awsome day dublin - june 2016

1© 2016 Amazon Web Services, Inc. or its affiliates. All rights reserved.

DublinAviva Stadium | Thursday, June 9 2016

Technical EssentialsGeorge Whiffen & Ryan Little


Module Layout

Ø Module 1: AWS Introduction and History

Ø Module 2: AWS Infrastructure : Compute (EC2), Storage (S3, EBS), Networking (VPC)

Ø Module 3: Security, Identity, and Access Management: IAM

Ø Module 4: Databases: Amazon DynamoDB and Amazon RDS

Ø Module 5: AWS Elasticity and Management Tools: Auto Scaling, Elastic Load Balancing, Amazon CloudWatch, and AWS Trusted Advisor


Module 1AWS Introduction and History


Amazon History

1994: Jeff Bezos Incorporated the

Company

1995: Amazon.com

Launched Online

Bookstore

2005: Amazon

Publishing Launched

2006: Amazon

Web Services (AWS)

Launched

2007: Kindle

Launched

2011: Amazon Fresh

Launched

2012: Amazon Game Studios

Launched

2013: Amazon

Art Launched

2014: Amazon Prime Now

Launched

2015: Amazon Home

Services & Amazon

Echo Launched


Amazon Web Services (AWS)

ComputeMessaging

Mobile

App ServicesDatabaseNetworking

Development and Management Tools

Payments

VPCOn-Demand Workforce

Analytics Content Delivery

StorageEnable businesses and developers to use web services to build scalable, sophisticated applications.


Six Advantages & Benefits of AWS Cloud Computing

Trade capital expense for variable expense.

Benefit from massive economies of scale.

Stop guessing capacity.

Go global in minutes.

Increase speed and agility.

Stop spending money on running and maintaining data centers.


AWS Core Infrastructure and Services

AWS Technical Essentials 3.8 ILT

Security

Network

Security

Network

Security Groups NACLs Access Mgmt

VPCVPCEC2 “Classic”

“Public”

ELBOn-DemandProvision

Traditional Infrastructure Amazon Web Services

ServersAMI Amazon EC2 InstancesOn-Premises Servers

SecuritySecurity Groups NACLs AWS IAMFirewalls ACLs Administrators

NetworkingVPCELBRouter Network Pipeline Switch

Storageand

DatabaseRDBMSDAS SAN NAS Amazon

EBSAmazon

EFSAmazon

S3Amazon

RDS

8© 2016 Amazon Web Services, Inc. or its affiliates. All rights reserved. Infrastructure Regions Edge LocationsAvailability Zones

FoundationServices

Compute(Virtual, Auto-scaling and Load Balancing)

Networking

Applications Virtual Desktops

Collaboration and Sharing

PlatformServices

Caching

Relational

No SQL

Cluster Computing

Real-time

Data Workflows

Data Warehouse

Queuing

Orchestration

App Streaming

Transcoding

Email

Search

Containers

Dev/ops Tools

Resource Templates

Usage Tracking

Monitoring and Logs

Identity

Sync

Mobile Analytics

Notifications

AWS Cloud Computing

Databases Analytics App Services Deployment and Management

Mobile Services

Storage(Object, Block and Archive)


Compute Network Storage Security & Identity Applications

AWS Foundation Services

Amazon EC2

AWS Lambda

Amazon EC2 Container Service

AWS Elastic Beanstalk

Elastic Load Balancing

Amazon VPC

AWS Direct

Connect

Amazon Route 53 Amazon S3

AmazonCloudFront

Amazon Elastic File

System

Amazon Glacier

AWS Storage Gateway

AWS Import/Export

Snowball

AWS Identity andAccess Management

AWS Directory Service

AWS Cloud HSM

AWS KMS

AWS WAF

Amazon WorkDocs

Amazon WorkSpaces

Auto Scaling

Amazon WorkMail


AWS Global Infrastructure

RegionsGeographic locationsConsists of at least two Availability Zones(AZs)

Availability ZonesClusters of data centersIsolated from failures in other Availability Zones


Achieving High Availability Using Multi-AZ

Availability Zone - A

Availability Zone - B

Availability Zone - C

Region



50+ AWS Edge Locations:Local points-of-presence commonly supporting AWS services like:Ø Amazon Route 53Ø Amazon CloudFront


AWS Management Console Demonstration


Knowledge Check

Q: What is the AWS term for physically distinct groups of data centers within a region?

