Lassoing the Clouds: Best Practices on AWS. Brian DeShong May 26, 2017
|
|
- Frederica Higgins
- 5 years ago
- Views:
Transcription
1 Lassoing the Clouds: Best Practices on AWS Brian DeShong May 26, 2017
2 Worked primarily in web development PHP (17 years!!!), MySQL, Oracle, Linux, Apache Highly-trafficked, scalable web applications Frequent speaker at PHP conferences, Atlanta PHP user group ios / Mac development for ~5 years FloodWatch for ios Yahoo!, Half Off Depot Who am I?
3 Worked primarily in web development PHP (17 years!!!), MySQL, Oracle, Linux, Apache Highly-trafficked, scalable web applications Frequent speaker at PHP conferences, Atlanta PHP user group ios / Mac development for ~5 years FloodWatch for ios Yahoo!, Half Off Depot Who am I?
4 Worked primarily in web development PHP (17 years!!!), MySQL, Oracle, Linux, Apache Highly-trafficked, scalable web applications Frequent speaker at PHP conferences, Atlanta PHP user group ios / Mac development for ~5 years FloodWatch for ios Yahoo!, Half Off Depot Who am I?
5 Worked primarily in web development PHP (17 years!!!), MySQL, Oracle, Linux, Apache Highly-trafficked, scalable web applications Frequent speaker at PHP conferences, Atlanta PHP user group ios / Mac development for ~5 years FloodWatch for ios Yahoo!, Half Off Depot Who am I?
6 Agenda Sometimes I m going to tell you something specific I d recommend Other times, tell you the pros and cons and let you choose based on your situation Some of these concepts are AWS-specific, but others are applicable to any hosting situation, VPS or not Show of hands users of AWS in Production? Multiple regions vs. AZs?
7 Agenda Running web servers Sometimes I m going to tell you something specific I d recommend Other times, tell you the pros and cons and let you choose based on your situation Some of these concepts are AWS-specific, but others are applicable to any hosting situation, VPS or not Show of hands users of AWS in Production? Multiple regions vs. AZs?
8 Agenda Running web servers Serving static content Sometimes I m going to tell you something specific I d recommend Other times, tell you the pros and cons and let you choose based on your situation Some of these concepts are AWS-specific, but others are applicable to any hosting situation, VPS or not Show of hands users of AWS in Production? Multiple regions vs. AZs?
9 Agenda Running web servers Serving static content Security-related concerns Sometimes I m going to tell you something specific I d recommend Other times, tell you the pros and cons and let you choose based on your situation Some of these concepts are AWS-specific, but others are applicable to any hosting situation, VPS or not Show of hands users of AWS in Production? Multiple regions vs. AZs?
10 Agenda Running web servers Serving static content Security-related concerns Databases Sometimes I m going to tell you something specific I d recommend Other times, tell you the pros and cons and let you choose based on your situation Some of these concepts are AWS-specific, but others are applicable to any hosting situation, VPS or not Show of hands users of AWS in Production? Multiple regions vs. AZs?
11 Agenda Running web servers Serving static content Security-related concerns Databases Logging Sometimes I m going to tell you something specific I d recommend Other times, tell you the pros and cons and let you choose based on your situation Some of these concepts are AWS-specific, but others are applicable to any hosting situation, VPS or not Show of hands users of AWS in Production? Multiple regions vs. AZs?
12 Regions + Availability Zones Region: comprised of 2 or more data centers Each data center is called an Availability Zone AZs typically separated by many miles Low latency links between them
13 Operating Web Servers
14 Amazon Machine Images (AMIs)
15 What is an Amazon Machine Image?
16 What is an Amazon Machine Image? Provides information required to launch an EC2 instance
17 What is an Amazon Machine Image? Provides information required to launch an EC2 instance You specify the AMI to use when launching a new instance
18 What is an Amazon Machine Image? Provides information required to launch an EC2 instance You specify the AMI to use when launching a new instance Amazon Linux by default
19 What is an Amazon Machine Image? Provides information required to launch an EC2 instance You specify the AMI to use when launching a new instance Amazon Linux by default CentOS, Ubuntu, Windows, etc.
20 What is an Amazon Machine Image? Provides information required to launch an EC2 instance You specify the AMI to use when launching a new instance Amazon Linux by default CentOS, Ubuntu, Windows, etc. Some options on using AMIs
21 Just Enough OS
22 Just Enough OS Startup a bare instance, JeOS
23 Just Enough OS Startup a bare instance, JeOS Install what you need at initial boot time User data : shell script that runs at initial boot
24 Just Enough OS Startup a bare instance, JeOS Install what you need at initial boot time User data : shell script that runs at initial boot Avoids AMI creation and maintenance
25 Just Enough OS Startup a bare instance, JeOS Install what you need at initial boot time User data : shell script that runs at initial boot Avoids AMI creation and maintenance Instances take longer to be ready for service
26 Just Enough OS web01 Amazon Linux kernel sudo vim openssl openssh... User data script runs only at initial boot time Install Apache, PHP 7 Setup Apache to start at boot Setup a groups, filesystem Start Apache This all takes time! Benefits such that, if you want to upgrade to PHP 7.1, you just change the user data script and launch new instances Virtual machines are by their nature disposable
27 Just Enough OS web01 Amazon Linux kernel sudo vim openssl openssh... User data script #!/bin/bash yum update -y yum install -y httpd24 php70 chkconfig httpd on groupadd www usermod -a -G www ec2-user chown -R root:www /var/www chmod 2775 /var/www find /var/www -type d -exec chmod 2775 {} + find /var/www -type f -exec chmod 0664 {} + // Download and put application code into place service httpd start User data script runs only at initial boot time Install Apache, PHP 7 Setup Apache to start at boot Setup a groups, filesystem Start Apache This all takes time! Benefits such that, if you want to upgrade to PHP 7.1, you just change the user data script and launch new instances Virtual machines are by their nature disposable
28 Fully Baked AMI web01 Amazon Linux kernel openssh sudo PHP 7.1 vim openssl ImageMagick nginx Benefits: The machine is ready to go as soon as it s fully booted Startup time can be a lot faster, because all necessary data was baked into the machine image Stability of packages, more control Amazon Linux installs security updates at boot out of the box Downside is maintenance: Want to upgrade PHP 7.1? Have to bundle a new AMI Then you need to replace all of your machines with machines using the new AMI Think back to 2014: OpenSSL vulnerabilities and upgrading across the board. Not fun!
29 Fully Baked AMI web01 Amazon Linux kernel openssh Added users, groups sudo PHP 7.1 vim openssl ImageMagick nginx Benefits: The machine is ready to go as soon as it s fully booted Startup time can be a lot faster, because all necessary data was baked into the machine image Stability of packages, more control Amazon Linux installs security updates at boot out of the box Downside is maintenance: Want to upgrade PHP 7.1? Have to bundle a new AMI Then you need to replace all of your machines with machines using the new AMI Think back to 2014: OpenSSL vulnerabilities and upgrading across the board. Not fun!
30 Fully Baked AMI web01 Amazon Linux kernel openssh sudo PHP 7.1 Added users, groups Filesystem setup vim openssl ImageMagick nginx Benefits: The machine is ready to go as soon as it s fully booted Startup time can be a lot faster, because all necessary data was baked into the machine image Stability of packages, more control Amazon Linux installs security updates at boot out of the box Downside is maintenance: Want to upgrade PHP 7.1? Have to bundle a new AMI Then you need to replace all of your machines with machines using the new AMI Think back to 2014: OpenSSL vulnerabilities and upgrading across the board. Not fun!
31 Fully Baked AMI web01 Amazon Linux kernel openssh sudo PHP 7.1 vim ImageMagick Added users, groups Filesystem setup Nginx starts at boot openssl nginx Benefits: The machine is ready to go as soon as it s fully booted Startup time can be a lot faster, because all necessary data was baked into the machine image Stability of packages, more control Amazon Linux installs security updates at boot out of the box Downside is maintenance: Want to upgrade PHP 7.1? Have to bundle a new AMI Then you need to replace all of your machines with machines using the new AMI Think back to 2014: OpenSSL vulnerabilities and upgrading across the board. Not fun!
32 Fully Baked AMI web01 Amazon Linux kernel openssh sudo PHP 7.1 vim ImageMagick openssl nginx Added users, groups Filesystem setup Nginx starts at boot Places code on disk at boot Benefits: The machine is ready to go as soon as it s fully booted Startup time can be a lot faster, because all necessary data was baked into the machine image Stability of packages, more control Amazon Linux installs security updates at boot out of the box Downside is maintenance: Want to upgrade PHP 7.1? Have to bundle a new AMI Then you need to replace all of your machines with machines using the new AMI Think back to 2014: OpenSSL vulnerabilities and upgrading across the board. Not fun!
