4. Consumer
Business
Tens of millions of active
customer accounts
8 countries:
US, UK, Germany, Japan,
France, Canada, China,
Italy
Seller
Business
Sell on Amazon
websites
Use Amazon technology
for your own retail
website
Leverage Amazon’s
massive fulfillment
center network
IT Infrastructure
Business
Cloud computing
infrastructure for hosting
web-scale solutions
Hundreds of thousands
of registered customers
in over 190 countries
5. Deep experience in
building and
operating global web
scale systems
About Amazon
Web Services
?
…get into cloud computing?
How did Amazon…
6. AWS Mission
Enable businesses and
developers to use web
services* to build scalable,
sophisticated applications.
*What people now call “the cloud”
18. On a global footprint
Region
US-WEST (N. California) EU-WEST (Ireland)
ASIA PAC
(Tokyo)
ASIA PAC
(Singapore)
US-WEST (Oregon)
SOUTH AMERICA (Sao
Paulo)
US-EAST (Virginia)
GOV CLOUD
ASIA PAC
(Sydney)
19. At the end of a web service
aws ec2 run-instances
--image-id ami-a813fadf
--count 3
--placement AvailabilityZone=eu-west-1a
--instance-type m1.small
aws ec2 run-instances
--image-id ami-a813fadf
--count 5
--placement AvailabilityZone=eu-west-1c
--instance-type m1.medium
37. NumberofEC2Instances
4/12/2008 4/14/2008 4/15/2008 4/16/2008 4/18/2008 4/19/2008 4/20/20084/17/20084/13/2008
40 servers to 5000 in 3 days
EC2 scaled to peak of
5000 instances
“Techcrunched”
Launch of Facebook
modification
Steady state of ~40
instances
40. Compute Storage
AWS Global Infrastructure
Database
App Services
Deployment & Administration
Networking
Reference Model
security
41. Compute Storage
AWS Global Infrastructure
Database
App Services
Deployment & Administration
Networking
Global infrastructure
Regions
An independent collection of AWS resources in a defined
geography
A solid foundation for meeting location-dependent privacy
and compliance requirements
42. Compute Storage
AWS Global Infrastructure
Database
App Services
Deployment & Administration
Networking
Global infrastructure
Availability Zones
Designed as independent failure zones
Physically separated within a typical metropolitan region
43. Compute Storage
AWS Global Infrastructure
Database
App Services
Deployment & Administration
Networking
Global infrastructure
Edge Locations
To deliver content to end users with lower latency
A global network of edge locations Supports global DNS
infrastructure (Route53) and Cloud Front CDN
Dallas(2)
St.Louis
Miami
JacksonvilleLos Angeles (2)
Palo Alto
Seattle
Ashburn(3)
Newark
New York (3)
Dublin
London(2)
Amsterdam
(2)
Stockholm
Frankfurt(2)
Paris(2)
Singapore(2)
Hong Kong
(2)
Tokyo (2)
Sao Paulo
South Bend
San Jose
Osaka
Milan
Sydney
Madrid
Seoul
Mumbai
Chennai
44. Compute Storage
AWS Global Infrastructure
Database
App Services
Deployment & Administration
Networking
Networking
Direct Connect
Dedicated connection to AWS
VPN Connection
Secure internet connection to AWS
Virtual Private Cloud
Private, isolated section of the AWS Cloud
Route 53
Highly available and scalable Domain Name
Service
45. Compute Storage
AWS Global Infrastructure
Database
App Services
Deployment & Administration
Networking
Compute
Vertical
Scaling
From $0.02/hr
Elastic Compute Cloud (EC2)
Basic unit of compute capacity
Range of CPU, memory & local disk options
13 Instance types available, from micro to cluster compute
Feature Details
Flexible Run windows or linux distributions
Scalable Wide range of instance types from micro to cluster compute
Machine Images
Configurations can be saved as machine images (AMIs) from which new
instances can be created
Full control Full root or administrator rights
Secure Full firewall control via Security Groups
Monitoring Publishes metrics to Cloud Watch
Inexpensive On-demand, Reserved and Spot instance types
VM Import/Export Import and export VM images to transfer configurations in and out of EC2
46. Compute Storage
AWS Global Infrastructure
Database
App Services
Deployment & Administration
Networking
Compute
