In this hands-on lab, learn how to get started on AWS Marketplace to build solutions that help to accelerate production-ready workloads. We dive into how to use it in your development and production environments, and review how to consume software in your AWS accounts. We go through what you can do to operate securely with your AWS Marketplace software, and we show you how to reduce the risk in your projects.

1. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Leverage AWS Marketplace to
accelerate production ready workloads
M S C 2 0 4

2. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Quickly Build Solutions
NFS/CIFS/iSCSI
SoftNAS
instance
Amazon EBS Volumes
VIP
SoftNAS
instance
Amazon EBS Volumes
VIP
SharePoint
instances
SharePoint
instances
Application
Load Balancer
Barracuda
WAF
Instances
Classic Load
Balancer
Barracuda
WAF
Instances
Auto Scaling group
Availability Zone
Application
Load Balancer
Availability Zone

3. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Amazon Confidential
Curated Catalog of 4,200+ software listings from 1,280 ISVs
Charged to AWS Bill Flexible Pricing
Get the software
you need in minutes
AWS Marketplace

4. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Amazon Redshift
10 Million Records
https://aws.amazon.com/solutions/case-studies/thrive-market/

5. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Popular categories and leading brands
most often deployed in projects
Security BIStorage MediaDatabaseNetworking DevOps
Operating
Systems

6. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS Marketplace Listing Types
BYOL
Carry previously purchased
licenses to AWS via AWS
Marketplace
License key required to
deploy and track
Leverage existing
investments
Utility
Metered pricing available based
on variables like term, # of
users, amount of bandwidth, #
of hosts
Pay only for what you use.
Free Trials available for many
products.
Open Source
Curated listings,
AWS infrastructure cost still
apply to open source
deployments
SaaS
Service completely managed
and fulfilled by SaaS Provider
No resources required to
manage infrastructure
SaaS Contracts avail for annual
and multi-year commitments,
Free Trials available for many
products.
Consolidated billing with other
AWS services
Amazon Machine Image (AMI) Deployed on AWS EC2 SaaS

7. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS Marketplace flexible pricing options
Hourly
Consumption-based
software with no
long-term
commitments.
Ideal for Dev/Test or
spikey workloads.
Monthly
Monthly terms
available, with the
option to upgrade to
annual or multi-year
contracts for SaaS
and API products.
Ideal for temporary
projects and baseline
workloads.
Free Trial
Get started quickly
with no
commitment.
Good for initial
evaluation.
Private Offers
Negotiated pricing
between customer &
ISV and fulfilled on
AWS Marketplace.
Intended for high value
transactions
BYOL
Leverage existing
investments through
bring-your-own-
license to simplify
cloud deployment.
Important for
customers migrating
to AWS.
Annual/
Multi-Year
Long term contracts
include one, two, and
three year options.
Ideal for long-term
workloads.

8. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Subscribing to AWS Marketplace Products
Before use, each account
must Accept Software Terms
IAM Managed Policies
• AWSMarketplaceFullAccess
• AWSMarketplaceManageSubscriptions
• AWSMarketplaceRead-only

9. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Accounts and Subscriptions
Single
Master
Child Child
Master Master
Subscribe to
AWS Marketplace
Product
Subscribe to
AWS Marketplace
Product from Master First
THEN Child accounts
Subscribe to
AWS Marketplace
Product from EACH Master

10. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AMI Product Construction
root volume
instance
security group
data volume AWS Marketplace
AMI
OS
Software Check for
AWS Marketplace best practices
Seller Provides

11. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Launching an AWS Marketplace AMI
AWS Marketplace Website

12. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Launching an AWS Marketplace AMI
Amazon EC2 Console

13. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
CloudFormation Launch
AWS Marketplace Website

14. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Getting started with AWS MP
D e m o n s t r a t i o n

15. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Getting started with AWS MP
H a n d s o n L a b

16. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Production Deployment Checklist
root volume
instance
security group
data volume
 Elastic IP
 Correct Storage
 Security Groups
 Key Pairs
 Tagging
 OS Patching and Configuration
 Agents

17. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Getting Ready for Production
ApproveValidateBuild Distribute Consume

18. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Building the Gold AMI
Instance
Base AMI
Candidate AMI
Scripts
Updates
Software
SSM
Automation
Document

19. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Building the Gold AMI with Ansible
Instance
Base AMI
Gold AMI
Ansible AMI
Ansible Instance
ssh keys
Execute Playbook Download Playbook
SSM
Automation
Document

20. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Validating the Gold AMI
Instance
Gold AMI
Email
Notification
Amazon
Inspector
Scan
SSM
Automation
Document
SSM
Parameter
Store
Approve
Human Approvers
AMI ID

21. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Region
us-east-1
Region
us-west-2
Region
ca-central-1
Distributing across regions and accounts
Cloud Team Dev Team A Dev Team B
Copy
Share
SSM
PS
SSM
PS
SSM
PS
SSM
PS
SSM
PS
SSM
PS
SSM
PS
SSM
PS
SSM
PS

22. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Preparing Products for Production
D e m o n s t r a t i o n

23. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Preparing Products for Production
H a n d s o n L a b

24. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS Marketplace Private Image Build
• Private Image Build enables customers to specify a gold image
and install AWS Marketplace software provided by the vendor
• The resulting private AMI is billed like any AWS Marketplace AMI
• Sign up for the preview by emailing awsmp-private-image@amazon.com
Gold AMI Software Private AMI Instance Pay for Usage
Customer
AWS Marketplace +
Systems Manager
AWS Service Catalog
Preview

25. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Building a Private Catalog
 Approved Selection
 Approved Access
 Approved Deployment
 Approved Tagging

26. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Building a Private Catalog
AWS Marketplace AWS Service Catalog
Build Validate Approve Distribute
Approved AppStack

27. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Introducing AWS Service Catalog
D e m o n s t r a t i o n

28. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS Service Catalog
Product Portfolio
Users/Groups
Product
Constraints
Provisioned Products
stack stack stack
Tags
Version1
CloudFormation
Template
Version2
CloudFormation
Template

29. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Enforcing Governance
Template Constraints
Restrict CloudFormation Parameters
Launch Constraints
Select Role & Permissions to Launch Product

30. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Parameter Store Backed Versions
SSM
Parameter
Store
Product
template
Product
template
Product
template Product
Product
Product
Portfolio
Portfolio
AMI ID

31. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Building and operating a private
catalog with AWS Service Catalog
D e m o n s t r a t i o n

32. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Building and operating a private
catalog with AWS Service Catalog
H a n d s o n L a b

33. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Security and AWS Marketplace
AWS is responsible for security OF the cloud
Customers are responsible for their security and compliance IN the cloud
AWS is responsible for security OF the AWS Marketplace
Customers are responsible for security and compliance of products
launched from AWS Marketplace

34. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Amazon Inspector
Vulnerability Assessment Service
Built to support DevSecOps
Automatable via APIs
On-Demand Pricing Model
Rules Packages
• Common Vulnerabilities & Exposures (CVEs)
• CIS Operating System Security Configuration Benchmarks
• Security best Practices
• Runtime Behavior Analysis
Amazon
Inspector
root volume
instance
security group
data volume
agent

35. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Using Amazon Inspector for Marketplace

36. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Using Amazon inspector to audit
security
D e m o n s t r a t i o n

37. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Using Amazon inspector to audit
security
H a n d s o n L a b

38. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Product Updates
Replace AMI Upgrade Software
instanceAMI
V1
instanceAMI
V2
instanceAMI
V1
V2 SW
Install

39. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Summary
AWS Marketplace AWS Service Catalog
Build Validate Approve Distribute
Approved AppStack

40. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
THANK YOU!