Suche senden
Hochladen
Virtual AWSome Day Training Sept 2017
•
34 gefällt mir
•
6,272 views
Amazon Web Services
Folgen
Melden
Teilen
Melden
Teilen
1 von 143
Empfohlen
AWS Foundational and Platform Services - Module 1 Parts 2 & 3 - AWSome Day 2017
AWS Foundational and Platform Services - Module 1 Parts 2 & 3 - AWSome Day 2017
Amazon Web Services
AWSome Day - 2018
AWSome Day - 2018
Amazon Web Services
AWSome Day Helsinki Training
AWSome Day Helsinki Training
Amazon Web Services
RDS and DynamoDB - Module 3 Part 2 - AWSome Day 2017
RDS and DynamoDB - Module 3 Part 2 - AWSome Day 2017
Amazon Web Services
AWSome Day Digital LATAM
AWSome Day Digital LATAM
Amazon Web Services LATAM
Migrate and Manage Workloads with Apps Associates
Migrate and Manage Workloads with Apps Associates
Amazon Web Services
AWSome Day Nashville 2018_Training
AWSome Day Nashville 2018_Training
Amazon Web Services
Module 2: AWS Infrastructure – Compute, Storage and Networking - AWSome Day O...
Module 2: AWS Infrastructure – Compute, Storage and Networking - AWSome Day O...
Amazon Web Services
Empfohlen
AWS Foundational and Platform Services - Module 1 Parts 2 & 3 - AWSome Day 2017
AWS Foundational and Platform Services - Module 1 Parts 2 & 3 - AWSome Day 2017
Amazon Web Services
AWSome Day - 2018
AWSome Day - 2018
Amazon Web Services
AWSome Day Helsinki Training
AWSome Day Helsinki Training
Amazon Web Services
RDS and DynamoDB - Module 3 Part 2 - AWSome Day 2017
RDS and DynamoDB - Module 3 Part 2 - AWSome Day 2017
Amazon Web Services
AWSome Day Digital LATAM
AWSome Day Digital LATAM
Amazon Web Services LATAM
Migrate and Manage Workloads with Apps Associates
Migrate and Manage Workloads with Apps Associates
Amazon Web Services
AWSome Day Nashville 2018_Training
AWSome Day Nashville 2018_Training
Amazon Web Services
Module 2: AWS Infrastructure – Compute, Storage and Networking - AWSome Day O...
Module 2: AWS Infrastructure – Compute, Storage and Networking - AWSome Day O...
Amazon Web Services
AWSome Day 2016 - Module 5: AWS Elasticity and Management Tools
AWSome Day 2016 - Module 5: AWS Elasticity and Management Tools
Amazon Web Services
Day 1 - Introduction to Cloud Computing with Amazon Web Services
Day 1 - Introduction to Cloud Computing with Amazon Web Services
Amazon Web Services
Module 5: AWS Elasticity and Management Tools - AWSome Day Online Conference
Module 5: AWS Elasticity and Management Tools - AWSome Day Online Conference
Amazon Web Services
Welcome - Keynote - AWSome Day Helsinki 2017
Welcome - Keynote - AWSome Day Helsinki 2017
Amazon Web Services
Introduction to aws
Introduction to aws
mounir kadri
AWSome Day Intro
AWSome Day Intro
Amazon Web Services
Getting Started with AWS
Getting Started with AWS
Amazon Web Services
Module 1: AWS Cloud Concepts, VPC, and Security Groups - Virtual AWSome Day J...
Module 1: AWS Cloud Concepts, VPC, and Security Groups - Virtual AWSome Day J...
Amazon Web Services
AWS 101 - Tel Aviv Summit 2018
AWS 101 - Tel Aviv Summit 2018
Amazon Web Services
Security Best Practices
Security Best Practices
Ian Massingham
Elasticity and Management
Elasticity and Management
Amazon Web Services
AWS Technical Essentials Day
AWS Technical Essentials Day
Amazon Web Services
Technical Essentials Training: AWS Innovate Ottawa
Technical Essentials Training: AWS Innovate Ottawa
Amazon Web Services
Deploy Golang WebApp dengan AWS App Runner
Deploy Golang WebApp dengan AWS App Runner
Rio Astamal
AWS 101
AWS 101
Amazon Web Services
AWSome Day 2016 - Module 2: Infrastructure Services
AWSome Day 2016 - Module 2: Infrastructure Services
Amazon Web Services
What is Cloud Computing with AWS?
What is Cloud Computing with AWS?
Amazon Web Services
AWS Canberra WWPS Summit 2013 - Cloud Computing with AWS: Introduction to AWS
AWS Canberra WWPS Summit 2013 - Cloud Computing with AWS: Introduction to AWS
Amazon Web Services
Getting Started on AWS - AWSome Day Dallas 2018
Getting Started on AWS - AWSome Day Dallas 2018
Amazon Web Services
Getting Started on AWS - AWSome Day 2018
Getting Started on AWS - AWSome Day 2018
Amazon Web Services
Bootcamp: Getting Started on AWS
Bootcamp: Getting Started on AWS
Amazon Web Services
AWSome Day Cork | Technical Track
AWSome Day Cork | Technical Track
Amazon Web Services
Weitere ähnliche Inhalte
Was ist angesagt?
AWSome Day 2016 - Module 5: AWS Elasticity and Management Tools
AWSome Day 2016 - Module 5: AWS Elasticity and Management Tools
Amazon Web Services
Day 1 - Introduction to Cloud Computing with Amazon Web Services
Day 1 - Introduction to Cloud Computing with Amazon Web Services
Amazon Web Services
Module 5: AWS Elasticity and Management Tools - AWSome Day Online Conference
Module 5: AWS Elasticity and Management Tools - AWSome Day Online Conference
Amazon Web Services
Welcome - Keynote - AWSome Day Helsinki 2017
Welcome - Keynote - AWSome Day Helsinki 2017
Amazon Web Services
Introduction to aws
Introduction to aws
mounir kadri
AWSome Day Intro
AWSome Day Intro
Amazon Web Services
Getting Started with AWS
Getting Started with AWS
Amazon Web Services
Module 1: AWS Cloud Concepts, VPC, and Security Groups - Virtual AWSome Day J...
Module 1: AWS Cloud Concepts, VPC, and Security Groups - Virtual AWSome Day J...
Amazon Web Services
AWS 101 - Tel Aviv Summit 2018
AWS 101 - Tel Aviv Summit 2018
Amazon Web Services
Security Best Practices
Security Best Practices
Ian Massingham
Elasticity and Management
Elasticity and Management
Amazon Web Services
AWS Technical Essentials Day
AWS Technical Essentials Day
Amazon Web Services
Technical Essentials Training: AWS Innovate Ottawa
Technical Essentials Training: AWS Innovate Ottawa
Amazon Web Services
Deploy Golang WebApp dengan AWS App Runner
Deploy Golang WebApp dengan AWS App Runner
Rio Astamal
AWS 101
AWS 101
Amazon Web Services
AWSome Day 2016 - Module 2: Infrastructure Services
AWSome Day 2016 - Module 2: Infrastructure Services
Amazon Web Services
What is Cloud Computing with AWS?
