Tech Talk on AWS

Madhu Kumar

Agenda AWS Introduction AWS Key Services AWS Architectures AWS Services Access AWS Security Demo

Deploying a SOA web application to AWS using Elastic Bean Stalk

Deploying a SOA web application to AWS using Cloud Formation

Questions.

Process

Process AWS

So What is AWS AWS is a cloud

service provider Offers pay-as-you-go

Operational Expense (Op-ex) model.

AWS is a Infrastructure as a Service (IAAS) and a Platform As a Service(PAAS)

Gartner Report : http://www.gartner.com/technology/reprints.do?id=1-1WWKTQ3&ct=140709&st=sb

Cloud Service Models

IAAS – Infrastructure as Service PAAS – Platform as ServiceSAAS – Software as Service

Signing Up

Sign up for a AWS Account http://aws.amazon.com/console/

Create a user and a group. Provide sufficient privileges to the group to

access the account.

AWS Services

Simple Storage Service (S3) S3 is designed

specifically for data storage in the cloud. Like folders in windows, AWS has buckets in S3 that contain files.

Sample Architecture – Log Analysis

Glacier  Extremely low-cost

storage service that provides secure, durable, and flexible storage for data backup and archival.

Elastic Cloud Compute(EC2) A virtual machine

with root access to each one in cloud.

Features Pay for what you use. Instance Types:

Reserved (Significant discount)

Spot (Bid on unused ec2 machines)

On-Demand(no long term commitments)

Instance Type

Used for

T2 -Burstable Good choice for workloads that don’t use the full CPU often or consistently, but occasionally need to burst (e.g. web servers, developer environments and small databases)

M3 -General Purpose

Provides a balance of compute, memory, and network resources.

C4 – Compute optimized

Highest performing processors and the lowest price per performance

C3 -Network For Enhanced Networking( high performance science and engineering applications)

R3-Memory Memory Optimized (Distributed memory cache, In-memory analytics)

GPU G2 -Graphics For Graphics and GPU (Games, server side graphic workloads)

I2 -Storage Storage Optimized - high random I/O performance, and provide high IOPS at a low cost (NoSQL, Cassandra, MongoDB, Hadoop & Cluster file systems)

HS1 high sequential read and write performance per instance (Data ware housing, Map Reduce )

Relational Database Service (RDS) A web service that

makes it easy to set up, operate, and scale a relational database in the cloud.

VPC Secured Virtual Network in the AWS cloud.

VPC Provides 4 options VPC Single subnet VPC Public and Private Subnet VPC Public and Private Subnet and

Hardware VPN Access VPC with a private subnet only and

hardware VPN Access.

VPC Public/Private Subnet VPN Based

Connectivity

IAM Securely control

individual and group access to your AWS resources.

CLOUD WATCH Monitoring service

for AWS cloud resources and the applications you run on AWS.

ELASTIC BEAN STALK PAAS component of

AWS. Makes it easier for

developers to quickly deploy and manage applications in the AWS cloud.

Cloud Formation Allows you to create

and provision resources in a reusable template fashion.

Architectures

Architectures

Architectures – Disaster Recovery

Access to AWS Services Command Line

Interface Eclipse or RAD Plugin Console

CLI Demo

AWS CLI autoscaling cloudformation cloudhsm cloudsearch cloudsearchdomain cloudtrail cloudwatch cognito-identity cognito-sync configservice configure datapipeline deploy directconnect dynamodb ec2 ecs elasticache elastictranscoder elb emr glacier

iam importexport kinesis kms lambda logs opsworks rds redshift route53 route53domains s3 s3api ses sns sqs storagegateway sts support swf

Security AWS Responsibility

Physical environment Fire

Storage Device De-commissioning. Highly secure data Wipe it, degauss it and physically

destroy it HIPAA standards

Physical Environment security/protection From fire, power, climate and

management Network Devices and ACL’s API Access end points terminated

with SSL for secure communication DDOS protection EC2 instances cannot send spoofed

data Port Scanning against rules Personnel access to Facilities EC2 instance hypervisor isolation

User or Enterprise Responsibility IAM

Create groups, individual users, integrate single sign on using federated users, temporary user access (for contractors)

Multi Factor Authentication Useful, recommended

Password key rotation Rotation policy (company policy)

Trusted Advisor Aws suggests potential ways to improve

security Access Control Lists

Access to single EC2, S3 buckets Access Keys

Access keys consist of an access key ID and secret access key. This is used to access AWS through CLI.

 Keep it confidential in order to protect your account, and never email it. Do not share it outside your organization, even if an inquiry appears to come from AWS or Amazon.com

DEMO SOA Producer Consumer Application – Using

Bean Stalk SOA Producer Consumer Application – Using

Cloud Formation.

Questions?

References aws.amazon.com

White papers Use Cases Solutions

Images from google.com

Appendix

Regions & Availability Zones

Regions Availability Zones

Pricing AWS Services S3

Pricing: Storage: $0.03 per GB Requests: $0.005 per 1000 requests Data In: $0 Data Out: $0.09 per GB aws.amazon.com/s3/pricing/

Glacier Pricing:

Storage: $0.01 per GB Requests: $0.05 per 1000 requests Data In: $0 Data Out: $0.09 per GB (up to 10TB) aws.amazon.com/glacier/pricing/

Pricing AWS Services EC2 Instance

Pricing M3.Large Instance (Example)

On-demand: 0.140$/hour Spot : 0.081$/hour Reserved: 1-year contract: 0.1$/hour ( no down) 3-year contract: 0.05$/hour (673$ down) -60% savings than

on-demand.

Glossary Regions

Each region is a separate geographic area Availability Zones

Each region has multiple, isolated locations known as Availability Zones.  EBS – Elastic Block Store

A service that provides block level storage volumes for use with EC2 instances Snapshot

EBS creates snapshots or backups of your volumes and stores them in Amazon S3. You can use these snapshots as the starting point for new Amazon EBS volumes or to protect your data for long-term durability

AMI – Amazon Machine Image An encrypted machine image stored in Amazon Elastic Block Store or Amazon Simple

Storage Service ARN- Amazon Resource Name

A standardized way to refer to an AWS resource. For example: arn:aws:iam::123456789012:user/division_abc/

Elastic IP A static IP address for amazon EC2 or VPC.

Multi -AZ Multiple Availability Zones