Professional Documents
Culture Documents
Aw Someday
Aw Someday
Aw Someday
Version 4.1
1
Course Objectives
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 2
Module Layout
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 3
Module 1
Introduction and History of
AWS
4
Amazon History
2005: 2014:
Amazon 2007: Amazon
1994: Jeff Bezos Publishing Kindle 2012: Amazon Prime
incorporated the was was Game Studios Now was
company. launched. launched. was launched. launched.
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 5
Amazon Web Services (AWS)
Enable businesses and developers to
use web services to build scalable,
sophisticated applications.
Storage
Development and
Management Tools
Analytics Content Delivery
Messaging Compute
App Services
Database Payments
Mobile
Networking
On-Demand Workforce
VPC
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 6
AWS Rapid Pace of Innovation
722
New Features/Services
Launched
159
82
48
2009 2011 2013 2015
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 7
AWS GovCloud (US) AWS Import/Export AWS Storage Gateway Amazon Cognito
AWS OpsWorks
AWS CodeDeploy Amazon AWS Config AWS CloudTrail
AWS CodeCommit
Amazon EC2 ElastiCache
AWS Elastic Beanstalk
AWS CloudHSM Elasticsearch Service
Amazon SES Amazon Kinesis
Amazon Elastic Transcoder
Container Service
Amazon EC2 Container
Amazon WorkMail
Registry
2,420
AWS Certificate Manager
AWS CodePipeline
Amazon EFS Amazon Route 53
Amazon Redshift
AWS Identity and Access
AWS Lambda
Management AWS
CloudFormation
Amazon
AppStream
AWS Device Farm
Amazon DynamoDB Services and Features
AWS Amazon RDS
AWS Data Amazon QuickSight Directory for Aurora
Pipeline Service
AWS WAF Amazon SWF Amazon RDS for MariaDB AWS Mobile Hub
Amazon SNS Amazon API
Amazon WorkSpaces AWS KMS
Gateway Amazon CloudWatch Logs
Amazon Mobile
Amazon CloudSearch Amazon WorkDocs
Amazon Machine
AWS Direct
AWS IoT AWS Service Analytics
Amazon Glacier Learning AWS Import/Export
Connect Catalog
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 8
Amazon Inspector
As of 1 August 2016
AWS Customers
Enterprise Customers Public Sector Customers
Startup Customers
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 9
Advantages and Benefits of AWS Cloud Computing
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 10
Gartner Magic Quadrant for Cloud Infrastructure as a Service, Worldwide
Gartner Magic Quadrant for Cloud Infrastructure as a Service, Worldwide, Lydia Leong, Gregor Petri, Bob Gill, Mike Dorosh, 03 August 2016. This Magic Quadrant graphic was published by Gartner, Inc. as part of
a larger research note and should be evaluated in the context of the entire report. The Gartner report is available at https://aws.amazon.com/resources/analyst-reports/ . Gartner does not endorse any vendor,
product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the
opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of
merchantability or fitness for a particular purpose.
11
AWS Core Infrastructure and Services
Traditional Infrastructure Amazon Web Services
Security Security
Security
Firewalls ACLs Administrators Security Groups Network ACLs AWS IAM
Security Groups NACLs Access Mgmt
Storage
DAS SAN NAS RDBMS and Amazon
Amazon Amazon Amazon
Database EBS EFS S3 RDS 12
AWS Cloud Computing
Virtual Desktops
Applications Collaboration and Sharing
Amazon
Amazon EC2 AWS Glacier AWS
AWS Amazon
Container Direct Directory
KMS WorkMail
Service Connect Service
Amazon AWS
Elastic AWS Elastic File Storage
Load Elastic
System Gateway
Balancing Beanstalk AWS Cloud
HSM AWS WAF
AWS Import/
Auto Export
Scaling
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 14
AWS Platform Services
Management Developer Mobile Internet of
Databases Analytics App Services Tools Tools Services Things
Amazon Amazon Amazon AWS Amazon Amazon AWS AWS AWS AWS Amazon AWS
AWS IoT
RDS DynamoDB EMR Data Pipeline SES AppStream CloudFormation Config CodeCommit CodeDeploy Cognito Device Farm
AWS
Amazon Trusted
Certificate
API Gateway Advisor
Manager
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 15
AWS Global Infrastructure
Regions
Geographic locations
Consist of at least two Availability Zones
Availability Zones
Clusters of data centers
Isolated from failures in other Availability Zones
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 16
AWS Global Infrastructure
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 17
AWS Global Infrastructure
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 18
High Availability Using Multi-AZ Deployments
Region
Availability Availability
Zone - A Zone - B
Availability
Zone - C
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 19
AWS Global Infrastructure
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 20
AWS Management Console
Demonstration
21
Knowledge Check
Q: What is the AWS term for physically distinct groups of data centers
within a region?
