STP Technical Foundations ILT For Students

AWS Partners: Technical
Foundations
Logística do dia
• Início as 09:05hs, término as 17:00hs. Intervalos
• Material Será enviado por e-mail ao Final do Curso
• Sessão Interativa, faça perguntas
• Procure um local tranquilo, foco é importante!
• Se a conexão cair...Aguarde
• Presença – Necessário +60% para receber certificado
• LABORATÓRIOS – criar conta no https://aws.qwiklabs.com/

STP Technical Foundations
Welcome and Introductions
Course Agenda Module 1 – Foundations

Module 2 – AWS Solution Architecture
Module 3 – Building Blocks
Compute
Storage
Networking
Databases
Security
Management
Module 4 – AWS Well-Architected Framework

Module 5 – Resources to Help You
4
AWS Technical Learning Path
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. Ramp-up Guide for AWS Architect
Module 1 – Foundations
6
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Course content
• What is AWS?
• What is an AWS solutions architect?
• You know more than you realize.
• What do customers want to know about AWS?
• Principles of AWS solution design: The Well-Architected Framework
• Designing a solution: A customer case study
• Common solution patterns
• Takeaways and next steps
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 8
Here is the question you need to answer:
Why are your customers

moving to AWS?
Five core benefits of cloud computing
Agility Elasticity
Cost Global
reduction reach
Breadth
of services
What sets AWS apart
Experience and Largest partner
enterprise ecosystem
leadership Amazon culture Thousands of partners,
Building and managing Pace of innovation 80 proactive price and 7,000+ Marketplace
the cloud since 2006 1,957 features in 2018 reductions products
Service breadth and Global footprint Security Hybrid cloud

depth 25+ Regions, 80+ Fine-grained control Broad set of hybrid
175+ services to support Availability Zones, capabilities
any cloud workload; rapid 230+ Points of
customer-driven releases Presence
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 12
Why AWS?
• Amazon Simple Storage Service (Amazon S3) holds trillions of objects and
regularly peaks at millions of requests per second.
• In a single Region, S3 processes peak at over 60 TBps of traffic in a day.
• More than 200,000 databases have been migrated using AWS Database Migration
Service (AWS DMS).
• On September 30, 2019, Amazon's Consumer business turned off its final Oracle
database after migrating nearly 7,500 databases and 75 petabytes of data across
hundred of items to AWS database services.
• More than 10,000 customers use Amazon SageMaker.
• More than 10,000 customers use Amazon Redshift.
• At just 3 years after general availability, AWS Lambda already processes trillions of
executions every month.
*As of December 2019
AWS recognized as
a cloud leader for the
10th consecutive year
Gartner, Magic Quadrant for Cloud Infrastructure as a Service, Worldwide, Raj Bala, Bob
Gill, Dennis Smith, David Wright, August 2020. ID G00365830. Gartner does not
endorse any vendor, product or service depicted in its research publications, and does not
advise technology users to select only those vendors with the highest ratings. Gartner
research publications consist of the opinions of Gartner's research organization and
should not be construed as statements of fact. Gartner disclaims all warranties,
expressed or implied, with respect to this research, including any warranties of
merchantability or fitness for a particular purpose. The Gartner logo is a trademark and
service mark of Gartner, Inc., and/or its affiliates, and is used herein with permission. All
rights reserved.
14
Who uses AWS?
Enterprises
Public Sector
Startups
https://aws.amazon.com/containers/customers/ 15 15
AWS Marketplace Overview
AWS Marketplace is an online

store that supports:
01 Over 1,500 participating ISVs
02 260,000+ active customers
03 7,000+ software listings
04 Over 850M hours of software per month
16
Module 2 – AWS Solution
Architecture
What is an AWS solutions architect?
• Customer’s trusted advisor and partner in digital transformation

• Owner of the technical relationship with the customer
• Critical guide on the customer’s cloud journey
• Technical expert, consultant, architect, educator, and trainer
• Customer’s cloud CTO or chief cloud architect
Breadth and depth of services
More services and more functionality in those services
TECHNICAL AND BUSINESS SUPPORT
Professional Optimization APN Partner Training and Account Security and billing Personalized
Support ecosystem certification Solutions management management
services guidance reports dashboard
AWS MARKETPLACE
Business
Business applications DevOps tools Security Networking Databases Storage
intelligence
ANALYTICS DEVOPS MOBILE SERVICES IOT AI/ML ENTERPRISE APPLICATIONS HYBRID ARCHITECTURE MIGRATION
Amazon One-click application Amazon API Schema
Data warehousing Elasticsearch Rules engine Machine learning Virtual desktops Data integration
deployment Gateway conversion
Service
Single integrated Sharing and Integrated Exabyte-scale
Business intelligence Data pipelines Resource templates Device shadows Image recognition
console collaboration networking data migration
Interactive SQL Integrated identity Application

Hadoop/Spark Build and test Identity Device SDKs Text to speech Corporate email
queries and access migration
Streaming data Conversational Integrated resource and

Application lifecycle Database
ETL Sync Device gateway Application streaming deployment
analysis Management interface migration
management
Streaming data DevOps resource Deep learning Integrated devices Server
Mobile analytics Registry Communications
collection management frameworks and edge systems migration
APPLICATION SERVICES Triggers Mobile app testing Local compute Custom model
training and hosting
Queuing and Email Targeted push
notifications Containers
notifications
Workflow Transcoding
Analyze and debug
Search
INFRASTRUCTURE CORE SERVICES SECURITY AND COMPLIANCE MANAGEMENT TOOLS

Compute Storage
VMs, automatic Object, blocks, file, Databases Identity Monitoring Assessment Web application Resource Service Configuration
Regions Relational, Access control
scaling, load archivals, management and logs and reporting firewall management catalog tracking
balancing, import/export, NoSQL, caching,
containers, virtual migration,
Availability Zones exabyte-scale data
private servers, transfer compatible with
PostgreSQL Configuration Key management Account Resource and Server Resource
batch computing, DDOS protection Monitoring
cloud functions, Networking compliance and storage grouping usage auditing management templates
Points of CDN
elastic GPUs, edge VPC, Amazon Direct
Presence
computing Connect, DNS
https://aws.amazon.com/products/
Mapping on-premises services to AWS
Data center to AWS cloud
Elastic
SoftwareLoad Balancing
load balancer
Active AWS
Directory Web server
Web server Web
Web server
server
Directory
server
Service
Elastic Load
Software Balancing
load balancer
SAN
Application
Application Application
Application Application
Application
Amazon Elastic server
server server
server server
server
Storage
Block Store
DB Server DB Server Backups to

Amazon RDS
(master) Amazon RDS
(standby) Backups tape
to Amazon S3
(master) (standby) or Amazon S3 Glacier
flashcards
Some AWS services are familiar
Virtual machine instance running on an AWS hypervisor

Compute – EC2
VMs
(instances)
Block storage volumes for use with Amazon EC2 instances

Storage – EBS (block
SAN storage storage)
Isolated virtual subnets in the AWS Cloud
Networking Networking – Virtual Private

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. Cloud 23
Similarities between AWS and
traditional IT
Traditional, on-premises IT space AWS
Security
Security groups
Firewalls ACLs Administrators Network ACLs IAM
Networking
Router Network pipeline Switch Elastic Load Balancing Amazon VPC
On-premises Compute
servers Amazon EC2
AMI
instances
Storage and
DAS SAN NAS RDBMS
database Amazon Amazon Amazon Amazon
EBS EFS S3 RDS
The sum is greater than its parts
External services
Amazon
Content CloudFront
delivery
network
Amazon
DNS Route 53
Third-party tools
Monitoring Amazon AWS

Logging
CloudWatch CloudTrail
Load Elastic Load

balancing Balancing*
External services and third-party tools are native and integrated.

