Description: This session will feature best practices in the real world for deploying AWS cloud services. You will hear about cloud use cases, governance, security, cloud architecture, optimizing costs, and leveraging appropriate support offerings. The session will provide insight into experience from hundreds of government customers’ AWS adoption and highlight lessons learned along the way.
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
AWS Deployment Best Practices - AWS Symposium 2014 - Washington D.C.
1. AWS Government, Education, and Nonprofits Symposium
Washington, DC | June 24, 2014 - June 26, 2014
AWS Government, Education, and Nonprofits Symposium
Washington, DC | June 24, 2014 - June 26, 2014
tbixler@amazon.com
AWS Best Practices
Tim Bixler
2. AWS Government, Education, and Nonprofits Symposium
Washington, DC | June 24, 2014 - June 26, 2014
Choose your use
case well
1
3. AWS Government, Education, and Nonprofits Symposium
Washington, DC | June 24, 2014 - June 26, 2014
Dev & Test
Spin environments up and
down on demand
Decouple development and test
environments from operations
constraints
Explore elasticity in a
sandboxed environment
Backup & DR
Take part of your data or
business applications step-
by-step into non-production
DR use
Understand cloud dynamics
and test during controlled
failovers
Greenfield
Project
Embody best practice of cloud
computing in unconstrained
greenfield projects
Self contained web projects,
document archiving etc
Low hanging fruit can be easiest to pick
Pain point
Move specific service aspects
causing undue cost or
management burden
Workflows, search indexing,
media streaming, document
archiving, constrained
databases
Choose appropriate use cases
4. AWS Government, Education, and Nonprofits Symposium
Washington, DC | June 24, 2014 - June 26, 2014
Enterprise Apps
Launch enterprise software
solutions from Microsoft, Oracle,
SAP and others on demand
Customize environments to meet
your specific security and
operational requirements
Deploy repeatable and consistent
deployments in minutes
Big Data & HPC
Solve challenge of increasing
volume, variety, and velocity
of digital information
Deploy large scale compute
clusters in minutes
Accelerate innovation, enable
deep analytics, and scale
without limits
Virtual Desktops
Workspaces fully managed
desktop accessed from choice
of device – laptop computer
(Mac OS or Windows), iPad,
Kindle Fire, or Android tablet.
No-upfront investment, secure
data storage, corp. directory
integration and PCoIP
technology from Teradici
Low hanging fruit can be easiest to pick
Web, Mobile &
Social Apps
Deliver on scalable web and
application servers, storage,
databases, content delivery,
cache, search, and other
application services that make it
easier to build and run apps that
deliver a great customer
experience.
Choose appropriate use cases
Common Government and Education workloads
5. AWS Government, Education, and Nonprofits Symposium
Washington, DC | June 24, 2014 - June 26, 2014
PoC Production Automation
Understand services
Test performance
Architect for scale
Build cross functional team
capabilities
Implement monitoring
Change control and management
Security management
Scalability
Automate corrective measures
Auto-scaling
Zero downtime deployments
System backup and recovery
Examples Plan evolution & set goals
6. AWS Government, Education, and Nonprofits Symposium
Washington, DC | June 24, 2014 - June 26, 2014
PoC Production Automation
Understand services
Test performance
Architect for scale
Build cross functional team
capabilities
Implement monitoring
Change control and management
Security management
Scalability
Automate corrective measures
Auto-scaling
Zero downtime deployments
System backup and recovery
Examples Plan evolution & set goals
Amazon Beanstalk
AWS Test Drive
AWS Free Usage Tier
Amazon Beanstalk
Amazon OpsWorks
Amazon Cloud Formation
Amazon Cloud Watch
Amazon IAM
APIs
CLI
Amazon Auto Scaling
7. AWS app store for business/IT software
• Broad selection
• Instant fulfillment, support of 1-Click and
CloudFormation
• Integrated AWS procurement and payments
• Seamless license management and
‘compliance by default’
Software for Testing, PoC and Production
• IT and business titles for Enterprise
production workloads
• Free, limited, and enterprise versions of
titles – customer can perform a low cost
pilot, then migrate seamlessly to production
• Customers of all sizes – F500 and SMB
• No overprovisioning, use only what you
need
Easy Deployments via AWS Marketplace
http://aws.amazon.com/partners/aws-marketplace/
8. AWS Government, Education, and Nonprofits Symposium
Washington, DC | June 24, 2014 - June 26, 2014
AWS Architecture Center
Reference Architectures
Web Application Hosting
Content and Media Serving
Batch Processing
Fault tolerance and High Availability
Large Scale Processing and Huge Data sets
Ad Serving
Disaster Recovery for Local Applications
File Synchronization
Media Sharing
Online Games
Log Analysis
Financial Services Grid Computing
E-Commerce Websites
Time Series Processing
http://aws.amazon.com/architecture
9. AWS Government, Education, and Nonprofits Symposium
Washington, DC | June 24, 2014 - June 26, 2014
Govern deployments
2
10. AWS Government, Education, and Nonprofits Symposium
Washington, DC | June 24, 2014 - June 26, 2014
Create an account structure
that makes sense
Use accounts like environments
where you need separation and
control
e.g.
