SQL Server)

Use Amazon RDS encryption to secure your RDS instances and snapshots at rest

Use network encryption and transparent data encryption (TDE) with Oracle DB and Microsoft SQL Server instances

Use the security features of your DB engine to control access to your DB instance

95copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

A Resilient Durable Application Architecture

Amazon RDS database

instances

Master and Multi-AZ standby

Application in Amazon

EC2 instances

Elastic Load Balancing

load balancer instance

DB snapshots in

Amazon S3

96copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Best Practices

Monitor your memory CPU and storage usage

Use Multi-AZ deployments to automatically provision and maintain a synchronous standby in a different Availability Zone

Enable automatic backups

Set the backup window to occur during the daily low in WriteIOPS

To increase the IO capacity of a DB instance Migrate to a DB instance class with high IO capacity

Convert from standard storage to provisioned IOPS storage and use a DB instance class optimized for provisioned IOPS

Provision additional throughput capacity (if using provisioned IOPS storage)

If your client application is caching the DNS data of your DB instances set a TTL of less than 30 seconds

Test failover for your DB instance

97copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon DynamoDB

Store any amount of data with no limits

Fast predictable performance using SSDs

Easily provision and change the request

capacity needed for each table

Fully managed NoSQL database serviceAmazon

DynamoDB

98copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Use Case

AdRoll an online advertising platform serves 50

billion impressions a day worldwide with its

global retargeting platforms

We spend more on snacks

than we do on Amazon

DynamoDB

Valentino Volonghi

CTO Adroll

rdquo

ldquoAdroll Uses AWS to grow by more than

15000 in a year

Needed high-performance flexible

platform to swiftly sync data for

worldwide audience

Processes 50 TB of data a day

Serves 50 billion impressions a day

Stores 15 PB of data

Worldwide deployment minimizes

latency

99copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Data Model

Table

MusicItems

Attributes (name-value pairs)

Artist Song

Title

Album

Title

Year Genre

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 59: AWSome Day Cork | Technical Track

59copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 3

Security Identity and Access

Management

60copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Shared Responsibility ndash AWS

AW

S

Client-side Data Encryption

and Data Integrity

Authentication

Server-side Encryption

(File System andor Data)Network Traffic Protection

(EncryptionIntegrityIdentity)

Platform Applications Identity and Access Management

Operating System Network and Firewall Configuration

Customer DataC

usto

mer

Foundation Services

Compute Storage Database Network

AWS Global

Infrastructure Regions

Availability Zones Edge

Locations

61copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Physical Security

247 trained security staff

AWS data centers in nondescript and undisclosed facilities

Two-factor authentication for authorized staff

Authorization for data center access

62copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Hardware Software and Network

Automated change-control process

Bastion servers that record all access attempts

Firewall and other boundary devices

AWS monitoring tools

63copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Certifications and Accreditations

ISO 9001 ISO 27001 ISO 27017 ISO 27018 IRAP (Australia) MLPS Level 3 (China)

MTCS Tier 3 Certification (Singapore) and more hellip

64copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SSL Endpoints

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

SSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

SSL Endpoints

65copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security Groups

SSL Endpoints Security Groups

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

66copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

VPCSSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

67copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Multi-Tier Security Groups

HTTP

SSHRDP

Ports 80 and 443 only

open to the Internet

Engineering staff have SSHRDP

access to Bastion Host

All other internet ports blocked by default

Bastion

68copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Identity and Access Management (IAM)

AWS IAM

3

Manage federated users

and their permissions

2

Manage AWS IAM roles

and their permissions

1

Manage AWS IAM users

and their access

69copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Authentication

AWS Management Console User Name and Password

IAM User

70copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Access Key ID AKIAIOSFODNN7EXAMPLE

Secret Access Key wJalrXUtnFEMIK7MDENGbPxRfiCYEXAMPLEKEY

Java Python NET

AWS SDK amp APIAWS CLI

Authentication

AWS CLI or SDK API Access Key and Secret Key

IAM User

71copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM User Management - Groups

User D

DevOps Group

User C

AWS Account

TestDev Group

User BUser A

72copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authorization

Authorization

Policies

Are JSON documents to

describe permissions

Are assigned to Users

Groups or Roles

IAM User IAM Group

IAM Roles

73copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Elements

Version 2012-10-17

Statement [

Sid Stmt1453690971587

Action [

ec2Describe

ec2StartInstances

ec2StopInstancesrdquo

]

Effect Allow

Resource

Condition

IpAddress

awsSourceIp 5464346532rdquo

Sid Stmt1453690998327

Action [

s3GetObjectrdquo

]

Effect Allow

Resource arnawss3example_bucketrdquo

]

IAM Policy

74copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

Assigned Assigned

IAM Policy

75copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

76copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Roles

An IAM role uses a policy

An IAM role has no associated credentials

IAM users applications and services may assume IAM

roles

IAM Roles

77copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

IAM User

Assumed Assumed

AWS Resources

78copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Access to AWS Resources

Python application hosted on an Amazon EC2 Instance

needs to interact with Amazon S3

AWS credentials are required

Option 1 Store AWS Credentials on the Amazon EC2 instance

Option 2 Securely distribute AWS credentials to AWS Services

and Applications

IAM Roles

79copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Authentication

AWS IAM Application

No Support No Support

OS

80copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication and Authorization

Authentication

AWS Management Console

bull User Name and Password

AWS CLI or SDK API

bull Access Key and Secret Key

Authorization

Policies

IAM User IAM Group

IAM Roles

81copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices

Delete AWS account (root) access keys

Create individual IAM users

Use groups to assign permissions to IAM users

Grant least privilege

Configure a strong password policy

Enable MFA for privileged users

82copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices (cont)

Use roles for applications that run on Amazon EC2

instances

Delegate by using roles instead of by sharing credentials

Rotate credentials regularly

Remove unnecessary users and credentials

Use policy conditions for extra security

Monitor activity in your AWS account

83copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Resource-Based Policies

Are an alternative to IAM and supported by some

services

Grant cross-account access to your resources

Use a principal to uniquely identify account in the policy

Supported AWS services include Amazon S3 Bucket Policy

Amazon SNS Topic Policy

Amazon SQS Queue Policy

Amazon Glacier Vault Policy

AWS OpsWorks Stack Policy

AWS Lambda Function Policy

84copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answer

Q Your web application needs to readwrite an Amazon DynamoDB table

and an Amazon S3 bucket This operation requires AWS credentials and

authorization to use AWS services What service would you use

AWS IAM Role

85copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 4

Databases

86copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SQL and NoSQL Databases

SQL NoSQL

Data Storage Rows and Columns Key-Value

Schemas Fixed Dynamic

Querying Using SQL Focused on collection of

documents

Scalability Vertical Horizontal

ISBN Title Author Format

9182932465265 Cloud Computing

Concepts

Wilson

Joe

Paperback

3142536475869 The Database

Guru

Gomez

Maria

eBook

SQL NoSQL

ISBN 9182932465265

Title ldquoCloud Computing Conceptsrdquo

Author ldquoWilson Joerdquo

Format ldquoPaperbackrdquo

87copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Data Storage Considerations

No one size fits all

Analyze your data requirements by considering

Data formats

Data size

Query frequency

Data access speed

Data retention period

88copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Managed Database Services

Compute Storage

AWS Global Infrastructure

Database

App Services

Deployment and Administration

Networking

Amazon DynamoDB

Amazon ElastiCache

Amazon RDS

Amazon Redshift

AWS Database Migration Service

89copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Relational Database Service (RDS)

Cost-efficient and resizable capacity

Manages time-consuming database

administration tasks

Access to the full capabilities of Amazon

Aurora MySQL MariaDB Microsoft SQL

Server Oracle and PostgreSQL databases

Amazon

RDS

90copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Use Case

We were able to go from

concept to delivered product

in about six months with just

a handful of engineers

Greg Scallan

Chief Architect Flipboard

rdquo

ldquoFlipboard is an online magazine

with millions of users and billions of

ldquoflipsrdquo per month

Flipboard is one of the worldrsquos first

social media magazines

Flipboard uses Amazon RDS and

its Multi-AZ capabilities to store

mission critical user data

91copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS

Simple and fast to deploy

Manages common database administrative tasks

Compatible with your applications

Fast predictable performance

Simple and fast to scale

Secure

Cost-effective

92copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

How Amazon RDS Backups Work

Automatic Backups

Restore your database to a

point in time

Are enabled by default

Let you choose a retention

period up to 35 days

Manual Snapshots

Let you build a new

database instance from a

snapshot

Are initiated by the user

Persist until the user deletes

them

Are stored in Amazon S3

93copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cross-Region Snapshots

Are a copy of a database

snapshot stored in a

different AWS Region

Provide a backup for

disaster recovery

Can be used as a base

for migration to a

different region

94copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Security

Run your DB instance in an Amazon VPC

Use IAM policies to grant access to Amazon RDS resources

Use security groups

Use Secure Socket Layer (SSL) connections with DB instances (Amazon Aurora Oracle MySQL MariaDB PostgreSQL Microsoft SQL Server)

Use Amazon RDS encryption to secure your RDS instances and snapshots at rest

Use network encryption and transparent data encryption (TDE) with Oracle DB and Microsoft SQL Server instances

Use the security features of your DB engine to control access to your DB instance

95copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

A Resilient Durable Application Architecture

Amazon RDS database

instances

Master and Multi-AZ standby

Application in Amazon

EC2 instances

Elastic Load Balancing

load balancer instance

DB snapshots in

Amazon S3

96copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Best Practices

Monitor your memory CPU and storage usage

Use Multi-AZ deployments to automatically provision and maintain a synchronous standby in a different Availability Zone

Enable automatic backups

Set the backup window to occur during the daily low in WriteIOPS

To increase the IO capacity of a DB instance Migrate to a DB instance class with high IO capacity

Convert from standard storage to provisioned IOPS storage and use a DB instance class optimized for provisioned IOPS

Provision additional throughput capacity (if using provisioned IOPS storage)

If your client application is caching the DNS data of your DB instances set a TTL of less than 30 seconds

Test failover for your DB instance

97copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon DynamoDB

Store any amount of data with no limits

Fast predictable performance using SSDs

Easily provision and change the request

capacity needed for each table

Fully managed NoSQL database serviceAmazon

DynamoDB

98copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Use Case

AdRoll an online advertising platform serves 50

billion impressions a day worldwide with its

global retargeting platforms

We spend more on snacks

than we do on Amazon

DynamoDB

Valentino Volonghi

CTO Adroll

rdquo

ldquoAdroll Uses AWS to grow by more than

15000 in a year

Needed high-performance flexible

platform to swiftly sync data for

worldwide audience

Processes 50 TB of data a day

Serves 50 billion impressions a day

Stores 15 PB of data

Worldwide deployment minimizes

latency

99copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Data Model

Table

MusicItems

Attributes (name-value pairs)

Artist Song

Title

Album

Title

Year Genre

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 60: AWSome Day Cork | Technical Track

60copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Shared Responsibility ndash AWS

AW

S

Client-side Data Encryption

and Data Integrity

Authentication

Server-side Encryption

(File System andor Data)Network Traffic Protection

(EncryptionIntegrityIdentity)

Platform Applications Identity and Access Management

Operating System Network and Firewall Configuration

Customer DataC

usto

mer

Foundation Services

Compute Storage Database Network

AWS Global

Infrastructure Regions

Availability Zones Edge

Locations

61copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Physical Security

247 trained security staff

AWS data centers in nondescript and undisclosed facilities

Two-factor authentication for authorized staff

Authorization for data center access

62copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Hardware Software and Network

Automated change-control process

Bastion servers that record all access attempts

Firewall and other boundary devices

AWS monitoring tools

63copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Certifications and Accreditations

ISO 9001 ISO 27001 ISO 27017 ISO 27018 IRAP (Australia) MLPS Level 3 (China)

MTCS Tier 3 Certification (Singapore) and more hellip

64copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SSL Endpoints

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

SSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

SSL Endpoints

65copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security Groups

SSL Endpoints Security Groups

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

66copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

VPCSSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

67copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Multi-Tier Security Groups

HTTP

SSHRDP

Ports 80 and 443 only

open to the Internet

Engineering staff have SSHRDP

access to Bastion Host

All other internet ports blocked by default

Bastion

68copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Identity and Access Management (IAM)

AWS IAM

3

Manage federated users

and their permissions

2

Manage AWS IAM roles

and their permissions

1

Manage AWS IAM users

and their access

69copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Authentication

AWS Management Console User Name and Password

IAM User

70copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Access Key ID AKIAIOSFODNN7EXAMPLE

Secret Access Key wJalrXUtnFEMIK7MDENGbPxRfiCYEXAMPLEKEY

Java Python NET

AWS SDK amp APIAWS CLI

Authentication

AWS CLI or SDK API Access Key and Secret Key

IAM User

71copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM User Management - Groups

User D

DevOps Group

User C

AWS Account

TestDev Group

User BUser A

72copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authorization

Authorization

Policies

Are JSON documents to

describe permissions

Are assigned to Users

Groups or Roles

IAM User IAM Group

IAM Roles

73copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Elements

Version 2012-10-17

Statement [

Sid Stmt1453690971587

Action [

ec2Describe

ec2StartInstances

ec2StopInstancesrdquo

]

Effect Allow

Resource

Condition

IpAddress

awsSourceIp 5464346532rdquo

Sid Stmt1453690998327

Action [

s3GetObjectrdquo

]

Effect Allow

Resource arnawss3example_bucketrdquo

]

IAM Policy

74copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

Assigned Assigned

IAM Policy

75copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

76copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Roles

An IAM role uses a policy

An IAM role has no associated credentials

IAM users applications and services may assume IAM

roles

IAM Roles

77copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

IAM User

Assumed Assumed

AWS Resources

78copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Access to AWS Resources

Python application hosted on an Amazon EC2 Instance

needs to interact with Amazon S3

AWS credentials are required

Option 1 Store AWS Credentials on the Amazon EC2 instance

Option 2 Securely distribute AWS credentials to AWS Services

and Applications

IAM Roles

79copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Authentication

AWS IAM Application

No Support No Support

OS

80copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication and Authorization

Authentication

AWS Management Console

bull User Name and Password

AWS CLI or SDK API

bull Access Key and Secret Key

Authorization

Policies

IAM User IAM Group

IAM Roles

81copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices

Delete AWS account (root) access keys

Create individual IAM users

Use groups to assign permissions to IAM users

Grant least privilege

Configure a strong password policy

Enable MFA for privileged users

82copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices (cont)

Use roles for applications that run on Amazon EC2

instances

Delegate by using roles instead of by sharing credentials

Rotate credentials regularly

Remove unnecessary users and credentials

Use policy conditions for extra security

Monitor activity in your AWS account

83copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Resource-Based Policies

Are an alternative to IAM and supported by some

services

Grant cross-account access to your resources

Use a principal to uniquely identify account in the policy

Supported AWS services include Amazon S3 Bucket Policy

Amazon SNS Topic Policy

Amazon SQS Queue Policy

Amazon Glacier Vault Policy

AWS OpsWorks Stack Policy

AWS Lambda Function Policy

84copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answer

Q Your web application needs to readwrite an Amazon DynamoDB table

and an Amazon S3 bucket This operation requires AWS credentials and

authorization to use AWS services What service would you use

AWS IAM Role

85copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 4

Databases

86copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SQL and NoSQL Databases

SQL NoSQL

Data Storage Rows and Columns Key-Value

Schemas Fixed Dynamic

Querying Using SQL Focused on collection of

documents

Scalability Vertical Horizontal

ISBN Title Author Format

9182932465265 Cloud Computing

Concepts

Wilson

Joe

Paperback

3142536475869 The Database

Guru

Gomez

Maria

eBook

SQL NoSQL

ISBN 9182932465265

Title ldquoCloud Computing Conceptsrdquo

Author ldquoWilson Joerdquo

Format ldquoPaperbackrdquo

87copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Data Storage Considerations

No one size fits all

Analyze your data requirements by considering

Data formats

Data size

Query frequency

Data access speed

Data retention period

88copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Managed Database Services

Compute Storage

AWS Global Infrastructure

Database

App Services

Deployment and Administration

Networking

Amazon DynamoDB

Amazon ElastiCache

Amazon RDS

Amazon Redshift

AWS Database Migration Service

89copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Relational Database Service (RDS)

Cost-efficient and resizable capacity

Manages time-consuming database

administration tasks

Access to the full capabilities of Amazon

Aurora MySQL MariaDB Microsoft SQL

Server Oracle and PostgreSQL databases

Amazon

RDS

90copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Use Case

We were able to go from

concept to delivered product

in about six months with just

a handful of engineers

Greg Scallan

Chief Architect Flipboard

rdquo

ldquoFlipboard is an online magazine

with millions of users and billions of

ldquoflipsrdquo per month

Flipboard is one of the worldrsquos first

social media magazines

Flipboard uses Amazon RDS and

its Multi-AZ capabilities to store

mission critical user data

91copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS

Simple and fast to deploy

Manages common database administrative tasks

Compatible with your applications

Fast predictable performance

Simple and fast to scale

Secure

Cost-effective

92copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

How Amazon RDS Backups Work

Automatic Backups

Restore your database to a

point in time

Are enabled by default

Let you choose a retention

period up to 35 days

Manual Snapshots

Let you build a new

database instance from a

snapshot

Are initiated by the user

Persist until the user deletes

them

Are stored in Amazon S3

93copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cross-Region Snapshots

Are a copy of a database

snapshot stored in a

different AWS Region

Provide a backup for

disaster recovery

Can be used as a base

for migration to a

different region

94copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Security

Run your DB instance in an Amazon VPC

Use IAM policies to grant access to Amazon RDS resources

Use security groups

Use Secure Socket Layer (SSL) connections with DB instances (Amazon Aurora Oracle MySQL MariaDB PostgreSQL Microsoft SQL Server)

Use Amazon RDS encryption to secure your RDS instances and snapshots at rest

Use network encryption and transparent data encryption (TDE) with Oracle DB and Microsoft SQL Server instances

Use the security features of your DB engine to control access to your DB instance

95copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

A Resilient Durable Application Architecture

Amazon RDS database

instances

Master and Multi-AZ standby

Application in Amazon

EC2 instances

Elastic Load Balancing

load balancer instance

DB snapshots in

Amazon S3

96copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Best Practices

Monitor your memory CPU and storage usage

Use Multi-AZ deployments to automatically provision and maintain a synchronous standby in a different Availability Zone

Enable automatic backups

Set the backup window to occur during the daily low in WriteIOPS

To increase the IO capacity of a DB instance Migrate to a DB instance class with high IO capacity

Convert from standard storage to provisioned IOPS storage and use a DB instance class optimized for provisioned IOPS

Provision additional throughput capacity (if using provisioned IOPS storage)

If your client application is caching the DNS data of your DB instances set a TTL of less than 30 seconds

Test failover for your DB instance

97copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon DynamoDB

Store any amount of data with no limits

Fast predictable performance using SSDs

Easily provision and change the request

capacity needed for each table

Fully managed NoSQL database serviceAmazon

DynamoDB

98copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Use Case

AdRoll an online advertising platform serves 50

billion impressions a day worldwide with its

global retargeting platforms

We spend more on snacks

than we do on Amazon

DynamoDB

Valentino Volonghi

CTO Adroll

rdquo

ldquoAdroll Uses AWS to grow by more than

15000 in a year

Needed high-performance flexible

platform to swiftly sync data for

worldwide audience

Processes 50 TB of data a day

Serves 50 billion impressions a day

Stores 15 PB of data

Worldwide deployment minimizes

latency

99copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Data Model

Table

MusicItems

Attributes (name-value pairs)

Artist Song

Title

Album

Title

Year Genre

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 61: AWSome Day Cork | Technical Track

61copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Physical Security

247 trained security staff

AWS data centers in nondescript and undisclosed facilities

Two-factor authentication for authorized staff

Authorization for data center access

62copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Hardware Software and Network

Automated change-control process

Bastion servers that record all access attempts

Firewall and other boundary devices

AWS monitoring tools

63copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Certifications and Accreditations

ISO 9001 ISO 27001 ISO 27017 ISO 27018 IRAP (Australia) MLPS Level 3 (China)

MTCS Tier 3 Certification (Singapore) and more hellip

64copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SSL Endpoints

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

SSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

SSL Endpoints

65copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security Groups

SSL Endpoints Security Groups

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

66copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

VPCSSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

67copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Multi-Tier Security Groups

HTTP

SSHRDP

Ports 80 and 443 only

open to the Internet

Engineering staff have SSHRDP

access to Bastion Host

All other internet ports blocked by default

Bastion

68copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Identity and Access Management (IAM)

AWS IAM

3

Manage federated users

and their permissions

2

Manage AWS IAM roles

and their permissions

1

Manage AWS IAM users

and their access

69copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Authentication

AWS Management Console User Name and Password

IAM User

70copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Access Key ID AKIAIOSFODNN7EXAMPLE

Secret Access Key wJalrXUtnFEMIK7MDENGbPxRfiCYEXAMPLEKEY

Java Python NET

AWS SDK amp APIAWS CLI

Authentication

AWS CLI or SDK API Access Key and Secret Key

IAM User

71copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM User Management - Groups

User D

DevOps Group

User C

AWS Account

TestDev Group

User BUser A

72copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authorization

Authorization

Policies

Are JSON documents to

describe permissions

Are assigned to Users

Groups or Roles

IAM User IAM Group

IAM Roles

73copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Elements

Version 2012-10-17

Statement [

Sid Stmt1453690971587

Action [

ec2Describe

ec2StartInstances

ec2StopInstancesrdquo

]

Effect Allow

Resource

Condition

IpAddress

awsSourceIp 5464346532rdquo

Sid Stmt1453690998327

Action [

s3GetObjectrdquo

]

Effect Allow

Resource arnawss3example_bucketrdquo

]

IAM Policy

74copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

Assigned Assigned

IAM Policy

75copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

76copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Roles

An IAM role uses a policy

An IAM role has no associated credentials

IAM users applications and services may assume IAM

roles

IAM Roles

77copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

IAM User

Assumed Assumed

AWS Resources

78copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Access to AWS Resources

Python application hosted on an Amazon EC2 Instance

needs to interact with Amazon S3

AWS credentials are required

Option 1 Store AWS Credentials on the Amazon EC2 instance

Option 2 Securely distribute AWS credentials to AWS Services

and Applications

IAM Roles

79copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Authentication

AWS IAM Application

No Support No Support

OS

80copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication and Authorization

Authentication

AWS Management Console

bull User Name and Password

AWS CLI or SDK API

bull Access Key and Secret Key

Authorization

Policies

IAM User IAM Group

IAM Roles

81copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices

Delete AWS account (root) access keys

Create individual IAM users

Use groups to assign permissions to IAM users

Grant least privilege

Configure a strong password policy

Enable MFA for privileged users

82copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices (cont)

Use roles for applications that run on Amazon EC2

instances

Delegate by using roles instead of by sharing credentials

Rotate credentials regularly

Remove unnecessary users and credentials

Use policy conditions for extra security

Monitor activity in your AWS account

83copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Resource-Based Policies

Are an alternative to IAM and supported by some

services

Grant cross-account access to your resources

Use a principal to uniquely identify account in the policy

Supported AWS services include Amazon S3 Bucket Policy

Amazon SNS Topic Policy

Amazon SQS Queue Policy

Amazon Glacier Vault Policy

AWS OpsWorks Stack Policy

AWS Lambda Function Policy

84copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answer

Q Your web application needs to readwrite an Amazon DynamoDB table

and an Amazon S3 bucket This operation requires AWS credentials and

authorization to use AWS services What service would you use

AWS IAM Role

85copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 4

Databases

86copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SQL and NoSQL Databases

SQL NoSQL

Data Storage Rows and Columns Key-Value

Schemas Fixed Dynamic

Querying Using SQL Focused on collection of

documents

Scalability Vertical Horizontal

ISBN Title Author Format

9182932465265 Cloud Computing

Concepts

Wilson

Joe

Paperback

3142536475869 The Database

Guru

Gomez

Maria

eBook

SQL NoSQL

ISBN 9182932465265

Title ldquoCloud Computing Conceptsrdquo

Author ldquoWilson Joerdquo

Format ldquoPaperbackrdquo

87copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Data Storage Considerations

No one size fits all

Analyze your data requirements by considering

Data formats

Data size

Query frequency

Data access speed

Data retention period

88copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Managed Database Services

Compute Storage

AWS Global Infrastructure

Database

App Services

Deployment and Administration

Networking

Amazon DynamoDB

Amazon ElastiCache

Amazon RDS

Amazon Redshift

AWS Database Migration Service

89copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Relational Database Service (RDS)

Cost-efficient and resizable capacity

Manages time-consuming database

administration tasks

Access to the full capabilities of Amazon

Aurora MySQL MariaDB Microsoft SQL

Server Oracle and PostgreSQL databases

Amazon

RDS

90copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Use Case

We were able to go from

concept to delivered product

in about six months with just

a handful of engineers

Greg Scallan

Chief Architect Flipboard

rdquo

ldquoFlipboard is an online magazine

with millions of users and billions of

ldquoflipsrdquo per month

Flipboard is one of the worldrsquos first

social media magazines

Flipboard uses Amazon RDS and

its Multi-AZ capabilities to store

mission critical user data

91copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS

Simple and fast to deploy

Manages common database administrative tasks

Compatible with your applications

Fast predictable performance

Simple and fast to scale

Secure

Cost-effective

92copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

How Amazon RDS Backups Work

Automatic Backups

Restore your database to a

point in time

Are enabled by default

Let you choose a retention

period up to 35 days

Manual Snapshots

Let you build a new

database instance from a

snapshot

Are initiated by the user

Persist until the user deletes

them

Are stored in Amazon S3

93copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cross-Region Snapshots

Are a copy of a database

snapshot stored in a

different AWS Region

Provide a backup for

disaster recovery

Can be used as a base

for migration to a

different region

94copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Security

Run your DB instance in an Amazon VPC

Use IAM policies to grant access to Amazon RDS resources

Use security groups

Use Secure Socket Layer (SSL) connections with DB instances (Amazon Aurora Oracle MySQL MariaDB PostgreSQL Microsoft SQL Server)

Use Amazon RDS encryption to secure your RDS instances and snapshots at rest

Use network encryption and transparent data encryption (TDE) with Oracle DB and Microsoft SQL Server instances

Use the security features of your DB engine to control access to your DB instance

95copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

A Resilient Durable Application Architecture

Amazon RDS database

instances

Master and Multi-AZ standby

Application in Amazon

EC2 instances

Elastic Load Balancing

load balancer instance

DB snapshots in

Amazon S3

96copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Best Practices

Monitor your memory CPU and storage usage

Use Multi-AZ deployments to automatically provision and maintain a synchronous standby in a different Availability Zone

Enable automatic backups

Set the backup window to occur during the daily low in WriteIOPS

To increase the IO capacity of a DB instance Migrate to a DB instance class with high IO capacity

Convert from standard storage to provisioned IOPS storage and use a DB instance class optimized for provisioned IOPS

Provision additional throughput capacity (if using provisioned IOPS storage)

If your client application is caching the DNS data of your DB instances set a TTL of less than 30 seconds

Test failover for your DB instance

97copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon DynamoDB

Store any amount of data with no limits

Fast predictable performance using SSDs

Easily provision and change the request

capacity needed for each table

Fully managed NoSQL database serviceAmazon

DynamoDB

98copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Use Case

AdRoll an online advertising platform serves 50

billion impressions a day worldwide with its

global retargeting platforms

We spend more on snacks

than we do on Amazon

DynamoDB

Valentino Volonghi

CTO Adroll

rdquo

ldquoAdroll Uses AWS to grow by more than

15000 in a year

Needed high-performance flexible

platform to swiftly sync data for

worldwide audience

Processes 50 TB of data a day

Serves 50 billion impressions a day

Stores 15 PB of data

Worldwide deployment minimizes

latency

99copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Data Model

Table

MusicItems

Attributes (name-value pairs)

Artist Song

Title

Album

Title

Year Genre

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 62: AWSome Day Cork | Technical Track

62copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Hardware Software and Network

Automated change-control process

Bastion servers that record all access attempts

Firewall and other boundary devices

AWS monitoring tools

63copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Certifications and Accreditations

ISO 9001 ISO 27001 ISO 27017 ISO 27018 IRAP (Australia) MLPS Level 3 (China)

MTCS Tier 3 Certification (Singapore) and more hellip

64copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SSL Endpoints

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

SSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

SSL Endpoints

65copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security Groups

SSL Endpoints Security Groups

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

66copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

VPCSSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

67copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Multi-Tier Security Groups

HTTP

SSHRDP

Ports 80 and 443 only

open to the Internet

Engineering staff have SSHRDP

access to Bastion Host

All other internet ports blocked by default

Bastion

68copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Identity and Access Management (IAM)

AWS IAM

3

Manage federated users

and their permissions

2

Manage AWS IAM roles

and their permissions

1

Manage AWS IAM users

and their access

69copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Authentication

AWS Management Console User Name and Password

IAM User

70copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Access Key ID AKIAIOSFODNN7EXAMPLE

