Lassoing the Clouds: Best Practices on AWS. Brian DeShong May 26, 2017

Transcription

1 Lassoing the Clouds: Best Practices on AWS Brian DeShong May 26, 2017

2 Worked primarily in web development PHP (17 years!!!), MySQL, Oracle, Linux, Apache Highly-trafficked, scalable web applications Frequent speaker at PHP conferences, Atlanta PHP user group ios / Mac development for ~5 years FloodWatch for ios Yahoo!, Half Off Depot Who am I?

3 Worked primarily in web development PHP (17 years!!!), MySQL, Oracle, Linux, Apache Highly-trafficked, scalable web applications Frequent speaker at PHP conferences, Atlanta PHP user group ios / Mac development for ~5 years FloodWatch for ios Yahoo!, Half Off Depot Who am I?

4 Worked primarily in web development PHP (17 years!!!), MySQL, Oracle, Linux, Apache Highly-trafficked, scalable web applications Frequent speaker at PHP conferences, Atlanta PHP user group ios / Mac development for ~5 years FloodWatch for ios Yahoo!, Half Off Depot Who am I?

5 Worked primarily in web development PHP (17 years!!!), MySQL, Oracle, Linux, Apache Highly-trafficked, scalable web applications Frequent speaker at PHP conferences, Atlanta PHP user group ios / Mac development for ~5 years FloodWatch for ios Yahoo!, Half Off Depot Who am I?

6 Agenda Sometimes I m going to tell you something specific I d recommend Other times, tell you the pros and cons and let you choose based on your situation Some of these concepts are AWS-specific, but others are applicable to any hosting situation, VPS or not Show of hands users of AWS in Production? Multiple regions vs. AZs?

7 Agenda Running web servers Sometimes I m going to tell you something specific I d recommend Other times, tell you the pros and cons and let you choose based on your situation Some of these concepts are AWS-specific, but others are applicable to any hosting situation, VPS or not Show of hands users of AWS in Production? Multiple regions vs. AZs?

8 Agenda Running web servers Serving static content Sometimes I m going to tell you something specific I d recommend Other times, tell you the pros and cons and let you choose based on your situation Some of these concepts are AWS-specific, but others are applicable to any hosting situation, VPS or not Show of hands users of AWS in Production? Multiple regions vs. AZs?

9 Agenda Running web servers Serving static content Security-related concerns Sometimes I m going to tell you something specific I d recommend Other times, tell you the pros and cons and let you choose based on your situation Some of these concepts are AWS-specific, but others are applicable to any hosting situation, VPS or not Show of hands users of AWS in Production? Multiple regions vs. AZs?

10 Agenda Running web servers Serving static content Security-related concerns Databases Sometimes I m going to tell you something specific I d recommend Other times, tell you the pros and cons and let you choose based on your situation Some of these concepts are AWS-specific, but others are applicable to any hosting situation, VPS or not Show of hands users of AWS in Production? Multiple regions vs. AZs?

11 Agenda Running web servers Serving static content Security-related concerns Databases Logging Sometimes I m going to tell you something specific I d recommend Other times, tell you the pros and cons and let you choose based on your situation Some of these concepts are AWS-specific, but others are applicable to any hosting situation, VPS or not Show of hands users of AWS in Production? Multiple regions vs. AZs?

12 Regions + Availability Zones Region: comprised of 2 or more data centers Each data center is called an Availability Zone AZs typically separated by many miles Low latency links between them

13 Operating Web Servers

14 Amazon Machine Images (AMIs)

15 What is an Amazon Machine Image?

16 What is an Amazon Machine Image? Provides information required to launch an EC2 instance

17 What is an Amazon Machine Image? Provides information required to launch an EC2 instance You specify the AMI to use when launching a new instance

18 What is an Amazon Machine Image? Provides information required to launch an EC2 instance You specify the AMI to use when launching a new instance Amazon Linux by default

19 What is an Amazon Machine Image? Provides information required to launch an EC2 instance You specify the AMI to use when launching a new instance Amazon Linux by default CentOS, Ubuntu, Windows, etc.

20 What is an Amazon Machine Image? Provides information required to launch an EC2 instance You specify the AMI to use when launching a new instance Amazon Linux by default CentOS, Ubuntu, Windows, etc. Some options on using AMIs

21 Just Enough OS

22 Just Enough OS Startup a bare instance, JeOS

23 Just Enough OS Startup a bare instance, JeOS Install what you need at initial boot time User data : shell script that runs at initial boot

24 Just Enough OS Startup a bare instance, JeOS Install what you need at initial boot time User data : shell script that runs at initial boot Avoids AMI creation and maintenance

25 Just Enough OS Startup a bare instance, JeOS Install what you need at initial boot time User data : shell script that runs at initial boot Avoids AMI creation and maintenance Instances take longer to be ready for service

26 Just Enough OS web01 Amazon Linux kernel sudo vim openssl openssh... User data script runs only at initial boot time Install Apache, PHP 7 Setup Apache to start at boot Setup a groups, filesystem Start Apache This all takes time! Benefits such that, if you want to upgrade to PHP 7.1, you just change the user data script and launch new instances Virtual machines are by their nature disposable

