Más contenido relacionado La actualidad más candente (20) Similar a ENT201 Simplifying Microsoft Architectures with AWS Services (20) Más de Amazon Web Services (20) ENT201 Simplifying Microsoft Architectures with AWS Services1. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Zlatan Dzinic
Senior Solutions Architect, Amazon Web Services
ENT201
Simplifying Microsoft Architectures
with AWS Services
2. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Challenge
• Can AWS simplify the infrastructure environment that I already know well?
• Active Directory?
• Corporate applications
• Office 365
• Exchange
• SharePoint
• Dynamics
• System Center
• SQL?
• How do I deploy all of this?
• Any good migration suggestions for simplifying my Microsoft workloads?
• Can AWS help me simplify my legacy .NET architecture?
• I want to innovate!
• I want to use the latest architectural concepts and platforms!
• I want an efficient, fully supported CD/CI!
• Can AWS make management of my Windows workloads more simple?
3. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Simplify Infrastructure Environment
4. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Innovation for Windows on AWS
62
42
774
instance types, 14 instance families
different AMIs for Windows workloads
Windows ISV listings
in AWS marketplace
Windows Deep Learning AMI
Hyper-V support in SMS
Application-consistent Snapshots through VSS
WS 2008 & SQL Server 2008
Visual Studio Toolkit
Microsoft SCOM plug-in release
AWS Directory Service
EC2 Dedicated Hosts (BYOL)
Microsoft SharePoint 2016 (Marketplace)
Windows Server 2008 R2
SQL Server 2008 R2
Windows Server 2003
.NET SDK
Microsoft SCVMM Plug-in
Windows Server 2012
SQL Server 2012
AWS Tools for Windows PowerShell
Amazon RDS adds SQL Server
EC2 Run Command
EC2 Systems Manager
Windows Server & SQL Server 2016
EC2 Dedicated Instances (BYOL)
.NET on Lambda
NEW!
SAP instance on AWS 2012
Trusted Advisor
checks for Windows
SQL Server 2017
X-Ray .NET SDK
2008
Windows for Lightsail
Innovation
Today
SQL Server 2005
5. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
VPC Design Patterns: Single VPN—Multi-VPC
Shared Services VPC
Transit VPC
6. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Private subnetPrivate subnet
Availability Zone 2
San Francisco
DC1
VPN / Direct
Connect
Availability Zone 1
DC3
Cost 10
Existing Active Directory domain extended to AWS; new
Active Directory sites configured in each AZ; domain
controllers on Amazon Elastic Compute Cloud (Amazon
EC2) Windows servers; site-link costs correctly configured;
and “try next closest site” configured
DC4
AD Domain: amazon.com
AD Replication
AD Site: AwsEastAZ1
AD Domain: amazon.com
AD Site: AwsEastAZ2
Cost 50
New York
AD Domain: amazon.com
AD Site: SanFran
DC2
AD Domain: amazon.com
AD Site: NewYork
AD Pattern: Extending Active Directory Domain to AWS
Corporate Network
7. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Private subnetPrivate subnet
Availability Zone 2Availability Zone 1
Federated
Trust
San Francisco
DC1
Cost 50
New York
AD Domain: amazon.com
AD Site: SanFran
DC2
AD Domain: amazon.com
AD Site: NewYork
Internet
ADFS2
ADFS1
AD Domain: Domain A
Identities mastered on premises; Federated Trust
(AD FS) configured between on-premises Active
Directory and domain controllers running on
Amazon EC2 Windows servers
DC1 or
ADF
S1
AD Domain: Domain A
DC2 or
ADF
S2
AD Pattern: Federated Trust
Corporate Network
8. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Private subnetPrivate subnet
Availability Zone 2
San Francisco
DC1
VPN / Direct
Connect
Availability Zone 1
Identities mastered on premises; Forest Trusts
configured between on-premises Active Directory and
AWS Directory Service for managed Active Directory
AD Domain: Domain A
AD Authentication
AD Domain: Domain A
Cost 50
New York
AD Domain: Domain B
AD Site: SanFran
DC2
AD Domain: Domain B
AD Site: NewYork
AD Trust
DC1 or DC2 or
AD Pattern: Forest Trusts
Corporate Network
9. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Office 365 with AWS Microsoft Active Directory
