SlideShare ist ein Scribd-Unternehmen logo

Delivering applications securely with AWS - SVC303 - Chicago AWS Summit

Amazon Web Services
Amazon Web Services

Networking is the foundation that supports many applications on AWS. The way you architect your network helps to determine how reliable, secure, and performant your applications are. In this session, we discuss the easy and secure delivery of applications to your users over the AWS global network. We answer your questions and cover multiple delivery methods that use Amazon CloudFront, AWS Global Accelerator, and AWS PrivateLink.

1 von 25
Downloaden Sie, um offline zu lesen
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Delivering applications securely with AWS Miguel Cervantes Partner Solutions Architect AWS S V C 3 0 3 Tino Tran Edge Solutions Architect AWS
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Agenda Delivering… SaaS applications & Global applications
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T But first… Let’s level set and start with some foundations
NAT InstanceB 10.1.1.11/24 Instance BNAT-GW NAT-GW 0.0.0.0/0 AWS Region Availability Zone 2Availability Zone 1 Private subnet VGW VPC Peering VPC Flow Logs VPN The internet Private subnet Public subnet InstanceA Public subnet Amazon S3 VPC CIDR 10.1.0.0/16 10.1.0.11/24 InstanceC 10.1.2.11/24 InstanceD 10.1.3.11/24 DXGW + Expand + IPv6 IGWVPCE 10.1.0.0/16 Local 0.0.0.0/0 IGW S3.prefix.list VPCE-123 On-premises VGW VPC-B PCX-123 Destination Target Intra or inter region 10.1.0.0/16 Local S3.prefix.list VPCE-123 On-premises VGW VPC-B PCX-123 Destination Target AWS PrivateLink Service Provider VPC NLB On premises VPC-B EIP - 10.1.0.11 : 54.23.12.43 EIP - 10.1.1.11 : 54.19.12.23 Amazon DynamoDB AWS Lambda AWS Direct Connect Amazon SQS Amazon SNS AWS IOT Amazon CloudWatch AWS PrivateLink Transit GW Onpremises AWS PrivateLink- enabled services Other Routes TGW Other Routes TGW Amazon S3 AWS Global Accelerator
NAT InstanceB 10.1.1.11/24 Instance BNAT-GW NAT-GW 0.0.0.0/0 AWS Region Availability Zone 2Availability Zone 1 Private subnet VGW VPC Peering VPC Flow Logs VPN The internet Private subnet Public subnet InstanceA Public subnet Amazon S3 VPC CIDR 10.1.0.0/16 10.1.0.11/24 InstanceC 10.1.2.11/24 InstanceD 10.1.3.11/24 DXGW + Expand + IPv6 IGWVPCE 10.1.0.0/16 Local 0.0.0.0/0 IGW S3.prefix.list VPCE-123 On-premises VGW VPC-B PCX-123 Destination Target Intra or inter region 10.1.0.0/16 Local S3.prefix.list VPCE-123 On-premises VGW VPC-B PCX-123 Destination Target AWS PrivateLink service provider VPC NLB On premises VPC-B EIP - 10.1.0.11 : 54.23.12.43 EIP - 10.1.1.11 : 54.19.12.23 Amazon DynamoDB AWS Lambda AWS Direct Connect Amazon SQS Amazon SNS AWS IOT Amazon CloudWatch AWS PrivateLink Transit GW Onpremises AWS PrivateLink- enabled services Other Routes TGW Other Routes TGW Amazon S3 AWS Global Accelerator
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T What is it and how do I use it? AWS PrivateLink
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Amazon API Gateway AWS CloudFormation Amazon CloudWatch Amazon CloudWatch Events Amazon CloudWatch Logs AWS CodeBuild AWS Config Amazon EC2 API Elastic Load Balancing API AWS Key Management Service Amazon Kinesis Data Streams Amazon SageMaker Runtime AWS Secrets Manager AWS Security Token Service AWS Service Catalog Amazon SNS AWS Systems Manager NAT InstanceB 10.1.1.11/24 NAT-GW AWS Region Availability Zone 2Availability Zone 1 Private subnet Private subnet Public subnet InstanceA Public subnet VPC CIDR 10.1.0.0/16 10.1.0.11/24 InstanceC 10.1.2.11/24 InstanceD 10.1.3.11/24 + Expand + IPv6 22+ services now supported over AWS PrivateLink ec2.eu-west-1.amazonaws.com ENI1: 10.1.0.15 ENI2: 10.1.1.23 AWS PrivateLink can reach public services, privately from your VPC No routes needed! (almost) 10.1.0.0/16 Local Destination Target 10.1.0.0/16 Local Destination Target + More VPC endpoints
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Type: Gateway Type: Interface VPC endpoints
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T AWS PrivateLink for service providers Customer VPC Service provider VPC Application, e.g., SaaS NLB AWS PrivateLink VPC endpoint: vpce-2222.foo.amazon.com
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T AWS PrivateLink details https://amzn.to/2Wf755U
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Let’s take a look at the AWS Global Network Before we go further…
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Amazon Global Network Redundant 100 GbE network Private network capacity between all AWS Regions, except China The AWS Cloud spans: 180 Points of Presence 66 Availability zones 21 geographic regions around the world* *with announced plans for 12 more availability zones and four more regions in Bahrain, Cape Town, Jakarta, and Milan
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T What is it and how do I use it? AWS Global Accelerator
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Before…
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T AWS Region 1 AWS Region 2
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Local ISP Network A B C D E F Access application! Accessing your application is not this straightforward!It can take many networks to reach the application Paths to and from the application may differ Each hop impacts performance and can introduce risk Before Global Accelerator…
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T After…
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T AWS Region 1 AWS Region 2 3.10.3.1253.10.3.125
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Local ISP AWS network With Global Accelerator… Adding AWS Global Accelerator removes these inefficiencies Leverages the global AWS network Resulting in improved performance
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T AWS Global Accelerator details https://amzn.to/2zPFDOJ
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T What is it and how do I use it? Amazon CloudFront
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Amazon CloudFront Local edge locations Regional edge cache Application origin Users
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Additional integrated AWS Services AWS Shield Advanced AWS DDoS Response Team to assistance, advanced protections, including WAF, attack visibility, cost protection AWS WAF SQLi, XSS, rate limiting, geoblocking rules, string/regex matching, IP rules
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Amazon CloudFront details https://amzn.to/1MUXDUY
Thank you! S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Miguel Cervantes miguelaws@amazon.com Tino Tran tinot@amazon.com

