Better, Faster, Stronger web apps with Amazon Web Services Simone Brunozzi ( @simon ) Senior Technology Evangelist, Amazon Web Services
(from the previous presentation) Knowledge starts from great questions.
grows Knowledge starts from great questions. with inspiring answers
BETTER FASTER STRONGER AWS Data Pipeline ElastiCache Durability AWS Support DynamoDB VPC CloudSearch Elastic Beanstalk Security Going Global CloudFront Securing Apache/NGINX Elastic Load Balancer IAM
AWS Data Pipeline ElastiCache Durability AWS Support DynamoDB VPC CloudSearch Elastic Beanstalk Security Going Global CloudFront Securing Apache/NGINX Elastic Load Balancer IAM
AWS Data Pipeline Process/Move data To/From AWS or on-premise sources Scheduled intervals
(Video)
AWS Support One-on-one, fast response support channel Always available Experienced support engineers Four Different plans y x
AWS Support: a Swiss knife 9
AWS Support: a Swiss knife Reactive troubleshooting Help to get started with AWS Recommendations on security, costs, and availability Discuss architecture and best practices Configuration help for a growing list of 3rd party software Integrate the 150+ annual AWS feature releases 9
AWS Support plans Basic Developer Business Enterprise Free 49 $ / month (Min: 100 $) (Min: 15,000 $) % of your AWS % of your AWS monthly bill: monthly bill: 10%: 0-10k 10%: 0-150k 7%: 10k-80k 7%: 150k-500k 5%: 80k-250k 5%: 500k-1M 3%: 250k+ 3%: 1M+ 10
What do you get? (1) Basic Developer Business Enterprise Customer Service 24/7/365 YES YES YES YES Support forums YES YES YES YES Documentation, guides YES YES YES YES Access to Technical support health checks E P/C/E P/C/E/TAM Named contacts - 1 5 Unlimited Response time - 12 hours 1 hour 15 minutes Architecture support - Building blocks Guidance App Architecture Best practice guidance - YES YES YES Client side diagnostic tools - YES YES YES 11
What do you get? (2) Business Enterprise Identity Access Management (IAM) YES YES Direct routing to Senior Support Engineers YES YES Third party Software Support (beta) YES YES AWS Trusted Advisor (beta) YES YES Infrastructure Event Management contact us YES Direct Access to TAM (Technical Account Manager) - YES White-Glove Case Routing - YES Management Business Reviews - YES 12
AWS Trusted Advisor
AWS Trusted Advisor in action
15 (Video)
AWS CloudSearch A fully-managed search service in the cloud Easy to integrate fast and scalable search functionality
AWS CloudSearch A fully-managed search service in the cloud Easy to integrate fast and scalable search functionality Faceted search Field weighting Stemming, Synonyms, Stop Words Autoscaling Index distribution / partition / replication
(Video)
Going global: AWS Regions Regions (8) GovCloud Regions (1) http://aws.amazon.com/about-aws/globalinfrastructure (as of Jan 10th, 2013)
Availability Zones Availability Zones (23) http://aws.amazon.com/about-aws/globalinfrastructure (as of Jan 10th, 2013)
CloudFront / Route 53 Sea>le Palo Alto South Bend New York (3) London (2) Amsterdam (2) Newark Dublin Stockholm Tokyo (2) San Jose Los Angeles (2) Dallas (2) Ashburn (2) Jacksonville Paris (2) Milan Madrid Frankfurt (2) Osaka Hong Kong (2) St.Louis Miami Singapore (2) Sydney Sao Paulo Edge Locations (39) http://aws.amazon.com/about-aws/globalinfrastructure (as of Jan 10th, 2013)
AWS Support Customer Service & Technical Support Remote TAMs (Technical Account Manager) http://aws.amazon.com/about-aws/globalinfrastructure (as of Jan 10th, 2013)
Elastic Load Balancer Automatically balances traffic across EC2 instances Protocols: HTTP, HTTPS, TCP, SSL, or Custom One or multiple Availability Zones Automatic health checks
AWS Data Pipeline ElastiCache Durability AWS Support DynamoDB VPC CloudSearch Elastic Beanstalk Security Going Global CloudFront Securing Apache/NGINX Elastic Load Balancer IAM
Amazon ElastiCache Web Server Database
Amazon ElastiCache Cache Web Server Database
Amazon ElastiCache Memcached-compliant Different cache node types Monitoring statistics Dynamic scaling Automatic failure detection / recovery Automatic software patching
Amazon DynamoDB NoSQL key-value store Provisioned throughput (automated scaling) Fully distributed Fault tolerant
AWS Elastic Beanstalk
AWS Elastic Beanstalk Git Visual Studio Eclipse PHP Python Ruby.NET Java Apache Passenger IIS Tomcat
AWS Elastic Beanstalk Apache Passenger IIS Tomcat
AWS Elastic Beanstalk web/app Passenger Tomcat Apache IIS server
AWS Elastic Beanstalk web/app server
AWS Elastic Beanstalk IP Elastic Load Balancer web/app server web/app server web/app server Master DB Standby DB
AWS Elastic Beanstalk Easy deploy / rollback Monitoring metrics (CloudWatch) Receive SNS notifications (health, add/remove servers) Access server log files Quickly restart the entire stack Custom application server settings
CloudFront What s new? New Edge locations Support for cookies Price classes (exclude edge locations based on cost) New access log fields Front End Optimization (compression, rendering, etc) Dynamic content from EC2 (query / cache parameters)
AWS Data Pipeline ElastiCache Durability AWS Support DynamoDB VPC CloudSearch Elastic Beanstalk Security Going Global CloudFront Securing Apache/NGINX Elastic Load Balancer IAM
Durability EC2 internal storage: ephemeral. EBS: redundant. S3: designed for high durability. Glacier, compared to S3: delayed retrieval, lower price. RDS: backups to Amazon S3. DynamoDB: use AWS Data Pipeline to backup to S3. EBS: snapshots to S3.
Amazon Virtual Private Cloud (VPC) Launch a private section of the AWS Cloud, with userdefined network topology and security/routing rules. Start using VPC today - No excuses.
(Video)
Security [ Shared Responsibility Model ]
Security
Security
Security Your apps Credentials Encryption Security Groups
Securing Apache/NGINX ModSecurity (currently 2.7) Proper security guides (e.g. RHEL 6.0 Security Guide) Remove unnecessary modules / services / daemons SSH using a Bastion Host Patch / Update Hide version Use smart access (e.g. strong passwords / certificates) Run it within VPC!
IAM Control access to AWS services and resources for your users, with users/roles/permissions. Separate Master Account from everything else Cross-account API access Temporary security credentials (remember?) Multi-Factor Authentication (MFA)
(Video)
http://aws.amazon.com/
http://aws.amazon.com/awspodcast
Simone Brunozzi ( @simon ) Senior Technology Evangelist, Amazon Web Services
Better, Faster, Stronger web apps with Amazon Web Services Thank you! Simone Brunozzi ( @simon ) Senior Technology Evangelist, Amazon Web Services