Professional Documents
Culture Documents
Foundations
Logística do dia
• Se a conexão cair...Aguarde
Compute
Storage
Networking
Databases
Security
Management
4
AWS Technical Learning Path
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. Ramp-up Guide for AWS Architect
Module 1 – Foundations
6
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Course content
• What is AWS?
• What is an AWS solutions architect?
• You know more than you realize.
• What do customers want to know about AWS?
• Principles of AWS solution design: The Well-Architected Framework
• Designing a solution: A customer case study
• Common solution patterns
• Takeaways and next steps
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 8
Here is the question you need to answer:
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 10
Five core benefits of cloud computing
Agility Elasticity
Cost Global
reduction reach
Breadth
of services
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 11
What sets AWS apart
Experience and Largest partner
enterprise ecosystem
leadership Amazon culture Thousands of partners,
Building and managing Pace of innovation 80 proactive price and 7,000+ Marketplace
the cloud since 2006 1,957 features in 2018 reductions products
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 12
Why AWS?
• Amazon Simple Storage Service (Amazon S3) holds trillions of objects and
regularly peaks at millions of requests per second.
• In a single Region, S3 processes peak at over 60 TBps of traffic in a day.
• More than 200,000 databases have been migrated using AWS Database Migration
Service (AWS DMS).
• On September 30, 2019, Amazon's Consumer business turned off its final Oracle
database after migrating nearly 7,500 databases and 75 petabytes of data across
hundred of items to AWS database services.
• More than 10,000 customers use Amazon SageMaker.
• More than 10,000 customers use Amazon Redshift.
• At just 3 years after general availability, AWS Lambda already processes trillions of
executions every month.
*As of December 2019
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 13
AWS recognized as
a cloud leader for the
10th consecutive year
Gartner, Magic Quadrant for Cloud Infrastructure as a Service, Worldwide, Raj Bala, Bob
Gill, Dennis Smith, David Wright, August 2020. ID G00365830. Gartner does not
endorse any vendor, product or service depicted in its research publications, and does not
advise technology users to select only those vendors with the highest ratings. Gartner
research publications consist of the opinions of Gartner's research organization and
should not be construed as statements of fact. Gartner disclaims all warranties,
expressed or implied, with respect to this research, including any warranties of
merchantability or fitness for a particular purpose. The Gartner logo is a trademark and
service mark of Gartner, Inc., and/or its affiliates, and is used herein with permission. All
rights reserved.
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
14
Who uses AWS?
Enterprises
Public Sector
Startups
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
https://aws.amazon.com/containers/customers/ 15 15
AWS Marketplace Overview
16
Module 2 – AWS Solution
Architecture
What is an AWS solutions architect?
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 18
Breadth and depth of services
More services and more functionality in those services
Professional Optimization APN Partner Training and Account Security and billing Personalized
Support ecosystem certification Solutions management management
services guidance reports dashboard
AWS MARKETPLACE
Business
Business applications DevOps tools Security Networking Databases Storage
intelligence
ANALYTICS DEVOPS MOBILE SERVICES IOT AI/ML ENTERPRISE APPLICATIONS HYBRID ARCHITECTURE MIGRATION
Amazon One-click application Amazon API Schema
Data warehousing Elasticsearch Rules engine Machine learning Virtual desktops Data integration
deployment Gateway conversion
Service
Single integrated Sharing and Integrated Exabyte-scale
Business intelligence Data pipelines Resource templates Device shadows Image recognition
console collaboration networking data migration
APPLICATION SERVICES Triggers Mobile app testing Local compute Custom model
training and hosting
Queuing and Email Targeted push
notifications Containers
notifications
Workflow Transcoding
Analyze and debug
Search
© 2019 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
https://aws.amazon.com/products/
Mapping on-premises services to AWS
Data center to AWS cloud
Elastic
SoftwareLoad Balancing
load balancer
Active AWS
Directory Web server
Web server Web
Web server
server
Directory
server
Service
Elastic Load
Software Balancing
load balancer
SAN
Application
Application Application
Application Application
Application
Amazon Elastic server
server server
server server
server
Storage
Block Store
Security
Security groups
Firewalls ACLs Administrators Network ACLs IAM
Networking
Router Network pipeline Switch Elastic Load Balancing Amazon VPC
On-premises Compute
servers Amazon EC2
AMI
instances
Storage and
DAS SAN NAS RDBMS
database Amazon Amazon Amazon Amazon
EBS EFS S3 RDS
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 27
The sum is greater than its parts
External services
Amazon
Content CloudFront
delivery
network
Amazon
DNS Route 53
Third-party tools
A AZ
AZ
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 29
What is an AWS Region?