33 Fully Baked AMI web01 Amazon Linux kernel openssh sudo PHP 7.1 vim ImageMagick openssl nginx Added users, groups Filesystem setup Nginx starts at boot Places code on disk at boot Monitoring scripts, packages Benefits: The machine is ready to go as soon as it s fully booted Startup time can be a lot faster, because all necessary data was baked into the machine image Stability of packages, more control Amazon Linux installs security updates at boot out of the box Downside is maintenance: Want to upgrade PHP 7.1? Have to bundle a new AMI Then you need to replace all of your machines with machines using the new AMI Think back to 2014: OpenSSL vulnerabilities and upgrading across the board. Not fun!
34 Fully Baked AMI web01 Amazon Linux kernel openssh sudo PHP 7.1 vim ImageMagick openssl nginx Added users, groups Filesystem setup Nginx starts at boot Places code on disk at boot Monitoring scripts, packages etc Benefits: The machine is ready to go as soon as it s fully booted Startup time can be a lot faster, because all necessary data was baked into the machine image Stability of packages, more control Amazon Linux installs security updates at boot out of the box Downside is maintenance: Want to upgrade PHP 7.1? Have to bundle a new AMI Then you need to replace all of your machines with machines using the new AMI Think back to 2014: OpenSSL vulnerabilities and upgrading across the board. Not fun!
35 Fully Baked AMI kernel web01 Amazon Linux web02 Amazon openssh Linux web03 sudo PHP 7.1 kernel Amazon openssh Linux vim ImageMagick web04 sudo PHP 7.1 kernel openssl Amazon openssh nginx Linux vim ImageMagick sudo PHP 7.1 kernel openssh openssl nginx vim ImageMagick sudo PHP 7.1 openssl nginx vim ImageMagick Added users, groups Filesystem setup Nginx starts at boot Places code on disk at boot Monitoring scripts, packages etc openssl nginx Benefits: The machine is ready to go as soon as it s fully booted Startup time can be a lot faster, because all necessary data was baked into the machine image Stability of packages, more control Amazon Linux installs security updates at boot out of the box Downside is maintenance: Want to upgrade PHP 7.1? Have to bundle a new AMI Then you need to replace all of your machines with machines using the new AMI Think back to 2014: OpenSSL vulnerabilities and upgrading across the board. Not fun!
36 Considerations Bundling an AMI takes time on the order of an hour or more Might not always make sense to invest this time if you re seldom going to need to add new machines But there s a risk that if you do need them quickly, you have to wait for them to start
37 Considerations How quickly do you need it in the event of a failure? or due to an increase in demand? Bundling an AMI takes time on the order of an hour or more Might not always make sense to invest this time if you re seldom going to need to add new machines But there s a risk that if you do need them quickly, you have to wait for them to start
38 Considerations How quickly do you need it in the event of a failure? or due to an increase in demand? Do you have the time and resources to maintain a fully baked AMI? Bundling an AMI takes time on the order of an hour or more Might not always make sense to invest this time if you re seldom going to need to add new machines But there s a risk that if you do need them quickly, you have to wait for them to start
39 Considerations How quickly do you need it in the event of a failure? or due to an increase in demand? Do you have the time and resources to maintain a fully baked AMI? My recommendation: Start with JeOS + configure at boot You can always create custom AMIs later, if needed Bundling an AMI takes time on the order of an hour or more Might not always make sense to invest this time if you re seldom going to need to add new machines But there s a risk that if you do need them quickly, you have to wait for them to start
40 Fault Tolerance
41 Have at least two of everything Spread web servers between AZs If one AZ loses power, you stay up! But more resources has a cost associated with it! No Single Point of Failure!
42 No Single Point of Failure! Do not have a single point of failure! This can be a server, AZ, or even a region Have at least two of everything Spread web servers between AZs If one AZ loses power, you stay up! But more resources has a cost associated with it!
43 No Single Point of Failure! Do not have a single point of failure! This can be a server, AZ, or even a region Always have at least two of everything Have at least two of everything Spread web servers between AZs If one AZ loses power, you stay up! But more resources has a cost associated with it!
44 No Single Point of Failure! Do not have a single point of failure! This can be a server, AZ, or even a region Always have at least two of everything If an EC2 instance dies, the other remains in service Have at least two of everything Spread web servers between AZs If one AZ loses power, you stay up! But more resources has a cost associated with it!
45 No Single Point of Failure! Do not have a single point of failure! This can be a server, AZ, or even a region Always have at least two of everything If an EC2 instance dies, the other remains in service Holy grail: spread out across multiple regions Have at least two of everything Spread web servers between AZs If one AZ loses power, you stay up! But more resources has a cost associated with it!
46 There s a trade-off between redundancy and cost, though! More hardware in more AZs means more money Use AZs Effectively
47 Use AZs Effectively us-east-1a web web web web db (write) db (read) There s a trade-off between redundancy and cost, though! More hardware in more AZs means more money
48 There s a trade-off between redundancy and cost, though! More hardware in more AZs means more money Use AZs Effectively
49 Use AZs Effectively us-east-1a us-east-1b us-east-1c web web web web web web web web web web db (write) db (read) web db (standby) db (read) web db (read) There s a trade-off between redundancy and cost, though! More hardware in more AZs means more money
50 Leverage Auto Scaling web web web
51 Leverage Auto Scaling web web web Machine resources If CPU > 80% for 5 minutes, scale up
52 Leverage Auto Scaling web web web Machine resources If CPU > 80% for 5 minutes, scale up web web
53 Leverage Auto Scaling Machine resources If CPU > 80% for 5 minutes, scale up web web web web web Threshold of unhealthy instances Want 5 web servers minimum? If one dies, replace it
54 Leverage Auto Scaling Machine resources If CPU > 80% for 5 minutes, scale up web web web web web Threshold of unhealthy instances Want 5 web servers minimum? If one dies, replace it Scale down If CPU < 50% for X minutes, scale down
55 Leverage Auto Scaling Machine resources If CPU > 80% for 5 minutes, scale up web web web web Threshold of unhealthy instances Want 5 web servers minimum? If one dies, replace it Scale down If CPU < 50% for X minutes, scale down
56 Load Balancers
57 Don t use Sticky Sessions!
58 Don t use Sticky Sessions! By default, ELB sends request to instance with smallest load
59 Don t use Sticky Sessions! By default, ELB sends request to instance with smallest load Sticky sessions pin your user to an instance behind ELB
60 Don t use Sticky Sessions! By default, ELB sends request to instance with smallest load Sticky sessions pin your user to an instance behind ELB Uses a cookie to route the same client to a consistent target
61 Don t use Sticky Sessions! By default, ELB sends request to instance with smallest load Sticky sessions pin your user to an instance behind ELB Uses a cookie to route the same client to a consistent target If instance fails, ELB stops routing to that instance; chooses another
62 Don t use Sticky Sessions! By default, ELB sends request to instance with smallest load Sticky sessions pin your user to an instance behind ELB Uses a cookie to route the same client to a consistent target If instance fails, ELB stops routing to that instance; chooses another But you want to spread traffic around!
63 Don t use Sticky Sessions! By default, ELB sends request to instance with smallest load Sticky sessions pin your user to an instance behind ELB Uses a cookie to route the same client to a consistent target If instance fails, ELB stops routing to that instance; chooses another But you want to spread traffic around! As your pool of machines grows, the requests are balanced between them
64 Sticky Sessions UI
65 SSL Termination Load Balancer HTTP, port 80 web web web web web web Terminate SSL on your ELB No more mod_ssl, etc. on your web servers! Single point of SSL termination No need to maintain dependencies on web servers No certificate files sitting on filesystem
66 SSL Termination Load Balancer HTTP, port 80 web web web web web web Terminate SSL on your ELB No more mod_ssl, etc. on your web servers! Single point of SSL termination No need to maintain dependencies on web servers No certificate files sitting on filesystem
67 SSL Termination Load Balancer HTTP, port 80 HTTPS, port 443 web web web web web web Terminate SSL on your ELB No more mod_ssl, etc. on your web servers! Single point of SSL termination No need to maintain dependencies on web servers No certificate files sitting on filesystem
68 SSL Termination Load Balancer HTTP, port 80 HTTPS, port 443 web web web mod_ssl mod_ssl mod_ssl web web web mod_ssl mod_ssl mod_ssl Terminate SSL on your ELB No more mod_ssl, etc. on your web servers! Single point of SSL termination No need to maintain dependencies on web servers No certificate files sitting on filesystem
69 SSL Termination Load Balancer HTTP, port 80 HTTPS, port 443 web web web web web web Terminate SSL on your ELB No more mod_ssl, etc. on your web servers! Single point of SSL termination No need to maintain dependencies on web servers No certificate files sitting on filesystem
70 SSL Termination Load Balancer HTTP, port 80 web web web web web web Terminate SSL on your ELB No more mod_ssl, etc. on your web servers! Single point of SSL termination No need to maintain dependencies on web servers No certificate files sitting on filesystem
71 SSL Termination AWS Certificate Manager SSL Cert Load Balancer HTTP, port 80 web web web web web web Terminate SSL on your ELB No more mod_ssl, etc. on your web servers! Single point of SSL termination No need to maintain dependencies on web servers No certificate files sitting on filesystem
72 Can be used on ELBs, with API Gateway, CloudFront Use AWS Certificate Manager
73 Use AWS Certificate Manager AWS Certificate Manager is amazing for managing SSL certificates, and free! Can be used on ELBs, with API Gateway, CloudFront
74 Use AWS Certificate Manager AWS Certificate Manager is amazing for managing SSL certificates, and free! Uses WHOIS contact information Can be used on ELBs, with API Gateway, CloudFront
75 Use AWS Certificate Manager AWS Certificate Manager is amazing for managing SSL certificates, and free! Uses WHOIS contact information Automatically renews your certificate A single click, and it s renewed Updated everywhere it s used Can be used on ELBs, with API Gateway, CloudFront
76 Use AWS Certificate Manager AWS Certificate Manager is amazing for managing SSL certificates, and free! Uses WHOIS contact information Automatically renews your certificate A single click, and it s renewed Updated everywhere it s used Can import external certificates, too Can be used on ELBs, with API Gateway, CloudFront
77 Use AWS Certificate Manager AWS Certificate Manager is amazing for managing SSL certificates, and free! Uses WHOIS contact information Automatically renews your certificate A single click, and it s renewed Updated everywhere it s used Can import external certificates, too SSL all the things! Can be used on ELBs, with API Gateway, CloudFront
78 Serving Static Content
79 These assets don t change between releases It s okay for them to be cached in the end user s browser Serve from static storage!