Empfohlen

Continuous security monitoring and threat detection with AWS services - SEC20...
Continuous security monitoring and threat detection with AWS services - SEC20...Continuous security monitoring and threat detection with AWS services - SEC20...
Continuous security monitoring and threat detection with AWS services - SEC20...
Amazon Web Services
 
Finding all the threats: AWS threat detection and remediation - SEC303 - Chic...
Finding all the threats: AWS threat detection and remediation - SEC303 - Chic...Finding all the threats: AWS threat detection and remediation - SEC303 - Chic...
Finding all the threats: AWS threat detection and remediation - SEC303 - Chic...
Amazon Web Services
 
Self-service remediation, managing configuration drift, & automation - SVC311...
Self-service remediation, managing configuration drift, & automation - SVC311...Self-service remediation, managing configuration drift, & automation - SVC311...
Self-service remediation, managing configuration drift, & automation - SVC311...
Amazon Web Services
 
Delivering infrastructure, security, and operations as code with AWS - DEM10-...
Delivering infrastructure, security, and operations as code with AWS - DEM10-...Delivering infrastructure, security, and operations as code with AWS - DEM10-...
Delivering infrastructure, security, and operations as code with AWS - DEM10-...
Amazon Web Services
 
Scaling a database with Amazon RDS for Oracle - ADB208 - Chicago AWS Summit
Scaling a database with Amazon RDS for Oracle - ADB208 - Chicago AWS SummitScaling a database with Amazon RDS for Oracle - ADB208 - Chicago AWS Summit
Scaling a database with Amazon RDS for Oracle - ADB208 - Chicago AWS Summit
Amazon Web Services
 
Do you need a ledger database or a blockchain? - SVC310 - Chicago AWS Summit
Do you need a ledger database or a blockchain? - SVC310 - Chicago AWS SummitDo you need a ledger database or a blockchain? - SVC310 - Chicago AWS Summit
Do you need a ledger database or a blockchain? - SVC310 - Chicago AWS Summit
Amazon Web Services
 
Best practices for queue processing in serverless applications - MAD313 - Chi...
Best practices for queue processing in serverless applications - MAD313 - Chi...Best practices for queue processing in serverless applications - MAD313 - Chi...
Best practices for queue processing in serverless applications - MAD313 - Chi...
Amazon Web Services
 
Planning advanced AWS networking architectures - SVC304 - Chicago AWS Summit
Planning advanced AWS networking architectures - SVC304 - Chicago AWS SummitPlanning advanced AWS networking architectures - SVC304 - Chicago AWS Summit
Planning advanced AWS networking architectures - SVC304 - Chicago AWS Summit
Amazon Web Services
 

Empfohlen

Continuous security monitoring and threat detection with AWS services - SEC20...
Continuous security monitoring and threat detection with AWS services - SEC20...Continuous security monitoring and threat detection with AWS services - SEC20...
Continuous security monitoring and threat detection with AWS services - SEC20...
Amazon Web Services
 
Finding all the threats: AWS threat detection and remediation - SEC303 - Chic...
Finding all the threats: AWS threat detection and remediation - SEC303 - Chic...Finding all the threats: AWS threat detection and remediation - SEC303 - Chic...
Finding all the threats: AWS threat detection and remediation - SEC303 - Chic...
Amazon Web Services
 
Self-service remediation, managing configuration drift, & automation - SVC311...
Self-service remediation, managing configuration drift, & automation - SVC311...Self-service remediation, managing configuration drift, & automation - SVC311...
Self-service remediation, managing configuration drift, & automation - SVC311...
Amazon Web Services
 
Delivering infrastructure, security, and operations as code with AWS - DEM10-...
Delivering infrastructure, security, and operations as code with AWS - DEM10-...Delivering infrastructure, security, and operations as code with AWS - DEM10-...
Delivering infrastructure, security, and operations as code with AWS - DEM10-...
Amazon Web Services
 
Scaling a database with Amazon RDS for Oracle - ADB208 - Chicago AWS Summit
Scaling a database with Amazon RDS for Oracle - ADB208 - Chicago AWS SummitScaling a database with Amazon RDS for Oracle - ADB208 - Chicago AWS Summit
Scaling a database with Amazon RDS for Oracle - ADB208 - Chicago AWS Summit
Amazon Web Services
 
Do you need a ledger database or a blockchain? - SVC310 - Chicago AWS Summit
Do you need a ledger database or a blockchain? - SVC310 - Chicago AWS SummitDo you need a ledger database or a blockchain? - SVC310 - Chicago AWS Summit
Do you need a ledger database or a blockchain? - SVC310 - Chicago AWS Summit
Amazon Web Services
 