- Regions are located in separate geographic areas.
1 - Regions are isolated from each other.
- Two redundant Transit Centers
- Regions have multiple Availability Zones.
- Highly peered and connected facilities
16 (stay tuned) - Data is never moved from one Region to another by AWS.
- AZs are isolated locations (power, network, flood zone, and so forth) in Regions.
- AZs have one or more data centres (some have 8 data centers).
Each data center building has between
- AZs are designed to offer high availability of services to customers. 50,000 and 80,000 physical servers.
- AZs in one Region have submillisecond latency between them.
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 30
Selecting a Region
Data governance,
legal requirements
Proximity to customers
(latency)
Determine the right Region for
your services, applications, and
Services available
data based on these factors within the Region
https://aws.amazon.com/about-aws/global-
infrastructure/regional-product-services/ Costs (vary by Region)
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 31
What do you want to manage?
Self-managed
Amazon EC2 Fully managed
service service
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 32
Traditional on-premises security model
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 33
Shared security model
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 34
Shared security model for managed
Services
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 35
Compliance on AWS
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 36
Compliance on AWS
https://aws.amazon.com/compliance/programs/
37
AWS Artifact
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 38
Module 3 – Building Blocks
43
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Three ways to interact with AWS
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 44
AWS foundational services
AWS Compute AWS Storage AWS Networking AWS Database AWS Security AWS Management
Amazon Amazon Amazon Amazon Amazon Amazon Amazon Amazon AWS AWS AWS AWS
EC2 Elastic S3 EBS ELB Route 53 RDS Aurora IAM WAF CloudWatch CloudTrail
Container Glacier
Service
AWS
AWS Amazon
Elastic
Direct VPN
Beanstalk
Connect
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 45
Amazon Elastic Compute Cloud
Amazon EC2
Multiple purchase options: On-demand, RI, Spot
https://aws.amazon.com/ec2/
EC2 instances: Families and generations
https://aws.amazon.com/ec2/instance-types/
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 47
EC2 instances: Types and sizes
M5n.16xlarge
Instance family Instance generation Instance size
Instance Family defines the type of recommended workload 64 virtual CPUs
Ex – M5 for applications that requires balance of compute, memory, and 256 GB memory
networking resources for a broad set of workloads 75 GBps network bandwidth
13,600 Mbps EBS bandwidth
https://aws.amazon.com/ec2/instance-types/
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 48
Instance sizing
≈ ≈ ≈
Amazon VPC
3 Family/type/CPU/memory
Security group(s)
4 Domain membership, tenancy
1
5 User data
© 2019 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 50
EC2 purchasing options
On-Demand Reserved Spot Savings Plan
Pay for compute capacity Make a 1- or 3-year Spare EC2 capacity at Savings Plan offers up to
by the second with no commitment and receive savings of up to 90% off 72% savings in exchange
long-term commitments a significant discount off On-Demand prices for a commitment to
On-Demand prices consistent amount of
Spiky workloads, to define Fault-tolerant, dev/test, usage for a 1- or 3-year
needs Committed, steady-state time-flexible, stateless term
use workloads
https://aws.amazon.com/ec2/pricing/
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 52
Amazon EC2 Auto Scaling
https://aws.amazon.com/ec2/autoscaling/
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
53
Scaling options
Max
Desired
100% 30
80% 25
Elastic Load
Instances
60% 20
Balancing
CPU
40% 15
20% 10
Traffic 0% 5
Traffic
Ti…
• Benefits
• Repeatable. Your application
• Self-contained execution environments.
• Software runs the same in different Dependencies
environments.
• Developer's laptop, test, production.
• Faster to launch and stop or terminate Configurations
than virtual machines
Hooks into OS
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 59
Containers versus virtual machines
Three virtual machines on three EC2 instances
Example
VM 1 VM 2 VM 3
Three containers on one EC2 instance Container
App 1 App 2 App 3
Container Container Container
instance 1 Bins/Libs Bins/Libs Bins/Libs
instance 2 instance 3
Hypervisor
Part of
AWS Global
Host operating system Infrastructure
Physical server
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 60
What is Docker?