27 Just Enough OS web01 Amazon Linux kernel sudo vim openssl openssh... User data script #!/bin/bash yum update -y yum install -y httpd24 php70 chkconfig httpd on groupadd www usermod -a -G www ec2-user chown -R root:www /var/www chmod 2775 /var/www find /var/www -type d -exec chmod 2775 {} + find /var/www -type f -exec chmod 0664 {} + // Download and put application code into place service httpd start User data script runs only at initial boot time Install Apache, PHP 7 Setup Apache to start at boot Setup a groups, filesystem Start Apache This all takes time! Benefits such that, if you want to upgrade to PHP 7.1, you just change the user data script and launch new instances Virtual machines are by their nature disposable

28 Fully Baked AMI web01 Amazon Linux kernel openssh sudo PHP 7.1 vim openssl ImageMagick nginx Benefits: The machine is ready to go as soon as it s fully booted Startup time can be a lot faster, because all necessary data was baked into the machine image Stability of packages, more control Amazon Linux installs security updates at boot out of the box Downside is maintenance: Want to upgrade PHP 7.1? Have to bundle a new AMI Then you need to replace all of your machines with machines using the new AMI Think back to 2014: OpenSSL vulnerabilities and upgrading across the board. Not fun!

29 Fully Baked AMI web01 Amazon Linux kernel openssh Added users, groups sudo PHP 7.1 vim openssl ImageMagick nginx Benefits: The machine is ready to go as soon as it s fully booted Startup time can be a lot faster, because all necessary data was baked into the machine image Stability of packages, more control Amazon Linux installs security updates at boot out of the box Downside is maintenance: Want to upgrade PHP 7.1? Have to bundle a new AMI Then you need to replace all of your machines with machines using the new AMI Think back to 2014: OpenSSL vulnerabilities and upgrading across the board. Not fun!

30 Fully Baked AMI web01 Amazon Linux kernel openssh sudo PHP 7.1 Added users, groups Filesystem setup vim openssl ImageMagick nginx Benefits: The machine is ready to go as soon as it s fully booted Startup time can be a lot faster, because all necessary data was baked into the machine image Stability of packages, more control Amazon Linux installs security updates at boot out of the box Downside is maintenance: Want to upgrade PHP 7.1? Have to bundle a new AMI Then you need to replace all of your machines with machines using the new AMI Think back to 2014: OpenSSL vulnerabilities and upgrading across the board. Not fun!

31 Fully Baked AMI web01 Amazon Linux kernel openssh sudo PHP 7.1 vim ImageMagick Added users, groups Filesystem setup Nginx starts at boot openssl nginx Benefits: The machine is ready to go as soon as it s fully booted Startup time can be a lot faster, because all necessary data was baked into the machine image Stability of packages, more control Amazon Linux installs security updates at boot out of the box Downside is maintenance: Want to upgrade PHP 7.1? Have to bundle a new AMI Then you need to replace all of your machines with machines using the new AMI Think back to 2014: OpenSSL vulnerabilities and upgrading across the board. Not fun!

32 Fully Baked AMI web01 Amazon Linux kernel openssh sudo PHP 7.1 vim ImageMagick openssl nginx Added users, groups Filesystem setup Nginx starts at boot Places code on disk at boot Benefits: The machine is ready to go as soon as it s fully booted Startup time can be a lot faster, because all necessary data was baked into the machine image Stability of packages, more control Amazon Linux installs security updates at boot out of the box Downside is maintenance: Want to upgrade PHP 7.1? Have to bundle a new AMI Then you need to replace all of your machines with machines using the new AMI Think back to 2014: OpenSSL vulnerabilities and upgrading across the board. Not fun!

33 Fully Baked AMI web01 Amazon Linux kernel openssh sudo PHP 7.1 vim ImageMagick openssl nginx Added users, groups Filesystem setup Nginx starts at boot Places code on disk at boot Monitoring scripts, packages Benefits: The machine is ready to go as soon as it s fully booted Startup time can be a lot faster, because all necessary data was baked into the machine image Stability of packages, more control Amazon Linux installs security updates at boot out of the box Downside is maintenance: Want to upgrade PHP 7.1? Have to bundle a new AMI Then you need to replace all of your machines with machines using the new AMI Think back to 2014: OpenSSL vulnerabilities and upgrading across the board. Not fun!

34 Fully Baked AMI web01 Amazon Linux kernel openssh sudo PHP 7.1 vim ImageMagick openssl nginx Added users, groups Filesystem setup Nginx starts at boot Places code on disk at boot Monitoring scripts, packages etc Benefits: The machine is ready to go as soon as it s fully booted Startup time can be a lot faster, because all necessary data was baked into the machine image Stability of packages, more control Amazon Linux installs security updates at boot out of the box Downside is maintenance: Want to upgrade PHP 7.1? Have to bundle a new AMI Then you need to replace all of your machines with machines using the new AMI Think back to 2014: OpenSSL vulnerabilities and upgrading across the board. Not fun!

35 Fully Baked AMI kernel web01 Amazon Linux web02 Amazon openssh Linux web03 sudo PHP 7.1 kernel Amazon openssh Linux vim ImageMagick web04 sudo PHP 7.1 kernel openssl Amazon openssh nginx Linux vim ImageMagick sudo PHP 7.1 kernel openssh openssl nginx vim ImageMagick sudo PHP 7.1 openssl nginx vim ImageMagick Added users, groups Filesystem setup Nginx starts at boot Places code on disk at boot Monitoring scripts, packages etc openssl nginx Benefits: The machine is ready to go as soon as it s fully booted Startup time can be a lot faster, because all necessary data was baked into the machine image Stability of packages, more control Amazon Linux installs security updates at boot out of the box Downside is maintenance: Want to upgrade PHP 7.1? Have to bundle a new AMI Then you need to replace all of your machines with machines using the new AMI Think back to 2014: OpenSSL vulnerabilities and upgrading across the board. Not fun!

