Sei sulla pagina 1di 129

AWSOME DAY

ONLINE

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Course Goals
Goals Audience
Value proposition Sales
Global infrastructure Legal
Foundational services Marketing
Next-level services Business ana
Security and compliance Project mana
AWS Academ
Other IT-rela

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Course Modules

1. Welcome to the AWS Cloud


2. Leveraging AWS Global Infrastructure
3. AWS Networking: Configure your Security
4. AWS Compute: Launch your Infrastructure
5. AWS Storage: Store your Data
6. Beyond Servers & Storage: Monitoring, Scaling
7. AWS Databases and Automations
8. AWS Security, Identity Management, and Com
9. Conclusions and Next Steps

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Agenda
9:00 AM – 9:20 AM 11:25 AM – 11:40 AM
Welcome to the AWS Cloud Presenter Demo: Con
9:20 AM – 9:35 AM 11:40 AM – 11:45 AM
Leveraging the AWS Global Infrastructure
11:45 AM – 12:10 PM
9:35 AM – 9:00 AM - Break Monitoring, Autoscali
9:40 AM - 10:05 AM 12:10 PM – 12:30 PM
AWS Networking: Configure Your Security AWS Database Servic

10:05 AM – 10:30 AM 12:30 PM - 12:40 PM


AWS Compute: Launch Your Infrastructure Presenter Demo: Crea
Application
10:30 AM – 10:45 AM
Presenter Demo: Launch a Web Server 12:40 PM – 12:45 PM

10:45 PM – 10:50 AM - Break 12:45 PM – 1:15 PM


AWS Security, Identit
10:50 AM – 11:25 AM
AWS Storage: Store Your Data 1:15 PM – 1:30 PM
Conclusions and Next

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
7

Today’s Presenter
Scott Jones
Sr. Technical Trainer
Boston, MA, USA

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
What is the Cloud (First Glance)?

On-Premises IT In

Servers Clou
Storage
Serv
Databases
Data
Applications

Corp
Network Inte

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
How Does it Work?
• AWS owns and maintains the network-connect
• You provision and use what you need

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Cloud Computing Models
Infrastructure as a Service (IaaS)

Platform as a Service (PaaS)

Software as a Service (Saa

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Cloud Deployment Models

Private Hybrid

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Trade Capital Expense for Variable Expense

Capital

Data center investment Pay only


based upon forecast you

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Benefit from Massive Economies of Sc
Because of aggregate usage from all customers, AWS can ac
higher economies of scale, and pass savings on to custom

Savings

Economies of Scale

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Stop Guessing Capacity

Overestimated Underestimated
server capacity server capacity

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Increase Speed and Agility

Weeks between wanting Minutes b


resources and having resources resources an

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Stop Spending Money on
Running and Maintaining Data Centers

Investment

Running data centers


Bus
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Go Global in Minutes

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Security

Keep your data safe

Meet compliance requirem

Save money

Scale quickly
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
What is the AWS Cloud?

Compute Storage Database

Networking & Content Delivery Developer Tools Management Tools

Security, Identity & Compliance Analytics Machine Learning

AR & VR Application Integration Customer Engagement

Desktop & App Streaming Internet of Things


© 2019, Game
Amazon Web Services, Inc. or its affiliates. All Development
rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Choose Your Location

AWS GOVCLOUD IRELAND SWEDEN


(US-EAST)

CANADA
3
3
OHIO
LONDON
3 3 FRANKFURT
OREGON 2 3
4 3 3 PARIS MILAN (Coming soon)
3 3 NING
N. CALIFORNIA 6
N. VIRGINIA
BAHRAIN (Coming soon)
AWS GOVCLOUD (US-WEST)
2
MUMBAI

# AWS Regions SINGAP

#
JAKARTA (Co
Availability Zones
3
CAPE TOWN (Coming so
Planned Regions SÃO PAULO

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Availability Zones
ap-southeast-1
(Singapore)

datacenter(s) datacenter(s)

ap-southeast-1a ap-southeast-1b

datacenter(s)

ap-southeast-1c

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Edge Locations

Edge Locations

Multiple Edge Locations

Regional Edge Caches

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Three Ways to Interact with AWS
AWS Management Console
Easy-to-use graphical interface

Command Line Interface (AWS CLI)


Access to services via discrete command

Software Development Kits (SDKs)


Access services in your code

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Management Console

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS CLI

• Open source tool for


interacting with AWS services

• Environments
• Linux
• MacOS
• Windows

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS SDKs

JavaScript Go
Python Node
PHP C++
.NET Java
Ruby

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Amazon Virtual Private Cloud (Amazon

(IP Range for VPC)

Public
Internet Instances Instances

Public Subnet Private Subnet

Availability Zone A

Region

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Security Groups
Inboun
Source
0.0.0.0
0.0.0.0

Instance
Instance
Security Inboun
Group B
Source
ID of
Instance
Instance
Security
Group A Security
Group C
Inboun
Public Subnet Private Subnet Source
ID of S