Auto-scaling
Automatic provisioning of compute resources based upon
demand, configuration or schedule
Trigger auto-
scaling policy
Feature Details
Control
Define minimum and maximum instance pool sizes and when scaling and
cool down occurs
Integratedto CloudWatch Use metrics gathered by CloudWatch to drive scaling
Instance types Run auto scaling for on-demand instances and spot. Compatible with VPC
aws autoscaling create-auto-scaling-group
--auto-scaling-group-name MyGroup
--launch-configuration-name MyConfig
--availability-zones eu-west-1a
--min-size 4
--max-size 200
47. Compute Storage
AWS Global Infrastructure
Database
App Services
Deployment & Administration
Networking
Compute
Elastic Load Balancing
Create highly scalable applications
Distribute load across EC2 instances in multiple
availability zones
Feature Details
Auto-scaling Automatically scales to handle request volume
Available Load balance across instances in multiple availability zones
Health checks
Automatically checks health of instances and takes them in or out of
service
Session stickiness Route requests to the same instance
Secure sockets layer
Supports SSL offload from web and application servers with flexible
cipher support
Monitoring Publishes metrics to Cloud Watch
48. Compute Storage
AWS Global Infrastructure
Database
App Services
Deployment & Administration
Networking
Storage
S3 - Durable storage, any
object
99.999999999% durability of objects
Unlimited storage of objects of any type
Up to 5TB size per object
Feature Details
Flexible object store Buckets act like drives, folder structures within
Access control Granular control over object permissions
Server-side encryption 256bit AES encryption of objects
Multi-part uploads Improved throughput & control
Object versioning Archive old objects and version new ones
Object expiry Automatically remove old objects
Access logging Full audit log of bucket/object actions
Web content hosting Serve content as web site with built in page handling
Notifications Receive notifications on key events
Import/Export Physical device import/export service
49.
50. Compute Storage
AWS Global Infrastructure
Database
App Services
Deployment & Administration
Networking
Storage
Elastic Block Store
High performance block storage device
1GB to 1TB in size
Mount as drives to instances
Feature Details
High performance file system Mount EBS as drives and format as required
Flexible size Volumes from 1GB to 1TB in size
Secure Private to your instances
Available Replicated within an Availability Zone
Backups Volumes can be snapshotted for point in time restore
Monitoring Detailed metrics captured via Cloud Watch
51. Compute Storage
AWS Global Infrastructure
Database
App Services
Deployment & Administration
Networking
Database
Relational Database Service
Database-as-a-Service
No need to install or manage database instances
Scalable and fault tolerant configurations
Feature Details
Platform support Create MySQL, PostgreSQL, Microsoft SQL Server and Oracle RDBMS
Preconfigured Get started instantly with sensible default settings
Automatedpatching Keep your database platform up to date automatically
Backups Automatic backups and point in time recovery and full DB backups
Backups Volumes can be snapshotted for point in time restore
Failover Automated failover to slave hosts in event of a failure
Replication
Easily create read-replicas of your data and seamlessly replicate data
across availability zones
52. Compute Storage
AWS Global Infrastructure
Database
App Services
Deployment & Administration
Networking
Database
Amazon Relational Database Service (Amazon RDS)
databases stores forum threads, site content, and
project configuration data.
High availability Multi-AZ database deployment to
handle live game metadata and user-generated
content.
Enterprise-grade fault tolerance for protecting
customer data.
By managing time-consuming database
administration tasks, Amazon RDS allows SEGA to
focus on business critical applications.