True or False: There are more regions than Edge locations.

True or False: AWS owns and maintains the infrastructure required for application services and you provision and use them as needed.

Q: How do AZs in the same region differ?

Availability Zone (AZ).

False.

True.

Each Availability Zone is isolated, but the Availability Zones in a region are connected through low-latency links.


Module 2AWS Infrastructure


Amazon Elastic Compute Cloud (EC2)


Amazon Elastic Compute Cloud (EC2)

Resizable compute capacityComplete control of your computing resourcesReduces the time required to obtain and boot new server instances to minutesAmazon

EC2


Amazon EC2 Facts

Scale capacity as your computing requirements changePay only for capacity that you actually useChoose Linux or WindowsDeploy across AWS Regions and Availability Zones for reliability


Launching an Amazon EC2 Instance via the Web Console1. Determine the AWS Region in which you want to launch the

Amazon EC2 instance.2. Launch an Amazon EC2 instance from a pre-configured

Amazon Machine Image (AMI). 3. Choose an instance type based on CPU, memory, storage,

and network requirements.4. Configure network, IP address, security groups, storage

volume, tags, and key pair.


AMI Details

An AMI includes the following:A template for the root volume for the instance (for example, an operating system, an application server, and applications).Launch permissions that control which AWS accounts can use the AMI to launch instances.A block device mapping that specifies the volumes to attach to the instance when it's launched.


Instances and AMIs

Select an AMI based on:RegionOperating systemArchitecture (32-bit or 64-bit)Launch permissionsStorage for the root device

AMI

Instances

Instance

Launch instances of any

type

Host computer

Host computer


Amazon EC2 Instances

OS, Applications, & Configuration

AMI

Running or Stopped VM

Instances

AZ

VPC

Region

EBS

S3

EBS Snapshots S3 Buckets

EBS EBS EBS EBS EBS

AZ

Instances Instances


Amazon EBS vs. Amazon EC2 Instance Store

Amazon EBSØ Data stored on an Amazon EBS volume can persist

independently of the life of the instance.Ø Storage is persistent.

Amazon EC2 Instance StoreØ Data stored on a local instance store persists only as long as the

instance is alive.Ø Storage is ephemeral.


AWS Marketplace – IT Software Optimized for the CloudAWS Marketplace:

Is an online store to discover, purchase, and deploy IT software on top of the AWS infrastructure.

Ø Catalog of 2300+ IT software solutions• Including Paid, BYOL, Open Source, SaaS, & free to try options

Ø Pre-configured to operate on AWS• Software checked by AWS for security and operability

Ø Deploys to AWS environment in minutesØ Flexible, usage-based billing modelsØ Software charges billed to AWS account

Includes AWS Test Drive.https://aws.amazon.com/marketplace


Choosing the Right Amazon EC2 Instance

EC2 instance types are optimized for different use cases and come in multiple sizes. This allows you to optimally scale resources to your workload requirements.AWS uses Intel® Xeon® processors for EC2 instances, providing customers with high performance and value.Consider the following when choosing your instances: Core count, memory size, storage size and type, network performance, and CPU technologies.Hurry Up and Go Idle - A larger compute instance can save you time and money, therefore paying more per hour for a shorter amount of time can be less expensive.


Intel® Processor Technologies

Intel® AVX – Get dramatically better performance for highly parallel HPC workloads such as life science engineering, data mining, financial analysis, or other technical computing applications. AVX also enhances image, video, and audio processing.Intel® AES-NI – Enhance your security with these new encryption instructions that reduce the performance penalty associated with encrypting/decrypting data. Intel® Turbo Boost Technology – Get more computing power when you need it with performance that adapts to spikes in your workload with Intel® Turbo Boost Technology 2.0


Current Generation Instances

Instance Family Some Use Cases

General purpose (t2, m4, m3) • Low-traffic websites and web applications• Small databases and mid-size databases

Compute optimized (c4, c3) • High performance front-end fleets• Video-encoding

Memory optimized (r3) • High performance databases• Distributed memory caches

Storage optimized (i2, d2) • Data warehousing• Log or data-processing applications

GPU instances (g2) • 3D application streaming• Machine learning


Instance Metadata & User Data

Instance Metadata:Is data about your instance.Can be used to configure or manage a running instance.