Credentials
10. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Configuration
• Add two containers to AWS
Microsoft Active Directory for
use by AD FS
• Install AD FS
• Integrate AD FS with Azure
Active Directory
• Synchronize users from AWS
Microsoft Active Directory to
Azure Active Directory with
Azure AD Connect
• Sign in to Office 365 using
your Microsoft Active Directory
identities
11. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Options for Deploying SQL Server on AWS
Amazon RDS for SQL
Server
SQL Server on Amazon EC2
Customer-
managed
AWS managed
Power, HVAC, net
OS Install/Maintenance
OS Patching
DBMS Install/Maintenance
DBMS Patching
Database Backups
High Availability
Scaling
Power, HVAC, net
OS Install/Maintenance
OS Patching
DBMS Install/Maintenance
DBMS Patching
Database Backups
High Availability
Scaling
• Consider Amazon
RDS first
• Focus on business
value tasks
• High-level tuning
tasks
• Schema
optimization
• No in-house
database
expertise
• Need full control over
DB instance
• Backups
• Replication
• Clustering
• Options that are not
available in
Amazon RDS
12. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Multi-AZ AlwaysOn Availability Group
13. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Multi-Region AlwaysOn Availability Group
14. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Failover Cluster Instance
SIOS DataKeeper
Cluster Edition
Windows Server 2016
Storage Replica
16. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Simplify Infrastructure Deployment
17. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Template AWS CloudFormation Stack
JSON/YAML formatted file
Parameter definition
Resource creation
Configuration actions
Configured AWS resources
Comprehensive service support
Service event aware
Customizable
Framework
Stack creation
Stack updates
Error detection and rollback
AWS CloudFormation—Components and Technology
18. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
How AWS CloudFormation Works
19. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Quick Starts
20. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Simplify Migration
21. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Migration Tools from AWS and Partners
Data transfer
AWS Storage and
File Gateway
Amazon S3
Transfer
Acceleration
AWS Direct
Connect
Amazon Kinesis
Data Firehose
AWS Snowball
and
AWS Snowmobile
AWS Database
Migration Service
Server and database
migrations
AWS Server
Migration Service
Application
monitoring/profiling
Amazon
CloudWatch
AWS Config
Discovery and planning
AWS Application
Discovery Service
22. Example Migration Sequence
• Account structure
• Network/VPC
• Security
• Active Directory
Step 1. Landing zone
On-Premises Data Center
Domain
Controller
Amazon
Route 53
Domain
Controller
SQL
Server
SQL
Server
App
Server
App
Server
Web
Server
Web
Server
VPN /
DirectConnect
Security Prod
Root
Dev
Private Subnet, 10.0.0.64/18
10.0.0.0/16
Public Subnet, 10.0.0.0/18
On-Premises Data Center
Domain
Controller
Amazon
Route 53
Domain
Controller
SQL
Server
SQL
Server
App
Server
App
Server
Web
Server
Web
Server
VPN /
DirectConnect
AWS Shield AWS WAF
CloudTrail
CloudWatch
VPC Flow Logs
Systems Mgr
Inspector
Config
Security Group
Security Group
Security Group
Security Prod
Root
Dev
10.0.0.0/16
Private Subnet, 10.0.0.64/18
Public Subnet, 10.0.0.0/18
On-Premises Data Center
Domain
Controller
Amazon
Route 53
Domain
Controller
SQL
Server
SQL
Server
App
Server
App
Server
Web
Server
Web
Server
or
Active Directory
on EC2
VPN /
DirectConnect
AWS Shield AWS WAF
AWS Managed
Active Directory
CloudTrail
CloudWatch
VPC Flow Logs
Systems Mgr
Inspector
Config
Security Prod
Root
Dev
23. Example Migration Sequence
Step 2. Database tier
• Build out your DBMS
infrastructure
• Choose a database
replication and
synchronization strategy
• One-step migration
(suitable for smaller
databases and good
connectivity)
• Full-diff migration (suitable
for larger databases and
good connectivity)