Highly available global infrastructure
Region Interconnected using

high-speed private
AWS Availability Zone links
A AZ
AZ
Independent failure zone

https://infrastructure.aws/
What is an AWS Region?
- Regions are located in separate geographic areas.
1 - Regions are isolated from each other.
- Two redundant Transit Centers
- Regions have multiple Availability Zones.
- Highly peered and connected facilities
16 (stay tuned) - Data is never moved from one Region to another by AWS.
- AZs are isolated locations (power, network, flood zone, and so forth) in Regions.
- AZs have one or more data centres (some have 8 data centers).
Each data center building has between
- AZs are designed to offer high availability of services to customers. 50,000 and 80,000 physical servers.
- AZs in one Region have submillisecond latency between them.
Selecting a Region
Data governance,
legal requirements
Proximity to customers
(latency)
Determine the right Region for
your services, applications, and
Services available
data based on these factors within the Region
https://aws.amazon.com/about-aws/global-
infrastructure/regional-product-services/ Costs (vary by Region)
What do you want to manage?
Self-managed
Amazon EC2 Fully managed
service service
Corporate data center AWS Cloud AWS Cloud
Database DB on instance RDS instance
Corporate data AWS data AWS data

center center(s) center(s)
Traditional on-premises security model
Compute Storage Database Networking
Datacenters HVAC Operation
Shared security model
Regions Availability zones Edge locations
Shared security model for managed
Services
Regions Availability zones Edge locations
Compliance on AWS
AWS environments are continuously Certificates, reports, and other

audited by accreditation bodies compliance documentation are
from across the globe. provided directly to customers.
Compliance on AWS
• 203 security certifications and accreditations

• 2.600 controls audited annualy
• AWS customers inherit compliance certifications
• Compliance and audit reports available to
customers at AWS services portal - AWS Artifact
https://aws.amazon.com/compliance/programs/
37
AWS Artifact
Central resource for compliance-related

auditor reports and attestations
• Access to all auditor-issued AWS reports, certs,

accreditations
• Review, accept, and manage your agreements

AWS Artifact with AWS
Module 3 – Building Blocks
43
Three ways to interact with AWS
AWS Management Console

Easy-to-use graphical interface
Command Line Interface (AWS CLI)

Access to services by discrete commands or scripts
Software Development Kits (SDKs)

Access services directly from your code (such as Java, Python, and
others)
AWS foundational services
AWS Compute AWS Storage AWS Networking AWS Database AWS Security AWS Management
Amazon Amazon Amazon Amazon Amazon Amazon Amazon Amazon AWS AWS AWS AWS
EC2 Elastic S3 EBS ELB Route 53 RDS Aurora IAM WAF CloudWatch CloudTrail
Container Glacier
Service
Amazon Amazon Amazon Amazon Amazon AWS AWS AWS AWS

Amazon AWS
S3 ALB VPC Dynamo DB ElastiCache KMS Shield CloudFormation Config
EC2 Auto Lambda
Scaling
AWS
AWS Amazon
Elastic
Direct VPN
Beanstalk
Connect
Amazon Elastic Compute Cloud
Linux | Windows | ARM and x86 architectures
General purpose and workload optimized
Bare metal, disk, networking capabilities
Packaged | Custom | Community AMIs
Amazon EC2
Multiple purchase options: On-demand, RI, Spot
Complete control of your host OS as root and administrator
Responsible for all installed applications
https://aws.amazon.com/ec2/
EC2 instances: Families and generations
General purpose: A1 T3 T3a T2 M6g M5 M5a M5n M4

Compute optimized: C5 C5n C4
Memory optimized: R5 R5a R5n R4 X1e X1 High Memory z1d
Accelerated computing : P3 P2 Inf1 G4 G3 F1
Storage optimized: I3 I3en D2 H1
Customers can change instance types seamlessly.
https://aws.amazon.com/ec2/instance-types/
EC2 instances: Types and sizes
M5n.16xlarge
Instance family Instance generation Instance size
Instance Family defines the type of recommended workload 64 virtual CPUs
Ex – M5 for applications that requires balance of compute, memory, and 256 GB memory
networking resources for a broad set of workloads 75 GBps network bandwidth
13,600 Mbps EBS bandwidth
https://aws.amazon.com/ec2/instance-types/
Instance sizing
≈ ≈ ≈
m5.8xlarge 2 – m5.4xlarge 4 – m5.2xlarge 8 – m5.xlarge

Amazon EC2 – How to Deploy
2 Network placement and addressing
Amazon VPC
3 Family/type/CPU/memory
Security group(s)
4 Domain membership, tenancy
1
5 User data
6 Added Amazon EBS block storage

Amazon Windows EC2
Machine instance
Image (AMI) 7 Tags (optional)
DEMO
8 Security group(s)
EC2 purchasing options
On-Demand Reserved Spot Savings Plan
Pay for compute capacity Make a 1- or 3-year Spare EC2 capacity at Savings Plan offers up to
by the second with no commitment and receive savings of up to 90% off 72% savings in exchange
long-term commitments a significant discount off On-Demand prices for a commitment to
On-Demand prices consistent amount of
Spiky workloads, to define Fault-tolerant, dev/test, usage for a 1- or 3-year
needs Committed, steady-state time-flexible, stateless term
use workloads
https://aws.amazon.com/ec2/pricing/
Amazon EC2 Auto Scaling
• Scale Amazon EC2 instances seamlessly and automatically

• Launch or terminate instances to meet desired capacity
• Keeps capacity balanced across AZs
• Replace unhealthy or unreachable instances
• Policy-based – integrates with other AWS services
• Use cases:
• Dynamic scaling – optimize EC2 resources rapidly
• Reduce cost and manage pricing
• Fleet management – balance and recover from failures
https://aws.amazon.com/ec2/autoscaling/
53
Scaling options
Max
Desired
Manual Scheduled Dynamic Predictive

scaling scaling scaling scaling
New!
Min
Scheduled scaling
Elastic Load Balancing
Recurring scaling events
Amazon EC2 instances