Secret Access Key wJalrXUtnFEMIK7MDENGbPxRfiCYEXAMPLEKEY

Java Python NET

AWS SDK amp APIAWS CLI

Authentication

AWS CLI or SDK API Access Key and Secret Key

IAM User

71copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM User Management - Groups

User D

DevOps Group

User C

AWS Account

TestDev Group

User BUser A

72copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authorization

Authorization

Policies

Are JSON documents to

describe permissions

Are assigned to Users

Groups or Roles

IAM User IAM Group

IAM Roles

73copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Elements

Version 2012-10-17

Statement [

Sid Stmt1453690971587

Action [

ec2Describe

ec2StartInstances

ec2StopInstancesrdquo

]

Effect Allow

Resource

Condition

IpAddress

awsSourceIp 5464346532rdquo

Sid Stmt1453690998327

Action [

s3GetObjectrdquo

]

Effect Allow

Resource arnawss3example_bucketrdquo

]

IAM Policy

74copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

Assigned Assigned

IAM Policy

75copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

76copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Roles

An IAM role uses a policy

An IAM role has no associated credentials

IAM users applications and services may assume IAM

roles

IAM Roles

77copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

IAM User

Assumed Assumed

AWS Resources

78copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Access to AWS Resources

Python application hosted on an Amazon EC2 Instance

needs to interact with Amazon S3

AWS credentials are required

Option 1 Store AWS Credentials on the Amazon EC2 instance

Option 2 Securely distribute AWS credentials to AWS Services

and Applications

IAM Roles

79copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Authentication

AWS IAM Application

No Support No Support

OS

80copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication and Authorization

Authentication

AWS Management Console

bull User Name and Password

AWS CLI or SDK API

bull Access Key and Secret Key

Authorization

Policies

IAM User IAM Group

IAM Roles

81copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices

Delete AWS account (root) access keys

Create individual IAM users

Use groups to assign permissions to IAM users

Grant least privilege

Configure a strong password policy

Enable MFA for privileged users

82copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices (cont)

Use roles for applications that run on Amazon EC2

instances

Delegate by using roles instead of by sharing credentials

Rotate credentials regularly

Remove unnecessary users and credentials

Use policy conditions for extra security

Monitor activity in your AWS account

83copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Resource-Based Policies

Are an alternative to IAM and supported by some

services

Grant cross-account access to your resources

Use a principal to uniquely identify account in the policy

Supported AWS services include Amazon S3 Bucket Policy

Amazon SNS Topic Policy

Amazon SQS Queue Policy

Amazon Glacier Vault Policy

AWS OpsWorks Stack Policy

AWS Lambda Function Policy

84copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answer

Q Your web application needs to readwrite an Amazon DynamoDB table

and an Amazon S3 bucket This operation requires AWS credentials and

authorization to use AWS services What service would you use

AWS IAM Role

85copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 4

Databases

86copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SQL and NoSQL Databases

SQL NoSQL

Data Storage Rows and Columns Key-Value

Schemas Fixed Dynamic

Querying Using SQL Focused on collection of

documents

Scalability Vertical Horizontal

ISBN Title Author Format

9182932465265 Cloud Computing

Concepts

Wilson

Joe

Paperback

3142536475869 The Database

Guru

Gomez

Maria

eBook

SQL NoSQL

ISBN 9182932465265

Title ldquoCloud Computing Conceptsrdquo

Author ldquoWilson Joerdquo

Format ldquoPaperbackrdquo

87copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Data Storage Considerations

No one size fits all

Analyze your data requirements by considering

Data formats

Data size

Query frequency

Data access speed

Data retention period

88copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Managed Database Services

Compute Storage

AWS Global Infrastructure

Database

App Services

Deployment and Administration

Networking

Amazon DynamoDB

Amazon ElastiCache

Amazon RDS

Amazon Redshift

AWS Database Migration Service

89copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Relational Database Service (RDS)

Cost-efficient and resizable capacity

Manages time-consuming database

administration tasks

Access to the full capabilities of Amazon

Aurora MySQL MariaDB Microsoft SQL

Server Oracle and PostgreSQL databases

Amazon

RDS

90copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Use Case

We were able to go from

concept to delivered product

in about six months with just

a handful of engineers

Greg Scallan

Chief Architect Flipboard

rdquo

ldquoFlipboard is an online magazine

with millions of users and billions of

ldquoflipsrdquo per month

Flipboard is one of the worldrsquos first

social media magazines

Flipboard uses Amazon RDS and

its Multi-AZ capabilities to store

mission critical user data

91copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS

Simple and fast to deploy

Manages common database administrative tasks

Compatible with your applications

Fast predictable performance

Simple and fast to scale

Secure

Cost-effective

92copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

How Amazon RDS Backups Work

Automatic Backups

Restore your database to a

point in time

Are enabled by default

Let you choose a retention

period up to 35 days

Manual Snapshots

Let you build a new

database instance from a

snapshot

Are initiated by the user

Persist until the user deletes

them

Are stored in Amazon S3

93copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cross-Region Snapshots

Are a copy of a database

snapshot stored in a

different AWS Region

Provide a backup for

disaster recovery

Can be used as a base

for migration to a

different region

94copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Security

Run your DB instance in an Amazon VPC

Use IAM policies to grant access to Amazon RDS resources

Use security groups

Use Secure Socket Layer (SSL) connections with DB instances (Amazon Aurora Oracle MySQL MariaDB PostgreSQL Microsoft SQL Server)

Use Amazon RDS encryption to secure your RDS instances and snapshots at rest

Use network encryption and transparent data encryption (TDE) with Oracle DB and Microsoft SQL Server instances

Use the security features of your DB engine to control access to your DB instance

95copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

A Resilient Durable Application Architecture

Amazon RDS database

instances

Master and Multi-AZ standby

Application in Amazon

EC2 instances

Elastic Load Balancing

load balancer instance

DB snapshots in

Amazon S3

96copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Best Practices

Monitor your memory CPU and storage usage

Use Multi-AZ deployments to automatically provision and maintain a synchronous standby in a different Availability Zone

Enable automatic backups

Set the backup window to occur during the daily low in WriteIOPS

To increase the IO capacity of a DB instance Migrate to a DB instance class with high IO capacity

Convert from standard storage to provisioned IOPS storage and use a DB instance class optimized for provisioned IOPS

Provision additional throughput capacity (if using provisioned IOPS storage)

If your client application is caching the DNS data of your DB instances set a TTL of less than 30 seconds

Test failover for your DB instance

97copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon DynamoDB

Store any amount of data with no limits

Fast predictable performance using SSDs

Easily provision and change the request

capacity needed for each table

Fully managed NoSQL database serviceAmazon

DynamoDB

98copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Use Case

AdRoll an online advertising platform serves 50

billion impressions a day worldwide with its

global retargeting platforms

We spend more on snacks

than we do on Amazon

DynamoDB

Valentino Volonghi

CTO Adroll

rdquo

ldquoAdroll Uses AWS to grow by more than

15000 in a year

Needed high-performance flexible

platform to swiftly sync data for

worldwide audience

Processes 50 TB of data a day

Serves 50 billion impressions a day

Stores 15 PB of data

Worldwide deployment minimizes

latency

99copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Data Model

Table

MusicItems

Attributes (name-value pairs)

Artist Song

Title

Album

Title

Year Genre

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 63: AWSome Day Cork | Technical Track

63copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Certifications and Accreditations

ISO 9001 ISO 27001 ISO 27017 ISO 27018 IRAP (Australia) MLPS Level 3 (China)

MTCS Tier 3 Certification (Singapore) and more hellip

64copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SSL Endpoints

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

SSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

SSL Endpoints

65copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security Groups

SSL Endpoints Security Groups

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

66copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

VPCSSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

67copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Multi-Tier Security Groups

HTTP

SSHRDP

Ports 80 and 443 only

open to the Internet

Engineering staff have SSHRDP

access to Bastion Host

All other internet ports blocked by default

Bastion

68copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Identity and Access Management (IAM)

AWS IAM

3

Manage federated users

and their permissions

2

Manage AWS IAM roles

and their permissions

1

Manage AWS IAM users

and their access

69copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Authentication

AWS Management Console User Name and Password

IAM User

70copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Access Key ID AKIAIOSFODNN7EXAMPLE

Secret Access Key wJalrXUtnFEMIK7MDENGbPxRfiCYEXAMPLEKEY

Java Python NET

AWS SDK amp APIAWS CLI

Authentication

AWS CLI or SDK API Access Key and Secret Key

IAM User

71copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM User Management - Groups

User D

DevOps Group

User C

AWS Account

TestDev Group

User BUser A

72copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authorization

Authorization

Policies

Are JSON documents to

describe permissions

Are assigned to Users

Groups or Roles

IAM User IAM Group

IAM Roles

73copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Elements

Version 2012-10-17

Statement [

Sid Stmt1453690971587

Action [

ec2Describe

ec2StartInstances

ec2StopInstancesrdquo

]

Effect Allow

Resource

Condition

IpAddress

awsSourceIp 5464346532rdquo

Sid Stmt1453690998327

Action [

s3GetObjectrdquo

]

Effect Allow

Resource arnawss3example_bucketrdquo

]

IAM Policy

74copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

Assigned Assigned

IAM Policy

75copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

76copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Roles

An IAM role uses a policy

An IAM role has no associated credentials

IAM users applications and services may assume IAM

roles

IAM Roles

77copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

IAM User

Assumed Assumed

AWS Resources

78copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Access to AWS Resources

Python application hosted on an Amazon EC2 Instance

needs to interact with Amazon S3

AWS credentials are required

Option 1 Store AWS Credentials on the Amazon EC2 instance

Option 2 Securely distribute AWS credentials to AWS Services

and Applications

IAM Roles

79copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Authentication

AWS IAM Application

No Support No Support

OS

80copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication and Authorization

Authentication

AWS Management Console

bull User Name and Password

AWS CLI or SDK API

bull Access Key and Secret Key

Authorization

Policies

IAM User IAM Group

IAM Roles

81copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices

Delete AWS account (root) access keys

Create individual IAM users

Use groups to assign permissions to IAM users

Grant least privilege

Configure a strong password policy

Enable MFA for privileged users

82copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices (cont)

Use roles for applications that run on Amazon EC2

instances

Delegate by using roles instead of by sharing credentials

Rotate credentials regularly

Remove unnecessary users and credentials

Use policy conditions for extra security

Monitor activity in your AWS account

83copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Resource-Based Policies

Are an alternative to IAM and supported by some

services

Grant cross-account access to your resources

Use a principal to uniquely identify account in the policy

Supported AWS services include Amazon S3 Bucket Policy

Amazon SNS Topic Policy

Amazon SQS Queue Policy

Amazon Glacier Vault Policy

AWS OpsWorks Stack Policy

AWS Lambda Function Policy

84copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answer

Q Your web application needs to readwrite an Amazon DynamoDB table

and an Amazon S3 bucket This operation requires AWS credentials and

authorization to use AWS services What service would you use

AWS IAM Role

85copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 4

Databases

86copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SQL and NoSQL Databases

SQL NoSQL

Data Storage Rows and Columns Key-Value

Schemas Fixed Dynamic

Querying Using SQL Focused on collection of

documents

Scalability Vertical Horizontal

ISBN Title Author Format

9182932465265 Cloud Computing

Concepts

Wilson

Joe

Paperback

3142536475869 The Database

Guru

Gomez

Maria

eBook

SQL NoSQL

ISBN 9182932465265

Title ldquoCloud Computing Conceptsrdquo

Author ldquoWilson Joerdquo

Format ldquoPaperbackrdquo

87copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Data Storage Considerations

No one size fits all

Analyze your data requirements by considering

Data formats

Data size

Query frequency

Data access speed

Data retention period

88copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Managed Database Services

Compute Storage

AWS Global Infrastructure

Database

App Services

Deployment and Administration

Networking

Amazon DynamoDB

Amazon ElastiCache

Amazon RDS

Amazon Redshift

AWS Database Migration Service

89copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Relational Database Service (RDS)

Cost-efficient and resizable capacity

Manages time-consuming database

administration tasks

Access to the full capabilities of Amazon

Aurora MySQL MariaDB Microsoft SQL

Server Oracle and PostgreSQL databases

Amazon

RDS

90copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Use Case

We were able to go from

concept to delivered product

in about six months with just

a handful of engineers

Greg Scallan

Chief Architect Flipboard

rdquo

ldquoFlipboard is an online magazine

with millions of users and billions of

ldquoflipsrdquo per month

Flipboard is one of the worldrsquos first

social media magazines

Flipboard uses Amazon RDS and

its Multi-AZ capabilities to store

mission critical user data

91copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS

Simple and fast to deploy

Manages common database administrative tasks

Compatible with your applications

Fast predictable performance

Simple and fast to scale

Secure

Cost-effective

92copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

How Amazon RDS Backups Work

Automatic Backups

Restore your database to a

point in time

Are enabled by default

Let you choose a retention

period up to 35 days

Manual Snapshots

Let you build a new

database instance from a

snapshot

Are initiated by the user

Persist until the user deletes

them

Are stored in Amazon S3

93copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cross-Region Snapshots

Are a copy of a database

snapshot stored in a

different AWS Region

Provide a backup for

disaster recovery

Can be used as a base

for migration to a

different region

94copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Security

Run your DB instance in an Amazon VPC

Use IAM policies to grant access to Amazon RDS resources

Use security groups

Use Secure Socket Layer (SSL) connections with DB instances (Amazon Aurora Oracle MySQL MariaDB PostgreSQL Microsoft SQL Server)

Use Amazon RDS encryption to secure your RDS instances and snapshots at rest

Use network encryption and transparent data encryption (TDE) with Oracle DB and Microsoft SQL Server instances

Use the security features of your DB engine to control access to your DB instance

95copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

A Resilient Durable Application Architecture

Amazon RDS database

instances

Master and Multi-AZ standby

Application in Amazon

EC2 instances

Elastic Load Balancing

load balancer instance

DB snapshots in

Amazon S3

96copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Best Practices

Monitor your memory CPU and storage usage

Use Multi-AZ deployments to automatically provision and maintain a synchronous standby in a different Availability Zone

Enable automatic backups

Set the backup window to occur during the daily low in WriteIOPS

To increase the IO capacity of a DB instance Migrate to a DB instance class with high IO capacity

Convert from standard storage to provisioned IOPS storage and use a DB instance class optimized for provisioned IOPS

Provision additional throughput capacity (if using provisioned IOPS storage)

If your client application is caching the DNS data of your DB instances set a TTL of less than 30 seconds

Test failover for your DB instance

97copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon DynamoDB

Store any amount of data with no limits

Fast predictable performance using SSDs

Easily provision and change the request

capacity needed for each table

Fully managed NoSQL database serviceAmazon

DynamoDB

98copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Use Case

AdRoll an online advertising platform serves 50

billion impressions a day worldwide with its

global retargeting platforms

We spend more on snacks

than we do on Amazon

DynamoDB

Valentino Volonghi

CTO Adroll

rdquo

ldquoAdroll Uses AWS to grow by more than

15000 in a year

Needed high-performance flexible

platform to swiftly sync data for

worldwide audience

Processes 50 TB of data a day

Serves 50 billion impressions a day

Stores 15 PB of data

Worldwide deployment minimizes

latency

99copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Data Model

Table

MusicItems

Attributes (name-value pairs)

Artist Song

Title

Album

Title

Year Genre

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 64: AWSome Day Cork | Technical Track

64copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SSL Endpoints

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

SSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

SSL Endpoints

65copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security Groups

SSL Endpoints Security Groups

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

66copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

VPCSSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

67copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Multi-Tier Security Groups

HTTP

SSHRDP

Ports 80 and 443 only

open to the Internet

Engineering staff have SSHRDP

access to Bastion Host

All other internet ports blocked by default

Bastion

68copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Identity and Access Management (IAM)

AWS IAM

3

Manage federated users

and their permissions

2

Manage AWS IAM roles

and their permissions

1

Manage AWS IAM users

and their access

69copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Authentication

AWS Management Console User Name and Password

IAM User

70copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Access Key ID AKIAIOSFODNN7EXAMPLE

Secret Access Key wJalrXUtnFEMIK7MDENGbPxRfiCYEXAMPLEKEY

Java Python NET

AWS SDK amp APIAWS CLI

Authentication

AWS CLI or SDK API Access Key and Secret Key

IAM User

71copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM User Management - Groups

User D

DevOps Group

User C

AWS Account

TestDev Group

User BUser A

72copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authorization

Authorization

Policies

Are JSON documents to

describe permissions

Are assigned to Users

Groups or Roles

IAM User IAM Group

IAM Roles

73copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Elements

Version 2012-10-17

Statement [

Sid Stmt1453690971587

Action [

ec2Describe

ec2StartInstances

ec2StopInstancesrdquo

]

Effect Allow

Resource

Condition

IpAddress

awsSourceIp 5464346532rdquo

Sid Stmt1453690998327

Action [

s3GetObjectrdquo

]

Effect Allow

Resource arnawss3example_bucketrdquo

]

IAM Policy

74copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

Assigned Assigned

IAM Policy

75copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

76copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Roles

An IAM role uses a policy

An IAM role has no associated credentials

IAM users applications and services may assume IAM

roles

IAM Roles

77copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

IAM User

Assumed Assumed

AWS Resources

78copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Access to AWS Resources

Python application hosted on an Amazon EC2 Instance

needs to interact with Amazon S3

AWS credentials are required

Option 1 Store AWS Credentials on the Amazon EC2 instance

Option 2 Securely distribute AWS credentials to AWS Services

and Applications

IAM Roles

79copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Authentication

AWS IAM Application

No Support No Support

OS

80copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication and Authorization

Authentication

AWS Management Console

bull User Name and Password

AWS CLI or SDK API

bull Access Key and Secret Key

Authorization

Policies

IAM User IAM Group

IAM Roles

81copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices

Delete AWS account (root) access keys

Create individual IAM users

Use groups to assign permissions to IAM users

Grant least privilege

Configure a strong password policy

Enable MFA for privileged users

82copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices (cont)

Use roles for applications that run on Amazon EC2

instances

Delegate by using roles instead of by sharing credentials

Rotate credentials regularly

Remove unnecessary users and credentials

Use policy conditions for extra security

Monitor activity in your AWS account

83copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Resource-Based Policies

Are an alternative to IAM and supported by some

services

Grant cross-account access to your resources

Use a principal to uniquely identify account in the policy

Supported AWS services include Amazon S3 Bucket Policy

Amazon SNS Topic Policy

Amazon SQS Queue Policy

Amazon Glacier Vault Policy

AWS OpsWorks Stack Policy

AWS Lambda Function Policy

84copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answer

Q Your web application needs to readwrite an Amazon DynamoDB table

and an Amazon S3 bucket This operation requires AWS credentials and

authorization to use AWS services What service would you use

AWS IAM Role

85copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 4

Databases

86copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SQL and NoSQL Databases

SQL NoSQL

Data Storage Rows and Columns Key-Value

Schemas Fixed Dynamic

Querying Using SQL Focused on collection of

documents

Scalability Vertical Horizontal

ISBN Title Author Format

9182932465265 Cloud Computing

Concepts

Wilson

Joe

Paperback

3142536475869 The Database

Guru

Gomez

Maria

eBook

SQL NoSQL

ISBN 9182932465265

Title ldquoCloud Computing Conceptsrdquo

Author ldquoWilson Joerdquo

Format ldquoPaperbackrdquo

87copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Data Storage Considerations

No one size fits all

Analyze your data requirements by considering

Data formats

Data size

Query frequency

Data access speed

Data retention period

88copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Managed Database Services

Compute Storage

AWS Global Infrastructure

Database

App Services

Deployment and Administration

Networking

Amazon DynamoDB

Amazon ElastiCache

Amazon RDS

Amazon Redshift

AWS Database Migration Service

89copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Relational Database Service (RDS)

Cost-efficient and resizable capacity

Manages time-consuming database

administration tasks

Access to the full capabilities of Amazon

Aurora MySQL MariaDB Microsoft SQL

Server Oracle and PostgreSQL databases

Amazon

RDS

90copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Use Case

We were able to go from

concept to delivered product

in about six months with just

a handful of engineers

Greg Scallan

Chief Architect Flipboard

rdquo

ldquoFlipboard is an online magazine

with millions of users and billions of

ldquoflipsrdquo per month

Flipboard is one of the worldrsquos first

social media magazines

Flipboard uses Amazon RDS and

its Multi-AZ capabilities to store

mission critical user data

91copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS

Simple and fast to deploy

Manages common database administrative tasks

Compatible with your applications

Fast predictable performance

Simple and fast to scale

Secure

Cost-effective

92copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

How Amazon RDS Backups Work

Automatic Backups

Restore your database to a

point in time

Are enabled by default

Let you choose a retention

period up to 35 days

Manual Snapshots

Let you build a new

database instance from a

snapshot

Are initiated by the user

Persist until the user deletes

them

Are stored in Amazon S3

93copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cross-Region Snapshots

Are a copy of a database

snapshot stored in a

different AWS Region

Provide a backup for

disaster recovery

Can be used as a base

for migration to a

different region

94copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Security

Run your DB instance in an Amazon VPC

Use IAM policies to grant access to Amazon RDS resources

Use security groups

Use Secure Socket Layer (SSL) connections with DB instances (Amazon Aurora Oracle MySQL MariaDB PostgreSQL Microsoft SQL Server)

Use Amazon RDS encryption to secure your RDS instances and snapshots at rest

Use network encryption and transparent data encryption (TDE) with Oracle DB and Microsoft SQL Server instances

Use the security features of your DB engine to control access to your DB instance

95copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

A Resilient Durable Application Architecture

Amazon RDS database

instances

Master and Multi-AZ standby

Application in Amazon

EC2 instances

Elastic Load Balancing

load balancer instance

DB snapshots in

Amazon S3

96copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Best Practices

Monitor your memory CPU and storage usage

Use Multi-AZ deployments to automatically provision and maintain a synchronous standby in a different Availability Zone

Enable automatic backups

Set the backup window to occur during the daily low in WriteIOPS

To increase the IO capacity of a DB instance Migrate to a DB instance class with high IO capacity

Convert from standard storage to provisioned IOPS storage and use a DB instance class optimized for provisioned IOPS

Provision additional throughput capacity (if using provisioned IOPS storage)

If your client application is caching the DNS data of your DB instances set a TTL of less than 30 seconds

Test failover for your DB instance

97copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon DynamoDB

Store any amount of data with no limits

Fast predictable performance using SSDs

Easily provision and change the request

capacity needed for each table

Fully managed NoSQL database serviceAmazon

DynamoDB

98copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Use Case

AdRoll an online advertising platform serves 50

billion impressions a day worldwide with its

global retargeting platforms

We spend more on snacks

than we do on Amazon

DynamoDB

Valentino Volonghi

CTO Adroll

rdquo

ldquoAdroll Uses AWS to grow by more than

15000 in a year

Needed high-performance flexible

platform to swiftly sync data for

worldwide audience

Processes 50 TB of data a day

Serves 50 billion impressions a day

Stores 15 PB of data

Worldwide deployment minimizes

latency

99copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Data Model

Table

MusicItems

Attributes (name-value pairs)

Artist Song

Title

Album

Title

Year Genre

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 65: AWSome Day Cork | Technical Track

65copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security Groups

SSL Endpoints Security Groups

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

VPC

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

66copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

VPCSSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

67copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Multi-Tier Security Groups

HTTP

SSHRDP

Ports 80 and 443 only

open to the Internet

Engineering staff have SSHRDP

access to Bastion Host

All other internet ports blocked by default

Bastion

68copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Identity and Access Management (IAM)

AWS IAM

3

Manage federated users

and their permissions

2

Manage AWS IAM roles

and their permissions

1

Manage AWS IAM users

and their access

69copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Authentication

AWS Management Console User Name and Password

IAM User

70copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Access Key ID AKIAIOSFODNN7EXAMPLE

Secret Access Key wJalrXUtnFEMIK7MDENGbPxRfiCYEXAMPLEKEY

Java Python NET

AWS SDK amp APIAWS CLI

Authentication

AWS CLI or SDK API Access Key and Secret Key

IAM User

71copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM User Management - Groups

User D

DevOps Group

User C

AWS Account

TestDev Group

User BUser A

72copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authorization

Authorization

Policies

Are JSON documents to

describe permissions

Are assigned to Users

Groups or Roles

IAM User IAM Group

IAM Roles

73copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Elements

Version 2012-10-17

Statement [

Sid Stmt1453690971587

Action [

ec2Describe

ec2StartInstances

ec2StopInstancesrdquo

]

Effect Allow

Resource

Condition

IpAddress

awsSourceIp 5464346532rdquo

Sid Stmt1453690998327

Action [

s3GetObjectrdquo

]

Effect Allow

Resource arnawss3example_bucketrdquo

]

IAM Policy

74copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

Assigned Assigned

IAM Policy

75copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

76copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Roles

An IAM role uses a policy

An IAM role has no associated credentials

IAM users applications and services may assume IAM

roles

IAM Roles

77copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

IAM User

Assumed Assumed

AWS Resources

78copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Access to AWS Resources

Python application hosted on an Amazon EC2 Instance

needs to interact with Amazon S3

AWS credentials are required

Option 1 Store AWS Credentials on the Amazon EC2 instance

Option 2 Securely distribute AWS credentials to AWS Services

and Applications

IAM Roles

79copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Authentication

AWS IAM Application

No Support No Support

OS

80copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication and Authorization

Authentication

AWS Management Console

bull User Name and Password

AWS CLI or SDK API

bull Access Key and Secret Key

Authorization

Policies

IAM User IAM Group

IAM Roles

81copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices

Delete AWS account (root) access keys

Create individual IAM users

Use groups to assign permissions to IAM users

Grant least privilege

Configure a strong password policy

Enable MFA for privileged users

82copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices (cont)

Use roles for applications that run on Amazon EC2

instances

Delegate by using roles instead of by sharing credentials

Rotate credentials regularly

Remove unnecessary users and credentials

Use policy conditions for extra security

Monitor activity in your AWS account

83copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Resource-Based Policies

Are an alternative to IAM and supported by some

services

Grant cross-account access to your resources

Use a principal to uniquely identify account in the policy

Supported AWS services include Amazon S3 Bucket Policy

Amazon SNS Topic Policy

Amazon SQS Queue Policy

Amazon Glacier Vault Policy

AWS OpsWorks Stack Policy

AWS Lambda Function Policy

84copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answer

Q Your web application needs to readwrite an Amazon DynamoDB table

and an Amazon S3 bucket This operation requires AWS credentials and

authorization to use AWS services What service would you use

AWS IAM Role

85copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 4

Databases

86copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SQL and NoSQL Databases

SQL NoSQL

Data Storage Rows and Columns Key-Value

Schemas Fixed Dynamic

Querying Using SQL Focused on collection of

documents

Scalability Vertical Horizontal

ISBN Title Author Format

9182932465265 Cloud Computing

Concepts

Wilson

Joe

Paperback

3142536475869 The Database

Guru

Gomez

Maria

eBook

SQL NoSQL

ISBN 9182932465265

Title ldquoCloud Computing Conceptsrdquo

Author ldquoWilson Joerdquo

Format ldquoPaperbackrdquo

87copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Data Storage Considerations

No one size fits all

Analyze your data requirements by considering

Data formats

Data size

Query frequency

Data access speed

Data retention period

88copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Managed Database Services

Compute Storage

AWS Global Infrastructure

Database

App Services

Deployment and Administration

Networking

Amazon DynamoDB

Amazon ElastiCache

Amazon RDS

Amazon Redshift

AWS Database Migration Service

89copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Relational Database Service (RDS)

Cost-efficient and resizable capacity

Manages time-consuming database

administration tasks

Access to the full capabilities of Amazon

Aurora MySQL MariaDB Microsoft SQL

Server Oracle and PostgreSQL databases

Amazon

RDS

90copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Use Case

We were able to go from

concept to delivered product

in about six months with just

a handful of engineers

Greg Scallan

Chief Architect Flipboard

rdquo

ldquoFlipboard is an online magazine

with millions of users and billions of

ldquoflipsrdquo per month

Flipboard is one of the worldrsquos first

social media magazines

Flipboard uses Amazon RDS and

its Multi-AZ capabilities to store

mission critical user data

91copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS

Simple and fast to deploy

Manages common database administrative tasks

Compatible with your applications

Fast predictable performance

Simple and fast to scale

Secure

Cost-effective

92copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

How Amazon RDS Backups Work

Automatic Backups

Restore your database to a

point in time

Are enabled by default

Let you choose a retention

period up to 35 days

Manual Snapshots

Let you build a new

database instance from a

snapshot

Are initiated by the user

Persist until the user deletes

them

Are stored in Amazon S3

93copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cross-Region Snapshots

Are a copy of a database

snapshot stored in a

different AWS Region

Provide a backup for

disaster recovery

Can be used as a base

for migration to a

different region

94copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Security

Run your DB instance in an Amazon VPC

Use IAM policies to grant access to Amazon RDS resources

Use security groups

Use Secure Socket Layer (SSL) connections with DB instances (Amazon Aurora Oracle MySQL MariaDB PostgreSQL Microsoft SQL Server)