53. Compute Storage
AWS Global Infrastructure
Database
App Services
Deployment & Administration
Networking
Database
DynamoDB
Provisioned throughput NoSQL database
Fast, predictable performance
Fully distributed, fault tolerant architecture
Feature Details
Provisioned throughput Dial up or down provisioned read/write capacity
Predictable performance Average single digit millisecond latencies from SSD backed infrastructure
Strong consistency Be sure you are reading the most up to date values
Fault tolerant Data replicated across availability zones
Monitoring Integrated to Cloud Watch
Secure Integrates with AWS Identity and Access Management (IAM)
Elastic MapReduce Integrates with Elastic MapReduce for complex analytics on large datasets
54. Compute Storage
AWS Global Infrastructure
Database
App Services
Deployment & Administration
Networking
Database
Redshift
Managed Massively Parallel Petabyte Scale Data
Warehouse
Streaming Backup/Restore to S3
Extensive Security
2 TB -> 1.6 PB
RDS Dynamo
DB
Redshift
55. Compute Storage
AWS Global Infrastructure
Database
App Services
Deployment & Administration
Networking
Application Services
CloudFront
World-wide content distribution network
Easily distribute content to end users
with low latency, high data transfer
speeds, and no commitments.
Feature Details
Fast
Multiple world-wide edge locations to serve content as close to your
users as possible
Integrated with other services Works seamlessly with S3 and EC2 origin servers
Dynamic content Supports static and dynamic content from origin servers
Streaming
Supports rtmp from S3 and includes support for live streaming from
Adobe FMS and Microsoft Media Server
London
Paris
NY
Served from S3
/images/*
3
Served from EC2
*.php
2
Single CNAME
www.mysite.com
1
56. Compute Storage
AWS Global Infrastructure
Database
App Services
Deployment & Administration
Networking
Application Services
Amazon SQS
Processing
task/processing trig
Processing results
Amazon SQS
Reliable, highly scalable, queue
service for storing messages as they
travel between instances
Feature Details
Reliable Messages stored redundantly across multiple availability zones
Simple Simple APIs to send and receive messages
Scalable Unlimited number of messages
Secure Authentication of queues to ensure controlled access
57. Task A
Task B
(Auto-scaling)
Task C
2
3
1
Compute Storage
AWS Global Infrastructure
Database
App Services
Deployment & Administration
Networking
Application Services
Feature Details
Process state
Maintain application state across complex workflows in a reliable and
available manner
Tracking Tracks executions and log process for audit purposes
Consistency
Ensures processing tasks are executed and duplicity of events does not
occur
Simple Simple Decider and Task programming model for rapid integration
Simple Workflow
Reliably coordinate processing steps across
applications
Integrate AWS and non-AWS resources
Manage distributed state in complex systems
58.
59.
60.
61. Compute Storage
AWS Global Infrastructure
Database
App Services
Deployment & Administration
Networking
Deployment & Admin
Elastic Beanstalk
One-click deployment from Eclipse, Visual Studio and Git
Rapid deployment of applications
All AWS resources automatically created
Feature Details
Platform support Containers for Java, .net and PHP
Resource creation
Creates load balancer, instances, autoscaling and monitoring
automatically
Monitoring & Logs Integrated with Cloud Watch and consolidates server logs
Versioning Manage versions of applications and easily rollback deployments
Notifications Receive alerts on key events
Full resource access Access all underlying AWS resources as necessary
62. Compute Storage
AWS Global Infrastructure
Database
App Services
Deployment & Administration
Networking
Deployment & Admin
OpsWorks
DevOps focused managed application stacks
Underlying Chef recipes allow for complete customisation
Feature Details
Platform support
Chef recipes allows for community expansion for platform components
such as Solr, NgniX etc
Resource creation
Customizable deployments, rollback, partial deployments, patch
management, automatic instance scaling, and auto healing
Layered Manage logical application layers and combine into stacks.