© 2019 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 61
Amazon ECS and Amazon EKS
AWS HTTP
services endpoints
Your code Pay only for the
Mobile apps
runs only when it is compute time that
Run your code on a schedule
triggered you use (Billed in 100ms
or in response to events
increments)
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. https://aws.amazon.com/lambda/ 64
AWS Elastic Beanstalk
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 65
AWS foundational services
AWS Compute AWS Storage AWS Networking AWS Database AWS Security AWS Management
Amazon Amazon Amazon Amazon Amazon Amazon Amazon Amazon AWS AWS AWS AWS
EC2 Elastic S3 EBS ELB Route 53 RDS Aurora IAM WAF CloudWatch CloudTrail
Container Glacier
Service
AWS
AWS Amazon
Elastic
Direct VPN
Beanstalk
Connect
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 66
Block storage versus Object storage
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 67
Amazon Elastic Block Storage
https://aws.amazon.com/ebs/
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 68
Amazon EBS volume types
SSD HDD
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 69
Amazon EBS Use Cases
Solid-state drives (SSD) Hard disk drives (HDD)
Throughput Optimized HDD
Volume type General Purpose SSD (gp2) Provisioned IOPS SSD (io1) Cold HDD (sc1)
(st1)
General purpose SSD volume Highest-performance SSD Low-cost HDD volume
Lowest cost HDD volume
that balances price and volume for mission-critical low- designed for frequently
Description designed for less frequently
performance for a wide latency or high-throughput accessed, throughput-
accessed workloads
variety of workloads workloads intensive workloads
Critical business applications
that require sustained IOPS Streaming workloads Throughput-oriented storage
Recommended for most
performance, or more than requiring consistent, fast for large volumes of data that
workloads
16,000 IOPS or 250 MiB/s of throughput at a low price is infrequently accessed
throughput per volume
Use cases Large database workloads, Scenarios where the lowest
System boot volumes Big data
such as: storage cost is important
Virtual desktops, Low-latency
MongoDB, Cassandra, Data warehouses, Log
interactive apps,
Microsoft SQL Server, MySQL, processing. Cannot be a boot Cannot be a boot volume
Development and test
PostgreSQL and Oracle volume
environments
Volume size 1 GiB - 16 TiB 4 GiB - 16 TiB 500 GiB - 16 TiB 500 GiB - 16 TiB
Max IOPS per volume 16,000 (16 KiB I/O) * 64,000 (16 KiB I/O) † 500 (1 MiB I/O) 250 (1 MiB I/O)
Max throughput per volume 250 MiB/s * 1,000 MiB/s † 500 MiB/s 250 MiB/s
Max throughput per instance
2,375 MB/s 2,375 MB/s 2,375 MB/s 2,375 MB/s
††
Dominant performance
IOPS IOPS MiB/s MiB/s 71
attribute
AWS EBS Features
Durable Secure Scalable
Designed for 99.999 Identity and Capacity when
reliability Access Policies you need it
Redundant storage Encryption Easily scale up
across multiple devices and down
within an AZ
Performance Backup
Low-latency SSD Point-in-time Snapshots
Consistent I/O Performance Copy snapshots across AZ
Stripe multiple volumes for and Regions
higher I/O performance
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 72
EBS Snapshot
• Stored in Amazon S3
• Subsequent snapshots are incremental
• Deleting snapshot will only remove data exclusive to
that snapshot
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 73
Amazon Simple Storage Service
(Amazon S3)
• Highly scalable, reliable, fast, durable object storage
• Store and retrieve any amount of data from anywhere on the web
using HTTP or HTTPS
• Workhorse service that serves many purposes
• Use cases:
• Application file hosting
• Backup for disaster recovery
• Static web hosting
• Streaming data
• Data lakes
https://aws.amazon.com/s3/
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 74
Data redundant across AZs
media/welcome.mp4
Facility 1 Facility 2 Facility 3
my-bucket-name
Region
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 75
Amazon S3 bucket URLs (two styles)
Amazon S3
To upload your data:
Create a bucket in an AWS Region (name MUST be Unique at AWS).
Upload almost any number of objects to the bucket.