Use Amazon RDS encryption to secure your RDS instances and snapshots at rest

Use network encryption and transparent data encryption (TDE) with Oracle DB and Microsoft SQL Server instances

Use the security features of your DB engine to control access to your DB instance

95copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

A Resilient Durable Application Architecture

Amazon RDS database

instances

Master and Multi-AZ standby

Application in Amazon

EC2 instances

Elastic Load Balancing

load balancer instance

DB snapshots in

Amazon S3

96copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Best Practices

Monitor your memory CPU and storage usage

Use Multi-AZ deployments to automatically provision and maintain a synchronous standby in a different Availability Zone

Enable automatic backups

Set the backup window to occur during the daily low in WriteIOPS

To increase the IO capacity of a DB instance Migrate to a DB instance class with high IO capacity

Convert from standard storage to provisioned IOPS storage and use a DB instance class optimized for provisioned IOPS

Provision additional throughput capacity (if using provisioned IOPS storage)

If your client application is caching the DNS data of your DB instances set a TTL of less than 30 seconds

Test failover for your DB instance

97copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon DynamoDB

Store any amount of data with no limits

Fast predictable performance using SSDs

Easily provision and change the request

capacity needed for each table

Fully managed NoSQL database serviceAmazon

DynamoDB

98copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Use Case

AdRoll an online advertising platform serves 50

billion impressions a day worldwide with its

global retargeting platforms

We spend more on snacks

than we do on Amazon

DynamoDB

Valentino Volonghi

CTO Adroll

rdquo

ldquoAdroll Uses AWS to grow by more than

15000 in a year

Needed high-performance flexible

platform to swiftly sync data for

worldwide audience

Processes 50 TB of data a day

Serves 50 billion impressions a day

Stores 15 PB of data

Worldwide deployment minimizes

latency

99copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Data Model

Table

MusicItems

Attributes (name-value pairs)

Artist Song

Title

Album

Title

Year Genre

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 66: AWSome Day Cork | Technical Track

66copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Virtual Private Cloud (VPC)

VPCSSL Endpoints Security Groups

Network Control

In your Virtual

Private Cloud create

low-level networking

constraints for

resource access

Public and private

subnets NAT and

VPN support

Instance Firewalls

Configure firewall

rules for instances

using Security

Groups

Secure Transmission

Establish secure

communication

sessions (HTTPS)

using SSLTLS

67copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Multi-Tier Security Groups

HTTP

SSHRDP

Ports 80 and 443 only

open to the Internet

Engineering staff have SSHRDP

access to Bastion Host

All other internet ports blocked by default

Bastion

68copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Identity and Access Management (IAM)

AWS IAM

3

Manage federated users

and their permissions

2

Manage AWS IAM roles

and their permissions

1

Manage AWS IAM users

and their access

69copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Authentication

AWS Management Console User Name and Password

IAM User

70copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Access Key ID AKIAIOSFODNN7EXAMPLE

Secret Access Key wJalrXUtnFEMIK7MDENGbPxRfiCYEXAMPLEKEY

Java Python NET

AWS SDK amp APIAWS CLI

Authentication

AWS CLI or SDK API Access Key and Secret Key

IAM User

71copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM User Management - Groups

User D

DevOps Group

User C

AWS Account

TestDev Group

User BUser A

72copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authorization

Authorization

Policies

Are JSON documents to

describe permissions

Are assigned to Users

Groups or Roles

IAM User IAM Group

IAM Roles

73copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Elements

Version 2012-10-17

Statement [

Sid Stmt1453690971587

Action [

ec2Describe

ec2StartInstances

ec2StopInstancesrdquo

]

Effect Allow

Resource

Condition

IpAddress

awsSourceIp 5464346532rdquo

Sid Stmt1453690998327

Action [

s3GetObjectrdquo

]

Effect Allow

Resource arnawss3example_bucketrdquo

]

IAM Policy

74copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

Assigned Assigned

IAM Policy

75copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

76copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Roles

An IAM role uses a policy

An IAM role has no associated credentials

IAM users applications and services may assume IAM

roles

IAM Roles

77copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

IAM User

Assumed Assumed

AWS Resources

78copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Access to AWS Resources

Python application hosted on an Amazon EC2 Instance

needs to interact with Amazon S3

AWS credentials are required

Option 1 Store AWS Credentials on the Amazon EC2 instance

Option 2 Securely distribute AWS credentials to AWS Services

and Applications

IAM Roles

79copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Authentication

AWS IAM Application

No Support No Support

OS

80copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication and Authorization

Authentication

AWS Management Console

bull User Name and Password

AWS CLI or SDK API

bull Access Key and Secret Key

Authorization

Policies

IAM User IAM Group

IAM Roles

81copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices

Delete AWS account (root) access keys

Create individual IAM users

Use groups to assign permissions to IAM users

Grant least privilege

Configure a strong password policy

Enable MFA for privileged users

82copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices (cont)

Use roles for applications that run on Amazon EC2

instances

Delegate by using roles instead of by sharing credentials

Rotate credentials regularly

Remove unnecessary users and credentials

Use policy conditions for extra security

Monitor activity in your AWS account

83copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Resource-Based Policies

Are an alternative to IAM and supported by some

services

Grant cross-account access to your resources

Use a principal to uniquely identify account in the policy

Supported AWS services include Amazon S3 Bucket Policy

Amazon SNS Topic Policy

Amazon SQS Queue Policy

Amazon Glacier Vault Policy

AWS OpsWorks Stack Policy

AWS Lambda Function Policy

84copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answer

Q Your web application needs to readwrite an Amazon DynamoDB table

and an Amazon S3 bucket This operation requires AWS credentials and

authorization to use AWS services What service would you use

AWS IAM Role

85copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 4

Databases

86copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SQL and NoSQL Databases

SQL NoSQL

Data Storage Rows and Columns Key-Value

Schemas Fixed Dynamic

Querying Using SQL Focused on collection of

documents

Scalability Vertical Horizontal

ISBN Title Author Format

9182932465265 Cloud Computing

Concepts

Wilson

Joe

Paperback

3142536475869 The Database

Guru

Gomez

Maria

eBook

SQL NoSQL

ISBN 9182932465265

Title ldquoCloud Computing Conceptsrdquo

Author ldquoWilson Joerdquo

Format ldquoPaperbackrdquo

87copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Data Storage Considerations

No one size fits all

Analyze your data requirements by considering

Data formats

Data size

Query frequency

Data access speed

Data retention period

88copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Managed Database Services

Compute Storage

AWS Global Infrastructure

Database

App Services

Deployment and Administration

Networking

Amazon DynamoDB

Amazon ElastiCache

Amazon RDS

Amazon Redshift

AWS Database Migration Service

89copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Relational Database Service (RDS)

Cost-efficient and resizable capacity

Manages time-consuming database

administration tasks

Access to the full capabilities of Amazon

Aurora MySQL MariaDB Microsoft SQL

Server Oracle and PostgreSQL databases

Amazon

RDS

90copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Use Case

We were able to go from

concept to delivered product

in about six months with just

a handful of engineers

Greg Scallan

Chief Architect Flipboard

rdquo

ldquoFlipboard is an online magazine

with millions of users and billions of

ldquoflipsrdquo per month

Flipboard is one of the worldrsquos first

social media magazines

Flipboard uses Amazon RDS and

its Multi-AZ capabilities to store

mission critical user data

91copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS

Simple and fast to deploy

Manages common database administrative tasks

Compatible with your applications

Fast predictable performance

Simple and fast to scale

Secure

Cost-effective

92copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

How Amazon RDS Backups Work

Automatic Backups

Restore your database to a

point in time

Are enabled by default

Let you choose a retention

period up to 35 days

Manual Snapshots

Let you build a new

database instance from a

snapshot

Are initiated by the user

Persist until the user deletes

them

Are stored in Amazon S3

93copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cross-Region Snapshots

Are a copy of a database

snapshot stored in a

different AWS Region

Provide a backup for

disaster recovery

Can be used as a base

for migration to a

different region

94copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Security

Run your DB instance in an Amazon VPC

Use IAM policies to grant access to Amazon RDS resources

Use security groups

Use Secure Socket Layer (SSL) connections with DB instances (Amazon Aurora Oracle MySQL MariaDB PostgreSQL Microsoft SQL Server)

Use Amazon RDS encryption to secure your RDS instances and snapshots at rest

Use network encryption and transparent data encryption (TDE) with Oracle DB and Microsoft SQL Server instances

Use the security features of your DB engine to control access to your DB instance

95copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

A Resilient Durable Application Architecture

Amazon RDS database

instances

Master and Multi-AZ standby

Application in Amazon

EC2 instances

Elastic Load Balancing

load balancer instance

DB snapshots in

Amazon S3

96copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Best Practices

Monitor your memory CPU and storage usage

Use Multi-AZ deployments to automatically provision and maintain a synchronous standby in a different Availability Zone

Enable automatic backups

Set the backup window to occur during the daily low in WriteIOPS

To increase the IO capacity of a DB instance Migrate to a DB instance class with high IO capacity

Convert from standard storage to provisioned IOPS storage and use a DB instance class optimized for provisioned IOPS

Provision additional throughput capacity (if using provisioned IOPS storage)

If your client application is caching the DNS data of your DB instances set a TTL of less than 30 seconds

Test failover for your DB instance

97copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon DynamoDB

Store any amount of data with no limits

Fast predictable performance using SSDs

Easily provision and change the request

capacity needed for each table

Fully managed NoSQL database serviceAmazon

DynamoDB

98copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Use Case

AdRoll an online advertising platform serves 50

billion impressions a day worldwide with its

global retargeting platforms

We spend more on snacks

than we do on Amazon

DynamoDB

Valentino Volonghi

CTO Adroll

rdquo

ldquoAdroll Uses AWS to grow by more than

15000 in a year

Needed high-performance flexible

platform to swiftly sync data for

worldwide audience

Processes 50 TB of data a day

Serves 50 billion impressions a day

Stores 15 PB of data

Worldwide deployment minimizes

latency

99copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Data Model

Table

MusicItems

Attributes (name-value pairs)

Artist Song

Title

Album

Title

Year Genre

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 67: AWSome Day Cork | Technical Track

67copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Multi-Tier Security Groups

HTTP

SSHRDP

Ports 80 and 443 only

open to the Internet

Engineering staff have SSHRDP

access to Bastion Host

All other internet ports blocked by default

Bastion

68copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Identity and Access Management (IAM)

AWS IAM

3

Manage federated users

and their permissions

2

Manage AWS IAM roles

and their permissions

1

Manage AWS IAM users

and their access

69copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Authentication

AWS Management Console User Name and Password

IAM User

70copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Access Key ID AKIAIOSFODNN7EXAMPLE

Secret Access Key wJalrXUtnFEMIK7MDENGbPxRfiCYEXAMPLEKEY

Java Python NET

AWS SDK amp APIAWS CLI

Authentication

AWS CLI or SDK API Access Key and Secret Key

IAM User

71copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM User Management - Groups

User D

DevOps Group

User C

AWS Account

TestDev Group

User BUser A

72copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authorization

Authorization

Policies

Are JSON documents to

describe permissions

Are assigned to Users

Groups or Roles

IAM User IAM Group

IAM Roles

73copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Elements

Version 2012-10-17

Statement [

Sid Stmt1453690971587

Action [

ec2Describe

ec2StartInstances

ec2StopInstancesrdquo

]

Effect Allow

Resource

Condition

IpAddress

awsSourceIp 5464346532rdquo

Sid Stmt1453690998327

Action [

s3GetObjectrdquo

]

Effect Allow

Resource arnawss3example_bucketrdquo

]

IAM Policy

74copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

Assigned Assigned

IAM Policy

75copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

76copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Roles

An IAM role uses a policy

An IAM role has no associated credentials

IAM users applications and services may assume IAM

roles

IAM Roles

77copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

IAM User

Assumed Assumed

AWS Resources

78copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Access to AWS Resources

Python application hosted on an Amazon EC2 Instance

needs to interact with Amazon S3

AWS credentials are required

Option 1 Store AWS Credentials on the Amazon EC2 instance

Option 2 Securely distribute AWS credentials to AWS Services

and Applications

IAM Roles

79copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Authentication

AWS IAM Application

No Support No Support

OS

80copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication and Authorization

Authentication

AWS Management Console

bull User Name and Password

AWS CLI or SDK API

bull Access Key and Secret Key

Authorization

Policies

IAM User IAM Group

IAM Roles

81copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices

Delete AWS account (root) access keys

Create individual IAM users

Use groups to assign permissions to IAM users

Grant least privilege

Configure a strong password policy

Enable MFA for privileged users

82copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices (cont)

Use roles for applications that run on Amazon EC2

instances

Delegate by using roles instead of by sharing credentials

Rotate credentials regularly

Remove unnecessary users and credentials

Use policy conditions for extra security

Monitor activity in your AWS account

83copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Resource-Based Policies

Are an alternative to IAM and supported by some

services

Grant cross-account access to your resources

Use a principal to uniquely identify account in the policy

Supported AWS services include Amazon S3 Bucket Policy

Amazon SNS Topic Policy

Amazon SQS Queue Policy

Amazon Glacier Vault Policy

AWS OpsWorks Stack Policy

AWS Lambda Function Policy

84copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answer

Q Your web application needs to readwrite an Amazon DynamoDB table

and an Amazon S3 bucket This operation requires AWS credentials and

authorization to use AWS services What service would you use

AWS IAM Role

85copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 4

Databases

86copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SQL and NoSQL Databases

SQL NoSQL

Data Storage Rows and Columns Key-Value

Schemas Fixed Dynamic

Querying Using SQL Focused on collection of

documents

Scalability Vertical Horizontal

ISBN Title Author Format

9182932465265 Cloud Computing

Concepts

Wilson

Joe

Paperback

3142536475869 The Database

Guru

Gomez

Maria

eBook

SQL NoSQL

ISBN 9182932465265

Title ldquoCloud Computing Conceptsrdquo

Author ldquoWilson Joerdquo

Format ldquoPaperbackrdquo

87copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Data Storage Considerations

No one size fits all

Analyze your data requirements by considering

Data formats

Data size

Query frequency

Data access speed

Data retention period

88copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Managed Database Services

Compute Storage

AWS Global Infrastructure

Database

App Services

Deployment and Administration

Networking

Amazon DynamoDB

Amazon ElastiCache

Amazon RDS

Amazon Redshift

AWS Database Migration Service

89copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Relational Database Service (RDS)

Cost-efficient and resizable capacity

Manages time-consuming database

administration tasks

Access to the full capabilities of Amazon

Aurora MySQL MariaDB Microsoft SQL

Server Oracle and PostgreSQL databases

Amazon

RDS

90copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Use Case

We were able to go from

concept to delivered product

in about six months with just

a handful of engineers

Greg Scallan

Chief Architect Flipboard

rdquo

ldquoFlipboard is an online magazine

with millions of users and billions of

ldquoflipsrdquo per month

Flipboard is one of the worldrsquos first

social media magazines

Flipboard uses Amazon RDS and

its Multi-AZ capabilities to store

mission critical user data

91copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS

Simple and fast to deploy

Manages common database administrative tasks

Compatible with your applications

Fast predictable performance

Simple and fast to scale

Secure

Cost-effective

92copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

How Amazon RDS Backups Work

Automatic Backups

Restore your database to a

point in time

Are enabled by default

Let you choose a retention

period up to 35 days

Manual Snapshots

Let you build a new

database instance from a

snapshot

Are initiated by the user

Persist until the user deletes

them

Are stored in Amazon S3

93copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cross-Region Snapshots

Are a copy of a database

snapshot stored in a

different AWS Region

Provide a backup for

disaster recovery

Can be used as a base

for migration to a

different region

94copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Security

Run your DB instance in an Amazon VPC

Use IAM policies to grant access to Amazon RDS resources

Use security groups

Use Secure Socket Layer (SSL) connections with DB instances (Amazon Aurora Oracle MySQL MariaDB PostgreSQL Microsoft SQL Server)

Use Amazon RDS encryption to secure your RDS instances and snapshots at rest

Use network encryption and transparent data encryption (TDE) with Oracle DB and Microsoft SQL Server instances

Use the security features of your DB engine to control access to your DB instance

95copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

A Resilient Durable Application Architecture

Amazon RDS database

instances

Master and Multi-AZ standby

Application in Amazon

EC2 instances

Elastic Load Balancing

load balancer instance

DB snapshots in

Amazon S3

96copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Best Practices

Monitor your memory CPU and storage usage

Use Multi-AZ deployments to automatically provision and maintain a synchronous standby in a different Availability Zone

Enable automatic backups

Set the backup window to occur during the daily low in WriteIOPS

To increase the IO capacity of a DB instance Migrate to a DB instance class with high IO capacity

Convert from standard storage to provisioned IOPS storage and use a DB instance class optimized for provisioned IOPS

Provision additional throughput capacity (if using provisioned IOPS storage)

If your client application is caching the DNS data of your DB instances set a TTL of less than 30 seconds

Test failover for your DB instance

97copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon DynamoDB

Store any amount of data with no limits

Fast predictable performance using SSDs

Easily provision and change the request

capacity needed for each table

Fully managed NoSQL database serviceAmazon

DynamoDB

98copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Use Case

AdRoll an online advertising platform serves 50

billion impressions a day worldwide with its

global retargeting platforms

We spend more on snacks

than we do on Amazon

DynamoDB

Valentino Volonghi

CTO Adroll

rdquo

ldquoAdroll Uses AWS to grow by more than

15000 in a year

Needed high-performance flexible

platform to swiftly sync data for

worldwide audience

Processes 50 TB of data a day

Serves 50 billion impressions a day

Stores 15 PB of data

Worldwide deployment minimizes

latency

99copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Data Model

Table

MusicItems

Attributes (name-value pairs)

Artist Song

Title

Album

Title

Year Genre

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 68: AWSome Day Cork | Technical Track

68copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Identity and Access Management (IAM)

AWS IAM

3

Manage federated users

and their permissions

2

Manage AWS IAM roles

and their permissions

1

Manage AWS IAM users

and their access

69copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Authentication

AWS Management Console User Name and Password

IAM User

70copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Access Key ID AKIAIOSFODNN7EXAMPLE

Secret Access Key wJalrXUtnFEMIK7MDENGbPxRfiCYEXAMPLEKEY

Java Python NET

AWS SDK amp APIAWS CLI

Authentication

AWS CLI or SDK API Access Key and Secret Key

IAM User

71copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM User Management - Groups

User D

DevOps Group

User C

AWS Account

TestDev Group

User BUser A

72copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authorization

Authorization

Policies

Are JSON documents to

describe permissions

Are assigned to Users

Groups or Roles

IAM User IAM Group

IAM Roles

73copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Elements

Version 2012-10-17

Statement [

Sid Stmt1453690971587

Action [

ec2Describe

ec2StartInstances

ec2StopInstancesrdquo

]

Effect Allow

Resource

Condition

IpAddress

awsSourceIp 5464346532rdquo

Sid Stmt1453690998327

Action [

s3GetObjectrdquo

]

Effect Allow

Resource arnawss3example_bucketrdquo

]

IAM Policy

74copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

Assigned Assigned

IAM Policy

75copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

76copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Roles

An IAM role uses a policy

An IAM role has no associated credentials

IAM users applications and services may assume IAM

roles

IAM Roles

77copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

IAM User

Assumed Assumed

AWS Resources

78copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Access to AWS Resources

Python application hosted on an Amazon EC2 Instance

needs to interact with Amazon S3

AWS credentials are required

Option 1 Store AWS Credentials on the Amazon EC2 instance

Option 2 Securely distribute AWS credentials to AWS Services

and Applications

IAM Roles

79copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Authentication

AWS IAM Application

No Support No Support

OS

80copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication and Authorization

Authentication

AWS Management Console

bull User Name and Password

AWS CLI or SDK API

bull Access Key and Secret Key

Authorization

Policies

IAM User IAM Group

IAM Roles

81copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices

Delete AWS account (root) access keys

Create individual IAM users

Use groups to assign permissions to IAM users

Grant least privilege

Configure a strong password policy

Enable MFA for privileged users

82copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices (cont)

Use roles for applications that run on Amazon EC2

instances

Delegate by using roles instead of by sharing credentials

Rotate credentials regularly

Remove unnecessary users and credentials

Use policy conditions for extra security

Monitor activity in your AWS account

83copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Resource-Based Policies

Are an alternative to IAM and supported by some

services

Grant cross-account access to your resources

Use a principal to uniquely identify account in the policy

Supported AWS services include Amazon S3 Bucket Policy

Amazon SNS Topic Policy

Amazon SQS Queue Policy

Amazon Glacier Vault Policy

AWS OpsWorks Stack Policy

AWS Lambda Function Policy

84copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answer

Q Your web application needs to readwrite an Amazon DynamoDB table

and an Amazon S3 bucket This operation requires AWS credentials and

authorization to use AWS services What service would you use

AWS IAM Role

85copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 4

Databases

86copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SQL and NoSQL Databases

SQL NoSQL

Data Storage Rows and Columns Key-Value

Schemas Fixed Dynamic

Querying Using SQL Focused on collection of

documents

Scalability Vertical Horizontal

ISBN Title Author Format

9182932465265 Cloud Computing

Concepts

Wilson

Joe

Paperback

3142536475869 The Database

Guru

Gomez

Maria

eBook

SQL NoSQL

ISBN 9182932465265

Title ldquoCloud Computing Conceptsrdquo

Author ldquoWilson Joerdquo

Format ldquoPaperbackrdquo

87copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Data Storage Considerations

No one size fits all

Analyze your data requirements by considering

Data formats

Data size

Query frequency

Data access speed

Data retention period

88copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Managed Database Services

Compute Storage

AWS Global Infrastructure

Database

App Services

Deployment and Administration

Networking

Amazon DynamoDB

Amazon ElastiCache

Amazon RDS

Amazon Redshift

AWS Database Migration Service

89copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Relational Database Service (RDS)

Cost-efficient and resizable capacity

Manages time-consuming database

administration tasks

Access to the full capabilities of Amazon

Aurora MySQL MariaDB Microsoft SQL

Server Oracle and PostgreSQL databases

Amazon

RDS

90copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Use Case

We were able to go from

concept to delivered product

in about six months with just

a handful of engineers

Greg Scallan

Chief Architect Flipboard

rdquo

ldquoFlipboard is an online magazine

with millions of users and billions of

ldquoflipsrdquo per month

Flipboard is one of the worldrsquos first

social media magazines

Flipboard uses Amazon RDS and

its Multi-AZ capabilities to store

mission critical user data

91copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS

Simple and fast to deploy

Manages common database administrative tasks

Compatible with your applications

Fast predictable performance

Simple and fast to scale

Secure

Cost-effective

92copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

How Amazon RDS Backups Work

Automatic Backups

Restore your database to a

point in time

Are enabled by default

Let you choose a retention

period up to 35 days

Manual Snapshots

Let you build a new

database instance from a

snapshot

Are initiated by the user

Persist until the user deletes

them

Are stored in Amazon S3

93copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cross-Region Snapshots

Are a copy of a database

snapshot stored in a

different AWS Region

Provide a backup for

disaster recovery

Can be used as a base

for migration to a

different region

94copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Security

Run your DB instance in an Amazon VPC

Use IAM policies to grant access to Amazon RDS resources

Use security groups

Use Secure Socket Layer (SSL) connections with DB instances (Amazon Aurora Oracle MySQL MariaDB PostgreSQL Microsoft SQL Server)

Use Amazon RDS encryption to secure your RDS instances and snapshots at rest

Use network encryption and transparent data encryption (TDE) with Oracle DB and Microsoft SQL Server instances

Use the security features of your DB engine to control access to your DB instance

95copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

A Resilient Durable Application Architecture

Amazon RDS database

instances

Master and Multi-AZ standby

Application in Amazon

EC2 instances

Elastic Load Balancing

load balancer instance

DB snapshots in

Amazon S3

96copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Best Practices

Monitor your memory CPU and storage usage

Use Multi-AZ deployments to automatically provision and maintain a synchronous standby in a different Availability Zone

Enable automatic backups

Set the backup window to occur during the daily low in WriteIOPS

To increase the IO capacity of a DB instance Migrate to a DB instance class with high IO capacity

Convert from standard storage to provisioned IOPS storage and use a DB instance class optimized for provisioned IOPS

Provision additional throughput capacity (if using provisioned IOPS storage)

If your client application is caching the DNS data of your DB instances set a TTL of less than 30 seconds

Test failover for your DB instance

97copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon DynamoDB

Store any amount of data with no limits

Fast predictable performance using SSDs

Easily provision and change the request

capacity needed for each table

Fully managed NoSQL database serviceAmazon

DynamoDB

98copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Use Case

AdRoll an online advertising platform serves 50

billion impressions a day worldwide with its

global retargeting platforms

We spend more on snacks

than we do on Amazon

DynamoDB

Valentino Volonghi

CTO Adroll

rdquo

ldquoAdroll Uses AWS to grow by more than

15000 in a year

Needed high-performance flexible

platform to swiftly sync data for

worldwide audience

Processes 50 TB of data a day

Serves 50 billion impressions a day

Stores 15 PB of data

Worldwide deployment minimizes

latency

99copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Data Model

Table

MusicItems

Attributes (name-value pairs)

Artist Song

Title

Album

Title

Year Genre

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 69: AWSome Day Cork | Technical Track

69copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Authentication

AWS Management Console User Name and Password

IAM User

70copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Access Key ID AKIAIOSFODNN7EXAMPLE

Secret Access Key wJalrXUtnFEMIK7MDENGbPxRfiCYEXAMPLEKEY

Java Python NET

AWS SDK amp APIAWS CLI

Authentication

AWS CLI or SDK API Access Key and Secret Key

IAM User

71copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM User Management - Groups

User D

DevOps Group

User C

AWS Account

TestDev Group

User BUser A

72copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authorization

Authorization

Policies

Are JSON documents to

describe permissions

Are assigned to Users

Groups or Roles

IAM User IAM Group

IAM Roles

73copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Elements

Version 2012-10-17

Statement [

Sid Stmt1453690971587

Action [

ec2Describe

ec2StartInstances

ec2StopInstancesrdquo

]

Effect Allow

Resource

Condition

IpAddress

awsSourceIp 5464346532rdquo

Sid Stmt1453690998327

Action [

s3GetObjectrdquo

]

Effect Allow

Resource arnawss3example_bucketrdquo

]

IAM Policy

74copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

Assigned Assigned

IAM Policy

75copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

76copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Roles

An IAM role uses a policy

An IAM role has no associated credentials

IAM users applications and services may assume IAM

roles

IAM Roles

77copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

IAM User

Assumed Assumed

AWS Resources

78copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Access to AWS Resources

Python application hosted on an Amazon EC2 Instance

needs to interact with Amazon S3

AWS credentials are required

Option 1 Store AWS Credentials on the Amazon EC2 instance

Option 2 Securely distribute AWS credentials to AWS Services

and Applications

IAM Roles

79copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Authentication

AWS IAM Application

No Support No Support

OS

80copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication and Authorization

Authentication

AWS Management Console

bull User Name and Password

AWS CLI or SDK API

bull Access Key and Secret Key

Authorization

Policies

IAM User IAM Group

IAM Roles

81copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices

Delete AWS account (root) access keys

Create individual IAM users

Use groups to assign permissions to IAM users

Grant least privilege

Configure a strong password policy

Enable MFA for privileged users

82copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices (cont)

Use roles for applications that run on Amazon EC2

instances

Delegate by using roles instead of by sharing credentials

Rotate credentials regularly

Remove unnecessary users and credentials

Use policy conditions for extra security

Monitor activity in your AWS account

83copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Resource-Based Policies

Are an alternative to IAM and supported by some

services

Grant cross-account access to your resources

Use a principal to uniquely identify account in the policy

Supported AWS services include Amazon S3 Bucket Policy

Amazon SNS Topic Policy

Amazon SQS Queue Policy

Amazon Glacier Vault Policy

AWS OpsWorks Stack Policy

AWS Lambda Function Policy

84copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answer

Q Your web application needs to readwrite an Amazon DynamoDB table

and an Amazon S3 bucket This operation requires AWS credentials and

authorization to use AWS services What service would you use

AWS IAM Role

85copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 4

Databases

86copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SQL and NoSQL Databases

SQL NoSQL

Data Storage Rows and Columns Key-Value

Schemas Fixed Dynamic

Querying Using SQL Focused on collection of

documents

Scalability Vertical Horizontal

ISBN Title Author Format

9182932465265 Cloud Computing

Concepts

Wilson

Joe

Paperback

3142536475869 The Database

Guru

Gomez

Maria

eBook

SQL NoSQL

ISBN 9182932465265

Title ldquoCloud Computing Conceptsrdquo

Author ldquoWilson Joerdquo

Format ldquoPaperbackrdquo

87copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Data Storage Considerations

