Download as pdf or txt
Download as pdf or txt
You are on page 1of 38

AWS Solution Architecture

© 2021- --AWS-SAA-C02

What is an AWS Solution Architect?

• The customer’s trusted advisor in digital transformation

• The owner of the technical relationship with the customer
• A critical guide on the customer’s cloud journey
• The technical expert, consultant, architect, educator, and trainer
• The customer’s Cloud CTO or Chief Cloud Architect

© 2021- --AWS-SAA-C02

The Keys to AWS Success


Customer Success

Customer Obsession is key!

Amazon Leadership Principles

• Customer Obsession • Earn Trust • Invent and Simplify • Bias For Action
• Learn and Be Curious • Dive Deep • Think Big • Deliver Results

© 2021- --AWS-SAA-C02

Breadth and Depth of Services
Professional Optimization Partner Training & Security & Billing Personalized
Support Services Ecosystem Solutions Management Account Management
Guidance Certification Reports Dashboard

Business Apps Business Intelligence DevOps Tools Security Networking Databases Storage

One-click App Custom Model
Data Warehousing Elasticsearch API Gateway Rules Engine Virtual Desktops Data Integration Schema Conversion
Deployment Training & Hosting

Single Integrated Image & Scene Sharing & Exabyte-Scale

Business Intelligence Data Pipelines Resource Templates Device Shadows Integrated Networking Data Migration
Console Recognition Collaboration

Interactive SQL Facial Recognition & Integrated Identity & Application Migration
Hadoop/Spark Queries Build & Test Identity Device SDKs Corporate Email Access
Streaming Data Application Lifecycle Integrated Resource &
ETL Sync Device Gateway Facial Search App Streaming Database Migration
Analysis Management Deployment Management

Streaming Data DevOps Resource Integrated Devices

MobileAnalytics Registry Text to Speech Communications Server Migration
Collection Management & Edge Systems

Triggers Local Compute Conversational Chatbots

Mobile App Testing Contact Center
Deep Learning
Containers Targeted Push (Apache MXNet,
Queuing & Notifications Email
TensorFlow, & others)
Workflow Transcoding Analyze & Debug

Search Patching


Compute Storage Databases Identity Monitoring & Assessment WebApplication Manage Service Configuration
Regions VMs, Auto-scaling, Load Object, Blocks, File, Archivals, Relational, NoSQL, Access Control
Import/Export, Exabyte-scale Caching, Migration, Management Logs & Reporting Firewall Resources Catalogue Tracking
Balancing, Containers,
Virtual Private Servers, data transfer PostgreSQL compatible
Availability Zones Batch Computing, Cloud
Key Management Server Resource
Functions, Elastic GPUs, Configuration Account Resource &Usage DDOS
Networking CDN Monitoring Management
Edge Computing Compliance & Storage Grouping Auditing Protection Templates
Points of Presence

© 2021- --AWS-SAA-C02

The Solution Architect is Key!

1. Define your scope

2. Dive deep
3. Design “Well-Architected” solutions
4. Earn trust
5. Educate
6. Iterate, Invent and Simplify, Innovate

© 2021- --AWS-SAA-C02

A Few Guiding Principles for AWS SAs

1. Cloud migration is a process

2. Customers need your expertise and help
3. Know your customer
4. Know the AWS platform and services
5. Act in the customer’s long-term, best interest

Long-term, professional services revenue = Success

© 2021- --AWS-SAA-C02

What sets AWS apart?
Security Fine-grained control

165+ services to support any cloud workload; rapid

Service Breadth & Depth customer driven releases

Experience: 1M+ customers Building and managing cloud since 2006

66 Availability Zones within 21 geographic Regions

Global Footprint 187 Points of Presence (176 Edge Locations and 11 Regional Edge Caches)
in 69 cities across 30 countries.

More machine learning happens on AWS than anywhere else.

Machine Learning Machine learning in the hands of every developer and data scientist.

Tens of thousands of APN partners. The AWS Marketplace offers 39

Ecosystem categories, and more than 4,800 software listings from more than 1,400 ISVs.

AWS positioned as a Leader in the Gartner Magic Quadrant for Cloud

Enterprise leader Infrastructure asa Service, Worldwide

© 2021- --AWS-SAA-C02

AWS’ History of Innovation
Customer-driven services and features
AWS has been continually expanding its services to support virtually any
cloud workload, and it now has more than 165 services that range from
compute, storage, networking, database, analytics, application services,
deployment, management, developer, mobile, Internet of Things (IoT),
Artificial Intelligence (AI), security, hybrid and enterprise applications.