Amazon S3 Intelligent-Tiering
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 77
S3 Lifecycle policies
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 78
S3 Storage Classes
“Hot” Data $0.023/GB per month > 0K ≥ 0 Days Durable
Active and/or 99.999999999%
Temporary Data
S3-Std
Available
S3: 99.99%
“Warm” Data $0.0125/GB per month ≥ 128K ≥ 30 Days S3-IA: 99.9%
Infrequently S3-IA-1Z: 99.5%
Accessed Data $0.01/GB retrieval
S3-IA
Performant
Low Latency
$0.0100/GB per month ≥ 128K ≥ 30 Days High Throughput
“Warm” Data
Infr. Accessed Data
Non-critical Data $0.01/GB retrieval
S3-IA-1Zone Scalable
Elastic capacity
No preset limits
“Cold” Data $0.004/GB per month > 0K ≥ 90 Days
Archive and
Compliance Data 1~5min $0.03/GB - 3~5hs $0.01/GB - 5~12hs $0.0025/GB
Glacier
“Cold” Data $0.00099/GB per month > 0K ≥ 180 Days
Archive and
Compliance Data 3 – 12 Hrs - $0.02/GB - $0.025/GB
Glacier Deep Archive
* Prices for North Virginia Region on Aug/2020
Amazon S3 Glacier / Deep Archive
• Long term storage solution
• Long term archiving, backup.
• Low cost.
ü Object ID 001
ü Object ID 025 ID 001 ID 025 ID 150
ü Object ID 150
ü Object ID 400 Archive retrieval job
….
q Expedited: 1~5min
ID 400
q Standard: 3~5hs
q Bulk: 5~12hs
VPC
Volume Gateway
Tape Gateway
• Cached and Stored modes.
• Integrates using iSCSI.
• EBS snapshots of your data.
• Low-effort migration to cloud backup.
• Reduce datacenter infrastructure.
Amazon Kinesis AWS AWS AWS Database Amazon Amazon Amazon Amazon
Data Firehose Direct Connect Snowball Migration Service Amazon AWS Lake Athena QuickSight EMR Redshift
S3 Formation
AWS Compute AWS Storage AWS Networking AWS Database AWS Security AWS Management
Amazon Amazon Amazon Amazon Amazon Amazon Amazon Amazon AWS AWS AWS AWS
EC2 Elastic S3 EBS ELB Route 53 RDS Aurora IAM WAF CloudWatch CloudTrail
Container Glacier
Service
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 84
Amazon Virtual Private Cloud
(Amazon VPC)
• Provision virtual networks hosted on
Key configurable
AWS and dedicated to your AWS
features of Amazon
account
VPC:
• Logically isolate networks from other
• IP ranges
virtual networks
• Subnets
• Launch multiple AWS resources, such
• Routing as Amazon EC2 instances, into VPCs
• Network gateways • Use multiple connectivity options
with tools to manage and restrict
access
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 85
VPC setup
Region
Region
VPC 10.0.0.0/16 Availability Zone
VPC
Availability Zones
Subnets
Security groups
Connectivity
Elastic IP
Load balancers
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 86
Multi-AZ patterns increase reliability
Region
Region
VPC 10.0.0.0/16 Availability Zone 1
VPC Public subnet Private subnet
Availability Zones
Subnets
Security groups
Connectivity
Availability Zone 2
Elastic IP
Public subnet Private subnet
Load balancers
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 87
Create subnets
Region
Region
VPC 10.0.0.0/16 Availability Zone 1
VPC Public subnet 1 Private subnet 1
10.0.1.0/24 10.0.2.0/24
Availability Zones
Subnets
Security groups
Connectivity
Availability Zone 2
Elastic IP
Public subnet 2 Private subnet 2
10.0.3.0/24 10.0.4.0/24
Load balancers
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 88
Network access control lists
VPC
• Stateless virtual firewalls for subnets
Private subnet Public subnet
• Numbered list of rules evaluated in
order
Network ACL Network ACL
• Separate inbound and outbound rules
Security group
• Supports allow and deny rules Security group
Security
• Default, modifiable network ACL group
allows all traffic
• Each subnet must be associated with
a network ACL
• Managed through Amazon VPC APIs
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 89
Security groups and instance-based
firewalls
• Virtual firewalls
VPC
• Stateful: respond to allowed traffic Public/private subnet
• Default for VPC
• Restricted by IP protocol, service port, Security group https
source or destination IP
• Changes automatically applied
• Cannot be controlled through guest Instance
firewall
OS
• Guest OS-level protection is Security group db
encouraged
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 90
Security groups example
Region
Region
VPC 10.0.0.0/16 Availability Zone 1
VPC Public subnet 1 Private subnet 1
10.0.1.0/24 10.0.2.0/24
Availability Zones
Subnets