• Zero-downtime migration
(software tool-based
solution)
On-Premises Data Center
Domain
Controller
Amazon
Route 53
Domain
Controller
SQL
Server
SQL
Server
App
Server
App
Server
Web
Server
Web
Server
or
Active Directory
on EC2
or
SQL Server
on EC2
SQL Server
on AWS RDS
VPN /
DirectConnect
Security Prod
Root
Dev
AWS Shield AWS WAF
AWS Managed
Active Directory
CloudTrail
CloudWatch
VPC Flow Logs
Systems Mgr
Inspector
Config
24. Example Migration Sequence
Step 3. Server/app migration
• Perform extensive testing at
this stage
• Choose a server/app
migration strategy
• Manual migration (build
new servers—migrate app)
• Tool-based migration
(block-level migration and
synchronization)
• Always maintain rollback
capability On-Premises Data Center
Domain
Controller
Amazon
Route 53
Domain
Controller
SQL
Server
SQL
Server
App
Server
App
Server
Web
Server
Web
Server
or
Active Directory
on EC2
or
SQL Server
on EC2
SQL Server
on AWS RDS
VPN /
DirectConnect
App Server App Server
Web Server Web Server
Security Prod
Root
Dev
AWS Shield AWS WAF
AWS Managed
Active Directory
CloudTrail
CloudWatch
VPC Flow Logs
Systems Mgr
Inspector
Config
25. Example Migration Sequence
Step 4. Production cutover
• Plan your final cutoff carefully
• Ensure any final replication
and/or synchronization
occurs
• Test your cutover mechanism
(DNS TTL, and so on)
• Maintain rollback after cutoff,
if possible
On-Premises Data Center
Domain
Controller
Amazon
Route 53
Domain
Controller
SQL
Server
SQL
Server
App
Server
App
Server
Web
Server
Web
Server
or
Active Directory
on EC2
or
SQL Server
on EC2
SQL Server
on AWS RDS
VPN /
DirectConnect
App Server App Server
Web Server Web Server
Security Prod
Root
Dev
AWS Shield AWS WAF
AWS Managed
Active Directory
CloudTrail
CloudWatch
VPC Flow Logs
Systems Mgr
Inspector
Config
26. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Server Migration Service Overview
• Support VMware virtual machine
migration (support for additional
hypervisors coming soon)
• Agentless VM migration
• Capture incremental change made
to on-premises VMs and
automatically transfer to AWS
• Migrate a group of VMs
simultaneously and orchestrate
multiple migrations
• AWS Management Console and
API/CLI access
Source: on-premises
server
AWS Server Migration
Service
Target: Amazon Machine
Image
27. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Migration Hub
Discover Migrate Track
Discover servers in
existing data centers
(optional)
Group servers as
applications
Track application
migration status
Migrate using tools
outside AWS Migration
Hub
• Better understand your application portfolio
• Streamline application portfolio migration planning and tracking
• Track migration progress from multiple tools in one place
• Reduce time spent determining current status and next steps
28. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Tracking Status Made Easy
29. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Simplify .NET Development
30. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Running AWS Toolkit for Visual Studio
31. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Code Services
Source Build Test Production
Third-Party
Tooling
Software release steps:
AWS CodeCommit AWS CodeBuild AWS CodeDeploy
AWS CodePipeline
32. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
CI/CD Pipeline
Continuous integration/continuous deployment
33. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS CodeStar
34. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Brief introduction to the VSTS tools
• What are the AWS Tools for Microsoft Visual Studio Team Services (VSTS)?
• Where can I use them?
• Why would I use them?
Easy for existing VSTS and TFS users to add integration with and deployment to AWS
• Where do I get them?
https://aws.amazon.com/vsts
https://marketplace.visualstudio.com/items?itemName=AmazonWebServices.aws-vsts-tools
• Open source
https://github.com/aws/aws-vsts-tools
35. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
What’s included in the tools?
