Professional Documents
Culture Documents
Agility Elasticity
Cost Global
Reduction Reach
Breadth of
Services
What sets AWS apart
Experience and Largest partner
enterprise ecosystem
leadership Amazon culture Thousands of partners,
Building and managing Pace of innovation 75 proactive price and 4,200+ Marketplace
the cloud since 2006 1,957 features in 2018 reductions products
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 10
Why AWS?
• Amazon S3 holds trillions of objects and regularly peaks at millions of
requests per second.
• In a single region, S3 processes peaks of over 60 tbps of traffic in a day.
[November 28, 2018]
• More than 130,000 databases have been migrated using AWS Database Migration
Service. [April 19, 2019]
• By the end of 2018, Amazon’s Consumer business will have 88% of their Oracle
DBs (and 97% of critical system DBs) moved to Aurora and DynamoDB
• More than 10,000 customers are using Amazon SageMaker. [As of November 28,
2018]
• More than 10,000 customers use Amazon Redshift. [November 28, 2018]
• At just 3 years after general availability, AWS Lambda already processes trillions of
executions every month. [November 26, 2018]
Gartner Magic Quadrant
AWS is positioned as a leader
in the Gartner Magic Quadrant
for cloud infrastructure as a
service, worldwide.*
*Gartner, Magic Quadrant for Cloud Infrastructure as a Service, Worldwide, Smith, Dennis, Leong, Lydia, Bala, Raj, July 2019
G00336148
This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the
entire document. The Gartner document is available upon request from AWS: http://www.gartner.com/doc/reprints?id=1-
2G2O5FC&ct=150519&st=sb
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users
to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of
Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or
implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 32
Who is using AWS?
Module 2 - AWS Solution
Architecture
What services does AWS offer?
Amazon
CloudFrontAmazon
Amazon
S3 Glacier
Connected
Event Handler Legacy Apps Engagement platforms
devices Response Handler
AWS Lambda Amazon RDS
AWS Lambda
Event Capture
Amazon Kinesis
Amazon Kinesis
Speed (Real-time)
Amazon
AWS IAM AWS KMS AWS Cloud Trail CloudWatch
The Keys to AWS Success
You
Customer Success
Customer Obsession is key!
• Customer Obsession • Earn Trust • Invent and Simplify • Bias For Action
• Learn and Be Curious • Dive Deep • Think Big • Deliver Results
Networking
SAN Storage
VMs
Some AWS Services Are Very Familiar
AWS Lambda
• A stateless compute service
• Runs code in response to an event
• Triggers in milliseconds
• Low-cost. Billed in 100ms increments.
• Focus on the application. Not the infrastructure.
Some are Very Different
Amazon
DNS Route 53
Region
Interconnected using
high-speed private
AWS Availability Zone links
AZ
AZ
Independent failure
zone
© 2019 Amazon Web Services, Inc. or its Affiliates. All rights reserved. https://infrastructure.aws/ 28
Where are AWS points of presence?
What is an AWS Region?
Regions are located in separate geographic areas
1 Regions are isolated from each other
Two redundant Transit Centers Regions have multiple Availability Zones
Highly peered and connected facilities Data are never moved from one region to another by AWS
16 (stay tuned)
AZs are isolated locations (power, network, flood zone, etc.) within regions
AZs have one or more data centres (some have even 8 data centers)
Each data center building has between
AZs are designed to offer high availability of services to customers 50,000 and 80,000 physical servers.
AZs in one region have sub-millisecond latency between them
What Do You Want To Manage?
Database DB on EC2
instance RDS
the Cloud
Availability Zones
AWS Global
Edge Locations
Infrastructure Regions
AWS as Code
AWS Compute AWS Storage AWS Networking AWS Database AWS Security AWS Management
https://aws.amazon.com/ec2/
EC2 Instances: Families and Generations
https://aws.amazon.com/ec2/instance-types/
EC2 Purchasing Options
On-Demand Reserved Spot
Pay for compute capacity by the Make a 1 or 3 Year commitment Spare EC2 capacity at savings
second with no long-term and receive a significant of up to 90% off On-Demand
commitments discount off On-Demand prices prices
Spiky workloads, to define needs Committed, steady-state usage Fault-tolerant, dev/test, time-
flexible, stateless workloads
https://aws.amazon.com/ec2/pricing/
Amazon Elastic Compute Cloud (EC2)
https://aws.amazon.com/ec2/autoscaling/
Amazon Container Services (ECS/EKS)
https://aws.amazon.com/ecs/
AWS Fargate
https://aws.amazon.com/fargate/
AWS Lambda
AWS Compute AWS Storage AWS Networking AWS Database AWS Security AWS Management
https://aws.amazon.com/ebs/
Amazon Simple Storage Service (Amazon
S3)
• Highly scalable, reliable, fast, durable object storage
• Store and retrieve any amount of data from anywhere on the web
using HTTP or HTTPS.
• A workhorse service that serves many purposes
• Use cases:
• Application file hosting
• Backup for disaster recovery
• Static web hosting
• Streaming data
• Data lakes
https://aws.amazon.com/s3/
Choice of storage classes on Amazon S3
Use it for:
• Mobile or Enterprise backup data
• Off-site compliance data
• Disaster recovery data
• Derived analysis data
Data Lakes
Catalog & Search Access & User Interface
Access & Search Metadata Give your users easy & secure access
Kinesis
Firehose Direct Connect Snowball DMS Athena Quicksight EMR Redshift
S3
https://aws.amazon.com/glacier/
AWS Foundational Services
AWS Compute AWS Storage AWS Networking AWS Database AWS Security AWS Management
https://aws.amazon.com/vpc/
What is Amazon VPC?
