AWSome Day Brasil - Junho 2020

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWSOME DAY
V I R T U A L
Getting Started on AWS

AWSOME DAYCourse modules
1. Introduction to the AWS Cloud
2. Getting started with the cloud
3. Building in the cloud
4. Secure your cloud applications
5. Support your cloud applications
6. Architecture
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights
reserved.

AWSOME DAY

AWSOME DAYWhat is the cloud?
On premises
Servers
Storage
Databases
Application
s
Internet
Servers Storage
Databases
Applicatio
ns
Cloud services
provider
Internet
Corp
network
reserved.

AWSOME DAYHow does it work?
• AWS owns and maintains the network-connected hardware
• You provision and use what you need
reserved.
Storage
Compute
Database
Networking &
Content
Delivery
Business
Applications
Internet of
Things

AWSOME DAYCloud deployment models
CloudOn premises Hybrid
reserved.

What are the benefits of the AWS Cloud?

AWSOME DAY
Trade capital expense for variable
expense
Data center investment
based upon forecast
Capital
Pay only for the amount
you consume
reserved.

AWSOME DAYMassive economies of scale
Because of aggregate usage from all customers, AWS can achieve
higher economies of scale and pass savings on to customers
Economies of scale
Savings
reserved.

AWSOME DAYStop guessing capacity
Overestimated
server capacity
Underestimated
server capacity
Scaling on
demand
reserved.

AWSOME DAYIncrease speed and agility
Weeks between wanting
resources and having
resources
Minutes between wanting
resources and having
resources
reserved.
Launch

AWSOME DAY
Stop spending money on
running and maintaining datacenters
Running datacenters Business and customers
Investment
reserved.

AWSOME DAYGo global in minutes
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
reserved.

AWSOME DAYAWS security
Keep your data safe
Meet compliance requirements
Save money
Scale quickly
reserved.

AWSOME DAY
Satellite Security, Identity &
Compliance
Storage
AWS service categories
reserved.
Media Services Migration & Transfer Mobile
Networking &
Content Delivery Robotics
End User Computing Game Tech Internet of Things Machine Learning
Management &
Governance
Business Applications Compute Customer Engagement Database Developer Tools
Analytics Application Integration AR & VR AWS Cost Management Blockchain

AWSOME DAYRegions
# AWS Regions
Availability Zones
Planned Regions
#
reserved.

AWSOME DAYAvailability Zones
ap-southeast-1
(Singapore)
ap-southeast-1a ap-southeast-1b
ap-southeast-1c
datacenter(s)
datacenter(s)
datacenter(s)
reserved.

AWSOME DAYSelecting a region
Determine the right region for
your services, applications,
and data based on these
factors
Proximity to customers
(latency)
Data governance,
legal requirements
Services available
within the region
Costs (vary by region)
reserved.

AWSOME DAY
Edge locations: Reaching distant
customers
Edge locations
Multiple edge locations
Regional edge caches
reserved.

AWSOME DAY
AWS Management
ConsoleEasy-to-use graphical interface
Command Line Interface (AWS
CLI)Access to services by discrete command
Software Development Kits
(SDKs)Access services in your code
Three ways to interact with AWS
reserved.

AWSOME DAYAWS Management Console
reserved.

AWSOME DAYAWS CLI
~aws
• Open source tool for
interacting with AWS services
• Environments
• Linux
• MacOS
• Windows
reserved.

AWSOME DAYAWS SDKs
JavaScript
Python
PHP
.NET
Ruby
Go
Node.js
C++
Java
IoT
reserved.

AWSOME DAYAWS products
reserved.

AWSOME DAYCloud journey
reserved.

AWSOME DAYWhat is Amazon EC2?
 Application server
 Web server
 Database server
 Game server
 Mail server
 Media server
 Catalog server
 File server
 Computing server
 Proxy server
reserved.

AWSOME DAYBenefits of Amazon EC2
reserved.
• Elasticity

reserved.
• Elasticity
• Control

reserved.
• Elasticity
• Control
• Flexibility

reserved.
www.example.com
Amazon
Route 53
Elastic Load
Balancing
(ELB)
Availability Zone #1
Amazon S3
bucket
Amazon EBS
snapshot
root volume
Auto Scaling group
Security group
EC2 instance
security group
data volume
web app
server
logs
CloudFront
distribution
media.example.com
• Elasticity
• Control
• Flexibility
• Integrated

reserved.
• Elasticity
• Control
• Flexibility
• Integrated
• Reliable

reserved.
AWS Cloud• Elasticity
• Control
• Flexibility
• Integrated
• Reliable
• Secure

reserved.
AWS Cloud• Elasticity
• Control
• Flexibility
• Integrated
• Reliable
• Secure
• Inexpensive

• Elasticity
• Control
• Flexibility
• Integrated
• Reliable
• Secure
• Inexpensive
• Easy
reserved.