No one size fits all

Analyze your data requirements by considering

Data formats

Data size

Query frequency

Data access speed

Data retention period

88copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Managed Database Services

Compute Storage

AWS Global Infrastructure

Database

App Services

Deployment and Administration

Networking

Amazon DynamoDB

Amazon ElastiCache

Amazon RDS

Amazon Redshift

AWS Database Migration Service

89copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Relational Database Service (RDS)

Cost-efficient and resizable capacity

Manages time-consuming database

administration tasks

Access to the full capabilities of Amazon

Aurora MySQL MariaDB Microsoft SQL

Server Oracle and PostgreSQL databases

Amazon

RDS

90copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Use Case

We were able to go from

concept to delivered product

in about six months with just

a handful of engineers

Greg Scallan

Chief Architect Flipboard

rdquo

ldquoFlipboard is an online magazine

with millions of users and billions of

ldquoflipsrdquo per month

Flipboard is one of the worldrsquos first

social media magazines

Flipboard uses Amazon RDS and

its Multi-AZ capabilities to store

mission critical user data

91copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS

Simple and fast to deploy

Manages common database administrative tasks

Compatible with your applications

Fast predictable performance

Simple and fast to scale

Secure

Cost-effective

92copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

How Amazon RDS Backups Work

Automatic Backups

Restore your database to a

point in time

Are enabled by default

Let you choose a retention

period up to 35 days

Manual Snapshots

Let you build a new

database instance from a

snapshot

Are initiated by the user

Persist until the user deletes

them

Are stored in Amazon S3

93copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cross-Region Snapshots

Are a copy of a database

snapshot stored in a

different AWS Region

Provide a backup for

disaster recovery

Can be used as a base

for migration to a

different region

94copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Security

Run your DB instance in an Amazon VPC

Use IAM policies to grant access to Amazon RDS resources

Use security groups

Use Secure Socket Layer (SSL) connections with DB instances (Amazon Aurora Oracle MySQL MariaDB PostgreSQL Microsoft SQL Server)

Use Amazon RDS encryption to secure your RDS instances and snapshots at rest

Use network encryption and transparent data encryption (TDE) with Oracle DB and Microsoft SQL Server instances

Use the security features of your DB engine to control access to your DB instance

95copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

A Resilient Durable Application Architecture

Amazon RDS database

instances

Master and Multi-AZ standby

Application in Amazon

EC2 instances

Elastic Load Balancing

load balancer instance

DB snapshots in

Amazon S3

96copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Best Practices

Monitor your memory CPU and storage usage

Use Multi-AZ deployments to automatically provision and maintain a synchronous standby in a different Availability Zone

Enable automatic backups

Set the backup window to occur during the daily low in WriteIOPS

To increase the IO capacity of a DB instance Migrate to a DB instance class with high IO capacity

Convert from standard storage to provisioned IOPS storage and use a DB instance class optimized for provisioned IOPS

Provision additional throughput capacity (if using provisioned IOPS storage)

If your client application is caching the DNS data of your DB instances set a TTL of less than 30 seconds

Test failover for your DB instance

97copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon DynamoDB

Store any amount of data with no limits

Fast predictable performance using SSDs

Easily provision and change the request

capacity needed for each table

Fully managed NoSQL database serviceAmazon

DynamoDB

98copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Use Case

AdRoll an online advertising platform serves 50

billion impressions a day worldwide with its

global retargeting platforms

We spend more on snacks

than we do on Amazon

DynamoDB

Valentino Volonghi

CTO Adroll

rdquo

ldquoAdroll Uses AWS to grow by more than

15000 in a year

Needed high-performance flexible

platform to swiftly sync data for

worldwide audience

Processes 50 TB of data a day

Serves 50 billion impressions a day

Stores 15 PB of data

Worldwide deployment minimizes

latency

99copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Data Model

Table

MusicItems

Attributes (name-value pairs)

Artist Song

Title

Album

Title

Year Genre

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 70: AWSome Day Cork | Technical Track

70copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication

Access Key ID AKIAIOSFODNN7EXAMPLE

Secret Access Key wJalrXUtnFEMIK7MDENGbPxRfiCYEXAMPLEKEY

Java Python NET

AWS SDK amp APIAWS CLI

Authentication

AWS CLI or SDK API Access Key and Secret Key

IAM User

71copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM User Management - Groups

User D

DevOps Group

User C

AWS Account

TestDev Group

User BUser A

72copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authorization

Authorization

Policies

Are JSON documents to

describe permissions

Are assigned to Users

Groups or Roles

IAM User IAM Group

IAM Roles

73copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Elements

Version 2012-10-17

Statement [

Sid Stmt1453690971587

Action [

ec2Describe

ec2StartInstances

ec2StopInstancesrdquo

]

Effect Allow

Resource

Condition

IpAddress

awsSourceIp 5464346532rdquo

Sid Stmt1453690998327

Action [

s3GetObjectrdquo

]

Effect Allow

Resource arnawss3example_bucketrdquo

]

IAM Policy

74copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

Assigned Assigned

IAM Policy

75copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

76copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Roles

An IAM role uses a policy

An IAM role has no associated credentials

IAM users applications and services may assume IAM

roles

IAM Roles

77copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

IAM User

Assumed Assumed

AWS Resources

78copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Access to AWS Resources

Python application hosted on an Amazon EC2 Instance

needs to interact with Amazon S3

AWS credentials are required

Option 1 Store AWS Credentials on the Amazon EC2 instance

Option 2 Securely distribute AWS credentials to AWS Services

and Applications

IAM Roles

79copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Authentication

AWS IAM Application

No Support No Support

OS

80copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication and Authorization

Authentication

AWS Management Console

bull User Name and Password

AWS CLI or SDK API

bull Access Key and Secret Key

Authorization

Policies

IAM User IAM Group

IAM Roles

81copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices

Delete AWS account (root) access keys

Create individual IAM users

Use groups to assign permissions to IAM users

Grant least privilege

Configure a strong password policy

Enable MFA for privileged users

82copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices (cont)

Use roles for applications that run on Amazon EC2

instances

Delegate by using roles instead of by sharing credentials

Rotate credentials regularly

Remove unnecessary users and credentials

Use policy conditions for extra security

Monitor activity in your AWS account

83copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Resource-Based Policies

Are an alternative to IAM and supported by some

services

Grant cross-account access to your resources

Use a principal to uniquely identify account in the policy

Supported AWS services include Amazon S3 Bucket Policy

Amazon SNS Topic Policy

Amazon SQS Queue Policy

Amazon Glacier Vault Policy

AWS OpsWorks Stack Policy

AWS Lambda Function Policy

84copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answer

Q Your web application needs to readwrite an Amazon DynamoDB table

and an Amazon S3 bucket This operation requires AWS credentials and

authorization to use AWS services What service would you use

AWS IAM Role

85copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 4

Databases

86copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SQL and NoSQL Databases

SQL NoSQL

Data Storage Rows and Columns Key-Value

Schemas Fixed Dynamic

Querying Using SQL Focused on collection of

documents

Scalability Vertical Horizontal

ISBN Title Author Format

9182932465265 Cloud Computing

Concepts

Wilson

Joe

Paperback

3142536475869 The Database

Guru

Gomez

Maria

eBook

SQL NoSQL

ISBN 9182932465265

Title ldquoCloud Computing Conceptsrdquo

Author ldquoWilson Joerdquo

Format ldquoPaperbackrdquo

87copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Data Storage Considerations

No one size fits all

Analyze your data requirements by considering

Data formats

Data size

Query frequency

Data access speed

Data retention period

88copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Managed Database Services

Compute Storage

AWS Global Infrastructure

Database

App Services

Deployment and Administration

Networking

Amazon DynamoDB

Amazon ElastiCache

Amazon RDS

Amazon Redshift

AWS Database Migration Service

89copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Relational Database Service (RDS)

Cost-efficient and resizable capacity

Manages time-consuming database

administration tasks

Access to the full capabilities of Amazon

Aurora MySQL MariaDB Microsoft SQL

Server Oracle and PostgreSQL databases

Amazon

RDS

90copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Use Case

We were able to go from

concept to delivered product

in about six months with just

a handful of engineers

Greg Scallan

Chief Architect Flipboard

rdquo

ldquoFlipboard is an online magazine

with millions of users and billions of

ldquoflipsrdquo per month

Flipboard is one of the worldrsquos first

social media magazines

Flipboard uses Amazon RDS and

its Multi-AZ capabilities to store

mission critical user data

91copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS

Simple and fast to deploy

Manages common database administrative tasks

Compatible with your applications

Fast predictable performance

Simple and fast to scale

Secure

Cost-effective

92copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

How Amazon RDS Backups Work

Automatic Backups

Restore your database to a

point in time

Are enabled by default

Let you choose a retention

period up to 35 days

Manual Snapshots

Let you build a new

database instance from a

snapshot

Are initiated by the user

Persist until the user deletes

them

Are stored in Amazon S3

93copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cross-Region Snapshots

Are a copy of a database

snapshot stored in a

different AWS Region

Provide a backup for

disaster recovery

Can be used as a base

for migration to a

different region

94copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Security

Run your DB instance in an Amazon VPC

Use IAM policies to grant access to Amazon RDS resources

Use security groups

Use Secure Socket Layer (SSL) connections with DB instances (Amazon Aurora Oracle MySQL MariaDB PostgreSQL Microsoft SQL Server)

Use Amazon RDS encryption to secure your RDS instances and snapshots at rest

Use network encryption and transparent data encryption (TDE) with Oracle DB and Microsoft SQL Server instances

Use the security features of your DB engine to control access to your DB instance

95copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

A Resilient Durable Application Architecture

Amazon RDS database

instances

Master and Multi-AZ standby

Application in Amazon

EC2 instances

Elastic Load Balancing

load balancer instance

DB snapshots in

Amazon S3

96copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Best Practices

Monitor your memory CPU and storage usage

Use Multi-AZ deployments to automatically provision and maintain a synchronous standby in a different Availability Zone

Enable automatic backups

Set the backup window to occur during the daily low in WriteIOPS

To increase the IO capacity of a DB instance Migrate to a DB instance class with high IO capacity

Convert from standard storage to provisioned IOPS storage and use a DB instance class optimized for provisioned IOPS

Provision additional throughput capacity (if using provisioned IOPS storage)

If your client application is caching the DNS data of your DB instances set a TTL of less than 30 seconds

Test failover for your DB instance

97copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon DynamoDB

Store any amount of data with no limits

Fast predictable performance using SSDs

Easily provision and change the request

capacity needed for each table

Fully managed NoSQL database serviceAmazon

DynamoDB

98copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Use Case

AdRoll an online advertising platform serves 50

billion impressions a day worldwide with its

global retargeting platforms

We spend more on snacks

than we do on Amazon

DynamoDB

Valentino Volonghi

CTO Adroll

rdquo

ldquoAdroll Uses AWS to grow by more than

15000 in a year

Needed high-performance flexible

platform to swiftly sync data for

worldwide audience

Processes 50 TB of data a day

Serves 50 billion impressions a day

Stores 15 PB of data

Worldwide deployment minimizes

latency

99copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Data Model

Table

MusicItems

Attributes (name-value pairs)

Artist Song

Title

Album

Title

Year Genre

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 71: AWSome Day Cork | Technical Track

71copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM User Management - Groups

User D

DevOps Group

User C

AWS Account

TestDev Group

User BUser A

72copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authorization

Authorization

Policies

Are JSON documents to

describe permissions

Are assigned to Users

Groups or Roles

IAM User IAM Group

IAM Roles

73copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Elements

Version 2012-10-17

Statement [

Sid Stmt1453690971587

Action [

ec2Describe

ec2StartInstances

ec2StopInstancesrdquo

]

Effect Allow

Resource

Condition

IpAddress

awsSourceIp 5464346532rdquo

Sid Stmt1453690998327

Action [

s3GetObjectrdquo

]

Effect Allow

Resource arnawss3example_bucketrdquo

]

IAM Policy

74copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

Assigned Assigned

IAM Policy

75copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

76copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Roles

An IAM role uses a policy

An IAM role has no associated credentials

IAM users applications and services may assume IAM

roles

IAM Roles

77copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

IAM User

Assumed Assumed

AWS Resources

78copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Access to AWS Resources

Python application hosted on an Amazon EC2 Instance

needs to interact with Amazon S3

AWS credentials are required

Option 1 Store AWS Credentials on the Amazon EC2 instance

Option 2 Securely distribute AWS credentials to AWS Services

and Applications

IAM Roles

79copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Authentication

AWS IAM Application

No Support No Support

OS

80copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication and Authorization

Authentication

AWS Management Console

bull User Name and Password

AWS CLI or SDK API

bull Access Key and Secret Key

Authorization

Policies

IAM User IAM Group

IAM Roles

81copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices

Delete AWS account (root) access keys

Create individual IAM users

Use groups to assign permissions to IAM users

Grant least privilege

Configure a strong password policy

Enable MFA for privileged users

82copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices (cont)

Use roles for applications that run on Amazon EC2

instances

Delegate by using roles instead of by sharing credentials

Rotate credentials regularly

Remove unnecessary users and credentials

Use policy conditions for extra security

Monitor activity in your AWS account

83copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Resource-Based Policies

Are an alternative to IAM and supported by some

services

Grant cross-account access to your resources

Use a principal to uniquely identify account in the policy

Supported AWS services include Amazon S3 Bucket Policy

Amazon SNS Topic Policy

Amazon SQS Queue Policy

Amazon Glacier Vault Policy

AWS OpsWorks Stack Policy

AWS Lambda Function Policy

84copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answer

Q Your web application needs to readwrite an Amazon DynamoDB table

and an Amazon S3 bucket This operation requires AWS credentials and

authorization to use AWS services What service would you use

AWS IAM Role

85copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 4

Databases

86copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SQL and NoSQL Databases

SQL NoSQL

Data Storage Rows and Columns Key-Value

Schemas Fixed Dynamic

Querying Using SQL Focused on collection of

documents

Scalability Vertical Horizontal

ISBN Title Author Format

9182932465265 Cloud Computing

Concepts

Wilson

Joe

Paperback

3142536475869 The Database

Guru

Gomez

Maria

eBook

SQL NoSQL

ISBN 9182932465265

Title ldquoCloud Computing Conceptsrdquo

Author ldquoWilson Joerdquo

Format ldquoPaperbackrdquo

87copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Data Storage Considerations

No one size fits all

Analyze your data requirements by considering

Data formats

Data size

Query frequency

Data access speed

Data retention period

88copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Managed Database Services

Compute Storage

AWS Global Infrastructure

Database

App Services

Deployment and Administration

Networking

Amazon DynamoDB

Amazon ElastiCache

Amazon RDS

Amazon Redshift

AWS Database Migration Service

89copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Relational Database Service (RDS)

Cost-efficient and resizable capacity

Manages time-consuming database

administration tasks

Access to the full capabilities of Amazon

Aurora MySQL MariaDB Microsoft SQL

Server Oracle and PostgreSQL databases

Amazon

RDS

90copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Use Case

We were able to go from

concept to delivered product

in about six months with just

a handful of engineers

Greg Scallan

Chief Architect Flipboard

rdquo

ldquoFlipboard is an online magazine

with millions of users and billions of

ldquoflipsrdquo per month

Flipboard is one of the worldrsquos first

social media magazines

Flipboard uses Amazon RDS and

its Multi-AZ capabilities to store

mission critical user data

91copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS

Simple and fast to deploy

Manages common database administrative tasks

Compatible with your applications

Fast predictable performance

Simple and fast to scale

Secure

Cost-effective

92copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

How Amazon RDS Backups Work

Automatic Backups

Restore your database to a

point in time

Are enabled by default

Let you choose a retention

period up to 35 days

Manual Snapshots

Let you build a new

database instance from a

snapshot

Are initiated by the user

Persist until the user deletes

them

Are stored in Amazon S3

93copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cross-Region Snapshots

Are a copy of a database

snapshot stored in a

different AWS Region

Provide a backup for

disaster recovery

Can be used as a base

for migration to a

different region

94copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Security

Run your DB instance in an Amazon VPC

Use IAM policies to grant access to Amazon RDS resources

Use security groups

Use Secure Socket Layer (SSL) connections with DB instances (Amazon Aurora Oracle MySQL MariaDB PostgreSQL Microsoft SQL Server)

Use Amazon RDS encryption to secure your RDS instances and snapshots at rest

Use network encryption and transparent data encryption (TDE) with Oracle DB and Microsoft SQL Server instances

Use the security features of your DB engine to control access to your DB instance

95copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

A Resilient Durable Application Architecture

Amazon RDS database

instances

Master and Multi-AZ standby

Application in Amazon

EC2 instances

Elastic Load Balancing

load balancer instance

DB snapshots in

Amazon S3

96copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Best Practices

Monitor your memory CPU and storage usage

Use Multi-AZ deployments to automatically provision and maintain a synchronous standby in a different Availability Zone

Enable automatic backups

Set the backup window to occur during the daily low in WriteIOPS

To increase the IO capacity of a DB instance Migrate to a DB instance class with high IO capacity

Convert from standard storage to provisioned IOPS storage and use a DB instance class optimized for provisioned IOPS

Provision additional throughput capacity (if using provisioned IOPS storage)

If your client application is caching the DNS data of your DB instances set a TTL of less than 30 seconds

Test failover for your DB instance

97copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon DynamoDB

Store any amount of data with no limits

Fast predictable performance using SSDs

Easily provision and change the request

capacity needed for each table

Fully managed NoSQL database serviceAmazon

DynamoDB

98copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Use Case

AdRoll an online advertising platform serves 50

billion impressions a day worldwide with its

global retargeting platforms

We spend more on snacks

than we do on Amazon

DynamoDB

Valentino Volonghi

CTO Adroll

rdquo

ldquoAdroll Uses AWS to grow by more than

15000 in a year

Needed high-performance flexible

platform to swiftly sync data for

worldwide audience

Processes 50 TB of data a day

Serves 50 billion impressions a day

Stores 15 PB of data

Worldwide deployment minimizes

latency

99copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Data Model

Table

MusicItems

Attributes (name-value pairs)

Artist Song

Title

Album

Title

Year Genre

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 72: AWSome Day Cork | Technical Track

72copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authorization

Authorization

Policies

Are JSON documents to

describe permissions

Are assigned to Users

Groups or Roles

IAM User IAM Group

IAM Roles

73copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Elements

Version 2012-10-17

Statement [

Sid Stmt1453690971587

Action [

ec2Describe

ec2StartInstances

ec2StopInstancesrdquo

]

Effect Allow

Resource

Condition

IpAddress

awsSourceIp 5464346532rdquo

Sid Stmt1453690998327

Action [

s3GetObjectrdquo

]

Effect Allow

Resource arnawss3example_bucketrdquo

]

IAM Policy

74copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

Assigned Assigned

IAM Policy

75copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

76copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Roles

An IAM role uses a policy

An IAM role has no associated credentials

IAM users applications and services may assume IAM

roles

IAM Roles

77copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

IAM User

Assumed Assumed

AWS Resources

78copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Access to AWS Resources

Python application hosted on an Amazon EC2 Instance

needs to interact with Amazon S3

AWS credentials are required

Option 1 Store AWS Credentials on the Amazon EC2 instance

Option 2 Securely distribute AWS credentials to AWS Services

and Applications

IAM Roles

79copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Authentication

AWS IAM Application

No Support No Support

OS

80copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication and Authorization

Authentication

AWS Management Console

bull User Name and Password

AWS CLI or SDK API

bull Access Key and Secret Key

Authorization

Policies

IAM User IAM Group

IAM Roles

81copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices

Delete AWS account (root) access keys

Create individual IAM users

Use groups to assign permissions to IAM users

Grant least privilege

Configure a strong password policy

Enable MFA for privileged users

82copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices (cont)

Use roles for applications that run on Amazon EC2

instances

Delegate by using roles instead of by sharing credentials

Rotate credentials regularly

Remove unnecessary users and credentials

Use policy conditions for extra security

Monitor activity in your AWS account

83copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Resource-Based Policies

Are an alternative to IAM and supported by some

services

Grant cross-account access to your resources

Use a principal to uniquely identify account in the policy

Supported AWS services include Amazon S3 Bucket Policy

Amazon SNS Topic Policy

Amazon SQS Queue Policy

Amazon Glacier Vault Policy

AWS OpsWorks Stack Policy

AWS Lambda Function Policy

84copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answer

Q Your web application needs to readwrite an Amazon DynamoDB table

and an Amazon S3 bucket This operation requires AWS credentials and

authorization to use AWS services What service would you use

AWS IAM Role

85copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 4

Databases

86copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SQL and NoSQL Databases

SQL NoSQL

Data Storage Rows and Columns Key-Value

Schemas Fixed Dynamic

Querying Using SQL Focused on collection of

documents

Scalability Vertical Horizontal

ISBN Title Author Format

9182932465265 Cloud Computing

Concepts

Wilson

Joe

Paperback

3142536475869 The Database

Guru

Gomez

Maria

eBook

SQL NoSQL

ISBN 9182932465265

Title ldquoCloud Computing Conceptsrdquo

Author ldquoWilson Joerdquo

Format ldquoPaperbackrdquo

87copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Data Storage Considerations

No one size fits all

Analyze your data requirements by considering

Data formats

Data size

Query frequency

Data access speed

Data retention period

88copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Managed Database Services

Compute Storage

AWS Global Infrastructure

Database

App Services

Deployment and Administration

Networking

Amazon DynamoDB

Amazon ElastiCache

Amazon RDS

Amazon Redshift

AWS Database Migration Service

89copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Relational Database Service (RDS)

Cost-efficient and resizable capacity

Manages time-consuming database

administration tasks

Access to the full capabilities of Amazon

Aurora MySQL MariaDB Microsoft SQL

Server Oracle and PostgreSQL databases

Amazon

RDS

90copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Use Case

We were able to go from

concept to delivered product

in about six months with just

a handful of engineers

Greg Scallan

Chief Architect Flipboard

rdquo

ldquoFlipboard is an online magazine

with millions of users and billions of

ldquoflipsrdquo per month

Flipboard is one of the worldrsquos first

social media magazines

Flipboard uses Amazon RDS and

its Multi-AZ capabilities to store

mission critical user data

91copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS

Simple and fast to deploy

Manages common database administrative tasks

Compatible with your applications

Fast predictable performance

Simple and fast to scale

Secure

Cost-effective

92copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

How Amazon RDS Backups Work

Automatic Backups

Restore your database to a

point in time

Are enabled by default

Let you choose a retention

period up to 35 days

Manual Snapshots

Let you build a new

database instance from a

snapshot

Are initiated by the user

Persist until the user deletes

them

Are stored in Amazon S3

93copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cross-Region Snapshots

Are a copy of a database

snapshot stored in a

different AWS Region

Provide a backup for

disaster recovery

Can be used as a base

for migration to a

different region

94copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Security

Run your DB instance in an Amazon VPC

Use IAM policies to grant access to Amazon RDS resources

Use security groups

Use Secure Socket Layer (SSL) connections with DB instances (Amazon Aurora Oracle MySQL MariaDB PostgreSQL Microsoft SQL Server)

Use Amazon RDS encryption to secure your RDS instances and snapshots at rest

Use network encryption and transparent data encryption (TDE) with Oracle DB and Microsoft SQL Server instances

Use the security features of your DB engine to control access to your DB instance

95copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

A Resilient Durable Application Architecture

Amazon RDS database

instances

Master and Multi-AZ standby

Application in Amazon

EC2 instances

Elastic Load Balancing

load balancer instance

DB snapshots in

Amazon S3

96copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Best Practices

Monitor your memory CPU and storage usage

Use Multi-AZ deployments to automatically provision and maintain a synchronous standby in a different Availability Zone

Enable automatic backups

Set the backup window to occur during the daily low in WriteIOPS

To increase the IO capacity of a DB instance Migrate to a DB instance class with high IO capacity

Convert from standard storage to provisioned IOPS storage and use a DB instance class optimized for provisioned IOPS

Provision additional throughput capacity (if using provisioned IOPS storage)

If your client application is caching the DNS data of your DB instances set a TTL of less than 30 seconds

Test failover for your DB instance

97copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon DynamoDB

Store any amount of data with no limits

Fast predictable performance using SSDs

Easily provision and change the request

capacity needed for each table

Fully managed NoSQL database serviceAmazon

DynamoDB

98copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Use Case

AdRoll an online advertising platform serves 50

billion impressions a day worldwide with its

global retargeting platforms

We spend more on snacks

than we do on Amazon

DynamoDB

Valentino Volonghi

CTO Adroll

rdquo

ldquoAdroll Uses AWS to grow by more than

15000 in a year

Needed high-performance flexible

platform to swiftly sync data for

worldwide audience

Processes 50 TB of data a day

Serves 50 billion impressions a day

Stores 15 PB of data

Worldwide deployment minimizes

latency

99copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Data Model

Table

MusicItems

Attributes (name-value pairs)

Artist Song

Title

Album

Title

Year Genre

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 73: AWSome Day Cork | Technical Track

73copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Elements

Version 2012-10-17

Statement [

Sid Stmt1453690971587

Action [

ec2Describe

ec2StartInstances

ec2StopInstancesrdquo

]

Effect Allow

Resource

Condition

IpAddress

awsSourceIp 5464346532rdquo

Sid Stmt1453690998327

Action [

s3GetObjectrdquo

]

Effect Allow

Resource arnawss3example_bucketrdquo

]

IAM Policy

74copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

Assigned Assigned

IAM Policy

75copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

76copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Roles

An IAM role uses a policy

An IAM role has no associated credentials

IAM users applications and services may assume IAM

roles

IAM Roles

77copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

IAM User

Assumed Assumed

AWS Resources

78copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Access to AWS Resources

Python application hosted on an Amazon EC2 Instance

needs to interact with Amazon S3

AWS credentials are required

Option 1 Store AWS Credentials on the Amazon EC2 instance

Option 2 Securely distribute AWS credentials to AWS Services

and Applications

IAM Roles

79copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Authentication

AWS IAM Application

No Support No Support

OS

80copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication and Authorization

Authentication

AWS Management Console

bull User Name and Password

AWS CLI or SDK API

bull Access Key and Secret Key

Authorization

Policies

IAM User IAM Group

IAM Roles

81copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices

Delete AWS account (root) access keys

Create individual IAM users

Use groups to assign permissions to IAM users

Grant least privilege

Configure a strong password policy

Enable MFA for privileged users

82copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices (cont)

Use roles for applications that run on Amazon EC2

instances

Delegate by using roles instead of by sharing credentials

Rotate credentials regularly

Remove unnecessary users and credentials

Use policy conditions for extra security

Monitor activity in your AWS account

83copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Resource-Based Policies

Are an alternative to IAM and supported by some

services

Grant cross-account access to your resources

Use a principal to uniquely identify account in the policy

Supported AWS services include Amazon S3 Bucket Policy

Amazon SNS Topic Policy

Amazon SQS Queue Policy

Amazon Glacier Vault Policy

AWS OpsWorks Stack Policy

AWS Lambda Function Policy

84copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answer

Q Your web application needs to readwrite an Amazon DynamoDB table

and an Amazon S3 bucket This operation requires AWS credentials and

authorization to use AWS services What service would you use

AWS IAM Role

85copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 4

Databases

86copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SQL and NoSQL Databases

SQL NoSQL

Data Storage Rows and Columns Key-Value

Schemas Fixed Dynamic

Querying Using SQL Focused on collection of

documents

Scalability Vertical Horizontal

ISBN Title Author Format

9182932465265 Cloud Computing

Concepts

Wilson

Joe

Paperback

3142536475869 The Database

Guru

Gomez

Maria

eBook

SQL NoSQL

ISBN 9182932465265

Title ldquoCloud Computing Conceptsrdquo

Author ldquoWilson Joerdquo

Format ldquoPaperbackrdquo

87copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Data Storage Considerations

No one size fits all

Analyze your data requirements by considering

Data formats

Data size

Query frequency

Data access speed

Data retention period

88copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Managed Database Services

Compute Storage

AWS Global Infrastructure

Database

App Services

Deployment and Administration

Networking

Amazon DynamoDB

Amazon ElastiCache

Amazon RDS

Amazon Redshift

AWS Database Migration Service

89copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Relational Database Service (RDS)

Cost-efficient and resizable capacity

Manages time-consuming database

administration tasks

Access to the full capabilities of Amazon

Aurora MySQL MariaDB Microsoft SQL

Server Oracle and PostgreSQL databases

Amazon

RDS

90copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Use Case

We were able to go from

concept to delivered product

in about six months with just

a handful of engineers

Greg Scallan

Chief Architect Flipboard

rdquo

ldquoFlipboard is an online magazine

with millions of users and billions of

ldquoflipsrdquo per month

Flipboard is one of the worldrsquos first

social media magazines

Flipboard uses Amazon RDS and

its Multi-AZ capabilities to store

mission critical user data

91copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS

Simple and fast to deploy

Manages common database administrative tasks

Compatible with your applications

Fast predictable performance

Simple and fast to scale

Secure

Cost-effective

92copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

How Amazon RDS Backups Work

Automatic Backups

Restore your database to a

point in time

Are enabled by default

Let you choose a retention

period up to 35 days

Manual Snapshots

Let you build a new

database instance from a

snapshot

Are initiated by the user

Persist until the user deletes

them

Are stored in Amazon S3

93copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cross-Region Snapshots

Are a copy of a database

snapshot stored in a

different AWS Region

Provide a backup for

disaster recovery

Can be used as a base

for migration to a

different region

94copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Security

Run your DB instance in an Amazon VPC

Use IAM policies to grant access to Amazon RDS resources

Use security groups

Use Secure Socket Layer (SSL) connections with DB instances (Amazon Aurora Oracle MySQL MariaDB PostgreSQL Microsoft SQL Server)