Availability Zone
True or False: There are more Regions than Edge locations.
False
True or False: AWS owns and maintains the infrastructure required for
application services. You provision and use them as needed.
True
Q: How do Availability Zones in the same region differ?
Each Availability Zone is isolated, but the Availability Zones in a region
are connected through low-latency links.
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 22
Module 2
AWS Foundational Services
23
Module 2 Layout
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 24
Amazon Elastic Compute
Cloud (EC2)
25
Amazon Elastic Compute Cloud (EC2)
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 26
Amazon EC2 Facts
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 27
Launching an Amazon EC2 Instance via the
Management Console
1. Determine the AWS Region in which you want to launch the
Amazon EC2 instance.
2. Launch an Amazon EC2 instance from a pre-configured Amazon
Machine Image (AMI).
3. Choose an instance type based on CPU, memory, storage, and
network requirements.
4. Configure network, IP address, security groups, storage volume,
tags, and key pair.
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 28
Amazon Machine Image (AMI) Details
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 29
Instances and AMIs
Host computer
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 30
Amazon EC2 Instances
EBS
S3 Buckets
Snapshots
S3
Region
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 31
Instance Lifecycle
EBS-backed instances only
Launch Start
pending
AMI
Reboot
Stop
rebooting running stopping stopped
Terminate
shutting-down
Terminate
terminated
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 32
AWS Marketplace IT Software Optimized for the
Cloud
Online store to discover, purchase, and
deploy IT software on top of the AWS
infrastructure.
Catalog of 2700+ IT software solutions
including Paid, BYOL, Open Source,
SaaS, and free-to-try options.
Pre-configured to operate on AWS.
Software checked by AWS for security
and operability.
Deploys to AWS environment in
minutes.
Flexible, usage-based billing models.
Software charges billed to AWS
account.
Includes AWS Test Drive.
https://aws.amazon.com/marketplace 33
Choosing the Right Amazon EC2 Instance
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 35
X1 Instance - Tons of Memory
NEW
The X1 instance:
Features up to 2TB of memory and 100 vCPU.
Uses Intel E7 v3 Haswell processors.
Is designed for demanding enterprise workloads,
including production installations of SAP HANA,
Microsoft SQL Server, Apache Spark, and Presto.
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 36
Intel Processor Technologies
Intel AVX: Provides dramatically better performance for highly parallel
HPC workloads such as life science engineering, data mining, financial
analysis, or other technical computing applications. AVX also enhances
image, video, and audio processing.
Intel AES-NI: Enhance your security with these new encryption
instructions that reduce the performance penalty associated with
encrypting/decrypting data.
Intel Turbo Boost Technology: Provides more computing power when you
need it with performance that adapts to spikes in your workload.
Intel Transactional Synchronization (TSX) Extensions: Enable execution of
transactions that are independent to accelerate throughput.
P state & C state control: Gives you the ability to individually tune each
cores performance & sleep states to improve application performance.