80 Serve from static storage! Never serve static content from your web servers These assets don t change between releases It s okay for them to be cached in the end user s browser
81 Serve from static storage! Never serve static content from your web servers JavaScript, CSS, images, fonts, etc These assets don t change between releases It s okay for them to be cached in the end user s browser
82 Serve from static storage! Never serve static content from your web servers JavaScript, CSS, images, fonts, etc Don t use your computing resources These assets don t change between releases It s okay for them to be cached in the end user s browser
83 Serve from static storage! Never serve static content from your web servers JavaScript, CSS, images, fonts, etc Don t use your computing resources Get the content to the end user as quickly as possible These assets don t change between releases It s okay for them to be cached in the end user s browser
84 AWS Simple Storage Service (S3)
85 AWS Simple Storage Service (S3) AWS s object storage service
86 AWS Simple Storage Service (S3) AWS s object storage service You pay by storage utilized, number of requests, and bandwidth
87 AWS Simple Storage Service (S3) AWS s object storage service You pay by storage utilized, number of requests, and bandwidth S3 storage is made up of buckets of objects
88 AWS Simple Storage Service (S3) AWS s object storage service You pay by storage utilized, number of requests, and bandwidth S3 storage is made up of buckets of objects Perfect for storing static assets
89 AWS Simple Storage Service (S3) AWS s object storage service You pay by storage utilized, number of requests, and bandwidth S3 storage is made up of buckets of objects Perfect for storing static assets Store content at build time
90 S3 All have a 99.99% availability guarantee S3 Standard 11 copies of the image % durability 2.3 cents / GB.004 / 10,000 GET requests 10 GB of data = 23 cents/month to store it, $4 for 10 million GET requests directly to S3 Plus data transfer costs Point being: it s CHEAP! You can t store bytes on your own storage in a data center for this Standard-IA You pay less for storage But you pay more for accessing these objects For data that is accessed less frequently, but requires rapid access when needed Long-term storage, backups, and as a data store for disaster recovery RRS - what I d recommend for static content 99.99% durability On the off chance that AWS loses an object, you can put it back! Placing content in S3 should be part of your deployment process
91 S3 All have a 99.99% availability guarantee S3 Standard 11 copies of the image % durability 2.3 cents / GB.004 / 10,000 GET requests 10 GB of data = 23 cents/month to store it, $4 for 10 million GET requests directly to S3 Plus data transfer costs Point being: it s CHEAP! You can t store bytes on your own storage in a data center for this Standard-IA You pay less for storage But you pay more for accessing these objects For data that is accessed less frequently, but requires rapid access when needed Long-term storage, backups, and as a data store for disaster recovery RRS - what I d recommend for static content 99.99% durability On the off chance that AWS loses an object, you can put it back! Placing content in S3 should be part of your deployment process
92 Standard Storage Class S3 All have a 99.99% availability guarantee S3 Standard 11 copies of the image % durability 2.3 cents / GB.004 / 10,000 GET requests 10 GB of data = 23 cents/month to store it, $4 for 10 million GET requests directly to S3 Plus data transfer costs Point being: it s CHEAP! You can t store bytes on your own storage in a data center for this Standard-IA You pay less for storage But you pay more for accessing these objects For data that is accessed less frequently, but requires rapid access when needed Long-term storage, backups, and as a data store for disaster recovery RRS - what I d recommend for static content 99.99% durability On the off chance that AWS loses an object, you can put it back! Placing content in S3 should be part of your deployment process
93 Standard Storage Class S3 All have a 99.99% availability guarantee S3 Standard 11 copies of the image % durability 2.3 cents / GB.004 / 10,000 GET requests 10 GB of data = 23 cents/month to store it, $4 for 10 million GET requests directly to S3 Plus data transfer costs Point being: it s CHEAP! You can t store bytes on your own storage in a data center for this Standard-IA You pay less for storage But you pay more for accessing these objects For data that is accessed less frequently, but requires rapid access when needed Long-term storage, backups, and as a data store for disaster recovery RRS - what I d recommend for static content 99.99% durability On the off chance that AWS loses an object, you can put it back! Placing content in S3 should be part of your deployment process
94 Standard Storage Class S3 Standard - Infrequently Accessed All have a 99.99% availability guarantee S3 Standard 11 copies of the image % durability 2.3 cents / GB.004 / 10,000 GET requests 10 GB of data = 23 cents/month to store it, $4 for 10 million GET requests directly to S3 Plus data transfer costs Point being: it s CHEAP! You can t store bytes on your own storage in a data center for this Standard-IA You pay less for storage But you pay more for accessing these objects For data that is accessed less frequently, but requires rapid access when needed Long-term storage, backups, and as a data store for disaster recovery RRS - what I d recommend for static content 99.99% durability On the off chance that AWS loses an object, you can put it back! Placing content in S3 should be part of your deployment process
95 S3 Standard Storage Class Standard - Infrequently Accessed Reduced Redundancy Storage All have a 99.99% availability guarantee S3 Standard 11 copies of the image % durability 2.3 cents / GB.004 / 10,000 GET requests 10 GB of data = 23 cents/month to store it, $4 for 10 million GET requests directly to S3 Plus data transfer costs Point being: it s CHEAP! You can t store bytes on your own storage in a data center for this Standard-IA You pay less for storage But you pay more for accessing these objects For data that is accessed less frequently, but requires rapid access when needed Long-term storage, backups, and as a data store for disaster recovery RRS - what I d recommend for static content 99.99% durability On the off chance that AWS loses an object, you can put it back! Placing content in S3 should be part of your deployment process
96 Use CloudFront CloudFront operates dozens of POPs around the globe Place CloudFront in front of S3 bucket Global users retrieve content from nearest POP Optimized network path from POPs back to Regions Can be served over both HTTP and HTTPS DDoS protection, too Your content lives at its home origin End user retrieves content from the POP closest to them If POP doesn t have content, retrieves from origin If it does have content, returns it CloudFront caches it, respecting cache headers When you push a new build to Production, it s good to preface static content with a unique value But leave your previous releases in place, in case s or other external things refer to assets from old releases
97 Use CloudFront CloudFront operates dozens of POPs around the globe Place CloudFront in front of S3 bucket Global users retrieve content from nearest POP Optimized network path from POPs back to Regions Can be served over both HTTP and HTTPS DDoS protection, too Your content lives at its home origin End user retrieves content from the POP closest to them If POP doesn t have content, retrieves from origin If it does have content, returns it CloudFront caches it, respecting cache headers When you push a new build to Production, it s good to preface static content with a unique value But leave your previous releases in place, in case s or other external things refer to assets from old releases
98 Use CloudFront CloudFront operates dozens of POPs around the globe Place CloudFront in front of S3 bucket Global users retrieve content from nearest POP Optimized network path from POPs back to Regions Can be served over both HTTP and HTTPS DDoS protection, too Your content lives at its home origin End user retrieves content from the POP closest to them If POP doesn t have content, retrieves from origin If it does have content, returns it CloudFront caches it, respecting cache headers When you push a new build to Production, it s good to preface static content with a unique value But leave your previous releases in place, in case s or other external things refer to assets from old releases
99 Use CloudFront CloudFront operates dozens of POPs around the globe Place CloudFront in front of S3 bucket Global users retrieve content from nearest POP Optimized network path from POPs back to Regions Can be served over both HTTP and HTTPS DDoS protection, too Your content lives at its home origin End user retrieves content from the POP closest to them If POP doesn t have content, retrieves from origin If it does have content, returns it CloudFront caches it, respecting cache headers When you push a new build to Production, it s good to preface static content with a unique value But leave your previous releases in place, in case s or other external things refer to assets from old releases
100 Use CloudFront CloudFront operates dozens of POPs around the globe Place CloudFront in front of S3 bucket Global users retrieve content from nearest POP Optimized network path from POPs back to Regions Can be served over both HTTP and HTTPS DDoS protection, too Your content lives at its home origin End user retrieves content from the POP closest to them If POP doesn t have content, retrieves from origin If it does have content, returns it CloudFront caches it, respecting cache headers When you push a new build to Production, it s good to preface static content with a unique value But leave your previous releases in place, in case s or other external things refer to assets from old releases
101 Security
102 Identity and Access Management How many of you using AWS have access key values in your code? Example: user Bob can access an S3 bucket named data-exports and create objects Example: determine who can launch EC2 instances, DynamoDB database tables they can access, etc. Roles are not associated with a user or group Trusted entities assume roles
103 Identity and Access Management Controls AWS services a user can access How many of you using AWS have access key values in your code? Example: user Bob can access an S3 bucket named data-exports and create objects Example: determine who can launch EC2 instances, DynamoDB database tables they can access, etc. Roles are not associated with a user or group Trusted entities assume roles