Web server Database server
Security groups
Connectivity
Availability Zone 2
Elastic IP Web Security Group inbound rules Database Security Group inbound rules
Public subnet 2 Private subnet 2
Protocol Port Range Source
10.0.3.0/24 Protocol
10.0.4.0/24 Port Range Source
Load balancers
TCP 80 0.0.0.0/0 TCP 443 Web Security Group
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 91
Connectivity
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 92
Internet gateways and route tables
Region
Region Route table
VPC 10.0.0.0/16 Availability Zone 1
VPC Destination Target
Public subnet 1 Private subnet 1
10.0.1.0/24 10.0.0.0/16
10.0.2.0/24 Local
Availability Zones
0.0.0.0/0 Internet gateway
Subnets
Web server Database server
Security groups
Connectivity
Internet gateway Availability Zone 2
Elastic IP
Public subnet 2 Private subnet 2
10.0.3.0/24 10.0.4.0/24
Load balancers
Route table
88 Destination Target
Web server
Local
Database server
10.0.0.0/16
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 93
Network Address Translation gateway
Region
Region
VPC 10.0.0.0/16 Availability Zone 1
VPC Public subnet 1 Private subnet 1
10.0.1.0/24 10.0.2.0/24
Availability Zones
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 94
Elastic IP address
Region
Region
VPC 10.0.0.0/16 Availability Zone 1
VPC Public subnet 1 Private subnet 1
10.0.1.0/24 10.0.2.0/24
Availability Zones
Subnets
NAT
Web server Database server
Security groups gateway
Connectivity
Internet gateway Availability Zone 2
Elastic IP
Public subnet 2 Private subnet 2
10.0.3.0/24 10.0.4.0/24
Load balancers
Elastic IP
address Web server Database server
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 95
Load balancers
Region
Region
VPC 10.0.0.0/16 Availability Zone 1
VPC Public subnet 1 Private subnet 1
10.0.1.0/24 10.0.2.0/24
Availability Zones
Subnets
NAT
Web server Database server
Security groups gateway
Connectivity
Internet gateway Elastic Load Availability Zone 2
Elastic IP Balancing
Public subnet 2 Private subnet 2
10.0.3.0/24 10.0.4.0/24
Load balancers
Elastic IP
address Web server Database server
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 96
https://aws.amazon.com/elasticloadbalancing/features/#compare
Load balancer security groups
Region Load Balancer Security Group inbound rules
Region Protocol Port Range Source
VPC 10.0.0.0/16 Availability Zone 1
TCP 80 0.0.0.0/0
VPC Public subnet 1 Private subnet 1
10.0.1.0/24 TCP
10.0.2.0/24 443 0.0.0.0/0
Availability Zones
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 98
Integrate AWS services privately
AWS Marketplace
curated SaaS products
https://aws.amazon.com/elasticloadbalancing/
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 105
Load balancer options
• Best suited for HTTP/HTTPS • Best suited for TCP/UDP/TLS • Provides basic load balancing
• Provides advanced request • Operates at the connection across EC2 instances
routing level (Layer 4) • Operates at both the request
• Targeted for modern • Capable of handling millions level and connection level
architectures including of requests per second • Intended for applications built
microservices and containers • Optimized for sudden and in EC2-Classic network
• Operates at the individual volatile traffic patterns
request level (Layer 7)
• Routes traffic based on the
content of the request
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 106
Amazon CloudFront
Content delivery network (CDN) with optimization
• Distribute content to end users with
low latency and high data transfer
rates
• Broad, geographic presence beyond
AWS Regions
• Accelerate data uploaded from end
users
• Use cases:
• Accelerating web application
performance
• Caching static web content and
frequent database query results https://aws.amazon.com/cloudfront/
• Offloading TLS termination
Edge Location = Point of presence where the
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. content cache is performed 107
Amazon Route 53
https://aws.amazon.com/route53/
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 108
AWS foundational services
AWS Compute AWS Storage AWS Networking AWS Database AWS Security AWS Management
Amazon Amazon Amazon Amazon Amazon Amazon Amazon Amazon AWS AWS AWS AWS
EC2 Elastic S3 EBS ELB Route 53 RDS Aurora IAM WAF CloudWatch CloudTrail
Container Glacier
Service