Best practices for queue processing in serverless applications - MAD313 - Chi...
Best practices for queue processing in serverless applications - MAD313 - Chi...Best practices for queue processing in serverless applications - MAD313 - Chi...
Best practices for queue processing in serverless applications - MAD313 - Chi...
Amazon Web Services
 
Planning advanced AWS networking architectures - SVC304 - Chicago AWS Summit
Planning advanced AWS networking architectures - SVC304 - Chicago AWS SummitPlanning advanced AWS networking architectures - SVC304 - Chicago AWS Summit
Planning advanced AWS networking architectures - SVC304 - Chicago AWS Summit
Amazon Web Services
 
Train once, deploy anywhere on the cloud and at the edge with Neo - AIM301 - ...
Train once, deploy anywhere on the cloud and at the edge with Neo - AIM301 - ...Train once, deploy anywhere on the cloud and at the edge with Neo - AIM301 - ...
Train once, deploy anywhere on the cloud and at the edge with Neo - AIM301 - ...
Amazon Web Services
 
Increasing the value of video with machine learning & AWS Media Services - SV...
Increasing the value of video with machine learning & AWS Media Services - SV...Increasing the value of video with machine learning & AWS Media Services - SV...
Increasing the value of video with machine learning & AWS Media Services - SV...
Amazon Web Services
 
Unified monitoring of the container environment, containers, and applications...
Unified monitoring of the container environment, containers, and applications...Unified monitoring of the container environment, containers, and applications...
Unified monitoring of the container environment, containers, and applications...
Amazon Web Services
 
Architecting SAP on Amazon Web Services - SVC216 - Chicago AWS Summit
Architecting SAP on Amazon Web Services - SVC216 - Chicago AWS SummitArchitecting SAP on Amazon Web Services - SVC216 - Chicago AWS Summit
Architecting SAP on Amazon Web Services - SVC216 - Chicago AWS Summit
Amazon Web Services
 
Aligning to the NIST Cybersecurity Framework in the AWS Cloud - SEC204 - Chic...
Aligning to the NIST Cybersecurity Framework in the AWS Cloud - SEC204 - Chic...Aligning to the NIST Cybersecurity Framework in the AWS Cloud - SEC204 - Chic...
Aligning to the NIST Cybersecurity Framework in the AWS Cloud - SEC204 - Chic...
Amazon Web Services
 
Detecting and responding to critical events with AWS IoT Events - SVC205 - Ch...
Detecting and responding to critical events with AWS IoT Events - SVC205 - Ch...Detecting and responding to critical events with AWS IoT Events - SVC205 - Ch...
Detecting and responding to critical events with AWS IoT Events - SVC205 - Ch...
Amazon Web Services
 
Exploring the fundamentals of AWS networking - SVC210 - Chicago AWS Summit
Exploring the fundamentals of AWS networking - SVC210 - Chicago AWS SummitExploring the fundamentals of AWS networking - SVC210 - Chicago AWS Summit
Exploring the fundamentals of AWS networking - SVC210 - Chicago AWS Summit
Amazon Web Services
 
Introduction to AWS Global Accelerator - SVC211 - Chicago AWS Summit
Introduction to AWS Global Accelerator - SVC211 - Chicago AWS SummitIntroduction to AWS Global Accelerator - SVC211 - Chicago AWS Summit
Introduction to AWS Global Accelerator - SVC211 - Chicago AWS Summit
Amazon Web Services
 
What's new in Amazon Aurora - ADB203 - Atlanta AWS Summit
What's new in Amazon Aurora - ADB203 - Atlanta AWS SummitWhat's new in Amazon Aurora - ADB203 - Atlanta AWS Summit
What's new in Amazon Aurora - ADB203 - Atlanta AWS Summit
Amazon Web Services
 
Safeguarding the integrity of your code for fast, secure deployments - SVC301...
Safeguarding the integrity of your code for fast, secure deployments - SVC301...Safeguarding the integrity of your code for fast, secure deployments - SVC301...
Safeguarding the integrity of your code for fast, secure deployments - SVC301...
Amazon Web Services
 
AWS identity services: Enabling and securing your cloud journey - SEC203 - Ch...
AWS identity services: Enabling and securing your cloud journey - SEC203 - Ch...AWS identity services: Enabling and securing your cloud journey - SEC203 - Ch...
AWS identity services: Enabling and securing your cloud journey - SEC203 - Ch...
Amazon Web Services
 
Developing your Cloud Center of Excellence using CloudHealth - DEM03 - Atlant...
Developing your Cloud Center of Excellence using CloudHealth - DEM03 - Atlant...Developing your Cloud Center of Excellence using CloudHealth - DEM03 - Atlant...
Developing your Cloud Center of Excellence using CloudHealth - DEM03 - Atlant...
Amazon Web Services
 
Deep dive on security in Amazon S3 - STG304 - Chicago AWS Summit
Deep dive on security in Amazon S3 - STG304 - Chicago AWS SummitDeep dive on security in Amazon S3 - STG304 - Chicago AWS Summit
Deep dive on security in Amazon S3 - STG304 - Chicago AWS Summit
Amazon Web Services
 
Developing serverless applications with .NET using AWS SDK and tools - MAD308...
Developing serverless applications with .NET using AWS SDK and tools - MAD308...Developing serverless applications with .NET using AWS SDK and tools - MAD308...
Developing serverless applications with .NET using AWS SDK and tools - MAD308...
Amazon Web Services
 
Securely deliver applications with AWS - SVC305 - Atlanta AWS Summit
Securely deliver applications with AWS - SVC305 - Atlanta AWS SummitSecurely deliver applications with AWS - SVC305 - Atlanta AWS Summit
Securely deliver applications with AWS - SVC305 - Atlanta AWS Summit
Amazon Web Services
 