# Services and features released

In 2011, we released over 80 new significant services and features,followed
by nearly 160 in 2012; 280 in 2013; 516 in 2014; 722 in 2015; 1,017 in 1430
2016; 1,430 in 2017; and 1,957 in 2018 1017
48 82

2009 2011 2012 2013 2014 2015 2016 2017 2018

© 2021- --AWS-SAA-C02

Leader in the Gartner Magic Quadrant

AWS has been named as a Leader in

Gartner’s Infrastructure as a Service
(IaaS) Magic Quadrant for the 9th
Consecutive Year

This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in
the context of the entire document. The Gartner document is available upon request from AWS. Gartner does
not endorse any vendor, product or service depicted in its research publications, and does not advise
technology users to select only those vendors with the highest ratings or other designation. Gartner research
publications consist of the opinions of Gartner's research organization and should not be construed as
statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research,
including any warranties of merchantability or fitness for a particular purpose.

© 2021- --AWS-SAA-C02

Some AWS Services Are Very Familiar

Virtual machine instance running on an AWS hypervisor

Compute - EC2
VMs (instances)

Block storage volumes for use with Amazon EC2 instances

Storage – EBS
SAN Storage (block storage)

Isolated virtual subnets in the AWS Cloud

Networking Networking – VPC

© 2021- --AWS-SAA-C02

AWS ComputeServices

Amazon EC2 Amazon ECS Auto Scaling Elastic Load Balancing

Virtual servers in the cloud Run and manage docker Scale compute capacity to Distribute incoming traffic
containers meet demand across multiple targets

Amazon EKS Amazon Fargate Amazon LightSail AWS Batch

Run managed Kubernetes Run containers without Launch and manage Run batch jobs at any scale
on AWS managing servers or clusters virtual private servers

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2021- --AWS-SAA-C02
EC2Instance: A Wide Selection of Instance Types


T3 M5 D2 H1 R5 R5m X1 X1e I3 I3m C5 G3 P3 F1 Z1d Z1dm

Virtual Burstable General Dense Big Data Memory Optimized In- Memory High I/O Bare Compute Graphics General FPGA Compute and
Private Purpose Storage Optimized memory Intensive Metal Intensive Intensive Purpose Memory Intensive
Servers High I/O GPU

© 2021- --AWS-SAA-C02

Supported Operating System by EC2

• Windows 2003R2/2008/2008R2/2012/2012R2/2016
• Amazon Linux
• Debian
• Suse
• CentOS
• Red Hat Enterprise Linux
• Ubuntu

Operating Systems on AWS Marketplace

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2021- --AWS-SAA-C02
EC2 Pricing

Free tier On-Demand Reserved Instances Spot instances Dedicated Hosts

Gain free, hands-on pay for compute a significant discount. Request spare EC2 A physical EC2 server
experience with the capacity by per hour. For steady state or computing capacity for dedicated for your use.
AWS platform, No longer-term predictable usage. up to 9 0 % off. For the Help you meet
products, and services commitments. For applications with compliance
short-term, spiky, or flexible start and end requirements.
unpredictable times.

© 2021- --AWS-SAA-C02

Lambda: Serverless, Event-DrivenCompute
Serverless Compute: Completely automated administration

No Servers to Extend other AWS Run code in Pay per use

Manage services with response and
custom logic auto scaling

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Amazon Lambda:
© 2021- --AWS-SAA-C02
Amazon S3 Storage Classes

S3 Standard S3 Intelligent-Tiering S3 Standard-IA S3 One Zone-IA S3 Glacier S3 Glacier Deep

Access Frequency
Frequent Infrequent

• Active, frequently • Variable access • Infrequently • Re-creatable less • Archive data • Archive data
accessed data frequency accessed data accessed data • Minutes to hours • 10+ hours access
• Milliseconds access • Milliseconds access • Milliseconds access • Milliseconds access access • ≥ 3 AZ
• > 3 AZ • ≥ 3 AZ • > 3 AZ • 1 AZ • > 3 AZ • From: $0.00099/GB
• From: $0.0210/GB • From: $0.0210 至 • From: $0.0125/GB • From: $0.0100/GB • From: $0.0040/GB • Retrieval fee per GB
$0.0125/GB • Retrieval fee per GB • Retrieval fee per GB • Retrieval fee per GB • Min storage duration
• Object-by-object • Min storage duration • Min storage • Min storage duration • Min object size
monitoring billing • Min object size duration • Min object size
• Min storage duration • Min object size

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2021- --AWS-SAA-C02
RDS:Managed Relational Database Service

Easy management, free from infrastructure

Amazon Aurora management
PostgreSQL Automate database lifecyclemanagement
through API calls
MySQL Focus on database access settings and
MariaDB application security
Manage master and slave replicas easily
Microsoft SQL Server Simplified HA setting
Oracle Automate backup DBA tasks such as backup
and minor version upgrade

© 2021- --AWS-SAA-C02

Amazon RDS:
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Amazon Aurora: Cloud Native High Performance Relational Database

