Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.

Introducing “Well-Architected” For Developers - Technical 101

With the multitude of different software development platforms, tools, and methodologies, it can be daunting to get started and ensure you are on the right architectural track in the cloud. AWS understands architectural best practices for designing reliable, secure, efficient, and cost-effective systems in the AWS cloud. This session will introduce you to the "Well-Architected" framework along with a number of key takeaways on setting solid architectural foundations.

Speaker: Ben Potter, Security Consultant, Amazon Web Services
Featured Customer - Reckon

Introducing “Well-Architected” For Developers - Technical 101

  1. 1. ©  2016,  Amazon  Web  Services,  Inc.  or  its  Affiliates.  All  rights  reserved. Ben  Potter  – Professional  Services  Consultant,  Amazon  Web  Services David  Taberner – Cloud  Solution  Architect,  Reckon Introducing  Well-­Architected   For  Developers April  2016 Technical  101
  2. 2. What  We  Will  Cover • The  Well-­Architected  Framework • Key  Best  Practices • How  to  Get  Started • Resources
  3. 3. Main  Pillars Security Reliability Performance   Efficiency Cost   Optimisation Account Access  Keys Network Services High  Availability Load  Balancing Backup  and  DR Auto  Scaling Right-­Sizing Benchmarking Load  Testing Monitoring Managed-­ Services Cost  Awareness Tagging
  4. 4. General  Design  Principles • Secure  from  the  Start • Stop  Guessing  your  Capacity  Needs • Test  Systems  at  Production  Scale • Lower  the  Risk  of  Architecture  Change • Automate  to  make  Architectural  Experimentation  Easier • Allow  for  Evolutionary  Architectures
  5. 5. SDK’s • PHP • Python • .NET • Node.js • JavaScript • Java • Ruby • Andriod and  IOS • Go
  6. 6. Building  Blocks EC2  instance Server Subnet Availability  Zone  A Availability  Zone  B Region Amazon S3 Amazon   CloudWatch
  7. 7. Security Security Reliability Performance   Efficiency Cost   Optimisation
  8. 8. Security The  ability  to  protect  information,  systems  and  assets  while   delivering  business  value  through  risk  assessments  and   mitigation  strategies. • Data  Protection • Privilege  Management • Infrastructure  Protection • Detective  Controls
  9. 9. Security:  Shared  Responsibility AWS  Foundation  Services Compute Storage Database Networking AWS  Global   Infrastructure Regions Availability  Zones Edge   Locations Client-­side  Data   Encryption Server-­side  Data   Encryption Network  Traffic   Protection Platform,  Applications,  Identity  &  Access  Management Operating  System,  Network,  and  Firewall  Configuration Customer  applications  &  content Customers
  10. 10. Security:  Credentials • As  soon  as  you  Create  a  new  AWS  Account  Enable  MFA • Use  Identity  and  Access  Management  Service  (IAM)  to   Create  Users,  even  if  its  only  1 • Protect  all  of  your  Credentials • DO  NOT  place  Access  Keys  in  Code…EVER! 'key' => '1111-2222-3333-4444-5555’, 'secret' => 'aaaa-bbbb-cccc-dddd-eeee',
  11. 11. Security:  EC2  Role 1:  Create  EC2  role Create  role  in  IAM  service  with   limited  policy 2:  Launch  EC2  instance Launch  instance  with  role 3:  App  retrieves  credentials Using  AWS  SDK  application   retrieves  temporary  credentials 4:  App  accesses  AWS  resource(s) Using  AWS  SDK  application  uses   credentials  to  access  resource(s) Instance
  12. 12. Security:  EC2  Role  – PHP  SDK • PHP  SDK:  Using  an  Instance  Profile  (EC2  role) use AwsCredentialsCredentialProvider; use AwsS3S3Client; $provider = CredentialProvider::instanceProfile(); // Be sure to memoize the credentials $memoizedProvider = CredentialProvider::memoize($provider); $client = new S3Client([ ‘region' => ’ap-southeast-2', 'version' => '2006-03-01', 'credentials' => $memoizedProvider ]);
  13. 13. Security:  Cognito Identity   Providers Unique Identities Any  Device Any  Platform Any  AWS   Service Helps  implement  Security  Best  Practices Securely  access  any  AWS   Service  from  mobile   device.  It  simplifies  the  interaction  with  AWS   Identity  and  Access  Management Support  Multiple  Login  Providers Easily  integrate  with  major  login  providers  for   authentication. Unique  Users  vs.  Devices Manage  unique  identities.  Automatically   recognise unique  user  across  devices  and   platforms. Mobile  Analytics S3 DynamoDB Kinesis Joe Anna Bob