AWSOME DAY
Choosing the right
Amazon EC2 instances
• EC2 Instance types are optimized for different use cases,
workloads & come in multiple sizes. This allows you to optimally
scale resources to your workload requirements.
• AWS utilizes Intel® Xeon® processors for EC2 Instances
providing customers with high performance and value.
• Consider the following when choosing your instances: core
count, memory size, storage size & type, network performance,
I/O requirements & CPU technologies.
• Hurry Up & Go Idle - A larger compute instance can save you
time and money, therefore paying more per hour for a shorter
amount of time can be less expensive.
reserved.

AWSOME DAY
EC2 instances powered by Intel
Technologies
EC2 instance
type
Compute optimized General purpose Memory optimized Storage optimized
C5 C4 M5 M4 T2 X1 X1e R4 H1 I3 D2
Intel processor
Xeon
Platinum
8175M
Xeon E5
2666 v3
Xeon
Platinum
8175M
Xeon E5
2686 v4
2676 v3
Xeon
Family
Xeon E7
8880 v3
Xeon E7
8880 v3
Xeon E5
2686 v4
Xeon E5
2686 v4
Xeon E5
2686 v4
Xeon E5
2676 v3
Intel processor
technology
Skylake Haswell Skylake
Broadwell
Haswell
Yes Haswell Haswell Broadwell Broadwell Broadwell Haswell
Intel AVX Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes
Intel AVX2 Yes Yes Yes Yes - Yes Yes Yes Yes Yes Yes
Intel AVX-512 Yes - Yes - - - - - - - -
Intel turbo Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes
Storage EBS-only EBS-only EBS-only EBS-only EBS-only
SSD
EBS-Opt
SSD
EBS-Opt
- HDD SSD HDD
reserved.

AWSOME DAYC5: Compute-optimized instances
• Based on 3.0 GHz Intel Xeon
Scalable Processors (Skylake)
• Up to 72 vCPUs and 144 GiB of
memory
(2:1 Memory:vCPU ratio)
• 25 Gbps NW bandwidth
• Support for Intel AVX-512
25% price/performance improvement
over C4
C4 C5
“We saw significant performance improvement on Amazon
EC2 C5, with up to a 140% performance improvement in
industry standard CPU benchmarks over C4.”
“We are eager to migrate onto the AVX-512 enabled
c5.18xlarge instance size… .We expect to decrease the
processing time of some of our key workloads by more than
30%.”
reserved.

AWSOME DAY
M5: Next-gen general purpose
instances
• Powered by 2.5 GHz Intel Xeon Scalable
Processors (Skylake)
• New larger instance size—m5.24xlarge
with
96 vCPUs and 384 GiB of memory
(4:1 Memory:vCPU ratio)
• Improved network and EBS performance
on smaller instance sizes
• Support for Intel AVX-512 offering up to
twice the performance for vector and
floating point workloads
14% price/performance improvement
With M5
M4 M5
reserved.

AWSOME DAYWhat’s your platform?
reserved.

AWSOME DAY
Amazon Elastic Block Store (Amazon
EBS)
• Persistent block storage for instances
• Protected through replication
• Different drive types
• Scale up or down in minutes
• Pay for only what you provision
• Snapshot functionality
• Encryption available
Amazon EBS Volumes
reserved.
Amazon
EC2
instance
Amazon
EC2
instance
AWS Cloud
Monday’s snapshot
Tuesday’s snapshot
Wednesday’s snapshot
Thursday’s snapshot
Friday’s snapshot
Bill
Storage
provisioned…

AWSOME DAYWhat is Amazon S3?
• Data is stored as objects within buckets
• Unlimited storage
• Single object limited to 5TB
• 99.999999999% durable
• Granular access to bucket and objects
reserved.

AWSOME DAYAmazon S3 core functionality
• Fast, durable, highly available key-based access to objects
• Object storage built to store and retrieve data
• Not a file system
Amazon S3
bucket
Amazon S3
Client
 Object returned
CLI sends GET request via S3 API 
reserved.

AWSOME DAYAmazon S3 common scenarios
• Backup and storage
• Application hosting
• Media hosting
• Software delivery
Amazon S3 buckets
Corporate
Datacenter
Amazon
EC2
Instances© 2019, Amazon Web Services, Inc. or its Affiliates. All rights
reserved.

AWSOME DAYNot just a storage bucket
Requester pays
Versioning
Hosting static websites
Object lifecycle management
reserved.