104 Identity and Access Management Controls AWS services a user can access Which actions they can perform on those services How many of you using AWS have access key values in your code? Example: user Bob can access an S3 bucket named data-exports and create objects Example: determine who can launch EC2 instances, DynamoDB database tables they can access, etc. Roles are not associated with a user or group Trusted entities assume roles
105 Identity and Access Management Controls AWS services a user can access Which actions they can perform on those services Which resources are available How many of you using AWS have access key values in your code? Example: user Bob can access an S3 bucket named data-exports and create objects Example: determine who can launch EC2 instances, DynamoDB database tables they can access, etc. Roles are not associated with a user or group Trusted entities assume roles
106 Identity and Access Management Controls AWS services a user can access Which actions they can perform on those services Which resources are available Concepts of Users and Roles How many of you using AWS have access key values in your code? Example: user Bob can access an S3 bucket named data-exports and create objects Example: determine who can launch EC2 instances, DynamoDB database tables they can access, etc. Roles are not associated with a user or group Trusted entities assume roles
107 Use IAM Roles on EC2 Instances API requests are signed with access key and secret access key Example: a back end server running cron jobs may need access to write to an S3 bucket You can have an IAM role for cron server, which grants access to only the necessary resources
108 Use IAM Roles on EC2 Instances Assign an IAM Role to an EC2 instance API requests are signed with access key and secret access key Example: a back end server running cron jobs may need access to write to an S3 bucket You can have an IAM role for cron server, which grants access to only the necessary resources
109 Use IAM Roles on EC2 Instances Assign an IAM Role to an EC2 instance Enables you to obtain temporary access keys Can be used to access AWS resources API requests are signed with access key and secret access key Example: a back end server running cron jobs may need access to write to an S3 bucket You can have an IAM role for cron server, which grants access to only the necessary resources
110 Use IAM Roles on EC2 Instances Assign an IAM Role to an EC2 instance Enables you to obtain temporary access keys Can be used to access AWS resources AWS SDKs make requests with credentials from IAM Role API requests are signed with access key and secret access key Example: a back end server running cron jobs may need access to write to an S3 bucket You can have an IAM role for cron server, which grants access to only the necessary resources
111 Use IAM Roles on EC2 Instances Assign an IAM Role to an EC2 instance Enables you to obtain temporary access keys Can be used to access AWS resources AWS SDKs make requests with credentials from IAM Role No storing keys in your code base API requests are signed with access key and secret access key Example: a back end server running cron jobs may need access to write to an S3 bucket You can have an IAM role for cron server, which grants access to only the necessary resources
112 Use IAM Roles on EC2 Instances Assign an IAM Role to an EC2 instance Enables you to obtain temporary access keys Can be used to access AWS resources AWS SDKs make requests with credentials from IAM Role No storing keys in your code base Much more flexible and maintainable API requests are signed with access key and secret access key Example: a back end server running cron jobs may need access to write to an S3 bucket You can have an IAM role for cron server, which grants access to only the necessary resources
113 Security Groups Controls who can get in, and what can go out Example: don t let public hit web servers directly, but DO allow ELBs to connect to them
114 Security Groups Virtual firewall to control inbound and outbound traffic Controls who can get in, and what can go out Example: don t let public hit web servers directly, but DO allow ELBs to connect to them
115 Security Groups Virtual firewall to control inbound and outbound traffic Typically attached to EC2 instances, load balancers, RDS instances Controls who can get in, and what can go out Example: don t let public hit web servers directly, but DO allow ELBs to connect to them
116 Security Groups Virtual firewall to control inbound and outbound traffic Typically attached to EC2 instances, load balancers, RDS instances Only allow traffic in on the necessary ports Controls who can get in, and what can go out Example: don t let public hit web servers directly, but DO allow ELBs to connect to them
117 Security Groups Virtual firewall to control inbound and outbound traffic Typically attached to EC2 instances, load balancers, RDS instances Only allow traffic in on the necessary ports Restrict internal tool access to known IP addresses Controls who can get in, and what can go out Example: don t let public hit web servers directly, but DO allow ELBs to connect to them
118 Principle of Least Privilege
119 Principle of Least Privilege Give users access to only the resources they need
120 Principle of Least Privilege Give users access to only the resources they need This applies to internal and external users
121 Principle of Least Privilege Give users access to only the resources they need This applies to internal and external users Examples: Don t let an IAM role access every single S3 bucket! Specify each Don t allow every port in on a Security Group! Only what needs to be public
122 Relational Databases
123 AWS Relational Database Service
124 AWS Relational Database Service Removes the usual maintenance associated with running databases
125 AWS Relational Database Service Removes the usual maintenance associated with running databases Eases burden of software patches
126 AWS Relational Database Service Removes the usual maintenance associated with running databases Eases burden of software patches Backups / snapshots are incredibly convenient
127 AWS Relational Database Service Removes the usual maintenance associated with running databases Eases burden of software patches Backups / snapshots are incredibly convenient Can scale instances up and down in size
128
129
130 Enhanced durability Synchronous replication to keep standby up-to-date Automatic failover in the event of a failure No administrative intervention needed DNS hostname is modified under the hood Planned maintenance and backups For patches, applied first on standby Then failover, then apply on primary Operate in Multiple AZs
131 Operate in Multiple AZs us-east-1a us-east-1b Primary Standby Enhanced durability Synchronous replication to keep standby up-to-date Automatic failover in the event of a failure No administrative intervention needed DNS hostname is modified under the hood Planned maintenance and backups For patches, applied first on standby Then failover, then apply on primary
132 Operate in Multiple AZs us-east-1a us-east-1b Synchronous replication Primary Standby Enhanced durability Synchronous replication to keep standby up-to-date Automatic failover in the event of a failure No administrative intervention needed DNS hostname is modified under the hood Planned maintenance and backups For patches, applied first on standby Then failover, then apply on primary
133 Operate in Multiple AZs us-east-1a us-east-1b Synchronous replication Primary Standby your-name.cluster-abc123.us-east-1.rds.amazonaws.com Enhanced durability Synchronous replication to keep standby up-to-date Automatic failover in the event of a failure No administrative intervention needed DNS hostname is modified under the hood Planned maintenance and backups For patches, applied first on standby Then failover, then apply on primary
134 Operate in Multiple AZs us-east-1a us-east-1b Synchronous replication Primary Standby your-name.cluster-abc123.us-east-1.rds.amazonaws.com Enhanced durability Synchronous replication to keep standby up-to-date Automatic failover in the event of a failure No administrative intervention needed DNS hostname is modified under the hood Planned maintenance and backups For patches, applied first on standby Then failover, then apply on primary
135 Operate in Multiple AZs us-east-1a us-east-1b Synchronous replication Primary Standby your-name.cluster-abc123.us-east-1.rds.amazonaws.com Enhanced durability Synchronous replication to keep standby up-to-date Automatic failover in the event of a failure No administrative intervention needed DNS hostname is modified under the hood Planned maintenance and backups For patches, applied first on standby Then failover, then apply on primary
136 Operate in Multiple AZs us-east-1a us-east-1b Synchronous replication Primary Standby Patch: standby first your-name.cluster-abc123.us-east-1.rds.amazonaws.com Enhanced durability Synchronous replication to keep standby up-to-date Automatic failover in the event of a failure No administrative intervention needed DNS hostname is modified under the hood Planned maintenance and backups For patches, applied first on standby Then failover, then apply on primary
137 Operate in Multiple AZs us-east-1a us-east-1b Synchronous replication Primary Standby Patch: primary next Patch: standby first your-name.cluster-abc123.us-east-1.rds.amazonaws.com Enhanced durability Synchronous replication to keep standby up-to-date Automatic failover in the event of a failure No administrative intervention needed DNS hostname is modified under the hood Planned maintenance and backups For patches, applied first on standby Then failover, then apply on primary
138 Distribute read operations us-east-1a Writer There s a cost associated with it, though! And you should have some sort of a need for it Read-only hostname, round-robin between read replicas Don t have to change application code as you add new reader instances
139 Distribute read operations us-east-1a us-east-1b us-east-1c Writer Reader Reader us-east-1d us-east-1e Reader Reader There s a cost associated with it, though! And you should have some sort of a need for it Read-only hostname, round-robin between read replicas Don t have to change application code as you add new reader instances
140 Distribute read operations us-east-1a us-east-1b us-east-1c Writer Reader Reader us-east-1d us-east-1e Reader Reader your-name.cluster-ro-abc123.us-east-1.rds.amazonaws.com There s a cost associated with it, though! And you should have some sort of a need for it Read-only hostname, round-robin between read replicas Don t have to change application code as you add new reader instances
141 Storage allotment will grow as your data set grows, in 10 GB increments Each 10 GB chunk replicated 6 ways, across 3 availability zones Launch a read replica in minutes Bit of a price premium, depending on your needs AWS Aurora!
