AWS Solutions Training for

Partners: Technical Foundations

Module 1 – Foundations
 Learning Objectives
After completing this course, you will be able to:
• Design a basic solution using AWS services
• Select the right AWS services for a customer’s use case
• Address customer concerns about digital transformation
• Describe the AWS Well-Architected Framework
• Apply best-practices
• Recognize architecture patterns for some typical AWS solutions
Course Content
• What is AWS?
• What is an AWS Solutions Architect?
• “You know more than you realize.”
• What do customers want to know about AWS?
• Principles of AWS solution design: The Well-Architected Framework
• Designing a solution: A customer case study
• Common solution patterns
• Takeaways and next steps
Here’s the question you need to answer:

Why are your customers

moving to AWS?
Five Core Benefits of Cloud Computing

Agility Elasticity

Cost Global
Reduction Reach

Breadth of
Services
What sets AWS apart
Experience and Largest partner
enterprise ecosystem
leadership Amazon culture Thousands of partners,
Building and managing Pace of innovation 75 proactive price and 4,200+ Marketplace
the cloud since 2006 1,957 features in 2018 reductions products

Service breadth and Global footprint Security Hybrid cloud

depth 22+ Regions, 69+ Fine-grained control Broad set of hybrid
165+ services to support Availability Zones, capabilities
any cloud workload; rapid 185+ edge locations
customer-driven releases

© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 10
 Why AWS?
• Amazon S3 holds trillions of objects and regularly peaks at millions of
requests per second.
• In a single region, S3 processes peaks of over 60 tbps of traffic in a day.
[November 28, 2018]
• More than 130,000 databases have been migrated using AWS Database Migration
Service. [April 19, 2019]
• By the end of 2018, Amazon’s Consumer business will have 88% of their Oracle
DBs (and 97% of critical system DBs) moved to Aurora and DynamoDB
• More than 10,000 customers are using Amazon SageMaker. [As of November 28,
2018]
• More than 10,000 customers use Amazon Redshift. [November 28, 2018]
• At just 3 years after general availability, AWS Lambda already processes trillions of
executions every month. [November 26, 2018]
Gartner Magic Quadrant
AWS is positioned as a leader
in the Gartner Magic Quadrant
for cloud infrastructure as a
service, worldwide.*

AWS is positioned highest in

execution and furthest in vision
in the Leaders Quadrant.

*Gartner, Magic Quadrant for Cloud Infrastructure as a Service, Worldwide, Smith, Dennis, Leong, Lydia, Bala, Raj, July 2019
G00336148
This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the
entire document. The Gartner document is available upon request from AWS: http://www.gartner.com/doc/reprints?id=1-
2G2O5FC&ct=150519&st=sb
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users
to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of
Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or
implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 32
Who is using AWS?
Module 2 - AWS Solution
Architecture
What services does AWS offer?

Amazon
CloudFrontAmazon
Amazon
S3 Glacier

AWS Direct Network Elastic Load

Connect Balancing
Storage Amazon
WorkMail

Amazon EFS AWS Snowball Business

Productivity
Amazon Amazon
AWS AWS
RouteCertificate
53 VPC
Manager AmazonCloudHSM
Polly
Amazon Amazon ES
AWS Shield Amazon Amazon
AWS Storage EMR
Amazon EBS WorkDocs Redshift
Amazon
Amazon
Amazon
AWSECS
Amazon Artificial
Security, AWS Identity,
Gateway
AWS Managed
AWS IoT
CloudTrail Amazon
Config
Services Amazon
Internet of Amazon Amazon APIApplication
EC2 Amazon
Pinpoint SES Intelligence
Compliance
Inspector
Amazon Lex Analytics
RDS
Amazon Database
Amazon DynamoDB
Amazon
Compute
MessagingManagement Things
Tools
Developer
AWS
Tools
Amazon
Gateway
Directory
RekognitionCloudSearch Services
Cognito Mobile Amazon Pinpoint
Analytics
Game Development Service Mobile Services
Kinesis
Amazon AWS AWS
AWS Lambda
Lightsail
CloudFormation AWS OpsWorks
Organizations Amazon
Amazon Machine AWS SMS
AWS AWSAWSLearning
Greengrass
AWS
Amazon
IAM API
AWS
Amazon
Amazon Desktop &
ElastiCache
Amazon
AWS X-Ray
Elastic Amazon
Amazon AWS Step
AWS Elastic Gateway AppStream
Athena Transcoder QuickSight
SWF Functions
Amazon
AWS Batch
SNS
Amazon
AWS
Beanstalk
SQS
CodeBuildAWS Trusted
CodeCommit Amazon
AWS KMS
Amazon
CodeDeploy
AWS WAF
GameLift
CodePipelineAmazon App Streaming
AWS
Device Farm
AWS DMSAWS
Mobile Hub
Amazon
Service Catalog Advisor CloudWatch AppStream 2.0 WorkSpaces
AWS Glue
 Customers Build Amazing Things
Data Ingest Scale (Batch) Serving Direct Query Data scientists
Amazon Athena
sources
Transactions Internet Raw Data ETL
Interfaces Amazon S3 Amazon EMR Staged Data
(Data Lake) Schemaless
Amazon S3 Amazon ElasticSearch
ERP
Data analysts
Advanced
AWS Direct Analytics
Connect
Semi/Unstructured
Amazon EMR
MLlib
Web logs / Business users
cookies