Dev Sandboxes
Test Environments
Business Units
Products & Services
Govern deployments
Accounts
11. AWS Government, Education, and Nonprofits Symposium
Washington, DC | June 24, 2014 - June 26, 2014
Create an account structure
that makes sense
Use accounts like environments
where you need separation and
control
e.g.
Dev Sandboxes
Test Environments
Business Units
Products & Services
Control access to billing
information
Use Amazon IAM users to keep
billing information in the master
account
Consolidate billing into a
single account
Let one account pick up the bill for
multiple ‘sub accounts’
Setup billing alerts and
automated bill reporting
Get Amazon CloudWatch
notifications when billing reaches a
point and output csv reports to
Amazon S3 for analysis
Accounts Billing
Govern deployments
12. AWS Government, Education, and Nonprofits Symposium
Washington, DC | June 24, 2014 - June 26, 2014
Enable CSV &
Programmatic Access
Billing
Preferences
Billing settings
13. AWS Government, Education, and Nonprofits Symposium
Washington, DC | June 24, 2014 - June 26, 2014
Dev 1
Dev 2
Test Master Account
Consolidated Billing
Data labeled by
source in Amazon S3
Production
Internal
Systems
Billing Alerts
Bill reached $x
Cost accounting in
favorite package
Billing settings
14. AWS Government, Education, and Nonprofits Symposium
Washington, DC | June 24, 2014 - June 26, 2014
Dev 1
Dev 2
Test Master Account
Production
Internal
Systems
Dev 1 reached $100
Dev 2 reached $250
Test reached $1,000
Prod reached $1,200
Internal reached $400
Billing settings
15. AWS Government, Education, and Nonprofits Symposium
Washington, DC | June 24, 2014 - June 26, 2014
Create an account structure
that makes sense
Use accounts like environments
where you need separation and
control
e.g.
Dev Sandboxes
Test Environments
Business Units
Products & Services
Decide upon a key
management strategy
Control access to Amazon EC2
instances via SSH and embedded
public key:
e.g. Amazon EC2 Key Pair per group
of instances, Amazon EC2 Key Pair
per account
Consider SSH key rotation &
automation
Limit exposure to private key
compromise by rotating keys and
replacing authorized_keys listings on
running instances
Consider bootstrap automation to
grant developer access with
developer unique keypairs
Accounts Billing Access Keys
Govern deployments
Control access to billing
information
Use Amazon IAM users to keep
billing information in the master
account
Consolidate billing into a
single account
Let one account pick up the bill for
multiple ‘sub accounts’
Setup billing alerts and
automated bill reporting
Get Amazon CloudWatch
notifications when billing reaches a
point and output csv reports to
Amazon S3 for analysis
16. AWS Government, Education, and Nonprofits Symposium
Washington, DC | June 24, 2014 - June 26, 2014
Create an account structure
that makes sense
Use accounts like environments
where you need separation and
control
e.g.