Instance User Data:Can be passed to the instance at launch.Can be used to perform common automated configuration tasks.Runs scripts after the instance starts.


Amazon EC2 Purchasing Options

On-Demand Instances

Pay by the hour.

Reserved Instances

Purchase at significant discount.

Instances are always available.

1-year to 3-year terms.

Scheduled Instances

Purchase a 1-year RI for a

recurring period of time.

Spot Instances

Highest bidder uses instance at a

significant discount.

Spot blocks supported.

Dedicated Hosts

Physical host is fully dedicated to

run your instances. Bring your per-socket, per-core, or per-

VM software licenses to reduce

cost.


Storage Services

Amazon S3 and Amazon EBS


Amazon Simple Storage Service (S3)

Amazon S3

Storage for the Internet Natively online, HTTP accessStore and retrieve any amount of data, any time, from anywhere on the webHighly scalable, reliable, fast and durable


Amazon S3 Facts

Able to store an unlimited number of objects in a bucketObjects up to 5 TB; no bucket size limitDesigned for 99.999999999% durability and 99.99% availability of objects over a given year HTTP/S endpoint to store and retrieve any amount of data, at any time, from anywhere on the webHighly scalable, reliable, fast, and inexpensiveOptional server-side encryption using AWS or customer-managed provided client-side encryption Access logs for auditingProvides standards-based REST and SOAP interfaces


Common Use Scenarios

Storage and Backup Application File HostingMedia HostingSoftware DeliveryStore AMIs and Snapshots


Amazon S3 Pricing

Pay only for what you useNo minimum feePrices based on location of your Amazon S3 bucketEstimate monthly bill using the AWS Simple Monthly CalculatorPricing is available as:Ø Storage PricingØ Request PricingØ Data Transfer Pricing: data transferred out of Amazon S3


Amazon S3 Concepts

Amazon S3 stores data as objects within bucketsAn object is composed of a file and optionally any metadata that describes that fileYou can have up to 100 buckets in each accountYou can control access to the bucket and its objects

Amazon S3

Bucket with

Objects

Bucket

Object


Object Keys

An object key is the unique identifier for an object in a bucket.

http://doc.s3.amazonaws.com/2006-03-01/AmazonS3.html

Bucket Object/Key


Amazon S3 Security

You can control access to buckets and objects with:Ø Access Control Lists (ACLs)Ø Bucket policiesØ Identity and Access Management (IAM) policies

You can upload or download data to Amazon S3 via SSL encrypted endpoints. You can encrypt data using AWS SDKs.


Amazon S3 Versioning

Protects from accidental overwrites and deletes with no performance penalty.Generates a new version with every upload.Allows easily retrieval of deleted objects or roll back to previous versions.Three states of an Amazon S3 bucketØ Un-versioned (default)Ø Versioning-enabledØ Versioning-suspended

Versioning Enabled

Key: photo.gifID: 121212Key: photo.gifID: 111111


Amazon S3 Storage Classes

Storage Class Durability Availability Other ConsiderationsAmazon S3 Standard

99.999999999% 99.99% None

Amazon S3 Standard -InfrequentAccess (IA)

99.999999999% 99.99% • Retrieval fee associated with objects

• Most suitable for infrequently accessed data

Glacier 99.999999999% 99.99% (after you restore objects)

• Not available for real-time access

• Must restore objects before you can access them


Amazon S3 Object Lifecycle

Lifecycle management defines how Amazon S3 manages objects during their lifetime. Some objects that you store in an Amazon S3 bucket might have a well-defined lifecycle:

Log filesArchive documentsDigital media archivesFinancial and healthcare recordsRaw genomics sequence dataLong-term database backupsData that must be retained for regulatory compliance


Amazon Glacier

Long term low-cost archiving serviceOptimal for infrequently accessed dataDesigned for 99.999999999% durability3-5 hours retrieval timeLess than $0.01 per GB / month (depending on region)


SoundCloud Case Study

SoundCloud:Operates worldwide.Enables users to upload 12 hours of audio material to its platform every minute.Ø Each audio file must be transcoded and stored in multiple formats.Ø Logs and analyzes billions of events.