AWSOME DAYWhat is Amazon S3 Glacier?
reserved.
• Low-cost data archiving and long-
term backup
• Can configure lifecycle archiving
of Amazon S3 content to Amazon
Glacier
• Retrieval Options:
• Standard: 3- to 5-hours
• Bulk: 5-12 hours
• Expedited: 1 – 5 minutes
Amazon
S3 Glacier
Amazon S3
bucket
Archive after
30 days
Delete after 5
years

AWSOME DAYAmazon S3 Glacier use cases
Media asset workflows
Healthcare information archiving
Regulatory and compliance archiving
Scientific data storage
Digital preservation
Magnetic tape replacement
reserved.

AWSOME DAYAmazon S3 Glacier vault lock policy
• Deploy and enforce compliance controls
on individual Amazon Glacier vaults
• Vault becomes immutable once locked
reserved.

AWSOME DAYAmazon S3 storage classes
Storage class Features
S3 Standard • ≥3 availability zones
S3 Standard - Infrequent Access (IA)
• Retrieval fee associated with objects
• Most suitable for infrequently accessed data
S3 Intelligent-Tiering
• Automatically moves objects between tiers based on access
• ≥3 availability zones
S3 One Zone-IA
• 1 availability zone
• Costs 20% less than S3 Standard-IA
S3 Glacier
• Not available for real-time access
• Must restore objects before you can access them
• Restoring objects can take 1 minute - 12 hours
S3 Glacier Deep Archive
• Lowest cost storage for long term retention (7-10 years)
• ≥3 availability zones
• Retrieval time within 12 hours
reserved.

AWSOME DAYArchitecture example
reserved.
AWS Cloud
Internet
gateway
Internet
EC2
Web application
Instance store
(ephemeral)
S3 bucket
(static content)
EBS volume
(database files)

AWSOME DAY
Amazon Virtual Private Cloud (Amazon
VPC)
reserved.
AWS Cloud
Region
VPC (IP Range for VPC)
Availability Zone A
Public subnet
Instances Instances
Public
internet
Private subnet
Corporate
datacenter

AWSOME DAYSecurity groups
SecurityGroupA
SecurityGroup-B
SecurityGroup-C
Inbound
Source Protocol Port
0.0.0.0/0 TCP 80
0.0.0.0/0 TCP 443
Inbound
10.0.1.0/24 TCP 22
Inbound
ID of Security Group B All All
reserved.
VPC
Public subnet Private subnet
Security group
A
Instance
Instance
Security group
B
Security group
C
Instance
Instance

AWSOME DAYSecurity group details
• Only “allow” rules; no “deny” rules
• Default values:
• No inbound traffic allowed
• All outbound traffic allowed
• Stateful:
• Allows responses from allowed inbound
traffic
reserved.

AWSOME DAYSecurity groups example
SG-Web-Tier
Inbound
0.0.0.0/0 TCP 80
0.0.0.0/0 TCP 443
10.0.16.0/20 TCP 22
Public
internet
SG-App-Tier
Inbound
ID of SG-Web-Tier TCP 6455
10.0.16.0/20 TCP 22
SG-DB-Tier
Inbound
ID of SG-App-Tier TCP 3306
10.0.16.0/20 TCP 22
WWW Servers
MyPublicSubnet
(10.0.0.0/24)
reserved.
VPC
SG-Web-Tier
MyPrivateSubnet (10.0.1.0/24)
SG-App-Tier SG-DB-Tier
App Servers DB Servers
Corp
(10.0.16.0/20)

AWSOME DAYMigration and reinvention
reserved.
Project
Foundation
Cloud-Native Retire
tech
debt
Reinvention
Time
Value

AWSOME DAYImproving your initial project
© 2019 Amazon Web Services, Inc. or its Affiliates. All rights
reserved.
EC2
Web application
Instance store
(ephemeral)
S3 bucket
(static content)
EBS volume
(database files)
AWS Cloud Instance challenges:
• Performance
• Scalability
• Utilization
Database challenges:
• Infrastructure management
• Patching
• Scalability
Internet
gateway
Management challenges:
• Monitoring
• Planning for failures
• Deployment

AWSOME DAYWhat is Amazon CloudWatch?
• Monitors:
• AWS resources
• Applications running on AWS
• Collects and tracks:
• Standard metrics
• Custom metrics
• Alarms:
• Send notifications
• Automatically make changes
based on rules you define
reserved.

AWSOME DAYHow CloudWatch works
CloudWatch
Available
statistics
Statistics
consumer
AWS Management
Console
CloudWatch metrics
CPUUtilization
StatusCheckFailed
CloudWatch
alarm
reserved.
Supported
AWS resource
Custom
application-specific
metrics
PageViewCount
SNS email
notification
Amazon
EC2 Auto
Scaling

AWSOME DAYCloudWatch benefits
Access all your metrics from a single platform
Maintain visibility across your applications,
infrastructure, and services
Reduce mean time to resolution (MTTR)
and improve total cost of ownership (TCO)
Drive insights to optimize applications
and operational resources
Pay as you go
reserved.