AWS Data Warehouse

Stream Analysis
Database Amazon Redshift
Amazon EMR Event Scoring
Migration

Connected
Event Handler Legacy Apps Engagement platforms
devices Response Handler
AWS Lambda Amazon RDS
AWS Lambda
Event Capture
Amazon Kinesis
Amazon Kinesis

Social media Amazon AI Near-Zero Latency Automation / events

Amazon DynamoDB

Speed (Real-time)
Amazon
AWS IAM AWS KMS AWS Cloud Trail CloudWatch
The Keys to AWS Success
You

Customer Success
Customer Obsession is key!

Amazon Leadership Principles

• Customer Obsession • Earn Trust • Invent and Simplify • Bias For Action
• Learn and Be Curious • Dive Deep • Think Big • Deliver Results

We Do Things in Peculiar Ways

The Solution Architect is Key!

1. Define your scope.

2. Dive deep.
3. Design “Well-Architected” solutions.
4. Earn trust.
5. Educate.
6. Iterate. Invent and Simplify. Innovate.
A Few Guiding Principles for AWS SAs

1. Cloud migration is a process.

2. Customers need your expertise and help.
3. Know your customer.
4. Know the AWS platform and services.
5. Act in the customer’s long-term, best interest.

Long-term, professional services revenue = Success.

We play the long game.
Your Customer’s Data Center Environment

Networking
SAN Storage
VMs
Some AWS Services Are Very Familiar

Virtual machine instance running on an AWS hypervisor

Compute - EC2
VMs
(instances)

Block storage volumes for use with Amazon EC2 instances

Storage - EBS (block
SAN Storage storage)

Isolated virtual subnets in the AWS Cloud

Networking Networking – Virtual Private

Cloud
 Some AWS Services Are a Little Different

AWS Lambda
• A stateless compute service
• Runs code in response to an event
• Triggers in milliseconds
• Low-cost. Billed in 100ms increments.
• Focus on the application. Not the infrastructure.
Some are Very Different

Amazon Machine Learning (Amazon ML)

• Machine Learning (ML) as a service
• Creating (ML) models using simple APIs
• Enables developers of all skill levels to build ML
applications
 …And Some Offer Emerging Technology

AWS Blockchain Templates

• Get started with blockchain quickly
• Experiment blockchain frameworks (e.g. Ethereum, Hyperledger, Fabric)
• Control access to your AWS resources with granular permissions
• Use Cases:
• Supply Chain
• Financial Transactions
• Identity and Compliance
 The Sum is Greater Than Its Parts
External Services
Content Amazon
Delivery CloudFront
Network

Amazon
DNS Route 53

Third Party Tools

Monitoring Amazon AWS

Logging
CloudWatch CloudTrail

Load Balancing Elastic Load

Balancing*

External services and third-party too are native and integrated.