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 109
More than Relational Database
Referential High Store Query by key Quickly and Collect, store, Complete,
integrity, ACID throughput, low- documents and with easily create and process immutable, and
transactions, latency reads quickly access microsecond and navigate data sequenced verifiable history
schema- and writes, querying on any latency relationships by time of all changes to
on-write endless scale attribute between application data
data
Common Lift and shift, ERP, Real-time bidding, Content Leaderboards, Fraud detection, IoT applications, Systems
Use Cases CRM, finance shopping cart, management, real-time analytics, social networking, event tracking of record, supply
social, product personalization, caching recommendation chain, health care,
catalog, customer mobile engine registrations,
preferences financial
AWS
Service(s) Aurora, RDS DynamoDB DocumentDB ElastiCache Neptune Timestream QLDB
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 110
Amazon Relational Database Service (RDS)
Managed relational database service with a choice of
popular database engines
Easy to administer Performant & scalable Available & durable Secure and compliant
Easily deploy and maintain Scale compute Automatic Multi-AZ data Data encryption at rest and
hardware, OS and DB and storage with a few replication; automated in transit; industry
software; built-in monitoring clicks; minimal downtime for backup, snapshots, and compliance and assurance
your application failover programs
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
https://aws.amazon.com/rds/ 111
Amazon Aurora
MySQL and PostgreSQL compatible relational database built for the cloud
Performance and availability of commercial-grade databases at 1/10th the cost
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. https://aws.amazon.com/rds/aurora/ 112
Amazon Aurora Architecture
mydbcluster.cluster-123456789012.us-east-1.rds.amazonaws.com:3306
Host URL:port Cluster endpoint | Reader endpoint | Instance endpoint mydbcluster.cluster-ro-123456789012.us-east-1.rds.amazonaws.com:3306
Query L.B. mydbinstance.123456789012.us-east-1.rds.amazonaws.com:3306
Optional (15x)
1+ DB
instances
(SQL,Transaction,Caching)
Layer
64 TB
Transparent data layer.
DB cluster data
(Logging + Storage Layer)
virtual database storage volume
Amazon Aurora - Main Features
• Storage Auto-Repair
• Automatic failure detection & repair.
• Avoid data loss and point-in-time restores.
SSD SSD SSD SSD
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 115
Amazon ElastiCache
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. https://aws.amazon.com/elasticache/ 116
AWS foundational services
AWS Compute AWS Storage AWS Networking AWS Database AWS Security AWS Management
Amazon Amazon Amazon Amazon Amazon Amazon Amazon Amazon AWS AWS AWS AWS
EC2 Elastic S3 EBS ELB Route 53 RDS Aurora IAM WAF CloudWatch CloudTrail
Container Glacier
Service
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 117
AWS Identity and Access Management
(IAM)
• Core AWS security service
• Create and manage AWS users, roles, and groups AWS Identity and
Access Management
• Manage fine-grained access control to AWS resources, (IAM)
such as control what operations a user or service can
perform
• Integrates with Microsoft Active Directory using SAML
identity federation and AWS Directory Service (AD
Connector)
• Allows scalable, consistent security and auditability
• Multifactor authentication supported
https://aws.amazon.com/iam/
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 118
AWS principals
Account Owner ID (Root Account)
• Access to all subscribed services
• Access to billing
• Access to console and APIs
• Access to Customer Support
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 120
Authenticate as an IAM user to gain
access
• When you define an IAM user, you select what types of access the
user is permitted to use.
• Programmatic access
• Authenticate using:
• Access key ID AWS CLI AWS Tools
• Secret access key and SDKs
• Provides AWS CLI and AWS SDK access
MFA token
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 123
IAM policies
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 124
Authorization: What actions are
permitted
After the user or application is connected to the AWS account, what are they allowed to do?