Dev Sandboxes
Test Environments
Business Units
Products & Services
Accounts Billing Access Keys
Use Amazon IAM Groups to
manage console users and API
access
Provide developers with Amazon IAM
user login and unique API access
credentials
Control & restrict what Amazon IAM
users can do by placing them in groups
with policies
Assign Amazon EC2 Instances
Amazon IAM Roles
Let AWS manage API access credentials
on running instances by assigning a
system entitlement to an instance
e.g. instance can only read Amazon S3
bucket
Groups & Roles
Govern deployments
Control access to billing
information
Use Amazon IAM users to keep
billing information in the master
account
Consolidate billing into a
single account
Let one account pick up the bill for
multiple ‘sub accounts’
Setup billing alerts and
automated bill reporting
Get Amazon CloudWatch
notifications when billing reaches a
point and output csv reports to
Amazon S3 for analysis
Decide upon a key
management strategy
Control access to Amazon EC2
instances via SSH and embedded
public key:
e.g. Amazon EC2 Key Pair per group
of instances, Amazon EC2 Key Pair
per account
Consider SSH key rotation &
automation
Limit exposure to private key
compromise by rotating keys and
replacing authorized_keys listings on
running instances
Consider bootstrap automation to
grant developer access with
developer unique keypairs
17. AWS Government, Education, and Nonprofits Symposium
Washington, DC | June 24, 2014 - June 26, 2014
Account
Administrators Developers Applications
Bob
Kevin
Tomcat
Jim Brad
Mark
Susan
Reporting
Console
Identity & access management
18. AWS Government, Education, and Nonprofits Symposium
Washington, DC | June 24, 2014 - June 26, 2014
Account
Administrators Developers Applications
Bob
Kevin
Tomcat
Jim Brad
Mark
Susan
Reporting
Console
Multi-factor authentication
Groups
Identity & access management
19. AWS Government, Education, and Nonprofits Symposium
Washington, DC | June 24, 2014 - June 26, 2014
AWS system entitlements
RolesAccount
Administrators Developers Applications
Bob
Kevin
Tomcat
Jim Brad
Mark
Susan
Reporting
Console
Multi-factor authentication
Groups
Identity & access management
20. AWS Government, Education, and Nonprofits Symposium
Washington, DC | June 24, 2014 - June 26, 2014
IAM policies
{
"Statement": [
{
"Allow",
"Action": [
"elasticbeanstalk:*",
"ec2:*",
"elasticloadbalancing:*",
"autoscaling:*",
"cloudwatch:*",
"s3:*",
"sns:*"
],
"Resource": "*"
}
]
}
Policy driven
Declarative definition of rights for groups
Policies control access to AWS APIs
21. AWS Government, Education, and Nonprofits Symposium
Washington, DC | June 24, 2014 - June 26, 2014
3
Ensure security
22. AWS Government, Education, and Nonprofits Symposium
Washington, DC | June 24, 2014 - June 26, 2014
Facilities
Physical security
Compute infrastructure
Storage infrastructure
Network infrastructure
Virtualization layer (EC2)
Hardened service endpoints
Rich IAM capabilities
Network configuration
Security groups
OS firewalls
Operating systems
Applications
Proper service configuration
AuthN & acct management
Authorization policies
+ =
Customer/Partner
• Re-focus your security professionals on a subset of the problem
• Take advantage of high levels of uniformity and automation
Security is a Shared Responsibility
23. AWS Government, Education, and Nonprofits Symposium
Washington, DC | June 24, 2014 - June 26, 2014
• Apply Your Information Management Program -
that integrates Information Assurance
• Standardize Machine Images – create gold copy
images for production deployment/to launch new
instances
• Build and test in a sandbox environment – work
out the bugs, figure out how to break it, architect to
be resilient
• Do the same stuff you do in-house – quarterly
patch management, IDS/IPS, logging, tripwire, etc.