Highly available global infrastructure

22+ 69+ 185+

Geographic Availability Edge
Regions Zones (AZs) locations

Region
Interconnected using
high-speed private
AWS Availability Zone links

AZ

AZ

Independent failure
zone
© 2019 Amazon Web Services, Inc. or its Affiliates. All rights reserved. https://infrastructure.aws/ 28
Where are AWS points of presence?
What is an AWS Region?
Regions are located in separate geographic areas
1 Regions are isolated from each other
Two redundant Transit Centers Regions have multiple Availability Zones
Highly peered and connected facilities Data are never moved from one region to another by AWS
16 (stay tuned)

AZs are isolated locations (power, network, flood zone, etc.) within regions
AZs have one or more data centres (some have even 8 data centers)
Each data center building has between
AZs are designed to offer high availability of services to customers 50,000 and 80,000 physical servers.
AZs in one region have sub-millisecond latency between them
What Do You Want To Manage?

Amazon EC2 Fully Managed

Self-Managed Service Service

Database DB on EC2
instance RDS

Corporate data AWS Data AWS Data

center Center(s) Center(s)
Shared Security Model

Customer content Customers are

responsible for their
Customer Platform, Applications, Identity & Access Management security and
compliance IN the
Cloud
Operating System, Network & Firewall Configuration

Client-side Data Server-side Data Network Traffic

Encryption Encryption Protection

AWS Foundation Services

AWS is responsible
Compute Storage Database Networking for the security OF
AWS

the Cloud
Availability Zones
AWS Global
Edge Locations
Infrastructure Regions
 AWS as Code

Managing applications and infrastructure

using code-based tools and software
development techniques.

1. Build an AWS solution.

2. Create templates of your solution stacks.
3. Use templates to replicate stack
deployments consistently, at scale. AWS CloudFormation Designer
4. Update templates as you update the
solution design.
5. Manage templates like code. AWS is API-driven.
Use the SDKs to build and operate.
Takeaways

• Your customers are moving to the cloud.

• AWS changes the way customers practice IT.
• Migrating to the cloud is a complex process.
• Customers need your help.
 Cloud Takeaways

• Starts with well-understood tools and constructs.

• Adds complex, powerful functionality and services.
• Cloud infrastructure is interchangeable and dynamic.
• The sum is greater than the parts.
• Solutions focused.
• There is much to know.
• You will build amazing things.
The “Rabbit Hole”..

Is Wide and Deep!

Module 3 -Building Blocks
AWS Foundational Services

AWS Compute AWS Storage AWS Networking AWS Database AWS Security AWS Management

Amazon Amazon Amazon Amazon AWS AWS AWS AWS

Amazon Amazon Amazon Amazon
S3 EBS RDS Aurora IAM WAF CloudWatch CloudTrail
EC2 Elastic ELB Route 53
Container Glacier
Service

Amazon Amazon Amazon Amazon Amazon AWS AWS AWS

Amazon AWS AWS
S3 ALB VPC Dynamo DB ElastiCache KMS CloudFormation Config
EC2 Auto Lambda Shield
Scaling

Amazon Amazon AWS Systems

Direct VPN Manager
Connect
Amazon Elastic Compute Cloud
(Amazon EC2)
• Virtual machine instance running on an AWS hypervisor
• Support numerous distributions of Linux or Microsoft
Windows
• Complete control of your host operating system with
root and administrator accounts
• Responsible for all installed applications

https://aws.amazon.com/ec2/
 EC2 Instances: Families and Generations

General-purpose: M4, M5, T2

Compute-optimized: C4, C5
Memory-optimized: R4, X1
Dense-storage: D2, H1, I3
I/O-optimized: HI1, I2
GPU: F1, G3, P2
Micro: T1, T2

Customers can change instance types seamlessly.

https://aws.amazon.com/ec2/instance-types/
 EC2 instances: Types and Sizes

https://aws.amazon.com/ec2/instance-types/
EC2 Purchasing Options
On-Demand
Pay for compute capacity by the
second with no long-term
commitments
Reserved Spot
Make a 1 or 3 Year commitment Spare EC2 capacity at savings
and receive a significant of up to 90% off On-Demand
discount off On-Demand prices prices

Spiky workloads, to define needs Committed, steady-state usage Fault-tolerant, dev/test, time-
flexible, stateless workloads

https://aws.amazon.com/ec2/pricing/
Amazon Elastic Compute Cloud (EC2)

Auto Scaling Groups

• Scale Amazon EC2 instances seamlessly and automatically
• Launch or terminate instances to meet desired capacity
• Keeps capacity balanced across AZs
• Replace unhealthy or unreachable instances
• Policy-based. Integrates with other AWS services
• Use Cases:
• Dynamic scaling - Optimize EC2 resources rapidly
• Reduce cost. Manage pricing.
• Fleet management – Balance. Recover from failures.

https://aws.amazon.com/ec2/autoscaling/
Amazon Container Services (ECS/EKS)

• Elastic Container Service and Elastic Container Service for

Kubernetes
• AWS runs the EC2 cluster management for you
• Eliminates the complexity of operating container infrastructure
• Use Cases
• Deploy microservices to speed innovation
• Batch processing
• Migrate legacy applications without requiring code changes
• Accelerate machine learning

https://aws.amazon.com/ecs/
AWS Fargate

• Allows customers to run containers without managing a cluster.