Schedule individual events
Auto Scaling group
Dynamic scaling with target tracking
100% 30
80% 25
Elastic Load
Instances
60% 20
Balancing
CPU
40% 15
20% 10
Traffic 0% 5
Target Utilization CPU Utilization

Instances
Traffic
Ti…
Amazon EC2 instances

Container basics
• Containers are a method of operating system

virtualization. Your Container
• Benefits
• Repeatable. Your application
• Self-contained execution environments.
• Software runs the same in different Dependencies
environments.
• Developer's laptop, test, production.
• Faster to launch and stop or terminate Configurations
than virtual machines
Hooks into OS
Containers versus virtual machines
Three virtual machines on three EC2 instances
Example
VM 1 VM 2 VM 3
Three containers on one EC2 instance Container
App 1 App 2 App 3
Container Container Container
instance 1 Bins/Libs Bins/Libs Bins/Libs
instance 2 instance 3
Docker App 1 App 2 App 3

EC2 EC2 EC2
engine
Bins/Libs Bins/Libs Bins/Libs instance instance instance
guest OS guest OS guest OS
EC2 instance guest OS
Hypervisor
Part of
AWS Global
Host operating system Infrastructure
Physical server
What is Docker?
Released March 2013
Tools for creating, storing, managing, and

running containers
Easy to integrate with automated pipelines
Build, test, and deploy applications quickly
Amazon ECS and Amazon EKS
• Elastic Container Service and Elastic Container Service

for Kubernetes
• AWS runs the EC2 cluster management for you
• Eliminates the complexity of operating container
infrastructure
• Use cases
• Deploy microservices to speed innovation
• Batch processing
• Migrate legacy applications without requiring code changes
• Accelerate machine learning
https://aws.amazon.com/ecs/
AWS Lambda: Run code without servers
AWS Lambda is a serverless compute service.
The code you run

is a Lambda function
Upload your code
AWS HTTP
services endpoints
Your code Pay only for the
Mobile apps
runs only when it is compute time that
Run your code on a schedule
triggered you use (Billed in 100ms
or in response to events
increments)
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. https://aws.amazon.com/lambda/ 64
AWS Elastic Beanstalk
• An easy way to get web applications up and running
• A managed service that automatically handles –

• Infrastructure provisioning and configuration
• Deployment
• Load balancing
• Automatic scaling
• Health monitoring
AWS Elastic • Analysis and debugging
• Logging
Beanstalk
• No additional charge for Elastic Beanstalk

• Pay only for the underlying resources that are used
Container Glacier
Service

Amazon AWS
EC2 Auto Lambda
Scaling
AWS
AWS Amazon
Elastic
Direct VPN
Beanstalk
Connect
Block storage versus Object storage
What if you want to change one character in a 1-GB file?
Block storage Object storage

Change one block (piece of the file) Entire file must be updated
that contains the character
Amazon Elastic Block Storage
• Block storage volumes for use with Amazon EC2 instances

• Persistent storage attached to EC2 instances as native disk
• Formatted using a standard OS file system (such as ext4 or NTFS)
• Scalable, high-performance storage for applications
• Use cases
• Boot/root volumes for EC2 instances
• Data volumes for enterprise applications such as SAP, Microsoft Exchange, and
Microsoft SharePoint
• Relational or NoSQL databases supporting millions of users
https://aws.amazon.com/ebs/
Amazon EBS volume types
SSD HDD
gp2 io1 st1 sc1

General Purpose Provisioned IOPS Throughput Cold HDD
SSD SSD Optimized HDD
Amazon EBS Use Cases
Solid-state drives (SSD) Hard disk drives (HDD)
Throughput Optimized HDD
Volume type General Purpose SSD (gp2) Provisioned IOPS SSD (io1) Cold HDD (sc1)
(st1)
General purpose SSD volume Highest-performance SSD Low-cost HDD volume
Lowest cost HDD volume
that balances price and volume for mission-critical low- designed for frequently
Description designed for less frequently
performance for a wide latency or high-throughput accessed, throughput-
accessed workloads
variety of workloads workloads intensive workloads
Critical business applications
that require sustained IOPS Streaming workloads Throughput-oriented storage
Recommended for most
performance, or more than requiring consistent, fast for large volumes of data that
workloads
16,000 IOPS or 250 MiB/s of throughput at a low price is infrequently accessed
throughput per volume
Use cases Large database workloads, Scenarios where the lowest
System boot volumes Big data
such as: storage cost is important
Virtual desktops, Low-latency
MongoDB, Cassandra, Data warehouses, Log
interactive apps,
Microsoft SQL Server, MySQL, processing. Cannot be a boot Cannot be a boot volume
Development and test
PostgreSQL and Oracle volume
environments
Volume size 1 GiB - 16 TiB 4 GiB - 16 TiB 500 GiB - 16 TiB 500 GiB - 16 TiB
Max IOPS per volume 16,000 (16 KiB I/O) * 64,000 (16 KiB I/O) † 500 (1 MiB I/O) 250 (1 MiB I/O)
Max throughput per volume 250 MiB/s * 1,000 MiB/s † 500 MiB/s 250 MiB/s
Max throughput per instance
2,375 MB/s 2,375 MB/s 2,375 MB/s 2,375 MB/s
††
Dominant performance
IOPS IOPS MiB/s MiB/s 71
attribute
AWS EBS Features
Durable Secure Scalable
Designed for 99.999 Identity and Capacity when
reliability Access Policies you need it
Redundant storage Encryption Easily scale up
across multiple devices and down
within an AZ
Performance Backup
Low-latency SSD Point-in-time Snapshots
Consistent I/O Performance Copy snapshots across AZ
Stripe multiple volumes for and Regions
higher I/O performance
EBS Snapshot
• Point-in-time backup of modified volume blocks
• Stored in Amazon S3
• Subsequent snapshots are incremental
• Deleting snapshot will only remove data exclusive to
that snapshot
• Snapshots can be used to create new volumes

• Snapshots of encrypted volumes are also encrypted
Amazon Simple Storage Service
(Amazon S3)
• Highly scalable, reliable, fast, durable object storage
• Store and retrieve any amount of data from anywhere on the web
using HTTP or HTTPS
• Workhorse service that serves many purposes
• Use cases:
• Application file hosting
• Backup for disaster recovery
• Static web hosting
• Streaming data
• Data lakes
https://aws.amazon.com/s3/
Data redundant across AZs
media/welcome.mp4
Facility 1 Facility 2 Facility 3
my-bucket-name
• Replicated into 3 facilities

• Eventual Consistency
Region
Amazon S3 bucket URLs (two styles)
Amazon S3
To upload your data:
Create a bucket in an AWS Region (name MUST be Unique at AWS).
Upload almost any number of objects to the bucket.
Bucket path-style URL endpoint:

[bucket name] https://s3.ap-northeast-1.amazonaws.com/bucket-name
Region code Bucket name
Bucket virtual-hosted-style URL endpoint:

Preview2.mp4 https:// bucket-name.s3-ap-northeast-1.amazonaws.com
Tokyo Region (ap-
northeast-1)
Bucket name Region code
Storage classes on Amazon S3
Standard – One Zone – Amazon S3 Amazon S3

Standard Infrequent Access Infrequent Access Glacier Glacier
Deep Archive
Active data Infrequently accessed data Archived data
Amazon S3 Intelligent-Tiering
S3 Lifecycle policies
Amazon S3 lifecycle policies enable you to delete or move objects

based on age.
Amazon S3 Amazon S3 Amazon Delete

Standard Standard - S3 Glacier
Infrequent
Access
30 days 60 days 365 days
Preview2.mp4 Preview2.mp4 Preview2.mp4
S3 Storage Classes
“Hot” Data $0.023/GB per month > 0K ≥ 0 Days Durable
Active and/or 99.999999999%
Temporary Data
S3-Std
Available
S3: 99.99%
“Warm” Data $0.0125/GB per month ≥ 128K ≥ 30 Days S3-IA: 99.9%
Infrequently S3-IA-1Z: 99.5%
Accessed Data $0.01/GB retrieval
S3-IA
Performant
Low Latency
$0.0100/GB per month ≥ 128K ≥ 30 Days High Throughput
“Warm” Data
Infr. Accessed Data
Non-critical Data $0.01/GB retrieval
S3-IA-1Zone Scalable
Elastic capacity
No preset limits
“Cold” Data $0.004/GB per month > 0K ≥ 90 Days
Archive and
Compliance Data 1~5min $0.03/GB - 3~5hs $0.01/GB - 5~12hs $0.0025/GB
Glacier
“Cold” Data $0.00099/GB per month > 0K ≥ 180 Days
Archive and
Compliance Data 3 – 12 Hrs - $0.02/GB - $0.025/GB
Glacier Deep Archive
* Prices for North Virginia Region on Aug/2020
Amazon S3 Glacier / Deep Archive
• Long term storage solution
• Long term archiving, backup.
• Low cost.
• Data are extracted by executing retrieval jobs.

Ready to download!
ü Object ID 001
ü Object ID 025 ID 001 ID 025 ID 150
ü Object ID 150
ü Object ID 400 Archive retrieval job
….
q Expedited: 1~5min
ID 400
q Standard: 3~5hs
q Bulk: 5~12hs
99.999999999% durability of objects over a given year

https://aws.amazon.com/glacier/
Storage Gateway
File Gateway
Customer DC • Cached and Stored modes.
• EBS Snapshots of your data.
Direct Connect • Backup to cloud.
NFS/SMB • Big-Data, ML and Analytics initiatives.
Internet • High data durability.

Application AWS Storage Amazon Amazon Glacier
• Compliance.
Amazon S3
Server Gateway S3-IA • Reduce the operational burden.
VPC
Volume Gateway
Tape Gateway
• Cached and Stored modes.
• Integrates using iSCSI.
• EBS snapshots of your data.
• Low-effort migration to cloud backup.
• Reduce datacenter infrastructure.
• Cached and Stored modes.

• Integrates using iSCSI.
• EBS block-based snapshots of your data.
• Integrated with AWS Backup.
Amazon S3 for data lakes
Catalog & Search Access & User Interface
Access & Search Metadata Give your users easy & secure access
Amazon Amazon IAM Amazon

Amazon ES Cognito
DynamoDB API Gateway
Data Ingestion
Get your data into S3 Processing & Analytics
quickly and securely Use predictive and prescriptive
Central Storage analytics to gain better understanding
Amazon Kinesis AWS AWS AWS Database Amazon Amazon Amazon Amazon
Data Firehose Direct Connect Snowball Migration Service Amazon AWS Lake Athena QuickSight EMR Redshift
S3 Formation
Protect & Secure

Use entitlements to ensure data is secure and users identities are verified
AWS STS Amazon AWS AWS Key

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. CloudWatch CloudTrail Management 83
Service
Container Glacier
Service

Amazon AWS
EC2 Auto Lambda
Scaling
AWS Amazon AWS Systems

Direct VPN Manager
Connect
Amazon Virtual Private Cloud
(Amazon VPC)
• Provision virtual networks hosted on
Key configurable
AWS and dedicated to your AWS
features of Amazon
account
VPC:
• Logically isolate networks from other
• IP ranges
virtual networks
• Subnets
• Launch multiple AWS resources, such
• Routing as Amazon EC2 instances, into VPCs
• Network gateways • Use multiple connectivity options
with tools to manage and restrict
access
VPC setup
Region
Region
VPC 10.0.0.0/16 Availability Zone
VPC
Availability Zones
Subnets
Security groups
Connectivity
Elastic IP
Load balancers
Multi-AZ patterns increase reliability
Region
Region
VPC 10.0.0.0/16 Availability Zone 1
VPC Public subnet Private subnet
Availability Zones
Subnets
Security groups
Connectivity
Availability Zone 2
Elastic IP
Public subnet Private subnet
Load balancers
Create subnets
Region
Region
VPC Public subnet 1 Private subnet 1
10.0.1.0/24 10.0.2.0/24
Availability Zones
Subnets
Security groups
Connectivity
Availability Zone 2
Elastic IP
Public subnet 2 Private subnet 2
10.0.3.0/24 10.0.4.0/24
Load balancers
Network access control lists
VPC
• Stateless virtual firewalls for subnets
Private subnet Public subnet
• Numbered list of rules evaluated in
order
Network ACL Network ACL
• Separate inbound and outbound rules
Security group
• Supports allow and deny rules Security group
Security
• Default, modifiable network ACL group
allows all traffic
• Each subnet must be associated with
a network ACL
• Managed through Amazon VPC APIs
Â© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 89
Security groups and instance-based
firewalls
• Virtual firewalls
VPC
• Stateful: respond to allowed traffic Public/private subnet
• Default for VPC
• Restricted by IP protocol, service port, Security group https
source or destination IP
• Changes automatically applied
• Cannot be controlled through guest Instance
firewall
OS
• Guest OS-level protection is Security group db
encouraged
Â© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 90
Security groups example
Region
Region
10.0.1.0/24 10.0.2.0/24
Availability Zones
Subnets
Web server Database server
Security groups
Connectivity
Availability Zone 2
Elastic IP Web Security Group inbound rules Database Security Group inbound rules
Protocol Port Range Source
10.0.3.0/24 Protocol
10.0.4.0/24 Port Range Source
Load balancers
TCP 80 0.0.0.0/0 TCP 443 Web Security Group
TCP 443 0.0.0.0/0 TCP 3306 Web Security Group