The AWS Solution:SoundCloud uses a storage solution comprised of:Ø Amazon S3Ø Amazon Glacier

The audio files are:Ø Placed in Amazon S3.Ø Distributed from Amazon S3 via the SoundCloud website. Ø Copied to Amazon Glacier.

The company currently stores 2.5 PB of data on Amazon Glacier.

Amazon Glacier

AmazonS3


Instructor Demo

Amazon S3


Amazon Elastic Block Store (EBS)

Persistent block level storage volumes offering consistent and low-latency performanceAutomatically replicated within its Availability ZoneSnapshots stored durably in Amazon S3

Amazon EBS


Amazon EBS Lifecycle

Vast amounts of unused space Create

Call CreateVolume1 GB to 16 TB

AttachCall AttachVolume to affiliate with one Amazon EC2 instance

Attached and

In Use

• Format from Amazon EC2 instance OS

• Mount formatted drive

CreateSnapshotSnapshot to

Amazon S3Detach

Call DetachVolume

Deleted

Call DeleteVolume


Amazon EBS Facts

You can create:Ø EBS Magnetic volumes from 1 GiB to 1 TiB in size.Ø EBS General Purpose (SSD) and Provisioned IOPS (SSD)

volumes up to 16 TiB in size.You can use encrypted EBS volumes to meet a wide range of data at-rest encryption requirements for regulated/audited data and applications.You can create point-in-time snapshots of EBS volumes, which are persisted to Amazon S3.


Amazon EBS Pricing

* Check Amazon EBS Pricing page for current pricing for all regions.

Pay for what you provision:Pricing based on regionAWS GovCloud (US) Pricing pageReview Pricing Calculator onlinePricing is available as:ØStorageØIOPS


Amazon EBS and Amazon S3

Amazon EBS Amazon S3

Paradigm Block storage with file system Object store

Performance Very fast FastRedundancy Across multiple servers in an

Availability ZoneAcross multiple facilities in a Region

Security EBS Encryption – Data volumes and Snapshots

Encryption

Access from the Internet?

No (1) Yes (2)

Typical use case It is a disk drive Online storage

(1) Accessible from the Internet if mounted to server and set up as FTP, etc.(2) Only with proper credentials, unless ACLs are world-readable


Amazon EC2 Instance Storage

Local, complimentary direct attached block storage resource.Availability, number of disks, and size is based on EC2 instance type.Storage optimized instances for up to 365,000 Read IOPS and 315,000 First Write IOPS.SSD or magnetic.No persistence.All data is automatically deleted when an EC2 instance stops, fails or is terminated.


Reboot vs. Stop vs. Terminate

Characteristic Reboot Stop/Start (EBS-backed instances only)

Terminate

Host computer The instance stays on the same host computer.

The instance runs on a new host computer.

N/A

Private and public IP addresses

Stay the same. Instance keeps its private IP address and gets a new public IP address.

N/A

Elastic IP addresses (EIP)

EIP remains associated with the instance.

EIP remains associated with the instance.

The EIP is disassociated from the instance.

Instance store volumes

The data is preserved. The data is erased. The data is erased.

EBS volume The volume is preserved. The volume is preserved. The volume is deleted by default.

Billing Instance billing hour doesn’t change.

You stop incurring charges as soon as state is changed to stopping.

You stop incurring charges as soon as state is changed to shutting-down.


Networking

Amazon VPC


Amazon Virtual Private Cloud (VPC)

Provision a private, isolated virtual network on the AWS cloud.Have complete control over your virtual networking environment.