• Leverages Amazon ECS and EKS
• Launch tens of thousands of containers in seconds
• Integrates with auto scaling for optimal utilization

https://aws.amazon.com/fargate/
 AWS Lambda

• A stateless compute service that runs code in response to an event

• Triggers in milliseconds.
• Billed in 100ms increments. Pay only for what you use.
• No virtual servers required.
• Use Cases:
• Building modular, scalable, lightweight applications
• Serverless data processing on demand
• Use AWS Step-Functions to orchestrate Lambda architectures
• Perform data validation, filtering, sorting, or other transformations.
• Image thumb-nailing, in-app activity, website clicks, or output from devices
https://aws.amazon.com/lambda/
AWS Foundational Services

AWS Compute AWS Storage AWS Networking AWS Database AWS Security AWS Management

Amazon Amazon Amazon Amazon AWS AWS AWS AWS

Amazon Amazon Amazon Amazon
S3 EBS RDS Aurora IAM WAF CloudWatch CloudTrail
EC2 Elastic ELB Route 53
Container Glacier
Service

Amazon Amazon Amazon Amazon Amazon AWS AWS AWS

Amazon AWS AWS
S3 ALB VPC Dynamo DB ElastiCache KMS CloudFormation Config
EC2 Auto Lambda Shield
Scaling

Amazon Amazon AWS Systems

Direct VPN Manager
Connect
 Amazon Elastic Block Storage (EBS)

• Block storage volumes for use with Amazon EC2 instances

• Persistent storage attached to EC2 instances as native disk
• Formatted using a standard OS file system (e.g. ext4 or NTFS)
• Scalable, high-performance storage for applications
• Use Cases
• Boot/root volumes for EC2 instances
• Data volumes for enterprise applications such as SAP, Microsoft Exchange and
Microsoft SharePoint.
• Relational or NoSQL databases supporting millions of users.

https://aws.amazon.com/ebs/
Amazon Simple Storage Service (Amazon
S3)
• Highly scalable, reliable, fast, durable object storage
• Store and retrieve any amount of data from anywhere on the web
using HTTP or HTTPS.
• A workhorse service that serves many purposes
• Use cases:
• Application file hosting
• Backup for disaster recovery
• Static web hosting
• Streaming data
• Data lakes

https://aws.amazon.com/s3/
Choice of storage classes on Amazon S3

Standard – One Zone – Amazon

Standard Infrequent Access Infrequent Access Glacier

Active data Infrequently accessed data Archive data

 Amazon S3 One Zone-IA
• An S3 storage class built for easily re-creatable data
• Designed on a single Availability Zone
• Still 99.9999999% durable but less available and resilient - for
20% less cost

Use it for:
• Mobile or Enterprise backup data
• Off-site compliance data
• Disaster recovery data
• Derived analysis data
Data Lakes
Catalog & Search Access & User Interface
Access & Search Metadata Give your users easy & secure access

DynamoDB Amazon ES API Gateway IAM Cognito

Data Ingestion
Get your data into S3 Processing & Analytics
quickly and securely Use predictive and prescriptive
Central Storage analytics to gain better understanding
Secure, Cost Effective
Storage in S3

Kinesis
Firehose Direct Connect Snowball DMS Athena Quicksight EMR Redshift

S3

Protect & Secure

Use entitlements to ensure data is secure and users identities are verified

Security Token Cloudwatch Cloudtrail KMS

Service
 Amazon Glacier

• Long term storage solution

• Optimized for data that is infrequently accessed
• Minutes to hours to begin accessing stored data
• Extremely low cost
• Use Cases:
• Long-term storage
• Data archiving
• Data lifecycle automation

https://aws.amazon.com/glacier/
AWS Foundational Services

AWS Compute AWS Storage AWS Networking AWS Database AWS Security AWS Management

Amazon Amazon Amazon Amazon AWS AWS AWS AWS

Amazon Amazon Amazon Amazon
S3 EBS RDS Aurora IAM WAF CloudWatch CloudTrail
EC2 Elastic ELB Route 53
Container Glacier
Service