63. Compute Storage
AWS Global Infrastructure
Database
App Services
Deployment & Administration
Networking
Cloud Formation
Automate creation of ‘stacks’ in a repeatable way
Scripting framework for AWS resource creation
Feature Details
Platform support Support for AWS resources from EC2 to IAM
Resource creation Creates AWS resources behind the scenes and reports on progress
Declarative Specify stacks in JSON format and source control your environments
Customizable Drive stack creation with parameters
Deployment & Admin
64. Compute Storage
AWS Global Infrastructure
Database
App Services
Deployment & Administration
Networking
Deployment & Admin
Identity & Access Management
Granular control of user rights with AWS
Automated granting of EC2 service rights
Software Developer Kits
Comprehensive support of programming models for using AWS
services
65. + others
Cloud Search
Simple Email Service
Simple Notification Service
ElastiCache (Memcache & Redis)
Elastic MapReduce
CloudWatch
…and more to come!
67. Foundation Services
Compute Storage Database Networking
AWS Global Infrastructure
Regions
Availability Zones
Edge Locations
Amazon
Shared responsibility
68. Foundation Services
Compute Storage Database Networking
Client-side Data Encryption & Data
Integrity Authentication
Server-side Encryption
(File System and/or Data)
Network Traffic Protection
(Encryption/Integrity/Identity)
Platform, Applications, Identity & Access Management
Operating System, Network & Firewall Configuration
Customer Data
Amazon
Shared responsibility
You
AWS Global Infrastructure
Regions
Availability Zones
Edge Locations
69. Certifications
SOC 1 Type 2 (formerly SAS-
70)
ISO 27001
PCI DSS for EC2, S3, EBS,
VPC, RDS, ELB, IAM
FISMA Moderate Compliant
Controls
HIPAA & ITAR Compliant
Architecture
Physical Security
Datacenters in nondescript
facilities
Physical access strictly
controlled
Must pass two-factor
authentication at least twice for
floor access
Physical access logged and
audited
HW, SW, Network
Systematic change
management
Phased updates deployment
Safe storage decommission
Automated monitoring and self-
audit
Advanced network protection
Security standards
http://aws.amazon.com/security
79. Ask questions
(it will fill time when we wait for things to launch)
There will be a recording of this demo on
YouTube, so don’t worry if you miss anything
91. Public Key
Inserted by Amazon into
each EC2 instance that you
launch
Private Key
Downloaded and stored by
you
EC2
Instance
Comms secured
with private key
93. Some php code that gets the data
<?php
// get the instance id
$url = "http://169.254.169.254/latest/meta-data/instance-id";
$instance_id = file_get_contents($url);
// get the AZ where the instance is running
$url = "http://169.254.169.254/latest/meta-data/placement/availability-zone";
$zone = file_get_contents($url);
// get the security group it is in
$url = "http://169.254.169.254/latest/meta-data/security-groups";
$group = file_get_contents($url);
// get the public DNS name
$url = "http://169.254.169.254/latest/meta-data/public-hostname";
$hostname = file_get_contents($url);
?>
106. Describes what Auto Scaling
will create when adding
Instances
AMI
Instance Type
Security Group
Instance Key Pair
Only one active launch configuration
at a time
Auto Scaling will terminate instances
with old launch configuration first
rolling update
Auto Scaling managed grouping
of EC2 instances
Automatic health check to maintain
pool size
Automatically scale the number of
instances by policy – Min, Max,
Desired
Automatic Integration with ELB
Automatic distribution & balancing
across AZs
Parameters for performing an
Auto Scaling action
Scale Up/Down and by how much
ChangeInCapacity (+/- #)
ExactCapacity (#)
ChangeInPercent (+/- %)
Cool Down (seconds)
Policy can be triggered by
CloudWatch events
Launch Configuration Auto-Scaling Group Auto-Scaling Policy
In this webinar I am going to introduce Amazon Web Services, also known as AWS, and some of the fundamental concepts behind the Amazon Cloud. ----- Meeting Notes (11/02/2014 10:02) -----Say HelloWelcome to this AWS 101Introduce myself and the rest of the AWS team (SAs)What will we cover?