142 AWS Aurora! Completely re-imagined storage of data Storage allotment will grow as your data set grows, in 10 GB increments Each 10 GB chunk replicated 6 ways, across 3 availability zones Launch a read replica in minutes Bit of a price premium, depending on your needs
143 AWS Aurora! Completely re-imagined storage of data Greatly reduces replica lag to single-digit milliseconds Storage allotment will grow as your data set grows, in 10 GB increments Each 10 GB chunk replicated 6 ways, across 3 availability zones Launch a read replica in minutes Bit of a price premium, depending on your needs
144 AWS Aurora! Completely re-imagined storage of data Greatly reduces replica lag to single-digit milliseconds Read replicas launch in minutes Storage allotment will grow as your data set grows, in 10 GB increments Each 10 GB chunk replicated 6 ways, across 3 availability zones Launch a read replica in minutes Bit of a price premium, depending on your needs
145 AWS Aurora! Completely re-imagined storage of data Greatly reduces replica lag to single-digit milliseconds Read replicas launch in minutes Run MySQL or PostgreSQL engines on top Storage allotment will grow as your data set grows, in 10 GB increments Each 10 GB chunk replicated 6 ways, across 3 availability zones Launch a read replica in minutes Bit of a price premium, depending on your needs
146 Logging
147 Centralize Application Logs
148 Centralize Application Logs Web servers (PHP error log, Apache logs)
149 Centralize Application Logs Web servers (PHP error log, Apache logs) Cron jobs
150 Centralize Application Logs Web servers (PHP error log, Apache logs) Cron jobs Asynchronous processes
151 Centralize Application Logs Web servers (PHP error log, Apache logs) Cron jobs Asynchronous processes You need to be able to access these at any time
152 CloudWatch Logs
153 CloudWatch Logs CloudWatch Logs agent runs on EC2 instance
154 CloudWatch Logs CloudWatch Logs agent runs on EC2 instance Polls local log files on disk and copies to CW Logs
155 CloudWatch Logs CloudWatch Logs agent runs on EC2 instance Polls local log files on disk and copies to CW Logs Broken up into Log Groups and Log Streams Log Group: Apache access log, error log, PHP error log Log Stream: log entries from a specific instance
156 CW Logs Agent Install $ sudo yum install awslogs $ sudo service awslogs start [messages] file = /var/log/messages log_group_name = /var/log/messages log_stream_name = {instance_id} datetime_format = %b %d %H:%M:%S
157 CW Logs Console
158 Make Them Searchable
159 Make Them Searchable Elasticsearch (Amazon ES) OSS utilities to tail Elasticsearch indexes
160 Make Them Searchable Elasticsearch (Amazon ES) OSS utilities to tail Elasticsearch indexes Amazon ES includes Kibana
161 Make Them Searchable Elasticsearch (Amazon ES) OSS utilities to tail Elasticsearch indexes Amazon ES includes Kibana Allows you to spot trends over time
162 Make Them Searchable Elasticsearch (Amazon ES) OSS utilities to tail Elasticsearch indexes Amazon ES includes Kibana Allows you to spot trends over time Dig through data for specific entries, time periods, etc.
163 Kibana
164 Kibana
165 Proactively monitor and alert! Don t let your boss or your customers find a problem first! Examples: amount of PHP error log entries too high Too many photos waiting to be processed # of s sent in the past 15 minutes is over a certain threshold Database CPU utilization over 80%
166 Proactively monitor and alert! Logs should really be empty day-to-day Don t let your boss or your customers find a problem first! Examples: amount of PHP error log entries too high Too many photos waiting to be processed # of s sent in the past 15 minutes is over a certain threshold Database CPU utilization over 80%
167 Proactively monitor and alert! Logs should really be empty day-to-day If they re not right now, fix that first Don t let your boss or your customers find a problem first! Examples: amount of PHP error log entries too high Too many photos waiting to be processed # of s sent in the past 15 minutes is over a certain threshold Database CPU utilization over 80%
168 Proactively monitor and alert! Logs should really be empty day-to-day If they re not right now, fix that first CloudWatch Alerts for log entries over threshold Don t let your boss or your customers find a problem first! Examples: amount of PHP error log entries too high Too many photos waiting to be processed # of s sent in the past 15 minutes is over a certain threshold Database CPU utilization over 80%
169 Proactively monitor and alert! Logs should really be empty day-to-day If they re not right now, fix that first CloudWatch Alerts for log entries over threshold Amazon Simple Notification Service: get paged, wake up! Don t let your boss or your customers find a problem first! Examples: amount of PHP error log entries too high Too many photos waiting to be processed # of s sent in the past 15 minutes is over a certain threshold Database CPU utilization over 80%
170 Proactively monitor and alert! Logs should really be empty day-to-day If they re not right now, fix that first CloudWatch Alerts for log entries over threshold Amazon Simple Notification Service: get paged, wake up! Develop as to avoid being woken up by pages Don t let your boss or your customers find a problem first! Examples: amount of PHP error log entries too high Too many photos waiting to be processed # of s sent in the past 15 minutes is over a certain threshold Database CPU utilization over 80%
171 Recap
172 Operating Servers
173 Operating Servers Choose an EC2 AMI strategy that suits your needs
174 Operating Servers Choose an EC2 AMI strategy that suits your needs Don t have an SPOF
175 Operating Servers Choose an EC2 AMI strategy that suits your needs Don t have an SPOF Spread resources over AZs and/or Regions
176 Operating Servers Choose an EC2 AMI strategy that suits your needs Don t have an SPOF Spread resources over AZs and/or Regions Keep SSL simple