Amazon Amazon Amazon Amazon Amazon AWS AWS AWS

Amazon AWS AWS
S3 ALB VPC Dynamo DB ElastiCache KMS CloudFormation Config
EC2 Auto Lambda Shield
Scaling

Amazon Amazon AWS Systems

Direct VPN Manager
Connect
Amazon Virtual Private Cloud
Amazon VPC
• Isolated virtual subnets in the AWS Cloud
• Secure, performant, highly-configurable
• Support rich security
• Use Cases:
• Host both public and private resources
• Organize/isolate applications components
• Isolate resources by logical entity, group, sensitivity, or function
• Extend on-prem networks into the cloud

https://aws.amazon.com/vpc/
 What is Amazon VPC?
• Your own logically isolated section of the Amazon Web
Services (AWS) cloud

• By default, your VPC has no access to the internet, nor are

instances addressable from the internet

E
ER
• You have complete control over your virtual networking

H
ES
environment

GO
• Proven and well-understood networking concepts:

RK
O
W
• User defined IP address range

ET
N
• Subnets

R
U
YO
• Route tables
• Access control lists
• Network gateways

• A way to gain agility as well as additional security

 VPCs as Strategy
Quick Start Design with Test, Production, and Development VPCs
Like any production application, AWS
solutions should be deployed in a
Archive S3 Lifecycle
landscape of multiple environments
Logs Bucket Policies to
Glacier
Users

Test VPC
us-east-1b
• Each environment should be in its own
NAT
Amazon VPC
• At a minimum, consider production
and development VPC environments
Bastion

• Can make sense to add environments

for test, future development (“dev+1”),
Potential use
for security
appliances for
monitoring,
logging, etc.

staging, and other purposes

us-east-1c
• Remember, AWS environments with
intermittent use (such as test) can be
AWS Config
Rules
CloudTrail CloudWatch
Alarms
stopped when not in use, helping to
limit costs
Amazon Virtual Private Cloud
Corporate Datacenter Connectivity
• Four ways to connect to resources in your VPC:
• Over the internet
• Virtual private network (VPN) using IPSec
• Configured in minutes
• AWS Direct Connect
• Service provided by Amazon Partner Network (APN) Partners
• Private link
• Elastic network interface

https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/endpoint-service.html
Amazon Virtual Private Cloud
Corporate Datacenter Connectivity
 Amazon Elastic Load Balancing (ELB)

• Automatically distributes incoming application traffic

• Incorporates new resources as applications scale, automatically
• Detects and accommodates application faults
• Pool AWS cloud and on-premises resources seamlessly
• Integrates with other AWS services
• Route 53
• Internet Gateway
• Identity and Access Management

https://aws.amazon.com/elasticloadbalancing/
 Network Load Balancer (NLB)

• Ultra-low latency handles tens of millions of requests per second

• “IP-per-AZ” feature improves performance, and fault-tolerance
• Preserves the source IP address and ports for incoming connections
• Connections can be open for months or years
• Supports failover between IP addresses within and across regions
• Use Case:
• Hard-coded IP address
• Microservices

https://aws.amazon.com/elasticloadbalancing/details/#compar
e
 Amazon CloudFront

• Content delivery network (CDN) with optimization

• Distribute content to end users with low latency and high data
transfer rates
• Broad, geographic presence beyond AWS Regions
• Accelerate data uploaded from end users
• Use cases:
• Accelerating web application performance
• Caching static web content and frequent database query results
• Offloading TLS termination

https://aws.amazon.com/cloudfront/
 Amazon Route 53

• Global Domain Name System (DNS) service

• Highly available and scalable – 100% availability SLA
• Critical tool integrated with many AWS services
• Use Cases:
• Optimized Routing
• Failover
• Geolocation Compliance
• Integrated with other AWS services
• Micro-segmentation

https://aws.amazon.com/route53/
AWS Foundational Services

AWS Compute AWS Storage AWS Networking AWS Database AWS Security AWS Management

Amazon Amazon Amazon Amazon AWS AWS AWS AWS

Amazon Amazon Amazon Amazon
S3 EBS RDS Aurora IAM WAF CloudWatch CloudTrail
EC2 Elastic ELB Route 53
Container Glacier
Service