AmazonVPC


VPCs and Subnets

A subnet defines a range of IP addresses in your VPC.You can launch AWS resources into a subnet that you select.A private subnet should be used for resources that won’t be accessible over the Internet.A public subnet should be used for resources that will be accessed over the Internet.Each subnet must reside entirely within one Availability Zone and cannot span zones.


Amazon VPC Example

Availability Zone A

Virtual Private Cloud

AWS Cloud

Public Subnet

Internet

Virtual Private Cloud

Availability Zone B

Private Subnet

Availability Zone C

VPN Only Subnet

DB Server DB Server

App Server

DB Server DB Server

DB Server

Web Server Web Server

NAT

Customer Network

R


Security in Your VPC

Security groupsNetwork access control lists (ACLs) Subnet

10.0.0.0/24Subnet

10.0.1.0/24

Internet GatewayVPN Gateway

VPC Router10.0.0.0/16

Security Group Security Group

Security Group

Network ACL Network ACL

Routing Table Routing Table

instance instance instance instance


Knowledge Check Answers

Q: What AWS service would help support your web application to offload serving static assets and store user uploaded images and video off-instance?

Q: How would you find out the private and public IP addresses for an EC2 instance?

Q: What acts as an additional layer of security at the subnet level in a VPC?

True or False: S3 Provides unlimited storage.True

Retrieve the instance metadata. http://169.254.169.254/latest/meta-data/

Amazon S3

Network ACLs


Module 3Security, Identity, and Access

Management


Shared Responsibility – AWSAW

S

Client-side Data Encryption and Data Integrity

AuthenticationServer-side Encryption

(File System and/or Data)Network Traffic Protection

(Encryption/Integrity/Identity)

Platform, Applications, Identity and Access ManagementOperating System, Network and Firewall Configuration

Customer DataCu

stom

er

Foundation ServicesCompute Storage Database Network

AWS Global Infrastructure Regions

Availability Zones Edge Locations


Physical Security

24/7 trained security staffAWS data centers in nondescript and undisclosed facilitiesTwo-factor authentication for authorized staffAuthorization for data center access


Hardware, Software, and Network

Automated change-control processBastion servers that record all access attemptsFirewall and other boundary devicesAWS monitoring tools


Certifications and Accreditations

ISO 9001, ISO 27001, ISO 27017, ISO 27018, IRAP (Australia), MLPS Level 3 (China), MTCS Tier 3 Certification (Singapore) and more …


SSL Endpoints

VPC

Secure Transmission

Establish secure communication

sessions (HTTPS) using SSL/TLS.

Instance Firewalls

Configure firewall rules for instances

using Security Groups.

SSL Endpoints Security Groups

Network Control

In your Virtual Private Cloud, create low-level networking

constraints for resource access. Public and private subnets, NAT and

VPN support.

SSL Endpoints


Security Groups

SSL Endpoints Security Groups

Instance Firewalls



VPC

Secure Transmission



Network Control



VPN support.


AWS Multi-Tier Security Groups

HTTP

SSH/RDP

Ports 80 and 443 only open to the Internet

Engineering staff have SSH/RDP access to Bastion Host

All other internet ports blocked by default

Bastion


Amazon Virtual Private Cloud (VPC)

VPCSSL Endpoints Security Groups

Network Control



VPN support.

Instance Firewalls



Secure Transmission




AWS Identity and Access Management (IAM)

AWS IAM

3

Manage federated users and their permissions

2

Manage AWS IAM roles and their permissions

1

Manage AWS IAM users and their access


AWS IAM Authentication

AuthenticationAWS Management ConsoleØ User Name and Password IAM User


AWS IAM Authentication

Access Key ID: AKIAIOSFODNN7EXAMPLESecret Access Key: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY

Java Python .NET

AWS SDK & APIAWS CLI

AuthenticationAWS CLI or SDK APIØ Access Key and Secret Key IAM User


AWS IAM User Management - Groups

User D

DevOps Group

User C

AWS Account

TestDev Group

User BUser A


AWS IAM Authorization

AuthorizationPolicies:Ø Are JSON documents to

describe permissions.Ø Are assigned to Users,

Groups or Roles.