88 Web server Database server
Connectivity
Internet gateways and route tables
Region
Region Route table
VPC Destination Target
10.0.1.0/24 10.0.0.0/16
10.0.2.0/24 Local
Availability Zones
0.0.0.0/0 Internet gateway
Subnets
Security groups
Connectivity
Internet gateway Availability Zone 2
Elastic IP
10.0.3.0/24 10.0.4.0/24
Load balancers
Route table
88 Destination Target
Web server
Local
Database server
10.0.0.0/16
Network Address Translation gateway
Region
Region
10.0.1.0/24 10.0.2.0/24
Availability Zones
Subnets Route table

NAT
Security groups gateway
Web server Destination Database server
Target
10.0.0.0/16 Local
Connectivity
Internet gateway Availability
0.0.0.0/0 Zone 2 NAT gateway
Elastic IP
10.0.3.0/24 10.0.4.0/24
Load balancers
Elastic IP address
Region
Region
10.0.1.0/24 10.0.2.0/24
Availability Zones
Subnets
NAT
Connectivity
Internet gateway Availability Zone 2
Elastic IP
10.0.3.0/24 10.0.4.0/24
Load balancers
Elastic IP
address Web server Database server
Load balancers
Region
Region
10.0.1.0/24 10.0.2.0/24
Availability Zones
Subnets
NAT
Connectivity
Internet gateway Elastic Load Availability Zone 2
Elastic IP Balancing
10.0.3.0/24 10.0.4.0/24
Load balancers
Elastic IP
https://aws.amazon.com/elasticloadbalancing/features/#compare
Load balancer security groups
Region Load Balancer Security Group inbound rules
Region Protocol Port Range Source
TCP 80 0.0.0.0/0
10.0.1.0/24 TCP
10.0.2.0/24 443 0.0.0.0/0
Availability Zones
Subnets Web Security Group inbound rules

NAT
Web server Protocol Database
Port Rangeserver
Source
TCP 80 Load Balancer Security Group
Connectivity
Internet gateway Availability
TCP Zone
4432 Load Balancer Security Group
Application load
Elastic IP balancer
10.0.3.0/24 10.0.4.0/24
Database Security Group inbound rules
Load balancers
Protocol Port Range Source
Elastic IP TCP 443 Web Security Group
TCP 3306 Web Security Group
AWS PrivateLink
Integrate AWS services privately
AWS Marketplace
curated SaaS products
AWS Private Over 35

Link AWS
Customer Create secure services
No public IP address
environment endpoints
Examples
• Amazon Elastic File System
• AWS Systems Manager
• AWS Storage Gateway
• Amazon EC2 API
Elastic Load Balancing (ELB)
• Automatically distributes incoming application traffic

• Incorporates new resources as applications scale, automatically
• Detects and accommodates application faults
• Pools AWS Cloud and on-premises resources seamlessly
• Integrates with other AWS services
• Route 53
• Internet Gateway
• Identity and Access Management
https://aws.amazon.com/elasticloadbalancing/
Load balancer options
Application Load Balancer Network Load Balancer Classic Load Balancer
• Best suited for HTTP/HTTPS • Best suited for TCP/UDP/TLS • Provides basic load balancing
• Provides advanced request • Operates at the connection across EC2 instances
routing level (Layer 4) • Operates at both the request
• Targeted for modern • Capable of handling millions level and connection level
architectures including of requests per second • Intended for applications built
microservices and containers • Optimized for sudden and in EC2-Classic network
• Operates at the individual volatile traffic patterns
request level (Layer 7)
• Routes traffic based on the
content of the request
Amazon CloudFront
Content delivery network (CDN) with optimization
• Distribute content to end users with
low latency and high data transfer
rates
• Broad, geographic presence beyond
AWS Regions
• Accelerate data uploaded from end
users
• Use cases:
• Accelerating web application
performance
• Caching static web content and
frequent database query results https://aws.amazon.com/cloudfront/
• Offloading TLS termination
Edge Location = Point of presence where the
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. content cache is performed 107
Amazon Route 53
• Global Domain Name System (DNS) service

• Highly available and scalable – 100% availability SLA
• Critical tool integrated with many AWS services
• Use cases:
• Optimized routing
• Failover
• Geolocation compliance
• Integrated with other AWS services
• Micro-segmentation
https://aws.amazon.com/route53/
Container Glacier
Service

Amazon AWS
EC2 Auto Lambda
Scaling

Direct VPN Manager
Connect
More than Relational Database
Relational Key-value Document In-memory Graph Time-series Ledger
Referential High Store Query by key Quickly and Collect, store, Complete,
integrity, ACID throughput, low- documents and with easily create and process immutable, and
transactions, latency reads quickly access microsecond and navigate data sequenced verifiable history
schema- and writes, querying on any latency relationships by time of all changes to
on-write endless scale attribute between application data
data
Common Lift and shift, ERP, Real-time bidding, Content Leaderboards, Fraud detection, IoT applications, Systems
Use Cases CRM, finance shopping cart, management, real-time analytics, social networking, event tracking of record, supply
social, product personalization, caching recommendation chain, health care,
catalog, customer mobile engine registrations,
preferences financial
AWS
Service(s) Aurora, RDS DynamoDB DocumentDB ElastiCache Neptune Timestream QLDB
Amazon Relational Database Service (RDS)
Managed relational database service with a choice of
popular database engines
Easy to administer Performant & scalable Available & durable Secure and compliant
Easily deploy and maintain Scale compute Automatic Multi-AZ data Data encryption at rest and
hardware, OS and DB and storage with a few replication; automated in transit; industry
software; built-in monitoring clicks; minimal downtime for backup, snapshots, and compliance and assurance
your application failover programs
https://aws.amazon.com/rds/ 111
Amazon Aurora
MySQL and PostgreSQL compatible relational database built for the cloud
Performance and availability of commercial-grade databases at 1/10th the cost
Performance Availability Highly Fully

& scalability & durability secure managed
5x throughput of standard Fault-tolerant, self-healing Network isolation, Managed by RDS: no
MySQL and 3x of standard storage; six copies of encryption at server provisioning,
PostgreSQL; scale-out up data across three AZs; rest/transit software patching, setup,
to15 read replicas continuous backup to S3 configuration, or backups
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. https://aws.amazon.com/rds/aurora/ 112
Amazon Aurora Architecture
mydbcluster.cluster-123456789012.us-east-1.rds.amazonaws.com:3306
Host URL:port Cluster endpoint | Reader endpoint | Instance endpoint mydbcluster.cluster-ro-123456789012.us-east-1.rds.amazonaws.com:3306
Query L.B. mydbinstance.123456789012.us-east-1.rds.amazonaws.com:3306
Optional (15x)
1+ DB
instances
(SQL,Transaction,Caching)
Layer
64 TB
Transparent data layer.
DB cluster data
(Logging + Storage Layer)
virtual database storage volume
Amazon Aurora - Main Features
• Cluster Volume RESTORE