Accelerating your cloud migration with VMware Cloud on AWS - CMP205 - Chicago...
Accelerating your cloud migration with VMware Cloud on AWS - CMP205 - Chicago...Accelerating your cloud migration with VMware Cloud on AWS - CMP205 - Chicago...
Accelerating your cloud migration with VMware Cloud on AWS - CMP205 - Chicago...
Amazon Web Services
 
Deploy and manage Kubernetes on AWS from your on-premises environment - DEM04...
Deploy and manage Kubernetes on AWS from your on-premises environment - DEM04...Deploy and manage Kubernetes on AWS from your on-premises environment - DEM04...
Deploy and manage Kubernetes on AWS from your on-premises environment - DEM04...
Amazon Web Services
 
Developing Intelligent Robots with AWS RoboMaker - SVC205 - Anaheim AWS Summit
Developing Intelligent Robots with AWS RoboMaker - SVC205 - Anaheim AWS SummitDeveloping Intelligent Robots with AWS RoboMaker - SVC205 - Anaheim AWS Summit
Developing Intelligent Robots with AWS RoboMaker - SVC205 - Anaheim AWS Summit
Amazon Web Services
 
Using automation to drive continuous-compliance best practices - SVC309 - Chi...
Using automation to drive continuous-compliance best practices - SVC309 - Chi...Using automation to drive continuous-compliance best practices - SVC309 - Chi...
Using automation to drive continuous-compliance best practices - SVC309 - Chi...
Amazon Web Services
 
Deep dive on AWS Cloud storage offerings - What to use, where, and why - STG3...
Deep dive on AWS Cloud storage offerings - What to use, where, and why - STG3...Deep dive on AWS Cloud storage offerings - What to use, where, and why - STG3...
Deep dive on AWS Cloud storage offerings - What to use, where, and why - STG3...
Amazon Web Services
 
Fundamentals of AWS networking - SVC303 - Atlanta AWS Summit
Fundamentals of AWS networking - SVC303 - Atlanta AWS SummitFundamentals of AWS networking - SVC303 - Atlanta AWS Summit
Fundamentals of AWS networking - SVC303 - Atlanta AWS Summit
Amazon Web Services
 
AWS Networking Fundamentals - SVC304 - Anaheim AWS Summit
AWS Networking Fundamentals - SVC304 - Anaheim AWS SummitAWS Networking Fundamentals - SVC304 - Anaheim AWS Summit
AWS Networking Fundamentals - SVC304 - Anaheim AWS Summit
Amazon Web Services
 

Weitere ähnliche Inhalte

Was ist angesagt?

Increasing the value of video with machine learning & AWS Media Services - SV...
Increasing the value of video with machine learning & AWS Media Services - SV...Increasing the value of video with machine learning & AWS Media Services - SV...
Increasing the value of video with machine learning & AWS Media Services - SV...
Amazon Web Services
 
Unified monitoring of the container environment, containers, and applications...
Unified monitoring of the container environment, containers, and applications...Unified monitoring of the container environment, containers, and applications...
Unified monitoring of the container environment, containers, and applications...
Amazon Web Services
 
Exploring the fundamentals of AWS networking - SVC210 - Chicago AWS Summit
Exploring the fundamentals of AWS networking - SVC210 - Chicago AWS SummitExploring the fundamentals of AWS networking - SVC210 - Chicago AWS Summit
Exploring the fundamentals of AWS networking - SVC210 - Chicago AWS Summit
Amazon Web Services
 
Introduction to AWS Global Accelerator - SVC211 - Chicago AWS Summit
Introduction to AWS Global Accelerator - SVC211 - Chicago AWS SummitIntroduction to AWS Global Accelerator - SVC211 - Chicago AWS Summit
Introduction to AWS Global Accelerator - SVC211 - Chicago AWS Summit
Amazon Web Services
 
Developing your Cloud Center of Excellence using CloudHealth - DEM03 - Atlant...
Developing your Cloud Center of Excellence using CloudHealth - DEM03 - Atlant...Developing your Cloud Center of Excellence using CloudHealth - DEM03 - Atlant...
Developing your Cloud Center of Excellence using CloudHealth - DEM03 - Atlant...
Amazon Web Services
 
Accelerating your cloud migration with VMware Cloud on AWS - CMP205 - Chicago...
Accelerating your cloud migration with VMware Cloud on AWS - CMP205 - Chicago...Accelerating your cloud migration with VMware Cloud on AWS - CMP205 - Chicago...
Accelerating your cloud migration with VMware Cloud on AWS - CMP205 - Chicago...
Amazon Web Services
 
Deploy and manage Kubernetes on AWS from your on-premises environment - DEM04...
Deploy and manage Kubernetes on AWS from your on-premises environment - DEM04...Deploy and manage Kubernetes on AWS from your on-premises environment - DEM04...
Deploy and manage Kubernetes on AWS from your on-premises environment - DEM04...
Amazon Web Services
 
Developing Intelligent Robots with AWS RoboMaker - SVC205 - Anaheim AWS Summit
Developing Intelligent Robots with AWS RoboMaker - SVC205 - Anaheim AWS SummitDeveloping Intelligent Robots with AWS RoboMaker - SVC205 - Anaheim AWS Summit
Developing Intelligent Robots with AWS RoboMaker - SVC205 - Anaheim AWS Summit
Amazon Web Services
 
Using automation to drive continuous-compliance best practices - SVC309 - Chi...
Using automation to drive continuous-compliance best practices - SVC309 - Chi...Using automation to drive continuous-compliance best practices - SVC309 - Chi...
Using automation to drive continuous-compliance best practices - SVC309 - Chi...
Amazon Web Services
 