AWSOME DAYWhy scaling matters
Amazon EC2 Auto Scaling
adjusts capacity as needed
• Scale out for spikes
• Scale in during off-peak
• Replace unhealthy instances
• Pay only for what you use
reserved.
Su M T W Th F Sa
Demand Capacity

AWSOME DAY
Dynamic scaling with
• Select a load metric for
your application
• Set as conditional and/or
scheduled
• Use with CloudWatch,
optionally instance
instance
instanceinstance
instance instance
Follow the demand curve for your applications
Max 10
Min 2
Desired 6
reserved.
Amazon EC2 Auto Scaling group

AWSOME DAY
your application
scheduled
optionally instance
instance
instanceinstance
instance instance
instance instance
instance instance
High Demand
Max 10
Min 2
Desired 6
Max 10
Min 2
Desired 10
reserved.

AWSOME DAY
your application
scheduled
optionally instance
instance
Low Demand
Max 10
Min 2
Desired 6
Max 10
Min 2
Desired 10
Max 10
Min 2
Desired 2
reserved.

AWSOME DAY
Fleet management with
Amazon EC2 Auto
Scaling
• Monitor the health of
running instances
• Replace impaired
instances automatically
• Balance capacity across
Availability Zones Instance
Instance
InstanceInstance
Instance Instance
Instance
Instance
Instance
Instance
Replace impaired Amazon EC2 instances without intervention
Max 10
Min 2
Desired 10
reserved.
AZ1
AZ2

AWSOME DAY
Amazon EC2 Auto
Scaling
running instances
Instance
InstanceInstance
Instance Instance
Instance
Instance
Instance
Instance
O
O
Max 10
Min 2
Desired 10
reserved.
AZ1
AZ2

AWSOME DAY
Amazon EC2 Auto
Scaling
running instances
Instance
InstanceInstance
Instance Instance
Instance
Instance
O
O
Max 10
Min 2
Desired 10
reserved.
AZ1
AZ2

AWSOME DAY
Amazon EC2 Auto
Scaling
running instances
Instance
InstanceInstance
Instance Instance
Instance
Instance
Instance
Instance
P
P
Max 10
Min 2
Desired 10
reserved.
AZ1
AZ2

AWSOME DAYElastic Load Balancing
High availability
Health checks
SSL/TLS termination
Operational monitoring
Automatically distribute traffic across multiple targets
Instance Instance Instance Instance Instance
reserved.
Elastic Load
Balancing

AWSOME DAYApplication Load Balancer example
Application Load
Balancer
reserved.
EC2 instance
/data
/api
/images
Application 1
Application 2
Application 3

AWSOME DAYNetwork Load Balancer example
Network Load
Balancer
reserved.
EC2
EC2
EC2
Streaming
Data
EC2
AutoScaling
5442
5442
5442

AWSOME DAYDIY vs. AWS database services
• Operating system access
• Need features of specific
application
reserved.
• Easy to set up, manage, maintain
• Push-button high availability
• Focus on performance
• Managed infrastructure

AWSOME DAY
What is Amazon Relational Database
Service?
A database service that makes it easy to set up, operate,
and scale a relational database in the cloud
Amazon RDS Engines
reserved.
• Easily scalable
• Automatic software patching
• Automated backups
• Database snapshots
• Multi-AZ deployments
• Automatic host replacement
• Encryption at rest and in transit

AWSOME DAYWhat is Amazon Aurora?
• Enterprise-class relational database
• MySQL- or PostgreSQL-compatible
• Up to 5X faster than standard MySQL databases
• Up to 3X faster than standard PostgreSQL databases
• Continuous backup to Amazon S3
• Up to 15 low-latency read replicas
reserved.

AWSOME DAYRelational vs key-value databases
Relational (SQL) Key-value (NoSQL)
Data storage Rows and columns Key-value, document, graph
Schemas Fixed Dynamic
Querying Using SQL
Focused on collection of
documents
Scalability Vertical Horizontal
Example
ISBN Title Author Format
3111111223439
Withering
Depths
Tark,
Frank
Paperback
3122222223439 Wily Willy
Felton,
Maria
eBook
reserved.
{
ISBN: 3111111223439,
Title: “Withering Depths”,
Author: ”Tark, Frank”,
Format: “Paperback”
}

AWSOME DAY
• Fully managed
• Low-latency queries
• Fine-grained access control
• Regional and global options
What is Amazon DynamoDB?
Fast and flexible NoSQL database service for any scale
reserved.

AWSOME DAYAmazon DynamoDB use cases
• Serverless web applications
• Microservices data store
• Mobile backends
• Ad tech
• Gaming
• Internet of Things (IoT)
reserved.