Use Amazon RDS encryption to secure your RDS instances and snapshots at rest

Use network encryption and transparent data encryption (TDE) with Oracle DB and Microsoft SQL Server instances

Use the security features of your DB engine to control access to your DB instance

95copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

A Resilient Durable Application Architecture

Amazon RDS database

instances

Master and Multi-AZ standby

Application in Amazon

EC2 instances

Elastic Load Balancing

load balancer instance

DB snapshots in

Amazon S3

96copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Best Practices

Monitor your memory CPU and storage usage

Use Multi-AZ deployments to automatically provision and maintain a synchronous standby in a different Availability Zone

Enable automatic backups

Set the backup window to occur during the daily low in WriteIOPS

To increase the IO capacity of a DB instance Migrate to a DB instance class with high IO capacity

Convert from standard storage to provisioned IOPS storage and use a DB instance class optimized for provisioned IOPS

Provision additional throughput capacity (if using provisioned IOPS storage)

If your client application is caching the DNS data of your DB instances set a TTL of less than 30 seconds

Test failover for your DB instance

97copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon DynamoDB

Store any amount of data with no limits

Fast predictable performance using SSDs

Easily provision and change the request

capacity needed for each table

Fully managed NoSQL database serviceAmazon

DynamoDB

98copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Use Case

AdRoll an online advertising platform serves 50

billion impressions a day worldwide with its

global retargeting platforms

We spend more on snacks

than we do on Amazon

DynamoDB

Valentino Volonghi

CTO Adroll

rdquo

ldquoAdroll Uses AWS to grow by more than

15000 in a year

Needed high-performance flexible

platform to swiftly sync data for

worldwide audience

Processes 50 TB of data a day

Serves 50 billion impressions a day

Stores 15 PB of data

Worldwide deployment minimizes

latency

99copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Data Model

Table

MusicItems

Attributes (name-value pairs)

Artist Song

Title

Album

Title

Year Genre

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 74: AWSome Day Cork | Technical Track

74copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

Assigned Assigned

IAM Policy

75copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

76copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Roles

An IAM role uses a policy

An IAM role has no associated credentials

IAM users applications and services may assume IAM

roles

IAM Roles

77copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

IAM User

Assumed Assumed

AWS Resources

78copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Access to AWS Resources

Python application hosted on an Amazon EC2 Instance

needs to interact with Amazon S3

AWS credentials are required

Option 1 Store AWS Credentials on the Amazon EC2 instance

Option 2 Securely distribute AWS credentials to AWS Services

and Applications

IAM Roles

79copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Authentication

AWS IAM Application

No Support No Support

OS

80copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication and Authorization

Authentication

AWS Management Console

bull User Name and Password

AWS CLI or SDK API

bull Access Key and Secret Key

Authorization

Policies

IAM User IAM Group

IAM Roles

81copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices

Delete AWS account (root) access keys

Create individual IAM users

Use groups to assign permissions to IAM users

Grant least privilege

Configure a strong password policy

Enable MFA for privileged users

82copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices (cont)

Use roles for applications that run on Amazon EC2

instances

Delegate by using roles instead of by sharing credentials

Rotate credentials regularly

Remove unnecessary users and credentials

Use policy conditions for extra security

Monitor activity in your AWS account

83copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Resource-Based Policies

Are an alternative to IAM and supported by some

services

Grant cross-account access to your resources

Use a principal to uniquely identify account in the policy

Supported AWS services include Amazon S3 Bucket Policy

Amazon SNS Topic Policy

Amazon SQS Queue Policy

Amazon Glacier Vault Policy

AWS OpsWorks Stack Policy

AWS Lambda Function Policy

84copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answer

Q Your web application needs to readwrite an Amazon DynamoDB table

and an Amazon S3 bucket This operation requires AWS credentials and

authorization to use AWS services What service would you use

AWS IAM Role

85copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 4

Databases

86copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SQL and NoSQL Databases

SQL NoSQL

Data Storage Rows and Columns Key-Value

Schemas Fixed Dynamic

Querying Using SQL Focused on collection of

documents

Scalability Vertical Horizontal

ISBN Title Author Format

9182932465265 Cloud Computing

Concepts

Wilson

Joe

Paperback

3142536475869 The Database

Guru

Gomez

Maria

eBook

SQL NoSQL

ISBN 9182932465265

Title ldquoCloud Computing Conceptsrdquo

Author ldquoWilson Joerdquo

Format ldquoPaperbackrdquo

87copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Data Storage Considerations

No one size fits all

Analyze your data requirements by considering

Data formats

Data size

Query frequency

Data access speed

Data retention period

88copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Managed Database Services

Compute Storage

AWS Global Infrastructure

Database

App Services

Deployment and Administration

Networking

Amazon DynamoDB

Amazon ElastiCache

Amazon RDS

Amazon Redshift

AWS Database Migration Service

89copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Relational Database Service (RDS)

Cost-efficient and resizable capacity

Manages time-consuming database

administration tasks

Access to the full capabilities of Amazon

Aurora MySQL MariaDB Microsoft SQL

Server Oracle and PostgreSQL databases

Amazon

RDS

90copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Use Case

We were able to go from

concept to delivered product

in about six months with just

a handful of engineers

Greg Scallan

Chief Architect Flipboard

rdquo

ldquoFlipboard is an online magazine

with millions of users and billions of

ldquoflipsrdquo per month

Flipboard is one of the worldrsquos first

social media magazines

Flipboard uses Amazon RDS and

its Multi-AZ capabilities to store

mission critical user data

91copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS

Simple and fast to deploy

Manages common database administrative tasks

Compatible with your applications

Fast predictable performance

Simple and fast to scale

Secure

Cost-effective

92copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

How Amazon RDS Backups Work

Automatic Backups

Restore your database to a

point in time

Are enabled by default

Let you choose a retention

period up to 35 days

Manual Snapshots

Let you build a new

database instance from a

snapshot

Are initiated by the user

Persist until the user deletes

them

Are stored in Amazon S3

93copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cross-Region Snapshots

Are a copy of a database

snapshot stored in a

different AWS Region

Provide a backup for

disaster recovery

Can be used as a base

for migration to a

different region

94copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Security

Run your DB instance in an Amazon VPC

Use IAM policies to grant access to Amazon RDS resources

Use security groups

Use Secure Socket Layer (SSL) connections with DB instances (Amazon Aurora Oracle MySQL MariaDB PostgreSQL Microsoft SQL Server)

Use Amazon RDS encryption to secure your RDS instances and snapshots at rest

Use network encryption and transparent data encryption (TDE) with Oracle DB and Microsoft SQL Server instances

Use the security features of your DB engine to control access to your DB instance

95copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

A Resilient Durable Application Architecture

Amazon RDS database

instances

Master and Multi-AZ standby

Application in Amazon

EC2 instances

Elastic Load Balancing

load balancer instance

DB snapshots in

Amazon S3

96copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Best Practices

Monitor your memory CPU and storage usage

Use Multi-AZ deployments to automatically provision and maintain a synchronous standby in a different Availability Zone

Enable automatic backups

Set the backup window to occur during the daily low in WriteIOPS

To increase the IO capacity of a DB instance Migrate to a DB instance class with high IO capacity

Convert from standard storage to provisioned IOPS storage and use a DB instance class optimized for provisioned IOPS

Provision additional throughput capacity (if using provisioned IOPS storage)

If your client application is caching the DNS data of your DB instances set a TTL of less than 30 seconds

Test failover for your DB instance

97copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon DynamoDB

Store any amount of data with no limits

Fast predictable performance using SSDs

Easily provision and change the request

capacity needed for each table

Fully managed NoSQL database serviceAmazon

DynamoDB

98copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Use Case

AdRoll an online advertising platform serves 50

billion impressions a day worldwide with its

global retargeting platforms

We spend more on snacks

than we do on Amazon

DynamoDB

Valentino Volonghi

CTO Adroll

rdquo

ldquoAdroll Uses AWS to grow by more than

15000 in a year

Needed high-performance flexible

platform to swiftly sync data for

worldwide audience

Processes 50 TB of data a day

Serves 50 billion impressions a day

Stores 15 PB of data

Worldwide deployment minimizes

latency

99copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Data Model

Table

MusicItems

Attributes (name-value pairs)

Artist Song

Title

Album

Title

Year Genre

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 75: AWSome Day Cork | Technical Track

75copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

76copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Roles

An IAM role uses a policy

An IAM role has no associated credentials

IAM users applications and services may assume IAM

roles

IAM Roles

77copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

IAM User

Assumed Assumed

AWS Resources

78copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Access to AWS Resources

Python application hosted on an Amazon EC2 Instance

needs to interact with Amazon S3

AWS credentials are required

Option 1 Store AWS Credentials on the Amazon EC2 instance

Option 2 Securely distribute AWS credentials to AWS Services

and Applications

IAM Roles

79copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Authentication

AWS IAM Application

No Support No Support

OS

80copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication and Authorization

Authentication

AWS Management Console

bull User Name and Password

AWS CLI or SDK API

bull Access Key and Secret Key

Authorization

Policies

IAM User IAM Group

IAM Roles

81copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices

Delete AWS account (root) access keys

Create individual IAM users

Use groups to assign permissions to IAM users

Grant least privilege

Configure a strong password policy

Enable MFA for privileged users

82copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices (cont)

Use roles for applications that run on Amazon EC2

instances

Delegate by using roles instead of by sharing credentials

Rotate credentials regularly

Remove unnecessary users and credentials

Use policy conditions for extra security

Monitor activity in your AWS account

83copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Resource-Based Policies

Are an alternative to IAM and supported by some

services

Grant cross-account access to your resources

Use a principal to uniquely identify account in the policy

Supported AWS services include Amazon S3 Bucket Policy

Amazon SNS Topic Policy

Amazon SQS Queue Policy

Amazon Glacier Vault Policy

AWS OpsWorks Stack Policy

AWS Lambda Function Policy

84copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answer

Q Your web application needs to readwrite an Amazon DynamoDB table

and an Amazon S3 bucket This operation requires AWS credentials and

authorization to use AWS services What service would you use

AWS IAM Role

85copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 4

Databases

86copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SQL and NoSQL Databases

SQL NoSQL

Data Storage Rows and Columns Key-Value

Schemas Fixed Dynamic

Querying Using SQL Focused on collection of

documents

Scalability Vertical Horizontal

ISBN Title Author Format

9182932465265 Cloud Computing

Concepts

Wilson

Joe

Paperback

3142536475869 The Database

Guru

Gomez

Maria

eBook

SQL NoSQL

ISBN 9182932465265

Title ldquoCloud Computing Conceptsrdquo

Author ldquoWilson Joerdquo

Format ldquoPaperbackrdquo

87copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Data Storage Considerations

No one size fits all

Analyze your data requirements by considering

Data formats

Data size

Query frequency

Data access speed

Data retention period

88copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Managed Database Services

Compute Storage

AWS Global Infrastructure

Database

App Services

Deployment and Administration

Networking

Amazon DynamoDB

Amazon ElastiCache

Amazon RDS

Amazon Redshift

AWS Database Migration Service

89copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Relational Database Service (RDS)

Cost-efficient and resizable capacity

Manages time-consuming database

administration tasks

Access to the full capabilities of Amazon

Aurora MySQL MariaDB Microsoft SQL

Server Oracle and PostgreSQL databases

Amazon

RDS

90copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Use Case

We were able to go from

concept to delivered product

in about six months with just

a handful of engineers

Greg Scallan

Chief Architect Flipboard

rdquo

ldquoFlipboard is an online magazine

with millions of users and billions of

ldquoflipsrdquo per month

Flipboard is one of the worldrsquos first

social media magazines

Flipboard uses Amazon RDS and

its Multi-AZ capabilities to store

mission critical user data

91copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS

Simple and fast to deploy

Manages common database administrative tasks

Compatible with your applications

Fast predictable performance

Simple and fast to scale

Secure

Cost-effective

92copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

How Amazon RDS Backups Work

Automatic Backups

Restore your database to a

point in time

Are enabled by default

Let you choose a retention

period up to 35 days

Manual Snapshots

Let you build a new

database instance from a

snapshot

Are initiated by the user

Persist until the user deletes

them

Are stored in Amazon S3

93copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cross-Region Snapshots

Are a copy of a database

snapshot stored in a

different AWS Region

Provide a backup for

disaster recovery

Can be used as a base

for migration to a

different region

94copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Security

Run your DB instance in an Amazon VPC

Use IAM policies to grant access to Amazon RDS resources

Use security groups

Use Secure Socket Layer (SSL) connections with DB instances (Amazon Aurora Oracle MySQL MariaDB PostgreSQL Microsoft SQL Server)

Use Amazon RDS encryption to secure your RDS instances and snapshots at rest

Use network encryption and transparent data encryption (TDE) with Oracle DB and Microsoft SQL Server instances

Use the security features of your DB engine to control access to your DB instance

95copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

A Resilient Durable Application Architecture

Amazon RDS database

instances

Master and Multi-AZ standby

Application in Amazon

EC2 instances

Elastic Load Balancing

load balancer instance

DB snapshots in

Amazon S3

96copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Best Practices

Monitor your memory CPU and storage usage

Use Multi-AZ deployments to automatically provision and maintain a synchronous standby in a different Availability Zone

Enable automatic backups

Set the backup window to occur during the daily low in WriteIOPS

To increase the IO capacity of a DB instance Migrate to a DB instance class with high IO capacity

Convert from standard storage to provisioned IOPS storage and use a DB instance class optimized for provisioned IOPS

Provision additional throughput capacity (if using provisioned IOPS storage)

If your client application is caching the DNS data of your DB instances set a TTL of less than 30 seconds

Test failover for your DB instance

97copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon DynamoDB

Store any amount of data with no limits

Fast predictable performance using SSDs

Easily provision and change the request

capacity needed for each table

Fully managed NoSQL database serviceAmazon

DynamoDB

98copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Use Case

AdRoll an online advertising platform serves 50

billion impressions a day worldwide with its

global retargeting platforms

We spend more on snacks

than we do on Amazon

DynamoDB

Valentino Volonghi

CTO Adroll

rdquo

ldquoAdroll Uses AWS to grow by more than

15000 in a year

Needed high-performance flexible

platform to swiftly sync data for

worldwide audience

Processes 50 TB of data a day

Serves 50 billion impressions a day

Stores 15 PB of data

Worldwide deployment minimizes

latency

99copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Data Model

Table

MusicItems

Attributes (name-value pairs)

Artist Song

Title

Album

Title

Year Genre

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 76: AWSome Day Cork | Technical Track

76copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Roles

An IAM role uses a policy

An IAM role has no associated credentials

IAM users applications and services may assume IAM

roles

IAM Roles

77copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

IAM User

Assumed Assumed

AWS Resources

78copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Access to AWS Resources

Python application hosted on an Amazon EC2 Instance

needs to interact with Amazon S3

AWS credentials are required

Option 1 Store AWS Credentials on the Amazon EC2 instance

Option 2 Securely distribute AWS credentials to AWS Services

and Applications

IAM Roles

79copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Authentication

AWS IAM Application

No Support No Support

OS

80copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication and Authorization

Authentication

AWS Management Console

bull User Name and Password

AWS CLI or SDK API

bull Access Key and Secret Key

Authorization

Policies

IAM User IAM Group

IAM Roles

81copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices

Delete AWS account (root) access keys

Create individual IAM users

Use groups to assign permissions to IAM users

Grant least privilege

Configure a strong password policy

Enable MFA for privileged users

82copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices (cont)

Use roles for applications that run on Amazon EC2

instances

Delegate by using roles instead of by sharing credentials

Rotate credentials regularly

Remove unnecessary users and credentials

Use policy conditions for extra security

Monitor activity in your AWS account

83copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Resource-Based Policies

Are an alternative to IAM and supported by some

services

Grant cross-account access to your resources

Use a principal to uniquely identify account in the policy

Supported AWS services include Amazon S3 Bucket Policy

Amazon SNS Topic Policy

Amazon SQS Queue Policy

Amazon Glacier Vault Policy

AWS OpsWorks Stack Policy

AWS Lambda Function Policy

84copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answer

Q Your web application needs to readwrite an Amazon DynamoDB table

and an Amazon S3 bucket This operation requires AWS credentials and

authorization to use AWS services What service would you use

AWS IAM Role

85copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 4

Databases

86copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SQL and NoSQL Databases

SQL NoSQL

Data Storage Rows and Columns Key-Value

Schemas Fixed Dynamic

Querying Using SQL Focused on collection of

documents

Scalability Vertical Horizontal

ISBN Title Author Format

9182932465265 Cloud Computing

Concepts

Wilson

Joe

Paperback

3142536475869 The Database

Guru

Gomez

Maria

eBook

SQL NoSQL

ISBN 9182932465265

Title ldquoCloud Computing Conceptsrdquo

Author ldquoWilson Joerdquo

Format ldquoPaperbackrdquo

87copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Data Storage Considerations

No one size fits all

Analyze your data requirements by considering

Data formats

Data size

Query frequency

Data access speed

Data retention period

88copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Managed Database Services

Compute Storage

AWS Global Infrastructure

Database

App Services

Deployment and Administration

Networking

Amazon DynamoDB

Amazon ElastiCache

Amazon RDS

Amazon Redshift

AWS Database Migration Service

89copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Relational Database Service (RDS)

Cost-efficient and resizable capacity

Manages time-consuming database

administration tasks

Access to the full capabilities of Amazon

Aurora MySQL MariaDB Microsoft SQL

Server Oracle and PostgreSQL databases

Amazon

RDS

90copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Use Case

We were able to go from

concept to delivered product

in about six months with just

a handful of engineers

Greg Scallan

Chief Architect Flipboard

rdquo

ldquoFlipboard is an online magazine

with millions of users and billions of

ldquoflipsrdquo per month

Flipboard is one of the worldrsquos first

social media magazines

Flipboard uses Amazon RDS and

its Multi-AZ capabilities to store

mission critical user data

91copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS

Simple and fast to deploy

Manages common database administrative tasks

Compatible with your applications

Fast predictable performance

Simple and fast to scale

Secure

Cost-effective

92copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

How Amazon RDS Backups Work

Automatic Backups

Restore your database to a

point in time

Are enabled by default

Let you choose a retention

period up to 35 days

Manual Snapshots

Let you build a new

database instance from a

snapshot

Are initiated by the user

Persist until the user deletes

them

Are stored in Amazon S3

93copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cross-Region Snapshots

Are a copy of a database

snapshot stored in a

different AWS Region

Provide a backup for

disaster recovery

Can be used as a base

for migration to a

different region

94copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Security

Run your DB instance in an Amazon VPC

Use IAM policies to grant access to Amazon RDS resources

Use security groups

Use Secure Socket Layer (SSL) connections with DB instances (Amazon Aurora Oracle MySQL MariaDB PostgreSQL Microsoft SQL Server)

Use Amazon RDS encryption to secure your RDS instances and snapshots at rest

Use network encryption and transparent data encryption (TDE) with Oracle DB and Microsoft SQL Server instances

Use the security features of your DB engine to control access to your DB instance

95copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

A Resilient Durable Application Architecture

Amazon RDS database

instances

Master and Multi-AZ standby

Application in Amazon

EC2 instances

Elastic Load Balancing

load balancer instance

DB snapshots in

Amazon S3

96copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Best Practices

Monitor your memory CPU and storage usage

Use Multi-AZ deployments to automatically provision and maintain a synchronous standby in a different Availability Zone

Enable automatic backups

Set the backup window to occur during the daily low in WriteIOPS

To increase the IO capacity of a DB instance Migrate to a DB instance class with high IO capacity

Convert from standard storage to provisioned IOPS storage and use a DB instance class optimized for provisioned IOPS

Provision additional throughput capacity (if using provisioned IOPS storage)

If your client application is caching the DNS data of your DB instances set a TTL of less than 30 seconds

Test failover for your DB instance

97copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon DynamoDB

Store any amount of data with no limits

Fast predictable performance using SSDs

Easily provision and change the request

capacity needed for each table

Fully managed NoSQL database serviceAmazon

DynamoDB

98copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Use Case

AdRoll an online advertising platform serves 50

billion impressions a day worldwide with its

global retargeting platforms

We spend more on snacks

than we do on Amazon

DynamoDB

Valentino Volonghi

CTO Adroll

rdquo

ldquoAdroll Uses AWS to grow by more than

15000 in a year

Needed high-performance flexible

platform to swiftly sync data for

worldwide audience

Processes 50 TB of data a day

Serves 50 billion impressions a day

Stores 15 PB of data

Worldwide deployment minimizes

latency

99copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Data Model

Table

MusicItems

Attributes (name-value pairs)

Artist Song

Title

Album

Title

Year Genre

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 77: AWSome Day Cork | Technical Track

77copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Policy Assignment

IAM UserIAM Group

IAM Roles

Assigned Assigned

Assig

ned

IAM Policy

IAM User

Assumed Assumed

AWS Resources

78copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Access to AWS Resources

Python application hosted on an Amazon EC2 Instance

needs to interact with Amazon S3

AWS credentials are required

Option 1 Store AWS Credentials on the Amazon EC2 instance

Option 2 Securely distribute AWS credentials to AWS Services

and Applications

IAM Roles

79copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Authentication

AWS IAM Application

No Support No Support

OS

80copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication and Authorization

Authentication

AWS Management Console

bull User Name and Password

AWS CLI or SDK API

bull Access Key and Secret Key

Authorization

Policies

IAM User IAM Group

IAM Roles

81copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices

Delete AWS account (root) access keys

Create individual IAM users

Use groups to assign permissions to IAM users

Grant least privilege

Configure a strong password policy

Enable MFA for privileged users

82copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices (cont)

Use roles for applications that run on Amazon EC2

instances

Delegate by using roles instead of by sharing credentials

Rotate credentials regularly

Remove unnecessary users and credentials

Use policy conditions for extra security

Monitor activity in your AWS account

83copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Resource-Based Policies

Are an alternative to IAM and supported by some

services

Grant cross-account access to your resources

Use a principal to uniquely identify account in the policy

Supported AWS services include Amazon S3 Bucket Policy

Amazon SNS Topic Policy

Amazon SQS Queue Policy

Amazon Glacier Vault Policy

AWS OpsWorks Stack Policy

AWS Lambda Function Policy

84copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answer

Q Your web application needs to readwrite an Amazon DynamoDB table

and an Amazon S3 bucket This operation requires AWS credentials and

authorization to use AWS services What service would you use

AWS IAM Role

85copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 4

Databases

86copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SQL and NoSQL Databases

SQL NoSQL

Data Storage Rows and Columns Key-Value

Schemas Fixed Dynamic

Querying Using SQL Focused on collection of

documents

Scalability Vertical Horizontal

ISBN Title Author Format

9182932465265 Cloud Computing

Concepts

Wilson

Joe

Paperback

3142536475869 The Database

Guru

Gomez

Maria

eBook

SQL NoSQL

ISBN 9182932465265

Title ldquoCloud Computing Conceptsrdquo

Author ldquoWilson Joerdquo

Format ldquoPaperbackrdquo

87copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Data Storage Considerations

No one size fits all

Analyze your data requirements by considering

Data formats

Data size

Query frequency

Data access speed

Data retention period

88copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Managed Database Services

Compute Storage

AWS Global Infrastructure

Database

App Services

Deployment and Administration

Networking

Amazon DynamoDB

Amazon ElastiCache

Amazon RDS

Amazon Redshift

AWS Database Migration Service

89copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Relational Database Service (RDS)

Cost-efficient and resizable capacity

Manages time-consuming database

administration tasks

Access to the full capabilities of Amazon

Aurora MySQL MariaDB Microsoft SQL

Server Oracle and PostgreSQL databases

Amazon

RDS

90copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Use Case

We were able to go from

concept to delivered product

in about six months with just

a handful of engineers

Greg Scallan

Chief Architect Flipboard

rdquo

ldquoFlipboard is an online magazine

with millions of users and billions of

ldquoflipsrdquo per month

Flipboard is one of the worldrsquos first

social media magazines

Flipboard uses Amazon RDS and

its Multi-AZ capabilities to store

mission critical user data

91copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS

Simple and fast to deploy

Manages common database administrative tasks

Compatible with your applications

Fast predictable performance

Simple and fast to scale

Secure

Cost-effective

92copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

How Amazon RDS Backups Work

Automatic Backups

Restore your database to a

point in time

Are enabled by default

Let you choose a retention

period up to 35 days

Manual Snapshots

Let you build a new

database instance from a

snapshot

Are initiated by the user

Persist until the user deletes

them

Are stored in Amazon S3

93copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cross-Region Snapshots

Are a copy of a database

snapshot stored in a

different AWS Region

Provide a backup for

disaster recovery

Can be used as a base

for migration to a

different region

94copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Security

Run your DB instance in an Amazon VPC

Use IAM policies to grant access to Amazon RDS resources

Use security groups

Use Secure Socket Layer (SSL) connections with DB instances (Amazon Aurora Oracle MySQL MariaDB PostgreSQL Microsoft SQL Server)

Use Amazon RDS encryption to secure your RDS instances and snapshots at rest

Use network encryption and transparent data encryption (TDE) with Oracle DB and Microsoft SQL Server instances

Use the security features of your DB engine to control access to your DB instance

95copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

A Resilient Durable Application Architecture

Amazon RDS database

instances

Master and Multi-AZ standby

Application in Amazon

EC2 instances

Elastic Load Balancing

load balancer instance

DB snapshots in

Amazon S3

96copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Best Practices

Monitor your memory CPU and storage usage

Use Multi-AZ deployments to automatically provision and maintain a synchronous standby in a different Availability Zone

Enable automatic backups

Set the backup window to occur during the daily low in WriteIOPS

To increase the IO capacity of a DB instance Migrate to a DB instance class with high IO capacity

Convert from standard storage to provisioned IOPS storage and use a DB instance class optimized for provisioned IOPS

Provision additional throughput capacity (if using provisioned IOPS storage)

If your client application is caching the DNS data of your DB instances set a TTL of less than 30 seconds

Test failover for your DB instance

97copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon DynamoDB

Store any amount of data with no limits

Fast predictable performance using SSDs

Easily provision and change the request

capacity needed for each table

Fully managed NoSQL database serviceAmazon

DynamoDB

98copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Use Case

AdRoll an online advertising platform serves 50

billion impressions a day worldwide with its

global retargeting platforms

We spend more on snacks

than we do on Amazon

DynamoDB

Valentino Volonghi

CTO Adroll

rdquo

ldquoAdroll Uses AWS to grow by more than

15000 in a year

Needed high-performance flexible

platform to swiftly sync data for

worldwide audience

Processes 50 TB of data a day

Serves 50 billion impressions a day

Stores 15 PB of data

Worldwide deployment minimizes

latency

99copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Data Model

Table

MusicItems

Attributes (name-value pairs)

Artist Song

Title

Album

Title

Year Genre

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 78: AWSome Day Cork | Technical Track

78copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Access to AWS Resources

Python application hosted on an Amazon EC2 Instance

needs to interact with Amazon S3

AWS credentials are required

Option 1 Store AWS Credentials on the Amazon EC2 instance

Option 2 Securely distribute AWS credentials to AWS Services

and Applications

IAM Roles

79copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Authentication

AWS IAM Application

No Support No Support

OS

80copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication and Authorization

Authentication

AWS Management Console

bull User Name and Password

AWS CLI or SDK API

bull Access Key and Secret Key

Authorization

Policies

IAM User IAM Group

IAM Roles

81copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices

Delete AWS account (root) access keys

Create individual IAM users

Use groups to assign permissions to IAM users

Grant least privilege

Configure a strong password policy

Enable MFA for privileged users

82copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices (cont)

Use roles for applications that run on Amazon EC2

instances

Delegate by using roles instead of by sharing credentials

Rotate credentials regularly

Remove unnecessary users and credentials

Use policy conditions for extra security

Monitor activity in your AWS account

83copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Resource-Based Policies

Are an alternative to IAM and supported by some

services

Grant cross-account access to your resources

Use a principal to uniquely identify account in the policy

Supported AWS services include Amazon S3 Bucket Policy

Amazon SNS Topic Policy

Amazon SQS Queue Policy

Amazon Glacier Vault Policy

AWS OpsWorks Stack Policy

AWS Lambda Function Policy

84copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answer

Q Your web application needs to readwrite an Amazon DynamoDB table

and an Amazon S3 bucket This operation requires AWS credentials and

authorization to use AWS services What service would you use

AWS IAM Role

85copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 4

Databases

86copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SQL and NoSQL Databases