• Virtual volume using SSD drives.
• Copies of data across multiple AZ’s. FAIL!
• Storage Auto-Repair
• Automatic failure detection & repair.
• Avoid data loss and point-in-time restores.
SSD SSD SSD SSD
• Survivable Cache Warming

• Pre-loads buffer pool with common queries.
• Page-cache survives independently.
• Crash Recovery
• Designed to recover from DB crashes almost instantaneously.
Amazon DynamoDB
Fast and flexible NoSQL database service for any scale
Performance at scale Serverless Enterprise ready

Handles millions of requests per second Maintenance free ACID transactions
Delivers microsecond latency Auto scaling Encryption at rest
Automated global replication On-demand capacity mode On-demand backup and restore
Amazon ElastiCache
Fully-managed, Redis or Memcached compatible, low-latency, in-

memory data store
Extreme Fully Easily

Performance Managed Scalable
In-memory data store and AWS manages all Read scaling with
cache for sub-millisecond hardware and software replicas. Write and memory
response times setup, configuration, scaling with sharding.
monitoring Non disruptive scaling
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. https://aws.amazon.com/elasticache/ 116
Container Glacier
Service

Amazon AWS
EC2 Auto Lambda
Scaling

Direct VPN Manager
Connect
AWS Identity and Access Management
(IAM)
• Core AWS security service
• Create and manage AWS users, roles, and groups AWS Identity and
Access Management
• Manage fine-grained access control to AWS resources, (IAM)
such as control what operations a user or service can
perform
• Integrates with Microsoft Active Directory using SAML
identity federation and AWS Directory Service (AD
Connector)
• Allows scalable, consistent security and auditability
• Multifactor authentication supported
https://aws.amazon.com/iam/
AWS principals
Account Owner ID (Root Account)
• Access to all subscribed services
• Access to billing
• Access to console and APIs
• Access to Customer Support
IAM Users, Groups, and Roles

• Access to specific services
• Access to console and/or APIs
• Access to Customer Support (Business and Enterprise)
Temporary Security Credentials

• Access to specific services
• Access to console and/or APIs
IAM: Essential components
A person or application that can authenticate with an

AWS account.
IAM user
A collection of IAM users that are granted identical

authorization.
IAM group
The document that defines which resources can be

accessed and the level of access to each resource.
IAM policy
Useful mechanism to grant a set of permissions for

IAM role making AWS service requests.
Authenticate as an IAM user to gain
access
• When you define an IAM user, you select what types of access the
user is permitted to use.
• Programmatic access
• Authenticate using:
• Access key ID AWS CLI AWS Tools
• Secret access key and SDKs
• Provides AWS CLI and AWS SDK access
• AWS Management Console access

• Authenticate using:
• 12-digit Account ID or alias
AWS Management
• IAM user name Console
• IAM password
• If enabled, MFA prompts for an authentication code.
IAM MFA
• MFA provides increased security.

• In addition to user name and password, MFA requires a unique authentication code to access AWS
services.
User name and

password
MFA token
AWS Management Console

IAM groups
• An IAM group is a collection of IAM users

• A group is used to grant the same AWS
account
permissions to multiple users
• Permissions granted by attaching IAM
policy or policies to the group IAM group: IAM group: IAM group:
Admins Developers Testers
• A user can belong to multiple groups
• There is no default group Carlos Salazar Li Juan Zhang Wei
• Groups cannot be nested John Stiles

Márcia Oliveira Mary Major
Richard Roe Li Juan
IAM policies
• An IAM policy is a document that defines permissions

• Enables fine-grained access control
• Two types of policies – identity-based and resource-based
IAM entities
• Identity-based policies
• Attach a policy to any IAM entity
Attach to
• An IAM user, an IAM group, or an IAM role one of
IAM user
• Policies specify:
• Actions that may be performed by the entity
IAM policy IAM group
• Actions that may not be performed by the entity
• A single policy can be attached to multiple entities
• A single entity can have multiple policies attached to it IAM role
• Resource-based policies
• Attached to a resource (such as an S3 bucket)
Authorization: What actions are
permitted
After the user or application is connected to the AWS account, what are they allowed to do?
EC2
Full
instances
access
Read-
only S3 bucket
IAM user,
IAM group,
or IAM role
IAM policies
IAM roles
• An IAM role is an IAM identity with specific permissions

• Similar to an IAM user
• Attach permissions policies to it
• Different from an IAM user IAM role
• Not uniquely associated with one person
• Intended to be assumable by a person, application, or service
• Role provides temporary security credentials
• Examples of how IAM roles are used to delegate access –
• Used by an IAM user in the same AWS account as the role
• Used by an AWS service—such as Amazon EC2—in the same account as the role
• Used by an IAM user in a different AWS account than the role
AWS KMS (Key Management Service)
AWS Key Management Service (AWS KMS) features:

Enables you to create and manage encryption
keys
Enables you to control the use of encryption
across AWS services and in your applications.
Integrates with AWS CloudTrail to log all key
usage.
Uses hardware security modules (HSMs) that are
validated by Federal Information Processing
Standards (FIPS) 140-2 to protect keys
AWS KMS
https://aws.amazon.com/kms/
AWS Shield
Guards against distributed denial of service

(DDoS) attacks
AWS Shield Standard
Addresses common layer 3-4 DDoS incidents
Monitors network flows for quick attack
detection
Mitigates service impacts automatically
AWS Shield Advanced
Enhanced DDoS detection and response
Supports customized rules against sophisticated
attacks
AWS Shield
Includes AWS DDoS Response Team 24x7
Covers cost of increased resource usage due to
attack
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. https://aws.amazon.com/shield/ 128
AWS Web Application Firewall (AWS
WAF)
• Protects web applications
• Filter traffic based on custom rules
• Easy to deploy as part of Amazon CloudFront or ELB
• Provides real-time metrics and detailed request data
• Configure manually or via an AWS API
• Integrate third-party. workload-optimized, AWS WAF configuration rules
• AWS Firewall Manager synchronizes AWF WAF rules across multiple-accounts
https://aws.amazon.com/waf/
Preventative Controls: AWS WAF
• Three modes of operation:

• Self service (customer writes / manages rules)
• Customer manually engages AWS DDoS Response Team (DRT) during attack to
triage, author rules
• DRT automatically authorised to engage in response to alerts, writes/manages
rules
Web traffic filtering Malicious request Active monitoring

with custom rules blocking and tuning
Container Glacier
Service

Amazon AWS
EC2 Auto Lambda
Scaling

Direct VPN Manager
Connect
Amazon CloudWatch
• Monitors –
• AWS resources
• Applications that run on AWS
• Collects and tracks
• Standard metrics
Amazon
• Custom metrics
CloudWatch
• Alarms
• Send notifications to an Amazon SNS topic
• Perform Amazon EC2 Auto Scaling or Amazon EC2
actions
• Events
• Define rules to match changes in AWS environment
and route these events to one or more target functions
or streams for processing
https://aws.amazon.com/cloudwatch/
Amazon CloudWatch Alarms
Amazon
CloudWatch
AWS resources Amazon Amazon SNS

that support CPUUtilization CloudWatch email
alarm notification
CloudWatch
StatusCheckFailed
PageViewCount
Available
statistics
CloudWatch Metrics
Custom Auto Scaling
Application-
Specific Metrics
AWS Statistics
Management Consumer
Console
AWS CloudTrail
• Managed service that records all AWS API calls for

your account
• Records information about API calls to AWS service AWS CloudTrail
• Delivers results in log files for automatic response Who did

that?!
• Use cases:
• Security, alerting
• Compliance
• Troubleshooting
• Remediation
https://aws.amazon.com/cloudtrail/
AWS CloudFormation
• Service to create and manage a collection of related

AWS resources
AWS CloudFormation
• Describe sets of AWS resources using template file
• Customize values for different application environments and Regions
• Maintain and update infrastructure as code (IaC)
• Use cases
• Standardize application deployments for scale and consistency
• Test, design, and automatically roll back newly provisioned resources
• Replicate service architectures globally in minutes
https://aws.amazon.com/cloudformation/
CloudFormation: Infrastructure as Code
AWS CloudFormation allows you to launch, configure, and connect AWS resources
with JSON or YAML templates.
Template AWS CloudFormation Stack

Engine
• JSON/YAML-formatted • AWS service component • A collection of resources

file describing the • Interprets AWS created by AWS
resources to be created CloudFormation CloudFormation
• Treat it as source code: template into stacks of • Tracked and reviewable
put it in your repository AWS resources in the AWS Management
Console
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS Config
Managed service for tracking AWS inventory, configuration, and change notification
AWS Config
Amazon Amazon
EC2 EBS
Amazon AWS
VPC CloudTrail
Security Audit Change

Troubleshooting Discovery
analysis compliance management
AWS Trusted Advisor
• Online tool that provides real-time guidance to help you provision

your resources following AWS best practices.
• Looks at your entire AWS environment and gives you real-time
recommendations in five categories.
Cost Optimization Performance Security Fault Tolerance Service Limits
Potential monthly savings
Trusted Advisor: Core vs. Full
Core Checks and Recommendations Full Trusted Advisor Benefits

(included)
(With Business or Enterprise support)
• Seven core checks around

• Full set of checks
security and performance
• Notifications
• Service Limits
• Programmatic Access via API
Popular AWS Marketplace vendors by
category
https://aws.amazon.com/marketplace
Module 4 – The AWS
Well-Architected Framework
141
Answer some customer questions!
• What will change when I move to AWS?

• How secure is my AWS workload?
• How can AWS improve business continuity and disaster
recovery?
• How do I measure and compare workload performance in the
cloud compared to on premises?
• Does it cost more or less to run a workload in AWS compared
to on premises?
AWS Well-Architected Framework
• Increases awareness of architectural best practices

• Addresses foundational areas that are often neglected
• Consistent methodology for evaluating architectures
• Composed of:
• Pillars
• Design principles
• Questions
https://aws.amazon.com/architecture/well-architected
Value proposition
Help customers:
• Apply consistent approach to reviewing architectures
• Understand and reduce risk in their architecture
• Learn best practices
• Influence future architectures
• Accelerate cloud migration
AWS Well-Architected Tool
AWS Well-
Architected Tool 2
Apply Well-Architected Pillars
Operational Security Reliability Performance Cost

excellence efficiency optimization
Proposed CSI solution architecture
Cloud Migrated
AWS Cloud Availability zone A
Public Subnet Web Tier App Tier Data Tier
Private Subnet Private Subnet Private Subnet
Example
Services:
RDGW
NAT
ISD/WAF
Users
Internet
Admin
Services: Services:
Services: EC2 EC2
ELB ECS/EKS ECS/EKS
Guard Duty Fargate Fargate
Shield Advanced Lambda Lambda
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. WAF EBS EBS 181
S3 S3
Reliability
Example
Services:
RDGW
NAT
ISD/WAF
Users
Replication
Internet
Example
Services:
RDGW
NAT
ISD/WAF
admin
Availability zone B
Services: Services:
Services: EC2 EC2
ELB ECS/EKS ECS/EKS
Shield Advanced Lambda Lambda
S3 S3
Performance Efficiency
Example
Services:
RDGW
NAT
ISD/WAF
Users
Replication
Auto Scaling Auto Scaling
group group
Internet
Example
Services:
RDGW
NAT
ISD/WAF
admin
Availability zone B
Services: Services:
Services: EC2 EC2
ELB ECS/EKS ECS/EKS
Shield Advanced Lambda Lambda AWS
CloudFormation
S3 S3
Cost Optimization
Example
Services:
RDGW
NAT
ISD/WAF
Reserved Reserved
Users On-Demand On-Demand
Replication
group group
Internet
Example
Services:
RDGW
NAT
ISD/WAF Reserved Reserved
admin On-Demand On-Demand
Availability zone B
Services: Services:
Services: EC2 EC2
ELB ECS/EKS ECS/EKS
Shield Advanced Lambda Lambda AWS
CloudFormation
S3 S3
Security
Example
Services: Web Security Group App Security Group Data Security Group
RDGW
NAT
ISD/WAF
Reserved Reserved
Replication
group group
Internet
Example AWS KMS
Services:
RDGW
NAT

IAM AWS WAF AWS
Shield
Availability zone B
Services: Services:
Services: EC2 EC2
ELB ECS/EKS ECS/EKS
Shield Advanced AWS AWS
Lambda Lambda AWS
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. WAF 185
EBS EBS CloudFormation CloudTrail Config
S3 S3
Operational Excellence
Example
RDGW
NAT
ISD/WAF
Reserved Reserved
Replication
group group
Internet
Example
Services: AWS KMS
RDGW
NAT

IAM AWS WAF AWS
Availability zone B Shield
Services: Services:
Services: EC2 EC2
ELB ECS/EKS ECS/EKS
Shield Advanced Lambda Lambda AWS Amazon AWS AWS AWS
CodeStar CloudWatch CloudFormation CloudTrail Config
S3 S3
CloudFormation template Availability zone A
Example
RDGW
NAT
ISD/WAF
Reserved Reserved
Replication
group group
Internet
Example
Services: AWS KMS
RDGW
NAT

IAM AWS WAF AWS
CloudFormation template Shield
Availability zone B
Services: Services:
Services: EC2 EC2
ELB ECS/EKS ECS/EKS
Shield Advanced Lambda Lambda AWS Amazon AWS AWS AWS
CodeStar CloudWatch CloudFormation CloudTrail Config
S3 S3
Final Considerations…
Takeaways
So, time to review…
Manage scope
• Identify applications that are good candidates for migration.