• Your own logically isolated section of the Amazon Web
Services (AWS) cloud
E
ER
• You have complete control over your virtual networking
H
ES
environment
GO
• Proven and well-understood networking concepts:
RK
O
W
• User defined IP address range
ET
N
• Subnets
R
U
YO
• Route tables
• Access control lists
• Network gateways
Test VPC
us-east-1b
• Each environment should be in its own
NAT
Amazon VPC
• At a minimum, consider production
and development VPC environments
Bastion
https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/endpoint-service.html
Amazon Virtual Private Cloud
Corporate Datacenter Connectivity
Amazon Elastic Load Balancing (ELB)
https://aws.amazon.com/elasticloadbalancing/
Network Load Balancer (NLB)
https://aws.amazon.com/elasticloadbalancing/details/#compar
e
Amazon CloudFront
https://aws.amazon.com/cloudfront/
Amazon Route 53
https://aws.amazon.com/route53/
AWS Foundational Services
AWS Compute AWS Storage AWS Networking AWS Database AWS Security AWS Management
https://aws.amazon.com/rds/
Amazon Aurora
https://aws.amazon.com/rds/aurora/
Amazon DynamoDB
https://aws.amazon.com/dynamodb/
Amazon ElastiCache
https://aws.amazon.com/elasticache/
AWS Foundational Services
AWS Compute AWS Storage AWS Networking AWS Database AWS Security AWS Management
https://aws.amazon.com/iam/
AWS Principals
https://aws.amazon.com/kms/
AWS Shield (Standard or Advanced)
AWS Compute AWS Storage AWS Networking AWS Database AWS Security AWS Management
https://aws.amazon.com/cloudwatch/
AWS CloudTrail
• Managed service that records all AWS API calls for your account
• Records information about API calls to AWS service
• Delivers results in log files for automatic response
• Use cases:
• Security, alerting
• Compliance
• Troubleshooting
• Remediation
https://aws.amazon.com/cloudtrail/
AWS CloudFormation
https://aws.amazon.com/cloudformation/
AWS Config
Managed service for tracking AWS inventory and configuration, and configuration
change notification.
AWS Config
Amazon Amazon
EC2 EBS
Amazon AWS
VPC CloudTrail
Operating
Security Storage Networking Database Media DevOps BI
Systems
Pop Quiz
How Secure is my
AWS Workload?
• Composed of:
• Pillars
• Design principles
• Questions
Pillars of AWS Well-Architected
• Prepare
• Operate
• Evolve
Question: Operational Excellence
Pillar Area
Question Text
Question Context
Best Practices
Security
• The ability to protect information, systems, and assets while delivering business
value through risk assessments and mitigation strategies.
Question Context
Best Practices
Reliability
• Foundations
• Change management
• Failure management
Question: Reliability
Pillar Area
Question Text
Question Context
Best Practices
Performance Efficiency (PE)
• Selection
• Review
• Monitoring
• Tradeoffs
Question: Performance Efficiency
Pillar Area
Question Text
Question Context
Best Practices
Cost Optimization (CO)
• Cost-effective resources
• Matched supply and demand
• Expenditure awareness
• Optimizing over time
Question: Cost Optimization
Pillar Area
Question Text
Question Context
Best Practices
Available Resources
• Well-Architected Whitepaper:
http://d0.awsstatic.com/whitepapers/architecture/AWS_Well-
Architected_Framework.pdf
Intermediate
Architecting on AWS
Instructor-led | Live or Virtual Class | 3 Days
Learn cloud best practices, architecture patterns, case studies, and other practical ways of
thinking about how to architect infrastructure on AWS.
https://www.aws.training/training/schedule?courseId=10002
Advanced
Advanced Architecting on AWS
Instructor-led | Live or Virtual Class | 3 Days
Learn how to build complex AWS solutions incorporating data services, governance, and security.
Gain best practices for building scalable, elastic, secure, and highly available applications.
https://www.aws.training/training/schedule?courseId=10000
https://aws.amazon.com/training/course-descriptions/architect/
AWS Certification
https://youtu.be/WqUQNp1hAH8
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 140
AWS Well-Architected
• https://aws.amazon.com/well-architected
Available Security Trainings
Details at aws.amazon.com/training
AWS Security Center
Security Whitepapers
• Overview of Security Process
• AWS Risk and Compliance
• AWS Security Best Practices
Security Bulletin
Security Resources
Vulnerability Reporting
Penetration Testing
Requests
Report Suspicious Emails
http://aws.amazon.com/security
Keeping Up
AWS Announcements and Updates
• AWS: What’s New? http://aws.amazon.com/new/
• AWS blog - https://aws.amazon.com/blogs/aws/
• AWS podcast - https://aws.amazon.com/podcasts/aws-podcast/
• APN blog - https://aws.amazon.com/blogs/apn/
• This is MY Architecture YouTube channel - https://aws.amazon.com/this-is-
my-architecture/
• AWS loft schedule - https://aws.amazon.com/start-ups/loft/
• @awscloud twitter - https://twitter.com/awscloud
Suggested Reading
© 2018 Amazon Web Services, Inc. or its affiliates. All rights reserved. This work may not be reproduced or redistributed, in whole or
in part, without prior written permission from Amazon Web Services, Inc. Commercial copying, lending, or selling is prohibited.
Corrections or feedback on the course, please email us at: aws-course-feedback@amazon.com. For all other questions, contact us at:
https://aws.amazon.com/contact-us/aws-training/. All trademarks are the property of their owners.