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 37
AWS EC2 Instances with Intel Technologies
AWS High Compute- Storage- General Memory- IO- Graphics- Burstable
Instance Memory Optimized Optimized Purpose Optimized Optimized Optimized Performance
Type X1 C4 D2 M4 R3 I2 G2 T2
Custom Intel Custom Intel Custom Intel
Intel Intel Xeon Intel Xeon Intel Xeon Intel Xeon Intel Xeon
Xeon Xeon Xeon
Processor E7-8880 v3 E5-2670 v2 E5-2670 v2 E5-2670 Family
E5-2666 v3 E5-2676 v3 E5-2676 v3
Intel AVX AVX 2.0 AVX 2.0 AVX 2.0 AVX 2.0 Yes Yes Yes Yes
Intel AES-NI Yes Yes Yes Yes Yes Yes No No
Intel Turbo
Yes Yes Yes Yes Yes Yes Yes Yes
Boost
Intel TSX Yes No No No No No No No
Per core P- Yes
and C-state No (8xlarge No No No No No No
control only)
EBS EBS EBS
SSD
Optimized by Optimized by No Optimized by Yes Yes Yes EBS only
Storage
default default default
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 38
Current Generation Instances
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 39
Instance Metadata
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 40
Retrieving Instance Metadata
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 41
Instance User Data
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 42
Adding User Data
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 43
User Data Example Linux
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 44
User Data Example Windows
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 45
Retrieving User Data
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 46
Amazon EC2 Purchasing Options
Purchase, at a
significant Purchase
discount, instances that Bid on unused
instances that instances, Pay, by the Pay for a
are always
are always which can run hour, for physical host
available on
Pay by the available as long as they instances that that is fully
the specified
hour. are available run on single- dedicated to
recurring
and your bid is tenant running your
schedule, for
above the hardware. instances.
a one-year
1-year to 3- Spot price.
term.
year terms.
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 47
Networking
Amazon VPC
48
Amazon Virtual Private Cloud (VPC)
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 49
VPCs and Subnets
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 50
Amazon VPC Example
Internet Customer
Network
Internet Virtual
Gateway Private
Gateway
R
AWS Cloud
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 51
Security in Your VPC
instance instance instance instance
Security groups
Network access Security
Group
Security
Group
Security
Group
Security
Group
control lists
(ACLs) Subnet
10.0.0.0/24
Subnet
10.0.1.0/24
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 52
VPN Connections
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 53
Storage Services
Amazon S3 and Amazon EBS
54
Amazon Simple Storage Service (S3)
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 55
Amazon S3 Facts
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 57
Amazon S3 Concepts
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 58
Object Keys
Bucket Object/Key
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 59
Amazon S3 Security
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 60
Amazon S3 Versioning
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 63
Amazon Glacier
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 64
Amazon S3 Storage Classes
Storage Class Durability Availability Other Considerations
Amazon S3
99.999999999% 99.99%
Standard
Amazon S3 Retrieval fee associated with
Standard - objects
99.999999999% 99.9% Most suitable for infrequently
Infrequent
accessed data
Access (IA)
Not available for real-time
access
99.99% Must restore objects before
Glacier 99.999999999%
(once restored) you can access them
Restoring objects can take 3-5
hours
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 65
Instructor Demo
Amazon S3
66
Amazon Elastic Block Store (EBS)
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 67
Amazon EBS Lifecycle Call CreateVolume
1 GiB to 16 TiB
Vast amounts of
unused space Create
Call AttachVolume to affiliate with
Attach one Amazon EC2 instance
Deleted
CreateSnapshot
Snapshot to
Call DeleteVolume Amazon S3
Detach
Call DetachVolume
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 68
Amazon EBS Volume Types
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 69
Amazon EBS Volume Types
SSD HDD
General Purpose Provisioned IOPS Throughput Optimized
Volume Type SSD (gp2) SSD (io1) HDD (st1)
Cold HDD (sc1)
Highest-
Balances price and Low-cost HDD Lowest cost HDD
performance SSD
performance for a designed for frequently designed for less
Description wide variety of
volume designed for
accessed, throughput- frequently accessed
mission-critical
transactional loads. intensive workloads. workloads.
applications.
