Find out more about some of the best practices for getting started on AWS

1. Getting started with AWS
mansson@amazon.com
Anne Månsson – AWS Account Manager

2. Getting Started with AWS: Agenda
Seven best practices you should focus on when getting started
Resources you can use to learn more
Getting Started with AWS

3. http://aws.amazon.com/getting-started/
Getting Started with AWS

4. Choose Your First
Use Case Well
1

5. Chose Your First Use Case Well
Make your first project a S.M.A.R.T one

6. Choose Your First Use Case Well
Dev & Test
Spin environments up
and down on demand
Decouple development
and test environments
from operations
constraints
Explore elasticity in a
sandboxed environment
Make your first project a S.M.A.R.T one

7. Chose Your First Use Case Well
Dev & Test
Spin environments up
and down on demand
Decouple development
and test environments
from operations
constraints
Explore elasticity in a
sandboxed environment
Backup & DR
Take part of your data or
business applications
step- by-step into non-
production DR use
Understand cloud
dynamics and test
during controlled failover
Make your first project a S.M.A.R.T one

8. Chose Your First Use Case Well
Dev & Test
Spin environments up
and down on demand
Decouple development
and test environments
from operations
constraints
Explore elasticity in a
sandboxed environment
Backup & DR
Take part of your data or
business applications
step- by-step into non-
production DR use
Understand cloud
dynamics and test
during controlled failover
Greenfield Project
Embody best practice of
cloud computing in
unconstrained greenfield
projects
Self contained web
projects, document
archiving etc
Make your first project a S.M.A.R.T one

9. Chose Your First Use Case Well
Dev & Test
Spin environments up
and down on demand
Decouple development
and test environments
from operations
constraints
Explore elasticity in a
sandboxed environment
Backup & DR
Take part of your data or
business applications
step- by-step into non-
production DR use
Understand cloud
dynamics and test
during controlled failover
Greenfield Project
Embody best practice of
cloud computing in
unconstrained greenfield
projects
Self contained web
projects, document
archiving etc
Pain point
Move specific service
aspects causing undue
cost or management
burden
Workflows, search
indexing, media
streaming, document
archiving, constrained
databases
Make your first project a S.M.A.R.T one

10. Plan Evolution and Set Goals
Understand services
Test performance
Architect for scale
Develop team capabilities
Implement monitoring
Change control and management
Security management
Scalability
Automate corrective actions
Auto-scaling
Zero downtime deployments
System backup and recovery
Proof of Concept Production Automation
SampleActivities

11. Lay Out Your
Foundations
2

12. Accounts
Create an account structure
that makes sense
Use accounts like environments
where you need separation and
control
e.g. Dev Sandboxes
Test Environments
Business Units
Products & Services
Lay Out Your Foundations

13. BillingAccounts
Create an account structure
that makes sense
Use accounts like environments
where you need separation and
control
e.g. Dev Sandboxes
Test Environments
Business Units
Products & Services
Consolidate billing into a
single account
Let one account pick up the bill for
multiple ‘sub accounts’
Control access to billing
information
Use IAM users to keep billing
information in the master
account
Setup billing alerts and
automated bill reporting
Get CloudWatch notifications when
billing reaches a point and output
csv reports to S3 for analysis
Lay Out Your Foundations

14. Enable delivery of billing reports
with resources & tags
Billing
preferences
Billing Settings

15. Billing
Master Account
aws.invoices@mycompany.com <- Payer Account

16. Billing
Consolidated Billing Relationship
Master Account
aws.invoices@mycompany.com
Division B
admin.divisionB@mycompany.com
User2
Dev2
Admin2
IAM
<- Payer Account
<- Linked Account
Root Access
IAM Access
Root Access

17. Billing
Consolidated Billing Relationship
Master Account
aws.invoices@mycompany.com
Division B
admin. divisionB@mycompany.com
Jane
Joe
John.SuperAdmin
IAM
Tags:
Own=Div
Proj=P
Tags:
Own=Div
Proj=Q
Tags:
Own=Div
Proj=R
Tags: (key-value)
e.g Own=Div
Proj=R