EC2
Full
instances
access
Read-
only S3 bucket
IAM user,
IAM group,
or IAM role
IAM policies
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 125
IAM roles
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 126
AWS KMS (Key Management Service)
https://aws.amazon.com/kms/
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 127
AWS Shield
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. https://aws.amazon.com/shield/ 128
AWS Web Application Firewall (AWS
WAF)
• Protects web applications
• Filter traffic based on custom rules
• Easy to deploy as part of Amazon CloudFront or ELB
• Provides real-time metrics and detailed request data
• Configure manually or via an AWS API
• Integrate third-party. workload-optimized, AWS WAF configuration rules
• AWS Firewall Manager synchronizes AWF WAF rules across multiple-accounts
https://aws.amazon.com/waf/
Preventative Controls: AWS WAF
AWS Compute AWS Storage AWS Networking AWS Database AWS Security AWS Management
Amazon Amazon Amazon Amazon Amazon Amazon Amazon Amazon AWS AWS AWS AWS
EC2 Elastic S3 EBS ELB Route 53 RDS Aurora IAM WAF CloudWatch CloudTrail
Container Glacier
Service
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 131
Amazon CloudWatch
• Monitors –
• AWS resources
• Applications that run on AWS
• Collects and tracks
• Standard metrics
Amazon
• Custom metrics
CloudWatch
• Alarms
• Send notifications to an Amazon SNS topic
• Perform Amazon EC2 Auto Scaling or Amazon EC2
actions
• Events
• Define rules to match changes in AWS environment
and route these events to one or more target functions
or streams for processing
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 132
https://aws.amazon.com/cloudwatch/
Amazon CloudWatch Alarms
Amazon
CloudWatch
PageViewCount
Available
statistics
CloudWatch Metrics
Custom Auto Scaling
Application-
Specific Metrics
AWS Statistics
Management Consumer
Console
AWS CloudTrail
https://aws.amazon.com/cloudtrail/
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 134
AWS CloudFormation
https://aws.amazon.com/cloudformation/
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 135
CloudFormation: Infrastructure as Code
AWS CloudFormation allows you to launch, configure, and connect AWS resources
with JSON or YAML templates.
AWS Config
Amazon Amazon
EC2 EBS
Amazon AWS
VPC CloudTrail
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 138
Trusted Advisor: Core vs. Full
https://aws.amazon.com/marketplace
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 140
Module 4 – The AWS
Well-Architected Framework
141
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Answer some customer questions!
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 142
AWS Well-Architected Framework
https://aws.amazon.com/architecture/well-architected
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 143
Value proposition
Help customers:
• Apply consistent approach to reviewing architectures
• Understand and reduce risk in their architecture
• Learn best practices
• Influence future architectures
• Accelerate cloud migration
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 156
AWS Well-Architected Tool
AWS Well-
Architected Tool 2
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 157
Apply Well-Architected Pillars
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 180
Proposed CSI solution architecture
Cloud Migrated
AWS Cloud Availability zone A
Public Subnet Web Tier App Tier Data Tier
Private Subnet Private Subnet Private Subnet
Example
Services:
RDGW
NAT
ISD/WAF
Users
Internet
Admin
Services: Services:
Services: EC2 EC2
ELB ECS/EKS ECS/EKS
Guard Duty Fargate Fargate
Shield Advanced Lambda Lambda
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. WAF EBS EBS 181
S3 S3
Proposed CSI solution architecture
Reliability
AWS Cloud Availability zone A
Public Subnet Web Tier App Tier Data Tier
Private Subnet Private Subnet Private Subnet
Example
Services:
RDGW
NAT
ISD/WAF
Users
Replication
Internet
Public Subnet Web Tier App Tier Data Tier
Private Subnet Private Subnet Private Subnet
Example
Services:
RDGW
NAT
ISD/WAF
admin
Availability zone B
Services: Services:
Services: EC2 EC2
ELB ECS/EKS ECS/EKS
Guard Duty Fargate Fargate
Shield Advanced Lambda Lambda
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. WAF EBS EBS 182
S3 S3
Proposed CSI solution architecture
Performance Efficiency
AWS Cloud Availability zone A
Public Subnet Web Tier App Tier Data Tier
Private Subnet Private Subnet Private Subnet
Example
Services:
RDGW
NAT
ISD/WAF
Users
Replication
Auto Scaling Auto Scaling
group group
Internet
Public Subnet Web Tier App Tier Data Tier
Private Subnet Private Subnet Private Subnet
Example
Services:
RDGW
NAT
ISD/WAF
admin
Availability zone B
Services: Services:
Services: EC2 EC2
ELB ECS/EKS ECS/EKS
Guard Duty Fargate Fargate
Shield Advanced Lambda Lambda AWS
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. WAF EBS EBS 183
CloudFormation
S3 S3
Proposed CSI solution architecture
Cost Optimization
AWS Cloud Availability zone A