Volume Sizes 1 GiB 16 TiB 4 GiB 16 TiB 500 GiB 16 TiB 500 GiB 16 TiB
Dominant
Performance IOPS IOPS MiB/s MiB/s
Attribute
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 70
Amazon EBS Facts
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 71
Amazon EBS Use Cases
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 72
Amazon EBS Pricing
* Check Amazon EBS Pricing page for current pricing for all regions.
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 73
Amazon EBS Scope
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 74
Amazon EBS and Amazon S3
Amazon EBS Amazon S3
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 75
Amazon EC2 Instance Storage
Amazon EBS
Data stored on an Amazon EBS volume can persist
independently of the life of the instance.
Storage is persistent.
Amazon EC2 Instance Store
Data stored on a local instance store persists only as long as the
instance is alive.
Storage is ephemeral.
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 77
Reboot vs. Stop vs. Terminate
Characteristic Reboot Stop/Start Terminate
(EBS-backed instances only)
Elastic IP EIP remains associated EIP remains associated with EIP is disassociated from the
addresses (EIP) with the instance. the instance. instance.
Instance store
Preserved Erased Erased
volumes
Boot volume is deleted by
EBS volume Preserved Preserved
default.
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 78
Knowledge Check
80
AWS Shared Responsibility Model
Customers Customer Applica2ons & Content
PlaEorm, Applica2ons, Iden2ty, and Access Management Customers are
responsible for
Opera2ng System, Network, and Firewall Congura2on
security IN the cloud
Client-side Data Server-side Data Network Trac
Encryp2on Encryp2on Protec2on
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 81
Physical Security
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 82
Hardware, Software, and Network
Automated change-control
process
Bastion servers that record all
access attempts
Firewall and other boundary
devices
AWS monitoring tools
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 83
Certifications and Accreditations
ISO 9001, ISO 27001, ISO 27017, ISO 27018, IRAP (Australia), MLPS Level 3 (China),
MTCS Tier 3 Certification (Singapore) and more
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 84
SSL Endpoints
SSL Endpoints Security Groups VPC
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 85
Security Groups
SSL Endpoints Security Groups VPC
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 86
AWS Multi-Tier Security Groups
Tier Web
io n Tier
Applicat
EC2
EC2
HTTP
Ports 80 and 443 only Tier
e
open to the Internet Databas
Bastion EC2
SSH/RDP
Engineering staff have SSH/RDP
access to Bastion Host
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 87
Amazon Virtual Private Cloud (VPC)
SSL Endpoints Security Groups VPC
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 88
AWS Identity and Access Management (IAM)
1 2 3
Manage
AWS IAMAWS IAM users Manage AWS IAM roles Manage federated users
and their access and their permissions and their permissions
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 89
AWS IAM Authentication
Authentication
AWS Management Console IAM User
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 90
AWS IAM Authentication
Authentication
AWS CLI or SDK API IAM User
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 91
AWS IAM User Management - Groups
AWS Account
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 92
AWS IAM Authorization
Authorization
Policies: IAM User
IAM Group
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 93
AWS IAM Policy Elements
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1453690971587",
"Action": [
"ec2:Describe*",
"ec2:StartInstances",
"ec2:StopInstances
],
"Effect": "Allow",
"Resource": "*",
"Condition": {
"IpAddress": {
"aws:SourceIp": "54.64.34.65/32
}
IAM Policy
}
},
{
"Sid": "Stmt1453690998327",
"Action": [
"s3:GetObject*
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::example_bucket/*
}
]
}
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 94
AWS IAM Policy Assignment
Assigned Assigned
IAM Policy
IAM User
IAM Group
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 95
AWS IAM Policy Assignment
Assigned Assigned
IAM Policy
IAM User
IAM Group
Assigned
IAM Roles
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 96
AWS IAM Roles
IAM Roles
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 97
AWS IAM Policy Assignment
Assigned Assigned
IAM Policy
IAM User
IAM Group
Assigned
Assumed
Assumed
AWS Resources
IAM User
IAM Roles
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 98
Example: Application Access to AWS
Resources
IAM Roles
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 99
AWS IAM Roles - Instance Profiles
Amazon EC2 Amazon S3
1
Create Instance
4
2
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 100
AWS IAM Roles Assume Role
Amazon S3
Access Access
2 4
Assigned
Assume
Assume
1
Assigned
1
IAM Admin Policy
IAM Admin Role
Use Cases
Cross account access
Federation
Mobile Users
Key rotation for Amazon EC2-based apps
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 102
Application Authentication
No Support No Support
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 103
AWS IAM Authentication and Authorization
Authentication
AWS Management Console IAM User
IAM Group
User Name and Password
AWS CLI or SDK API
IAM Roles
Access Key and Secret Key
Authorization
Policies
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 104
AWS IAM Best Practices
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 105
AWS IAM Best Practices (cont.)