Tasks for deployment:
• AWS CodeDeploy
• AWS CloudFormation
• AWS Elastic Beanstalk
• .NET Core deployment to Lambda
AWS Elastic
Beanstalk
AWS
Lambda
AWS
CloudFormation
Amazon
S3
AWS
CodeDeploy
AWS
CLI
AWS Tools for
Windows PowerShell
Amazon
SNS
General purpose tasks:
• Amazon S3 uploads/downloads
• Invoking Lambda functions
• Send SNS messages
• Run cmdlets/scripts using the AWS PowerShell
Tools Module
• Run AWS CLI commands
+ AWS “Service Endpoint” credential type
36. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
New tasks!
Amazon ECR
Systems Manager
Parameter Store
• Push Docker image to EC2
Container Registry
• New general-purpose Lambda
deployment task
• Previous task targeted at .NET
Core-based functions and
serverless applications
• Supports deployment of functions
for all supported Lambda runtimes
• Read parameter values from store
into build variables
• Run command remotely against
Amazon EC2 and on-premises fleet
AWS
Lambda
Deployment
Systems Manager
Run Command
37. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Current State of .NET and .NET Core
• .NET Core
• The .NET Core platform is maturing fast with the .NET Core 2.0 release
• AWS SDK for .NET supports .NET Core for all services with an SDK
• We believe it is the future for .NET development on the cloud/server
• Side-by-side runtime installations
• Cross-platform support
• ASP.NET Core and Entity Framework Core frequently receiving major feature updates
• .NET Framework
• Fully committed to supporting .NET Framework workloads
• ASP.NET MVC and Entity Framework last updated in 2015
• EC2 Windows
• Latest Windows OS and Latest SQL Server versions
38. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Tooling for .NET
• AWS SDK for .NET
• AWS Tools for Windows PowerShell
• AWS Tools for PowerShell Core
• AWS Toolkit for Visual Studio
• AWS Tools for Microsoft Visual Studio Team Services
• Extensions for the dotnet CLI
39. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
.NET Web Applications in AWS Elastic Beanstalk
• Enables you to quickly deploy and manage applications in the AWS Cloud without worrying about the
infrastructure
• Visual Studio 2013, 2015, and 2017 support application deployment to Elastic Beanstalk
• Support for deploying .NET Core 1.0, 1.1, and 2.0 web applications
• Support for deploying .NET Framework web applications
40. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
.NET Core 2.0 Lambda Support
• To update your existing .NET Core 1.0 Lambda functions
• Programming model stays the same
• Update Target Framework to netcoreapp2.0
• Optional update dependencies to .NET Standard 2.0 versions
• AWS SDK for .NET Targets .NET Standard 1.3, works in all versions of .NET Core
• Includes the Microsoft.AspNetCore.All package store
• ASP.NET Core and Entity Framework Core NuGet packages preinstalled
• ASP.NET Core bridge package Amazon.Lambda.AspNetCoreServer
• Retargeted to .NET Core 2.0
• Allows support for Razor Pages
• Plan on GA package with .NET Core 2.0 Lambda release
41. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
.NET Core and .NET Standard Versioning
• .NET Core 1.x versioning could be confusing
• Metapackage NETStandard.Library
• Represented the version of .NET Core runtime
• NETStandard.Library 1.6.0 -> .NET Core 1.0
• NETStandard.Library 1.6.1 -> .NET Core 1.1
• The new csproj format implicitly defaulted to NETStandard.Library 1.6.1
• Override the default in csproj for .NET Standard class libraries
<NetStandardImplicitPackageVersion>1.6.0</NetStandardImplicitPackageVersion>
• .NET Core 2.0 no longer requires a declared dependency on NETStandard.Library
42. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Simplify .NET Architecture
43. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Container-Based .NET Core Applications in ECS
44. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
New .NET Core Tooling Features
• Publish .NET Core application as an image on Amazon Elastic Container Registry
(Amazon ECR)
• Deploy .NET Core applications on an Amazon Elastic Container Service (Amazon ECS)
cluster
• Web applications
• Batch jobs
• Can be scheduled
• New container features only in Visual Studio 2017
• Requires Docker for Windows to be installed and running
45. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Amazon ECS Cluster
• ECS cluster
• Container Instances -> EC2 instances
• Task definition
• Defines Docker images, memory, CPU, etc.