AWSOME DAYOther purpose-built database services
reserved.
Amazon Redshift
Fast, scalable data
warehouse
Amazon
DocumentDB
MongoDB-compatible
database
Amazon Neptune
Graph database

AWSOME DAYWhat is AWS Database Migration Service?
Migrate databases to AWS quickly and securely
reserved.

AWSOME DAYThe right tool for the right job
reserved.
What are my requirements?
Enterprise class relational database
Amazon Relational
Database Service
(Amazon RDS)
Fast and flexible NoSQL database service for any Amazon DynamoDB
Operating system access or application features not
supported by AWS database services
Databases on EC2
Specific case-driven requirements (Machine learning,
warehouse, graphs)
AWS purpose-built
database services

AWSOME DAYWhat is AWS CloudFormation?
Model and provision all your cloud infrastructure resources
reserved.

AWSOME DAYAWS CloudFormation example
Template-file
(YAML/JSON
)
----- -- -- --- -- ----- -
- -- --- --
----- -- -- --- --
----- -- -- --- --
CloudFormation Designer
reserved.
VPC (10.1.0.0/16)
Web
server
Security group
Internet
gateway
Public Subnet 1
(10.1.11.0/24)

AWSOME DAYPutting it all together (1 of 4)
reserved.
AWS Cloud
Internet
gateway
Internet
S3 bucket
(static content)
EC2
Web application EBS volume
(database files)

reserved.
AWS Cloud
Internet
gateway
Internet
S3 bucket
(static content)
EC2
Web application Amazon RDS

reserved.
AWS Cloud
Internet
gateway
Internet
S3 bucket
(static content)
Amazon RDS
Elastic Load
Balancing
Auto Scaling group
EC2 Instances
CloudWatch

reserved.
AWS Cloud
Internet
gateway
Internet
S3 bucket
(static content)
Amazon RDS
Elastic Load
Balancing
Auto Scaling group
EC2 Instances
CloudWatchAWS CloudFormation

AWSOME DAYChallenge: hybrid cloud
reserved.
Amazon EC2 Auto
Scaling group
EC2 instances EBS volumes
AWS Cloud
Corporate data center
Clients
Internet
gateway
Network challenges:
• Performance
• Reliability
Storage challenges:
• Duplication of data onsite/offsite
• Too much network traffic
• Cost inefficient
Communications challenge:
• Cloud instances cannot
route to onsite servers

AWSOME DAYWhat is AWS Direct Connect?
reserved.
A dedicated network connection from your premises to AWS
Reduces network costs
Creates consistent network performance
Provides private connectivity to your
AmazonVPC
Scales easily

AWSOME DAYAWS Direct Connect example
reserved.
AWS Cloud
Other AWS
Services
VPC
Virtual private
gateway
Content
router/firewall
AWS Direct Connect
location
Customer
or partner
router
AWS
Direct
Connect
endpoint EC2 instances

AWSOME DAYWhat is Amazon Route 53?
reserved.
A highly available and scalable Domain Name System (DNS) web service
Register domain names
Route internet traffic to the resources for your domain
Check the health of your resources

AWSOME DAYRouting traffic
Amazon Route 53
reserved.
https://sales.example.com
ELB
EC2 instances
ELBELB
VPC

AWSOME DAY
What is Amazon Elastic File System
(Amazon EFS)?
reserved.
A scalable, elastic, cloud-native file system for Linux
Dynamic elasticity
Scalable performance
Shared file storage
Fully managed
Cost-effective

AWSOME DAYPutting it all together
reserved.
Amazon EC2 Auto
Scaling group
EC2 instances
Amazon
EFS
AWS Cloud
Clients
Internet
gateway
Virtual
private
gateway
AWS Direct
Connect
Amazon Route 53

AWSOME DAYChallenge: Media streaming service
reserved.
Transcode
video to
multiple
formats
Ingest
encoded
video
Catalog
video
metadata
Stream
video to
clients
The architecture must meet the following requirements:
Efficient, scalable
compute resources
Fast data
access
Low latency

AWSOME DAY
AWS Lambda: Run code without
servers
Set your code to trigger
from an event source
Pay only for the
compute time
you use
AWS
SERVICES
MOBILE APPS
HTTP
ENDPOINTS
reserved.
Upload your code
to AWS
Lambda
Lambda runs your code
only when triggered

AWSOME DAYBenefits of Lambda
Supports multiple programming languages
Completely automated administration
Built-in fault tolerance
Supports orchestration of multiple functions
Pay per use pricing
reserved.