IAM User IAM Group

IAM Roles


AWS IAM Roles - Instance Profiles

Amazon EC2

App & EC2 MetaData Servicehttp://169.254.169.254/latest/meta-data/iam/security-credentials/rolename

Amazon S31

2

3

4

Create Instance

Sele

ct IA

M R

ole

Application interacts with S3


AWS IAM Authentication and Authorization

AuthenticationØ AWS Management Console

• User Name and PasswordØ AWS CLI or SDK API

• Access Key and Secret Key

AuthorizationØ Policies

IAM User IAM Group

IAM Roles


AWS IAM Best Practices

Delete AWS account (root) access keys.Create individual IAM users.Use groups to assign permissions to IAM users.Grant least privilege.Configure a strong password policy.Enable MFA for privileged users.


AWS IAM Best Practices (cont.)

Use roles for applications that run on Amazon EC2 instances.Delegate by using roles instead of by sharing credentials.Rotate credentials regularly.Remove unnecessary users and credentials.Use policy conditions for extra security.Monitor activity in your AWS account.


AWS Resource-Based Policies

Are an alternative to IAM and supported by some services.Grant cross-account access to your resources.Use a principal to uniquely identify account in the policy.Supported AWS services include :Ø Amazon S3 Bucket PolicyØ Amazon SNS Topic PolicyØ Amazon SQS Queue PolicyØ Amazon Glacier Vault PolicyØ AWS OpsWorks Stack PolicyØ AWS Lambda Function Policy


Knowledge Check Answer

Q: Your web application needs to read/write an Amazon DynamoDB table and an Amazon S3 bucket. This operation requires AWS credentials and authorization to use AWS services. What service would you use? AWS IAM Role


Module 4Databases


Data Storage Considerations

No one size fits all.Analyze your data requirements by considering:Ø Data formatsØ Data sizeØ Query frequencyØ Data access speedØ Data retention period


AWS Managed Database Services

Compute Storage


Database

App Services

Deployment and Administration

Networking

Amazon DynamoDB

Amazon ElastiCache

Amazon RDS

Amazon Redshift

AWS Database Migration Service


Amazon Relational Database Service (RDS)

Cost-efficient and resizable capacityManages time-consuming database administration tasksAccess to the full capabilities of Amazon Aurora, MySQL, MariaDB, Microsoft SQL Server, Oracle, and PostgreSQL databases

Amazon RDS


Amazon RDS Use Case

We were able to go from concept to delivered product in about six months with just

a handful of engineers.Greg Scallan

Chief Architect, Flipboard

”

“ Flipboard is an online magazine with millions of users and billions of “flips” per month.Flipboard is one of the world’s first social media magazines.Flipboard uses Amazon RDS and its Multi-AZ capabilities to store mission critical user data.


Amazon RDS

Simple and fast to deployManages common database administrative tasksCompatible with your applicationsFast, predictable performanceSimple and fast to scaleSecureCost-effective


How Amazon RDS Backups Work

Automatic Backups:Ø Restore your database to a

point in time.Ø Are enabled by default.Ø Let you choose a retention

period up to 35 days.

Manual Snapshots:Ø Let you build a new

database instance from a snapshot.

Ø Are initiated by the user.Ø Persist until the user deletes

them.Ø Are stored in Amazon S3.


Cross-Region Snapshots

Are a copy of a database snapshot stored in a different AWS Region.Provide a backup for disaster recovery.Can be used as a base for migration to a different region.


Amazon RDS Security

Run your DB instance in an Amazon VPC.Use IAM policies to grant access to Amazon RDS resources.Use security groups.Use Secure Socket Layer (SSL) connections with DB instances (Amazon Aurora, Oracle, MySQL, MariaDB, PostgreSQL, Microsoft SQL Server).Use Amazon RDS encryption to secure your RDS instances and snapshots at rest.Use network encryption and transparent data encryption (TDE) with Oracle DB and Microsoft SQL Server instances.Use the security features of your DB engine to control access to your DB instance.