18. Billing
Consolidated Billing Relationships
Master Account
aws.invoices@mycompany.com
Business Unit C
admin.busUnitC@mycompany.com
Johnny
Lisa
Roger.Superadmin
IAM
Tags:
Own=BusC
Proj=X
Tags:
Own=BusC
Proj=Y
Tags:
Own=BusC
Proj=Z
Division B
admin.divisionB@mycompany.com
Jane
Joe
John.Superadmin
IAM
Tags:
Own=Div
Proj=P
Tags:
Own=Div
Proj=Q
Tags:
Own=Div
Proj=R
Operating Co. A
admin.opcoA@mycompany.com
Peter
Carol
Mia.Superadmin
IAM
Tags:
Own=OpCo
Proj=A
Tags:
Own=OpCo
Proj=B
Tags:
Own=OpCo
Proj=C

19. Billing
Consolidated Billing Relationships
Master Account
aws.invoices@mycompany.com
Business Unit C
admin.busUnitC@mycompany.com
IAM
Tags:
Own=BusC
Proj=X
Tags:
Own=BusC
Proj=Y
Tags:
Own=BusC
Proj=Z
Division B
admin.divisionB@mycompany.com
IAM
Tags:
Own=Div
Proj=P
Tags:
Own=Div
Proj=Q
Tags:
Own=Div
Proj=R
Operating Co. A
admin.opcoA@mycompany.com
IAM
Tags:
Own=OpCo
Proj=A
Tags:
Own=OpCo
Proj=B
Tags:
Own=OpCo
Proj=C
Peter
Carol
Mia.Superadmin
Jane
Joe
John.Superadmin
Johnny
Lisa
Roger.Superadmin

20. S3CSV
Billing
ANALYSIS
Programmatic Billing Access
Consolidated Billing Relationships
Master Account
aws.invoices@mycompany.com
Business Unit C
admin.busUnitC@mycompany.com
IAM
Tags:
Own=BusC
Proj=X
Tags:
Own=BusC
Proj=Y
Tags:
Own=BusC
Proj=Z
Division B
admin.divisionB@mycompany.com
IAM
Tags:
Own=Div
Proj=P
Tags:
Own=Div
Proj=Q
Tags:
Own=Div
Proj=R
Operating Co. A
admin.opcoA@mycompany.com
IAM
Tags:
Own=OpCo
Proj=A
Tags:
Own=OpCo
Proj=B
Tags:
Own=OpCo
Proj=C
Total Cost user-Own user-Stack
0.95 Div Dev
30.22 Div Test
153.01 Div Prod
13.37 opCo Dev
5.55 BusC Dev

21. 3rd Party Cost Management Tools

22. Access KeysBillingAccounts
Create an account structure
that makes sense
Use accounts like environments
where you need separation and
control
e.g. Dev Sandboxes
Test Environments
Business Units
Products & Services
Control access to billing
information
Use IAM users to keep billing
information in the master account
Consolidate billing into a
single account
Let one account pick up the bill for
multiple ‘sub accounts’
Setup billing alerts and
automated bill reporting
Get CloudWatch notifications when
billing reaches a point and output
csv reports to S3 for analysis
Decide upon a key
management strategy
Control access to EC2 instances
via SSH and embedded public key:
e.g. EC2 Key Pair per group of
instances, EC2 Key Pair per
account
Consider SSH key rotation &
automation
Limit exposure to private key
compromise by rotating keys and
replacing authorized_keys listings
on running instances
Consider bootstrap automation to
grant developer access with
developer unique keypairs
Lay Out Your Foundations

23. Groups & RolesAccess KeysBillingAccounts
Create an account structure
that makes sense
Use accounts like environments
where you need separation and
control
e.g. Dev Sandboxes
Test Environments
Business Units
Products & Services
Control access to billing
information
Use IAM users to keep billing
information in the master account
Consolidate billing into a
single account
Let one account pick up the bill for
multiple ‘sub accounts’
Setup billing alerts and
automated bill reporting
Get CloudWatch notifications when
billing reaches a point and output
csv reports to S3 for analysis
Decide upon a key
management strategy
Control access to EC2 instances
via SSH and embedded public key:
e.g. EC2 Key Pair per group of
instances, EC2 Key Pair per
account
Consider SSH key rotation &
automation
Limit exposure to private key
compromise by rotating keys and
replacing authorized_keys listings
on running instances
Consider bootstrap automation to
grant developer access with
developer unique keypairs
Use IAM Groups to manage
console users and API
access
Provide developers with IAM user
login and unique API access
credentials
Control & restrict what IAM users
can do by placing them in groups
with associated policies
Assign EC2 Instances IAM
roles
Let AWS manage API access
credentials on running instances
by assigning a system entitlement
to an instance
e.g. instance can only read S3
bucket
Lay Out Your Foundations