36 Considerations Bundling an AMI takes time on the order of an hour or more Might not always make sense to invest this time if you re seldom going to need to add new machines But there s a risk that if you do need them quickly, you have to wait for them to start

37 Considerations How quickly do you need it in the event of a failure? or due to an increase in demand? Bundling an AMI takes time on the order of an hour or more Might not always make sense to invest this time if you re seldom going to need to add new machines But there s a risk that if you do need them quickly, you have to wait for them to start

38 Considerations How quickly do you need it in the event of a failure? or due to an increase in demand? Do you have the time and resources to maintain a fully baked AMI? Bundling an AMI takes time on the order of an hour or more Might not always make sense to invest this time if you re seldom going to need to add new machines But there s a risk that if you do need them quickly, you have to wait for them to start

39 Considerations How quickly do you need it in the event of a failure? or due to an increase in demand? Do you have the time and resources to maintain a fully baked AMI? My recommendation: Start with JeOS + configure at boot You can always create custom AMIs later, if needed Bundling an AMI takes time on the order of an hour or more Might not always make sense to invest this time if you re seldom going to need to add new machines But there s a risk that if you do need them quickly, you have to wait for them to start

40 Fault Tolerance

41 Have at least two of everything Spread web servers between AZs If one AZ loses power, you stay up! But more resources has a cost associated with it! No Single Point of Failure!

42 No Single Point of Failure! Do not have a single point of failure! This can be a server, AZ, or even a region Have at least two of everything Spread web servers between AZs If one AZ loses power, you stay up! But more resources has a cost associated with it!

43 No Single Point of Failure! Do not have a single point of failure! This can be a server, AZ, or even a region Always have at least two of everything Have at least two of everything Spread web servers between AZs If one AZ loses power, you stay up! But more resources has a cost associated with it!

44 No Single Point of Failure! Do not have a single point of failure! This can be a server, AZ, or even a region Always have at least two of everything If an EC2 instance dies, the other remains in service Have at least two of everything Spread web servers between AZs If one AZ loses power, you stay up! But more resources has a cost associated with it!

45 No Single Point of Failure! Do not have a single point of failure! This can be a server, AZ, or even a region Always have at least two of everything If an EC2 instance dies, the other remains in service Holy grail: spread out across multiple regions Have at least two of everything Spread web servers between AZs If one AZ loses power, you stay up! But more resources has a cost associated with it!

46 There s a trade-off between redundancy and cost, though! More hardware in more AZs means more money Use AZs Effectively

47 Use AZs Effectively us-east-1a web web web web db (write) db (read) There s a trade-off between redundancy and cost, though! More hardware in more AZs means more money

48 There s a trade-off between redundancy and cost, though! More hardware in more AZs means more money Use AZs Effectively

49 Use AZs Effectively us-east-1a us-east-1b us-east-1c web web web web web web web web web web db (write) db (read) web db (standby) db (read) web db (read) There s a trade-off between redundancy and cost, though! More hardware in more AZs means more money

50 Leverage Auto Scaling web web web

51 Leverage Auto Scaling web web web Machine resources If CPU > 80% for 5 minutes, scale up

52 Leverage Auto Scaling web web web Machine resources If CPU > 80% for 5 minutes, scale up web web

53 Leverage Auto Scaling Machine resources If CPU > 80% for 5 minutes, scale up web web web web web Threshold of unhealthy instances Want 5 web servers minimum? If one dies, replace it

54 Leverage Auto Scaling Machine resources If CPU > 80% for 5 minutes, scale up web web web web web Threshold of unhealthy instances Want 5 web servers minimum? If one dies, replace it Scale down If CPU < 50% for X minutes, scale down

55 Leverage Auto Scaling Machine resources If CPU > 80% for 5 minutes, scale up web web web web Threshold of unhealthy instances Want 5 web servers minimum? If one dies, replace it Scale down If CPU < 50% for X minutes, scale down

56 Load Balancers

57 Don t use Sticky Sessions!

58 Don t use Sticky Sessions! By default, ELB sends request to instance with smallest load

59 Don t use Sticky Sessions! By default, ELB sends request to instance with smallest load Sticky sessions pin your user to an instance behind ELB

60 Don t use Sticky Sessions! By default, ELB sends request to instance with smallest load Sticky sessions pin your user to an instance behind ELB Uses a cookie to route the same client to a consistent target

61 Don t use Sticky Sessions! By default, ELB sends request to instance with smallest load Sticky sessions pin your user to an instance behind ELB Uses a cookie to route the same client to a consistent target If instance fails, ELB stops routing to that instance; chooses another

62 Don t use Sticky Sessions! By default, ELB sends request to instance with smallest load Sticky sessions pin your user to an instance behind ELB Uses a cookie to route the same client to a consistent target If instance fails, ELB stops routing to that instance; chooses another But you want to spread traffic around!