Amazon Amazon Amazon Amazon Amazon AWS AWS AWS

Amazon AWS AWS
S3 ALB VPC Dynamo DB ElastiCache KMS CloudFormation Config
EC2 Auto Lambda Shield
Scaling

Amazon Amazon AWS Systems

Direct VPN Manager
Connect
 Amazon Relational Database Service

• Managed service for MySQL, Oracle, Microsoft SQL Server, MariaDB,

and Amazon Aurora
• Handles time-consuming database management tasks, such as
backups, patch management, and replication
• Works with existing code, applications, and tools
• Use Cases:
• Any applications requiring a relational database
• Improving database performance, availability and scalability

https://aws.amazon.com/rds/
 Amazon Aurora

• MySQL/PostgreSQL-compatible relational database service

• Part of Amazon RDS
• Higher performance than standard MySQL and PostgreSQL
• High-availability without complex server management
• Scales and optimizes storage automatically
• Use Cases
• Any application that uses a relational database
• Replace on-premises or AWS EC2-hosted MySQL or PostgreSQL

https://aws.amazon.com/rds/aurora/
 Amazon DynamoDB

• Fast, flexible, fully-managed, NoSQL database service

• Single-digit millisecond latency at any scale
• Highly available, replicated across multiple availability zones and
between regions
• Use Cases:
• High-performance database applications
• Ad Tech
• Big Data
• Gaming
• Mobile/IoT

https://aws.amazon.com/dynamodb/
 Amazon ElastiCache

• A fully-managed open-source-compatible, Redis and

Memcached service.
• Improves performance by retrieving data from high-throughput
and low-latency, in-memory data stores.
• Use Cases:
• Gaming
• Ad-Tech
• Financial Services
• Healthcare
• IoT

https://aws.amazon.com/elasticache/
AWS Foundational Services

AWS Compute AWS Storage AWS Networking AWS Database AWS Security AWS Management

Amazon Amazon Amazon Amazon AWS AWS AWS AWS

Amazon Amazon Amazon Amazon
S3 EBS RDS Aurora IAM WAF CloudWatch CloudTrail
EC2 Elastic ELB Route 53
Container Glacier
Service

Amazon Amazon Amazon Amazon Amazon AWS AWS AWS

Amazon AWS AWS
S3 ALB VPC Dynamo DB ElastiCache KMS CloudFormation Config
EC2 Auto Lambda Shield
Scaling

Amazon Amazon AWS Systems

Direct VPN Manager
Connect
 AWS Identity & Access Management

• A core AWS security service

• Create and manage AWS users, roles and groups
• Manage fine-grained access control to AWS resources
• Control what operations a user or service can perform
• Integrates with Microsoft Active Directory using SAML identity
federation and AWS Directory Service (AD Connector)
• Allows scalable, consistent security and auditability
• Multi-factor authentication for highly privileged users

https://aws.amazon.com/iam/
 AWS Principals

Account Owner ID (Root Account)

• Access to all subscribed services.
• Access to billing.
• Access to console and APIs.
• Access to Customer Support.

IAM Users, Groups and Roles

• Access to specific services.
• Access to console and/or APIs.
• Access to Customer Support (Business and Enterprise).

Temporary Security Credentials

• Access to specific services.
• Access to console and/or APIs.
AWS Key Management Service (AWS
KMS)
• Managed service that simplifies management and use of
encryption keys
• Integrated with many AWS services
• Integrated with AWS CloudTrail to provide auditable logs of
key usage for regulatory and compliance activities

https://aws.amazon.com/kms/
 AWS Shield (Standard or Advanced)

• Guards against distributed denial of service (DDoS) attacks

• AWS Shield Standard
• Addresses common layer 3-4 DDoS incidents
• Monitors network flows for quick attack detection
• Mitigates service impacts automatically
• AWS Shield Advanced
• Enhanced DDoS detection and response
• Supports customized rules against sophisticated attacks
• Includes AWS DDoS Response Team 24x7
• Covers cost of increased resource utilization due to attack
https://aws.amazon.com/shield/
AWS Foundational Services