• Running tasks
• Transitory process
• Container Registry (Amazon ECR)
• Services
• Long-lived process
• Load balancer
• ECS registers tasks
• Traffic flows to tasks
Cluster
Container registry
(Amazon ECR, Docker hub)
Task definition
T1
T2
T4
T3
Service
Task definition
Service definition
T1
T2
T3
T4
T5
Load balancer
Container instances
46. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
What about Fargate?
• No managing of EC2 instances
• The compute capacity is auto provisioned
• Tasks reserve CPU and memory
• Billing based on CPU and memory allocated for cluster
• Cluster creation simplified
• Name
• Launch tasks with VPC configuration and EC2 security group
• Scheduled tasks with Fargate not currently supported
47. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Fargate Cluster
Cluster
Container registry
(Amazon ECR, Docker hub)
Task definition
T1
T2
T4
T3
Service
Task definition
Service definition
T1
T2
T3
T4
T5
Load balancer
Container instances
48. • Stateless
• Highly scalable, self-healing,
available
• Containerized microservices
• AWS serverless platform
• AWS Lambda
• AWS Step Functions
• Amazon API Gateway
• Amazon DynamoDB
• Amazon Simple Notification
Service (Amazon SNS)
• Amazon Simple Queue
Service (Amazon SQS)
• Dynamic/managed allocation of
resources
• Amazon Route 53—DNS
Serverless Architecture
49. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS CloudFormation Template
AWSTemplateFormatVersion: '2010-09-09'
Resources:
GetHtmlFunctionGetHtmlPermissionProd:
Type: AWS::Lambda::Permission
Properties:
Action: lambda:invokeFunction
Principal: apigateway.amazonaws.com
FunctionName:
Ref: GetHtmlFunction
SourceArn:
Fn::Sub: arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${ServerlessRestApi}/Prod/ANY/*
ServerlessRestApiProdStage:
Type: AWS::ApiGateway::Stage
Properties:
DeploymentId:
Ref: ServerlessRestApiDeployment
RestApiId:
Ref: ServerlessRestApi
StageName: Prod
ListTable:
Type: AWS::DynamoDB::Table
Properties:
ProvisionedThroughput:
WriteCapacityUnits: 5
ReadCapacityUnits: 5
AttributeDefinitions:
- AttributeName: id
AttributeType: S
KeySchema:
- KeyType: HASH
AttributeName: id
GetHtmlFunction:
Type: AWS::Lambda::Function
Properties:
Handler: index.gethtml
Code:
S3Bucket: flourish-demo-bucket
S3Key: todo_list.zip
Role:
Fn::GetAtt:
- GetHtmlFunctionRole
- Arn
Runtime: nodejs4.3
GetHtmlFunctionRole:
Type: AWS::IAM::Role
Properties:
ManagedPolicyArns:
- arn:aws:iam::aws:policy/AmazonDynamoDBReadOnlyAccess
- arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Action:
- sts:AssumeRole
Effect: Allow
Principal:
Service:
- lambda.amazonaws.com
ServerlessRestApiDeployment:
Type: AWS::ApiGateway::Deployment
Properties:
RestApiId:
Ref: ServerlessRestApi
Description: 'RestApi deployment id: 127e3fb91142ab1ddc5f5446adb094442581a90d'
StageName: Stage
GetHtmlFunctionGetHtmlPermissionTest:
Type: AWS::Lambda::Permission
Properties:
Action: lambda:invokeFunction
Principal: apigateway.amazonaws.com
FunctionName:
Ref: GetHtmlFunction
SourceArn:
Fn::Sub: arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${ServerlessRestApi}/*/ANY/*
ServerlessRestApi:
Type: AWS::ApiGateway::RestApi
Properties:
Body:
info:
version: '1.0'
title:
Ref: AWS::StackName
paths:
"/{proxy+}":
x-amazon-apigateway-any-method:
x-amazon-apigateway-integration:
httpMethod: ANY