Fully compatible with PostgreSQL and MySQL AZ 1 AZ 2 AZ 3

Up to 5x better performance than MySQL
At a price point 1/10 of a commercial database
One-Click online migration from MySQL to Aurora
Scale Up to 32vCPUs, 244 GiB
Storage scale out automatically: 10GB to 64TB
Storage volume striped across hundreds of
storage nodes distributed over 3 different AZ for Virtualized, cross-AZ storage layer
6 copies
Automatic detection and failover
Add up to 15 Replicas
Encryption at rest and in transit

Amazon Aurora:
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2021- --AWS-SAA-C02

© 2021- --AWS-SAA-C02

Rich Product Portfolio of Big Data Solutions

Object storage Archive, cold storage NoSQL database Managed Hadoop cluster Search engine
S3 Glacier DynamoDB EMR ElastiSearch
Fully managed, Support Spark, Hive, Hbase Less operation
Unlimited expansion Flexible conversion with S3 Single-digit millisecond Support for Spot instance Support Geolocation
99.999999999% durability $0.01/GB/month response search

Interactive query Real-time data stream Analysis Data Warehouse Intelligent BI display
Athena ingesting and processing machine learning Machine Redshift Quicksight
S3-based serverless service Kinesis Spice-based memory-based
Learning MPP parallel computing
Support standard SQL High throughput query engine
Easy modeling $1000/TB/year one-tenth the cost ofother
Flexible expansion
Easy to use one-tenth the cost of other solutions
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2021- --AWS-SAA-C02
Typical Big Data Using Scenarios and Industry for AWS Users

• User Behavior Analysis – Citizen Services,

eCommerce, Social, Gaming
• Business Data Analysis – Retail
• Clickstream analysis – webpage
• Ad serving / real-time bidding - real-time
• Smart recommendation – E-Commerce
• Genetic data analysis

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2021- --AWS-SAA-C02
Amazon Kinesis:Streaming Data Delivery and Real-Time Analytics

Kinesis Streams Kinesis Firehose Kinesis Analytics

Users build their own programs to The kinesis streams and firehose
handle streaming data Output data to S3 / Redshift / streams were analyzed using
AWS provides development kits for ElasticSearch standard SQL queries.
data production and Users no longer need to run Analysis results can be restored in
consumption consumer programs to extract data. kinesis streams and firehose.
The data production end can also be
connected to Flume, Fluentd,
Log4j, etc.
The data consumer can connect to
Spark, Storm, etc.

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2021- --AWS-SAA-C02

Broad and Deep Multi-Layered Superior AI Proven at Scale

Security Integration AWS IoT is built on a
AWS has broad and deep AWS IoT offers services for AWS is bringing AI and IoT scalable, secure, and
IoT services, from the edge all layers of security. AWS together to make devices proven cloud
to the cloud. Device IoT includes preventative more intelligent. You can infrastructure, and scales to
software, Amazon security mechanisms, such create models in the cloud, billions of different devices
FreeRTOS and AWS IoT as encryption and access and then deploy them to and trillions of messages.
Greengrass, provides local control to device data. AWS devices where they run 2x AWS IoT integrates with
data collection and IoT also offers a service to faster compared to other services such as AWS
analysis. In the cloud,AWS continuously monitor and offerings. AWS IoT sends Lambda, Amazon S3, and
IoT is the only vendor to audit security data back to the cloud for Amazon SageMaker, so you
bring together data configurations. You receive continuous improvement can build complete
management and rich alerts so you can mitigate of models. AWS IoT also solutions, such as an
analytics in easy to use potential issues, such as supports more machine application that uses AWS
services designed pushing a security fix to a learning frameworks IoT to manage cameras and
specifically for noisy IoT compared to other Amazon Kinesis for
data. offerings. machine learning.

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2021- --AWS-SAA-C02

Amazon FreeRTOS AWS IoTGreengrass AWS IoT Core AWS IoTDevice AWS IoT Device Defender
An operating system for A software that lets you Lets connected Continuously monitors and
microcontrollers that run local compute, devices easily and Makes it easy to securely audits your IoT configurations to
makes small, low-power messaging, data caching, securely interact with onboard, organize, make sure that they aren’t
edge devices easy to sync, and machinelearning cloud applications monitor, and remotely deviating from security best
program, deploy, secure, inference capabilities on and other manage IoT devices at practices.
connect, and connected devices in a devices. scale.
manage. secure way.