Amazon Web Services is part of Amazon.com. Most of us at some point in time have used the online amazon retail store to buy books, cd's and gifts for friends and family. There are three parts to the amazon business: Our retail consumer business where amazon stocks and ships many thousands of different products, our seller business that enables retailers to sell through the same world class online store as amazon, and finally amazon web services, our IT infrastructure business.
We are often asked the question: how did Amazon get into cloud computing? Amazon is really good at providing an immense selection of products, and of shipping those products to customers efficiently. But behind that online capability lies years of experience in providing technical services to the business that ensures our online stores are secure, fast, always available and capable of meeting huge seasonal demand.
So in 2006 Amazon Web Services was born. It's mission was clear: to enable businesses and developers to use web services to scalable sophisticated applications. It's interesting to note that what we called Web Services, has now morphed into a common term 'the Cloud'. Amazon Web Services is and always has been a distinct and individual Amazon organisation.
As such let's dispel an urban myth
: AWS is not running on excess amazon.com server capacity. Come xmas and when Amazon.com is undergoing a seasonal spike in load, Amazon does not reclaim computing to finalise orders! There are hundreds of thousands of businesses running on Amazon Web Services ranging in size from the smallest startup to multi-national companies. Indeed, Amazon.com also uses AWS. It's a strategic business for Amazon.
And scale is something AWS is used to dealing with. The Amazon Simple Storage Service, S3, recently passed 1 trillion objects in storage, with a peak transaction rate of 750 thousand per second. That's a lot of objects, all stored with 11 9's of durability.
To help understand why Amazon Web Services and Cloud Computing are changing IT delivery, a nice comparison to make is that of a utility like electricity. When electricity was discovered businesses would generate their own, using steam generators to power factories. When electricity was brought together under a national system of supply, it was no longer necessary for everyone to generate their own and buy and maintain their generators, you could simply tap into the grid and use what you needed, paying only for what you did use, and be assured that the electricity you consumed was consistent and always available.
Utility computing brings those same benefits to the deliver of IT - the factories of many businesses.
By taking the services delivered from traditional data centers and wrapping them all in a consistent programming interface, or API,
services that are normally expensive to manage or difficult to use become available on-demand, in a uniform and available way, and only paid for when used. Just like electricity.This is what AWS does. It takes away the hard work from providing infrastructure IT services and makes them available to anyone on a pay as you go basis.
And just like an electricity grid, where you would not wire every factory to the same power station, the AWS infrastructure is global, with multiple regions around the globe from which services are available. This means you have control over things like where you applications run, where you data is stored, and where best to serve your customers from.
Let's take a quick look at what that means with a tangible example. Here, two commands are issued against AWS to create servers, or EC2 instances, in two zones in the EU. We're creating 8 instances of differing sizes, running geopgrahically distinct for availability purposes, all from 2 simple commands. Once booted, in a matter of a minute or two, those server instances are available to you to run your own applications on. Amazon has done the heavy lifting for you, so you can focus on using the compute resources available to you.
And of course, all of this functionality is available through a web console, so whether you want to drive the cloud by the click of a mouse or the call of an API, the power is at your disposal.
Traditional IT capacity planning, by the very nature of the logistics of acquiring hardware, installation, configuration and networking, has to take a forward looking view. Complex estimates of the utilisation of resources are made in order to handle the peaks you anticipate. Shown here in red is the level of resources a business needs to install in order to handle the peak needs of a service. Demand on that service might vary by the time of day, week, month or year, or be driven by exceptional demand driven by promotions or seasonal events.
There are many patterns of usage that make capacity planning a complex science. From on and off usage patterns, where capacity is only needed at fixed times and not at others, fast growth where an online service becomes so successful that step changes in traditional capacity need to be added, variable peaks - where you just don't know what demand will be when and best guess applies, to predictable peaks such as during commute times as customers use mobile devices to access your service.