AWS Compute AWS Storage AWS Networking AWS Database AWS Security AWS Management

Amazon Amazon Amazon Amazon AWS AWS AWS AWS

Amazon Amazon Amazon Amazon
S3 EBS RDS Aurora IAM WAF CloudWatch CloudTrail
EC2 Elastic ELB Route 53
Container Glacier
Service

Amazon Amazon Amazon Amazon Amazon AWS AWS AWS

Amazon AWS AWS
S3 ALB VPC Dynamo DB ElastiCache KMS CloudFormation Config
EC2 Auto Lambda Shield
Scaling

Amazon Amazon AWS Systems

Direct VPN Manager
Connect
 AWS CloudWatch
• Monitoring service for AWS cloud resources and applications
• Collect and track metrics, monitor log files, and set alarms
• Gain visibility into resource utilization, application performance, and
operational health
• Set alarms to send notifications or take other automated actions
• Supports custom dashboards
• Use cases:
• Cost management; billing alerts

https://aws.amazon.com/cloudwatch/
 AWS CloudTrail

• Managed service that records all AWS API calls for your account
• Records information about API calls to AWS service
• Delivers results in log files for automatic response
• Use cases:
• Security, alerting
• Compliance
• Troubleshooting
• Remediation

https://aws.amazon.com/cloudtrail/
 AWS CloudFormation

• Service to create and manage a collection of related AWS resources to

duplicate consistency across environments
• Describe sets of AWS resources using template file called “stacks”
• Customize values for different application environments and regions
• Maintain and update infrastructure as code (IaC)
• Use Cases
• Standardize application deployments for scale and consistency
• Test, designs and automatically rollback the newly provisioned
resources
• Replicate service architectures globally in minutes

https://aws.amazon.com/cloudformation/
AWS Config
Managed service for tracking AWS inventory and configuration, and configuration
change notification.

AWS Config
Amazon Amazon
EC2 EBS

Amazon AWS
VPC CloudTrail

Security Audit Change

Troubleshooting Discovery
analysis compliance management
Popular AWS Marketplace Vendors by Category

Operating
Security Storage Networking Database Media DevOps BI
Systems
Pop Quiz

Let’s Answer some

Customer Questions!
How Would You Answer
This Question?

What will change

when I move to AWS?
How Would You Answer
This Question?

How Secure is my
AWS Workload?

How secure is my AWS workload?

How Would You Answer
This Question?

How can AWS improve

business continuity and
disaster recovery?
How Would You Answer
This Question?

How do I measure and compare

workload performance in the
cloud versus on-premises?
How Would You Answer
This Question?

Does it cost more or less

to run a workload on
AWS versus on-premises?
Module 4 –
The Well-Architected Framework
The AWS Well-Architected Framework

• Increases awareness of architectural best

practices
• Addresses foundational areas that are often
neglected
• Consistent methodology for evaluating
architectures
The AWS Well-Architected Framework

• Composed of:
• Pillars
• Design principles
• Questions
Pillars of AWS Well-Architected

Operational Security Reliability Performance Cost

Excellence Efficiency Optimization
 Operational Excellence (OE)

• The ability to run and monitor systems to deliver business

value and continually improve supporting processes and
procedures.

• Prepare
• Operate
• Evolve
Question: Operational Excellence
Pillar Area
Question Text

Question Context

Best Practices
Security

• The ability to protect information, systems, and assets while delivering business
value through risk assessments and mitigation strategies.

• Identity and access management

• Detective controls
• Infrastructure protection
• Data protection
• Incident response
Question: Security
Pillar Area
Question Text

Question Context

Best Practices
Reliability

• The ability of a system to recover from infrastructure or

service failures, dynamically acquire computing resources to
meet demand, and mitigate disruptions such as
misconfigurations or transient network issues.

• Foundations
• Change management
• Failure management
Question: Reliability
Pillar Area
Question Text

Question Context

Best Practices
Performance Efficiency (PE)

• The ability to use computing resources efficiently to meet

system requirements, and to maintain that efficiency as
demand changes and technologies evolve.