63 Don t use Sticky Sessions! By default, ELB sends request to instance with smallest load Sticky sessions pin your user to an instance behind ELB Uses a cookie to route the same client to a consistent target If instance fails, ELB stops routing to that instance; chooses another But you want to spread traffic around! As your pool of machines grows, the requests are balanced between them

64 Sticky Sessions UI

65 SSL Termination Load Balancer HTTP, port 80 web web web web web web Terminate SSL on your ELB No more mod_ssl, etc. on your web servers! Single point of SSL termination No need to maintain dependencies on web servers No certificate files sitting on filesystem

66 SSL Termination Load Balancer HTTP, port 80 web web web web web web Terminate SSL on your ELB No more mod_ssl, etc. on your web servers! Single point of SSL termination No need to maintain dependencies on web servers No certificate files sitting on filesystem

67 SSL Termination Load Balancer HTTP, port 80 HTTPS, port 443 web web web web web web Terminate SSL on your ELB No more mod_ssl, etc. on your web servers! Single point of SSL termination No need to maintain dependencies on web servers No certificate files sitting on filesystem

68 SSL Termination Load Balancer HTTP, port 80 HTTPS, port 443 web web web mod_ssl mod_ssl mod_ssl web web web mod_ssl mod_ssl mod_ssl Terminate SSL on your ELB No more mod_ssl, etc. on your web servers! Single point of SSL termination No need to maintain dependencies on web servers No certificate files sitting on filesystem

69 SSL Termination Load Balancer HTTP, port 80 HTTPS, port 443 web web web web web web Terminate SSL on your ELB No more mod_ssl, etc. on your web servers! Single point of SSL termination No need to maintain dependencies on web servers No certificate files sitting on filesystem

70 SSL Termination Load Balancer HTTP, port 80 web web web web web web Terminate SSL on your ELB No more mod_ssl, etc. on your web servers! Single point of SSL termination No need to maintain dependencies on web servers No certificate files sitting on filesystem

71 SSL Termination AWS Certificate Manager SSL Cert Load Balancer HTTP, port 80 web web web web web web Terminate SSL on your ELB No more mod_ssl, etc. on your web servers! Single point of SSL termination No need to maintain dependencies on web servers No certificate files sitting on filesystem

72 Can be used on ELBs, with API Gateway, CloudFront Use AWS Certificate Manager

73 Use AWS Certificate Manager AWS Certificate Manager is amazing for managing SSL certificates, and free! Can be used on ELBs, with API Gateway, CloudFront

74 Use AWS Certificate Manager AWS Certificate Manager is amazing for managing SSL certificates, and free! Uses WHOIS contact information Can be used on ELBs, with API Gateway, CloudFront

75 Use AWS Certificate Manager AWS Certificate Manager is amazing for managing SSL certificates, and free! Uses WHOIS contact information Automatically renews your certificate A single click, and it s renewed Updated everywhere it s used Can be used on ELBs, with API Gateway, CloudFront

76 Use AWS Certificate Manager AWS Certificate Manager is amazing for managing SSL certificates, and free! Uses WHOIS contact information Automatically renews your certificate A single click, and it s renewed Updated everywhere it s used Can import external certificates, too Can be used on ELBs, with API Gateway, CloudFront

77 Use AWS Certificate Manager AWS Certificate Manager is amazing for managing SSL certificates, and free! Uses WHOIS contact information Automatically renews your certificate A single click, and it s renewed Updated everywhere it s used Can import external certificates, too SSL all the things! Can be used on ELBs, with API Gateway, CloudFront

78 Serving Static Content

79 These assets don t change between releases It s okay for them to be cached in the end user s browser Serve from static storage!

80 Serve from static storage! Never serve static content from your web servers These assets don t change between releases It s okay for them to be cached in the end user s browser

81 Serve from static storage! Never serve static content from your web servers JavaScript, CSS, images, fonts, etc These assets don t change between releases It s okay for them to be cached in the end user s browser

82 Serve from static storage! Never serve static content from your web servers JavaScript, CSS, images, fonts, etc Don t use your computing resources These assets don t change between releases It s okay for them to be cached in the end user s browser

83 Serve from static storage! Never serve static content from your web servers JavaScript, CSS, images, fonts, etc Don t use your computing resources Get the content to the end user as quickly as possible These assets don t change between releases It s okay for them to be cached in the end user s browser

84 AWS Simple Storage Service (S3)

85 AWS Simple Storage Service (S3) AWS s object storage service

86 AWS Simple Storage Service (S3) AWS s object storage service You pay by storage utilized, number of requests, and bandwidth

87 AWS Simple Storage Service (S3) AWS s object storage service You pay by storage utilized, number of requests, and bandwidth S3 storage is made up of buckets of objects

88 AWS Simple Storage Service (S3) AWS s object storage service You pay by storage utilized, number of requests, and bandwidth S3 storage is made up of buckets of objects Perfect for storing static assets

89 AWS Simple Storage Service (S3) AWS s object storage service You pay by storage utilized, number of requests, and bandwidth S3 storage is made up of buckets of objects Perfect for storing static assets Store content at build time

90 S3 All have a 99.99% availability guarantee S3 Standard 11 copies of the image % durability 2.3 cents / GB.004 / 10,000 GET requests 10 GB of data = 23 cents/month to store it, $4 for 10 million GET requests directly to S3 Plus data transfer costs Point being: it s CHEAP! You can t store bytes on your own storage in a data center for this Standard-IA You pay less for storage But you pay more for accessing these objects For data that is accessed less frequently, but requires rapid access when needed Long-term storage, backups, and as a data store for disaster recovery RRS - what I d recommend for static content 99.99% durability On the off chance that AWS loses an object, you can put it back! Placing content in S3 should be part of your deployment process