Each of these examples is typified by wasted IT resources. Where you planned correctly, the IT resources will be over provisioned so that services are not impacted and customers lost during high demand. In the worst cases, that capacity will not be enough, and customer dissatisfaction will result. Most businesses have a mix differing patterns at play, and much time and resource is dedicated to planning and management to ensure services are always available. And when a new online service is really successful, you often can't ship in new capacity fast enough. Some say that's a nice problem to have, but those that have lived through it will tell you otherwise!
You control how and when your service scales, so you can closely match increasing load in small increments, scale up fast when needed, and cool off and reduce the resources being used at any time of day. Even the most variable and complex demand patterns can be matched with the right amount of capacity - all automatically handled by AWS.
Elasticity works from just 1 EC2 instance to many thousands. Just dial up and down as required.
Back in 2008, they launched a Facebook application that lets people tell their friends when they've uploaded a video that includes that friend. When people saw the music videos their friends created when the application shared it with them, they wanted to go out and create their own videos. Shortly after launching their social networking modification, they were featured on Techcrunch. As you can imagine, this brought them a lot of unexpected traffic. In the course of 3 days, they went from running on 40 instances to 5,000 instances. Because they were using Amazon Web Services, they were able to handle all of this incoming traffic without having to do a thing. AWS managed it all for them.
Examining AWS, you’ll see that the same security isolations are employed as would be found in a traditional datacenter. These include physical datacentre security, separation of the network, isolation of the server hardware, and isolation of storage. AWS customers have control over their data: they own the data, not us; they can encrypt their data at rest and in motion, just as they would in their own datacenter. Amazon Web Services provides the same, familiar approaches to security that companies have been using for decades. Importantly, it does this while also allowing the flexibility and low cost of cloud computing. There is nothing inherently at odds about providing on-demand infrastructure while also providing the security isolation companies have become accustomed to in their existing, privately-owned environments.AWS is a secure, durable technology platform with industry-recognized certifications and audits: PCI DSS Level 1, ISO 27001, FISMA Moderate, HIPAA, SAS 70 Type II. Our services and data centers have multiple layers of operational and physical security designed to protect the integrity and safety of your data. Visit our Security Center to learn more http://aws.amazon.com/security/.Certifications and Accreditations: AWS has successfully completed a SAS70 Type II Audit, and will continue to obtain the appropriate security certifications and accreditations to demonstrate the security of our infrastructure and services. PCI DSS: We finalized our 2011 PCI compliance audit, publishing our extensive Report on Controls (ROC) with an expanded scope. Our new November 30, 2011 PCI Attestation of Compliance, a document from our auditor stating we are compliant with all 12 PCI security standard domains, is available now for customers considering or working on moving PCI systems to AWS. The new Attestation of Compliance document includes some key changes this year: This year we’ve added RDS, ELB, and IAM as in-scope services. The addition of these services is fantastic news for PCI customers since they can now leverage RDS to store cardholder and transaction data, use ELB to manage card transaction traffic, and rely on IAM features as validated control mechanisms that satisfy PCI security standard requirements. Consistent with last year, EC2, S3, EBS, and VPC continue to be in scope. Physical Security: Amazon has many years of experience in designing, constructing, and operating large scale data centers. AWS infrastructure is housed in Amazon-controlled data centers throughout the world. Only those within Amazon who have a legitimate business need to have such information know the actual location of these data centers, and the data centers themselves are secured with a variety of physical barriers to prevent unauthorized access.Secure Services: Each of the services within the AWS cloud is architected to be secure and contains a number of capabilities that restrict unauthorized access or usage without sacrificing the flexibility that customers demand. Data Privacy: AWS enables users to encrypt their personal or business data within the AWS cloud and publishes backup and redundancy procedures for services so that customers can gain greater understanding of how their data flows throughout AWS.“In essence, the security system of AWS’s platform has been added to our existing security systems. We now have a security posture consistent with that of a multi-billion dollar company.” - Jim Warren, CIO, Recovery Accountability and Transparency Board (RATB)