Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.

Day 1 - Your First Week with Amazon Web Services

1.821 visualizaciones

Publicado el

Amazon Elastic Compute Cloud (Amazon EC2) provides resizable compute capacity in the cloud and is often the starting point for your first week using AWS. This session will introduce these concepts, along with the fundamentals of Amazon EC2, by employing an agile approach that is made possible by the cloud. Attendees will experience the reality of what a first week on Amazon EC2 looks like from the perspective of someone deploying an actual application on Amazon EC2. You will follow them as they progress from deploying their entire application from an Amazon EC2 AMI on day 1 to more advanced features and patterns available in Amazon EC2 by day 5.

Reasons to attend:
- Learn how to deploy your first instance.
- Learn how to connect your instance to a database.
Set up Amazon CloudWatch Alarms and learn about high availability.

Publicado en: Tecnología
  • Sé el primero en comentar

Day 1 - Your First Week with Amazon Web Services

  1. 1. Your First Week with the AWS Cloud Clayton Brown, Ecosystem Solution Architect
  2. 2. What you’ll get out of this In this webinar we will recommend some key activities and areas of AWS to focus on during your first week
  3. 3. In your first week with Amazon web Services there are three common phases to the activities you will perform v Secure in Advance The first priority is to secure the AWS account with an initial set of permissions and also to enable auditing and logging with Cloud Trail to understand resources better Explore the Console & CLI Next, knowing that your account is secure you can explore the AWS services and see how they function. For this use the AWS Console Optimize & Automate Finally, leverage what you have learnt during the exploration phase to rebuild and develop your application architecture on AWS. But deploy services using automation such as Cloud Formation Your First Week - Phases
  4. 4. • AWS Console • AWS Command line Interface (AWS CLI) • Identity and Access Management (IAM) • Amazon CloudWatch • Amazon CloudTrail • Simple Storage Service (S3) • AWS Trusted Advisor • Virtual Private Cloud (VPC) • Elastic Compute Cloud (EC2) • Cloud Formation Key tools I will discuss
  5. 5. AWS Console
  6. 6. AWS CLI
  7. 7. v Introducing AWS IAM 1. Users – Create individual users 2. Groups – Manage permissions with groups 3. Permissions – Grant least privilege 4. Password – Configure a strong password policy 5. MFA – Enable MFA for privileged users 6. Roles – Use IAM roles for EC2 instances 7. Sharing – Use IAM roles to share access 8. Rotate – Rotate security credentials regularly 9. Conditions – Restrict privileged access further with conditions 10. Root – Reduce or remove use of root Image Source: AWS
  8. 8. Some IAM best practices 1. Users – Create individual users 2. Groups – Manage permissions with groups 3. Permissions – Grant least privilege 4. Password – Configure a strong password policy 5. MFA – Enable MFA for privileged users 6. Roles – Use IAM roles for EC2 instances and Federated Users (FIDM/SAML) 7. Sharing – Use IAM roles to share access, even inter account 8. Rotate – Rotate security credentials regularly 9. Conditions – Restrict privileged access further with conditions 10. Root – Reduce or remove use of root,
  9. 9. Check Trusted Advisor (Regularly) v
  10. 10. v Introducing AWS CloudTrail You are making API calls... On a growing set of services around the world.. CloudTrail is continuously recording API calls… And delivering log files to you… Image Source: AWS
  11. 11. Configure Cloudtrail Logging (In Each Region) v
  12. 12. Introduction to CloudWatch v
  13. 13. Create Some AWS billing alerts
  14. 14. v EC2 EC2
  15. 15. Amazon EC2 Instances v Guest 1 Guest 2 Guest n Hypervisor Host Server
  16. 16. v
  17. 17. v Instance generation c3.large Instance family Instance size
  18. 18. Create a Network - VPC Components v Route table Elastic network interface Amazon VPC Router Internet gateway Customer gateway Virtual private gateway VPN connection Subnet Elastic IP Public IP
  19. 19. v Default VPC
  20. 20. v Custom VPC From this… Servers VPC Availability Zone A Region Internet Gateway Internet Users Public Subnet
  21. 21. v NAT Instance Private Subnet 2 Availability Zone 1 Private Subnet 3 Private Subnet 4 To this … VPC Region NAT Instance Internet Gateway Internet Users Private Subnet 1 Public Subnet 1 Availability Zone 2 Public Subnet 2
  22. 22. Internal v company app #2 Possibly this …. AWS region Public-facing web app Internal company app #1 HA pair VPN endpoints company data center Internal company app #3 Internal company app #4 Services VPC Internal company Dev Internal company QA AD, DNS Monitoring Logging
  23. 23. Cloud Rewards Continual Optimization