SQL NoSQL

Data Storage Rows and Columns Key-Value

Schemas Fixed Dynamic

Querying Using SQL Focused on collection of

documents

Scalability Vertical Horizontal

ISBN Title Author Format

9182932465265 Cloud Computing

Concepts

Wilson

Joe

Paperback

3142536475869 The Database

Guru

Gomez

Maria

eBook

SQL NoSQL

ISBN 9182932465265

Title ldquoCloud Computing Conceptsrdquo

Author ldquoWilson Joerdquo

Format ldquoPaperbackrdquo

87copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Data Storage Considerations

No one size fits all

Analyze your data requirements by considering

Data formats

Data size

Query frequency

Data access speed

Data retention period

88copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Managed Database Services

Compute Storage

AWS Global Infrastructure

Database

App Services

Deployment and Administration

Networking

Amazon DynamoDB

Amazon ElastiCache

Amazon RDS

Amazon Redshift

AWS Database Migration Service

89copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Relational Database Service (RDS)

Cost-efficient and resizable capacity

Manages time-consuming database

administration tasks

Access to the full capabilities of Amazon

Aurora MySQL MariaDB Microsoft SQL

Server Oracle and PostgreSQL databases

Amazon

RDS

90copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Use Case

We were able to go from

concept to delivered product

in about six months with just

a handful of engineers

Greg Scallan

Chief Architect Flipboard

rdquo

ldquoFlipboard is an online magazine

with millions of users and billions of

ldquoflipsrdquo per month

Flipboard is one of the worldrsquos first

social media magazines

Flipboard uses Amazon RDS and

its Multi-AZ capabilities to store

mission critical user data

91copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS

Simple and fast to deploy

Manages common database administrative tasks

Compatible with your applications

Fast predictable performance

Simple and fast to scale

Secure

Cost-effective

92copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

How Amazon RDS Backups Work

Automatic Backups

Restore your database to a

point in time

Are enabled by default

Let you choose a retention

period up to 35 days

Manual Snapshots

Let you build a new

database instance from a

snapshot

Are initiated by the user

Persist until the user deletes

them

Are stored in Amazon S3

93copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cross-Region Snapshots

Are a copy of a database

snapshot stored in a

different AWS Region

Provide a backup for

disaster recovery

Can be used as a base

for migration to a

different region

94copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Security

Run your DB instance in an Amazon VPC

Use IAM policies to grant access to Amazon RDS resources

Use security groups

Use Secure Socket Layer (SSL) connections with DB instances (Amazon Aurora Oracle MySQL MariaDB PostgreSQL Microsoft SQL Server)

Use Amazon RDS encryption to secure your RDS instances and snapshots at rest

Use network encryption and transparent data encryption (TDE) with Oracle DB and Microsoft SQL Server instances

Use the security features of your DB engine to control access to your DB instance

95copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

A Resilient Durable Application Architecture

Amazon RDS database

instances

Master and Multi-AZ standby

Application in Amazon

EC2 instances

Elastic Load Balancing

load balancer instance

DB snapshots in

Amazon S3

96copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Best Practices

Monitor your memory CPU and storage usage

Use Multi-AZ deployments to automatically provision and maintain a synchronous standby in a different Availability Zone

Enable automatic backups

Set the backup window to occur during the daily low in WriteIOPS

To increase the IO capacity of a DB instance Migrate to a DB instance class with high IO capacity

Convert from standard storage to provisioned IOPS storage and use a DB instance class optimized for provisioned IOPS

Provision additional throughput capacity (if using provisioned IOPS storage)

If your client application is caching the DNS data of your DB instances set a TTL of less than 30 seconds

Test failover for your DB instance

97copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon DynamoDB

Store any amount of data with no limits

Fast predictable performance using SSDs

Easily provision and change the request

capacity needed for each table

Fully managed NoSQL database serviceAmazon

DynamoDB

98copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Use Case

AdRoll an online advertising platform serves 50

billion impressions a day worldwide with its

global retargeting platforms

We spend more on snacks

than we do on Amazon

DynamoDB

Valentino Volonghi

CTO Adroll

rdquo

ldquoAdroll Uses AWS to grow by more than

15000 in a year

Needed high-performance flexible

platform to swiftly sync data for

worldwide audience

Processes 50 TB of data a day

Serves 50 billion impressions a day

Stores 15 PB of data

Worldwide deployment minimizes

latency

99copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Data Model

Table

MusicItems

Attributes (name-value pairs)

Artist Song

Title

Album

Title

Year Genre

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 79: AWSome Day Cork | Technical Track

79copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Application Authentication

AWS IAM Application

No Support No Support

OS

80copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication and Authorization

Authentication

AWS Management Console

bull User Name and Password

AWS CLI or SDK API

bull Access Key and Secret Key

Authorization

Policies

IAM User IAM Group

IAM Roles

81copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices

Delete AWS account (root) access keys

Create individual IAM users

Use groups to assign permissions to IAM users

Grant least privilege

Configure a strong password policy

Enable MFA for privileged users

82copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices (cont)

Use roles for applications that run on Amazon EC2

instances

Delegate by using roles instead of by sharing credentials

Rotate credentials regularly

Remove unnecessary users and credentials

Use policy conditions for extra security

Monitor activity in your AWS account

83copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Resource-Based Policies

Are an alternative to IAM and supported by some

services

Grant cross-account access to your resources

Use a principal to uniquely identify account in the policy

Supported AWS services include Amazon S3 Bucket Policy

Amazon SNS Topic Policy

Amazon SQS Queue Policy

Amazon Glacier Vault Policy

AWS OpsWorks Stack Policy

AWS Lambda Function Policy

84copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answer

Q Your web application needs to readwrite an Amazon DynamoDB table

and an Amazon S3 bucket This operation requires AWS credentials and

authorization to use AWS services What service would you use

AWS IAM Role

85copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 4

Databases

86copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SQL and NoSQL Databases

SQL NoSQL

Data Storage Rows and Columns Key-Value

Schemas Fixed Dynamic

Querying Using SQL Focused on collection of

documents

Scalability Vertical Horizontal

ISBN Title Author Format

9182932465265 Cloud Computing

Concepts

Wilson

Joe

Paperback

3142536475869 The Database

Guru

Gomez

Maria

eBook

SQL NoSQL

ISBN 9182932465265

Title ldquoCloud Computing Conceptsrdquo

Author ldquoWilson Joerdquo

Format ldquoPaperbackrdquo

87copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Data Storage Considerations

No one size fits all

Analyze your data requirements by considering

Data formats

Data size

Query frequency

Data access speed

Data retention period

88copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Managed Database Services

Compute Storage

AWS Global Infrastructure

Database

App Services

Deployment and Administration

Networking

Amazon DynamoDB

Amazon ElastiCache

Amazon RDS

Amazon Redshift

AWS Database Migration Service

89copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Relational Database Service (RDS)

Cost-efficient and resizable capacity

Manages time-consuming database

administration tasks

Access to the full capabilities of Amazon

Aurora MySQL MariaDB Microsoft SQL

Server Oracle and PostgreSQL databases

Amazon

RDS

90copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Use Case

We were able to go from

concept to delivered product

in about six months with just

a handful of engineers

Greg Scallan

Chief Architect Flipboard

rdquo

ldquoFlipboard is an online magazine

with millions of users and billions of

ldquoflipsrdquo per month

Flipboard is one of the worldrsquos first

social media magazines

Flipboard uses Amazon RDS and

its Multi-AZ capabilities to store

mission critical user data

91copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS

Simple and fast to deploy

Manages common database administrative tasks

Compatible with your applications

Fast predictable performance

Simple and fast to scale

Secure

Cost-effective

92copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

How Amazon RDS Backups Work

Automatic Backups

Restore your database to a

point in time

Are enabled by default

Let you choose a retention

period up to 35 days

Manual Snapshots

Let you build a new

database instance from a

snapshot

Are initiated by the user

Persist until the user deletes

them

Are stored in Amazon S3

93copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cross-Region Snapshots

Are a copy of a database

snapshot stored in a

different AWS Region

Provide a backup for

disaster recovery

Can be used as a base

for migration to a

different region

94copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Security

Run your DB instance in an Amazon VPC

Use IAM policies to grant access to Amazon RDS resources

Use security groups

Use Secure Socket Layer (SSL) connections with DB instances (Amazon Aurora Oracle MySQL MariaDB PostgreSQL Microsoft SQL Server)

Use Amazon RDS encryption to secure your RDS instances and snapshots at rest

Use network encryption and transparent data encryption (TDE) with Oracle DB and Microsoft SQL Server instances

Use the security features of your DB engine to control access to your DB instance

95copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

A Resilient Durable Application Architecture

Amazon RDS database

instances

Master and Multi-AZ standby

Application in Amazon

EC2 instances

Elastic Load Balancing

load balancer instance

DB snapshots in

Amazon S3

96copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Best Practices

Monitor your memory CPU and storage usage

Use Multi-AZ deployments to automatically provision and maintain a synchronous standby in a different Availability Zone

Enable automatic backups

Set the backup window to occur during the daily low in WriteIOPS

To increase the IO capacity of a DB instance Migrate to a DB instance class with high IO capacity

Convert from standard storage to provisioned IOPS storage and use a DB instance class optimized for provisioned IOPS

Provision additional throughput capacity (if using provisioned IOPS storage)

If your client application is caching the DNS data of your DB instances set a TTL of less than 30 seconds

Test failover for your DB instance

97copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon DynamoDB

Store any amount of data with no limits

Fast predictable performance using SSDs

Easily provision and change the request

capacity needed for each table

Fully managed NoSQL database serviceAmazon

DynamoDB

98copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Use Case

AdRoll an online advertising platform serves 50

billion impressions a day worldwide with its

global retargeting platforms

We spend more on snacks

than we do on Amazon

DynamoDB

Valentino Volonghi

CTO Adroll

rdquo

ldquoAdroll Uses AWS to grow by more than

15000 in a year

Needed high-performance flexible

platform to swiftly sync data for

worldwide audience

Processes 50 TB of data a day

Serves 50 billion impressions a day

Stores 15 PB of data

Worldwide deployment minimizes

latency

99copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Data Model

Table

MusicItems

Attributes (name-value pairs)

Artist Song

Title

Album

Title

Year Genre

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 80: AWSome Day Cork | Technical Track

80copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Authentication and Authorization

Authentication

AWS Management Console

bull User Name and Password

AWS CLI or SDK API

bull Access Key and Secret Key

Authorization

Policies

IAM User IAM Group

IAM Roles

81copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices

Delete AWS account (root) access keys

Create individual IAM users

Use groups to assign permissions to IAM users

Grant least privilege

Configure a strong password policy

Enable MFA for privileged users

82copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices (cont)

Use roles for applications that run on Amazon EC2

instances

Delegate by using roles instead of by sharing credentials

Rotate credentials regularly

Remove unnecessary users and credentials

Use policy conditions for extra security

Monitor activity in your AWS account

83copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Resource-Based Policies

Are an alternative to IAM and supported by some

services

Grant cross-account access to your resources

Use a principal to uniquely identify account in the policy

Supported AWS services include Amazon S3 Bucket Policy

Amazon SNS Topic Policy

Amazon SQS Queue Policy

Amazon Glacier Vault Policy

AWS OpsWorks Stack Policy

AWS Lambda Function Policy

84copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answer

Q Your web application needs to readwrite an Amazon DynamoDB table

and an Amazon S3 bucket This operation requires AWS credentials and

authorization to use AWS services What service would you use

AWS IAM Role

85copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 4

Databases

86copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SQL and NoSQL Databases

SQL NoSQL

Data Storage Rows and Columns Key-Value

Schemas Fixed Dynamic

Querying Using SQL Focused on collection of

documents

Scalability Vertical Horizontal

ISBN Title Author Format

9182932465265 Cloud Computing

Concepts

Wilson

Joe

Paperback

3142536475869 The Database

Guru

Gomez

Maria

eBook

SQL NoSQL

ISBN 9182932465265

Title ldquoCloud Computing Conceptsrdquo

Author ldquoWilson Joerdquo

Format ldquoPaperbackrdquo

87copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Data Storage Considerations

No one size fits all

Analyze your data requirements by considering

Data formats

Data size

Query frequency

Data access speed

Data retention period

88copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Managed Database Services

Compute Storage

AWS Global Infrastructure

Database

App Services

Deployment and Administration

Networking

Amazon DynamoDB

Amazon ElastiCache

Amazon RDS

Amazon Redshift

AWS Database Migration Service

89copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Relational Database Service (RDS)

Cost-efficient and resizable capacity

Manages time-consuming database

administration tasks

Access to the full capabilities of Amazon

Aurora MySQL MariaDB Microsoft SQL

Server Oracle and PostgreSQL databases

Amazon

RDS

90copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Use Case

We were able to go from

concept to delivered product

in about six months with just

a handful of engineers

Greg Scallan

Chief Architect Flipboard

rdquo

ldquoFlipboard is an online magazine

with millions of users and billions of

ldquoflipsrdquo per month

Flipboard is one of the worldrsquos first

social media magazines

Flipboard uses Amazon RDS and

its Multi-AZ capabilities to store

mission critical user data

91copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS

Simple and fast to deploy

Manages common database administrative tasks

Compatible with your applications

Fast predictable performance

Simple and fast to scale

Secure

Cost-effective

92copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

How Amazon RDS Backups Work

Automatic Backups

Restore your database to a

point in time

Are enabled by default

Let you choose a retention

period up to 35 days

Manual Snapshots

Let you build a new

database instance from a

snapshot

Are initiated by the user

Persist until the user deletes

them

Are stored in Amazon S3

93copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cross-Region Snapshots

Are a copy of a database

snapshot stored in a

different AWS Region

Provide a backup for

disaster recovery

Can be used as a base

for migration to a

different region

94copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Security

Run your DB instance in an Amazon VPC

Use IAM policies to grant access to Amazon RDS resources

Use security groups

Use Secure Socket Layer (SSL) connections with DB instances (Amazon Aurora Oracle MySQL MariaDB PostgreSQL Microsoft SQL Server)

Use Amazon RDS encryption to secure your RDS instances and snapshots at rest

Use network encryption and transparent data encryption (TDE) with Oracle DB and Microsoft SQL Server instances

Use the security features of your DB engine to control access to your DB instance

95copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

A Resilient Durable Application Architecture

Amazon RDS database

instances

Master and Multi-AZ standby

Application in Amazon

EC2 instances

Elastic Load Balancing

load balancer instance

DB snapshots in

Amazon S3

96copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Best Practices

Monitor your memory CPU and storage usage

Use Multi-AZ deployments to automatically provision and maintain a synchronous standby in a different Availability Zone

Enable automatic backups

Set the backup window to occur during the daily low in WriteIOPS

To increase the IO capacity of a DB instance Migrate to a DB instance class with high IO capacity

Convert from standard storage to provisioned IOPS storage and use a DB instance class optimized for provisioned IOPS

Provision additional throughput capacity (if using provisioned IOPS storage)

If your client application is caching the DNS data of your DB instances set a TTL of less than 30 seconds

Test failover for your DB instance

97copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon DynamoDB

Store any amount of data with no limits

Fast predictable performance using SSDs

Easily provision and change the request

capacity needed for each table

Fully managed NoSQL database serviceAmazon

DynamoDB

98copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Use Case

AdRoll an online advertising platform serves 50

billion impressions a day worldwide with its

global retargeting platforms

We spend more on snacks

than we do on Amazon

DynamoDB

Valentino Volonghi

CTO Adroll

rdquo

ldquoAdroll Uses AWS to grow by more than

15000 in a year

Needed high-performance flexible

platform to swiftly sync data for

worldwide audience

Processes 50 TB of data a day

Serves 50 billion impressions a day

Stores 15 PB of data

Worldwide deployment minimizes

latency

99copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Data Model

Table

MusicItems

Attributes (name-value pairs)

Artist Song

Title

Album

Title

Year Genre

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 81: AWSome Day Cork | Technical Track

81copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices

Delete AWS account (root) access keys

Create individual IAM users

Use groups to assign permissions to IAM users

Grant least privilege

Configure a strong password policy

Enable MFA for privileged users

82copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices (cont)

Use roles for applications that run on Amazon EC2

instances

Delegate by using roles instead of by sharing credentials

Rotate credentials regularly

Remove unnecessary users and credentials

Use policy conditions for extra security

Monitor activity in your AWS account

83copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Resource-Based Policies

Are an alternative to IAM and supported by some

services

Grant cross-account access to your resources

Use a principal to uniquely identify account in the policy

Supported AWS services include Amazon S3 Bucket Policy

Amazon SNS Topic Policy

Amazon SQS Queue Policy

Amazon Glacier Vault Policy

AWS OpsWorks Stack Policy

AWS Lambda Function Policy

84copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answer

Q Your web application needs to readwrite an Amazon DynamoDB table

and an Amazon S3 bucket This operation requires AWS credentials and

authorization to use AWS services What service would you use

AWS IAM Role

85copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 4

Databases

86copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SQL and NoSQL Databases

SQL NoSQL

Data Storage Rows and Columns Key-Value

Schemas Fixed Dynamic

Querying Using SQL Focused on collection of

documents

Scalability Vertical Horizontal

ISBN Title Author Format

9182932465265 Cloud Computing

Concepts

Wilson

Joe

Paperback

3142536475869 The Database

Guru

Gomez

Maria

eBook

SQL NoSQL

ISBN 9182932465265

Title ldquoCloud Computing Conceptsrdquo

Author ldquoWilson Joerdquo

Format ldquoPaperbackrdquo

87copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Data Storage Considerations

No one size fits all

Analyze your data requirements by considering

Data formats

Data size

Query frequency

Data access speed

Data retention period

88copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Managed Database Services

Compute Storage

AWS Global Infrastructure

Database

App Services

Deployment and Administration

Networking

Amazon DynamoDB

Amazon ElastiCache

Amazon RDS

Amazon Redshift

AWS Database Migration Service

89copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Relational Database Service (RDS)

Cost-efficient and resizable capacity

Manages time-consuming database

administration tasks

Access to the full capabilities of Amazon

Aurora MySQL MariaDB Microsoft SQL

Server Oracle and PostgreSQL databases

Amazon

RDS

90copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Use Case

We were able to go from

concept to delivered product

in about six months with just

a handful of engineers

Greg Scallan

Chief Architect Flipboard

rdquo

ldquoFlipboard is an online magazine

with millions of users and billions of

ldquoflipsrdquo per month

Flipboard is one of the worldrsquos first

social media magazines

Flipboard uses Amazon RDS and

its Multi-AZ capabilities to store

mission critical user data

91copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS

Simple and fast to deploy

Manages common database administrative tasks

Compatible with your applications

Fast predictable performance

Simple and fast to scale

Secure

Cost-effective

92copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

How Amazon RDS Backups Work

Automatic Backups

Restore your database to a

point in time

Are enabled by default

Let you choose a retention

period up to 35 days

Manual Snapshots

Let you build a new

database instance from a

snapshot

Are initiated by the user

Persist until the user deletes

them

Are stored in Amazon S3

93copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cross-Region Snapshots

Are a copy of a database

snapshot stored in a

different AWS Region

Provide a backup for

disaster recovery

Can be used as a base

for migration to a

different region

94copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Security

Run your DB instance in an Amazon VPC

Use IAM policies to grant access to Amazon RDS resources

Use security groups

Use Secure Socket Layer (SSL) connections with DB instances (Amazon Aurora Oracle MySQL MariaDB PostgreSQL Microsoft SQL Server)

Use Amazon RDS encryption to secure your RDS instances and snapshots at rest

Use network encryption and transparent data encryption (TDE) with Oracle DB and Microsoft SQL Server instances

Use the security features of your DB engine to control access to your DB instance

95copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

A Resilient Durable Application Architecture

Amazon RDS database

instances

Master and Multi-AZ standby

Application in Amazon

EC2 instances

Elastic Load Balancing

load balancer instance

DB snapshots in

Amazon S3

96copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Best Practices

Monitor your memory CPU and storage usage

Use Multi-AZ deployments to automatically provision and maintain a synchronous standby in a different Availability Zone

Enable automatic backups

Set the backup window to occur during the daily low in WriteIOPS

To increase the IO capacity of a DB instance Migrate to a DB instance class with high IO capacity

Convert from standard storage to provisioned IOPS storage and use a DB instance class optimized for provisioned IOPS

Provision additional throughput capacity (if using provisioned IOPS storage)

If your client application is caching the DNS data of your DB instances set a TTL of less than 30 seconds

Test failover for your DB instance

97copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon DynamoDB

Store any amount of data with no limits

Fast predictable performance using SSDs

Easily provision and change the request

capacity needed for each table

Fully managed NoSQL database serviceAmazon

DynamoDB

98copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Use Case

AdRoll an online advertising platform serves 50

billion impressions a day worldwide with its

global retargeting platforms

We spend more on snacks

than we do on Amazon

DynamoDB

Valentino Volonghi

CTO Adroll

rdquo

ldquoAdroll Uses AWS to grow by more than

15000 in a year

Needed high-performance flexible

platform to swiftly sync data for

worldwide audience

Processes 50 TB of data a day

Serves 50 billion impressions a day

Stores 15 PB of data

Worldwide deployment minimizes

latency

99copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Data Model

Table

MusicItems

Attributes (name-value pairs)

Artist Song

Title

Album

Title

Year Genre

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 82: AWSome Day Cork | Technical Track

82copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS IAM Best Practices (cont)

Use roles for applications that run on Amazon EC2

instances

Delegate by using roles instead of by sharing credentials

Rotate credentials regularly

Remove unnecessary users and credentials

Use policy conditions for extra security

Monitor activity in your AWS account

83copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Resource-Based Policies

Are an alternative to IAM and supported by some

services

Grant cross-account access to your resources

Use a principal to uniquely identify account in the policy

Supported AWS services include Amazon S3 Bucket Policy

Amazon SNS Topic Policy

Amazon SQS Queue Policy

Amazon Glacier Vault Policy

AWS OpsWorks Stack Policy

AWS Lambda Function Policy

84copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answer

Q Your web application needs to readwrite an Amazon DynamoDB table

and an Amazon S3 bucket This operation requires AWS credentials and

authorization to use AWS services What service would you use

AWS IAM Role

85copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 4

Databases

86copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SQL and NoSQL Databases

SQL NoSQL

Data Storage Rows and Columns Key-Value

Schemas Fixed Dynamic

Querying Using SQL Focused on collection of

documents

Scalability Vertical Horizontal

ISBN Title Author Format

9182932465265 Cloud Computing

Concepts

Wilson

Joe

Paperback

3142536475869 The Database

Guru

Gomez

Maria

eBook

SQL NoSQL

ISBN 9182932465265

Title ldquoCloud Computing Conceptsrdquo

Author ldquoWilson Joerdquo

Format ldquoPaperbackrdquo

87copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Data Storage Considerations

No one size fits all

Analyze your data requirements by considering

Data formats

Data size

Query frequency

Data access speed

Data retention period

88copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Managed Database Services

Compute Storage

AWS Global Infrastructure

Database

App Services

Deployment and Administration

Networking

Amazon DynamoDB

Amazon ElastiCache

Amazon RDS

Amazon Redshift

AWS Database Migration Service

89copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Relational Database Service (RDS)

Cost-efficient and resizable capacity

Manages time-consuming database

administration tasks

Access to the full capabilities of Amazon

Aurora MySQL MariaDB Microsoft SQL

Server Oracle and PostgreSQL databases

Amazon

RDS

90copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Use Case

We were able to go from

concept to delivered product

in about six months with just

a handful of engineers

Greg Scallan

Chief Architect Flipboard

rdquo

ldquoFlipboard is an online magazine

with millions of users and billions of

ldquoflipsrdquo per month

Flipboard is one of the worldrsquos first

social media magazines

Flipboard uses Amazon RDS and

its Multi-AZ capabilities to store

mission critical user data

91copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS

Simple and fast to deploy

Manages common database administrative tasks

Compatible with your applications

Fast predictable performance

Simple and fast to scale

Secure

Cost-effective

92copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

How Amazon RDS Backups Work

Automatic Backups

Restore your database to a

point in time

Are enabled by default

Let you choose a retention

period up to 35 days

Manual Snapshots

Let you build a new

database instance from a

snapshot

Are initiated by the user

Persist until the user deletes

them

Are stored in Amazon S3

93copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cross-Region Snapshots

Are a copy of a database

snapshot stored in a

different AWS Region

Provide a backup for

disaster recovery

Can be used as a base

for migration to a

different region

94copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Security

Run your DB instance in an Amazon VPC

Use IAM policies to grant access to Amazon RDS resources

Use security groups

Use Secure Socket Layer (SSL) connections with DB instances (Amazon Aurora Oracle MySQL MariaDB PostgreSQL Microsoft SQL Server)

Use Amazon RDS encryption to secure your RDS instances and snapshots at rest

Use network encryption and transparent data encryption (TDE) with Oracle DB and Microsoft SQL Server instances

Use the security features of your DB engine to control access to your DB instance

95copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

A Resilient Durable Application Architecture

Amazon RDS database

instances

Master and Multi-AZ standby

Application in Amazon

EC2 instances

Elastic Load Balancing

load balancer instance

DB snapshots in

Amazon S3

96copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Best Practices

Monitor your memory CPU and storage usage

Use Multi-AZ deployments to automatically provision and maintain a synchronous standby in a different Availability Zone

Enable automatic backups

Set the backup window to occur during the daily low in WriteIOPS

To increase the IO capacity of a DB instance Migrate to a DB instance class with high IO capacity

Convert from standard storage to provisioned IOPS storage and use a DB instance class optimized for provisioned IOPS

Provision additional throughput capacity (if using provisioned IOPS storage)

If your client application is caching the DNS data of your DB instances set a TTL of less than 30 seconds

Test failover for your DB instance

97copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon DynamoDB

Store any amount of data with no limits

Fast predictable performance using SSDs

Easily provision and change the request

capacity needed for each table

Fully managed NoSQL database serviceAmazon

DynamoDB

98copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Use Case

AdRoll an online advertising platform serves 50

billion impressions a day worldwide with its

global retargeting platforms

We spend more on snacks

than we do on Amazon

DynamoDB

Valentino Volonghi

CTO Adroll

rdquo

ldquoAdroll Uses AWS to grow by more than

15000 in a year

Needed high-performance flexible

platform to swiftly sync data for

worldwide audience

Processes 50 TB of data a day

Serves 50 billion impressions a day

Stores 15 PB of data

Worldwide deployment minimizes

latency

99copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Data Model

Table

MusicItems

Attributes (name-value pairs)

Artist Song

Title

Album

Title

Year Genre

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 83: AWSome Day Cork | Technical Track

83copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Resource-Based Policies

Are an alternative to IAM and supported by some

services

Grant cross-account access to your resources

Use a principal to uniquely identify account in the policy

Supported AWS services include Amazon S3 Bucket Policy

Amazon SNS Topic Policy

Amazon SQS Queue Policy

Amazon Glacier Vault Policy

AWS OpsWorks Stack Policy

AWS Lambda Function Policy

84copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answer

Q Your web application needs to readwrite an Amazon DynamoDB table

and an Amazon S3 bucket This operation requires AWS credentials and

authorization to use AWS services What service would you use

AWS IAM Role

85copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 4

Databases

86copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SQL and NoSQL Databases

SQL NoSQL

Data Storage Rows and Columns Key-Value

Schemas Fixed Dynamic

Querying Using SQL Focused on collection of

documents

Scalability Vertical Horizontal

ISBN Title Author Format

9182932465265 Cloud Computing

Concepts

Wilson

Joe

Paperback

3142536475869 The Database

Guru

Gomez

Maria

eBook

SQL NoSQL

ISBN 9182932465265

Title ldquoCloud Computing Conceptsrdquo

Author ldquoWilson Joerdquo

Format ldquoPaperbackrdquo

87copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Data Storage Considerations

No one size fits all

Analyze your data requirements by considering

Data formats

Data size

Query frequency

Data access speed

Data retention period

88copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Managed Database Services

Compute Storage

AWS Global Infrastructure

Database

App Services

Deployment and Administration

Networking

Amazon DynamoDB

Amazon ElastiCache

Amazon RDS

Amazon Redshift

AWS Database Migration Service

89copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Relational Database Service (RDS)