A Resilient, Durable Application Architecture

Amazon RDS database instances:Master and Multi-AZ standby

Application, in Amazon EC2 instances

Elastic Load Balancing load balancer instance

DB snapshots in Amazon S3


Amazon RDS Best Practices

Monitor your memory, CPU, and storage usage.Use Multi-AZ deployments to automatically provision and maintain a synchronous standby in a different Availability Zone.Enable automatic backups.Set the backup window to occur during the daily low in WriteIOPS.To increase the I/O capacity of a DB instance:Ø Migrate to a DB instance class with high I/O capacity.Ø Convert from standard storage to provisioned IOPS storage and use a DB

instance class optimized for provisioned IOPS.Ø Provision additional throughput capacity (if using provisioned IOPS storage).

If your client application is caching the DNS data of your DB instances, set a TTL of less than 30 seconds.Test failover for your DB instance.


Amazon DynamoDB

Store any amount of data with no limitsFast, predictable performance using SSDsEasily provision and change the request capacity needed for each tableFully managed, NoSQL database serviceAmazon

DynamoDB


DynamoDB Use Case

AdRoll, an online advertising platform, serves 50 billion impressions a day worldwide with its

global retargeting platforms.

We spend more on snacks than we do on Amazon

DynamoDB.

Valentino VolonghiCTO, Adroll

”

“ Adroll Uses AWS to grow by more than 15,000% in a yearNeeded high-performance, flexibleplatform to swiftly sync data for worldwide audience Processes 50 TB of data a dayServes 50 billion impressions a dayStores 1.5 PB of dataWorldwide deployment minimizes latency


DynamoDB Data Model

Table:Music Items

Attributes (name-value pairs)

Artist Song Title

Album Title

Year Genre


Primary Keys

Partition Key

Sort Key

Table: MusicPartition Key: ArtistSort Key: Song Title

(DynamoDB maintains a sorted index for both keys)

Table:Music

Artist Song Title

Album Title

Year Genre


Provisioned Throughput

You specify how much provisioned throughput capacity you need for reads and writes.Amazon DynamoDB allocates the necessary machine resources to meet your needs.Read capacity unit: Ø One strongly consistent read per second for items as large

as 4 KB. Ø Two eventually consistent reads per second for items as

large as 4 KB.Write capacity unit:Ø One write per second for items as large as 1 KB.


Amazon RDS and Amazon DynamoDBFactors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)

Application Type

• Existing database apps• Business process–centric apps

• New web-scale applications• Large number of small writes and

reads

Application Characteristics

• Relational data models, transactions

• Complex queries, joins, and updates

• Simple data models, transactions• Range queries, simple updates

Scaling Application or DBA–architected (clustering, partitions, sharding)

Seamless, on-demand scaling based on application requirements

QoS

• Performance–depends on data model, indexing, query, and storage optimization

• Reliability and availability• Durability

• Performance–Automatically optimized by the system

• Reliability and availability• Durability


Database ConsiderationsIf You Need Consider Using

A relational database service with minimal administration

Amazon RDS • Choice of Amazon Aurora, MySQL, MariaDB, Microsoft

SQL Server, Oracle, or PostgreSQL database engines• Scale compute and storage• Multi-AZ availability

A fast, highly scalable NoSQL database service

Amazon DynamoDB• Extremely fast performance• Seamless scalability and reliability• Low cost

A database you can manage on your own

Your choice of AMIs on Amazon EC2 and Amazon EBS that provide scale compute and storage, complete control over instances, and more.


Module 5AWS Elasticity and Management Tools


Auto Scaling

Scale your Amazon EC2 capacity automaticallyWell-suited for applications that experience variability in usageAvailable at no additional charge Auto

Scaling


Trio of Services

Latency

Utilization

CloudWatchAuto Scaling


Auto Scaling group

Execute AS Policy


Auto Scaling Benefits

Better Cost Management

Better Availability

Better Fault Tolerance


Launch Configurations

A launch configuration is a template that an Auto Scaling group uses to launch EC2 instances.When you create a launch configuration, you can specify:Ø AMI IDØ Instance typeØ Key pairØ Security groupsØ Block device mappingØ User data


Auto Scaling Groups

Contain a collection of EC2 instances that share similar characteristics.Instances in an Auto Scaling group are treated as a logical grouping for the purpose of instance scaling and management. Auto Scaling group

Minimum size

Desired capacityMaximum size

Scale out as needed


Dynamic Scaling

You can create a scaling policy that uses CloudWatch alarms to determine:Ø When your Auto Scaling group should scale out.Ø When your Auto Scaling group should scale in.