type: aws_proxy
uri:
Fn::Sub: arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-
31/functions/${GetHtmlFunction.Arn}/invocations
responses: {}
swagger: '2.0'
50. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS CloudFormation Template
AWSTemplateFormatVersion: '2010-09-09'
Resources:
GetHtmlFunctionGetHtmlPermissionProd:
Type: AWS::Lambda::Permission
Properties:
Action: lambda:invokeFunction
Principal: apigateway.amazonaws.com
FunctionName:
Ref: GetHtmlFunction
SourceArn:
Fn::Sub: arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${ServerlessRestApi}/Prod/ANY/*
ServerlessRestApiProdStage:
Type: AWS::ApiGateway::Stage
Properties:
DeploymentId:
Ref: ServerlessRestApiDeployment
RestApiId:
Ref: ServerlessRestApi
StageName: Prod
ListTable:
Type: AWS::DynamoDB::Table
Properties:
ProvisionedThroughput:
WriteCapacityUnits: 5
ReadCapacityUnits: 5
AttributeDefinitions:
- AttributeName: id
AttributeType: S
KeySchema:
- KeyType: HASH
AttributeName: id
GetHtmlFunction:
Type: AWS::Lambda::Function
Properties:
Handler: index.gethtml
Code:
S3Bucket: flourish-demo-bucket
S3Key: todo_list.zip
Role:
Fn::GetAtt:
- GetHtmlFunctionRole
- Arn
Runtime: nodejs4.3
GetHtmlFunctionRole:
Type: AWS::IAM::Role
Properties:
ManagedPolicyArns:
- arn:aws:iam::aws:policy/AmazonDynamoDBReadOnlyAccess
- arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Action:
- sts:AssumeRole
Effect: Allow
Principal:
Service:
- lambda.amazonaws.com
ServerlessRestApiDeployment:
Type: AWS::ApiGateway::Deployment
Properties:
RestApiId:
Ref: ServerlessRestApi
Description: 'RestApi deployment id: 127e3fb91142ab1ddc5f5446adb094442581a90d'
StageName: Stage
GetHtmlFunctionGetHtmlPermissionTest:
Type: AWS::Lambda::Permission
Properties:
Action: lambda:invokeFunction
Principal: apigateway.amazonaws.com
FunctionName:
Ref: GetHtmlFunction
SourceArn:
Fn::Sub: arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${ServerlessRestApi}/*/ANY/*
ServerlessRestApi:
Type: AWS::ApiGateway::RestApi
Properties:
Body:
info:
version: '1.0'
title:
Ref: AWS::StackName
paths:
"/{proxy+}":
x-amazon-apigateway-any-method:
x-amazon-apigateway-integration:
httpMethod: ANY
type: aws_proxy
uri:
Fn::Sub: arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-
31/functions/${GetHtmlFunction.Arn}/invocations
responses: {}
swagger: '2.0'
51. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Serverless Application Model (SAM)
AWS CloudFormation extension optimized for
serverless
New serverless resource types: functions, APIs, and
tables
Supports anything AWS CloudFormation supports
Open specification (Apache 2.0)
https://github.com/awslabs/serverless-application-model
52. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
SAM Template
AWSTemplateFormatVersion: '2010-09-09’
Transform: AWS::Serverless-2016-10-31
Resources:
GetHtmlFunction:
Type: AWS::Serverless::Function
Properties:
CodeUri: s3://sam-demo-bucket/todo_list.zip
Handler: index.gethtml
Runtime: nodejs4.3
Policies: AmazonDynamoDBReadOnlyAccess
Events:
GetHtml:
Type: Api
Properties:
Path: /{proxy+}
Method: ANY
ListTable:
Type: AWS::Serverless::SimpleTable
Tells AWS CloudFormation that this
is a SAM template it needs to
“transform”
Creates a Lambda function with the
referenced managed IAM policy,
runtime, code at the referenced zip
location, and handler as defined.