Public Subnet Web Tier App Tier Data Tier
Private Subnet Private Subnet Private Subnet
Example
Services:
RDGW
NAT
ISD/WAF
Reserved Reserved
Replication
Auto Scaling Auto Scaling
group group
Internet
Public Subnet Web Tier App Tier Data Tier
Private Subnet Private Subnet Private Subnet
Example
Services:
RDGW
NAT
ISD/WAF Reserved Reserved
Availability zone B
Services: Services:
Services: EC2 EC2
ELB ECS/EKS ECS/EKS
Guard Duty Fargate Fargate
Shield Advanced Lambda Lambda AWS
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. WAF EBS EBS 184
CloudFormation
S3 S3
Proposed CSI solution architecture
Security
AWS Cloud Availability zone A
Public Subnet Web Tier App Tier Data Tier
Private Subnet Private Subnet Private Subnet
Example
Services: Web Security Group App Security Group Data Security Group
RDGW
NAT
ISD/WAF
Reserved Reserved
Replication
Auto Scaling Auto Scaling
group group
Internet
Public Subnet Web Tier App Tier Data Tier
Private Subnet Private Subnet Private Subnet
Example AWS KMS
Services:
RDGW
NAT
ISD/WAF Reserved Reserved
Services: Services:
Services: EC2 EC2
ELB ECS/EKS ECS/EKS
Guard Duty Fargate Fargate
Shield Advanced AWS AWS
Lambda Lambda AWS
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. WAF 185
EBS EBS CloudFormation CloudTrail Config
S3 S3
Proposed CSI solution architecture
Operational Excellence
AWS Cloud Availability zone A
Public Subnet Web Tier App Tier Data Tier
Private Subnet Private Subnet Private Subnet
Example
Services: Web Security Group App Security Group Data Security Group
RDGW
NAT
ISD/WAF
Reserved Reserved
Replication
Auto Scaling Auto Scaling
group group
Internet
Public Subnet Web Tier App Tier Data Tier
Private Subnet Private Subnet Private Subnet
Example
Services: AWS KMS
RDGW
NAT
ISD/WAF Reserved Reserved
Services: Services:
Services: EC2 EC2
ELB ECS/EKS ECS/EKS
Guard Duty Fargate Fargate
Shield Advanced Lambda Lambda AWS Amazon AWS AWS AWS
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. WAF EBS EBS 186
CodeStar CloudWatch CloudFormation CloudTrail Config
S3 S3
Proposed CSI solution architecture
CloudFormation template Availability zone A
Public Subnet Web Tier App Tier Data Tier
Private Subnet Private Subnet Private Subnet
Example
Services: Web Security Group App Security Group Data Security Group
RDGW
NAT
ISD/WAF
Reserved Reserved
Replication
Auto Scaling Auto Scaling
group group
Internet
Public Subnet Web Tier App Tier Data Tier
Private Subnet Private Subnet Private Subnet
Example
Services: AWS KMS
RDGW
NAT
ISD/WAF Reserved Reserved
Services: Services:
Services: EC2 EC2
ELB ECS/EKS ECS/EKS
Guard Duty Fargate Fargate
Shield Advanced Lambda Lambda AWS Amazon AWS AWS AWS
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. WAF EBS EBS 187
CodeStar CloudWatch CloudFormation CloudTrail Config
S3 S3
Final Considerations…
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 188
Takeaways
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 190
Manage scope
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 191
Solutions architect is key
• Dive deep
• Learn and use the Well-Architected Framework
• Earn trust
• Educate
• Iterate – invent and simplify – innovate
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 192
Guiding principles for AWS SAs
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 195
Next step: Advance your technical skills
YOU
ARE
HERE
https://aws.amazon.com/partners/training/path-tech-pro/
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 196
Partner training
Free AWS digital learning platform
For APN Partners
Specialty courses for APN Partners with business and technical tracks
• General information
https://aws.amazon.com/well-architected
• Well-Architected whitepaper
http://d0.awsstatic.com/whitepapers/architecture/AWS_Well-
Architected_Framework.pdf
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 198
Available security training
Details at aws.amazon.com/training
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 199
Free webinar series exclusively for APN Partners to stay up to date
§ Interactive sessions with AWS Subject
Matter Experts
§ 30-60 minutes
§ New AWS offerings and best practices
§ Topics for business and technical roles
§ Available globally with desktop and mobile
access
https://youtu.be/WqUQNp1hAH8
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 201
AWS announcements and updates
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 203
Suggested reading
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 204
Thank You!
© 2020 Amazon Web Services, Inc. or its affiliates. All rights reserved. This work may not be reproduced or redistributed, in whole or in part, without prior written permission
from Amazon Web Services, Inc. Commercial copying, lending, or selling is prohibited. Corrections or feedback on the course, please email us at: aws-course-
feedback@amazon.com. For all other questions, contact us at: https://aws.amazon.com/contact-us/aws-training/. All trademarks are the property of their owners.
205