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 106
AWS CloudTrail
Logs
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 107
Knowledge Check
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 108
Instructor Demo
IAM
109
Module 4
Databases
110
SQL and NoSQL Databases
SQL NoSQL
Data Storage Rows and Columns Key-Value
Schemas Fixed Dynamic
Querying Using SQL Focused on collection of
documents
Scalability Vertical Horizontal
SQL NoSQL
ISBN Title Author Format {
ISBN: 9182932465265,
9182932465265 Cloud Computing Wilson, Paperback Title: Cloud Computing Concepts,
Concepts Joe Author: Wilson, Joe,
Format: Paperback
3142536475869 The Database Gomez, eBook }
Guru Maria
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 111
Data Storage Considerations
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 112
AWS Managed Database Services
Deployment and Administration
Amazon DynamoDB
App Services
Amazon ElastiCache
Amazon Redshift
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 113
Amazon Relational Database Service (RDS)
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 114
Amazon RDS
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 115
DB Instances
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 116
How Amazon RDS Backups Work
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 117
Cross-Region Snapshots
Are a copy of a
database snapshot
stored in a different AWS
Region.
Provide a backup for
disaster recovery.
Can be used as a base
for migration to a
different region.
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 118
Amazon RDS Security
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 119
A Simple Application Architecture
DB snapshots in
Amazon S3
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 120
Multi-AZ RDS Deployment
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 121
A Resilient, Durable Application Architecture
Application, in Amazon
EC2 instances
DB snapshots in
Amazon S3
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 122
Amazon RDS Best Practices
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 123
Amazon DynamoDB
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 124
DynamoDB Data Model
Artist Song Album Year Genre
Title Title
Table:
Items
Music
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 125
Primary Keys
Artist Song Album Year Genre
Title Title
Partition Key
Sort Key
(DynamoDB maintains a sorted index for both keys)
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 126
Provisioned Throughput
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 127
Supported Operations
Query:
Query a table using the partition key and an optional sort key filter.
If the table has a secondary index, query using its key.
It is the most efficient way to retrieve items from a table or
secondary index.
Scan:
You can scan a table or secondary index.
Scan reads every item slower than querying.
You can use conditional expressions in both Query and Scan
operations.
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 128
Simple Application Architecture
Business logic
Elastic Load
Balancing Amazon EC2 Amazon
app instances DynamoDB
Clients
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 129
Amazon RDS and Amazon DynamoDB
Factors Relational (Amazon RDS) NoSQL (Amazon DynamoDB)
Existing database apps New web-scale applications
Application
Business processcentric apps Large number of small writes and reads
Type
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 131
Knowledge Check
133
Triad of Services
Elastic Load
Balancing
Latency
Utilization
Execute AS
Policy
Auto Scaling CloudWatch
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 134
Elastic Load Balancing
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 135
Classic Load Balancer - How It Works
Register
instances with
your load
balancer. load balancer
X
Availability Zone A Availability Zone B
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 136
Application Load Balancer How It Works
Register instances as
targets in a target
group, and route
traffic to a target load balancer
group.