24. Identity & Access Management - IAM
Account
ApplicationsAdministrators Developers

25. Identity & Access Management - IAM
Account
ApplicationsAdministrators Developers
Groups
Multi-factor
Authentication

26. Identity & Access Management - IAM
Account
ApplicationsAdministrators Developers
Groups Roles
Multi-factor
Authentication
AWS API
Credentials

27. IAM Policies
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"elasticbeanstalk:*",
"ec2:*",
"elasticloadbalancing:*",
"autoscaling:*",
"cloudwatch:*",
"s3:*",
"sns:*"
],
"Resource": "*"
}
]
}
Create a policy to assign permissions to a
user, group, role or resource.
Policies are created using JSON. A policy
consists of one or more statements, each of
which describes one set of permissions.
Policies control access to AWS APIs

28. Identity and Access Management - IAM
For more details on IAM, visit:
aws.amazon.com/iam

29. Think Security
3

30. Foundation Services
Compute Storage Database Networking
AWS Global
Infrastructure Regions
Availability Zones
Edge Locations
Client-side Data Encryption & Data
Integrity Authentication
Server-side Encryption
(File System and/or Data)
Network Traffic Protection
(Encryption/Integrity/Identity)
Platform, Applications, Identity & Access Management
Operating System, Network & Firewall Configuration
Customer Data
AmazonYou
Shared Security Responsibility

31. Understand your customer & determine your security stance
Engage with security assessors early in your adoption cycle
Leverage AWS Security
Don’t fear assessment – AWS meets high standards (PCI DSS, ISO27001)
Security assessments take time, so allow for this in your planning
Undertake architecture reviews early in your design/deployment process

32. Understand your customer & determine your security stance
Engage with security assessors early in your adoption cycle
Use comprehensive materials and certifications provided by AWS
Leverage AWS Security
For more details on AWS Security, visit:
aws.amazon.com/security
Risk and compliance white paper
AWS security processes white paper
CSA (Cloud Security Alliance) consensus
assessments initiative questionnaire

33. Services not
Software
4

34. AWS Cloud
Infrastructure & Services
Your
Business
More Time to Focus on
Your Business
Configuring
Cloud Services
70%
30%70%
Self Managed Software
& Infrastructure
30%
Managing All of the
“Undifferentiated Heavy Lifting”
Services Not Software

35. Relational Database Service
Easy to set up, operate, and scale
Handles time-consuming database management tasks,
such as backups, patch management, and replication
Supports MySQL, MariaDB, Oracle, Microsoft SQL
Server, PostgreSQL & Amazon Aurora
NoSQL Database Service
Fast, predictable performance
Supports document & key-value data models
Fully distributed, fault tolerant architecture
Amazon RDS
Amazon DynamoDB
Services Not Software

36. Amazon SQS
Processing
task/processing
trigger
Processing results
Simple Queue Service
Fast, reliable, scalable, fully managed
message queuing service
Transmit any volume of data, at any level
of throughput
Amazon SQS
Amazon EMR
Elastic MapReduce
Uses Hadoop, an open source
framework, to distribute your data and
processing across EC2 instances
Integrates with other AWS services, such
S3 & DynamoDB
Supports the broad Hadoop tools
ecosystem
Services Not Software

37. Optimise Your Costs
5

38. Use the Right Instance Types
Use Auto Scaling
Turn Off Unused Instances
Use Reserved Instances
1
2
3
4
Use Spot Instances5
Use Storage Classes6
Offload Your Architecture7
Use Services, Not Software8
Use Consolidated Billing9
Use Cost Management Tools10