177 Static Content
178 Static Content Don t serve it from your web servers!
179 Static Content Don t serve it from your web servers! Utilize S3 for all static content storage
180 Static Content Don t serve it from your web servers! Utilize S3 for all static content storage Leverage CloudFront for better global performance
181 Security
182 Security Leverage IAM Roles to grant access to types of servers
183 Security Leverage IAM Roles to grant access to types of servers Limit Security Groups to only what s needed in and outbound
Lassoing the Clouds: Best Practices on AWS. Brian DeShong May 26, 2017
Lassoing the Clouds: Best Practices on AWS Brian DeShong May 26, 2017 Who am I? Who am I? Who am I? Who am I? Agenda Agenda Running web servers Agenda Running web servers Serving static content Agenda
More informationLassoing the Clouds: Best Practices on AWS. Brian DeShong May 26, 2017
Lassoing the Clouds: Best Practices on AWS Brian DeShong May 26, 2017 Who am I? Agenda Running web servers Serving static content Security-related concerns Databases Logging Regions + Availability Zones
More informationARCHITECTING WEB APPLICATIONS FOR THE CLOUD: DESIGN PRINCIPLES AND PRACTICAL GUIDANCE FOR AWS
ARCHITECTING WEB APPLICATIONS FOR THE CLOUD: DESIGN PRINCIPLES AND PRACTICAL GUIDANCE FOR AWS Dr Adnene Guabtni, Senior Research Scientist, NICTA/Data61, CSIRO Adnene.Guabtni@csiro.au EC2 S3 ELB RDS AMI
More informationAmazon Web Services (AWS) Solutions Architect Intermediate Level Course Content
Amazon Web Services (AWS) Solutions Architect Intermediate Level Course Content Introduction to Cloud Computing A Short history Client Server Computing Concepts Challenges with Distributed Computing Introduction
More informationEnroll Now to Take online Course Contact: Demo video By Chandra sir
Enroll Now to Take online Course www.vlrtraining.in/register-for-aws Contact:9059868766 9985269518 Demo video By Chandra sir www.youtube.com/watch?v=8pu1who2j_k Chandra sir Class 01 https://www.youtube.com/watch?v=fccgwstm-cc
More informationTraining on Amazon AWS Cloud Computing. Course Content
Training on Amazon AWS Cloud Computing Course Content 15 Amazon Web Services (AWS) Cloud Computing 1) Introduction to cloud computing Introduction to Cloud Computing Why Cloud Computing? Benefits of Cloud
More informationAmazon Web Services Training. Training Topics:
Amazon Web Services Training Training Topics: SECTION1: INTRODUCTION TO CLOUD COMPUTING A Short history Client Server Computing Concepts Challenges with Distributed Computing Introduction to Cloud Computing
More informationAWS Well Architected Framework
AWS Well Architected Framework What We Will Cover The Well-Architected Framework Key Best Practices How to Get Started Resources Main Pillars Security Reliability Performance Efficiency Cost Optimization
More informationCloud Computing /AWS Course Content
Cloud Computing /AWS Course Content 1. Amazon VPC What is Amazon VPC? How to Get Started with Amazon VPC Create New VPC Launch an instance (Server) to use this VPC Security in Your VPC Networking in Your
More informationAurora, RDS, or On-Prem, Which is right for you
Aurora, RDS, or On-Prem, Which is right for you Kathy Gibbs Database Specialist TAM Katgibbs@amazon.com Santa Clara, California April 23th 25th, 2018 Agenda RDS Aurora EC2 On-Premise Wrap-up/Recommendation
More informationAWS Course Syllabus. Linux Fundamentals. Installation and Initialization:
AWS Course Syllabus Linux Fundamentals Installation and Initialization: Installation, Package Selection Anatomy of a Kickstart File, Command line Introduction to Bash Shell System Initialization, Starting
More informationAWS Solution Architect Associate
AWS Solution Architect Associate 1. Introduction to Amazon Web Services Overview Introduction to Cloud Computing History of Amazon Web Services Why we should Care about Amazon Web Services Overview of
More informationOverview of AWS Security - Database Services
Overview of AWS Security - Database Services June 2016 (Please consult http://aws.amazon.com/security/ for the latest version of this paper) 2016, Amazon Web Services, Inc. or its affiliates. All rights
More informationCIT 668: System Architecture. Amazon Web Services
CIT 668: System Architecture Amazon Web Services Topics 1. AWS Global Infrastructure 2. Foundation Services 1. Compute 2. Storage 3. Database 4. Network 3. AWS Economics Amazon Services Architecture Regions
More informationPrepAwayExam. High-efficient Exam Materials are the best high pass-rate Exam Dumps
PrepAwayExam http://www.prepawayexam.com/ High-efficient Exam Materials are the best high pass-rate Exam Dumps Exam : SAA-C01 Title : AWS Certified Solutions Architect - Associate (Released February 2018)
More informationAmazon AWS-Solution-Architect-Associate Exam
Volume: 858 Questions Question: 1 You are trying to launch an EC2 instance, however the instance seems to go into a terminated status immediately. What would probably not be a reason that this is happening?
More informationAgenda. AWS Database Services Traditional vs AWS Data services model Amazon RDS Redshift DynamoDB ElastiCache
Databases on AWS 2017 Amazon Web Services, Inc. and its affiliates. All rights served. May not be copied, modified, or distributed in whole or in part without the express consent of Amazon Web Services,
More informationAmazon Web Services (AWS) Training Course Content
Amazon Web Services (AWS) Training Course Content SECTION 1: CLOUD COMPUTING INTRODUCTION History of Cloud Computing Concept of Client Server Computing Distributed Computing and it s Challenges What is
More informationAWS_SOA-C00 Exam. Volume: 758 Questions
Volume: 758 Questions Question: 1 A user has created photo editing software and hosted it on EC2. The software accepts requests from the user about the photo format and resolution and sends a message to
More informationDesigning Fault-Tolerant Applications
Designing Fault-Tolerant Applications Miles Ward Enterprise Solutions Architect Building Fault-Tolerant Applications on AWS White paper published last year Sharing best practices We d like to hear your
More informationBERLIN. 2015, Amazon Web Services, Inc. or its affiliates. All rights reserved
BERLIN 2015, Amazon Web Services, Inc. or its affiliates. All rights reserved Building Multi-Region Applications Jan Metzner, Solutions Architect Brian Wagner, Solutions Architect 2015, Amazon Web Services,
More informationDocument Sub Title. Yotpo. Technical Overview 07/18/ Yotpo
Document Sub Title Yotpo Technical Overview 07/18/2016 2015 Yotpo Contents Introduction... 3 Yotpo Architecture... 4 Yotpo Back Office (or B2B)... 4 Yotpo On-Site Presence... 4 Technologies... 5 Real-Time
More informationDesign Patterns for the Cloud. MCSN - N. Tonellotto - Distributed Enabling Platforms 68
Design Patterns for the Cloud 68 based on Amazon Web Services Architecting for the Cloud: Best Practices Jinesh Varia http://media.amazonwebservices.com/aws_cloud_best_practices.pdf 69 Amazon Web Services
More informationNGF0502 AWS Student Slides
NextGen Firewall AWS Use Cases Barracuda NextGen Firewall F Implementation Guide Architectures and Deployments Based on four use cases Edge Firewall Secure Remote Access Office to Cloud / Hybrid Cloud
More informationSAA-C01. AWS Solutions Architect Associate. Exam Summary Syllabus Questions
SAA-C01 AWS Solutions Architect Associate Exam Summary Syllabus Questions Table of Contents Introduction to SAA-C01 Exam on AWS Solutions Architect Associate... 2 AWS SAA-C01 Certification Details:...
More informationAmazon. Exam Questions AWS-Certified-Solutions-Architect- Professional. AWS-Certified-Solutions-Architect-Professional.
Amazon Exam Questions AWS-Certified-Solutions-Architect- Professional AWS-Certified-Solutions-Architect-Professional Version:Demo 1.. The MySecureData company has five branches across the globe. They want
More informationAWS Administration. Suggested Pre-requisites Basic IT Knowledge
Course Description Amazon Web Services Administration (AWS Administration) course starts your Cloud Journey. If you are planning to learn Cloud Computing and Amazon Web Services in particular, then this
More informationTestkingPass. Reliable test dumps & stable pass king & valid test questions
TestkingPass http://www.testkingpass.com Reliable test dumps & stable pass king & valid test questions Exam : AWS-Solutions-Architect- Associate Title : AWS Certified Solutions Architect - Associate Vendor
More informationBERLIN. 2015, Amazon Web Services, Inc. or its affiliates. All rights reserved
BERLIN 2015, Amazon Web Services, Inc. or its affiliates. All rights reserved Amazon Aurora: Amazon s New Relational Database Engine Carlos Conde Technology Evangelist @caarlco 2015, Amazon Web Services,
More informationAbout Intellipaat. About the Course. Why Take This Course?
About Intellipaat Intellipaat is a fast growing professional training provider that is offering training in over 150 most sought-after tools and technologies. We have a learner base of 600,000 in over
More informationLINUX, WINDOWS(MCSE),
Virtualization Foundation Evolution of Virtualization Virtualization Basics Virtualization Types (Type1 & Type2) Virtualization Demo (VMware ESXi, Citrix Xenserver, Hyper-V, KVM) Cloud Computing Foundation
More informationAWS Solutions Architect Associate (SAA-C01) Sample Exam Questions
1) A company is storing an access key (access key ID and secret access key) in a text file on a custom AMI. The company uses the access key to access DynamoDB tables from instances created from the AMI.
More informationThe Cloud's Cutting Edge: ArcGIS for Server Use Cases for Amazon Web Services. David Cordes David McGuire Jim Herries Sridhar Karra
The Cloud's Cutting Edge: ArcGIS for Server Use Cases for Amazon Web Services David Cordes David McGuire Jim Herries Sridhar Karra Atlas Maps Jim Herries Atlas sample application The Esri Thematic Atlas
More informationCPM. Quick Start Guide V2.4.0
CPM Quick Start Guide V2.4.0 1 Content 1 Introduction... 3 Launching the instance... 3 CloudFormation... 3 CPM Server Instance Connectivity... 3 2 CPM Server Instance Configuration... 4 CPM Server Configuration...
More informationHow can you implement this through a script that a scheduling daemon runs daily on the application servers?
You ve been tasked with implementing an automated data backup solution for your application servers that run on Amazon EC2 with Amazon EBS volumes. You want to use a distributed data store for your backups
More informationAmazon Web Services Course Outline
Amazon Web Services Course Outline Tr Real Time Trainers 100% Placement Assistance Small Training Batch Hands on Experience Certification Support Video Tutorials will be provided Life Time Support will
More informationOracle WebLogic Server 12c on AWS. December 2018
Oracle WebLogic Server 12c on AWS December 2018 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Notices This document is provided for informational purposes only. It represents
More informationMove Amazon RDS MySQL Databases to Amazon VPC using Amazon EC2 ClassicLink and Read Replicas
Move Amazon RDS MySQL Databases to Amazon VPC using Amazon EC2 ClassicLink and Read Replicas July 2017 2017, Amazon Web Services, Inc. or its affiliates. All rights reserved. Notices This document is provided
More informationAmazon Aurora Relational databases reimagined.