Deep dive on AWS Cloud storage offerings - What to use, where, and why - STG3...
Deep dive on AWS Cloud storage offerings - What to use, where, and why - STG3...Deep dive on AWS Cloud storage offerings - What to use, where, and why - STG3...
Deep dive on AWS Cloud storage offerings - What to use, where, and why - STG3...
Amazon Web Services
 

Was ist angesagt? (20)

Train once, deploy anywhere on the cloud and at the edge with Neo - AIM301 - ...
Train once, deploy anywhere on the cloud and at the edge with Neo - AIM301 - ...Train once, deploy anywhere on the cloud and at the edge with Neo - AIM301 - ...
Train once, deploy anywhere on the cloud and at the edge with Neo - AIM301 - ...
 
Increasing the value of video with machine learning & AWS Media Services - SV...
Increasing the value of video with machine learning & AWS Media Services - SV...Increasing the value of video with machine learning & AWS Media Services - SV...
Increasing the value of video with machine learning & AWS Media Services - SV...
 
Unified monitoring of the container environment, containers, and applications...
Unified monitoring of the container environment, containers, and applications...Unified monitoring of the container environment, containers, and applications...
Unified monitoring of the container environment, containers, and applications...
 
Architecting SAP on Amazon Web Services - SVC216 - Chicago AWS Summit
Architecting SAP on Amazon Web Services - SVC216 - Chicago AWS SummitArchitecting SAP on Amazon Web Services - SVC216 - Chicago AWS Summit
Architecting SAP on Amazon Web Services - SVC216 - Chicago AWS Summit
 
Aligning to the NIST Cybersecurity Framework in the AWS Cloud - SEC204 - Chic...
Aligning to the NIST Cybersecurity Framework in the AWS Cloud - SEC204 - Chic...Aligning to the NIST Cybersecurity Framework in the AWS Cloud - SEC204 - Chic...
Aligning to the NIST Cybersecurity Framework in the AWS Cloud - SEC204 - Chic...
 
Detecting and responding to critical events with AWS IoT Events - SVC205 - Ch...
Detecting and responding to critical events with AWS IoT Events - SVC205 - Ch...Detecting and responding to critical events with AWS IoT Events - SVC205 - Ch...
Detecting and responding to critical events with AWS IoT Events - SVC205 - Ch...
 
Exploring the fundamentals of AWS networking - SVC210 - Chicago AWS Summit
Exploring the fundamentals of AWS networking - SVC210 - Chicago AWS SummitExploring the fundamentals of AWS networking - SVC210 - Chicago AWS Summit
Exploring the fundamentals of AWS networking - SVC210 - Chicago AWS Summit
 
Introduction to AWS Global Accelerator - SVC211 - Chicago AWS Summit
Introduction to AWS Global Accelerator - SVC211 - Chicago AWS SummitIntroduction to AWS Global Accelerator - SVC211 - Chicago AWS Summit
Introduction to AWS Global Accelerator - SVC211 - Chicago AWS Summit
 
What's new in Amazon Aurora - ADB203 - Atlanta AWS Summit
What's new in Amazon Aurora - ADB203 - Atlanta AWS SummitWhat's new in Amazon Aurora - ADB203 - Atlanta AWS Summit
What's new in Amazon Aurora - ADB203 - Atlanta AWS Summit
 
Safeguarding the integrity of your code for fast, secure deployments - SVC301...
Safeguarding the integrity of your code for fast, secure deployments - SVC301...Safeguarding the integrity of your code for fast, secure deployments - SVC301...
Safeguarding the integrity of your code for fast, secure deployments - SVC301...
 
AWS identity services: Enabling and securing your cloud journey - SEC203 - Ch...
AWS identity services: Enabling and securing your cloud journey - SEC203 - Ch...AWS identity services: Enabling and securing your cloud journey - SEC203 - Ch...
AWS identity services: Enabling and securing your cloud journey - SEC203 - Ch...
 
Developing your Cloud Center of Excellence using CloudHealth - DEM03 - Atlant...
Developing your Cloud Center of Excellence using CloudHealth - DEM03 - Atlant...Developing your Cloud Center of Excellence using CloudHealth - DEM03 - Atlant...
Developing your Cloud Center of Excellence using CloudHealth - DEM03 - Atlant...
 
Deep dive on security in Amazon S3 - STG304 - Chicago AWS Summit
Deep dive on security in Amazon S3 - STG304 - Chicago AWS SummitDeep dive on security in Amazon S3 - STG304 - Chicago AWS Summit
Deep dive on security in Amazon S3 - STG304 - Chicago AWS Summit
 
Developing serverless applications with .NET using AWS SDK and tools - MAD308...
Developing serverless applications with .NET using AWS SDK and tools - MAD308...Developing serverless applications with .NET using AWS SDK and tools - MAD308...
Developing serverless applications with .NET using AWS SDK and tools - MAD308...
 
Securely deliver applications with AWS - SVC305 - Atlanta AWS Summit
Securely deliver applications with AWS - SVC305 - Atlanta AWS SummitSecurely deliver applications with AWS - SVC305 - Atlanta AWS Summit
Securely deliver applications with AWS - SVC305 - Atlanta AWS Summit
 
Accelerating your cloud migration with VMware Cloud on AWS - CMP205 - Chicago...
Accelerating your cloud migration with VMware Cloud on AWS - CMP205 - Chicago...Accelerating your cloud migration with VMware Cloud on AWS - CMP205 - Chicago...
Accelerating your cloud migration with VMware Cloud on AWS - CMP205 - Chicago...
 