39. Use Tools &
Frameworks
6

40. Access everything via CLI, API or Console
Use one of 13 fully supported
SDKs to create or make use of existing AWS
resources within your own code
Leverage a broad ecosystem of open source,
free and commercially licensed tools to work
with AWS Services
Achieve the highest levels of automation to
support continuous deployment, define your
infrastructure-as-code or automate your
development, operations or DevOps processes
Find out more at: aws.amazon.com/developers/getting-started/
Everything is Programmable
Go >> C++ >>
AWS
Mobile
SDK
AWS IoT Device SDK

41. AWS Deployment & Management Tools
AWS Elastic Beanstalk
AWS OpsWorks
AWS CloudFormation

42. AWS Developer Tools
AWS CodeCommit
AWS CodeBuild
AWS CodePipeline
AWS CodeDeploy
AWS Lambda
AWS X-Ray
AWS Step Functions

43. Get Supported
7

44. Get Supported: AWS Support Options
Four Support Tiers are Available.
Chose from:
Basic
Developer
Business
Enterprise
For more details on AWS Support, visit:
aws.amazon.com/premiumsupport

45. Get Supported: Trusted Advisor

46. Resources You Can Use to Learn More
aws.amazon.com/getting-started/
aws.amazon.com/premiumsupport
aws.amazon.com/architecture
aws.amazon.com/security
aws.amazon.com/campaigns/emea-getting-started
aws.amazon.com/training/

47. © 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Guy Kfir
AWS Marketplace
June 15 2017
Oslo
Accelerating Innovation and Reducing Cost Using
Cloud-based Software Procurement

48. • Ongoing catalog additions
• Version updates*
• Vendor supply portal
• Centralize digital assets
*Vendor dependent
• Sunset older versions
• Add instance type/region
• Actively monitor
health and expansion
• 7/24 scanning
• Vulnerability notifications
and removal/work-rounds
• MCO team
AWS Marketplace: A Public Curated Catalog

49. ENTERPRISE
APPSDEVELOPMENT & OPERATIONSMOBILE SERVICESAPP SERVICESANALYTICS
Data
Warehousing
Hadoop/Spark
Streaming Data
Collection
Machine
Learning
Elastic
Search
Virtual
Desktops
Sharing &
Collaboration
Corporate
Email
Backup
Queuing &
Notifications
Workflow
Search
Email
Transcoding
One-click App
Deployment
Identity
Sync
Single Integrated
Console
Push
Notifications
DevOps Resource
Management
Application Lifecycle
Management
Containers
Triggers
Resource
Templates
MARKETPLACE
Business
Apps
Business
Intelligence
Databases
DevOps
Tools
Networking
Security
Storage
Regions
Availability
Zones
Points of
Presence
INFRASTRUCTURE
CORE SERVICES
Compute
VMs, Auto-scaling, &
Load Balancing
Storage
Object, Blocks, Archival,
Import/Export
Databases
Relational, NoSQL,
Caching, Migration
Networking
VPC, DX, DNS
CDN
Access
Control
Identity
Management
Key
Management
& Storage
Monitoring
& Logs
Assessment
and reporting
Resource &
Usage Auditing
SECURITY & COMPLIANCE
Configuration
Compliance
Web
application
firewall
HYBRID
ARCHITECTURE
Data Backups
Integrated
App
Deployments
Direct
Connect
Identity
Federation
Integrated
Resource
Management
Integrated
Networking API
Gateway
IoT
Rules
Engine
Device
Shadows
Device
SDKs
Registry
Device
Gateway
Streaming
Data Analysis
Business
Intelligence
Mobile
Analytics
Operating
Systems
Market Software Augments the AWS Platform

50. AWS Marketplace
Discover, Procure, Deploy, and Manage Software in the Cloud
• 135,000+ active customers
• 3,800+ software listings
• Over 1,200 participating ISVs
• Open source and commercial
software
• Bring-your-own-license
• Procure new
• Available in all new regions
• Over 370 M of deployed EC2
instances per month

51. • Buying software has been historically slow,
difficult, and resource-intensive
• A lot of “shelf ware” with capital tied up and
under-utilized
• Customers have urgent and short-term need of
software for a project
What Do Customers Tell Us About
Software Procurement and Management?

52. What’s the Value for Customers?
Tie software costs to actual usage, deploy in minutes, consolidate IT expenses
Rapidly deployPay-as-you-go Easily procure

53. @AWScloud for Global AWS News & Announcements