Also creates an API Gateway and
takes care of all
mapping/permissions necessary
Creates a DynamoDB table with five
read and write units
53. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Source
Source
CodeCommit
MyApplication
An Example Minimal Pipeline
Build
test-build-source
CodeBuild
Deploy Testing
create-changeset
AWS
CloudFormation
execute-changeset
AWS
CloudFormation
Run-stubs
AWS Lambda
Deploy Staging
create-changeset
AWS
CloudFormation
execute-changeset
AWS
CloudFormation
Run-API-test
Runscope
QA-Sign-off
Manual Approval
Review
Deploy Prod
create-changeset
AWS
CloudFormation
execute-changeset
AWS
CloudFormation
Post-Deploy-Slack
AWS Lambda
This pipeline:
• Five stages
• Builds code artifact
• Three deployed to “environments”
• Uses AWS CloudFormation to
deploy artifact and other AWS
resources
• Has Lambda custom actions for
running my own testing functions
• Integrates with a third-party
tool/service
• Has a manual approval before
deploying to production
54. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Simplify Management
55. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Systems Manager Capabilities
Run Command
Maintenance
Window
Inventory
State Manager Parameter Store
Patch Manager
Automation
Deploy, configure,
and administer
Track and
update
Shared
capabilities
56. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Managing Your Environment with AWS Systems
Manager
Availability Zone
Web security group
Private subnet
Accept traffic from
SSM
WEB
2
WEB
1
AWS administrator
Corporate data center
EC2 Systems
Manager
Amazon S3
bucket
SNS topic CloudWatch
metric
IAM
policy
57. Monitor EC2 metrics
(CPU, disk usage, and so
on)
Monitor AWS resources
(EBS volumes, Elastic
Load Balancers, and so
on)a
Monitor logs and configure
alerts
Store logs and perform
analytics
Availability Zone
S SharePoint
Front-end
SQL Server Domain
Controller
CloudWatch /
CloudWatch Logs
Amazon Kinesis
Amazon
S3
Amazon
Redshift
AWS
Lambda
Availability Zone
S SharePoint
Front-end
SQL Server Domain
Controller
CloudWatch /
CloudWatch Logs
Email
Amazon
SMS
Workflow
CloudWatch
Alarms
Amazon CloudWatch and CloudWatch Logs
58. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Monitoring
Amazon
CloudWatch
AWS
CloudTrail
AWS
Config
AWS Trusted
Advisor
Flow logsAmazon
VPC
AWS
Lambda
Amazon ES
Amazon
QuickSight
EC2
Amazon
Kinesis
59. Introducing two new programs that highlight
AWS trusted partners
Elite AWS Partner Network partners with demonstrated technical
proficiency and proven customer success in supporting Microsoft
Workloads on AWS
• Rigorous audits; multiple customer references
• Introducing a new competency category focused on Application
Modernization
60. Introducing two new programs that highlight
AWS trusted partners
Partners with a track record of delivering Amazon EC2 for Windows Server.
Introducing Amazon EC2 for Windows Server Service Delivery Program
with 21 global partner with a track record of delivering AWS Service:
North America - Centare, ClearScale, DevCare, i2m, Jelecos, Moser,
Netrix, Privo, SoftServe, Stelligent, Synoptek, Winxnet
Asia Pacific/Japan - Axcess, Cloud Comrade, Consegna Cloud, Fujisoft,
Japan Business Systems, TechData, Uberfusion
Europe – Microland, Zen Internet
61. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Thank you!
Follow me: @ZlatanDzinic
62. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Please complete the session survey in
the summit mobile app.
63. Submit Session Feedback
1. Tap the Schedule icon. 2. Select the session
you attended.
3. Tap Session
Evaluation to submit your
feedback.