Rule Listener Rule Listener Rule
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 137
Load Balancer Comparison
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 138
Amazon CloudWatch
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 139
Amazon CloudWatch Facts
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 140
Amazon CloudWatch Architecture
Amazon
CloudWatch
PageViewCount
Available
Statistics
CloudWatch Metrics
Custom
Auto Scaling
Application-
Specific Metrics
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 141
CloudWatch Metrics Examples
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 142
Auto Scaling
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 143
Auto Scaling Benefits
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 144
Launch Configurations
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 145
Auto Scaling Groups
Desired capacity
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Maximum size 146
Dynamic Scaling
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 147
Auto Scaling Basic Lifecycle
Attach to Group
instances
Scheduled Event
Auto Scaling group Amazon CloudWatch
Detach from
Group
Scale In
Terminate
Instance X
Scheduled Event
Amazon CloudWatch
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 148
AWS Trusted Advisor
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 149
Cost Optimization
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 150
Security
Security groups
AWS IAM use
Amazon S3 bucket permissions
MFA on toot Account
AWS IAM password policy
Amazon RDS security group access risk
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 151
Fault Tolerance
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 152
Performance Improvement
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 153
Knowledge Check
True or False: Auto Scaling helps you ensure that you have the correct
number of EC2 instances available to handle the load for your application.
True
Q: What feature would you use with an auto scaling policy to determine
when your auto scaling group should scale out/in?
Amazon CloudWatch alarms
Q: You have an application composed of individual services and need to
route a request to a service based on the content of the request. What
type of load balancer should you use?
Application Load Balancer
Q: Which AWS service serves as a best practice and recommendation
engine?
AWS Trusted Advisor
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 154
Module 6
Course Wrap-Up
155
Learning Path
AWS Introduction AWS Foundational AWS Management
Services Tools
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 156
Expand Your Cloud Skills with AWS
Start working with an AWS Learn how to design, deploy, Validate your proven
service in minutes with free and operate highly available, technical expertise with the
online instructional videos cost-effective, and secure AWS platform and gain
and labs applications on AWS recognition for your skills
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 157
Self-Paced Labs
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 158
AWS ILT Training Courses
Advanced Architecting on
DevOps Engineering on AWS Security Operations on AWS
AWS 3 days 3 days
3 days
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 159
AWS Certification
Individual Employer
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 161
Preparing for AWS Certification
For resources to help you prepare for the
certification exam, see
aws.amazon.com/certification. AWS Technical Training
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 162
AWS Support
163
Support Options
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 164
Support Options
A primary contact to help manage AWS Insight into how and where you can get the
resources. most impact for your AWS spend.
Personalized handling of billing inquiries, tax Opportunities to reduce your monthly spend
questions, service limits, and bulk reserve and retain or increase productivity.
instance purchases. Guidance on getting the optimal
Direct access to an agent to help optimize performance and availability based on your
costs, and identify underutilized resources. requirements.
Confidence that your environment is secure.
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 165
Support Comparison
Enterprise Business Developer Basic
Support Forums
AWS Trusted Advisor Full Checks Full Checks Basic Checks Basic Checks
Access to Technical Support Phone, chat, email, live screen sharing, TAM (24/7) Phone, chat, email, live screen sharing Email (local business hours) Support for Health Checks
Primary Case Handling Sr. Cloud Support Engineer Cloud Support Engineer Cloud Support Associate Technical Customer Service
Associate
Users who can create Technical Support cases Unlimited (IAM supported) Unlimited (IAM supported) 1 (account credentials only)
Case Severity/Response Times Critical: < 15 minutes Urgent: < 1 hour Normal: < 12 hours
Urgent: < 1 hour High: < 4 hours Low: < 24 hours
High: < 4 hours Normal: < 12 hours
Normal: < 12 hours Low: < 24 hours
Low: < 24 hours
AWS Concierge
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 166
Module 7
Course Appendix
167
Module 1 Appendix
AWS Introduction and History
168
Cloud Computing Concepts
169
What is cloud computing?