Cost-efficient and resizable capacity

Manages time-consuming database

administration tasks

Access to the full capabilities of Amazon

Aurora MySQL MariaDB Microsoft SQL

Server Oracle and PostgreSQL databases

Amazon

RDS

90copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Use Case

We were able to go from

concept to delivered product

in about six months with just

a handful of engineers

Greg Scallan

Chief Architect Flipboard

rdquo

ldquoFlipboard is an online magazine

with millions of users and billions of

ldquoflipsrdquo per month

Flipboard is one of the worldrsquos first

social media magazines

Flipboard uses Amazon RDS and

its Multi-AZ capabilities to store

mission critical user data

91copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS

Simple and fast to deploy

Manages common database administrative tasks

Compatible with your applications

Fast predictable performance

Simple and fast to scale

Secure

Cost-effective

92copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

How Amazon RDS Backups Work

Automatic Backups

Restore your database to a

point in time

Are enabled by default

Let you choose a retention

period up to 35 days

Manual Snapshots

Let you build a new

database instance from a

snapshot

Are initiated by the user

Persist until the user deletes

them

Are stored in Amazon S3

93copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cross-Region Snapshots

Are a copy of a database

snapshot stored in a

different AWS Region

Provide a backup for

disaster recovery

Can be used as a base

for migration to a

different region

94copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Security

Run your DB instance in an Amazon VPC

Use IAM policies to grant access to Amazon RDS resources

Use security groups

Use Secure Socket Layer (SSL) connections with DB instances (Amazon Aurora Oracle MySQL MariaDB PostgreSQL Microsoft SQL Server)

Use Amazon RDS encryption to secure your RDS instances and snapshots at rest

Use network encryption and transparent data encryption (TDE) with Oracle DB and Microsoft SQL Server instances

Use the security features of your DB engine to control access to your DB instance

95copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

A Resilient Durable Application Architecture

Amazon RDS database

instances

Master and Multi-AZ standby

Application in Amazon

EC2 instances

Elastic Load Balancing

load balancer instance

DB snapshots in

Amazon S3

96copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Best Practices

Monitor your memory CPU and storage usage

Use Multi-AZ deployments to automatically provision and maintain a synchronous standby in a different Availability Zone

Enable automatic backups

Set the backup window to occur during the daily low in WriteIOPS

To increase the IO capacity of a DB instance Migrate to a DB instance class with high IO capacity

Convert from standard storage to provisioned IOPS storage and use a DB instance class optimized for provisioned IOPS

Provision additional throughput capacity (if using provisioned IOPS storage)

If your client application is caching the DNS data of your DB instances set a TTL of less than 30 seconds

Test failover for your DB instance

97copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon DynamoDB

Store any amount of data with no limits

Fast predictable performance using SSDs

Easily provision and change the request

capacity needed for each table

Fully managed NoSQL database serviceAmazon

DynamoDB

98copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Use Case

AdRoll an online advertising platform serves 50

billion impressions a day worldwide with its

global retargeting platforms

We spend more on snacks

than we do on Amazon

DynamoDB

Valentino Volonghi

CTO Adroll

rdquo

ldquoAdroll Uses AWS to grow by more than

15000 in a year

Needed high-performance flexible

platform to swiftly sync data for

worldwide audience

Processes 50 TB of data a day

Serves 50 billion impressions a day

Stores 15 PB of data

Worldwide deployment minimizes

latency

99copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Data Model

Table

MusicItems

Attributes (name-value pairs)

Artist Song

Title

Album

Title

Year Genre

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 84: AWSome Day Cork | Technical Track

84copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Knowledge Check Answer

Q Your web application needs to readwrite an Amazon DynamoDB table

and an Amazon S3 bucket This operation requires AWS credentials and

authorization to use AWS services What service would you use

AWS IAM Role

85copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 4

Databases

86copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SQL and NoSQL Databases

SQL NoSQL

Data Storage Rows and Columns Key-Value

Schemas Fixed Dynamic

Querying Using SQL Focused on collection of

documents

Scalability Vertical Horizontal

ISBN Title Author Format

9182932465265 Cloud Computing

Concepts

Wilson

Joe

Paperback

3142536475869 The Database

Guru

Gomez

Maria

eBook

SQL NoSQL

ISBN 9182932465265

Title ldquoCloud Computing Conceptsrdquo

Author ldquoWilson Joerdquo

Format ldquoPaperbackrdquo

87copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Data Storage Considerations

No one size fits all

Analyze your data requirements by considering

Data formats

Data size

Query frequency

Data access speed

Data retention period

88copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Managed Database Services

Compute Storage

AWS Global Infrastructure

Database

App Services

Deployment and Administration

Networking

Amazon DynamoDB

Amazon ElastiCache

Amazon RDS

Amazon Redshift

AWS Database Migration Service

89copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Relational Database Service (RDS)

Cost-efficient and resizable capacity

Manages time-consuming database

administration tasks

Access to the full capabilities of Amazon

Aurora MySQL MariaDB Microsoft SQL

Server Oracle and PostgreSQL databases

Amazon

RDS

90copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Use Case

We were able to go from

concept to delivered product

in about six months with just

a handful of engineers

Greg Scallan

Chief Architect Flipboard

rdquo

ldquoFlipboard is an online magazine

with millions of users and billions of

ldquoflipsrdquo per month

Flipboard is one of the worldrsquos first

social media magazines

Flipboard uses Amazon RDS and

its Multi-AZ capabilities to store

mission critical user data

91copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS

Simple and fast to deploy

Manages common database administrative tasks

Compatible with your applications

Fast predictable performance

Simple and fast to scale

Secure

Cost-effective

92copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

How Amazon RDS Backups Work

Automatic Backups

Restore your database to a

point in time

Are enabled by default

Let you choose a retention

period up to 35 days

Manual Snapshots

Let you build a new

database instance from a

snapshot

Are initiated by the user

Persist until the user deletes

them

Are stored in Amazon S3

93copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cross-Region Snapshots

Are a copy of a database

snapshot stored in a

different AWS Region

Provide a backup for

disaster recovery

Can be used as a base

for migration to a

different region

94copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Security

Run your DB instance in an Amazon VPC

Use IAM policies to grant access to Amazon RDS resources

Use security groups

Use Secure Socket Layer (SSL) connections with DB instances (Amazon Aurora Oracle MySQL MariaDB PostgreSQL Microsoft SQL Server)

Use Amazon RDS encryption to secure your RDS instances and snapshots at rest

Use network encryption and transparent data encryption (TDE) with Oracle DB and Microsoft SQL Server instances

Use the security features of your DB engine to control access to your DB instance

95copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

A Resilient Durable Application Architecture

Amazon RDS database

instances

Master and Multi-AZ standby

Application in Amazon

EC2 instances

Elastic Load Balancing

load balancer instance

DB snapshots in

Amazon S3

96copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Best Practices

Monitor your memory CPU and storage usage

Use Multi-AZ deployments to automatically provision and maintain a synchronous standby in a different Availability Zone

Enable automatic backups

Set the backup window to occur during the daily low in WriteIOPS

To increase the IO capacity of a DB instance Migrate to a DB instance class with high IO capacity

Convert from standard storage to provisioned IOPS storage and use a DB instance class optimized for provisioned IOPS

Provision additional throughput capacity (if using provisioned IOPS storage)

If your client application is caching the DNS data of your DB instances set a TTL of less than 30 seconds

Test failover for your DB instance

97copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon DynamoDB

Store any amount of data with no limits

Fast predictable performance using SSDs

Easily provision and change the request

capacity needed for each table

Fully managed NoSQL database serviceAmazon

DynamoDB

98copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Use Case

AdRoll an online advertising platform serves 50

billion impressions a day worldwide with its

global retargeting platforms

We spend more on snacks

than we do on Amazon

DynamoDB

Valentino Volonghi

CTO Adroll

rdquo

ldquoAdroll Uses AWS to grow by more than

15000 in a year

Needed high-performance flexible

platform to swiftly sync data for

worldwide audience

Processes 50 TB of data a day

Serves 50 billion impressions a day

Stores 15 PB of data

Worldwide deployment minimizes

latency

99copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Data Model

Table

MusicItems

Attributes (name-value pairs)

Artist Song

Title

Album

Title

Year Genre

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 85: AWSome Day Cork | Technical Track

85copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 4

Databases

86copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SQL and NoSQL Databases

SQL NoSQL

Data Storage Rows and Columns Key-Value

Schemas Fixed Dynamic

Querying Using SQL Focused on collection of

documents

Scalability Vertical Horizontal

ISBN Title Author Format

9182932465265 Cloud Computing

Concepts

Wilson

Joe

Paperback

3142536475869 The Database

Guru

Gomez

Maria

eBook

SQL NoSQL

ISBN 9182932465265

Title ldquoCloud Computing Conceptsrdquo

Author ldquoWilson Joerdquo

Format ldquoPaperbackrdquo

87copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Data Storage Considerations

No one size fits all

Analyze your data requirements by considering

Data formats

Data size

Query frequency

Data access speed

Data retention period

88copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Managed Database Services

Compute Storage

AWS Global Infrastructure

Database

App Services

Deployment and Administration

Networking

Amazon DynamoDB

Amazon ElastiCache

Amazon RDS

Amazon Redshift

AWS Database Migration Service

89copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Relational Database Service (RDS)

Cost-efficient and resizable capacity

Manages time-consuming database

administration tasks

Access to the full capabilities of Amazon

Aurora MySQL MariaDB Microsoft SQL

Server Oracle and PostgreSQL databases

Amazon

RDS

90copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Use Case

We were able to go from

concept to delivered product

in about six months with just

a handful of engineers

Greg Scallan

Chief Architect Flipboard

rdquo

ldquoFlipboard is an online magazine

with millions of users and billions of

ldquoflipsrdquo per month

Flipboard is one of the worldrsquos first

social media magazines

Flipboard uses Amazon RDS and

its Multi-AZ capabilities to store

mission critical user data

91copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS

Simple and fast to deploy

Manages common database administrative tasks

Compatible with your applications

Fast predictable performance

Simple and fast to scale

Secure

Cost-effective

92copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

How Amazon RDS Backups Work

Automatic Backups

Restore your database to a

point in time

Are enabled by default

Let you choose a retention

period up to 35 days

Manual Snapshots

Let you build a new

database instance from a

snapshot

Are initiated by the user

Persist until the user deletes

them

Are stored in Amazon S3

93copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cross-Region Snapshots

Are a copy of a database

snapshot stored in a

different AWS Region

Provide a backup for

disaster recovery

Can be used as a base

for migration to a

different region

94copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Security

Run your DB instance in an Amazon VPC

Use IAM policies to grant access to Amazon RDS resources

Use security groups

Use Secure Socket Layer (SSL) connections with DB instances (Amazon Aurora Oracle MySQL MariaDB PostgreSQL Microsoft SQL Server)

Use Amazon RDS encryption to secure your RDS instances and snapshots at rest

Use network encryption and transparent data encryption (TDE) with Oracle DB and Microsoft SQL Server instances

Use the security features of your DB engine to control access to your DB instance

95copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

A Resilient Durable Application Architecture

Amazon RDS database

instances

Master and Multi-AZ standby

Application in Amazon

EC2 instances

Elastic Load Balancing

load balancer instance

DB snapshots in

Amazon S3

96copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Best Practices

Monitor your memory CPU and storage usage

Use Multi-AZ deployments to automatically provision and maintain a synchronous standby in a different Availability Zone

Enable automatic backups

Set the backup window to occur during the daily low in WriteIOPS

To increase the IO capacity of a DB instance Migrate to a DB instance class with high IO capacity

Convert from standard storage to provisioned IOPS storage and use a DB instance class optimized for provisioned IOPS

Provision additional throughput capacity (if using provisioned IOPS storage)

If your client application is caching the DNS data of your DB instances set a TTL of less than 30 seconds

Test failover for your DB instance

97copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon DynamoDB

Store any amount of data with no limits

Fast predictable performance using SSDs

Easily provision and change the request

capacity needed for each table

Fully managed NoSQL database serviceAmazon

DynamoDB

98copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Use Case

AdRoll an online advertising platform serves 50

billion impressions a day worldwide with its

global retargeting platforms

We spend more on snacks

than we do on Amazon

DynamoDB

Valentino Volonghi

CTO Adroll

rdquo

ldquoAdroll Uses AWS to grow by more than

15000 in a year

Needed high-performance flexible

platform to swiftly sync data for

worldwide audience

Processes 50 TB of data a day

Serves 50 billion impressions a day

Stores 15 PB of data

Worldwide deployment minimizes

latency

99copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Data Model

Table

MusicItems

Attributes (name-value pairs)

Artist Song

Title

Album

Title

Year Genre

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 86: AWSome Day Cork | Technical Track

86copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

SQL and NoSQL Databases

SQL NoSQL

Data Storage Rows and Columns Key-Value

Schemas Fixed Dynamic

Querying Using SQL Focused on collection of

documents

Scalability Vertical Horizontal

ISBN Title Author Format

9182932465265 Cloud Computing

Concepts

Wilson

Joe

Paperback

3142536475869 The Database

Guru

Gomez

Maria

eBook

SQL NoSQL

ISBN 9182932465265

Title ldquoCloud Computing Conceptsrdquo

Author ldquoWilson Joerdquo

Format ldquoPaperbackrdquo

87copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Data Storage Considerations

No one size fits all

Analyze your data requirements by considering

Data formats

Data size

Query frequency

Data access speed

Data retention period

88copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Managed Database Services

Compute Storage

AWS Global Infrastructure

Database

App Services

Deployment and Administration

Networking

Amazon DynamoDB

Amazon ElastiCache

Amazon RDS

Amazon Redshift

AWS Database Migration Service

89copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Relational Database Service (RDS)

Cost-efficient and resizable capacity

Manages time-consuming database

administration tasks

Access to the full capabilities of Amazon

Aurora MySQL MariaDB Microsoft SQL

Server Oracle and PostgreSQL databases

Amazon

RDS

90copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Use Case

We were able to go from

concept to delivered product

in about six months with just

a handful of engineers

Greg Scallan

Chief Architect Flipboard

rdquo

ldquoFlipboard is an online magazine

with millions of users and billions of

ldquoflipsrdquo per month

Flipboard is one of the worldrsquos first

social media magazines

Flipboard uses Amazon RDS and

its Multi-AZ capabilities to store

mission critical user data

91copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS

Simple and fast to deploy

Manages common database administrative tasks

Compatible with your applications

Fast predictable performance

Simple and fast to scale

Secure

Cost-effective

92copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

How Amazon RDS Backups Work

Automatic Backups

Restore your database to a

point in time

Are enabled by default

Let you choose a retention

period up to 35 days

Manual Snapshots

Let you build a new

database instance from a

snapshot

Are initiated by the user

Persist until the user deletes

them

Are stored in Amazon S3

93copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cross-Region Snapshots

Are a copy of a database

snapshot stored in a

different AWS Region

Provide a backup for

disaster recovery

Can be used as a base

for migration to a

different region

94copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Security

Run your DB instance in an Amazon VPC

Use IAM policies to grant access to Amazon RDS resources

Use security groups

Use Secure Socket Layer (SSL) connections with DB instances (Amazon Aurora Oracle MySQL MariaDB PostgreSQL Microsoft SQL Server)

Use Amazon RDS encryption to secure your RDS instances and snapshots at rest

Use network encryption and transparent data encryption (TDE) with Oracle DB and Microsoft SQL Server instances

Use the security features of your DB engine to control access to your DB instance

95copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

A Resilient Durable Application Architecture

Amazon RDS database

instances

Master and Multi-AZ standby

Application in Amazon

EC2 instances

Elastic Load Balancing

load balancer instance

DB snapshots in

Amazon S3

96copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Best Practices

Monitor your memory CPU and storage usage

Use Multi-AZ deployments to automatically provision and maintain a synchronous standby in a different Availability Zone

Enable automatic backups

Set the backup window to occur during the daily low in WriteIOPS

To increase the IO capacity of a DB instance Migrate to a DB instance class with high IO capacity

Convert from standard storage to provisioned IOPS storage and use a DB instance class optimized for provisioned IOPS

Provision additional throughput capacity (if using provisioned IOPS storage)

If your client application is caching the DNS data of your DB instances set a TTL of less than 30 seconds

Test failover for your DB instance

97copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon DynamoDB

Store any amount of data with no limits

Fast predictable performance using SSDs

Easily provision and change the request

capacity needed for each table

Fully managed NoSQL database serviceAmazon

DynamoDB

98copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Use Case

AdRoll an online advertising platform serves 50

billion impressions a day worldwide with its

global retargeting platforms

We spend more on snacks

than we do on Amazon

DynamoDB

Valentino Volonghi

CTO Adroll

rdquo

ldquoAdroll Uses AWS to grow by more than

15000 in a year

Needed high-performance flexible

platform to swiftly sync data for

worldwide audience

Processes 50 TB of data a day

Serves 50 billion impressions a day

Stores 15 PB of data

Worldwide deployment minimizes

latency

99copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Data Model

Table

MusicItems

Attributes (name-value pairs)

Artist Song

Title

Album

Title

Year Genre

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 87: AWSome Day Cork | Technical Track

87copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Data Storage Considerations

No one size fits all

Analyze your data requirements by considering

Data formats

Data size

Query frequency

Data access speed

Data retention period

88copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Managed Database Services

Compute Storage

AWS Global Infrastructure

Database

App Services

Deployment and Administration

Networking

Amazon DynamoDB

Amazon ElastiCache

Amazon RDS

Amazon Redshift

AWS Database Migration Service

89copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Relational Database Service (RDS)

Cost-efficient and resizable capacity

Manages time-consuming database

administration tasks

Access to the full capabilities of Amazon

Aurora MySQL MariaDB Microsoft SQL

Server Oracle and PostgreSQL databases

Amazon

RDS

90copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Use Case

We were able to go from

concept to delivered product

in about six months with just

a handful of engineers

Greg Scallan

Chief Architect Flipboard

rdquo

ldquoFlipboard is an online magazine

with millions of users and billions of

ldquoflipsrdquo per month

Flipboard is one of the worldrsquos first

social media magazines

Flipboard uses Amazon RDS and

its Multi-AZ capabilities to store

mission critical user data

91copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS

Simple and fast to deploy

Manages common database administrative tasks

Compatible with your applications

Fast predictable performance

Simple and fast to scale

Secure

Cost-effective

92copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

How Amazon RDS Backups Work

Automatic Backups

Restore your database to a

point in time

Are enabled by default

Let you choose a retention

period up to 35 days

Manual Snapshots

Let you build a new

database instance from a

snapshot

Are initiated by the user

Persist until the user deletes

them

Are stored in Amazon S3

93copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cross-Region Snapshots

Are a copy of a database

snapshot stored in a

different AWS Region

Provide a backup for

disaster recovery

Can be used as a base

for migration to a

different region

94copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Security

Run your DB instance in an Amazon VPC

Use IAM policies to grant access to Amazon RDS resources

Use security groups

Use Secure Socket Layer (SSL) connections with DB instances (Amazon Aurora Oracle MySQL MariaDB PostgreSQL Microsoft SQL Server)

Use Amazon RDS encryption to secure your RDS instances and snapshots at rest

Use network encryption and transparent data encryption (TDE) with Oracle DB and Microsoft SQL Server instances

Use the security features of your DB engine to control access to your DB instance

95copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

A Resilient Durable Application Architecture

Amazon RDS database

instances

Master and Multi-AZ standby

Application in Amazon

EC2 instances

Elastic Load Balancing

load balancer instance

DB snapshots in

Amazon S3

96copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Best Practices

Monitor your memory CPU and storage usage

Use Multi-AZ deployments to automatically provision and maintain a synchronous standby in a different Availability Zone

Enable automatic backups

Set the backup window to occur during the daily low in WriteIOPS

To increase the IO capacity of a DB instance Migrate to a DB instance class with high IO capacity

Convert from standard storage to provisioned IOPS storage and use a DB instance class optimized for provisioned IOPS

Provision additional throughput capacity (if using provisioned IOPS storage)

If your client application is caching the DNS data of your DB instances set a TTL of less than 30 seconds

Test failover for your DB instance

97copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon DynamoDB

Store any amount of data with no limits

Fast predictable performance using SSDs

Easily provision and change the request

capacity needed for each table

Fully managed NoSQL database serviceAmazon

DynamoDB

98copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Use Case

AdRoll an online advertising platform serves 50

billion impressions a day worldwide with its

global retargeting platforms

We spend more on snacks

than we do on Amazon

DynamoDB

Valentino Volonghi

CTO Adroll

rdquo

ldquoAdroll Uses AWS to grow by more than

15000 in a year

Needed high-performance flexible

platform to swiftly sync data for

worldwide audience

Processes 50 TB of data a day

Serves 50 billion impressions a day

Stores 15 PB of data

Worldwide deployment minimizes

latency

99copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Data Model

Table

MusicItems

Attributes (name-value pairs)

Artist Song

Title

Album

Title

Year Genre

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 88: AWSome Day Cork | Technical Track

88copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Managed Database Services

Compute Storage

AWS Global Infrastructure

Database

App Services

Deployment and Administration

Networking

Amazon DynamoDB

Amazon ElastiCache

Amazon RDS

Amazon Redshift

AWS Database Migration Service

89copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Relational Database Service (RDS)

Cost-efficient and resizable capacity

Manages time-consuming database

administration tasks

Access to the full capabilities of Amazon

Aurora MySQL MariaDB Microsoft SQL

Server Oracle and PostgreSQL databases

Amazon

RDS

90copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Use Case

We were able to go from

concept to delivered product

in about six months with just

a handful of engineers

Greg Scallan

Chief Architect Flipboard

rdquo

ldquoFlipboard is an online magazine

with millions of users and billions of

ldquoflipsrdquo per month

Flipboard is one of the worldrsquos first

social media magazines

Flipboard uses Amazon RDS and

its Multi-AZ capabilities to store

mission critical user data

91copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS

Simple and fast to deploy

Manages common database administrative tasks

Compatible with your applications

Fast predictable performance

Simple and fast to scale

Secure

Cost-effective

92copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

How Amazon RDS Backups Work

Automatic Backups

Restore your database to a

point in time

Are enabled by default

Let you choose a retention

period up to 35 days

Manual Snapshots

Let you build a new

database instance from a

snapshot

Are initiated by the user

Persist until the user deletes

them

Are stored in Amazon S3

93copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cross-Region Snapshots

Are a copy of a database

snapshot stored in a

different AWS Region

Provide a backup for

disaster recovery

Can be used as a base

for migration to a

different region

94copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Security

Run your DB instance in an Amazon VPC

Use IAM policies to grant access to Amazon RDS resources

Use security groups

Use Secure Socket Layer (SSL) connections with DB instances (Amazon Aurora Oracle MySQL MariaDB PostgreSQL Microsoft SQL Server)

Use Amazon RDS encryption to secure your RDS instances and snapshots at rest

Use network encryption and transparent data encryption (TDE) with Oracle DB and Microsoft SQL Server instances

Use the security features of your DB engine to control access to your DB instance

95copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

A Resilient Durable Application Architecture

Amazon RDS database

instances

Master and Multi-AZ standby

Application in Amazon

EC2 instances

Elastic Load Balancing

load balancer instance

DB snapshots in

Amazon S3

96copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Best Practices

Monitor your memory CPU and storage usage

Use Multi-AZ deployments to automatically provision and maintain a synchronous standby in a different Availability Zone

Enable automatic backups

Set the backup window to occur during the daily low in WriteIOPS

To increase the IO capacity of a DB instance Migrate to a DB instance class with high IO capacity

Convert from standard storage to provisioned IOPS storage and use a DB instance class optimized for provisioned IOPS

Provision additional throughput capacity (if using provisioned IOPS storage)

If your client application is caching the DNS data of your DB instances set a TTL of less than 30 seconds

Test failover for your DB instance

97copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon DynamoDB

Store any amount of data with no limits

Fast predictable performance using SSDs

Easily provision and change the request

capacity needed for each table

Fully managed NoSQL database serviceAmazon

DynamoDB

98copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Use Case

AdRoll an online advertising platform serves 50

billion impressions a day worldwide with its

global retargeting platforms

We spend more on snacks

than we do on Amazon

DynamoDB

Valentino Volonghi

CTO Adroll

rdquo

ldquoAdroll Uses AWS to grow by more than

15000 in a year

Needed high-performance flexible

platform to swiftly sync data for

worldwide audience

Processes 50 TB of data a day

Serves 50 billion impressions a day

Stores 15 PB of data

Worldwide deployment minimizes

latency

99copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Data Model

Table

MusicItems

Attributes (name-value pairs)

Artist Song

Title

Album

Title

Year Genre

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 89: AWSome Day Cork | Technical Track

89copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon Relational Database Service (RDS)

Cost-efficient and resizable capacity

Manages time-consuming database

administration tasks

Access to the full capabilities of Amazon

Aurora MySQL MariaDB Microsoft SQL

Server Oracle and PostgreSQL databases

Amazon

RDS

90copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Use Case

We were able to go from

concept to delivered product

in about six months with just

a handful of engineers

Greg Scallan

Chief Architect Flipboard

rdquo

ldquoFlipboard is an online magazine

with millions of users and billions of

ldquoflipsrdquo per month

Flipboard is one of the worldrsquos first

social media magazines

Flipboard uses Amazon RDS and

its Multi-AZ capabilities to store

mission critical user data

91copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS

Simple and fast to deploy

Manages common database administrative tasks

Compatible with your applications

Fast predictable performance

Simple and fast to scale

Secure

Cost-effective

92copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

How Amazon RDS Backups Work

Automatic Backups

Restore your database to a

point in time

Are enabled by default

Let you choose a retention

period up to 35 days

Manual Snapshots

Let you build a new

database instance from a

snapshot

Are initiated by the user

Persist until the user deletes

them

Are stored in Amazon S3

93copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cross-Region Snapshots

Are a copy of a database

snapshot stored in a

different AWS Region

Provide a backup for

disaster recovery

Can be used as a base

for migration to a

different region

94copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Security

Run your DB instance in an Amazon VPC

Use IAM policies to grant access to Amazon RDS resources

Use security groups

Use Secure Socket Layer (SSL) connections with DB instances (Amazon Aurora Oracle MySQL MariaDB PostgreSQL Microsoft SQL Server)

Use Amazon RDS encryption to secure your RDS instances and snapshots at rest

Use network encryption and transparent data encryption (TDE) with Oracle DB and Microsoft SQL Server instances

Use the security features of your DB engine to control access to your DB instance

95copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

A Resilient Durable Application Architecture

Amazon RDS database

instances

Master and Multi-AZ standby

Application in Amazon

EC2 instances

Elastic Load Balancing

load balancer instance

DB snapshots in

Amazon S3

96copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Best Practices

Monitor your memory CPU and storage usage

Use Multi-AZ deployments to automatically provision and maintain a synchronous standby in a different Availability Zone

Enable automatic backups

Set the backup window to occur during the daily low in WriteIOPS

To increase the IO capacity of a DB instance Migrate to a DB instance class with high IO capacity

Convert from standard storage to provisioned IOPS storage and use a DB instance class optimized for provisioned IOPS

Provision additional throughput capacity (if using provisioned IOPS storage)

If your client application is caching the DNS data of your DB instances set a TTL of less than 30 seconds

Test failover for your DB instance

97copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon DynamoDB

Store any amount of data with no limits

Fast predictable performance using SSDs

Easily provision and change the request

capacity needed for each table

Fully managed NoSQL database serviceAmazon

DynamoDB

98copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Use Case

AdRoll an online advertising platform serves 50

billion impressions a day worldwide with its

global retargeting platforms

We spend more on snacks

than we do on Amazon

DynamoDB

Valentino Volonghi

CTO Adroll

rdquo

ldquoAdroll Uses AWS to grow by more than

15000 in a year

Needed high-performance flexible

platform to swiftly sync data for

worldwide audience

Processes 50 TB of data a day

Serves 50 billion impressions a day

Stores 15 PB of data

Worldwide deployment minimizes

latency

99copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Data Model

Table

MusicItems

Attributes (name-value pairs)

Artist Song

Title

Album

Title

Year Genre

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 90: AWSome Day Cork | Technical Track

90copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Use Case

We were able to go from

concept to delivered product

in about six months with just

a handful of engineers

Greg Scallan

Chief Architect Flipboard

rdquo

ldquoFlipboard is an online magazine

with millions of users and billions of

ldquoflipsrdquo per month

Flipboard is one of the worldrsquos first

social media magazines

Flipboard uses Amazon RDS and

its Multi-AZ capabilities to store

mission critical user data

91copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS

Simple and fast to deploy

Manages common database administrative tasks

Compatible with your applications

Fast predictable performance

Simple and fast to scale

Secure

Cost-effective

92copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

How Amazon RDS Backups Work

Automatic Backups

Restore your database to a

point in time

Are enabled by default

Let you choose a retention

period up to 35 days

Manual Snapshots

Let you build a new

database instance from a

snapshot

Are initiated by the user

Persist until the user deletes

them

Are stored in Amazon S3

93copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cross-Region Snapshots

Are a copy of a database

snapshot stored in a

different AWS Region

Provide a backup for

disaster recovery

Can be used as a base

for migration to a

different region

94copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Security

Run your DB instance in an Amazon VPC

Use IAM policies to grant access to Amazon RDS resources

Use security groups

Use Secure Socket Layer (SSL) connections with DB instances (Amazon Aurora Oracle MySQL MariaDB PostgreSQL Microsoft SQL Server)

Use Amazon RDS encryption to secure your RDS instances and snapshots at rest

Use network encryption and transparent data encryption (TDE) with Oracle DB and Microsoft SQL Server instances

Use the security features of your DB engine to control access to your DB instance

95copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

A Resilient Durable Application Architecture

Amazon RDS database

instances

Master and Multi-AZ standby

Application in Amazon

EC2 instances

Elastic Load Balancing

load balancer instance

DB snapshots in

Amazon S3

96copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Best Practices

Monitor your memory CPU and storage usage

Use Multi-AZ deployments to automatically provision and maintain a synchronous standby in a different Availability Zone