Amazon Aurora Relational databases reimagined. Ronan Guilfoyle, Solutions Architect, AWS Brian Scanlan, Engineer, Intercom 2015, Amazon Web Services, Inc. or its affiliates. All rights reserved Current
More informationAmazon AWS-DevOps-Engineer-Professional Exam
Volume: 173 Questions Question: 1 What method should I use to author automation if I want to wait for a CloudFormation stack to finish completing in a script? A. Event subscription using SQS. B. Event
More informationIntroduction to Database Services
Introduction to Database Services Shaun Pearce AWS Solutions Architect 2015, Amazon Web Services, Inc. or its affiliates. All rights reserved Today s agenda Why managed database services? A non-relational
More informationAt Course Completion Prepares you as per certification requirements for AWS Developer Associate.
[AWS-DAW]: AWS Cloud Developer Associate Workshop Length Delivery Method : 4 days : Instructor-led (Classroom) At Course Completion Prepares you as per certification requirements for AWS Developer Associate.
More informationWe are ready to serve Latest IT Trends, Are you ready to learn? New Batches Info
We are ready to serve Latest IT Trends, Are you ready to learn? New Batches Info START DATE : TIMINGS : DURATION : TYPE OF BATCH : FEE : FACULTY NAME : LAB TIMINGS : Storage & Database Services : Introduction
More informationDeploy. A step-by-step guide to successfully deploying your new app with the FileMaker Platform
Deploy A step-by-step guide to successfully deploying your new app with the FileMaker Platform Share your custom app with your team! Now that you ve used the Plan Guide to define your custom app requirements,
More informationArcGIS 10.3 Server on Amazon Web Services
ArcGIS 10.3 Server on Amazon Web Services Copyright 1995-2016 Esri. All rights reserved. Table of Contents Introduction What is ArcGIS Server on Amazon Web Services?............................... 5 Quick
More informationLean & Mean on AWS: Cost-Effective Architectures. Constantin Gonzalez, Solutions Architect, AWS
Lean & Mean on AWS: Cost-Effective Architectures Constantin Gonzalez, Solutions Architect, AWS What you ll get out of this session A lower AWS bill A more scalable, robust, dynamic architecture More time
More informationDeploying High Availability and Business Resilient R12 Applications over the Cloud
Deploying High Availability and Business Resilient R12 Applications over the Cloud Session ID#: 13773 Deploying R12 applications over the cloud - The best practices you need to know and the pitfalls to
More informationHighly Available Database Architectures in AWS. Santa Clara, California April 23th 25th, 2018 Mike Benshoof, Technical Account Manager, Percona
Highly Available Database Architectures in AWS Santa Clara, California April 23th 25th, 2018 Mike Benshoof, Technical Account Manager, Percona Hello, Percona Live Attendees! What this talk is meant to
More informationWhat is Cloud Computing? What are the Private and Public Clouds? What are IaaS, PaaS, and SaaS? What is the Amazon Web Services (AWS)?
What is Cloud Computing? What are the Private and Public Clouds? What are IaaS, PaaS, and SaaS? What is the Amazon Web Services (AWS)? What is Amazon Machine Image (AMI)? Amazon Elastic Compute Cloud (EC2)?
More informationIntroduction to Amazon Web Services
Introduction to Amazon Web Services Introduction Amazon Web Services (AWS) is a collection of remote infrastructure services mainly in the Infrastructure as a Service (IaaS) category, with some services
More informationPracticeDump. Free Practice Dumps - Unlimited Free Access of practice exam
PracticeDump http://www.practicedump.com Free Practice Dumps - Unlimited Free Access of practice exam Exam : AWS-Developer Title : AWS Certified Developer - Associate Vendor : Amazon Version : DEMO Get
More informationBeBanjo Infrastructure and Security Overview
BeBanjo Infrastructure and Security Overview Can you trust Software-as-a-Service (SaaS) to run your business? Is your data safe in the cloud? At BeBanjo, we firmly believe that SaaS delivers great benefits
More informationHOW TO PLAN & EXECUTE A SUCCESSFUL CLOUD MIGRATION
HOW TO PLAN & EXECUTE A SUCCESSFUL CLOUD MIGRATION Steve Bertoldi, Solutions Director, MarkLogic Agenda Cloud computing and on premise issues Comparison of traditional vs cloud architecture Review of use
More informationServerless Architecture Hochskalierbare Anwendungen ohne Server. Sascha Möllering, Solutions Architect
Serverless Architecture Hochskalierbare Anwendungen ohne Server Sascha Möllering, Solutions Architect Agenda Serverless Architecture AWS Lambda Amazon API Gateway Amazon DynamoDB Amazon S3 Serverless Framework
More informationScaling on AWS. From 1 to 10 Million Users. Matthias Jung, Solutions Architect
Berlin 2015 Scaling on AWS From 1 to 10 Million Users Matthias Jung, Solutions Architect AWS @jungmats How to Scale? lot of results not the right starting point What is the right starting point? First
More informationExam Questions AWS-Certified- Developer-Associate
Exam Questions AWS-Certified- Developer-Associate Amazon AWS Certified Developer Associate https://www.2passeasy.com/dumps/aws-certified- Developer-Associate/ 1. When using Amazon SQS how much data can
More informationCloud Services. Introduction
Introduction adi Digital have developed a resilient, secure, flexible, high availability Software as a Service (SaaS) cloud platform. This Platform provides a simple to use, cost effective and convenient
More informationAWS: Basic Architecture Session SUNEY SHARMA Solutions Architect: AWS
AWS: Basic Architecture Session SUNEY SHARMA Solutions Architect: AWS suneys@amazon.com AWS Core Infrastructure and Services Traditional Infrastructure Amazon Web Services Security Security Firewalls ACLs
More informationRunning MySQL on AWS. Michael Coburn Wednesday, April 15th, 2015
Running MySQL on AWS Michael Coburn Wednesday, April 15th, 2015 Who am I? 2 Senior Architect with Percona 3 years on Friday! Canadian but I now live in Costa Rica I see 3-10 different customer environments
More informationPARTLY CLOUDY DESIGN & DEVELOPMENT OF A HYBRID CLOUD SYSTEM
PARTLY CLOUDY DESIGN & DEVELOPMENT OF A HYBRID CLOUD SYSTEM This project is focused on building and implementing a single course exploration and enrollment solution that is intuitive, interactive, and
More informationPostgres in Amazon RDS. Denish Patel Lead Database Architect
Postgres in Amazon RDS / Denish Patel Lead Database Architect Who am I? Database Architect with OmniTI for last 7+ years Expertise in PostgreSQL, Oracle, MySQL, NoSQL Contact : denish@omniti.com, Twitter:
More informationCloud Providers more AWS, Aneka
Basics of Cloud Computing Lecture 6 Cloud Providers more AWS, Aneka and GAE Satish Srirama Outline More AWS Some more PaaS Aneka Google App Engine Force.com 16.05.2012 Satish Srirama 2/51 Recap Last lecture
More informationPass4test Certification IT garanti, The Easy Way!
Pass4test Certification IT garanti, The Easy Way! http://www.pass4test.fr Service de mise à jour gratuit pendant un an Exam : SOA-C01 Title : AWS Certified SysOps Administrator - Associate Vendor : Amazon
More informationAWS Lambda: Event-driven Code in the Cloud
AWS Lambda: Event-driven Code in the Cloud Dean Bryen, Solutions Architect AWS Andrew Wheat, Senior Software Engineer - BBC April 15, 2015 London, UK 2015, Amazon Web Services, Inc. or its affiliates.
More informationFilters AWS CLI syntax, 43 Get methods, 43 Where-Object command, 43
Index Symbols AWS Architecture availability zones (AZs), 3 cloud computing, 1 regions amazon global infrastructure, 2 Govcloud, 3 list and locations, 3 services compute, 5 management, 4 monitoring, 6 network,
More informationIntroduction to Amazon Cloud & EC2 Overview
Introduction to Amazon Cloud & EC2 Overview 2015 Amazon Web Services, Inc. and its affiliates. All rights served. May not be copied, modified, or distributed in whole or in part without the express consent
More informationIntroduction to Cloud Computing
You will learn how to: Build and deploy cloud applications and develop an effective implementation strategy Leverage cloud vendors Amazon EC2 and Amazon S3 Exploit Software as a Service (SaaS) to optimize
More informationCogniFit Technical Security Details
Security Details CogniFit Technical Security Details CogniFit 2018 Table of Contents 1. Security 1.1 Servers........................ 3 1.2 Databases............................3 1.3 Network configuration......................