Deploy and manage Kubernetes on AWS from your on-premises environment - DEM04...
Deploy and manage Kubernetes on AWS from your on-premises environment - DEM04...Deploy and manage Kubernetes on AWS from your on-premises environment - DEM04...
Deploy and manage Kubernetes on AWS from your on-premises environment - DEM04...
 
Developing Intelligent Robots with AWS RoboMaker - SVC205 - Anaheim AWS Summit
Developing Intelligent Robots with AWS RoboMaker - SVC205 - Anaheim AWS SummitDeveloping Intelligent Robots with AWS RoboMaker - SVC205 - Anaheim AWS Summit
Developing Intelligent Robots with AWS RoboMaker - SVC205 - Anaheim AWS Summit
 
Using automation to drive continuous-compliance best practices - SVC309 - Chi...
Using automation to drive continuous-compliance best practices - SVC309 - Chi...Using automation to drive continuous-compliance best practices - SVC309 - Chi...
Using automation to drive continuous-compliance best practices - SVC309 - Chi...
 
Deep dive on AWS Cloud storage offerings - What to use, where, and why - STG3...
Deep dive on AWS Cloud storage offerings - What to use, where, and why - STG3...Deep dive on AWS Cloud storage offerings - What to use, where, and why - STG3...
Deep dive on AWS Cloud storage offerings - What to use, where, and why - STG3...
 

Ähnlich wie Delivering applications securely with AWS - SVC303 - Chicago AWS Summit

Fundamentals of AWS networking - SVC303 - Atlanta AWS Summit
Fundamentals of AWS networking - SVC303 - Atlanta AWS SummitFundamentals of AWS networking - SVC303 - Atlanta AWS Summit
Fundamentals of AWS networking - SVC303 - Atlanta AWS Summit
Amazon Web Services
 
AWS Networking Fundamentals - SVC304 - Anaheim AWS Summit
AWS Networking Fundamentals - SVC304 - Anaheim AWS SummitAWS Networking Fundamentals - SVC304 - Anaheim AWS Summit
AWS Networking Fundamentals - SVC304 - Anaheim AWS Summit
Amazon Web Services
 
AWS networking fundamentals - SVC303 - Santa Clara AWS Summit
AWS networking fundamentals - SVC303 - Santa Clara AWS SummitAWS networking fundamentals - SVC303 - Santa Clara AWS Summit
AWS networking fundamentals - SVC303 - Santa Clara AWS Summit
Amazon Web Services
 
AWS networking fundamentals - SVC211 - São Paulo AWS Summit
AWS networking fundamentals - SVC211 - São Paulo AWS SummitAWS networking fundamentals - SVC211 - São Paulo AWS Summit
AWS networking fundamentals - SVC211 - São Paulo AWS Summit
Amazon Web Services
 
Exploring the fundamentals of AWS networking - SVC211 - New York AWS Summit
Exploring the fundamentals of AWS networking - SVC211 - New York AWS SummitExploring the fundamentals of AWS networking - SVC211 - New York AWS Summit
Exploring the fundamentals of AWS networking - SVC211 - New York AWS Summit
Amazon Web Services
 
Introduction to the AWS Well-Architected Framework and AWS WA Tool - SVC214-R...
Introduction to the AWS Well-Architected Framework and AWS WA Tool - SVC214-R...Introduction to the AWS Well-Architected Framework and AWS WA Tool - SVC214-R...
Introduction to the AWS Well-Architected Framework and AWS WA Tool - SVC214-R...
Amazon Web Services
 
Innovate - Become Migration Ready: Accelerate and Optimise your Cloud Adoptio...
Innovate - Become Migration Ready: Accelerate and Optimise your Cloud Adoptio...Innovate - Become Migration Ready: Accelerate and Optimise your Cloud Adoptio...
Innovate - Become Migration Ready: Accelerate and Optimise your Cloud Adoptio...
Amazon Web Services
 
Journey into the Cloud with VMware Cloud on AWS: Deep Dive - CMP303 - Anaheim...
Journey into the Cloud with VMware Cloud on AWS: Deep Dive - CMP303 - Anaheim...Journey into the Cloud with VMware Cloud on AWS: Deep Dive - CMP303 - Anaheim...
Journey into the Cloud with VMware Cloud on AWS: Deep Dive - CMP303 - Anaheim...
Amazon Web Services
 

Ähnlich wie Delivering applications securely with AWS - SVC303 - Chicago AWS Summit (20)

Fundamentals of AWS networking - SVC303 - Atlanta AWS Summit
Fundamentals of AWS networking - SVC303 - Atlanta AWS SummitFundamentals of AWS networking - SVC303 - Atlanta AWS Summit
Fundamentals of AWS networking - SVC303 - Atlanta AWS Summit
 
AWS Networking Fundamentals - SVC304 - Anaheim AWS Summit
AWS Networking Fundamentals - SVC304 - Anaheim AWS SummitAWS Networking Fundamentals - SVC304 - Anaheim AWS Summit
AWS Networking Fundamentals - SVC304 - Anaheim AWS Summit
 
AWS networking fundamentals - SVC303 - Santa Clara AWS Summit
AWS networking fundamentals - SVC303 - Santa Clara AWS SummitAWS networking fundamentals - SVC303 - Santa Clara AWS Summit
AWS networking fundamentals - SVC303 - Santa Clara AWS Summit
 
AWS Networking Fundamentals
AWS Networking FundamentalsAWS Networking Fundamentals
AWS Networking Fundamentals
 