What is Cloud Computing with AWS?
Amazon Web Services
AWS Canberra WWPS Summit 2013 - Cloud Computing with AWS: Introduction to AWS
AWS Canberra WWPS Summit 2013 - Cloud Computing with AWS: Introduction to AWS
Amazon Web Services
Getting Started on AWS - AWSome Day Dallas 2018
Getting Started on AWS - AWSome Day Dallas 2018
Amazon Web Services
Getting Started on AWS - AWSome Day 2018
Getting Started on AWS - AWSome Day 2018
Amazon Web Services
Was ist angesagt?
(20)
AWSome Day 2016 - Module 5: AWS Elasticity and Management Tools
AWSome Day 2016 - Module 5: AWS Elasticity and Management Tools
Day 1 - Introduction to Cloud Computing with Amazon Web Services
Day 1 - Introduction to Cloud Computing with Amazon Web Services
Module 5: AWS Elasticity and Management Tools - AWSome Day Online Conference
Module 5: AWS Elasticity and Management Tools - AWSome Day Online Conference
Welcome - Keynote - AWSome Day Helsinki 2017
Welcome - Keynote - AWSome Day Helsinki 2017
Introduction to aws
Introduction to aws
AWSome Day Intro
AWSome Day Intro
Getting Started with AWS
Getting Started with AWS
Module 1: AWS Cloud Concepts, VPC, and Security Groups - Virtual AWSome Day J...
Module 1: AWS Cloud Concepts, VPC, and Security Groups - Virtual AWSome Day J...
AWS 101 - Tel Aviv Summit 2018
AWS 101 - Tel Aviv Summit 2018
Security Best Practices
Security Best Practices
Elasticity and Management
Elasticity and Management
AWS Technical Essentials Day
AWS Technical Essentials Day
Technical Essentials Training: AWS Innovate Ottawa
Technical Essentials Training: AWS Innovate Ottawa
Deploy Golang WebApp dengan AWS App Runner
Deploy Golang WebApp dengan AWS App Runner
AWS 101
AWS 101
AWSome Day 2016 - Module 2: Infrastructure Services
AWSome Day 2016 - Module 2: Infrastructure Services
What is Cloud Computing with AWS?
What is Cloud Computing with AWS?
AWS Canberra WWPS Summit 2013 - Cloud Computing with AWS: Introduction to AWS
AWS Canberra WWPS Summit 2013 - Cloud Computing with AWS: Introduction to AWS
Getting Started on AWS - AWSome Day Dallas 2018
Getting Started on AWS - AWSome Day Dallas 2018
Getting Started on AWS - AWSome Day 2018
Getting Started on AWS - AWSome Day 2018
Ähnlich wie Virtual AWSome Day Training Sept 2017
Bootcamp: Getting Started on AWS
Bootcamp: Getting Started on AWS
Amazon Web Services
AWSome Day Cork | Technical Track
AWSome Day Cork | Technical Track
Amazon Web Services
AWSome Day Glasgow | Technical Track
AWSome Day Glasgow | Technical Track
Amazon Web Services
AWSome Day Leeds
AWSome Day Leeds
Amazon Web Services
Awsome Day Brussels - Training and Introduction
Awsome Day Brussels - Training and Introduction
Amazon Web Services
Networking and Security
Networking and Security
Amazon Web Services
AWSome Day Dublin - June 2016
AWSome Day Dublin - June 2016
Amazon Web Services
AWSome Day Intro
AWSome Day Intro
Amazon Web Services
Introduction to AWS OutIntroduction to AWS Outposts - CMP203 - Chicago AWS Su...
Introduction to AWS OutIntroduction to AWS Outposts - CMP203 - Chicago AWS Su...
Amazon Web Services
EC2_and_VPC_workshop
EC2_and_VPC_workshop
Amazon Web Services
Cloudcomputing module1part1-awsomeday2017-170201182604
Cloudcomputing module1part1-awsomeday2017-170201182604
Dinesh Pandey
Introduction to AWS and Cloud Computing - Module 1 Part 1 - AWSome Day 2017
Introduction to AWS and Cloud Computing - Module 1 Part 1 - AWSome Day 2017
Amazon Web Services
AWS Networking Fundamentals - SVC304 - Anaheim AWS Summit
AWS Networking Fundamentals - SVC304 - Anaheim AWS Summit
Amazon Web Services
Fundamentals of AWS networking - SVC303 - Atlanta AWS Summit
Fundamentals of AWS networking - SVC303 - Atlanta AWS Summit
Amazon Web Services
AWS Outposts Update
AWS Outposts Update
AWS Daily News
AWS SSA Webinar 7 - Getting Started on AWS
AWS SSA Webinar 7 - Getting Started on AWS
Cobus Bernard
AWS Networking Fundamentals
AWS Networking Fundamentals
Amazon Web Services
awsomedaymodules14gettingstartedwithaws161013161135convertedpptx__2022_01_10_...
awsomedaymodules14gettingstartedwithaws161013161135convertedpptx__2022_01_10_...
himanipatel524244
AWSome Day 2019 - New Jersey
AWSome Day 2019 - New Jersey
Amazon Web Services
Building Well-Architected .NET Applications on AWS (WIN326) - AWS re:Invent 2018
Building Well-Architected .NET Applications on AWS (WIN326) - AWS re:Invent 2018
Amazon Web Services
Ähnlich wie Virtual AWSome Day Training Sept 2017
(20)
Bootcamp: Getting Started on AWS
Bootcamp: Getting Started on AWS
AWSome Day Cork | Technical Track
AWSome Day Cork | Technical Track
AWSome Day Glasgow | Technical Track
AWSome Day Glasgow | Technical Track
AWSome Day Leeds
AWSome Day Leeds
Awsome Day Brussels - Training and Introduction
Awsome Day Brussels - Training and Introduction
Networking and Security
Networking and Security
AWSome Day Dublin - June 2016
AWSome Day Dublin - June 2016
AWSome Day Intro
AWSome Day Intro
Introduction to AWS OutIntroduction to AWS Outposts - CMP203 - Chicago AWS Su...
Introduction to AWS OutIntroduction to AWS Outposts - CMP203 - Chicago AWS Su...