• Conduct a Risk Assessment - to determine level of
security controls you require
• Role Based Access Controls – restrict access to
system components based upon need to know
• Use Encryption – for data in transit, for data at rest,
filesystem
• Key Management – rotate keys used to access your
resources (AWS does not hold these…you do)
• Setup Monitoring/Alerting – collect metrics and
enable alerting for when events occur
• Vulnerability Scans – allowed via a permission
process (else we will kill/block the source of scans)
• Prepare for Failure – create backups, store data in
more than one location, test backups, have a
contingency system ready
Examples of Customer Responsibilities
24. AWS Government, Education, and Nonprofits Symposium
Washington, DC | June 24, 2014 - June 26, 2014
Engage with security assessors early in adoption cycle
Leverage shared security model
• Don’t fear assessment – AWS meets high standards
(FedRAMP, DoD CSM, PCI, ISO27001, SOC1…)
• As with any infrastructure provider, security assessments
take time
• Derive value from architecture reviews early in
deployment cycle
25. AWS Government, Education, and Nonprofits Symposium
Washington, DC | June 24, 2014 - June 26, 2014
Engage with security assessors early in adoption cycle
Use comprehensive materials and certifications provided by AWS
Leverage shared security model
http://aws.amazon.com/security/
Risk and compliance paper
AWS security processes paper
CSA consensus assessments initiative
questionnaire
26. AWS Government, Education, and Nonprofits Symposium
Washington, DC | June 24, 2014 - June 26, 2014
Engage with security assessors early in adoption cycle
Use comprehensive materials and certifications provided by AWS
Build upon features of AWS and implement a ‘security by design’ environment
Leverage shared security model
27. AWS Government, Education, and Nonprofits Symposium
Washington, DC | June 24, 2014 - June 26, 2014
Build upon AWS features
Amazon IAM
Control users and allow AWS to
manage credentials in running
instances for service access
(allocation, rotation)
APIs vs. Instance
Provide developer API credentials
and control access to SSH keys
Temporary Credentials
Provide developer API credentials
and control access to SSH keys
Instance firewalls
Firewall control on instances via
Security Groups
CLIs and APIs
Instantly audit your entire AWS
infrastructure from scriptable APIs –
generate an on-demand IT inventory
enabled by programmatic nature of
AWS
Subnet control
Create low level networking
constraints for resource access, such
as public and private subnets,
internet gateways and NATs
Bastion hosts
Only allow access for management
of production resources from a
bastion host. Turn off when not
needed
Tiered Access Security Groups Amazon VPC
28. AWS Government, Education, and Nonprofits Symposium
Washington, DC | June 24, 2014 - June 26, 2014
Build upon AWS features
Store your cryptographic keys
Use your most sensitive and
regulated data on Amazon EC2
without giving applications direct
access to your data's encryption
keys.
Migrate cryptographic
applications
Use AWS CloudHSM in conjunction
with your compatible on-premise
HSMs to replicate keys among on-
premise HSMs and CloudHSMs.
Amazon CloudHSM
Private connections to
Amazon VPC
Secured access to resources in AWS
over software or hardware VPN and
dedicated network links
Amazon Direct Connect &
VPN
29. AWS Government, Education, and Nonprofits Symposium
Washington, DC | June 24, 2014 - June 26, 2014
Architect to use
cloud strengths
4
30. AWS Government, Education, and Nonprofits Symposium
Washington, DC | June 24, 2014 - June 26, 2014
Architect to use cloud strengths
e.g. Application performance improvement by migration of static content to Amazon S3/CloudFront
Review application architectures early – assess fit for cloud
Can cloud benefits be leveraged with minimum effort outlay?
e.g. variable capacity requirements, ‘standard’ technology stacks, reference architectures*
*http://aws.amazon.com/architecture
?
?
?
?
e.g. Faster development cycles for dev/test, reduced cap-ex for application environments
Will cloud yield cost savings & agility improvements?
e.g. fully scripted deployments, Amazon IAM & EC2 instance roles, rolling deployments
Can automation lead to a more agile & secure service?