91 S3 All have a 99.99% availability guarantee S3 Standard 11 copies of the image % durability 2.3 cents / GB.004 / 10,000 GET requests 10 GB of data = 23 cents/month to store it, $4 for 10 million GET requests directly to S3 Plus data transfer costs Point being: it s CHEAP! You can t store bytes on your own storage in a data center for this Standard-IA You pay less for storage But you pay more for accessing these objects For data that is accessed less frequently, but requires rapid access when needed Long-term storage, backups, and as a data store for disaster recovery RRS - what I d recommend for static content 99.99% durability On the off chance that AWS loses an object, you can put it back! Placing content in S3 should be part of your deployment process

92 Standard Storage Class S3 All have a 99.99% availability guarantee S3 Standard 11 copies of the image % durability 2.3 cents / GB.004 / 10,000 GET requests 10 GB of data = 23 cents/month to store it, $4 for 10 million GET requests directly to S3 Plus data transfer costs Point being: it s CHEAP! You can t store bytes on your own storage in a data center for this Standard-IA You pay less for storage But you pay more for accessing these objects For data that is accessed less frequently, but requires rapid access when needed Long-term storage, backups, and as a data store for disaster recovery RRS - what I d recommend for static content 99.99% durability On the off chance that AWS loses an object, you can put it back! Placing content in S3 should be part of your deployment process

93 Standard Storage Class S3 All have a 99.99% availability guarantee S3 Standard 11 copies of the image % durability 2.3 cents / GB.004 / 10,000 GET requests 10 GB of data = 23 cents/month to store it, $4 for 10 million GET requests directly to S3 Plus data transfer costs Point being: it s CHEAP! You can t store bytes on your own storage in a data center for this Standard-IA You pay less for storage But you pay more for accessing these objects For data that is accessed less frequently, but requires rapid access when needed Long-term storage, backups, and as a data store for disaster recovery RRS - what I d recommend for static content 99.99% durability On the off chance that AWS loses an object, you can put it back! Placing content in S3 should be part of your deployment process

94 Standard Storage Class S3 Standard - Infrequently Accessed All have a 99.99% availability guarantee S3 Standard 11 copies of the image % durability 2.3 cents / GB.004 / 10,000 GET requests 10 GB of data = 23 cents/month to store it, $4 for 10 million GET requests directly to S3 Plus data transfer costs Point being: it s CHEAP! You can t store bytes on your own storage in a data center for this Standard-IA You pay less for storage But you pay more for accessing these objects For data that is accessed less frequently, but requires rapid access when needed Long-term storage, backups, and as a data store for disaster recovery RRS - what I d recommend for static content 99.99% durability On the off chance that AWS loses an object, you can put it back! Placing content in S3 should be part of your deployment process

95 S3 Standard Storage Class Standard - Infrequently Accessed Reduced Redundancy Storage All have a 99.99% availability guarantee S3 Standard 11 copies of the image % durability 2.3 cents / GB.004 / 10,000 GET requests 10 GB of data = 23 cents/month to store it, $4 for 10 million GET requests directly to S3 Plus data transfer costs Point being: it s CHEAP! You can t store bytes on your own storage in a data center for this Standard-IA You pay less for storage But you pay more for accessing these objects For data that is accessed less frequently, but requires rapid access when needed Long-term storage, backups, and as a data store for disaster recovery RRS - what I d recommend for static content 99.99% durability On the off chance that AWS loses an object, you can put it back! Placing content in S3 should be part of your deployment process

96 Use CloudFront CloudFront operates dozens of POPs around the globe Place CloudFront in front of S3 bucket Global users retrieve content from nearest POP Optimized network path from POPs back to Regions Can be served over both HTTP and HTTPS DDoS protection, too Your content lives at its home origin End user retrieves content from the POP closest to them If POP doesn t have content, retrieves from origin If it does have content, returns it CloudFront caches it, respecting cache headers When you push a new build to Production, it s good to preface static content with a unique value But leave your previous releases in place, in case s or other external things refer to assets from old releases

97 Use CloudFront CloudFront operates dozens of POPs around the globe Place CloudFront in front of S3 bucket Global users retrieve content from nearest POP Optimized network path from POPs back to Regions Can be served over both HTTP and HTTPS DDoS protection, too Your content lives at its home origin End user retrieves content from the POP closest to them If POP doesn t have content, retrieves from origin If it does have content, returns it CloudFront caches it, respecting cache headers When you push a new build to Production, it s good to preface static content with a unique value But leave your previous releases in place, in case s or other external things refer to assets from old releases

98 Use CloudFront CloudFront operates dozens of POPs around the globe Place CloudFront in front of S3 bucket Global users retrieve content from nearest POP Optimized network path from POPs back to Regions Can be served over both HTTP and HTTPS DDoS protection, too Your content lives at its home origin End user retrieves content from the POP closest to them If POP doesn t have content, retrieves from origin If it does have content, returns it CloudFront caches it, respecting cache headers When you push a new build to Production, it s good to preface static content with a unique value But leave your previous releases in place, in case s or other external things refer to assets from old releases

99 Use CloudFront CloudFront operates dozens of POPs around the globe Place CloudFront in front of S3 bucket Global users retrieve content from nearest POP Optimized network path from POPs back to Regions Can be served over both HTTP and HTTPS DDoS protection, too Your content lives at its home origin End user retrieves content from the POP closest to them If POP doesn t have content, retrieves from origin If it does have content, returns it CloudFront caches it, respecting cache headers When you push a new build to Production, it s good to preface static content with a unique value But leave your previous releases in place, in case s or other external things refer to assets from old releases