  14. 14. Security:  Network  and  Boundary • Security  Groups  are  Built-­in  Stateful Firewalls • Divide  Layers  of  the  Stack  into  Subnets • Use  a  Bastion  Host  for  Access • Implement  Host  Based  Controls
  15. 15. Two  Layers  with  Security  Groups Availability  Zone  A User Availability  Zone  B WEB Server RDS   DB  Instance Web  Subnet  A DB  Subnet  A WEB Security  Group DB Security  Group
  16. 16. Security:  Instance,  Monitoring  and  Auditing • Configure  Encryption  Everywhere  Possible • Configure  CloudTrail Service • Configure  VPC  Flow  Logs • Collect  all  Logs  Centrally  and  Alert   Virtual  Private   Cloud Identity  &   Access   Manager Key   Management   Service CloudTrail AWS Config
  17. 17. Security:  Instance,  Monitoring  and  Auditing • VPC  Flow  Logs  – Developers  Best  Friend
  18. 18. Reliability Security Reliability Performance   Efficiency Cost   Optimisation
  19. 19. Reliability The  ability  of  a  system  to  recover  from  infrastructure  or   service  failures,  dynamically  acquire  computing  resources   to  meet  demand  and  mitigate  disruptions  such  as   misconfigurations  or  transient  network  issues. • Foundations • Change  Management • Failure  Management
  20. 20. Reliability:  High  Availability • No  Single  Point  of  Failure • Multiple  Availability  Zones • Load  Balancing • Auto  Scaling  and  Healing
  21. 21. Multi  AZ,  Load  Balanced,  Auto  Scaled Availability  Zone  A Amazon   Route  53User Availability  Zone  B Elastic  Load Balancing WEB Server WEB Server WEB Server WEB Server WEB Server WEB Server RDS   DB  Instance   Standby RDS   DB  Instance Active Auto  Scaling   Group Web  Subnet  A Web  Subnet  B DB  Subnet  A DB  Subnet  B Amazon S3 Amazon   CloudWatch
  22. 22. Reliability:  Monitoring  and  Alerting • Monitoring • Notification • Automated  Response • Review Amazon   CloudWatch CloudWatch Alarm Amazon SNS Amazon   CloudWatch Logs AWS Lambda
  23. 23. Reliability:  Backup  and  DR • Define  Objectives • Backup  Strategy • Periodic  Recovery  Testing • Automated  Recovery • Periodic  Reviews
  24. 24. Performance  Efficiency Security Reliability Performance   Efficiency Cost   Optimisation
  25. 25. Performance  Efficiency The  ability  to  use  computing  resources  efficiently  to  meet   system  requirements  and  to  maintain  that  efficiency  as   demand  changes  and  technologies  evolve. • Compute • Storage • Database
  26. 26. Performance  Efficiency:  Right  Sizing • Reference  Architecture • Quick  Start  Reference  Deployments • Benchmarking • Load  Testing • Cost  /  Budget • Monitoring  and  Notification
  27. 27. Performance  Efficiency:  Proximity  and  Caching • Content  Delivery  Network  (CDN) • Database  Caching • Reduce  Latency • Pro-­active  Monitoring  and  Notification Amazon   CloudFront Amazon   ElastiCache RDS  DB   instance  read   replica
  28. 28. Performance  Efficiency:  Proximity  and  Caching • Session  State  in  ElastiCache (Redis)  for  .NET: <sessionState mode="Custom" customProvider="MySessionStateStore"> <providers> <add name="MySessionStateStore" type="Microsoft.Web.Redis.RedisSessionStateProvider" host="" accessKey="" ssl="false" /> </providers> </sessionState>
  29. 29. Multi  AZ,  Load  Balanced,  Auto  Scaled,  Caching Availability  Zone  A Amazon   Route  53User Amazon   CloudFront Availability  Zone  B Elastic  Load Balancing RDS   DB  Instance   Read  Replica WEB Server WEB Server WEB Server ElastiCache RDS   DB  Instance   Read  Replica WEB Server WEB Server WEB Server ElastiCacheRDS   DB  Instance   Standby RDS   DB  Instance Active Auto  Scaling   Group Web  Subnet  A Web  Subnet  B DB  Subnet  A AWS  WAF Amazon S3 Amazon   CloudWatch DB  Subnet  B
  30. 30. Authenticate  Users Authorise Access Analyse User  Behavior Store  and  Share  Media Synchronise Data AWS  Mobile   SDK Amazon  Mobile   Analytics Deliver  Media Amazon  Cognito   (Sync) AWS  Identity  and   Access  Management Amazon  Cognito (Identity  Broker) Amazon  S3 Transfer  Manager Amazon  CloudFront (Device  Detection) Store  Shared  Data Amazon  DynamoDB (Object  Mapper) Stream  Real-­time  Data Amazon  Kinesis (Recorder) Send  Push  Notifications Amazon  SNS   Mobile   Push Your   Mobile   App Run  Business  Logic AWS  Lambda
