techtalk-madhu-aws
TRANSCRIPT
Tech Talk on AWS
Madhu Kumar
Agenda AWS Introduction AWS Key Services AWS Architectures AWS Services Access AWS Security Demo
Deploying a SOA web application to AWS using Elastic Bean Stalk
Deploying a SOA web application to AWS using Cloud Formation
Questions.
Process
Process AWS
So What is AWS AWS is a cloud
service provider Offers pay-as-you-go
Operational Expense (Op-ex) model.
AWS is a Infrastructure as a Service (IAAS) and a Platform As a Service(PAAS)
Gartner Report : http://www.gartner.com/technology/reprints.do?id=1-1WWKTQ3&ct=140709&st=sb
Cloud Service Models
IAAS – Infrastructure as Service PAAS – Platform as ServiceSAAS – Software as Service
Signing Up
Sign up for a AWS Account http://aws.amazon.com/console/
Create a user and a group. Provide sufficient privileges to the group to
access the account.
AWS Services
Simple Storage Service (S3) S3 is designed
specifically for data storage in the cloud. Like folders in windows, AWS has buckets in S3 that contain files.
Sample Architecture – Log Analysis
Glacier Extremely low-cost
storage service that provides secure, durable, and flexible storage for data backup and archival.
Elastic Cloud Compute(EC2) A virtual machine
with root access to each one in cloud.
Features Pay for what you use. Instance Types:
Reserved (Significant discount)
Spot (Bid on unused ec2 machines)
On-Demand(no long term commitments)
Instance Type
Used for
T2 -Burstable Good choice for workloads that don’t use the full CPU often or consistently, but occasionally need to burst (e.g. web servers, developer environments and small databases)
M3 -General Purpose
Provides a balance of compute, memory, and network resources.
C4 – Compute optimized
Highest performing processors and the lowest price per performance
C3 -Network For Enhanced Networking( high performance science and engineering applications)
R3-Memory Memory Optimized (Distributed memory cache, In-memory analytics)
GPU G2 -Graphics For Graphics and GPU (Games, server side graphic workloads)
I2 -Storage Storage Optimized - high random I/O performance, and provide high IOPS at a low cost (NoSQL, Cassandra, MongoDB, Hadoop & Cluster file systems)
HS1 high sequential read and write performance per instance (Data ware housing, Map Reduce )
Relational Database Service (RDS) A web service that
makes it easy to set up, operate, and scale a relational database in the cloud.
VPC Secured Virtual Network in the AWS cloud.
VPC Provides 4 options VPC Single subnet VPC Public and Private Subnet VPC Public and Private Subnet and
Hardware VPN Access VPC with a private subnet only and
hardware VPN Access.
VPC Public/Private Subnet VPN Based
Connectivity
IAM Securely control
individual and group access to your AWS resources.
CLOUD WATCH Monitoring service
for AWS cloud resources and the applications you run on AWS.
ELASTIC BEAN STALK PAAS component of
AWS. Makes it easier for
developers to quickly deploy and manage applications in the AWS cloud.
Cloud Formation Allows you to create
and provision resources in a reusable template fashion.
Architectures
Architectures
Architectures – Disaster Recovery
Access to AWS Services Command Line
Interface Eclipse or RAD Plugin Console
CLI Demo
AWS CLI autoscaling cloudformation cloudhsm cloudsearch cloudsearchdomain cloudtrail cloudwatch cognito-identity cognito-sync configservice configure datapipeline deploy directconnect dynamodb ec2 ecs elasticache elastictranscoder elb emr glacier
iam importexport kinesis kms lambda logs opsworks rds redshift route53 route53domains s3 s3api ses sns sqs storagegateway sts support swf
Security AWS Responsibility
Physical environment Fire
Storage Device De-commissioning. Highly secure data Wipe it, degauss it and physically
destroy it HIPAA standards
Physical Environment security/protection From fire, power, climate and
management Network Devices and ACL’s API Access end points terminated
with SSL for secure communication DDOS protection EC2 instances cannot send spoofed
data Port Scanning against rules Personnel access to Facilities EC2 instance hypervisor isolation
User or Enterprise Responsibility IAM
Create groups, individual users, integrate single sign on using federated users, temporary user access (for contractors)
Multi Factor Authentication Useful, recommended
Password key rotation Rotation policy (company policy)
Trusted Advisor Aws suggests potential ways to improve
security Access Control Lists
Access to single EC2, S3 buckets Access Keys
Access keys consist of an access key ID and secret access key. This is used to access AWS through CLI.
Keep it confidential in order to protect your account, and never email it. Do not share it outside your organization, even if an inquiry appears to come from AWS or Amazon.com
DEMO SOA Producer Consumer Application – Using
Bean Stalk SOA Producer Consumer Application – Using
Cloud Formation.
Questions?
References aws.amazon.com
White papers Use Cases Solutions
Images from google.com
Appendix
Regions & Availability Zones
Regions Availability Zones
Pricing AWS Services S3
Pricing: Storage: $0.03 per GB Requests: $0.005 per 1000 requests Data In: $0 Data Out: $0.09 per GB aws.amazon.com/s3/pricing/
Glacier Pricing:
Storage: $0.01 per GB Requests: $0.05 per 1000 requests Data In: $0 Data Out: $0.09 per GB (up to 10TB) aws.amazon.com/glacier/pricing/
Pricing AWS Services EC2 Instance
Pricing M3.Large Instance (Example)
On-demand: 0.140$/hour Spot : 0.081$/hour Reserved: 1-year contract: 0.1$/hour ( no down) 3-year contract: 0.05$/hour (673$ down) -60% savings than
on-demand.
Glossary Regions
Each region is a separate geographic area Availability Zones
Each region has multiple, isolated locations known as Availability Zones. EBS – Elastic Block Store
A service that provides block level storage volumes for use with EC2 instances Snapshot
EBS creates snapshots or backups of your volumes and stores them in Amazon S3. You can use these snapshots as the starting point for new Amazon EBS volumes or to protect your data for long-term durability
AMI – Amazon Machine Image An encrypted machine image stored in Amazon Elastic Block Store or Amazon Simple
Storage Service ARN- Amazon Resource Name
A standardized way to refer to an AWS resource. For example: arn:aws:iam::123456789012:user/division_abc/
Elastic IP A static IP address for amazon EC2 or VPC.
Multi -AZ Multiple Availability Zones