AWS networking fundamentals - SVC211 - São Paulo AWS Summit
AWS networking fundamentals - SVC211 - São Paulo AWS SummitAWS networking fundamentals - SVC211 - São Paulo AWS Summit
AWS networking fundamentals - SVC211 - São Paulo AWS Summit
 
Exploring the fundamentals of AWS networking - SVC211 - New York AWS Summit
Exploring the fundamentals of AWS networking - SVC211 - New York AWS SummitExploring the fundamentals of AWS networking - SVC211 - New York AWS Summit
Exploring the fundamentals of AWS networking - SVC211 - New York AWS Summit
 
Migliora la disponibilità e le prestazioni delle tue applicazioni con Amazon ...
Migliora la disponibilità e le prestazioni delle tue applicazioni con Amazon ...Migliora la disponibilità e le prestazioni delle tue applicazioni con Amazon ...
Migliora la disponibilità e le prestazioni delle tue applicazioni con Amazon ...
 
Introduction to the AWS Well-Architected Framework and AWS WA Tool - SVC214-R...
Introduction to the AWS Well-Architected Framework and AWS WA Tool - SVC214-R...Introduction to the AWS Well-Architected Framework and AWS WA Tool - SVC214-R...
Introduction to the AWS Well-Architected Framework and AWS WA Tool - SVC214-R...
 
AWS networking fundamentals
AWS networking fundamentalsAWS networking fundamentals
AWS networking fundamentals
 
Black Belt Tips for Cloud Network Operations - AWS Summit Sydney
Black Belt Tips for Cloud Network Operations - AWS Summit SydneyBlack Belt Tips for Cloud Network Operations - AWS Summit Sydney
Black Belt Tips for Cloud Network Operations - AWS Summit Sydney
 
Innovate - Become Migration Ready: Accelerate and Optimise your Cloud Adoptio...
Innovate - Become Migration Ready: Accelerate and Optimise your Cloud Adoptio...Innovate - Become Migration Ready: Accelerate and Optimise your Cloud Adoptio...
Innovate - Become Migration Ready: Accelerate and Optimise your Cloud Adoptio...
 
AWS Fundamentals for DoD, Immersion Day Huntsville 2019
AWS Fundamentals for DoD, Immersion Day Huntsville 2019AWS Fundamentals for DoD, Immersion Day Huntsville 2019
AWS Fundamentals for DoD, Immersion Day Huntsville 2019
 
如何成功的完成混合雲遷移專案
如何成功的完成混合雲遷移專案如何成功的完成混合雲遷移專案
如何成功的完成混合雲遷移專案
 
Networking and Edge Services on AWS
Networking and Edge Services on AWSNetworking and Edge Services on AWS
Networking and Edge Services on AWS
 
Securely Deliver Applications with AWS - SVC305 - Anaheim AWS Summit
Securely Deliver Applications with AWS - SVC305 - Anaheim AWS SummitSecurely Deliver Applications with AWS - SVC305 - Anaheim AWS Summit
Securely Deliver Applications with AWS - SVC305 - Anaheim AWS Summit
 
How Vanguard and Bloomberg Use AWS PrivateLink (NET323) - AWS re:Invent 2018
How Vanguard and Bloomberg Use AWS PrivateLink (NET323) - AWS re:Invent 2018How Vanguard and Bloomberg Use AWS PrivateLink (NET323) - AWS re:Invent 2018
How Vanguard and Bloomberg Use AWS PrivateLink (NET323) - AWS re:Invent 2018
 
AWS PROTECTED Certification - Lunch & Learn
AWS PROTECTED Certification - Lunch & Learn AWS PROTECTED Certification - Lunch & Learn
AWS PROTECTED Certification - Lunch & Learn
 
AWS Networking – Advanced Concepts and new capabilities | AWS Summit Tel Aviv...
AWS Networking – Advanced Concepts and new capabilities | AWS Summit Tel Aviv...AWS Networking – Advanced Concepts and new capabilities | AWS Summit Tel Aviv...
AWS Networking – Advanced Concepts and new capabilities | AWS Summit Tel Aviv...
 
Accelerate and secure your applications running on AWS - SVC208 - Santa Clara...
Accelerate and secure your applications running on AWS - SVC208 - Santa Clara...Accelerate and secure your applications running on AWS - SVC208 - Santa Clara...
Accelerate and secure your applications running on AWS - SVC208 - Santa Clara...
 
Journey into the Cloud with VMware Cloud on AWS: Deep Dive - CMP303 - Anaheim...
Journey into the Cloud with VMware Cloud on AWS: Deep Dive - CMP303 - Anaheim...Journey into the Cloud with VMware Cloud on AWS: Deep Dive - CMP303 - Anaheim...
Journey into the Cloud with VMware Cloud on AWS: Deep Dive - CMP303 - Anaheim...
 

Mehr von Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Amazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Amazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
Amazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Amazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
Amazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Amazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
Amazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
Amazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
Amazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
Amazon Web Services
 

Mehr von Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Delivering applications securely with AWS - SVC303 - Chicago AWS Summit