You can use alarms to monitor:Ø Any of the metrics that AWS services send to Amazon

CloudWatch.Ø Your own custom metrics.


Auto Scaling Basic Lifecycle

instances

Auto Scaling group

Scale Out

Amazon CloudWatchScheduled Event

Scale In

Amazon CloudWatchScheduled Event

Launch Instance

Terminate Instance X

Attach to Group

Detach from Group



Distributes traffic across multiple instancesSupports health checks to detect unhealthy Amazon EC2 instancesSupports the routing and load balancing of HTTP, HTTPS, and TCP traffic to Amazon EC2 instances



Elastic Load Balancing Example


Back-end Instances for Your Load Balancer

Health ChecksSecurity GroupsSubnetsRegisterDe-Register Instances


Amazon CloudWatch

A monitoring service for AWS cloud resources and the applications you run on AWSVisibility into resource utilization, operational performance, and overall demand patternsCustom application-specific metrics of your ownAccessible via AWS Management Console, APIs, SDK, or CLI

Amazon CloudWatch


Amazon CloudWatch Architecture

AWS resources that support CloudWatch

Amazon CloudWatch

Amazon CloudWatch

Alarm

SNS Email Notification

Auto Scaling

Available Statistics

Statistics Consumer

AWS Management Console

CloudWatch Metrics

CPUUtilization

StatusCheckFailed

Custom Application-

Specific Metrics

PageViewCount


Supported AWS Services

Auto Scaling

Amazon CloudFront

Amazon CloudWatch

Amazon CloudSearch

Amazon DynamoDB

Amazon EC2

Amazon ElastiCache

Amazon EBS

Elastic LoadBalancing

Amazon EMR

Amazon Kinesis Amazon EC2 Container Service

AWS OpsWorks

Amazon Redshift

Amazon RDS

Amazon Route 53

Amazon SNS

Amazon SQS

Amazon SWF

Amazon S3AWS Storage Gateway

Amazon WorkSpaces

Amazon Machine Learning

AWS Lambda AWS WAF


AWS Trusted Advisor

Best practice and recommendation engine.Provides AWS customers with performance and security recommendations in four categories: cost optimization, security, fault tolerance, and performance improvement.

AWS Trusted Advisor


Cost Optimization

Amazon EC2 Reserved Instance OptimizationLow Utilization Amazon EC2 InstancesIdle Load BalancersUnderutilized Amazon EBS VolumesUnassociated Elastic IP AddressesAmazon RDS Idle DB Instances


Security

Security GroupsAWS IAM UseAmazon S3 Bucket PermissionsMFA on Root AccountAWS IAM Password PolicyAmazon RDS Security Group Access Risk


Fault Tolerance

Amazon EBS SnapshotsLoad Balancer OptimizationAuto Scaling Group ResourcesAmazon RDS Multi-AZAmazon Route 53 Name Server DelegationsELB Connection Draining


Performance Improvement

High Utilization Amazon EC2 InstancesService LimitsLarge Number of Rules in EC2 Security GroupOver Utilized Amazon EBS Magnetic VolumesAmazon EC2 to EBS Throughput OptimizationAmazon CloudFront Alternate Domain Names


© 2016 Amazon Web Services, Inc. or its affiliates. All rights reserved.

This work may not be reproduced or redistributed, in whole or in part, without prior written permission from Amazon Web Services, Inc. Commercial

copying, lending, or selling is prohibited.

Errors or corrections? Email us at [email protected]. For all other questions, contact us at:

https://aws.amazon.com/contact-us/aws-training/.

All trademarks are the property of their owners.