More informationCompute - 36 PCPUs (72 vcpus) - Intel Xeon E5 2686 v4 (Broadwell) - 512GB RAM - 8 x 2TB NVMe local SSD - Dedicated Host vsphere Features - vsphere HA - vmotion - DRS - Elastic DRS Storage - ESXi boot-from-ebs
More informationLinux Administration
Linux Administration This course will cover all aspects of Linux Certification. At the end of the course delegates will have the skills required to administer a Linux System. It is designed for professionals
More informationAmazon Aurora Deep Dive
Amazon Aurora Deep Dive Kevin Jernigan, Sr. Product Manager Amazon Aurora PostgreSQL Amazon RDS for PostgreSQL May 18, 2017 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Agenda
More informationHigh Noon at AWS. ~ Amazon MySQL RDS versus Tungsten Clustering running MySQL on AWS EC2
High Noon at AWS ~ Amazon MySQL RDS versus Tungsten Clustering running MySQL on AWS EC2 Introduction Amazon Web Services (AWS) are gaining popularity, and for good reasons. The Amazon Relational Database
More informationWhat to expect from the session Technical recap VMware Cloud on AWS {Sample} Integration use case Services introduction & solution designs Solution su
LHC3376BES AWS Native Services Integration with VMware Cloud on AWS Technical Deep Dive Ian Massingham, Worldwide Lead, AWS Technical Evangelism Paul Bockelman, AWS Principal Solutions Architect (WWPS)
More informationFault-Tolerant Computer System Design ECE 695/CS 590. Putting it All Together
Fault-Tolerant Computer System Design ECE 695/CS 590 Putting it All Together Saurabh Bagchi ECE/CS Purdue University ECE 695/CS 590 1 Outline Looking at some practical systems that integrate multiple techniques
More informationScaling DreamFactory
Scaling DreamFactory This white paper is designed to provide information to enterprise customers about how to scale a DreamFactory Instance. The sections below talk about horizontal, vertical, and cloud
More informationWhich technology to choose in AWS?
Which technology to choose in AWS? RDS / Aurora / Roll-your-own April 17, 2018 Daniel Kowalewski Senior Technical Operations Engineer Percona 1 2017 Percona AWS MySQL options RDS for MySQL Aurora MySQL
More informationDeploy and Secure an Internet Facing Application with the Barracuda Web Application Firewall in Amazon Web Services
Deploy and Secure an Internet Facing Application with the in Amazon Web In this lab, you will deploy an unsecure web application into Amazon Web (AWS), and then secure the application using the. To create
More informationCloudera s Enterprise Data Hub on the Amazon Web Services Cloud: Quick Start Reference Deployment October 2014
Cloudera s Enterprise Data Hub on the Amazon Web Services Cloud: Quick Start Reference Deployment October 2014 Karthik Krishnan Page 1 of 20 Table of Contents Table of Contents... 2 Abstract... 3 What
More informationBetter, Faster, Stronger web apps with Amazon Web Services. Senior Technology Evangelist, Amazon Web Services
Better, Faster, Stronger web apps with Amazon Web Services Simone Brunozzi ( @simon ) Senior Technology Evangelist, Amazon Web Services (from the previous presentation) Knowledge starts from great questions.
More informationAdvanced Architectures for Oracle Database on Amazon EC2
Advanced Architectures for Oracle Database on Amazon EC2 Abdul Sathar Sait Jinyoung Jung Amazon Web Services November 2014 Last update: April 2016 Contents Abstract 2 Introduction 3 Oracle Database Editions
More informationAre You Sure Your AWS Cloud Is Secure? Alan Williamson Solution Architect at TriNimbus
Are You Sure Your AWS Cloud Is Secure? Alan Williamson Solution Architect at TriNimbus 1 60 Second AWS Security Review 2 AWS Terminology Identity and Access Management (IAM) - AWS Security Service to manage
More informationNetwork Security & Access Control in AWS
Network Security & Access Control in AWS Ian Massingham, Technical Evangelist @IanMmmm 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Account Security Day One Governance Account
More informationElastic Compute Service. Quick Start for Windows
Overview Purpose of this document This document describes how to quickly create an instance running Windows, connect to an instance remotely, and deploy the environment. It is designed to walk you through
More informationS U M M I T B e r l i n
Berlin SessionID ECS + Fargate Deep Dive Ric Harvey Technical Developer Evangelist Amazon Web Services rjh@amazon.com @ric Harvey https://gitlab.com/ric_harvey/bl_practical_fargate CONTAINERS, CONTAINERS,
More informationGetting Started with AWS Security
Getting Started with AWS Security Tomas Clemente Sanchez Senior Consultant Security, Risk and Compliance September 21st 2017 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Move
More informationAmazon Web Services. Block 402, 4 th Floor, Saptagiri Towers, Above Pantaloons, Begumpet Main Road, Hyderabad Telangana India
(AWS) Overview: AWS is a cloud service from Amazon, which provides services in the form of building blocks, these building blocks can be used to create and deploy various types of application in the cloud.
More informationZombie Apocalypse Workshop
Zombie Apocalypse Workshop Building Serverless Microservices Danilo Poccia @danilop Paolo Latella @LatellaPaolo September 22 nd, 2016 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
More informationPOSTGRESQL ON AWS: TIPS & TRICKS (AND HORROR STORIES) ALEXANDER KUKUSHKIN. PostgresConf US
POSTGRESQL ON AWS: TIPS & TRICKS (AND HORROR STORIES) ALEXANDER KUKUSHKIN PostgresConf US 2018 2018-04-20 ABOUT ME Alexander Kukushkin Database Engineer @ZalandoTech Email: alexander.kukushkin@zalando.de
More informationBuilding a Modular and Scalable Virtual Network Architecture with Amazon VPC
Building a Modular and Scalable Virtual Network Architecture with Amazon VPC Quick Start Reference Deployment Santiago Cardenas Solutions Architect, AWS Quick Start Reference Team August 2016 (revisions)
More informationManaging IoT and Time Series Data with Amazon ElastiCache for Redis
Managing IoT and Time Series Data with ElastiCache for Redis Darin Briskman, ElastiCache Developer Outreach Michael Labib, Specialist Solutions Architect 2016, Web Services, Inc. or its Affiliates. All
More informationCrypto-Options on AWS. Bertram Dorn Specialized Solutions Architect Security/Compliance Network/Databases Amazon Web Services Germany GmbH
Crypto-Options on AWS Bertram Dorn Specialized Solutions Architect Security/Compliance Network/Databases Amazon Web Services Germany GmbH Amazon.com, Inc. and its affiliates. All rights reserved. Agenda
More informationScalability of web applications
Scalability of web applications CSCI 470: Web Science Keith Vertanen Copyright 2014 Scalability questions Overview What's important in order to build scalable web sites? High availability vs. load balancing
More informationTesting in AWS. Let s go back to the lambda function(sample-hello) you made before. - AWS Lambda - Select Simple-Hello
Testing in AWS Let s go back to the lambda function(sample-hello) you made before. - AWS Lambda - Select Simple-Hello Testing in AWS Simulate events and have the function react to them. Click the down
More informationInstalling SmartSense on HDP
1 Installing SmartSense on HDP Date of Publish: 2018-07-12 http://docs.hortonworks.com Contents SmartSense installation... 3 SmartSense system requirements... 3 Operating system, JDK, and browser requirements...3
More informationIntroduction to Amazon Web Services. Jeff Barr Senior AWS /
Introduction to Amazon Web Services Jeff Barr Senior AWS Evangelist @jeffbarr / jbarr@amazon.com What Does It Take to be a Global Online Retailer? The Obvious Part And the Not-So Obvious Part How Did
More informationGoing Serverless. Building Production Applications Without Managing Infrastructure
Going Serverless Building Production Applications Without Managing Infrastructure Objectives of this talk Outline what serverless means Discuss AWS Lambda and its considerations Delve into common application
More informationUse Case: Scalable applications
Use Case: Scalable applications 1. Introduction A lot of companies are running (web) applications on a single machine, self hosted, in a datacenter close by or on premise. The hardware is often bought
More informationHPE Digital Learner AWS Certified SysOps Administrator (Intermediate) Content Pack
Content Pack data sheet HPE Digital Learner AWS Certified SysOps Administrator (Intermediate) Content Pack HPE Content Pack number Content Pack length Content Pack category Learn more CP017 20 Hours Category
More informationCPM Quick Start Guide V2.2.0
CPM Quick Start Guide V2.2.0 1 Content 1 Introduction... 3 1.1 Launching the instance... 3 1.2 CPM Server Instance Connectivity... 3 2 CPM Server Instance Configuration... 3 3 Creating a Simple Backup
More informationHow to host and manage enterprise customers on AWS: TOYOTA, Nippon Television, UNIQLO use cases
How to host and manage enterprise customers on AWS: TOYOTA, Nippon Television, UNIQLO use cases Kazutaka Goto - Evangelist, cloudpack Ken Tamagawa - Sr. Manager, Solutions Architecture, Amazon Web Services
More information