AWS Core and Big Data Portfolio Overview

© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark
AWS Core Services and Big Data
Portfolio of Services

© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS Overview

Run applications –
reliably and securely
Provision network, compute,
storage and database services in the
cloud with the click of a button
Everything you’d want to do
in a traditional datacenter
What is Amazon Web Services (AWS)?

AWS Core Infrastructure and Services
Traditional Infrastructure Amazon Web Services
Security
Network
Security
Network
Security Groups NACLs Access Mgmt
VPCVPC
EC2 Classic
Public
ELB
On-Demand
Provision
Servers
AMI Amazon EC2 InstancesOn-Premises Servers
Security
Security Groups Network ACLs AWS IAMFirewalls ACLs Administrators
Storage
and
Database
RDBMSDAS SAN NAS Amazon
EBS
Amazon
EFS
Amazon
S3
Amazon
RDS
Networking
VPCELBRouter Network Pipeline Switch
Traditional Infrastructure Amazon Web Services

Integrated
Networking
Rules Engine
Device Shadows
Device SDKs
Device Gateway
Registry
Local Compute
Machine Learning
Conversational
Interface
Virtual Desktops
App Streaming
Schema
Conversion
Image Recognition
Sharing &
Collaboration
Exabyte-Scale
Data Migration
Text to Speech Corporate Email
Application
Migration
Database
Migration
Regions
Availability Zones
Points of
Presence
Data Warehousing
Business Intelligence
Elasticsearch
Hadoop/Spark
Data Pipelines
Streaming Data
Collection
ETL
Streaming Data
Analysis
Interactive SQL
Queries
Queuing & Notifications
Workflow
Email
Transcoding
Deep Learning
Frameworks
Server
Migration
Communications
Business Apps
Business
Intelligence
DevOps Tools Security Networking StorageDatabases
API Gateway
Single Integrated
Console
Identity
Sync
Mobile Analytics
Mobile App
Testing
Targeted Push
Notifications
One-click App
Deployment
DevOps Resource
Management
Application Lifecycle
Management
Containers
Triggers
Resource Templates
Build and Test
Analyze and Debug
Compute
VMs, Auto-
scaling, Load
Balancing,
Containers,
Virtual Private
Servers, Batch
Computing,
Cloud Functions,
Elastic GPUs,
Edge Computing
Storage
Object, Blocks,
File, Archivals,
Import/Export,
Exabyte-scale data
transfer
CDN
Databases
Relational,
NoSQL,
Caching,
Migration,
PostgreSQL
compatible
Networking
VPC, DX, DNS
Identity
Management
Key Management
& Storage
Monitorin
g & Logs
Configuration
Compliance
Web Application
Firewall
Assessment
& Reporting
Resource &
Usage Auditing
Access Control
Account
Grouping
DDOS Protection
Support Professional
Services
Optimization
Guidance
Partner
Ecosystem
Training &
Certification Solutions Management
Account
Management Security & Billing Reports
Personalized
Dashboard
TECHNICAL & BUSINESS SUPPORT
MARKETPLACE
Monitoring
Manage
Resources
Data Integration
Integrated Identity &
Access
Integrated Resource &
Deployment
Management
Integrated Devices
& Edge Systems
Resource
Templates
Configuration
Tracking
Server
Management
Service
Catalogue
Search
HYBRID ARCHITECTUREANALYTICS MOBILE SERVICESDEV/OPS IoT AI ENTERPRISE APPS MIGRATION
APP SERVICES
INFRASTRUCTURE CORE SERVICES SECURITY & COMPLIANCE MANAGEMENT TOOLS

AWS Foundation Services
Compute Storage Database Networking
AWS Global
Infrastructure Regions
Availability Zones
Edge Locations
Client-side Data
Encryption
Server-side Data
Encryption
Network Traffic
Protection
Platform, Applications, Identity & Access Management
Operating System, Network & Firewall Configuration
Customer content
Shared Responsibility Model
Customers are
responsible for their
security and
compliance IN the
Cloud
AWS is responsible
for the security OF
the Cloud
CustomerAWS

AWS Foundation Services
Compute Storage Database Networking
AWS Global
Infrastructure Regions
Availability Zones
Edge Locations
Your own
accreditation
Meet your own security objectives
Your own
certifications
Your own
external audits
Customer scope and
effort is reduced
Better results through
focused efforts
Built on AWS
consistent baseline
controls
CustomerAWS