AWSOME DAYLambda example: create thumbnails
Source
bucket
Target
bucket
1
3
JSON
Access
policy
Lambda
function
User
5
Lambda
2
reserved.
AWS Cloud
4
Execution
role

AWSOME DAY
What is Amazon Simple Notification
Service (Amazon SNS)?
reserved.
Fully managed pub/sub messaging for distributed or serverless applica
Reliably deliver messages with durability
Automatically scale your workload
Simplify your architecture
Keep messages private and secure

AWSOME DAYAmazon SNS overview
reserved.
SNS topics
SubscribersPublisher Message filters
Amazon Simple Notification Service AWS Lambda
Message Queues
HTTP/S

AWSOME DAYWhat is Amazon CloudFront?
A fast, secure, and global content delivery network (CDN)
reserved.

AWSOME DAY
How CloudFront delivers content to
users
Edge location
cache
www.example.com/content
reserved.

AWSOME DAY
How CloudFront delivers content to
users
S3 bucket
Edge location
cache
www.example.com/content
reserved.

AWSOME DAYWhat is Amazon ElastiCache?
reserved.
Fully managed Redis or Memcached-compatible in-memory data stor
Extreme performance
Fully Managed
Scalable
Amazon ElastiCache for Redis
Versatile in-memory data store
Amazon ElastiCache for Memcached
Scalable caching tier for data-intensive apps

AWSOME DAYChallenge: Media streaming service
reserved.
AWS Cloud
Video
encoders
CloudFront Ingest
S3 bucket
SNS topic
HQ
480p
360p
Audio only
AWS Lambda transcoding functions
Playback
S3 bucket
Clients
DynamoDB
Lambda
Video metadata
CloudFront
Streaming
Stream
ElastiCache for
Redis
Searc
h

Secure your infrastructure

AWSOME DAYSecurity is our top priority
Designed for
security
Constantly
monitored
Highly
automated
Highly
available
Highly
accredited
reserved.

AWSOME DAYSecurity of the cloud
• Hosts, network, software, facilities
• Protection of the AWS global infrastructure is top priority
• Availability of third-party audit reports
reserved.
Foundation services
Compute Storage Database Network
AWS global
infrastructure
RegionsAvailability Zones Edge Locations
AWS

AWSOME DAYSecurity in the cloud
Client-side data encryption &
Data integrity authentication
Platform, applications, identity & access management
Operating system, network & firewall configuration
Customer data
Customer
Considerations
• What you should store
• Which AWS services you should use
• Which Region to store in
• In what content format and structure
• Who has access
reserved.
Server-side encryption
(File system and/or data)
Network traffic protection
(Encryption/integrity/identity)

AWSOME DAYAWS shared responsibility model
reserved.
Foundation services
Compute Storage Database Network
AWS global
infrastructure
RegionsAvailability Zones Edge Locations
AWS
Client-side data encryption &
Data integrity authentication
Platform, applications, identity & access management
Operating system, network & firewall configuration
Customer data
Customer
Server-side encryption
(File system and/or data)
Network traffic protection
(Encryption/integrity/identity)

AWSOME DAY
Security, identity, and compliance
products
AWS Artifact
AWS Certificate Manager
Amazon Cloud Directory
AWS CloudHSM
Amazon Cognito
AWS Directory Service
AWS Firewall Manager
Amazon GuardDuty
AWS Identity and Access
Management
Amazon Inspector
AWS Key Management Service
Amazon Macie
AWS Organizations
AWS Shield
AWS Secrets Manager
AWS Single Sign-On
AWS WAF
AWS Artifact
AWS Certificate Manager
Amazon Cloud Directory
AWS CloudHSM
Amazon Cognito
AWS Directory Service
AWS Firewall Manager
Amazon GuardDuty
Management
Amazon Inspector
AWS Key Management Service
Amazon Macie
AWS Organizations
AWS Shield
AWS Secrets Manager
AWS Single Sign-On
AWS WAF
reserved.

Manage authentication and authorization

AWSOME DAY
AWS Identity and Access Management
(IAM)
Securely control access to AWS resources
A person or application that interacts with AWS
Collection of users with identical permissions
Temporary privileges that an entity can assume
Group
Role
IAM user
reserved.

AWSOME DAYAuthentication: Who are you?
IAM user IAM group
IAM
AWS
CLI
AWS
Management
Console
$ aws
AWS
SDKs
reserved.

AWSOME DAYAuthorization: What can you do?
IAM user,
group or role
IAM policies
Full
acces
s
Read
only
AWS
CLI
Amazon
S3 Bucket
reserved.
$ aws

AWSOME DAYIAM roles
• IAM users, applications, and
services may assume IAM roles
• Roles uses an IAM policy for
permissions
IAM role
reserved.

AWSOME DAY
Using roles for temporary security
credentials
EC2
instance
Application
Amazon
S3 bucket
IAM role
IAM
policy
Assume
reserved.