100 Use CloudFront CloudFront operates dozens of POPs around the globe Place CloudFront in front of S3 bucket Global users retrieve content from nearest POP Optimized network path from POPs back to Regions Can be served over both HTTP and HTTPS DDoS protection, too Your content lives at its home origin End user retrieves content from the POP closest to them If POP doesn t have content, retrieves from origin If it does have content, returns it CloudFront caches it, respecting cache headers When you push a new build to Production, it s good to preface static content with a unique value But leave your previous releases in place, in case s or other external things refer to assets from old releases

101 Security

102 Identity and Access Management How many of you using AWS have access key values in your code? Example: user Bob can access an S3 bucket named data-exports and create objects Example: determine who can launch EC2 instances, DynamoDB database tables they can access, etc. Roles are not associated with a user or group Trusted entities assume roles

103 Identity and Access Management Controls AWS services a user can access How many of you using AWS have access key values in your code? Example: user Bob can access an S3 bucket named data-exports and create objects Example: determine who can launch EC2 instances, DynamoDB database tables they can access, etc. Roles are not associated with a user or group Trusted entities assume roles

104 Identity and Access Management Controls AWS services a user can access Which actions they can perform on those services How many of you using AWS have access key values in your code? Example: user Bob can access an S3 bucket named data-exports and create objects Example: determine who can launch EC2 instances, DynamoDB database tables they can access, etc. Roles are not associated with a user or group Trusted entities assume roles

105 Identity and Access Management Controls AWS services a user can access Which actions they can perform on those services Which resources are available How many of you using AWS have access key values in your code? Example: user Bob can access an S3 bucket named data-exports and create objects Example: determine who can launch EC2 instances, DynamoDB database tables they can access, etc. Roles are not associated with a user or group Trusted entities assume roles

106 Identity and Access Management Controls AWS services a user can access Which actions they can perform on those services Which resources are available Concepts of Users and Roles How many of you using AWS have access key values in your code? Example: user Bob can access an S3 bucket named data-exports and create objects Example: determine who can launch EC2 instances, DynamoDB database tables they can access, etc. Roles are not associated with a user or group Trusted entities assume roles

107 Use IAM Roles on EC2 Instances API requests are signed with access key and secret access key Example: a back end server running cron jobs may need access to write to an S3 bucket You can have an IAM role for cron server, which grants access to only the necessary resources

108 Use IAM Roles on EC2 Instances Assign an IAM Role to an EC2 instance API requests are signed with access key and secret access key Example: a back end server running cron jobs may need access to write to an S3 bucket You can have an IAM role for cron server, which grants access to only the necessary resources

109 Use IAM Roles on EC2 Instances Assign an IAM Role to an EC2 instance Enables you to obtain temporary access keys Can be used to access AWS resources API requests are signed with access key and secret access key Example: a back end server running cron jobs may need access to write to an S3 bucket You can have an IAM role for cron server, which grants access to only the necessary resources

110 Use IAM Roles on EC2 Instances Assign an IAM Role to an EC2 instance Enables you to obtain temporary access keys Can be used to access AWS resources AWS SDKs make requests with credentials from IAM Role API requests are signed with access key and secret access key Example: a back end server running cron jobs may need access to write to an S3 bucket You can have an IAM role for cron server, which grants access to only the necessary resources

111 Use IAM Roles on EC2 Instances Assign an IAM Role to an EC2 instance Enables you to obtain temporary access keys Can be used to access AWS resources AWS SDKs make requests with credentials from IAM Role No storing keys in your code base API requests are signed with access key and secret access key Example: a back end server running cron jobs may need access to write to an S3 bucket You can have an IAM role for cron server, which grants access to only the necessary resources

112 Use IAM Roles on EC2 Instances Assign an IAM Role to an EC2 instance Enables you to obtain temporary access keys Can be used to access AWS resources AWS SDKs make requests with credentials from IAM Role No storing keys in your code base Much more flexible and maintainable API requests are signed with access key and secret access key Example: a back end server running cron jobs may need access to write to an S3 bucket You can have an IAM role for cron server, which grants access to only the necessary resources

113 Security Groups Controls who can get in, and what can go out Example: don t let public hit web servers directly, but DO allow ELBs to connect to them

114 Security Groups Virtual firewall to control inbound and outbound traffic Controls who can get in, and what can go out Example: don t let public hit web servers directly, but DO allow ELBs to connect to them

115 Security Groups Virtual firewall to control inbound and outbound traffic Typically attached to EC2 instances, load balancers, RDS instances Controls who can get in, and what can go out Example: don t let public hit web servers directly, but DO allow ELBs to connect to them

116 Security Groups Virtual firewall to control inbound and outbound traffic Typically attached to EC2 instances, load balancers, RDS instances Only allow traffic in on the necessary ports Controls who can get in, and what can go out Example: don t let public hit web servers directly, but DO allow ELBs to connect to them

117 Security Groups Virtual firewall to control inbound and outbound traffic Typically attached to EC2 instances, load balancers, RDS instances Only allow traffic in on the necessary ports Restrict internal tool access to known IP addresses Controls who can get in, and what can go out Example: don t let public hit web servers directly, but DO allow ELBs to connect to them