AWS IoT Things Graph AWS IoTAnalytics AWS IoTSiteWise AWS IoTEvents
Makes it easy to Makes it easy to detect and
Makes it easy to connect Makes it easy to run
collect, structure, and
different devices and sophisticated analytics respond to events from large
search IoT data from
cloud services to buildIoT on massive volumes numbers of IoT sensors and
industrial facility
applications. of IoT data. applications.
databases anduse it to
analyze equipment
and process
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2021- --AWS-SAA-C02 performance.
AWS AIArchitecture
Video and Image Analytics Vo ice Lan g uag e Ch atbo ts Forecast Recommendation


Rekognition Rekognition Textract Polly Transcribe Translate Comprehend Lex Forecast Personalize
Image Video

Am azon A WS AW S
S ag eM ak er D eep Len s D eep R acer

Bui ld Tra in ing D ep lo y

ML Pre-defined algorithm and notebo ok “One-Click” Model Training and “One-Click” deployment
Data Labeling (Ground Truth) Reinforcement Learning

Algo ri thm and Mo del( ML in AWS Improvement( N E O )


Framework Interface I n f ra s tru ctu re


M L Fram ewo rk an d
I n f ra s tr u ct u re
EC2 P3 EC2 C5 FPGAs Greengrass Elastic Amazon
& P3dn Inference Inferentia

© 2021- --AWS-SAA-C02

The Sum is Greater Than Its Parts
External Services
Content Amazon
Delivery CloudFront

DNS Route 53

Third Party Tools

Monitoring Amazon AWS

Logging CloudTrail

Load Balancing Elastic Load


External services and third-party too are native and integrated.

© 2021- --AWS-SAA-C02
AWS Global Infrastructure
21 Geographical Regions, 66 Availability Zones, 187 Points Of Presence (POP)

© 2021- --AWS-SAA-C02

AWS Regions
• AWS Regions are comprised of multiple Availability Zones (AZs)
• Resigned for High Availability, High Scalability, High FaultTolerance
AWS Availability Zone (AZ)

AWS Region

Transit AZ

Datacenter Datacenter

Transit AZ
A Region is a physical location in the world
where we have multiple Availability Zones.

© 2021- --AWS-SAA-C02

AWS Availability Zones (AZs)
• Fully isolated infrastructure with one or more datacenters
• Meaningful distance of separation
• Unique power infrastructure
• Datacenters are connected with fully redundant and isolated metro fiber
• Data can be replicated in real time and consistent in the different AZs

© 2021- --AWS-SAA-C02

Networking and Content Distribution

Customer Elastic Elastic Endpoints Application Download Hosted zone Direct

gateway network network load balancer distribution Connect
adapter interface gateway

Flow logs Internet NAT gateway Network Classic load Edge location Route table
gateway access balancer
control list

Peering Router VPN VPN Gateway Network load Streaming

Connection balancer distribution

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2021- --AWS-SAA-C02
Benefits of the AWS Global Infrastructure

Availability Security Scalability Reliability Performance

© 2021- --AWS-SAA-C02

What Do You Want To Manage?

Amazon EC2 Fully Managed

Self-Managed Service Service

Database DB on EC2
instance RDS

Corporate data AWS Data AWS Data

center Center(s) Center(s)

© 2021- --AWS-SAA-C02

Shared Security Model

© 2021- --AWS-SAA-C02

Family of AWS Security Services

Authentication & Monitor & Control Infrastructure Data Protection Emergency Reaction
Authorization Security

AWS Identity & Access AWS CloudTrail Amazon EC2 AWS Key Management AWS Config Rules
Management (IAM) Systems Manager Service (KMS)
AWS Config AWS Lambda
AWS Organizations AWS Shield AWS CloudHSM
Amazon Cognito CloudWatch AWS Web Application Amazon Macie
AWS Directory Service Amazon GuardDuty Firewall (WAF)
AWS Certificate
Amazon Inspector Manager
AWS Single Sign-On VPC Flow Logs
Amazon Virtual Private Server Side Encryption
Cloud (VPC) Secrets Manager

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2021- --AWS-SAA-C02

SOC 1 / ISAE 3402 ISO 27001 FedRAMP

SOC 2 ISO 9001 ISO 27017

SOC 3 ISO 27018 PCI DSS Level 1



DoD SRG Levels 2 & 4 FERPA IT-Grundschutz

MLPS Level 3 Section 508 /VPAT MPAA

MTCS Tier 3 NIST Cloud Security Alliance

IRAP FISMA, RMF, and DIACAP Cyber Essentials Plus

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2021- --AWS-SAA-C02
AWS Infrastructure as Code

AWS CloudFormation
Managing applications and infrastructure using code-based tools and
software development techniques

• Build an AWS solution

• Create templates of your solution stacks
• Use templates to replicate stack deployments consistently, at scale
• Update templates as you update the solution design
• Manage templates like code

© 2021- --AWS-SAA-C02

AWS certificate

© 2021- --AWS-SAA-C02

Thank You!

© 2021- --AWS-SAA-C02

You might also like