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 170
Essential Characteristics of Cloud Computing
On-Demand Self Services
Resource Pooling
Rapid Elasticity
Measured Service
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 171
On-Demand Self Services & Broad Network
Access
User provisions computing resources as needed.
User interacts with cloud service provider through an online
control panel.
Clear solutions are available through a variety of network-
connected devices and over varying platforms.
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 172
Resource Pooling
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 173
Rapid Elasticity
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 174
Measured Service
Electrical services
analogy
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 175
What Does My AWS Cloud Look Like?
176
Module 2 Appendix
AWS Foundational Services
177
Data Center Design Models
178
Application Design Model
One-Tier Model Two-Tier Model
SQL
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 179
Web Services Model
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 180
Amazon EC2
181
AMI Types - Storage for the Root Device
Data The root volume is deleted when the instance Data on any instance store volumes persists
persistence terminates. Data on any other Amazon EBS volumes only during the life of the instance.
persists after the instance is terminated.
Charges Instance usage, Amazon EBS volume usage, and Instance usage and storing your AMI in
storing your AMI as an Amazon EBS snapshot. Amazon S3.
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 182
Storage Concepts and
Solutions
183
Block and File Level Storage
Block File
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 184
Storage Technologies
DAS NAS SAN
Client Client
Client Client
Client Client
FC Switch
DAS Storage DAS Storage
Server Server
RAID 1
RAID 2 SAN Storage
Server Server
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 185
Amazon S3
186
Amazon S3 Buckets
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 187
Amazon S3 Region Considerations
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 188
Amazon S3 Objects
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 189
Amazon S3 + Amazon Glacier
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 190
Amazon EBS
191
EBS Performance
EBS Magnetic
40-200 IOPS
EBS General Purpose SSD
SSD backed
3 IOPS / GB
Burstable to 3,000 IOPS and up to 10,000 IOPS
EBS Provisioned IOPS SSD
SSD backed
Up to 20,000 IOPS consistently
Up to 320 MB/s throughput
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 192
Amazon CloudFront
193
Amazon CloudFront
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 194
How You Configure CloudFront to Deliver
Your Content
Developer
Edge
1 2 locations
3
Objects/data http://d111111abcdef8.cloudfront.net
4
Web distribution
Your distributions
configuration
S3 bucket or CloudFront
HTTP server
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 195
How CloudFront Delivers Content to Your
Users
Amazon S3 server
or HTTP server
3a
example.com
2
Object/data
Edge location
3b
3/3c
1
Object
/data
User
Website
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 196
Networking Concepts
197
What is a Network?
Network Types:
LAN LAN
Local Area Network (LAN)
Wide Area Network (WAN) VPN
Virtual Private Network (VPN)
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 198
Physical vs. Logical Topology
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 199
Physical Network Hardware/Devices
Internet
Router Router
Firewall
Firewall
Workstations/
Devices
Servers
Switch
Switch
Workstations/Devices
Servers
Telecommunications
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 200
Amazon VPC
201
Networking in Your VPC
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 202
Module 3 Appendix
Security, Identity, and Access
Management
203
Data Center Security
204
Physical & Environmental Security
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 205
Network Security
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 206
AWS IAM
Advanced Concepts
207
AWS Resource-Based Policies
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 208
Access to AWS Resources
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 209
AWS Services support for IAM Roles
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 210
Module 4 Appendix
Databases
211
Security Groups
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 212
DB Parameter & Option Groups
DB parameter groups:
Contain engine configuration values that can be applied to one or
more DB instances of the same instance type.
Are applied by Amazon RDS by default when you create DB
instance, which contains defaults for the specific database engine
and instance class of the DB instance.
DB option groups:
Tools that simplify database
management.