  • 1. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Delivering applications securely with AWS Miguel Cervantes Partner Solutions Architect AWS S V C 3 0 3 Tino Tran Edge Solutions Architect AWS
  • 2. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Agenda Delivering… SaaS applications & Global applications
  • 3. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T But first… Let’s level set and start with some foundations
  • 4. NAT InstanceB 10.1.1.11/24 Instance BNAT-GW NAT-GW 0.0.0.0/0 AWS Region Availability Zone 2Availability Zone 1 Private subnet VGW VPC Peering VPC Flow Logs VPN The internet Private subnet Public subnet InstanceA Public subnet Amazon S3 VPC CIDR 10.1.0.0/16 10.1.0.11/24 InstanceC 10.1.2.11/24 InstanceD 10.1.3.11/24 DXGW + Expand + IPv6 IGWVPCE 10.1.0.0/16 Local 0.0.0.0/0 IGW S3.prefix.list VPCE-123 On-premises VGW VPC-B PCX-123 Destination Target Intra or inter region 10.1.0.0/16 Local S3.prefix.list VPCE-123 On-premises VGW VPC-B PCX-123 Destination Target AWS PrivateLink Service Provider VPC NLB On premises VPC-B EIP - 10.1.0.11 : 54.23.12.43 EIP - 10.1.1.11 : 54.19.12.23 Amazon DynamoDB AWS Lambda AWS Direct Connect Amazon SQS Amazon SNS AWS IOT Amazon CloudWatch AWS PrivateLink Transit GW Onpremises AWS PrivateLink- enabled services Other Routes TGW Other Routes TGW Amazon S3 AWS Global Accelerator
  • 5. NAT InstanceB 10.1.1.11/24 Instance BNAT-GW NAT-GW 0.0.0.0/0 AWS Region Availability Zone 2Availability Zone 1 Private subnet VGW VPC Peering VPC Flow Logs VPN The internet Private subnet Public subnet InstanceA Public subnet Amazon S3 VPC CIDR 10.1.0.0/16 10.1.0.11/24 InstanceC 10.1.2.11/24 InstanceD 10.1.3.11/24 DXGW + Expand + IPv6 IGWVPCE 10.1.0.0/16 Local 0.0.0.0/0 IGW S3.prefix.list VPCE-123 On-premises VGW VPC-B PCX-123 Destination Target Intra or inter region 10.1.0.0/16 Local S3.prefix.list VPCE-123 On-premises VGW VPC-B PCX-123 Destination Target AWS PrivateLink service provider VPC NLB On premises VPC-B EIP - 10.1.0.11 : 54.23.12.43 EIP - 10.1.1.11 : 54.19.12.23 Amazon DynamoDB AWS Lambda AWS Direct Connect Amazon SQS Amazon SNS AWS IOT Amazon CloudWatch AWS PrivateLink Transit GW Onpremises AWS PrivateLink- enabled services Other Routes TGW Other Routes TGW Amazon S3 AWS Global Accelerator
  • 6. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T What is it and how do I use it? AWS PrivateLink
  • 7. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Amazon API Gateway AWS CloudFormation Amazon CloudWatch Amazon CloudWatch Events Amazon CloudWatch Logs AWS CodeBuild AWS Config Amazon EC2 API Elastic Load Balancing API AWS Key Management Service Amazon Kinesis Data Streams Amazon SageMaker Runtime AWS Secrets Manager AWS Security Token Service AWS Service Catalog Amazon SNS AWS Systems Manager NAT InstanceB 10.1.1.11/24 NAT-GW AWS Region Availability Zone 2Availability Zone 1 Private subnet Private subnet Public subnet InstanceA Public subnet VPC CIDR 10.1.0.0/16 10.1.0.11/24 InstanceC 10.1.2.11/24 InstanceD 10.1.3.11/24 + Expand + IPv6 22+ services now supported over AWS PrivateLink ec2.eu-west-1.amazonaws.com ENI1: 10.1.0.15 ENI2: 10.1.1.23 AWS PrivateLink can reach public services, privately from your VPC No routes needed! (almost) 10.1.0.0/16 Local Destination Target 10.1.0.0/16 Local Destination Target + More VPC endpoints
  • 8. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Type: Gateway Type: Interface VPC endpoints
  • 9. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T AWS PrivateLink for service providers Customer VPC Service provider VPC Application, e.g., SaaS NLB AWS PrivateLink VPC endpoint: vpce-2222.foo.amazon.com
  • 10. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T AWS PrivateLink details https://amzn.to/2Wf755U
  • 11. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Let’s take a look at the AWS Global Network Before we go further…
  • 12. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Amazon Global Network Redundant 100 GbE network Private network capacity between all AWS Regions, except China The AWS Cloud spans: 180 Points of Presence 66 Availability zones 21 geographic regions around the world* *with announced plans for 12 more availability zones and four more regions in Bahrain, Cape Town, Jakarta, and Milan
  • 13. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T What is it and how do I use it? AWS Global Accelerator
  • 14. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Before…
  • 15. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T AWS Region 1 AWS Region 2
  • 16. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Local ISP Network A B C D E F Access application! Accessing your application is not this straightforward!It can take many networks to reach the application Paths to and from the application may differ Each hop impacts performance and can introduce risk Before Global Accelerator…
  • 17. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T After…
  • 18. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T AWS Region 1 AWS Region 2 3.10.3.1253.10.3.125
  • 19. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Local ISP AWS network With Global Accelerator… Adding AWS Global Accelerator removes these inefficiencies Leverages the global AWS network Resulting in improved performance
  • 20. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T AWS Global Accelerator details https://amzn.to/2zPFDOJ
  • 21. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T What is it and how do I use it? Amazon CloudFront
  • 22. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Amazon CloudFront Local edge locations Regional edge cache Application origin Users
  • 23. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Additional integrated AWS Services AWS Shield Advanced AWS DDoS Response Team to assistance, advanced protections, including WAF, attack visibility, cost protection AWS WAF SQLi, XSS, rate limiting, geoblocking rules, string/regex matching, IP rules
  • 24. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Amazon CloudFront details https://amzn.to/1MUXDUY
  • 25. Thank you! S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Miguel Cervantes miguelaws@amazon.com Tino Tran tinot@amazon.com