4. Consumer Business
Milhões de clientes ativos
Operações globais em
diversos paises ao redor
do mundo
Seller"
Business
Vendas nos sites da
Amazon
Tecnologia baseada na
sua própria rede de
varejo
Alavancagem de
centros integrados de
fulfillment
Cloud
Business
Infraestrutura de nuvem
para host de aplicações
corporativass
Centenas de milhares
de clientes em mais de
190 paises
5. Amplo conjunto de recursos
computacionais que
permitem as empresas
moverem mais rapidamente
CLOUD
6.
7. Why do researchers love using AWS?
Time to Science
Access research
infrastructure in minutes
Globally Accessible
Easily Collaborate with
researchers around the world
Low Cost
Pay-as-you-go pricing
Secure
A collection of tools to
protect data and privacy
Elastic
Easily add or remove capacity
Scalable
Access to effectively
limitless capacity
8. Popular HPC workloads on AWS
Genome
processing
Modeling and
Simulation
Government and
Educational Research
Monte Carlo
Simulations
Transcoding and
Encoding
Computational
Chemistry
9.
10. A marketplace for software in the Cloud
Over 1,900 listings across
23 categories
Customers run over 70M
hours of software per month
15. Over 1 million active customers across
190 countries
800+ government agencies
3,000+ educational institutions
11 regions
28 availability zones
52 edge locations
Everyday, AWS adds enough new server capacity to support
Amazon.com when it was a $7 billion global enterprise.
23. • Resizable compute capacity in >25 instance types
• Reduces the time required to obtain and boot new server
instances to minutes or seconds
• Scale capacity as your computing requirements change
• Pay only for capacity that you actually use
• Choose Linux or Windows
• Deploy across Regions and Availability Zones for reliability
• Support for virtual network interfaces that can be attached to
EC2 instances in your VPC
36. Reserved
Make a low, one-time
payment and receive
a significant discount
on the hourly charge
For committed
utilization
Free Tier
Get Started on AWS
with free usage &
no commitment
For POCs and
getting started
On-Demand
Pay for compute
capacity by the hour
with no long-term
commitments
For spiky workloads,
or to define needs
Spot
Bid for unused
capacity, charged at
a Spot Price which
fluctuates based on
supply and demand
For time-insensitive
or transient
workloads
Dedicated
Launch instances
within Amazon VPC
that run on hardware
dedicated to a single
customer
For highly sensitive or
compliance related
workloads
67. Cloud automation allows for security agility
“Programmable infrastructure” allows
you to automate every aspect your
environment.
Security properties are “baked in,”
constantly checked via logging and
auditing, and deviations / alarms are
actionable via code
Change and speed of change become
an asset, not a liability
73. Try out our HPC CloudFormation-based demo
CfnCluster (“CloudFormation
cluster”)
Command Line Interface Tool
Deploy and demo an HPC cluster
For more info:
https://aws.amazon.com/hpc/
cfncluster
74.
75. Facilities
Physical security
Compute infrastructure
Storage infrastructure
Network infrastructure
Virtualization layer (EC2)
Hardened service endpoints
Rich IAM capabilities
Network configuration
Security groups
OS firewalls
Operating systems
Applications
Proper service configuration
Auth & acct management
Authorization policies
+ =
• Re-focus your security professionals on a subset of the problem
• Take advantage of high levels of uniformity and automation
Customer/Partner Audited
76. Web Tier
Application Tier
Database TierPorta 80 e 443
Time de Engenharia
com ssh
Todos os demais
acessos bloqueados
Acesso analítico de dados Amazon EC2
Security Group
Firewall
77. Rich control with AWS’s powerful
Identity & Access Management capabilities
Authentication:
• Multiple options including rich SAML
federation capabilities, MFA, web
identities
• Clean separation of identity from
proof of identity
• Roles are powerful and flexible
pseudo-principals that can be
assumed by other identities
• Federation scenarios
• Cross-account access
78. Network isolation with Virtual Private Cloud
Define your own address space as
extension of private network
Connect to private network with VPN
tunnel or Direct Connect
Configure Security Groups (virtual
firewalls) for all EC2 instances; update
fleet firewall rules with a single API call
Configure Network Access Control Lists
for subnet level isolation and control
79. Enhanced isolation and control with encryption
Automatic encryption with managed keys
(Key Management Service)
Dedicated hardware security modules
(Cloud HSM)
Bring and use your own keys
80. Encrypt your data prior to sending to AWS
Your applications in your
data center
Your applications in
Amazon EC2Encrypted
Data
AWS Services
S3 Glacier RedshiftEBS
82. S3 Client-Side Encryption
AmazonS3EncryptionClientwithAWSSDKs
Your key management
infrastructure
Your
applications
in your data
center
Your key
management
infrastructure in EC2
Your Encrypted Data in Amazon S3
Your application in
Amazon EC2
AWS SDK with
S3 Encryption Client
83. S3 SSE with Customer Provided Keys Works
Plaintext
PHI
Encrypted
Data
Customer
Provided KeyS3 Web Server
HTTPS
Customer
PHI
S3 Storage
Fleet
• Key is used at S3 server, then deleted
• Customer must provide same key when
downloading to allow S3 to decrypt data
Customer
Provided Key
84. S3 SSE with AWS fully managed keys
Plaintext
PHI
Encrypted
PHI
Symmetric
Data KeyS3 Web Server
HTTPS
Customer
PHI
Encrypted
Data Key
Master KeySymmetric
Data Key
S3 Storage
Fleet
A master key managed by the S3 service and
protected by systems internal to AWS in a
distinct system
85. Amazon EBS
Amazon S3
• HTTPS
• AES-256 server-side encryption
• AWS or customer provided or customer managed keys
• Each object gets its own key
• End-to-end secure network traffic
• Whole volume encryption
• AWS or customer managed keys
• Encrypted incremental snapshots
• Minimal performance overhead (utilizes Intel AES-NI)
90. How AWS Services Integrate with KMS
• 2-tiered key hierarchy using envelope
encryption
• Data keys encrypt customer data
• KMS customer master keys encrypt data
keys
• Benefits:
• Limits blast radius of compromised
resources and their keys
• Better performance
• Easier to manage a small number of master
keys than billions of resource keys
Master Key(s)
Data Key 1
S3 Object EBS
Volume
RDS
Instance
Redshift
Cluster
Data Key 2 Data Key 3 Data Key 4 Data Key 5
Your
Application
Keys encrypted
Data encrypted
KMS