  31. 31. Cost  Optimisation Security Reliability Performance   Efficiency Cost   Optimisation
  32. 32. Cost  Optimisation The  ability  to  avoid  or  eliminate  unneeded  cost  or   suboptimal  resources.   • Matching  Capacity  and  Demand   • Cost-­effective  Resources   • Expenditure  Awareness • Optimising Over  Time  
  33. 33. Cost  Optimisation:  Capacity  Matching • Demand  Based • Queue  Based • Schedule  Based • Appropriately  Provisioned • Instance  Matching • Pro-­active  Monitoring  and  Action Amazon SQS Optimised instance Amazon SWF
  34. 34. Cost  Optimisation:  Pricing  Model • On  Demand • Reserved • Spot • Automated  Turn  Off
  35. 35. Cost  Optimisation:  Managed  Services • Analyse Available  Services • Appropriate  Databases • Consider  Application  Level  Services • Automation:  CloudFormation,  Elastic  Beanstalk Amazon RDS Amazon DynamoDB Amazon   Redshift Amazon   ElastiCache AWS CloudFormation AWS   Elastic   Beanstalk Amazon   Elasticsearch Service
  36. 36. Cost  Optimisation:  Manage  Expenditure • Tag  Resources • Track  Project  Lifecycle  and  Profile  Applications • Monitor  Usage  and  Spend • Cost  Explorer • Partner  Tools
  37. 37. Introducing  David  @  Reckon  
  38. 38. Who  I  Am  and  What  I  Do • Solution  Architect • Head  up  our  AWS  Platform  Architecture  and  DevOps   Team • Involved  in  various  aspects  of  our  Application   Architecture  and  Product  Technical  Development
  39. 39. AWS  is  a Developer  Platform • Access  to  Advanced  Tools  like  Load  Balancers  without   Network  Knowledge   • Control  the  Infrastructure  as  Code…  something  we  are   already  comfortable  with • Platform  Removes  a  lot  of  Undifferentiated  Heavy  Lifting
  40. 40. Cloud  Formation • Cloud  Formation  is  Worth  Learning   • Comes  with  great  Developer  Documentation  and  written   in  JSON • Has  Calls  and  Support  for  almost  all  of  the  Platform • Has  become  a  Corner  Stone  of  our  Environment
  41. 41. Code  Deploy   • Push  Code  to  Servers • Integrates  with  GitHub  Auto  Deploy  Trigger  from   Commits • Can  Deploy  Code  to  Non-­AWS  Servers  as  well • Is  Simple  and  Flexible
  42. 42. Some  Things  We’ve  Learned • Faster  to  Deploy  Services    – No  more  waiting  for  IT • Its  Not  a  Perfect  World  – Smart  Compromises  can  be   Key • Manage  your  Costs  as  you  go • Have  a  Tag  Policy  – Doesn’t  have  to  be  Complex
  43. 43. Our  Tag  Policy • KISS  Policy  Applies! • Lambda  can  help  with  some  Tag  Management
  44. 44. Tag  Reporting  Using  Cost  Explorer
  45. 45. Elastic  Beanstalk
  46. 46. Trusted  Advisor
  47. 47. Trusted  Advisor
  48. 48. Developer  Support The  Developer  Support  plan  offers  resources  for  customers   testing  or  developing  on  AWS,  as  well  as  any  customers   who: • Want  Access  to  Guidance  and  Technical  Support • Are  Exploring  how  to  Quickly  put  AWS  to  Work • Use  AWS  for  Non-­production  Workloads  or  Applications • Trusted  Advisor  – Core  Checks • Architecture  Support  – Developer
  49. 49. Get  Started Architecture  Centre: AWS  Well-­Architected  Framework   10m  Tutorials:­started/
  50. 50. Additional  Resources AWS  Channel: qwikLABS: SlideShare: ElasticBeanstalk: ingStarted.html
  51. 51. AWS  Training  &  Certification Intro  Videos  &  Labs   Free  videos  and  labs  to   help  you  learn  to  work   with  30+  AWS  services   – in  minutes! Training  Classes In-­person  and  online   courses  to  build   technical  skills  – taught  by  accredited   AWS  instructors Online  Labs   Practice  working  with   AWS  services  in  live   environment  – Learn  how  related   services  work   together AWS  Certification Validate  technical   skills  and  expertise  – identify  qualified  IT   talent  or  show  you   are  AWS  cloud  ready Learn  more:
  52. 52. Your  Training  Next  Steps: ü Visit  the  AWS  Training  &  Certification  pod  to  discuss  your   training  plan  &  AWS  Summit  training  offer ü Register  &  attend  AWS  instructor  led  training ü Get  Certified AWS  Certified?  Visit  the  AWS  Summit  Certification  Lounge  to  pick  up  your  swag Learn  more:
  53. 53. Thank  You!