AWSOME DAYAWS account root user
Account root user has complete access to all AWS services
reserved.
Recommendations
Delete root user access keys
Create an IAM user
Grant administrator access
Use IAM credentials to interact with AWS
Enable MFA

AWSOME DAYBest practices
• Delete access keys for the AWS
account root user
• Activate multi-factor
authentication (MFA)
• Only give IAM users permissions
they need
• Use roles for applications
• Rotate credentials regularly
• Remove unnecessary users
and credentials
• Monitor activity in your AWS
account
reserved.

Assess your security and compliance

AWSOME DAYChallenges of threat assessment
• Expensive
• Complex
• Time-consuming
• Difficult to track IT changes
reserved.

AWSOME DAYWhat is Amazon Inspector?
Automated security assessment as a service
• Assesses applications for
vulnerabilities
• Produces a detailed list of security
findings
• Leverages security best practices
reserved.

AWSOME DAYAmazon Inspector findings
reserved.

AWSOME DAYRemediation recommendation
reserved.

Protect your infrastructure from Distributed
Denial of Service (DDoS) attacks

AWSOME DAYWhat is DDoS?
DDoS
DDoSDDoS
O
Legit user
reserved.

AWSOME DAYDDoS mitigation challenges
Complex
Limited bandwidth
Involves rearchitecting
Manual
Degraded performance
Time-consuming
Expensive
reserved.

AWSOME DAYWhat is AWS Shield?
DDoS
• A managed DDoS protection service
• Always-on detection and mitigations
• Seamless integration and deployment
• Cost-efficient and customizable protection
DDoSDDoS
P
Legit user
reserved.

AWSOME DAY
AWS Shield Standard and AWS Shield
Advanced
AWS Shield Standard
(included)
• Quick detection
• Inline attack mitigation
AWS Shield Advanced
(Optional)
• Enhanced detection
• Advanced attack mitigation
• Visibility and attack notification
• DDoS cost protection
• Specialized support
reserved.

AWS security compliance

AWSOME DAYAssurance programs
reserved.

AWSOME DAY
How AWS helps customers achieve
compliance
Sharing information
• Industry certifications
• Security and control practices
• Compliance reports directly
under NDA
Assurance program
• Certifications/attestations
• Laws, regulations, and privacy
• Alignments/frameworks
reserved.

AWSOME DAYCustomer responsibility
Review – Design – Identify –Verify
reserved.

AWSOME DAYHow do you pay for AWS?
reserved.

AWSOME DAYPay as you go
reserved.
On premises/colocation AWS
UNDERUTILIZATION
Only pay for what you use

AWSOME DAY
Save when you reserve:
Reserved Instances
reserved.
• Save up to 75 percent
over equivalent on-
demand capacity
• Choose
• No upfront
payments (NURI)
• partial up-front
(PURI)
• all up-front (AURI)
NURI PURI AURI
EC2
instance

AWSOME DAYUse more, pay less
reserved.
Automatic volume-based discounts

AWSOME DAYPricing concepts
reserved.
Compute Storage Data transfer
• Charged per hour/second*
• Varies by instance type
*Linux only
• Charged typically per GB • Outbound is aggregated and
charged
• Inbound has no charge (with
some exceptions)
• Charged typically per GB

AWSOME DAYDifferent services are priced differently
reserved.
Amazon EC2
Amazon EBS
Amazon S3
AWS CloudFormation

AWSOME DAYAmazon EC2: Four purchase types
reserved.
On-Demand Instances
• Charged per hour/second*
• Short-term
• Unpredictable workloads
Reserved Instances
• Discount for 1 to 3 year
commitments
• Applications with steady
state usage
Dedicated Hosts
• Physical server dedicated to
you
• Applications with specific
compliance requirements
Spot Instances
• Spare AWS capacity for up to
90% discount
• Applications with flexible
start and end times
• Urgent computing needs for
large amounts of capacity

AWSOME DAYAmazon EBS pricing model
reserved.
Volumes Snapshots Data transfer
• Charged by GB
provisioned/month
• Varies by volume type
• Charged by space consumed
in Amazon S3
• Charged for volume copied
across regions
• Inbound data transfer is free
• Outbound data transfer
charges are tiered

AWSOME DAYAmazon S3 pricing model
reserved.
• Amount of storage used
• Region
• Storage class
• Number and type of requests (GET, PUT, COPY)
• Amount of data transferred out of the region

AWSOME DAY
AWS services with no additional
charge
reserved.
Amazon VPC
Elastic Beanstalk
Auto Scaling
AWS CloudFormation
Management (IAM)

AWSOME DAYAWS Free Tier
reserved.
Enables you to gain free hands-on experience with
the AWS platform, products, and services.