Security
Security full fine-grained level control: a customer might restrict a user to create only a
database in a specific region, from 3-5 pm on Monday to Friday, only on a virtual private
cloud, and only in an M4 instance with a maximum number of IOPs. This can only be done
in AWS.
AWS natively built-in security from the ground up. Over 1 million active customers inform
our security with capabilities built for our most stringent customers.
AWS has more than 50 compliance certifications and accreditations, more than any other
cloud provider.
“We determined that security in AWS is superior to our on-premises data center across
several dimensions, including patching,
encryption, auditing and logging, entitlements, and compliance.”
—John Brady, CISO, FINRA (Financial Industry Regulatory Authority)

21 Regions, 66 Availability Zones, 155 Edge Locations
Region & Number of Availability Zones
AWS GovCloud (6) EU
Ireland (3)
US West Frankfurt (3)
Oregon (4) London (3)
Northern California (3) Paris (3)
US East Asia Pacific
N. Virginia (6), Ohio (3) Singapore (3)
Sydney (3), Tokyo (4),
Canada Seoul (2), Mumbai (2)
Central (2)
China
South America Beijing (2)
São Paulo (3) Ningxia (3)
Hong Kong S.A.R (3)
New Region (coming soon)
Bahrain, Cape Town, Jakarta,
Milan
AWS Global Infrastructure
https://infrastructure.aws/

AWS Region Design
AWS Availability
Zone (AZ)
A Region is a physical location
in the world where we have
multiple Availability Zones.
Availability Zones consist of one or more
discrete data centers, each with
redundant power, networking, and
connectivity, housed in separate
facilities.
AZ
AZ
AZ AZ
Tran
sit
Tran
sit
AWS Region
AWS Regions are comprised of multiple AZs for high
availability, high scalability, and high fault tolerance.
Applications and data are replicated in real time and
consistent in the different AZs

AZ – Availability Zone
Single
digit
ms
Network
multiple tier-1 transit providers
Power
isolated electrical grids, UPS, onsite backup generator
Geo
isolated fault lines flood plains
Network
Power
Geo

AZ – Availability Zone
Network
Power
Geo
Network
Power
Geo
Web
DB Master
Load
Balancer
DB Slave
Web
Storage StorageSingle
digit
ms

Edge Locations
155 AWS Edge Locations:
Local points-of-presence commonly supporting AWS
services including:
• Amazon Route 53
• Amazon CloudFront

Any questions?

Amazon Virtual Private Cloud
(VPC)

What is an Amazon Virtual Private Cloud (VPC)?
“A virtual network that closely
resembles a traditional network
that you'd operate in your own
data center”
Instance
Availability Zone
Instance
Availability Zone

Creating an Internet-connected VPC
Steps
Choosing an
address range
Create subnets in
Availability Zones
Creating a route
to the Internet
Authorizing
traffic to/from
the VPC
IGW

Choosing an IP address range

Choosing an IP address range for your VPC
172.31.0.0/16
Recommended:
RFC1918 range
Recommended:
/16
(65,536 addresses)
Avoid ranges that overlap with
other networks to which you
might connect.

Subnets
VPC Subnet

VPC subnets and Availability Zones
172.31.0.0/16
Availability Zone Availability Zone Availability Zone
VPC subnet VPC subnet VPC subnet
172.31.0.0/24 172.31.1.0/24 172.31.2.0/24
ap-east-1a ap-east-1b ap-east-1c

Route to the InternetIGW

Routing in your VPC
• Route tables contain rules for which packets go where
• Your VPC has a default (main) route table
• But, you can assign different route tables to different
subnets

Internet gateway
Send packets here if you want
them to reach the Internet

Everything that isn’t destined for the VPC:
send to the Internet

Network security in your VPC:
Security groups

“MyWebServers” Security Group
“MyBackends” Security Group
Allow
web
traffic
on
0.0.0.0/0
Allow only “MyWebServers”
Security groups follow application structure

Security groups example: Web servers
Allow all HTTP traffic
Rule descriptions

Amazon Elastic Compute
Cloud (EC2)

Amazon Elastic Compute Cloud (EC2)
Resizable compute capacity
Complete control of your computing resources
Reduces the time required to obtain and boot new
server instances to minutesAmazon
EC2

Amazon EC2 Facts
Scale capacity as your computing requirements change
Pay only for capacity that you actually use
Choose Linux or Windows
Deploy across AWS Regions and Availability Zones for reliability

Launching an Amazon EC2 Instance via the Web
Console
1. Determine the AWS Region in which you want to launch
the Amazon EC2 instance.
2. Launch an Amazon EC2 instance from a pre-configured
Amazon Machine Image (AMI).
3. Choose an instance type based on CPU, memory,
storage, and network requirements.
4. Configure network, IP address, security groups, storage
volume, tags, and key pair.