118 Principle of Least Privilege

119 Principle of Least Privilege Give users access to only the resources they need

120 Principle of Least Privilege Give users access to only the resources they need This applies to internal and external users

121 Principle of Least Privilege Give users access to only the resources they need This applies to internal and external users Examples: Don t let an IAM role access every single S3 bucket! Specify each Don t allow every port in on a Security Group! Only what needs to be public

122 Relational Databases

123 AWS Relational Database Service

124 AWS Relational Database Service Removes the usual maintenance associated with running databases

125 AWS Relational Database Service Removes the usual maintenance associated with running databases Eases burden of software patches

126 AWS Relational Database Service Removes the usual maintenance associated with running databases Eases burden of software patches Backups / snapshots are incredibly convenient

127 AWS Relational Database Service Removes the usual maintenance associated with running databases Eases burden of software patches Backups / snapshots are incredibly convenient Can scale instances up and down in size

128

129

130 Enhanced durability Synchronous replication to keep standby up-to-date Automatic failover in the event of a failure No administrative intervention needed DNS hostname is modified under the hood Planned maintenance and backups For patches, applied first on standby Then failover, then apply on primary Operate in Multiple AZs

131 Operate in Multiple AZs us-east-1a us-east-1b Primary Standby Enhanced durability Synchronous replication to keep standby up-to-date Automatic failover in the event of a failure No administrative intervention needed DNS hostname is modified under the hood Planned maintenance and backups For patches, applied first on standby Then failover, then apply on primary

132 Operate in Multiple AZs us-east-1a us-east-1b Synchronous replication Primary Standby Enhanced durability Synchronous replication to keep standby up-to-date Automatic failover in the event of a failure No administrative intervention needed DNS hostname is modified under the hood Planned maintenance and backups For patches, applied first on standby Then failover, then apply on primary

133 Operate in Multiple AZs us-east-1a us-east-1b Synchronous replication Primary Standby your-name.cluster-abc123.us-east-1.rds.amazonaws.com Enhanced durability Synchronous replication to keep standby up-to-date Automatic failover in the event of a failure No administrative intervention needed DNS hostname is modified under the hood Planned maintenance and backups For patches, applied first on standby Then failover, then apply on primary

134 Operate in Multiple AZs us-east-1a us-east-1b Synchronous replication Primary Standby your-name.cluster-abc123.us-east-1.rds.amazonaws.com Enhanced durability Synchronous replication to keep standby up-to-date Automatic failover in the event of a failure No administrative intervention needed DNS hostname is modified under the hood Planned maintenance and backups For patches, applied first on standby Then failover, then apply on primary

135 Operate in Multiple AZs us-east-1a us-east-1b Synchronous replication Primary Standby your-name.cluster-abc123.us-east-1.rds.amazonaws.com Enhanced durability Synchronous replication to keep standby up-to-date Automatic failover in the event of a failure No administrative intervention needed DNS hostname is modified under the hood Planned maintenance and backups For patches, applied first on standby Then failover, then apply on primary

136 Operate in Multiple AZs us-east-1a us-east-1b Synchronous replication Primary Standby Patch: standby first your-name.cluster-abc123.us-east-1.rds.amazonaws.com Enhanced durability Synchronous replication to keep standby up-to-date Automatic failover in the event of a failure No administrative intervention needed DNS hostname is modified under the hood Planned maintenance and backups For patches, applied first on standby Then failover, then apply on primary

137 Operate in Multiple AZs us-east-1a us-east-1b Synchronous replication Primary Standby Patch: primary next Patch: standby first your-name.cluster-abc123.us-east-1.rds.amazonaws.com Enhanced durability Synchronous replication to keep standby up-to-date Automatic failover in the event of a failure No administrative intervention needed DNS hostname is modified under the hood Planned maintenance and backups For patches, applied first on standby Then failover, then apply on primary

138 Distribute read operations us-east-1a Writer There s a cost associated with it, though! And you should have some sort of a need for it Read-only hostname, round-robin between read replicas Don t have to change application code as you add new reader instances

139 Distribute read operations us-east-1a us-east-1b us-east-1c Writer Reader Reader us-east-1d us-east-1e Reader Reader There s a cost associated with it, though! And you should have some sort of a need for it Read-only hostname, round-robin between read replicas Don t have to change application code as you add new reader instances

140 Distribute read operations us-east-1a us-east-1b us-east-1c Writer Reader Reader us-east-1d us-east-1e Reader Reader your-name.cluster-ro-abc123.us-east-1.rds.amazonaws.com There s a cost associated with it, though! And you should have some sort of a need for it Read-only hostname, round-robin between read replicas Don t have to change application code as you add new reader instances

141 Storage allotment will grow as your data set grows, in 10 GB increments Each 10 GB chunk replicated 6 ways, across 3 availability zones Launch a read replica in minutes Bit of a price premium, depending on your needs AWS Aurora!