31. AWS Government, Education, and Nonprofits Symposium
Washington, DC | June 24, 2014 - June 26, 2014
Architect to use cloud strengths
Design systems that can suffer
instance loss
Dispose of compute when it is not
required
Disposable compute
✓
✓ ✓
✓
32. AWS Government, Education, and Nonprofits Symposium
Washington, DC | June 24, 2014 - June 26, 2014
Architect to use cloud strengths
Disposable compute
Flexible capacity
Design for systems that potentially
scale from zero instances to hundreds
Use Auto-scaling (events, schedules
etc) to drive capacity availability
✓
✓ ✓
✓
✓
✓
33. AWS Government, Education, and Nonprofits Symposium
Washington, DC | June 24, 2014 - June 26, 2014
Architect to use cloud strengths
Utilize 99.999999999% durability of
objects in S3
Scale databases with RDS and use
DynamoDB for high throughput NoSQL
Disposable compute
Flexible capacity
Cost effective & reliable storage
✓
✓ ✓
✓
✓
✓
34. AWS Government, Education, and Nonprofits Symposium
Washington, DC | June 24, 2014 - June 26, 2014
Architect to use cloud strengths
Disposable compute
Flexible capacity
Cost effective storage
Automation and control
Automate everything from scaling to
instance recovery from failure
✓ ✓✓
35. AWS Government, Education, and Nonprofits Symposium
Washington, DC | June 24, 2014 - June 26, 2014
1 Create instance of your OS choice
2 Configure environment
3 Install software
4 Create Amazon Machine Image (AMI) from instance
5 Launch fully configured instances from AMI
Bootstrapping – custom AMIs
AMI
Custom machine
image
Instance
Auto-scaling
Manual deployments
Programmatic deployments
36. AWS Government, Education, and Nonprofits Symposium
Washington, DC | June 24, 2014 - June 26, 2014
ami-id
ami-launch-index
ami-manifest-path
block-device-mapping
hostname
instance-action
instance-id
Instance-type
kernel-id
local-hostname
local-ipv4
mac
network
placement
profile
public-hostname
public-ipv4
public-keys
reservation-id
http://169.254.169.254/latest/meta-data
Metadata service contains wealth of information about an instance
Bootstrapping – metadata service
AMI
Custom or standard
machine image
Instance
Metadata
Service
Receive custom
data to drive
bootstrapping
37. AWS Government, Education, and Nonprofits Symposium
Washington, DC | June 24, 2014 - June 26, 2014
+ user data
Scripts in user-data field of metadata will be executed on launch
e.g.
http://169.254.169.254/latest/meta-data
Metadata service contains wealth of information about an instance
#!/bin/sh
yum -y install httpd
chkconfig httpd on
/etc/init.d/httpd start
<powershell>
…
</powershell>
Or:
AMI
Custom or standard
machine image
Instance
Metadata
Service
Receive custom
data to drive
bootstrapping
Bootstrapping – metadata service
38. + user data
Scripts in user-data field of metadata will be executed on launch
http://169.254.169.254/latest/meta-data
Metadata service contains wealth of information about an instance AMI
Custom or standard
machine image
Instance
Metadata
Service
Receive custom
data to drive
bootstrapping
Bootstrapping – metadata service
Install software e.g. web server, app server, proxy
Pull data and application packages from Amazon S3
Publish metadata for instance to other systems e.g. monitoring systems
Setup security profile of instance based upon intended use e.g. pull latest config
39. AWS Government, Education, and Nonprofits Symposium
Washington, DC | June 24, 2014 - June 26, 2014
1. Use Multiple
Availability Zones
40. AWS Government, Education, and Nonprofits Symposium
Washington, DC | June 24, 2014 - June 26, 2014
2. Use Amazon RDS with
Replicas and Standby
41. AWS Government, Education, and Nonprofits Symposium
Washington, DC | June 24, 2014 - June 26, 2014
3. Use Amazon Auto
Scaling groups
42. AWS Government, Education, and Nonprofits Symposium
Washington, DC | June 24, 2014 - June 26, 2014
4. Use Amazon Elastic
Load Balancing
43. AWS Government, Education, and Nonprofits Symposium
Washington, DC | June 24, 2014 - June 26, 2014
5. Use Amazon Route53
to host DNS zones
44. Three Services: Better Together
Amazon CloudWatch
Amazon Elastic Load
Balancer
Amazon Auto Scaling
45. AWS Government, Education, and Nonprofits Symposium
Washington, DC | June 24, 2014 - June 26, 2014
Use at regional level
Combined with Amazon Auto Scaling
Amazon ELB will balance requests
and resource capacity across
Availability Zones
Within Amazon VPC
Use to loadbalance between
application tiers within an
Availability Zone
Instance migrations
Easily move instances from dev
environments to test environments
by moving between Amazon ELBs
Leverage SLA
Improve application reliability with
Amazon Route 53’s SLA on requests
served
Weighted routing
Perform A/B analysis, and staged
application roll-outs by moving a
portion of traffic to new
infrastructure
Health checks
DNS health checks and
health-based failover
Latency Based Routing
Route end users to lowest-latency
endpoints
Scale databases without
admin overhead
Choose instance size for databases
and scale up over time
Add high availability from
management console
Create Multi-AZ deployments and
Read-Replicas. AWS takes care of
the failover and recreation of a new
standby in event of master DB loss
Amazon Elastic Load
Balancing
Amazon Route 53 Amazon RDS
Dynamically scale resources
& control costs
Only provision the resources that
are required with scale up and cool
down policies that match demand
Easy setup for developers and
administrators via the AWS
Management Console.