Amazon Machine Image (AMI) Details
An AMI includes the following:
A template for the root volume for the instance (for example, an
operating system, an application server, and applications).
Launch permissions that control which AWS accounts can use the AMI
to launch instances.
A block device mapping that specifies the volumes to attach to the
instance when it's launched.

Instances and AMIs
Select an AMI based on:
Region
Operating system
Architecture (32-bit or 64-bit)
Launch permissions
Storage for the root device AMI
Instances
Instance
Launch
instances of any
type
Host computer
Host computer

Amazon EC2 Instances
OS, Applications,
& Configuration
AMI
Running or
Stopped VM
Instances
AZ
VPC
Region
EBS
S3
EBS
Snapshots
S3 Buckets
EBS EBS EBS EBS EBS
AZ
Instances Instances

Amazon EBS vs. Amazon EC2 Instance Store
Amazon EBS
• Data stored on an Amazon EBS volume can persist
independently of the life of the instance.
• Storage is persistent.
Amazon EC2 Instance Store
• Data stored on a local instance store persists only as long as
the instance is alive.
• Storage is ephemeral.

Amazon EBS vs. Amazon EC2 Instance Store
Amazon EC2 Instance StoreAmazon EBS

AWS Marketplace – IT Software Optimized for the
Cloud
An online store to discover, purchase, and
deploy IT software on top of the AWS
infrastructure.
• Catalog of 2300+ IT software solutions
• Including Paid, BYOL, Open Source,
SaaS, & free to try options
• Pre-configured to operate on AWS
• Software checked by AWS for security and
operability
• Deploys to AWS environment in minutes
• Flexible, usage-based billing models
• Software charges billed to AWS account

M5
General
purpose
Compute
optimized
C5
Storage and IO
optimized
D2I3 G3
GPU
enabled
P3
Memory
optimized
X1e/X1
R4C4M4
H1
Instance Types

Current Generation Instances
Instance Family Some Use Cases
General purpose (t2,t3,m5,m4,m3)
• Low-traffic websites and web applications
• Small databases and mid-size databases
Compute optimized (c4, c3)
• High performance front-end fleets
• Video-encoding
Memory optimized (x1e, x1, r4)
• High performance databases
• Distributed memory caches
Storage optimized (i3, d2, h1)
• Data warehousing
• Log or data-processing applications
GPU instances (p3, g3)
• 3D application streaming
• Machine learning

C4.xlarge (Compute-Optimized)
FamilyGeneration
TypeFamily

M2
2nd Generation
Compute
M4
4th Generation
Compute
Upgrade

Instance Metadata & User Data
Instance Metadata:
Is data about your instance.
Can be used to configure or manage a running
instance.
Instance User Data:
Can be passed to the instance at launch.
Can be used to perform common automated
configuration tasks.
Runs scripts after the instance starts.

Retrieving Instance Metadata
To view all categories of instance
metadata from within a running
instance, use the following URI:
http://169.254.169.254/latest/meta-
data/
On a Linux instance, you can use:
• $ curl http://169.254.169.254/latest/meta-data/
• $ GET http://169.254.169.254/latest/meta-data/
All metadata is returned as text
(content type text/plain).

Adding User Data
You can specify user data when launching an
instance.
User data can be:
• Linux script – executed by cloud-init
• Windows batch or PowerShell scripts – executed by
EC2Config service
User data scripts run once per instance-id by default.

User Data Example Linux
User data shell scripts must start with the #!
characters and the path to the interpreter you
want to read the script.
Install Apache web server
Enable the web server
Start the web server
#!/bin/sh
yum -y install httpd
chkconfig httpd on
/etc/init.d/httpd start

User Data Example Windows
<powershell>
Import-Module ServerManager
Install-WindowsFeature web-server, web-webserver
Install-WindowsFeature web-mgmt-tools
</powershell>
Import the Server Manager module
for Windows PowerShell.
Install IIS
Install Web Management Tools

Retrieving User Data
To retrieve user data, use
the following URI:
http://169.254.169.254/
latest/user-data
On a Linux instance, you
can use:
• $ curl
http://169.254.169.254
/latest/user-data/
• $ GET
http://169.254.169.254
/latest/user-data/

Amazon EC2 Purchasing Options
On-Demand
Instances
Pay by the hour.
Reserved
Instances
Purchase at
significant
discount.
Instances are
always available.
1-year to 3-year
terms.
Scheduled
Instances
Purchase a 1-
year RI for a
recurring period of
time.
Spot Instances
Highest bidder
uses instance at a
significant
discount.
Spot blocks
supported.
Dedicated
Hosts
Physical host is
fully dedicated to
run your
instances. Bring
your per-socket,
per-core, or per-
VM software
licenses to reduce
cost.