Currently available for Oracle,
Microsoft SQL Server, and MySQL 5.6
DB instances.
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 213
Supported Operations
Table Operations:
Create, update, and delete tables.
After creation, you can increase or decrease provisioned
throughput.
Retrieve the tables status, the primary key, and when the table was
created.
List all tables in your account for a region.
Item Operations:
Add, update, and delete items from a table.
Add, update, and delete existing attributes from an item.
Perform conditional updates.
Retrieve a single item or multiple items.
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 214
Local Secondary Index
Artist Song Album Year Genre
Title Title
Table:
Music Table: Music
Partition Key: Artist
Sort Key: Song Title
LSI: Album Title
Partition Key
Sort Key
LSI
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 215
Global Secondary Index
Song Album
Artist Year Genre
Title Title
Table:
Music
Choose which attributes
to project (if any)
217
AutoScaling
Advanced Concepts
218
Scaling Plans
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 219
Elastic Load Balancing
Advanced Concepts
220
Load Balancer Types
Internet-Facing Internal HTTPS
HTTPS traffic
SSL handler/load
Load balancer Load balancer balancer
EC2 instances EC2 instances EC2 instances EC2 instances EC2 instances EC2 instances
private subnet private subnet
Availability Zone A Availability Zone B Availability Zone A Availability Zone B Availability Zone A Availability Zone B
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 221
Request Routing
DNS server
client
Routing
elb.example.org
Algorithm
EC2 instance
security group
Auto Scaling group
Load Balancer
IP Addresses
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 222
Listeners
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 223
Back-end Instances for Your Load Balancer
Health checks
Security groups
Subnets
Register
De-register instances
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 224
CloudWatch Advanced
Concepts
225
CloudWatch Alarms
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 226
Supported AWS Services
Amazon CloudWatch
AWS Storage Amazon S3
Amazon Machine Elastic Load
Amazon Amazon Amazon AWS OpsWorks
Gateway
Learning
Balancing
WorkSpaces
SWF
DynamoDB
Amazon Amazon EC2
Amazon Kinesis
AWS Lambda
Amazon EC2 Amazon Amazon RDS
AWS WAF
CloudFront
Container Service
SQS
Amazon EBS
Auto Scaling
Amazon Amazon EMR
Amazon Amazon SNS
Amazon Redshift
Amazon
Route 53
CloudSearch
ElastiCache
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 227
Module 6 Appendix
Course Wrap-Up
228
AWS Support
229
Case Severity & Response Times
Critical Urgent High Normal Low
Enterprise Plan 15 minutes or less 1 hour or less 4 hours or less 12 hours or less 24 hours or less
(24 x 7)
Business Plan 1 hour or less 4 hours or less 12 hours or less 24 hours or less
(24 x 7)
Developer Plan 12 hours or less 24 hours or less
(Business hours)
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 230
Pricing
Basic Developer Business Enterprise
Included $29/month Greater of $100 Greater of $15,000
-or- -or- -or-
3% of monthly 10% of monthly AWS usage for the 10% of monthly AWS usage for the first
AWS spend first $0-$10K $0-$150K
7% of monthly AWS usage from 7% of monthly AWS usage from
$10K-$80K $150K-$500K
5% of monthly AWS usage from 5% of monthly AWS usage from
$80K-$250K $500k-$1M
3% of monthly AWS usage over 3% of monthly AWS usage over
$250K $1M
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 231
Pricing Examples
Business Pricing Example Enterprise Pricing Example
For $85K in AWS monthly usage: For $1.2M in AWS monthly usage:
$10,000 x 10% = $1,000 $150,000 x 10% = $15,000
(10% of the first $0 - $10K of usage) (10% of the first $0 - $150K of usage)
+ $0 x 3% = $0 + $200,000 x 3% = $6,000
(3% of usage over $250K) (3% of usage over $1M)
Total: $6,500 Total: $70,500
2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 232
2016 Amazon Web Services, Inc. or its affiliates. All rights reserved.
233