142 AWS Aurora! Completely re-imagined storage of data Storage allotment will grow as your data set grows, in 10 GB increments Each 10 GB chunk replicated 6 ways, across 3 availability zones Launch a read replica in minutes Bit of a price premium, depending on your needs

143 AWS Aurora! Completely re-imagined storage of data Greatly reduces replica lag to single-digit milliseconds Storage allotment will grow as your data set grows, in 10 GB increments Each 10 GB chunk replicated 6 ways, across 3 availability zones Launch a read replica in minutes Bit of a price premium, depending on your needs

144 AWS Aurora! Completely re-imagined storage of data Greatly reduces replica lag to single-digit milliseconds Read replicas launch in minutes Storage allotment will grow as your data set grows, in 10 GB increments Each 10 GB chunk replicated 6 ways, across 3 availability zones Launch a read replica in minutes Bit of a price premium, depending on your needs

145 AWS Aurora! Completely re-imagined storage of data Greatly reduces replica lag to single-digit milliseconds Read replicas launch in minutes Run MySQL or PostgreSQL engines on top Storage allotment will grow as your data set grows, in 10 GB increments Each 10 GB chunk replicated 6 ways, across 3 availability zones Launch a read replica in minutes Bit of a price premium, depending on your needs

146 Logging

147 Centralize Application Logs

148 Centralize Application Logs Web servers (PHP error log, Apache logs)

149 Centralize Application Logs Web servers (PHP error log, Apache logs) Cron jobs

150 Centralize Application Logs Web servers (PHP error log, Apache logs) Cron jobs Asynchronous processes

151 Centralize Application Logs Web servers (PHP error log, Apache logs) Cron jobs Asynchronous processes You need to be able to access these at any time

152 CloudWatch Logs

153 CloudWatch Logs CloudWatch Logs agent runs on EC2 instance

154 CloudWatch Logs CloudWatch Logs agent runs on EC2 instance Polls local log files on disk and copies to CW Logs

155 CloudWatch Logs CloudWatch Logs agent runs on EC2 instance Polls local log files on disk and copies to CW Logs Broken up into Log Groups and Log Streams Log Group: Apache access log, error log, PHP error log Log Stream: log entries from a specific instance

156 CW Logs Agent Install $ sudo yum install awslogs $ sudo service awslogs start [messages] file = /var/log/messages log_group_name = /var/log/messages log_stream_name = {instance_id} datetime_format = %b %d %H:%M:%S

157 CW Logs Console

158 Make Them Searchable

159 Make Them Searchable Elasticsearch (Amazon ES) OSS utilities to tail Elasticsearch indexes

160 Make Them Searchable Elasticsearch (Amazon ES) OSS utilities to tail Elasticsearch indexes Amazon ES includes Kibana

161 Make Them Searchable Elasticsearch (Amazon ES) OSS utilities to tail Elasticsearch indexes Amazon ES includes Kibana Allows you to spot trends over time

162 Make Them Searchable Elasticsearch (Amazon ES) OSS utilities to tail Elasticsearch indexes Amazon ES includes Kibana Allows you to spot trends over time Dig through data for specific entries, time periods, etc.

163 Kibana

164 Kibana

165 Proactively monitor and alert! Don t let your boss or your customers find a problem first! Examples: amount of PHP error log entries too high Too many photos waiting to be processed # of s sent in the past 15 minutes is over a certain threshold Database CPU utilization over 80%

166 Proactively monitor and alert! Logs should really be empty day-to-day Don t let your boss or your customers find a problem first! Examples: amount of PHP error log entries too high Too many photos waiting to be processed # of s sent in the past 15 minutes is over a certain threshold Database CPU utilization over 80%

167 Proactively monitor and alert! Logs should really be empty day-to-day If they re not right now, fix that first Don t let your boss or your customers find a problem first! Examples: amount of PHP error log entries too high Too many photos waiting to be processed # of s sent in the past 15 minutes is over a certain threshold Database CPU utilization over 80%

168 Proactively monitor and alert! Logs should really be empty day-to-day If they re not right now, fix that first CloudWatch Alerts for log entries over threshold Don t let your boss or your customers find a problem first! Examples: amount of PHP error log entries too high Too many photos waiting to be processed # of s sent in the past 15 minutes is over a certain threshold Database CPU utilization over 80%

169 Proactively monitor and alert! Logs should really be empty day-to-day If they re not right now, fix that first CloudWatch Alerts for log entries over threshold Amazon Simple Notification Service: get paged, wake up! Don t let your boss or your customers find a problem first! Examples: amount of PHP error log entries too high Too many photos waiting to be processed # of s sent in the past 15 minutes is over a certain threshold Database CPU utilization over 80%

170 Proactively monitor and alert! Logs should really be empty day-to-day If they re not right now, fix that first CloudWatch Alerts for log entries over threshold Amazon Simple Notification Service: get paged, wake up! Develop as to avoid being woken up by pages Don t let your boss or your customers find a problem first! Examples: amount of PHP error log entries too high Too many photos waiting to be processed # of s sent in the past 15 minutes is over a certain threshold Database CPU utilization over 80%

171 Recap

172 Operating Servers

173 Operating Servers Choose an EC2 AMI strategy that suits your needs

174 Operating Servers Choose an EC2 AMI strategy that suits your needs Don t have an SPOF

175 Operating Servers Choose an EC2 AMI strategy that suits your needs Don t have an SPOF Spread resources over AZs and/or Regions

176 Operating Servers Choose an EC2 AMI strategy that suits your needs Don t have an SPOF Spread resources over AZs and/or Regions Keep SSL simple

177 Static Content

178 Static Content Don t serve it from your web servers!

179 Static Content Don t serve it from your web servers! Utilize S3 for all static content storage

180 Static Content Don t serve it from your web servers! Utilize S3 for all static content storage Leverage CloudFront for better global performance

181 Security

182 Security Leverage IAM Roles to grant access to types of servers

183 Security Leverage IAM Roles to grant access to types of servers Limit Security Groups to only what s needed in and outbound