Amazon Auto Scaling
Architect to use cloud strengths
46. AWS Government, Education, and Nonprofits Symposium
Washington, DC | June 24, 2014 - June 26, 2014
Be elastic and cost
optimized
5
47. AWS Government, Education, and Nonprofits Symposium
Washington, DC | June 24, 2014 - June 26, 2014
PRICING &
COST OPTIMIZATION
(Amazon EC2)
48. AWS Government, Education, and Nonprofits Symposium
Washington, DC | June 24, 2014 - June 26, 2014
Reserved
Make a low, one-time
payment and receive
a significant discount
on the hourly charge
For committed
utilization
Free Tier
Get Started on AWS
with free usage &
no commitment
For POCs and
getting started
On-Demand
Pay for compute
capacity by the hour
with no long-term
commitments
For spiky workloads,
or to define needs
Spot
Bid for unused
capacity, charged at
a Spot Price which
fluctuates based on
supply and demand
For time-insensitive
or transient
workloads
Dedicated
Launch instances
within Amazon VPC
that run on hardware
dedicated to a single
customer
For highly sensitive or
compliance related
workloads
Many pricing models to support different workloads
49. AWS Government, Education, and Nonprofits Symposium
Washington, DC | June 24, 2014 - June 26, 2014
Manually
Send an API call or use CLI to
launch/terminate instances –
Only need to specify capacity
change (+/-)
By Schedule
Scale up/down based on date
and time
By Policy
Scale in response to changing
conditions, based on user
configured real-time monitoring
and alerts
Auto-Rebalance
Instances are automatically
launched/terminated to ensure
the application is balanced
across multiple AZs
Amazon Auto Scaling policies
50. AWS Government, Education, and Nonprofits Symposium
Washington, DC | June 24, 2014 - June 26, 2014
0
2
4
6
8
10
12
14
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
On Demand
Light Utilization RI
Medium Utilization RI
Heavy utilization RI
Hours
InstancesOptimizing Costs With RIs
51. AWS Government, Education, and Nonprofits Symposium
Washington, DC | June 24, 2014 - June 26, 2014
Start
Choose instance that
meets your basic
requirements best
Match memory &
virtual cores
Instance types
52. AWS Government, Education, and Nonprofits Symposium
Washington, DC | June 24, 2014 - June 26, 2014
Start
Choose instance that
meets your basic
requirements best
Match memory &
virtual cores
Tune
Change instance size
up or down based
upon monitoring
Use trusted advisor to
assess
Instance types
53. AWS Government, Education, and Nonprofits Symposium
Washington, DC | June 24, 2014 - June 26, 2014
Start
Choose instance that
meets your basic
requirements best
Match memory &
virtual cores
Tune
Change instance size
up or down based
upon monitoring
Use trusted advisor to
assess
Scale
Run instances across
multiple availability
zones
Smaller sizes equals
greater granularity
Purchase RIs after the application
has been tuned and utilization
patterns are established
Instance types
54. AWS Government, Education, and Nonprofits Symposium
Washington, DC | June 24, 2014 - June 26, 2014
Cost Explorer
Monthly Spend by Service
AWS Monthly Spend
AWS Cost Explorer
55. AWS Government, Education, and Nonprofits Symposium
Washington, DC | June 24, 2014 - June 26, 2014
AWS SUPPORT
56. AWS Government, Education, and Nonprofits Symposium
Washington, DC | June 24, 2014 - June 26, 2014
AWS Support is a Global Organization
57. AWS Government, Education, and Nonprofits Symposium
Washington, DC | June 24, 2014 - June 26, 2014
• Basic Support - Free
Contact Customer Service for account and billing questions and receive technical support for resources that don’t pass system
health checks.