Any questions about
Amazon EC2?

Amazon Simple Storage
Service (S3)

Amazon S3 By The Numbers
66 Availability Zones 20 Regions
Trillions of
objects
Millions of requests
per second
One of first three
AWS Services
(2006)
99.999999999%
Durability

Amazon S3 Availability Zones
S3 stores data in at least 3
Availability Zones (AZ’s)
Each AZ can be up to 8
physical data centers
Unavailability of a data center
or an AZ does not impact
overall S3 availability
Low latency private
network connect data
centers and AZ’s
Physically separate – even
extremely uncommon disasters
would only affect a single AZ
Data is automatically distributed
across a minimum of 3 AZ’s GEO
separated within an AWS Region

Benefits of Amazon S3 & Glacier
Durable, Available, & Scalable Security & Compliance Query In Place
Flexible Management Ecosystem

Your choice of Amazon S3 storage classes
• Active, frequently
accessed data
• Milliseconds access
• > 3 AZ
• From: $0.0210/GB
• Data with changing
access pattern
• > 3 AZ
• From: $0.0210 to
$0.0125/GB
• Monitoring fee per obj.
• Min storage duration
• Infrequently accessed
data
• > 3 AZ
• From: $0.0125/GB
• Retrieval fee per GB
• Min object size
S3 Standard S3 Standard-IA S3 One Zone-
IA
S3 Glacier
• Re-creatable less
accessed data
• 1 AZ
• From: $0.0100/GB
• Min object size
• Archive data
• Minutes to hours access
• > 3 AZ
• From: $0.0040/GB
• Min object size
S3 Intelligent-
Tiering
S3 Glacier Deep
Archive
• Archive data
• Hours access
• > 3 AZ
• From: $0.00099/GB
• Min object size
N E W ! N E W !
Frequent InfrequentAccess Frequency

Lifecycle Policies
Create rules to automatically transition or expire your storage
Lifecycle rules take action based on object age
Example policy:
• Move all objects older than 90 days to Amazon S3 Standard–Infrequent
Access
• Move all objects older than 180 days to Amazon Glacier
Amazon S3
Standard
Amazon S3 Standard -
Infrequent Access
Amazon Glacier

Getting Started - Creating your next bucket
Name and region
Properties and management
• Versioning
• Logging
• Bucket tags
• Default encryption
• S3 Object Lock NEW!
• Amazon CloudWatch request metrics
Permissions
• S3 Block Public Access NEW!
• Bucket access control lists

Versioning
Protect your data from accidental deletion
• Create a new version with every upload
• Previous versions are retained, not overwritten
• Protect from unintended user deletes
• Making delete requests without a version ID
removes access to objects, but keeps the data
• Manage previous versions with lifecycle
• Transition or expire objects a specified number
of days after they are no longer the current
version

Bucket Permissions
Permissions
• S3 Block Public Access NEW!
• Bucket access control lists (ACLs)

With a few clicks in the S3
management console, you
can apply S3 Block Public
Access to every bucket in
your account – both existing
and any new buckets
created in the future – and
make sure that there is no
public access to any object
S3 Block Public Access NEW!
Set at the account or bucket-level

Encryption Support in Amazon S3
• Encryption in motion – HTTPS/TLS
• Encryption at rest
• Client side encryption – Encrypt before upload
• Server-side encryption
• SSE-S3 – Amazon S3 manages the data and master
encryption keys
• SSE-C – You manage the encryption key
• SSE-KMS – Amazon S3 manages the data key; you manage
the master key in the AWS KMS

Any questions about
Amazon S3?

AWS Core and Big Data Portfolio Overview

Recomendados

Recomendados

Más contenido relacionado

La actualidad más candente

La actualidad más candente (20)

Similar a AWS Core and Big Data Portfolio Overview

Similar a AWS Core and Big Data Portfolio Overview (20)

Más de Amazon Web Services

Más de Amazon Web Services (20)

AWS Core and Big Data Portfolio Overview