Enable automatic backups

Set the backup window to occur during the daily low in WriteIOPS

To increase the IO capacity of a DB instance Migrate to a DB instance class with high IO capacity

Convert from standard storage to provisioned IOPS storage and use a DB instance class optimized for provisioned IOPS

Provision additional throughput capacity (if using provisioned IOPS storage)

If your client application is caching the DNS data of your DB instances set a TTL of less than 30 seconds

Test failover for your DB instance

97copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon DynamoDB

Store any amount of data with no limits

Fast predictable performance using SSDs

Easily provision and change the request

capacity needed for each table

Fully managed NoSQL database serviceAmazon

DynamoDB

98copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Use Case

AdRoll an online advertising platform serves 50

billion impressions a day worldwide with its

global retargeting platforms

We spend more on snacks

than we do on Amazon

DynamoDB

Valentino Volonghi

CTO Adroll

rdquo

ldquoAdroll Uses AWS to grow by more than

15000 in a year

Needed high-performance flexible

platform to swiftly sync data for

worldwide audience

Processes 50 TB of data a day

Serves 50 billion impressions a day

Stores 15 PB of data

Worldwide deployment minimizes

latency

99copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Data Model

Table

MusicItems

Attributes (name-value pairs)

Artist Song

Title

Album

Title

Year Genre

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 91: AWSome Day Cork | Technical Track

91copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS

Simple and fast to deploy

Manages common database administrative tasks

Compatible with your applications

Fast predictable performance

Simple and fast to scale

Secure

Cost-effective

92copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

How Amazon RDS Backups Work

Automatic Backups

Restore your database to a

point in time

Are enabled by default

Let you choose a retention

period up to 35 days

Manual Snapshots

Let you build a new

database instance from a

snapshot

Are initiated by the user

Persist until the user deletes

them

Are stored in Amazon S3

93copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cross-Region Snapshots

Are a copy of a database

snapshot stored in a

different AWS Region

Provide a backup for

disaster recovery

Can be used as a base

for migration to a

different region

94copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Security

Run your DB instance in an Amazon VPC

Use IAM policies to grant access to Amazon RDS resources

Use security groups

Use Secure Socket Layer (SSL) connections with DB instances (Amazon Aurora Oracle MySQL MariaDB PostgreSQL Microsoft SQL Server)

Use Amazon RDS encryption to secure your RDS instances and snapshots at rest

Use network encryption and transparent data encryption (TDE) with Oracle DB and Microsoft SQL Server instances

Use the security features of your DB engine to control access to your DB instance

95copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

A Resilient Durable Application Architecture

Amazon RDS database

instances

Master and Multi-AZ standby

Application in Amazon

EC2 instances

Elastic Load Balancing

load balancer instance

DB snapshots in

Amazon S3

96copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Best Practices

Monitor your memory CPU and storage usage

Use Multi-AZ deployments to automatically provision and maintain a synchronous standby in a different Availability Zone

Enable automatic backups

Set the backup window to occur during the daily low in WriteIOPS

To increase the IO capacity of a DB instance Migrate to a DB instance class with high IO capacity

Convert from standard storage to provisioned IOPS storage and use a DB instance class optimized for provisioned IOPS

Provision additional throughput capacity (if using provisioned IOPS storage)

If your client application is caching the DNS data of your DB instances set a TTL of less than 30 seconds

Test failover for your DB instance

97copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon DynamoDB

Store any amount of data with no limits

Fast predictable performance using SSDs

Easily provision and change the request

capacity needed for each table

Fully managed NoSQL database serviceAmazon

DynamoDB

98copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Use Case

AdRoll an online advertising platform serves 50

billion impressions a day worldwide with its

global retargeting platforms

We spend more on snacks

than we do on Amazon

DynamoDB

Valentino Volonghi

CTO Adroll

rdquo

ldquoAdroll Uses AWS to grow by more than

15000 in a year

Needed high-performance flexible

platform to swiftly sync data for

worldwide audience

Processes 50 TB of data a day

Serves 50 billion impressions a day

Stores 15 PB of data

Worldwide deployment minimizes

latency

99copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Data Model

Table

MusicItems

Attributes (name-value pairs)

Artist Song

Title

Album

Title

Year Genre

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 92: AWSome Day Cork | Technical Track

92copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

How Amazon RDS Backups Work

Automatic Backups

Restore your database to a

point in time

Are enabled by default

Let you choose a retention

period up to 35 days

Manual Snapshots

Let you build a new

database instance from a

snapshot

Are initiated by the user

Persist until the user deletes

them

Are stored in Amazon S3

93copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cross-Region Snapshots

Are a copy of a database

snapshot stored in a

different AWS Region

Provide a backup for

disaster recovery

Can be used as a base

for migration to a

different region

94copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Security

Run your DB instance in an Amazon VPC

Use IAM policies to grant access to Amazon RDS resources

Use security groups

Use Secure Socket Layer (SSL) connections with DB instances (Amazon Aurora Oracle MySQL MariaDB PostgreSQL Microsoft SQL Server)

Use Amazon RDS encryption to secure your RDS instances and snapshots at rest

Use network encryption and transparent data encryption (TDE) with Oracle DB and Microsoft SQL Server instances

Use the security features of your DB engine to control access to your DB instance

95copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

A Resilient Durable Application Architecture

Amazon RDS database

instances

Master and Multi-AZ standby

Application in Amazon

EC2 instances

Elastic Load Balancing

load balancer instance

DB snapshots in

Amazon S3

96copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Best Practices

Monitor your memory CPU and storage usage

Use Multi-AZ deployments to automatically provision and maintain a synchronous standby in a different Availability Zone

Enable automatic backups

Set the backup window to occur during the daily low in WriteIOPS

To increase the IO capacity of a DB instance Migrate to a DB instance class with high IO capacity

Convert from standard storage to provisioned IOPS storage and use a DB instance class optimized for provisioned IOPS

Provision additional throughput capacity (if using provisioned IOPS storage)

If your client application is caching the DNS data of your DB instances set a TTL of less than 30 seconds

Test failover for your DB instance

97copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon DynamoDB

Store any amount of data with no limits

Fast predictable performance using SSDs

Easily provision and change the request

capacity needed for each table

Fully managed NoSQL database serviceAmazon

DynamoDB

98copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Use Case

AdRoll an online advertising platform serves 50

billion impressions a day worldwide with its

global retargeting platforms

We spend more on snacks

than we do on Amazon

DynamoDB

Valentino Volonghi

CTO Adroll

rdquo

ldquoAdroll Uses AWS to grow by more than

15000 in a year

Needed high-performance flexible

platform to swiftly sync data for

worldwide audience

Processes 50 TB of data a day

Serves 50 billion impressions a day

Stores 15 PB of data

Worldwide deployment minimizes

latency

99copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Data Model

Table

MusicItems

Attributes (name-value pairs)

Artist Song

Title

Album

Title

Year Genre

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 93: AWSome Day Cork | Technical Track

93copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cross-Region Snapshots

Are a copy of a database

snapshot stored in a

different AWS Region

Provide a backup for

disaster recovery

Can be used as a base

for migration to a

different region

94copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Security

Run your DB instance in an Amazon VPC

Use IAM policies to grant access to Amazon RDS resources

Use security groups

Use Secure Socket Layer (SSL) connections with DB instances (Amazon Aurora Oracle MySQL MariaDB PostgreSQL Microsoft SQL Server)

Use Amazon RDS encryption to secure your RDS instances and snapshots at rest

Use network encryption and transparent data encryption (TDE) with Oracle DB and Microsoft SQL Server instances

Use the security features of your DB engine to control access to your DB instance

95copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

A Resilient Durable Application Architecture

Amazon RDS database

instances

Master and Multi-AZ standby

Application in Amazon

EC2 instances

Elastic Load Balancing

load balancer instance

DB snapshots in

Amazon S3

96copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Best Practices

Monitor your memory CPU and storage usage

Use Multi-AZ deployments to automatically provision and maintain a synchronous standby in a different Availability Zone

Enable automatic backups

Set the backup window to occur during the daily low in WriteIOPS

To increase the IO capacity of a DB instance Migrate to a DB instance class with high IO capacity

Convert from standard storage to provisioned IOPS storage and use a DB instance class optimized for provisioned IOPS

Provision additional throughput capacity (if using provisioned IOPS storage)

If your client application is caching the DNS data of your DB instances set a TTL of less than 30 seconds

Test failover for your DB instance

97copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon DynamoDB

Store any amount of data with no limits

Fast predictable performance using SSDs

Easily provision and change the request

capacity needed for each table

Fully managed NoSQL database serviceAmazon

DynamoDB

98copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Use Case

AdRoll an online advertising platform serves 50

billion impressions a day worldwide with its

global retargeting platforms

We spend more on snacks

than we do on Amazon

DynamoDB

Valentino Volonghi

CTO Adroll

rdquo

ldquoAdroll Uses AWS to grow by more than

15000 in a year

Needed high-performance flexible

platform to swiftly sync data for

worldwide audience

Processes 50 TB of data a day

Serves 50 billion impressions a day

Stores 15 PB of data

Worldwide deployment minimizes

latency

99copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Data Model

Table

MusicItems

Attributes (name-value pairs)

Artist Song

Title

Album

Title

Year Genre

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 94: AWSome Day Cork | Technical Track

94copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Security

Run your DB instance in an Amazon VPC

Use IAM policies to grant access to Amazon RDS resources

Use security groups

Use Secure Socket Layer (SSL) connections with DB instances (Amazon Aurora Oracle MySQL MariaDB PostgreSQL Microsoft SQL Server)

Use Amazon RDS encryption to secure your RDS instances and snapshots at rest

Use network encryption and transparent data encryption (TDE) with Oracle DB and Microsoft SQL Server instances

Use the security features of your DB engine to control access to your DB instance

95copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

A Resilient Durable Application Architecture

Amazon RDS database

instances

Master and Multi-AZ standby

Application in Amazon

EC2 instances

Elastic Load Balancing

load balancer instance

DB snapshots in

Amazon S3

96copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Best Practices

Monitor your memory CPU and storage usage

Use Multi-AZ deployments to automatically provision and maintain a synchronous standby in a different Availability Zone

Enable automatic backups

Set the backup window to occur during the daily low in WriteIOPS

To increase the IO capacity of a DB instance Migrate to a DB instance class with high IO capacity

Convert from standard storage to provisioned IOPS storage and use a DB instance class optimized for provisioned IOPS

Provision additional throughput capacity (if using provisioned IOPS storage)

If your client application is caching the DNS data of your DB instances set a TTL of less than 30 seconds

Test failover for your DB instance

97copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon DynamoDB

Store any amount of data with no limits

Fast predictable performance using SSDs

Easily provision and change the request

capacity needed for each table

Fully managed NoSQL database serviceAmazon

DynamoDB

98copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Use Case

AdRoll an online advertising platform serves 50

billion impressions a day worldwide with its

global retargeting platforms

We spend more on snacks

than we do on Amazon

DynamoDB

Valentino Volonghi

CTO Adroll

rdquo

ldquoAdroll Uses AWS to grow by more than

15000 in a year

Needed high-performance flexible

platform to swiftly sync data for

worldwide audience

Processes 50 TB of data a day

Serves 50 billion impressions a day

Stores 15 PB of data

Worldwide deployment minimizes

latency

99copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Data Model

Table

MusicItems

Attributes (name-value pairs)

Artist Song

Title

Album

Title

Year Genre

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 95: AWSome Day Cork | Technical Track

95copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

A Resilient Durable Application Architecture

Amazon RDS database

instances

Master and Multi-AZ standby

Application in Amazon

EC2 instances

Elastic Load Balancing

load balancer instance

DB snapshots in

Amazon S3

96copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Best Practices

Monitor your memory CPU and storage usage

Use Multi-AZ deployments to automatically provision and maintain a synchronous standby in a different Availability Zone

Enable automatic backups

Set the backup window to occur during the daily low in WriteIOPS

To increase the IO capacity of a DB instance Migrate to a DB instance class with high IO capacity

Convert from standard storage to provisioned IOPS storage and use a DB instance class optimized for provisioned IOPS

Provision additional throughput capacity (if using provisioned IOPS storage)

If your client application is caching the DNS data of your DB instances set a TTL of less than 30 seconds

Test failover for your DB instance

97copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon DynamoDB

Store any amount of data with no limits

Fast predictable performance using SSDs

Easily provision and change the request

capacity needed for each table

Fully managed NoSQL database serviceAmazon

DynamoDB

98copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Use Case

AdRoll an online advertising platform serves 50

billion impressions a day worldwide with its

global retargeting platforms

We spend more on snacks

than we do on Amazon

DynamoDB

Valentino Volonghi

CTO Adroll

rdquo

ldquoAdroll Uses AWS to grow by more than

15000 in a year

Needed high-performance flexible

platform to swiftly sync data for

worldwide audience

Processes 50 TB of data a day

Serves 50 billion impressions a day

Stores 15 PB of data

Worldwide deployment minimizes

latency

99copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Data Model

Table

MusicItems

Attributes (name-value pairs)

Artist Song

Title

Album

Title

Year Genre

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 96: AWSome Day Cork | Technical Track

96copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS Best Practices

Monitor your memory CPU and storage usage

Use Multi-AZ deployments to automatically provision and maintain a synchronous standby in a different Availability Zone

Enable automatic backups

Set the backup window to occur during the daily low in WriteIOPS

To increase the IO capacity of a DB instance Migrate to a DB instance class with high IO capacity

Convert from standard storage to provisioned IOPS storage and use a DB instance class optimized for provisioned IOPS

Provision additional throughput capacity (if using provisioned IOPS storage)

If your client application is caching the DNS data of your DB instances set a TTL of less than 30 seconds

Test failover for your DB instance

97copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon DynamoDB

Store any amount of data with no limits

Fast predictable performance using SSDs

Easily provision and change the request

capacity needed for each table

Fully managed NoSQL database serviceAmazon

DynamoDB

98copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Use Case

AdRoll an online advertising platform serves 50

billion impressions a day worldwide with its

global retargeting platforms

We spend more on snacks

than we do on Amazon

DynamoDB

Valentino Volonghi

CTO Adroll

rdquo

ldquoAdroll Uses AWS to grow by more than

15000 in a year

Needed high-performance flexible

platform to swiftly sync data for

worldwide audience

Processes 50 TB of data a day

Serves 50 billion impressions a day

Stores 15 PB of data

Worldwide deployment minimizes

latency

99copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Data Model

Table

MusicItems

Attributes (name-value pairs)

Artist Song

Title

Album

Title

Year Genre

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 97: AWSome Day Cork | Technical Track

97copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon DynamoDB

Store any amount of data with no limits

Fast predictable performance using SSDs

Easily provision and change the request

capacity needed for each table

Fully managed NoSQL database serviceAmazon

DynamoDB

98copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Use Case

AdRoll an online advertising platform serves 50

billion impressions a day worldwide with its

global retargeting platforms

We spend more on snacks

than we do on Amazon

DynamoDB

Valentino Volonghi

CTO Adroll

rdquo

ldquoAdroll Uses AWS to grow by more than

15000 in a year

Needed high-performance flexible

platform to swiftly sync data for

worldwide audience

Processes 50 TB of data a day

Serves 50 billion impressions a day

Stores 15 PB of data

Worldwide deployment minimizes

latency

99copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Data Model

Table

MusicItems

Attributes (name-value pairs)

Artist Song

Title

Album

Title

Year Genre

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 98: AWSome Day Cork | Technical Track

98copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Use Case

AdRoll an online advertising platform serves 50

billion impressions a day worldwide with its

global retargeting platforms

We spend more on snacks

than we do on Amazon

DynamoDB

Valentino Volonghi

CTO Adroll

rdquo

ldquoAdroll Uses AWS to grow by more than

15000 in a year

Needed high-performance flexible

platform to swiftly sync data for

worldwide audience

Processes 50 TB of data a day

Serves 50 billion impressions a day

Stores 15 PB of data

Worldwide deployment minimizes

latency

99copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Data Model

Table

MusicItems

Attributes (name-value pairs)

Artist Song

Title

Album

Title

Year Genre

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 99: AWSome Day Cork | Technical Track

99copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

DynamoDB Data Model

Table

MusicItems

Attributes (name-value pairs)

Artist Song

Title

Album

Title

Year Genre

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 100: AWSome Day Cork | Technical Track

100copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Primary Keys

Partition Key

Sort Key

Table Music

Partition Key Artist

Sort Key Song Title

(DynamoDB maintains a sorted index for both keys)

Table

Music

Artist Song

Title

Album

Title

Year Genre

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 101: AWSome Day Cork | Technical Track

101copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes

Amazon DynamoDB allocates the necessary machine resources to meet your needs

Read capacity unit

One strongly consistent read per second for items as large as 4 KB

Two eventually consistent reads per second for items as large as 4 KB

Write capacity unit

One write per second for items as large as 1 KB

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 102: AWSome Day Cork | Technical Track

102copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon RDS and Amazon DynamoDB

Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application

Type

bull Existing database apps

bull Business processndashcentric apps

bull New web-scale applications

bull Large number of small writes and

reads

Application

Characteristics

bull Relational data models

transactions

bull Complex queries joins and

updates

bull Simple data models transactions

bull Range queries simple updates

ScalingApplication or DBAndasharchitected

(clustering partitions sharding)

Seamless on-demand scaling based

on application requirements

QoS

bull Performancendashdepends on data

model indexing query and

storage optimization

bull Reliability and availability

bull Durability

bull PerformancendashAutomatically

optimized by the system

bull Reliability and availability

bull Durability

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 103: AWSome Day Cork | Technical Track

103copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Database Considerations

If You Need Consider Using

A relational database

service with minimal

administration

Amazon RDS

bull Choice of Amazon Aurora MySQL MariaDB Microsoft

SQL Server Oracle or PostgreSQL database engines

bull Scale compute and storage

bull Multi-AZ availability

A fast highly scalable

NoSQL database

service

Amazon DynamoDB

bull Extremely fast performance

bull Seamless scalability and reliability

bull Low cost

A database you can

manage on your own

Your choice of AMIs on Amazon EC2

and Amazon EBS that provide scale compute and

storage complete control over instances and more

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 104: AWSome Day Cork | Technical Track

104copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 5

AWS Elasticity and

Management Tools

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 105: AWSome Day Cork | Technical Track

105copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling

Scale your Amazon EC2 capacity

automatically

Well-suited for applications that experience

variability in usage

Available at no additional charge Auto

Scaling

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 106: AWSome Day Cork | Technical Track

106copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Trio of Services

Latency

Utilization

CloudWatchAuto Scaling

Elastic Load

Balancing

Auto Scaling group

Execute AS

Policy

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 107: AWSome Day Cork | Technical Track

107copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Benefits

Better Cost

Management

Better

AvailabilityBetter Fault

Tolerance

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 108: AWSome Day Cork | Technical Track

108copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances

When you create a launch configuration you can specify AMI ID

Instance type

Key pair

Security groups

Block device mapping

User data

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 109: AWSome Day Cork | Technical Track

109copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Groups

Contain a collection of EC2 instances that share

similar characteristics

Instances in an Auto Scaling group are treated as a

logical grouping for the purpose of instance scaling

and management Auto Scaling group

Minimum size

Desired capacity

Maximum size

Scale out as needed

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 110: AWSome Day Cork | Technical Track

110copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Dynamic Scaling

You can create a scaling policy that uses

CloudWatch alarms to determine

When your Auto Scaling group should scale out

When your Auto Scaling group should scale in

You can use alarms to monitor

Any of the metrics that AWS services send to Amazon

CloudWatch

Your own custom metrics

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 111: AWSome Day Cork | Technical Track

111copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch

Instance

Terminate

Instance X

Attach to Group

Detach from

Group

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 112: AWSome Day Cork | Technical Track

112copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing

Distributes traffic across multiple instances

Supports health checks to detect unhealthy

Amazon EC2 instances

Supports the routing and load balancing of

HTTP HTTPS and TCP traffic to Amazon EC2

instances

Elastic Load

Balancing

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 113: AWSome Day Cork | Technical Track

113copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Elastic Load Balancing Example

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 114: AWSome Day Cork | Technical Track

114copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Back-end Instances for Your Load Balancer

Health Checks

Security Groups

Subnets

Register

De-Register Instances

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 115: AWSome Day Cork | Technical Track

115copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWS

Visibility into resource utilization operational performance and overall demand patterns

Custom application-specific metrics of your own

Accessible via AWS Management Console APIs SDK or CLI

Amazon

CloudWatch

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 116: AWSome Day Cork | Technical Track

116copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Amazon CloudWatch Architecture

AWS resources

that support

CloudWatch

Amazon

CloudWatch

Amazon

CloudWatch

Alarm

SNS Email

Notification

Auto Scaling

Available

Statistics

Statistics

Consumer

AWS Management

Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom

Application-

Specific Metrics

PageViewCount

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 117: AWSome Day Cork | Technical Track

117copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Supported AWS Services

Auto Scaling

Amazon

CloudFront

Amazon CloudWatch

Amazon

CloudSearch

Amazon

DynamoDB

Amazon EC2

Amazon

ElastiCacheAmazon EBS

Elastic Load

Balancing

Amazon EMR

Amazon Kinesis Amazon EC2

Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon

Route 53

Amazon SNS

Amazon

SQS

Amazon

SWF

Amazon S3AWS Storage

Gateway

Amazon

WorkSpaces

Amazon Machine

Learning

AWS Lambda AWS WAF

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 118: AWSome Day Cork | Technical Track

118copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Trusted Advisor

Best practice and recommendation engine

Provides AWS customers with performance and

security recommendations in four categories cost

optimization security fault tolerance and

performance improvementAWS Trusted

Advisor

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 119: AWSome Day Cork | Technical Track

119copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Cost Optimization

Amazon EC2 Reserved Instance Optimization

Low Utilization Amazon EC2 Instances

Idle Load Balancers

Underutilized Amazon EBS Volumes

Unassociated Elastic IP Addresses

Amazon RDS Idle DB Instances

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 120: AWSome Day Cork | Technical Track

120copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Security

Security Groups

AWS IAM Use

Amazon S3 Bucket Permissions

MFA on Root Account

AWS IAM Password Policy

Amazon RDS Security Group Access Risk

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 121: AWSome Day Cork | Technical Track

121copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Fault Tolerance

Amazon EBS Snapshots

Load Balancer Optimization

Auto Scaling Group Resources

Amazon RDS Multi-AZ

Amazon Route 53 Name Server Delegations

ELB Connection Draining

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 122: AWSome Day Cork | Technical Track

122copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Performance Improvement

High Utilization Amazon EC2 Instances

Service Limits

Large Number of Rules in EC2 Security Group

Over Utilized Amazon EBS Magnetic Volumes

Amazon EC2 to EBS Throughput Optimization

Amazon CloudFront Alternate Domain Names

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 123: AWSome Day Cork | Technical Track

123copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Module 6

Course Wrap-Up

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 124: AWSome Day Cork | Technical Track

124copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Learning PathCloud Computing Concepts

bull The AWS Cloud

bull History

bull Global Infrastructure

bull AWS Management Console

AWS Foundational Services

bull Compute

bull Amazon EC2

bull Networking

bull Amazon VPC

bull Storage

bull Amazon EBS

bull Amazon S3

bull Security

bull IAM

bull Databases

bull Amazon DynamoDB

bull Amazon RDS

AWS Management Tools

bull Trio of Services

bull Auto Scaling

bull ELB

bull Amazon CloudWatch

bull AWS Trusted Advisor

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 125: AWSome Day Cork | Technical Track

125copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Expand Your Cloud Skills with AWS

Certification

awsamazoncomcertification

Validate your proven

technical expertise with the

AWS platform and gain

recognition for your skills

Online videos and

labs

awsamazoncomtraining

self-paced-labs

Start working with an AWS

service in minutes with free

online instructional videos

and labs

awsamazoncomtraining

Instructor-led courses

Learn how to design deploy

and operate highly available

cost-effective and secure

applications on AWS

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 126: AWSome Day Cork | Technical Track

126copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Self-Paced Labs

For more information see awsamazoncomtrainingself-paced-labs

Learn an individual AWS Service topic

Follow a Learning Quest by AWS

Service Area or Use Case

Practice working with AWS as

you prepare for an exam

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 127: AWSome Day Cork | Technical Track

127copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Training Courses

For more information about course description see awsamazoncomtraining

AWS Technical EssentialsInstructor-Led | 1 day

Architecting

on AWSInstructor-led | 3 days

Developing

on AWSInstructor-led | 3 days

Systems Operations

on AWSInstructor-led | 3 days

Big Data FundamentalsOnline | 3 hours

Big Data on AWSInstructor-led | 3 days

Advanced Architecting

on AWSInstructor-led | 3 days

DevOps Engineering on AWSInstructor-led | 3 days

Security Operations

on AWSInstructor-led | 3 days

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 128: AWSome Day Cork | Technical Track

128copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Certification

AWS Certified Solutions

Architect - Associate

AWS Certified

Developer - Associate

AWS Certified SysOps

Administrator- Associate

AWS Certified Solutions

Architect - ProfessionalAWS Certified DevOps Engineer - Professional

For more information see awsamazoncomcertification

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 129: AWSome Day Cork | Technical Track

129copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Benefits of AWS Certification

Individual

bull Demonstrate expertise

bull Stand out

bull Industry visibility

bull Customer visibility

bull Peer recognition

bull Credibility with customers

Employer

bull Baseline bar on AWS skills

bull Identify expert talent

bull Leverage best practicesbull Reduce operational risk

bull Increase business advantage

bull Maximize AWS efficiencies

bull Common vocabulary

bull Accelerate time to cloud

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 130: AWSome Day Cork | Technical Track

130copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Preparing for AWS Certification

Practice Exams

Exam Guides amp

Sample Questions

AWS Whitepapers amp

FAQs

AWS Documentation amp

Reference Architectures

For resources to help you prepare for the

certification exam see

awsamazoncomcertification

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 131: AWSome Day Cork | Technical Track

131copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

AWS Support

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 132: AWSome Day Cork | Technical Track

132copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

Support ComparisonEnterprise Business Developer Basic

Customer Service 24x7x365

Support Forums

Documentation White Papers Best Practice Guides

AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks

Access to Technical Support Phone chat email live screen sharing TAM (247) Phone chat email live screen sharing Email (local business hours) Support for Health Checks

Primary Case Handling Sr Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service

Associate

Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)

Case SeverityResponse Times Critical lt 15 minutes

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Urgent lt 1 hour

High lt 4 hours

Normal lt 12 hours

Low lt 24 hours

Normal lt 12 hours

Low lt 24 hours

Architecture Support Application Architecture Use case guidance Building blocks

Best Practice Guidance

Client-side Diagnostic Tools

AWS Support API

Third-Party Software Support

Infrastructure Event Management Available at Additional cost

AWS Concierge

Direct access to Technical Account Manager (TAM)

Prioritized Case Routing

Management Business Reviews

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners

Page 133: AWSome Day Cork | Technical Track

133copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

copy 2016 Amazon Web Services Inc or its affiliates All rights reserved

This work may not be reproduced or redistributed in whole or in part without

prior written permission from Amazon Web Services Inc Commercial

copying lending or selling is prohibited

Errors or corrections Email us at aws-course-feedbackamazoncom

For all other questions contact us at

httpsawsamazoncomcontact-usaws-training

All trademarks are the property of their owners


The Game!!! AWSOME

Artsoft Sistemas no AWSome Days RJ

2017 AWSome day Taichung sharing

AWSome Day Intro

4 ways to awsome drums

AWSome Day Outro - Copenhagen 20160309

AWSome Day Indonesia Keynote 2015

AWSome Day Intro Oslo 20160218

Awsome Book

AWS AWSome Day London October 2015

AWSome Day Helsinki Intro

AWSome Day Singapore Keynote 2015

AWSome Day Seoul 2013 - Opening Keynote

AWS AWSome Day Roadshow January 2015

AWSome Day Philippines Keynote 2015

AWSome Day Outro Stockholm 201509

AWSome Day Intro - Copenhagen 20160309

AWS AWSome Day Roadshow

Awsome Day Brussels - Training and Introduction

Tropical Cyclone Track Tropical Weather OutlookTropical Cyclone Track Tropical Weather Outlook Overview • Track forecasting is a relatively simple problem – “Cork in a stream”

AWSome Day Malaysia 2015 Keynote

AWSome Day Outro - Stockholm 20160308

Ferrari awsome!

Awsome Form Person

AWSome Day Outro Oslo 20160218

AWSome Day Intro - Stockholm 20160308

AWS AWSome Day Roadshow Intro

WHY CO RK - pdf.euro.savills.co.ukpdf.euro.savills.co.uk/why-dublin-why-cork/why-cork-booklet... · ideally situated between the markets of asia-pacific and americas strong track

AWSome Day London January 2016 Intro

AWSome Day Outro Oslo 201510

AWSome Day Thailand Keynote 2015

AWSome Day Helsinki Outro

Our stores is awsome

Awsome Tips For lawyers

AWSome Day Dublin - June 2016