• Developer-level Support – Starting at $49/month
Get started on AWS – ask technical questions and get a response to your web case within 12 hours during local business hours.
• Business-level Support – Starting at $100/month
24/7/365 real-time assistance by phone and chat, a 1 hour response to web cases, and help with 3rd party software. Access
Trusted Advisor to increase performance, fault tolerance, security, and potentially save money.
• Enterprise-level Support – Starting at $15,000/month
15 minute response to web cases, an assigned technical account manager (TAM) who is an expert in your use case, and white-
glove case handling that notifies your TAM and the service engineering team of a critical issue.
AWS Support Plans
58. AWS Government, Education, and Nonprofits Symposium
Washington, DC | June 24, 2014 - June 26, 2014
• Since the beginning of the year, customers have viewed over 700K
Trusted Advisor recommendations, and have reduced their AWS
spend by over $140M
• 31 Checks in four categories (Cost Optimizing, Security, Fault
Tolerance, and Performance)
• Recommendations are accessible via the Support API
AWS Trusted Advisor
59. AWS Government, Education, and Nonprofits Symposium
Washington, DC | June 24, 2014 - June 26, 2014
BOTTOM LINE
60. AWS Government, Education, and Nonprofits Symposium
Washington, DC | June 24, 2014 - June 26, 2014
Your
Mission
70%
On-Premise
Infrastructure
30%
Managing All of the
“Undifferentiated Heavy Lifting”
Cloud computing bottom line
61. AWS Government, Education, and Nonprofits Symposium
Washington, DC | June 24, 2014 - June 26, 2014
AWS
Cloud-Based
Infrastructure
Your
Mission
More Time to Focus on
Your Mission
Configuring Your
Cloud Assets
70%
30%70%
On-Premise
Infrastructure
30%
Managing All of the
“Undifferentiated Heavy Lifting”
Cloud computing bottom line
63. AWS Government, Education, and Nonprofits Symposium
Washington, DC | June 24, 2014 - June 26, 2014
AWS Government, Education, and Nonprofits Symposium
Washington, DC | June 24, 2014 - June 26, 2014
tbixler@amazon.com
AWS Best Practices
Tim Bixler
Thank You
Editor's Notes
Development and Test
Enterprise Applications
Big Data and High Performance Computing (HPC)
Storage, Backup, and Archival
Disaster Recovery
Web, Mobile, and Social Apps
Virtual Desktops
Data Center Migrations
Development and Test
Enterprise Applications
Big Data and High Performance Computing (HPC)
Storage, Backup, and Archival
Disaster Recovery
Web, Mobile, and Social Apps
Virtual Desktops
Data Center Migrations
Make a forward reference to the discussion of RIs and how they benefit the entire organization
Provide a forward reference to Mark’s Security Track
There’s a shared responsibility to accomplish security and compliance objectives in AWS cloud. There are some elements that AWS takes responsibility for, and others that the customer must address. The outcome of the collaborative approach is positive results seen by customers around the world.
AWS has completed the Cloud Security Alliance (CSA) Consensus Assessments Initiative Questionnaire.
Mention AWS Cost Explorer
o Add and Professional Services to Title and get 1-2 slides from Josh
o Grab the latest slides from Joe Spiezio
o Add Trusted Advisor
o Mention free offer of Business Support for 30 days
o Mention Well-Architected Program for larger customers