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Security Group Details

Only “allow” rules; no “deny” rule


Default values:
No inbound traffic allowed
All outbound traffic allowed
Stateful:
Allows responses from allowed inbound t

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Security Groups Example
Inbou
Sourc
0.0.0.0
0.0.0.0
10.0.1

WWW Servers App Servers DB Servers


Inbou

SG-Web-Tier SG-App-Tier SG-DB-Tier Sourc


ID of S
MyPublicSubnet MyPrivateSubnet
(10.0.0.0/24) (10.0.1.0/24) 10.0.1

Corp Inbou
(10.0.16.0/20)
Sourc
Public
ID of S
internet
10.0.1

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Topic Summary

• Amazon VPC is a logically isolated section of t


in which you can launch AWS resources in a vi
defined by you.
• Security groups act as a virtual firewall at the
control inbound and outbound traffic.

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
What is Amazon EC2?

 Application server
 Web server
 Database server
 Game server
 Mail server
 Media server
 Catalog server
 File server
 Computing server
 Proxy server

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Benefits of Amazon EC2

• Elasticity
• Control
• Flexibility
• Integrated
• Reliable
• Secure
• Inexpensive
• Easy

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
What’s Your Use Case?

General Compute Memory Ac


Purpose Optimized Optimized Co
R5, R4, X1e,
Instance T3, T2, M5, X1,L, z1d,
C5, C4 P3
Types M5A, M4 High Memory
Instances

High In-memory
Use Case Broad performance databases

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Choosing the Right
Amazon EC2 Instances
• EC2 Instance types are optimized for different use cases
come in multiple sizes. This allows you to optimally scal
your workload requirements.
• AWS utilizes Intel® Xeon® processors for EC2 Instances p
customers with high performance and value.
• Consider the following when choosing your instances: co
memory size, storage size & type, network performance
requirements & CPU technologies.
• Hurry Up & Go Idle - A larger compute instance can save
money, therefore paying more per hour for a shorter am
be less expensive.

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
EC2 Instances Powered by Intel Technolog

Compute Optimized General Purpose Memory Optimized


EC2 Instance
Type C5 C4 M5 M4 T2 X1 X1e

Xeon Xeon Xeon E5


Xeon E5 Xeon Xeon E7 Xeon E7
Intel Processor Platinum Platinum 2686 v4
2666 v3 Family 8880 v3 8880 v3
8175M 8175M 2676 v3

Intel Processor Broadwell


Skylake Haswell Skylake Yes Haswell Haswell
Technology Haswell

Intel AVX Yes Yes Yes Yes Yes Yes Yes

Intel AVX2 Yes Yes Yes Yes - Yes Yes

Intel AVX-512 Yes - Yes - - - -

Intel Turbo Boost Yes Yes Yes Yes Yes Yes Yes

SSD SSD
Storage EBS-only EBS-only EBS-only EBS-only EBS-only
EBS-Opt EBS-Opt

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
C5: Compute Optimized Instances
Based on 3.0 GHz Intel Xeon
Processors (Skylake)
25% price/performance improvement over Up to 72 vCPUs and 144 GiB
C4 (2:1 Memory:vCPU ratio)
25 Gbps NW bandwidth
Support for Intel AVX-512

“We saw significa


Amazon EC2 C5, w
improvement in in
over C4.”

“We are eager to


c5.18xlarge insta
processing time o
C4 C5
than 30%.”

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
How Much Do You Need?

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
What’s Your Platform?

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
What’s Your Storage Requirement?

• Persistent block storage for instances Bill


• Protected through replication Storage provisioned…

• Different drive types


• Scale up or down in minutes
• Pay for only what you provision
Solid State Driv
• Snapshot functionality Provisioned
General Pur
• Encryption available Hard Disk Drive
Throughput
Cold HDD (s
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Other compute services

Amazon Elastic Container Service


Run and Manage Docker Containers

Amazon Elastic Container Service for


Run Managed Kubernetes on AWS
AWS Fargate
Run Containers without Managing Se

VMware Cloud on AWS


Build a Hybrid Cloud without Custom

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
What’s Your Storage Use Case?

Amazon EBS Persistent block storage for Amazon EC2

Amazon S3 Regionally distributed, web-enabled object storage

Amazon Glacier Long-term record storage for archive and regulato

Amazon EFS Sharable, network-attached file storage

AWS Storage Gateway AWS extension of your on-premises storage

Cloud Data Migration Services Efficient data migration options


© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
What is Amazon S3?

• Data is stored as objects within bucke


• Unlimited storage
• Single object limited to 5TB
• 99.999999999% durable
• Granular access to bucket and object

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Amazon S3 Core Functionality

Fast, durable, highly available key-based acces


Object storage built to store and retrieve data
Not a file system

Amazon S3
Client

CLI sends GET request via S3 API 

 Object returned

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Amazon S3 Common Use Scenarios

Backup and storage

Application hosting
Amazon S3 Buc
Media hosting

Software delivery Amazon


EC2 Corporate
Instances Datacenter

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Not Just a Storage Bucket

Requester pays

Versioning

Hosting static websites

Object lifecycle managemen

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
What is Amazon Glacier?