EC2_and_VPC_workshop
EC2_and_VPC_workshop
Cloudcomputing module1part1-awsomeday2017-170201182604
Cloudcomputing module1part1-awsomeday2017-170201182604
Introduction to AWS and Cloud Computing - Module 1 Part 1 - AWSome Day 2017
Introduction to AWS and Cloud Computing - Module 1 Part 1 - AWSome Day 2017
AWS Networking Fundamentals - SVC304 - Anaheim AWS Summit
AWS Networking Fundamentals - SVC304 - Anaheim AWS Summit
Fundamentals of AWS networking - SVC303 - Atlanta AWS Summit
Fundamentals of AWS networking - SVC303 - Atlanta AWS Summit
AWS Outposts Update
AWS Outposts Update
AWS SSA Webinar 7 - Getting Started on AWS
AWS SSA Webinar 7 - Getting Started on AWS
AWS Networking Fundamentals
AWS Networking Fundamentals
awsomedaymodules14gettingstartedwithaws161013161135convertedpptx__2022_01_10_...
awsomedaymodules14gettingstartedwithaws161013161135convertedpptx__2022_01_10_...
AWSome Day 2019 - New Jersey
AWSome Day 2019 - New Jersey
Building Well-Architected .NET Applications on AWS (WIN326) - AWS re:Invent 2018
Building Well-Architected .NET Applications on AWS (WIN326) - AWS re:Invent 2018
Mehr von Amazon Web Services
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Amazon Web Services
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Amazon Web Services
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
Amazon Web Services
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
Amazon Web Services
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
Amazon Web Services
Open banking as a service
Open banking as a service
Amazon Web Services
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Amazon Web Services
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
Amazon Web Services
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Amazon Web Services
Computer Vision con AWS
Computer Vision con AWS
Amazon Web Services
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
Amazon Web Services
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Amazon Web Services
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
Amazon Web Services
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Amazon Web Services
Tools for building your MVP on AWS
Tools for building your MVP on AWS
Amazon Web Services
How to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
Amazon Web Services
Building a web application without servers
Building a web application without servers
Amazon Web Services
Fundraising Essentials
Fundraising Essentials
Amazon Web Services
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
Amazon Web Services
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
Amazon Web Services
Mehr von Amazon Web Services
(20)
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
Open banking as a service
Open banking as a service
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Computer Vision con AWS
Computer Vision con AWS
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Tools for building your MVP on AWS
Tools for building your MVP on AWS
How to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
Building a web application without servers
Building a web application without servers
Fundraising Essentials
Fundraising Essentials
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
Virtual AWSome Day Training Sept 2017
1.
1© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. AWS Technical Essentials Welcome to AWSome day
2.
2© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. Introductions and Logistics Ø The purpose of the webinar Ø About the presenter Ø Navigating the webinar system Ø How we will handle the questions Ø The schedule
3.
3© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. Agenda MODULE ONE (60 minutes): Ø AWS and Cloud Computing Ø Foundational Services Ø Platform Servicers Break MODULE TWO (60 minutes): Ø Virtual Private Cloud (VPC) Ø Elastic Compute (EC2) Ø AWS Console Demo Break MODULE THREE (60 minutes): Ø Relational Database Service (RDS) and DynamoDB Ø Simple Storage Service (S3) Ø Identity And Access Management (IAM) Ø Closing remarks on the future of cloud computing (Lambda)
4.
4© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. AWS Technical Essentials Navigating the webinar
5.
5© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. Introduction to Amazon Web Services (AWS) and Cloud Computing
6.
6© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. Amazon History 1994: Jeff Bezos Incorporated the Company 1995: Amazon.com Launched Online Bookstore 2005: Amazon Publishing Launched 2006: Amazon Web Services (AWS) Launched 2007: Kindle Launched 2011: Amazon Fresh Launched 2012: Amazon Game Studios Launched 2013: Amazon Art Launched 2014: Amazon Prime Now Launched 2015: Amazon Home Services & Amazon Echo Launched
7.
7© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. What is cloud computing? Cloud computing is on-demand delivery of IT resources and applications via the Internet with pay-as-you-go pricing.
8.
8© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. Measured Service Pay for services as you go. Electrical services analogy
9.
9© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. Amazon Web Services (AWS) ComputeMessaging Mobile App Services Database Networking Development and Management Tools Payments VPC On-Demand Workforce Analytics Content Delivery Storage Enable businesses and developers to use web services to build scalable, sophisticated applications.
10.
10© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. AWS Core Infrastructure and Services AWS Technical Essentials 3.8 ILT Security Network Security Network Security Groups NACLs Access Mgmt VPCVPC EC2 “Classic” “Public ” ELB On-Demand Provision Traditional Infrastructure Amazon Web Services Servers AMI Amazon EC2 InstancesOn-Premises Servers Security Security Groups NACLs AWS IAMFirewalls ACLs Administrators Networking VPCELBRouter Network Pipeline Switch Storage and Database RDBMSDAS SAN NAS Amazon EBS Amazon EFS Amazon S3 Amazon RDS
11.
11© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. Six Advantages & Benefits of AWS Cloud Computing Trade capital expense for variable expense. Benefit from massive economies of scale. Stop guessing capacity. Go global in minutes. Increase speed and agility. Stop spending money on running and maintaining data centers.
12.
12© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. AWS Direct Connect AWS Elastic Beanstalk AWS GovCloud Amazon CloudTrail Amazon S3 Amazon WorkSpaces Amazon Kinesis Amazon AppStream Amazon SNS AWS IAM Amazon Route 53 Amazon SWF Amazon Redshift Amazon Dynamo DB Amazon CloudSearch AWS Data Pipeline Trusted Advisor AWS KMS Amazon Config Amazon RDS for Aurora Amazon WorkDocs AWS Directory Service AWS CodeCommit AWS CodePipeline AWS Service Catalog Amazon CloudWatch Logs Amazon EFS Amazon API Gateway Amazon Machine Learning AWS Device Farm AWS Web App Firewall Amazon Elasticsearch Service Amazon QuickSight AWS Import/Export Snowball RDS for MariaDB Amazon Inspector AWS IoT Amazon EC2 Container Registry Amazon ElastiCache AWS CloudFormation Amazon Mobile Analytics AWS Mobile Hub AWS Storage Gateway AWS OpsWorks AWS Elastic Transcoder Amazon SES Amazon EC2 Container Service Amazon Cognito AWS CodeDeploy Glacier* As of 1 February 2016 Amazon WorkMail AWS Lambda 1,950Services and Features
13.
13© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. On-Demand Self Services & Broad Network Access User provisions computing resources as needed. User interacts with cloud service provider through an online control panel. Clear solutions are available through a variety of network- connected devices and over varying platforms. Internetclient mobile client
14.
14© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. AWS Global Infrastructure Region & Number of Availability Zones New Region (coming soon)
15.
15© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. High Availability Using Multi-AZ Deployments Availability Zone - A Availability Zone - B Availability Zone - C Region
16.
16© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. AWS Global Infrastructure – Edge Locations • 70* edge locations • Local points of presence that support AWS services like: Amazon Route 53 Amazon CloudFront AWS WAF AWS Shield *as of March 2017
17.
17© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. AWS Global Infrastructure Regions Geographic locations Consists of at least two Availability Zones(AZs) Availability Zones Clusters of data centers Isolated from failures in other Availability Zones
18.
18© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. AWS Global Infrastructure At least 2 AZs per region. Examples: Ø US East (N. Virginia) • us-east-1a • us-east-1b • us-east-1c • us-east-1d • us-east-1e Ø Asia Pacific (Tokyo) • ap-northeast-1a • ap-northeast-1b • ap-northeast-1c Note: Conceptual drawing only. The number of Availability Zones (AZ) may vary. US East (VA) AZ - A AZ - B AZ - C AZ - D AZ - E Asia Pacific (Tokyo) AZ - A AZ - B AZ - C
19.
19© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. Knowledge Check Q: What is the AWS term for physically distinct groups of data centers within a region? True or False: There are more regions than Edge locations. True or False: AWS owns and maintains the infrastructure required for application services and you provision and use them as needed. Q: How do AZs in the same region differ? Availability Zone (AZ). False. True. Each Availability Zone is isolated, but the Availability Zones in a region are connected through low-latency links.
20.
20© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. AWS Foundation Services Compute Amazon EC2 Network Amazon CloudFront Amazon Route 53 Amazon VPC AWS Direct Connect Elastic Load Balancing Storage Amazon EFS Amazon Glacier Amazon S3 AWS Snowball AWS Storage Gateway Security & Identity Amazon Inspector AWS Artifact AWS Certificate Manager AWS CloudHSM AWS Directory Service IAM AWS KMS AWS Organizations AWS Shield AWS WAF Applications Amazon WorkDocs Amazon WorkMail Amazon AppStream Amazon WorkSpaces Amazon EC2 Container Registry Amazon EC2 Container Service Amazon Lightsail Amazon VPC AWS Batch AWS Elastic Beanstalk AWS Lambda Elastic Load Balancing
21.
21© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. AWS Platform Services Databases Amazon DynamoDB Analytics Amazon Athena Application Services Amazon API Gateway Management Tools Amazon RDS Amazon ElastiCache Amazon Redshift Amazon Redshift Amazon CloudSearch Amazon EMR Amazon ES Amazon Kinesis Amazon QuickSight Amazon AppStream 2.0 Amazon Elastic Transcoder Amazon SWF AWS Step Functions Amazon CloudWatch AWS CloudFormation AWS CloudTrail AWS Config AWS Managed Services AWS OpsWorks AWS Service Catalog AWS Trusted Advisor Developer Tools AWS CodeBuild AWS CodeCommit AWS CodeDeploy AWS CodePipeline AWS X-Ray Mobile Services Amazon API Gateway Amazon Cognito Amazon Mobile Analytics Amazon Pinpoint AWS Device Farm AWS Mobile Hub Internet of Things AWS IoT AWS Greengrass
22.
22© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. Your private network in AWS VPC
23.
23© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. EC2 Instance
24.
24© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. 172.31.0.128 172.31.0.129 172.31.1.24 172.31.1.27 54.4.5.6 54.2.3.4
25.
25© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. Creating an Internet-connected VPC: steps Choosing an address range Setting up subnets in Availability Zones Creating a route to the Internet Authorizing traffic to/from the VPC
26.
26© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. Choosing an IP address range
27.
27© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. What is an Internet Protocol address? An IP address is FOUR numbers (octets*) separated by the period symbol. 192.168.90.0
28.
28© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. Choosing an IP address range for your VPC 172.31.0.0/16 Recommended: RFC1918 range
29.
29© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. Subnets
30.
30© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. VPC subnets and Availability Zones 172.31.0.0/16 Availability Zone Availability Zone Availability Zone VPC subnet VPC subnet VPC subnet 172.31.0.0/24 172.31.1.0/24 172.31.2.0/24 eu-west-1a eu-west-1b eu-west-1c
31.
31© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. Route to the Internet
32.
32© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. Routing in your VPC • Route tables contain rules for which packets go where • Your VPC has a default route table • … but you can assign different route tables to different subnets
33.
33© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. Traffic destined for my VPC stays in my VPC
34.
34© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. Internet Gateway Send packets here if you want them to reach the Internet
35.
35© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. Everything that isn’t destined for the VPC: Send to the Internet
36.
36© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. Network security in VPC: Network ACLs / Security Groups
37.
37© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. Network ACLs: Stateless firewalls English translation: Allow all traffic in Can be applied on a subnet basis
38.
38© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. “MyWebServers” Security Group “MyBackends” Security Group Allow only “MyWebServers” Security Groups follow application structure
39.
39© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. Security Groups example: web servers In English: Hosts in this group are reachable from the Internet on port 80 (HTTP)
40.
40© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. Security Groups example: backends In English: Only instances in the MyWebServers Security Group can reach instances in this Security Group
41.
41© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. Security Groups in VPC: additional notes • Follow the Principle of Least Privilege • VPC allows creation of egress as well as ingress Security Group rules • Many application architectures lend themselves to a 1:1 relationship between Security Groups (who can reach me) and IAM roles (what I can do).
42.
42© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. Connectivity options for VPCs
43.
43© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. Beyond Internet connectivity Restricting Internet access Connecting to your corporate network Connecting to other VPCs
44.
44© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. Restricting Internet access: Routing by subnet
45.
45© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. Routing by subnet VPC subnet VPC subnet Has route to Internet Has no route to Internet
46.
46© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. Outbound-only Internet access: NAT Gateway VPC subnet VPC subnet 0.0.0.0/0 0.0.0.0/0 Public IP: 54.161.0.39 NAT Gateway
47.
47© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. Inter-VPC connectivity: VPC peering
48.
48© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. Example VPC peering use: shared services VPC Common/core services ØAuthentication/directory ØMonitoring ØLogging ØRemote administration ØScanning
49.
49© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. Security Groups across peered VPCs VPC Peering 172.31.0.0/16 10.55.0.0/16 Orange Security Group Blue Security Group ALLOW
50.
50© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. Establish a VPC peering: initiate request 172.31.0.0/16 10.55.0.0/16 Step 1 Initiate peering request
51.
51© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. Establish a VPC peering: accept request 172.31.0.0/16 10.55.0.0/16 Step 1 Initiate peering request Step 2 Accept peering request
52.
52© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. Establish a VPC peering: create route 172.31.0.0/16 10.55.0.0/16Step 1 Initiate peering request Step 2 Accept peering request Step 3 Create routes In English: Traffic destined for the peered VPC should go to the peering
53.
53© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. Connecting to on-premises networks: Virtual Private Network & Direct Connect
54.
54© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. Extend an on-Premises network into your VPC VPN Direct Connect
55.
55© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. AWS VPN basics Customer Gateway Virtual Gateway Two IPSec tunnels 192.168.0.0/16 172.31.0.0/16 192.168/16 Your networking device
56.
56© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. VPN and Amazon Direct Connect • Both allow secure connections between your network and your VPC • VPN is a pair of IPSec tunnels over the Internet • DirectConnect is a dedicated line with lower per-GB data transfer rates • For highest availability: Use both
57.
57© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. VPC and the rest of AWS
58.
58© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. AWS services in your VPC
59.
59© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. Example: Amazon RDS database in your VPC Reachable via DNS Name: mydb-cluster-1 ….us-west-2.rds.amazonaws.com
60.
60© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. VPC Endpoints for S3
61.
61© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. S3 and your VPC S3 Bucket Your applications Your data
62.
62© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. AWS VPC Endpoints for S3 S3 Bucket
63.
63© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. AWS VPC Endpoints for S3 S3 Bucket Route S3-bound traffic to the VPCE
64.
64© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. IAM Policy for VPC Endpoints S3 Bucket IAM Policy at VPC Endpoint: Restrict actions of VPC in S3 IAM Policy at S3 Bucket: Make accessible from VPC Endpoint only
65.
65© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. VPC Flow Logs: VPC traffic metadata in Amazon CloudWatch Logs
66.
66© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. VPC Flow Logs Visibility into effects of Security Group rules Troubleshooting network connectivity Ability to analyze traffic
67.
67© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. VPC Flow Logs: setup VPC traffic metadata captured in CloudWatch Logs
68.
68© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. VPC Flow Logs data in CloudWatch Logs Who’s this? # dig +short -x 109.236.86.32 internetpolice.co. REJECT UDP Port 53 = DNS
69.
69© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. VPC: your private network in AWS
70.
70© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. Amazon Elastic Compute Cloud (EC2)
71.
71© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. Amazon Elastic Compute Cloud (EC2) Resizable compute capacity Complete control of your computing resources Reduces the time required to obtain and boot new server instances to minutesAmazon EC2
72.
72© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. Amazon EC2 Facts Scale capacity as your computing requirements change Pay only for capacity that you actually use Choose Linux or Windows Deploy across AWS Regions and Availability Zones for reliability
73.
73© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. Launching an Amazon EC2 Instance via the Web Console 1. Determine the AWS Region in which you want to launch the Amazon EC2 instance. 2. Launch an Amazon EC2 instance from a pre-configured Amazon Machine Image (AMI). 3. Choose an instance type based on CPU, memory, storage, and network requirements. 4. Configure network, IP address, security groups, storage volume, tags, and key pair.
74.
74© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. AMI Details An AMI includes the following: A template for the root volume for the instance (for example, an operating system, an application server, and applications). Launch permissions that control which AWS accounts can use the AMI to launch instances. A block device mapping that specifies the volumes to attach to the instance when it's launched.
75.
75© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. Instances and AMIs Select an AMI based on: Region Operating system Architecture (32-bit or 64-bit) Launch permissions Storage for the root device AMI Instances Instance Launch instances of any type Host computer Host computer
76.
76© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. AWS Marketplace – IT Software Optimized for the Cloud AWS Marketplace: Is an online store to discover, purchase, and deploy IT software on top of the AWS infrastructure. Ø Catalog of 2300+ IT software solutions • Including Paid, BYOL, Open Source, SaaS, & free to try options Ø Pre-configured to operate on AWS • Software checked by AWS for security and operability Ø Deploys to AWS environment in minutes Ø Flexible, usage-based billing models Ø Software charges billed to AWS account Includes AWS Test Drive. https://aws.amazon.com/marketplace
77.
77© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. Amazon EC2 Instances OS, Applications, & Configuration AMI Running or Stopped VM Instances AZ VPC Region EBS S3 EBS Snapshots S3 Buckets EBS EBS EBS EBS EBS AZ Instances Instances
78.
78© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. Amazon EBS vs. Amazon EC2 Instance Store Amazon EBS Ø Data stored on an Amazon EBS volume can persist independently of the life of the instance. Ø Storage is persistent. Amazon EC2 Instance Store Ø Data stored on a local instance store persists only as long as the instance is alive. Ø Storage is ephemeral.
79.
79© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. Choosing the Right Amazon EC2 Instance EC2 instance types are optimized for different use cases and come in multiple sizes. This allows you to optimally scale resources to your workload requirements. AWS uses Intel® Xeon® processors for EC2 instances, providing customers with high performance and value. Consider the following when choosing your instances: Core count, memory size, storage size and type, network performance, and CPU technologies. Hurry Up and Go Idle - A larger compute instance can save you time and money, therefore paying more per hour for a shorter amount of time can be less expensive.
80.
80© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. Get the Intel® Advantage Intel’s latest 22nm Haswell microarchitecture on new C4 instances, with custom Intel® Xeon® v3 processors, provides new features: Haswell microarchitecture has better branch prediction; greater efficiency at prefetching instructions and data; along with other improvements that can boost existing applications’ performance by 30% or more P state and C state control provides the ability to individually tune each cores performance and sleep states to improve application performance Intel® AVX2.0 instructions can double the floating-point performance for compute-intensive workloads over Intel® AVX, and provide additional instructions useful for compression and encryption
81.
81© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. Intel® Processor Technologies Intel® AVX – Get dramatically better performance for highly parallel HPC workloads such as life science engineering, data mining, financial analysis, or other technical computing applications. AVX also enhances image, video, and audio processing. Intel® AES-NI – Enhance your security with these new encryption instructions that reduce the performance penalty associated with encrypting/decrypting data. Intel® Turbo Boost Technology – Get more computing power when you need it with performance that adapts to spikes in your workload with Intel® Turbo Boost Technology 2.0
82.
82© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. Burstable Balanced Compute Memory GPU I/O Storage AWS Instance Type T2 M4 C4 R3 G2 I2 D2 Intel® processor Intel® Xeon® family Intel® Xeon® E5-2676 v3 Intel® Xeon® E5-2666 v3 Intel® Xeon® E5-2670 v2 Intel® Xeon® E5-2670 Intel® Xeon® E5-2670 v2 Intel® Xeon® E5-2676 v3 Intel® process technology 22nm Haswell 22nm Haswell 22nm Ivy Bridge 32nm Sandy Bridge 22nm Ivy Bridge 22nm Haswell Intel® AVX Intel® AVX2 Intel® Turbo Boost Storage EBS only EBS only EBS only SSD SSD SSD HDD EC2 Instances with Intel® Technologies
83.
83© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. Current Generation Instances Instance Family Some Use Cases General purpose (t2, m4, m3) • Low-traffic websites and web applications • Small databases and mid-size databases Compute optimized (c4, c3) • High performance front-end fleets • Video-encoding Memory optimized (r3) • High performance databases • Distributed memory caches Storage optimized (i2, d2) • Data warehousing • Log or data-processing applications GPU instances (g2) • 3D application streaming • Machine learning
84.
84© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. Instance Metadata & User Data Instance Metadata: Is data about your instance. Can be used to configure or manage a running instance. Instance User Data: Can be passed to the instance at launch. Can be used to perform common automated configuration tasks. Runs scripts after the instance starts.
85.
85© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. Retrieving Instance Metadata To view all categories of instance metadata from within a running instance, use the following URI: http://169.254.169.254/latest/meta- data/ On a Linux instance, you can use: Ø $ curl http://169.254.169.254/latest/meta-data/ Ø $ GET http://169.254.169.254/latest/meta-data/ All metadata is returned as text (content type text/plain).
86.
86© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. Adding User Data You can specify user data when launching an instance. User data can be: Ø Linux script – executed by cloud-init Ø Windows batch or PowerShell scripts – executed by EC2Config service User data scripts run once per instance-id by default.
87.
87© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. User Data Example Linux #!/bin/sh yum -y install httpd chkconfig httpd on /etc/init.d/httpd start User data shell scripts must start with the #! characters and the path to the interpreter you want to read the script. Install Apache web server Enable the web server Start the web server
88.
88© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. User Data Example Windows <powershell> Import-Module ServerManager Install-WindowsFeature web-server, web-webserver Install-WindowsFeature web-mgmt-tools </powershell> Import the Server Manager module for Windows PowerShell. Install IIS Install Web Management Tools
89.
89© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. Retrieving User Data To retrieve user data, use the following URI: http://169.254.169.254/ latest/user-data On a Linux instance, you can use: Ø $ curl http://169.254.169.254 /latest/user-data/ Ø $ GET http://169.254.169.254 /latest/user-data/
90.
90© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. Amazon EC2 Purchasing Options On-Demand Instances Pay by the hour. Reserved Instances Purchase at significant discount. Instances are always available. 1-year to 3-year terms. Scheduled Instances Purchase a 1- year RI for a recurring period of time. Spot Instances Highest bidder uses instance at a significant discount. Spot blocks supported. Dedicated Hosts Physical host is fully dedicated to run your instances. Bring your per-socket, per-core, or per- VM software licenses to reduce cost.
91.
91© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. AWS Technical Essentials Console demo
92.
92© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. RDS and DynamoDB Managed Databases
93.
93© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. Data Storage Considerations No one size fits all. Analyze your data requirements by considering: Ø Data formats Ø Data size Ø Query frequency Ø Data access speed Ø Data retention period
94.
94© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. SQL and NoSQL Databases SQL NoSQL Data Storage Rows and Columns Key-Value Schemas Fixed Dynamic Querying Using SQL Focused on collection of documents Scalability Vertical Horizontal ISBN Title Author Format 9182932465265 Cloud Computing Concepts Wilson, Joe Paperback 3142536475869 The Database Guru Gomez, Maria eBook SQL NoSQL { ISBN: 9182932465265, Title: “Cloud Computing Concepts”, Author: “Wilson, Joe”, Format: “Paperback” }
95.
95© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. Amazon Relational Database Service (RDS) Cost-efficient and resizable capacity Manages time-consuming database administration tasks Access to the full capabilities of Amazon Aurora, MySQL, MariaDB, Microsoft SQL Server, Oracle, and PostgreSQL databases Amazon RDS
96.
96© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. Amazon RDS Simple and fast to deploy Manages common database administrative tasks Compatible with your applications Fast, predictable performance Simple and fast to scale Secure Cost-effective
97.
97© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. How Amazon RDS Backups Work Automatic Backups: Ø Restore your database to a point in time. Ø Are enabled by default. Ø Let you choose a retention period up to 35 days. Manual Snapshots: Ø Let you build a new database instance from a snapshot. Ø Are initiated by the user. Ø Persist until the user deletes them. Ø Are stored in Amazon S3.
98.
98© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. Cross-Region Snapshots Are a copy of a database snapshot stored in a different AWS Region. Provide a backup for disaster recovery. Can be used as a base for migration to a different region.
99.
99© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. Amazon RDS Security Run your DB instance in an Amazon VPC. Use IAM policies to grant access to Amazon RDS resources. Use security groups. Use Secure Socket Layer (SSL) connections with DB instances (Amazon Aurora, Oracle, MySQL, MariaDB, PostgreSQL, Microsoft SQL Server). Use Amazon RDS encryption to secure your RDS instances and snapshots at rest. Use network encryption and transparent data encryption (TDE) with Oracle DB and Microsoft SQL Server instances. Use the security features of your DB engine to control access to your DB instance.
100.
100© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. A Simple Application Architecture Amazon RDS database instance Amazon EC2 Application Servers Elastic Load Balancing load balancer instance DB snapshots in Amazon S3
101.
101© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. Multi-AZ RDS Deployment With Multi-AZ operation, your database is synchronously replicated to another AZ in the same AWS Region. Failover automatically occurs to the standby in case of master database failure. Planned maintenance is applied first to standby databases.
102.
102© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. A Resilient, Durable Application Architecture Amazon RDS database instances: Master and Multi-AZ standby Application, in Amazon EC2 instances Elastic Load Balancing load balancer instance DB snapshots in Amazon S3
103.
103© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. Amazon DynamoDB Store any amount of data with no limits Fast, predictable performance using SSDs Easily provision and change the request capacity needed for each table Fully managed, NoSQL database service Amazon DynamoDB
104.
104© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. Provisioned Throughput You specify how much provisioned throughput capacity you need for reads and writes. Amazon DynamoDB allocates the necessary machine resources to meet your needs. Read capacity unit: Ø One strongly consistent read per second for items as large as 4 KB. Ø Two eventually consistent reads per second for items as large as 4 KB. Write capacity unit: Ø One write per second for items as large as 1 KB.
105.
105© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. DynamoDB Use Case AdRoll, an online advertising platform, serves 50 billion impressions a day worldwide with its global retargeting platforms. We spend more on snacks than we do on Amazon DynamoDB. Valentino Volonghi CTO, Adroll ” “ Adroll Uses AWS to grow by more than 15,000% in a year Needed high-performance, flexible platform to swiftly sync data for worldwide audience Processes 50 TB of data a day Serves 50 billion impressions a day Stores 1.5 PB of data Worldwide deployment minimizes latency
106.
106© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. Simple Application Architecture Elastic Load Balancing Amazon EC2 app instances Clients Amazon DynamoDB Business logic
107.
107© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. DynamoDB Data Model Table: Music Items Attributes (name-value pairs) Artist Song Title Album Title Year Genre
108.
108© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. Primary Keys Partition Key Sort Key Table: Music Partition Key: Artist Sort Key: Song Title (DynamoDB maintains a sorted index for both keys) Table: Music Artist Song Title Album Title Year Genre
109.
109© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. Global Secondary Index Choose which attributes to project (if any) Table: Music Partition Key: Artist Sort Key: Song Title GSI: MusicGSI Partition Key: Genre Sort Key: Year Table: Music Artist Song Title Album Title Year Genre Genre Year Song Title
110.
110© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. Database Considerations If You Need Consider Using A relational database service with minimal administration Amazon RDS • Choice of Amazon Aurora, MySQL, MariaDB, Microsoft SQL Server, Oracle, or PostgreSQL database engines • Scale compute and storage • Multi-AZ availability A fast, highly scalable NoSQL database service Amazon DynamoDB • Extremely fast performance • Seamless scalability and reliability • Low cost A database you can manage on your own Your choice of AMIs on Amazon EC2 and Amazon EBS that provide scale compute and storage, complete control over instances, and more.
111.
111© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. Amazon S3
112.
112© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. Amazon S3 • Provides simple web services interface to store and retrieve any amount of data. • Can be accessed at any time from anywhere on the web. • Provides highly secure, durable, and scalable object storage. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
113.
113© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. Use Cases • Content storage and distribution • Backup and archiving • Big data analytics • Static website hosting • Disaster recovery © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
114.
114© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. Key Concepts © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
115.
115© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. Introduction to S3 Buckets • Data is stored in S3 buckets as objects. • Bucket names must be globally unique. Ø Follow simple naming rules for buckets. • Use 3 to 63 characters. • Use only lower case letters (at least one), numbers, and hyphens (-). • Do not use period (.) character in bucket name. • Buckets can be versioning-enabled. • Buckets are associated with regions. Ø Choose region based on latency, cost, and regulatory requirements. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
116.
116© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. Introduction to S3 Objects Each object has a unique key. Ø Key encoding: UTF-8 Ø Maximum key length: 1024 bytes Ø Safe characters in key name • Alphanumeric characters [0-9a-zA-Z] • Special characters ! - _ . * ‘ / An object has associated metadata. Object Key Examples • SomeDocument.doc • prog/java/collections.htm • 94531/xstreet/JohnSmith.pdf In versioning-enabled buckets, each object has a version ID. Key: collections.htm Version ID:111111 Key: collections.htm Version ID:1222222 © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
117.
117© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. URLs for S3 Objects Path-style URL Ø Structure: http://<region-specific endpoint>/<bucket name>/<object name> Ø Example: http://s3-eu-west-1.amazonaws.com/gogreen/sensordata.html Virtual hosted-style URL Ø Structure: http://<bucketname>.s3.amazonaws.com/<object key> Ø Example: http://gogreen.s3.amazonaws.com/sensordata.html Ø Example: http://www.example.com/sensordata.html (DNS name configured as a CNAME alias for www.example.com.s3.amazonaws.com) gogreen Bucket name is www.example.com to match domain name. Works only with HTTP URLs. www.example.com © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
118.
118© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. Operations on Objects: Put • Upload object • Copy object Ø Use copy operation to • Create copies of an object. • Rename objects by creating a copy and deleting the original object. • Move objects across S3 locations. • Update object metadata. Size < 5 GB > 5 GB < 5 TB Size Single upload Multipart upload Recommended if size > 100 MB © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
119.
119© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. Operations on Objects: Get Retrieve a whole object or part of an object Get complete object Get range of bytes © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
120.
120© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. Operations on Buckets: List Keys Prefix: 2014/ 2014/score/english/john.txt 2014/score/english/sam.txt 2014/score/math/john.txt 2014/score/math/sam.txt 2014/score/summary.txt • List object keys by prefix and delimiter • Determine common prefixes Prefix: 2014/score/ Delimiter: / 2014/score/summary.txt Get Common Prefixes 2014/score/english/ 2014/score/math/ List Keys for 2014 List Key for 2014 Score Summary Find Subjects For Which Scores Exist Bucket name: scores 2014/score/english/john.txt 2014/score/english/sam.txt 2014/score/math/john.txt 2014/score/math/sam.txt 2014/score/summary.txt overallsummary.txt © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
121.
121© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. Operations on Objects: Delete Delete one or more objects. Key: jazz.mp3 Version ID:111111 Key: jazz.mp3 Version ID:2222222 DELETE MARKER Key: jazz.,mp3 Version ID:3333333 Delete key: jazz.mp3 Key: jazz.mp3 Version ID:111111 Key: jazz.,mp3 Version ID:2222222 Delete Key: jazz.mp3 Version ID:2222222 Key: jazz.mp3 Delete Key: jazz.mp3 Versioning Enabled in BucketsVersioning Disabled in Bucket © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
122.
122© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. Operations on Objects: Restore • Restore an object previously archived on Amazon Glacier. • Specify bucket name, key, and number of days for which the restored copy of the object should be available. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
123.
123© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. User Authentication and Authorization © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
124.
124© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. AWS Identity and Access Management (IAM) • Centrally manage users and user permissions in AWS. • Using AWS IAM, you can: Ø Create users, groups, roles and policies. Ø Define permissions to control which AWS resources users can access. • IAM integrates with Microsoft Active Directory and AWS Directory Service using SAML identity federation. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
125.
125© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. EMR1 Getting Started with IAM IAM Policy Maria IAM User IAM Group IAM Role Login: Maria@email.com Password: ********* Admins Joe Policies contain permissions which specify which actions an entity can perform and on which resources. Root Account Analysts Liam Anya Chae-won Developers Wei Bernardo Inès DevApp1 Roles provide a simple way to delegate groups of permissions to specific users or AWS services. An IAM user account provides one login with its own specified permissions. An IAM group allows you to apply specified permissions to a group of users. TempDev1 © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
126.
126© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. AWS IAM Credentials • Multiple types of credentials • Use multi-factor authentication (MFA) for extra security. Tool Credentials AWS Management Console User name/Password AWS Command Line Interface (CLI) Access key/Secret key Software Development Kits (SDKs) Access key/Secret key Query APIs Access key/Secret key © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
127.
127© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. Security Credentials: Access keys • Use credential files • Use temporary credentials from AWS STS • Use IAM roles (preferred) Do Not: ❌Use root account credentials ❌Put AWS credentials in your code ❌Store credentials in public places like GIT, Wikis, and SharePoint [default] aws_access_key_id = ACCESS_KEY_ID aws_secret_access_key = SECRET_ACCESS_KEY_ID [prod] aws_access_key_id = ACCESS_KEY_ID aws_secret_access_key = SECRET_ACCESS_KEY_ID © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
128.
128© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. IAM Policies • A statement of one or more permissions Ø Created, maintained, and versioned as a distinct object. Ø Attached to a user, group, role, or resource. • Used to control access to: Ø AWS APIs Ø AWS resources • IAM policies are not for OS or application permissions. • Best practice: Grant least privilege. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
129.
129© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. Amazon Resource Names (ARN) Used to uniquely identify AWS resources in places where ambiguity is not tolerated, such as in IAM policy. Example - DynamoDB table: arn:aws:dynamodb:us-west-2:123456789012:table/accounts Example - S3 bucket contents: arn:aws:s3:::my_corporate_bucket/* © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
130.
130© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. IAM Policy for Administering AWS Resources: Example A policy that allows users to perform any Amazon EC2 action on resources that have the tag Department=Test, as long as the request occurs before the beginning of the year 2016: { "Version": "2012-10-17", "Statement": { "Action": "ec2:*", "Effect": "Allow", "Resource": "arn:aws:ec2:us-east-1:123456789012:instance/*", "Condition": { "StringEquals": {"ec2:ResourceTag/Department": "Test"}, "DateLessThan": {"aws:CurrentTime": "2016-01-01T00:00:00Z"} } } } © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
131.
131© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. AWS IAM Permission Types Read Write List Bob ü ü ü Doug ü ü ü Jim ü ü Sara ü Read Write List Bob ü ü ü Larry ü Sam ü ü Resource X Resource Y Read Write List Resource X ü ü ü Read Write List Resource Y ü Resource Z ü Read Write List Resource X ü Resource Y ü Resource Z ü Bob Larry User-Based Permissions Resource-Based Permissions Managers What does a particular entity have access to? Who has access to a particular resource? © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
132.
132© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. AWS IAM Permission Types Resource-Based Policy { "Version": "2012-10-17", "Statement": { "Sid": "AccountBAccess1", "Effect": "Allow", "Principal": {"AWS": "111122223333"}, "Action": "s3:*", "Resource": [ "arn:aws:s3:::mybucket", "arn:aws:s3:::mybucket/*" ] } } User-Based Policy { "Version": "2012-10-17", "Statement": { "Effect": "Allow", "Action": [ "iam:*LoginProfile", "iam:*AccessKey*" "iam:*SSHPublicKey*" ], "Resource": "arn:aws:iam::account-id- without-hyphens:user/${aws:username}" } } © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
133.
133© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. Securing Your AWS Resources Using Policies { "Version":"2012-10-17", "Id":"PutObjPolicy", "Statement":[{ "Sid":"DenyUnEncryptedObjectUploads", "Effect":"Deny", "Principal":"*", "Action":"s3:PutObject", "Resource":"arn:aws:s3:::YourBucket/*", "Condition":{ "StringNotEquals":{ "s3:x-amz-server-side-encryption":"AES256" } } } ] } © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
134.
134© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. AWS IAM Policy Types IAM Policies Managed Policies AWS- Managed Policies Customer- Managed Policies Inline Policies • Standalone, versioned policies • Can be attached to multiple users, groups, and roles • Recommended method • Two types: • AWS-Managed Policies • Customer-Managed Policies Managed Policies • Policy embedded in the entity (user, group, or role) • Useful for strict one-to-one relationship between a policy and the entity to which it is applied Inline Policies © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
135.
135© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. Ways to Work with AWS IAM Policies • Library of pre-defined policies à Policy Template • AWS Policy Generator • Use your favorite JSON Editor • Create policies in an object-oriented fashion using: Ø AWS CloudFormation Ø AWS SDKs • JSON and AWS CloudFormation editors: Ø AWS Toolkit for Eclipse Ø AWS Toolkit for Visual Studio © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
136.
136© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. AWS IAM Policy Rule Procedure • Deny by default • Most restrictive policy wins • Evaluation Logic If something is explicitly denied, it can never be allowed: No Overrides Is the action explicitly denied? Evaluate all applicable policies Deny Is the action explicitly allowed? Allow Yes Yes No No Start with the assumption that the request is denied © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
137.
137© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. IAM Policy Example { "Version": "2012-10-17", "Statement":[{ "Effect":"Allow", "Action":["dynamodb:*","s3:*"], "Resource":["arn:aws:dynamodb:region:account-number-without-hyphens:table/table-name", "arn:aws:s3:::bucket-name", "arn:aws:s3:::bucket-name/*"] }, { "Effect":"Deny", "Action":["dynamodb:*","s3:*"], "NotResource":["arn:aws:dynamodb:region:account-number-without-hyphens:table/table-name", "arn:aws:s3:::bucket-name", "arn:aws:s3:::bucket-name/*"] } ] } Gives users access to a specific DynamoDB table and… …Amazon S3 buckets Explicit deny ensures that the users cannot use any other AWS actions or resources other than that table and those buckets An explicit deny statement takes precedence over an allow statement © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
138.
138© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. Example: AWS IAM Policy for Administering AWS Resources A policy that denies requests that come from external IP addresses: { "Version": "2012-10-17", "Statement": { "Effect": "Deny", "Action": "*", "Resource": "*", "Condition": {"NotIpAddress": {"aws:SourceIp": [ "192.0.2.0/24", "203.0.113.0/24" ]}} } } © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
139.
139© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. Policies Trust policy Access policy { "Effect":"Allow", "Principal":{ "AWS":"arn:aws:iam::1111:user/Jo" }, "Action":"sts:AssumeRole" } { "Effect":"Allow", "Action":"s3:ListBucket", "Resource":"*" } Allow : Jo (IAM user) in the account 1111 Action: Ability to assume this role Allow : Listing S3 buckets Resource : All buckets in this account © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
140.
140© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. Policy to Launch EC2 instances with a Specific Role { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "ec2:RunInstances", "Resource": "*" }, { "Effect": "Allow", "Action": "iam:PassRole", "Resource": "arn:aws:iam::ACCOUNT-ID-WITHOUT-HYPHENS:role/Get-pics" } ] } © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
141.
141© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. Using Web Identity Federation AWS Security Token Service Temporary security credential DynamoDB table Users Web Identity Provider 1 2 3 IAM policies © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
142.
142© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. What is AWS Lambda? • Compute service that runs your functions in response to event. • Automatically manages the compute resources for you. • Requires zero administration. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
143.
143© 2016 Amazon
Web Services, Inc. or its affiliates. All rights reserved. © 2016 Amazon Web Services, Inc. or its affiliates. All rights reserved. This work may not be reproduced or redistributed, in whole or in part, without prior written permission from Amazon Web Services, Inc. Commercial copying, lending, or selling is prohibited. Errors or corrections? Email us at aws-course-feedback@amazon.com. For all other questions, contact us at: https://aws.amazon.com/contact-us/aws-training/. All trademarks are the property of their owners.