• Selection
• Review
• Monitoring
• Tradeoffs
Question: Performance Efficiency
Pillar Area
Question Text

Question Context

Best Practices
Cost Optimization (CO)

• The ability to avoid or eliminate unneeded cost or suboptimal

resources

• Cost-effective resources
• Matched supply and demand
• Expenditure awareness
• Optimizing over time
Question: Cost Optimization
Pillar Area
Question Text

Question Context

Best Practices
Available Resources

• AWS Well-Architected Framework whitepaper

• Pillar-specific whitepapers
• Prescriptive high-level implementation guidance
• Lens whitepapers
• Free online training
 Useful Well-Architected Links
• General Information:
https://aws.amazon.com/well-architected

• Well-Architected Whitepaper:
http://d0.awsstatic.com/whitepapers/architecture/AWS_Well-
Architected_Framework.pdf

• Link to the digital, Well-Architected course:

https://www.aws.training/learningobject/curriculum?id=12049
Architecting a Solution on AWS
Guiding Principles for AWS SAs

1. Cloud migration is a process.

2. Customers need your expertise and help.
3. Know your customer.
4. Know the AWS platform and services.
5. Act in the customer’s long-term best interest.
6. The first architecture is not the final architecture.
Architecting a Customer Solution

• Understand the business impacts

• Identify the stakeholders
• Determine the Line of Business
• What is the business problem?
• Understand the Use Case
• How have other customers done it?
• Find a similar case study and reference architecture
 Manage Scope

• Customers are excited about using AWS

• Many stakeholders, many goals
• Focus the conversation on specific deliverables
• Identify applications that are candidates for migration
Manage Scope

• Identify an application’s speeds and feeds.

• Understand the business and operational context.
• Develop a solution that addresses both of those.
Architecting a Solution on AWS
• Define measurable, time-bound success criteria.
• Deliver!
Builders Welcome

• AWS Free Tier - https://aws.amazon.com/free/

• Check out your SDK of choice. - https://aws.amazon.com/tools/
• Go build something!
 Next Step: Advance Your Technical Skills

Intermediate
Architecting on AWS
Instructor-led | Live or Virtual Class | 3 Days
Learn cloud best practices, architecture patterns, case studies, and other practical ways of
thinking about how to architect infrastructure on AWS.
https://www.aws.training/training/schedule?courseId=10002

Advanced
Advanced Architecting on AWS
Instructor-led | Live or Virtual Class | 3 Days
Learn how to build complex AWS solutions incorporating data services, governance, and security.
Gain best practices for building scalable, elastic, secure, and highly available applications.
https://www.aws.training/training/schedule?courseId=10000

https://aws.amazon.com/training/course-descriptions/architect/
AWS Certification

https://youtu.be/WqUQNp1hAH8

© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 140
AWS Well-Architected

• AWS Well-Architected Framework Whitepaper

• Pillar Specific Whitepapers
• Prescriptive high-level implementation guidance
• Lens Whitepapers
• Free Online Training

• https://aws.amazon.com/well-architected
Available Security Trainings

Security Fundamentals on AWS

(Free online course)

Security Operations on AWS

(3-day class)

Details at aws.amazon.com/training
AWS Security Center

Comprehensive security portal to provide a variety of security notifications,

information and documentation.

Security Whitepapers
• Overview of Security Process
• AWS Risk and Compliance
• AWS Security Best Practices
Security Bulletin
Security Resources
Vulnerability Reporting
Penetration Testing
Requests
Report Suspicious Emails

http://aws.amazon.com/security
Keeping Up
AWS Announcements and Updates
• AWS: What’s New? http://aws.amazon.com/new/
• AWS blog - https://aws.amazon.com/blogs/aws/
• AWS podcast - https://aws.amazon.com/podcasts/aws-podcast/
• APN blog - https://aws.amazon.com/blogs/apn/
• This is MY Architecture YouTube channel - https://aws.amazon.com/this-is-
my-architecture/
• AWS loft schedule - https://aws.amazon.com/start-ups/loft/
• @awscloud twitter - https://twitter.com/awscloud
Suggested Reading

• AWS Certified Solutions Architect Official Study Guide: Associate

Exam

• Ahead in the Cloud: Best Practices for Navigating the Future of

Enterprise IT
 Thank You!

© 2018 Amazon Web Services, Inc. or its affiliates. All rights reserved. This work may not be reproduced or redistributed, in whole or
in part, without prior written permission from Amazon Web Services, Inc. Commercial copying, lending, or selling is prohibited.
Corrections or feedback on the course, please email us at: aws-course-feedback@amazon.com. For all other questions, contact us at:
https://aws.amazon.com/contact-us/aws-training/. All trademarks are the property of their owners.