• Focus the conversation on specific requirements and goals.
• Understand the speeds and feeds.
• Understand the business and operational contexts.
• Design a solution that addresses both sets of requirements.
• Define measurable, time-bound success criteria.
• Deliver, measure and validate.
• Repeat!
Solutions architect is key
• Dive deep
• Learn and use the Well-Architected Framework
• Earn trust
• Educate
• Iterate – invent and simplify – innovate
Guiding principles for AWS SAs
• Migrating to the cloud is a complex process.

• Customers need your expertise and help.
• Know your customer.
• Know the AWS products and services.
• Act in your customer’s long-term, best interest.
Long-term, professional services revenue = Success.

We play the long game.
Module 5
Resources to Help You

Builders welcome
• AWS Free Tier

https://aws.amazon.com/free/
• Check out your SDK of choice
https://aws.amazon.com/tools/
• Go build something!
Next step: Advance your technical skills
YOU
ARE
HERE
https://aws.amazon.com/partners/training/path-tech-pro/
Partner training
Free AWS digital learning platform
For APN Partners
Workshops and bootcamps https://www.aws.training/ Videos, labs, and classes
Specialty courses for APN Partners with business and technical tracks
Accreditations Business track Technical track

• AWS Business Professional • AWS Technical Professional
• AWS Cloud Economics • AWS Cloud Economics
• AWS Foundations Business • AWS Foundations Technical
• Big Data and Analytics on AWS • Well-Architected Framework
• Microsoft Windows on AWS • Windows on AWS
• Migration to AWS • Migration to AWS
• SAP on AWS • SAP on AWS
• Amazon Connect • Amazon Connect
• Machine Learning on AWS • Professional Services Bootcamp
https://partnercentral.awspartner.com • Introduction to Cloud Adoption • Machine Learning on AWS
Framework • Containers on AWS
• VMware Cloud on AWS • VMware Cloud on AWS
197
LATAM Partner Training Landing Page
Useful Well-Architected links
• General information
https://aws.amazon.com/well-architected
• Well-Architected whitepaper
http://d0.awsstatic.com/whitepapers/architecture/AWS_Well-
Architected_Framework.pdf
• Digital, Well-Architected course

https://www.aws.training/learningobject/curriculum?id=12049
That’s a must do!
Available security training
Security Fundamentals on AWS

(Free online course)
That’s a must do!
Security Operations on AWS
(3-day class)
Details at aws.amazon.com/training
Free webinar series exclusively for APN Partners to stay up to date
§ Interactive sessions with AWS Subject
Matter Experts
§ 30-60 minutes
§ New AWS offerings and best practices
§ Topics for business and technical roles
§ Available globally with desktop and mobile
access
20 Explore the global schedule: https://aws.amazon.com/partners/training/partnercast/

0
AWS Certification
https://youtu.be/WqUQNp1hAH8
AWS announcements and updates
• AWS: What’s New? http://aws.amazon.com/new

• AWS blog – https://aws.amazon.com/blogs/aws
• AWS podcast – https://aws.amazon.com/podcasts/aws-podcast
• APN blog – https://aws.amazon.com/blogs/apn
• This is MY Architecture YouTube channel –
https://aws.amazon.com/this-is-my-architecture
• AWS loft schedule – https://aws.amazon.com/start-ups/loft
• @awscloud twitter – https://twitter.com/awscloud
Suggested reading
• AWS Certified Solutions

Architect Official Study
Guide: Associate Exam
• Ahead in the Cloud: Best

Practices for Navigating the
Future of Enterprise IT
Thank You!
© 2020 Amazon Web Services, Inc. or its affiliates. All rights reserved. This work may not be reproduced or redistributed, in whole or in part, without prior written permission
from Amazon Web Services, Inc. Commercial copying, lending, or selling is prohibited. Corrections or feedback on the course, please email us at: aws-course-
feedback@amazon.com. For all other questions, contact us at: https://aws.amazon.com/contact-us/aws-training/. All trademarks are the property of their owners.
205

STP Technical Foundations ILT For Students

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

STP Technical Foundations ILT For Students

Uploaded by

Copyright:

Available Formats

AWS Partners: Technical

• Início as 09:05hs, término as 17:00hs. Intervalos

• Material Será enviado por e-mail ao Final do Curso

• Sessão Interativa, faça perguntas

• Procure um local tranquilo, foco é importante!

• Presença – Necessário +60% para receber certificado

• LABORATÓRIOS – criar conta no https://aws.qwiklabs.com/

Welcome and Introductions

Course Agenda Module 1 – Foundations

Module 4 – AWS Well-Architected Framework

Why are your customers

Service breadth and Global footprint Security Hybrid cloud

AWS Marketplace is an online

01 Over 1,500 participating ISVs

02 260,000+ active customers

03 7,000+ software listings

04 Over 850M hours of software per month

• Customer’s trusted advisor and partner in digital transformation

TECHNICAL AND BUSINESS SUPPORT

Interactive SQL Integrated identity Application

Streaming data Conversational Integrated resource and

INFRASTRUCTURE CORE SERVICES SECURITY AND COMPLIANCE MANAGEMENT TOOLS

DB Server DB Server Backups to

Virtual machine instance running on an AWS hypervisor

Block storage volumes for use with Amazon EC2 instances

Isolated virtual subnets in the AWS Cloud

Networking Networking – Virtual Private

Monitoring Amazon AWS

Load Elastic Load

External services and third-party tools are native and integrated.

Region Interconnected using

Independent failure zone

Corporate data center AWS Cloud AWS Cloud

Database DB on instance RDS instance

Corporate data AWS data AWS data

Compute Storage Database Networking

Datacenters HVAC Operation

Compute Storage Database Networking

Regions Availability zones Edge locations

Compute Storage Database Networking

Regions Availability zones Edge locations

AWS environments are continuously Certificates, reports, and other

• 203 security certifications and accreditations

Central resource for compliance-related

• Access to all auditor-issued AWS reports, certs,

• Review, accept, and manage your agreements

AWS Management Console

Command Line Interface (AWS CLI)

Software Development Kits (SDKs)

Amazon Amazon Amazon Amazon Amazon AWS AWS AWS AWS

Linux | Windows | ARM and x86 architectures

General purpose and workload optimized

Bare metal, disk, networking capabilities

Packaged | Custom | Community AMIs

Complete control of your host OS as root and administrator

Responsible for all installed applications

General purpose: A1 T3 T3a T2 M6g M5 M5a M5n M4

Customers can change instance types seamlessly.

m5.8xlarge 2 – m5.4xlarge 4 – m5.2xlarge 8 – m5.xlarge

6 Added Amazon EBS block storage

• Scale Amazon EC2 instances seamlessly and automatically

Manual Scheduled Dynamic Predictive

Elastic Load Balancing