  24. 24. Optimize Your Architecture v 1. Turn off unused instances 2. Use Auto Scaling 3. Use Reserved Instances 4. Use Spot Instances 5. Leverage Amazon S3 storage classes 6. Optimize Amazon DynamoDB capacity units 7. Offload traffic to S3 and CloudFront
  25. 25. Turn off unused instances v • Developer, test, training instances • Use simple instance start and stop • Or tear down and build up all together • Instances are disposable • Automate, automate, automate: • AWS CloudFormation • Weekend/off-hours scripts • Use tags
  26. 26. Learn about Auto Scaling v
  27. 27. Reserved Instances Cost Savings vs. On-Demand Annual Utilization m1.large – Unix – 1 Year Reserved Instance On-Demand Light Utilization Reserved Instance Medium Utilization Reserved Instances Optimal Savings Sub-Optimal Savings Least Savings Heavy Utilization Reserved Instances 10% $234 77.95% 210.43% 479.49% 20% $468 18.97% 73.68% 189.74% 30% $702 0.68% 28.09% 93.16% 40% $936 10.51% 5.30% 44.87% 50% $1,170 16.41% 8.38% 15.90% 60% $1,404 20.34% 17.49% 3.42% 70% $1,638 23.15% 24.00% 17.22% 80% $1,872 25.26% 28.89% 27.56% 90% $2,106 26.89% 32.69% 35.61% 100% $2,340 28.21% 35.73% 42.05% Different instance types have different break-even points for 1 Yr. and 3 Yr. reservations
  28. 28. Understand Spot Instances v On-Demand: $0.24 $0.028 (11.7%) $0.026 (10,8%) $3.28 (1367%)
  29. 29. Understand Amazon storage classes • Reduced redundancy storage v class • 99.99% durability vs. 99.999999999% • Up to 20% savings • Everything that is easy to reproduce • Use Amazon SNS lost object notifications • Amazon Glacier storage class • Same 99.999999999% durability • 3 to 5 hours restore time • Up to 64% savings • Archiving, long-term backups, and old data • Use life-cycle rules
  30. 30. Leverage existing services • Amazon RDS, Amazon DynamoDB or Amazon v ElastiCache for Redis, Amazon Redshift • Instead of running your own database • Amazon CloudSearch • Instead of running your own search engine • Amazon Elastic Transcoder • Amazon Elastic MapReduce • Amazon Cognito, Amazon SQS, Amazon SNS, Amazon Simple Workflow Service, Amazon SES, Amazon Kinesis, and more … Simple, more reliable, lower cost
  31. 31. Optimize Amazon DynamoDB capacity units v • Read/write capacity units (CUs) determine most of DynamoDB cost • By optimizing CUs, you can save a lot of money • But: • Need to provision enough capacity to not run into capacity errors • Need to prepare for peaks • Need to constantly monitor/adjust
  32. 32. Offload parts of your application v • The more you can offload, the less infrastructure you need to maintain, scale, and pay for • Three easy ways to offload: • Use Amazon CloudFront • Introduce caching • Leverage existing Amazon web services
  33. 33. Offload popular traffic to Amazon S3, CloudFront v
  34. 34. Setting up Amazon CloudFront in the console v
  35. 35. Offload databases through caching v
  36. 36. Setting up Amazon ElastiCache in the console v
  37. 37. v Automate
  38. 38. Reusable worldwide v
  39. 39. You started simple…
  40. 40. We started to evolve with AWS CLI echo "Bulding Instance" echo "ec2run $ami -t m2.2xlarge -n 1 -k $ec2region -g $sec -s $new_subnetID" ec2run $ami -t $ec2type -n 1 -k $ec2region -g $sec -s $new_subnetID | tee log/new_instance cat log/new_instance i=`cat log/new_instance | grep INSTANCE | cut -f2` sleep 5 echo "Creating eth1 network interface for $i" echo ec2-create-network-interface -d "$hostname - eth1" -g $sec $new_subnetID ec2-create-network-interface -d "$hostname - eth1" -g $sec $new_subnetID | tee log/new_nic nic=`cat log/new_nic | grep NETWORKINTERFACE| cut -f2`
  41. 41. Reach the top using our SDKs… #Main Instance if wf and wf['workflow']['instance'] == 0: try: self.stacks.update({'guid':wf['guid']}, {'$set':{'workflow.instance':2}}) reservation = self.ec2_master.run_instances(wf['stack']['ami'], instance_type=wf['stack']['instance_type'], security_group_ids=[wf['stack']['security_group']], subnet_id=wf['stack']['subnet_id'])
  42. 42. Code all the things…
  43. 43. AWS CloudFormation v Git Subversion Mercurial Dev Test Prod Model defined – Infrastructure as Code
  44. 44. Result?
  45. 45. Repeatability, Consistency, Accuracy, Agility Different strokes for different folks
  46. 46. Estimate Costs – AWS Simple Monthly Calculator
  47. 47. AWS TCO calculator
  48. 48. AWS Billing Console
  49. 49. Cost Actuals – Using the Cost Explorer
  50. 50. Online Labs | Training Gain confidence and hands-on experience with AWS. Watch free Instructional Videos and explore Self- Paced Labs Instructor Led Classes Learn how to design, deploy and operate highly available, cost-effective and secure applications on AWS in courses led by qualified AWS instructors AWS Certification Validate your technical expertise with AWS and use practice exams to help you prepare for AWS Certification
  51. 51. v Thank You