AWSOME DAYAWS Simple Monthly Calculator
reserved.
• Estimate your monthly bill
• Per-service cost breakdown
• Aggregate monthly estimate
• Provides common customer examples

AWSOME DAYAnalyzing with AWS Cost Explorer
reserved.
Get started
quickly
Set custom intervals Filter/group data
Forecast cost and usage Save
progress
Access data
programmatically

AWSOME DAYWhat Is Trusted Advisor?
A service providing guidance to help you reduce cost,
increase performance, and improve security
reserved.

AWSOME DAYSupport plan overview
reserved.
Support plan Features
Basic
• Customer service
• Support forums
• Service health checks
• Documentation, whitepapers, and best-practice guides
Developer
• Best-practice guidance
• Client-side diagnostic tools
• Building-block architecture support
Business
• Use-case guidance
• IAM for controlling individuals' access to AWS Support
• Full AWS Trusted Advisor
• An API for interacting with Support Center and Trusted Advisor
• Third-party software support
Enterprise
• Application architecture guidance
• Infrastructure event management
• Technical Account Manager (TAM)
• White-glove case routing
• Management business reviews

AWSOME DAYSupport documentation
• Knowledge Center (FAQs and common
requests)
• AWS Documentation
• AWS Discussion Forums
• AWS Support Center
reserved.

The AWSWell-Architected Framework

AWSOME DAY
What is the Well-Architected
Framework?
• A guide for designing infrastructures that are:
Secure
High-performing
Resilient
Efficient
• A systematic approach to evaluating and implementing
architectures
• Established best practices developed through lessons
learned by working with customers
reserved.

AWSOME DAYFive pillars of the framework
Operational
excellence
Security Reliability
Performance
efficiency
Cost
optimization
reserved.

AWSOME DAYOperational excellence
• Perform operations as code
• Annotate documentation
• Make frequent, small, reversible changes
• Refine operations procedures frequently
• Anticipate failure
• Learn from all operational failures
reserved.

AWSOME DAYSecurity
• Implement a strong identity foundation
• Enable traceability
• Apply security at all layers
• Automate security best practices
• Protect data in transit and at rest
• Prepare for security events
reserved.

AWSOME DAYReliability
• Test recovery procedures
• Automatically recover from failure
• Scale horizontally to increase aggregate
system availability
• Stop guessing capacity
• Manage change in automation
reserved.

AWSOME DAYPerformance efficiency
• Democratize advanced technologies
• Go global in minutes
• Use serverless architectures
• Experiment more often
• Apply mechanical sympathy
reserved.

AWSOME DAYCost optimization
• Adopt a consumption model
• Measure overall efficiency
• Stop spending money on data center
operations
• Analyze and attribute expenditure
• Use managed services to reduce cost of
ownership
reserved.

Reference architectures

AWSOME DAYReference architectures
• Visually represent application
architecture
• Demonstrate how services combine to
form a solution
• Provide guidance on building
applications
• Serve as templates to accelerate
delivery
reserved.

AWSOME DAY
Example: Improving availability with
Elastic Load Balancing
Web
Server
App
Server
DB
Server
Web
Server
App
Server
DB
Server
reserved.
Elastic Load Balancing
Availability Zone A
Availability Zone B
Replicated data
AWS Cloud

AWSOME DAYExample: Web application hosting
reserved.
Amazon
Route 53
Amazon
CloudFront
Amazon RDS
Amazon RDS
Replication
1
2
S3
Resources
3
Elastic Load
Balancing
4
7
App servers
EC2
App servers
EC2
Availability Zone A
Web servers
EC2
Web servers
EC2
Availability Zone B
5
5
5
5
Auto Scaling
Auto Scaling
Auto Scaling
Auto Scaling
6
6
6
6
AWS Cloud

AWSOME DAYAWS Quick Starts
• AWS CloudFormation templates
• Built by AWS solutions architects and
partners based on AWS best practices
• Include a guide with deployment
instructions
reserved.

AWSOME DAYBefore AWS
• Guessing theoretical maximum peaks?
• Is there enough resource capacity?
• Is this sufficient storage?
reserved.

AWSOME DAYWith AWS
• With AWS:
• Servers
• Databases
• Storage
• Higher-level applications
Resources can be:
P Initiated within seconds
P Treated as “temporary and disposable”
Free from the inflexibility and constraints
reserved.

Thank you!
AWSOME DAY

AWSome Day Brasil - Junho 2020

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (20)

Ähnlich wie AWSome Day Brasil - Junho 2020

Ähnlich wie AWSome Day Brasil - Junho 2020 (20)

Mehr von Amazon Web Services LATAM

Mehr von Amazon Web Services LATAM (20)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

AWSome Day Brasil - Junho 2020