• Low-cost data archiving and


long-term backup On-pr
ser
EC2 instances
• Expedited, Standard and Bulk
retrieval options*

• Can configure lifecycle


archiving of Amazon S3
content to Amazon Glacier

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Amazon Glacier Use Cases

Media asset workflows

Healthcare information archi

Regulatory and compliance a

Scientific data storage

Digital preservation

Magnetic tape replacement

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Amazon Glacier Vault Lock Policy

• Deploy and enforce co


on individual Amazon
• Vault becomes immut

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Module Summary

EC2 EBS
Instance Volume

EC2 EBS
Instance Volume

Security Group

Public Subnet Private Subnet

Availability Zone A Availability Zone

Region

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Going Beyond Servers and Storage
Your Goal

Deploy highly available applications that scale with demand

Have complete visibility of your cloud resources and applications


Run a highly available and scalable Domain Name System (DNS) web service
Run SQL or NoSQL databases without the management overhead
Run code without managing servers
Deliver your content across a massively scaled and globally available network
Rapidly build a project on AWS
Deploy your application in the simplest way possible
Programmatically deploy repeatable infrastructure
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Why Scaling Matters

Overestimated
server load

Underestimated • Scale
server load • Scale
• Repla
• Pay o

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
The Tools of Auto Scaling

Instance Instance Instance Instance

Elastic
Load Auto Scaling group
Balancing
(ELB)

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
ELB as a Service

Instance Instance Instance Instance In

ELB
Auto Scaling group

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
ELB Features

Automatically distribute traffic across multipl

High availability

Health checks

SSL/TLS termination

Operational monitoring
Instance Instanc

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Types of Load Balancers
Application Load Balancer Network Load Balancer
(ALB) (NLB)

HTTP
TCP
HTTPS

• Flexible application management • Extreme performance and static IP for •F


• Advanced load balancing of HTTP and your application C
HTTPS traffic • Load balancing of TCP traffic •O
• Operates at the request level • Operates at the connection level (Layer co
(Layer 7) 4)

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Application Load Balancer Use Cases

Application Load
Balancer
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Amazon EC2 Auto Scaling

Instance Instance Instance Instance Inst

Elastic
Load Auto Scaling group
Balancer

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Dynamic Scaling with EC2 Auto Scaling
Follow the demand curve for your applica

Select a load metric for Max 10


your application Min 2
Desired 10
6
2
instance ins
Conditional and/or
scheduled
Can be used with instance ins

CloudWatch Aut

Hig
Low
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Fleet Management with EC2 Auto Scaling

Replace impaired Amazon EC2 instances withou

Monitor the health of Max 10


running instances Min 2
Desired 10
Replace impaired instances Instance Ins

automatically
Balance capacity across
Availability Zones Instance Ins

Aut

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
What Does CloudWatch Do?

Monitors:
AWS resources
Applications running o
Collects and track met
Standard metrics
Custom metrics
CloudWatch alarms:
Send notifications
Automatically make ch
based on rules you defin

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
How CloudWatch Works

CloudWatch

AWS resources
that support CPUUtilization

CloudWatch StatusCheckFailed

PageViewCount
Available
Statistics
Custom CloudWatch Metrics

application-
specific metrics

AWS Management Console Statistics Consume

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
CloudWatch Benefits

Access all your metrics from a sing

Visibility across your applications,


infrastructure, and services

Reduce mean time to resolution (M


and improve total cost of ownersh

Drive insights to optimize applicat


and operational resources

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
What is Route 53?

https://sales.example.com

• Register domain names

• Route to your resources

• Perform health checks

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Route 53 Routing Policies

O Amazon
P
Route 53

• Simple • Geolocation
• Weighted • Geoproximity
• Latency • Multivalue
• Failover

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Doing-It-Yourself vs. AWS Database Se

• Easy to set u
• Operating system access
• Push-button
• Need features of specific
application • Focus on per
• Eliminate un
lifting

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Choose the Best Tool for the Job
Service Type Description
Amazon Relational A managed relational database in the cloud th
RDS database just a few clicks
Amazon Relational A fully managed MySQL and PostgreSQL-com
Aurora database performance and availability of enterprise dat
Amazon A Serverless, NoSQL database that delivers co
NoSQL database
DynamoDB latency at any scale
Amazon A fast, fully managed, petabyte-scale data wa
Data warehouse
Redshift traditional solutions
Amazon In-memory To deploy, operate, and scale an in-memory d
ElastiCache data store Redis in the cloud
Amazon A fast, reliable, fully managed graph database
Graph database
Neptune connected data sets
AWS Database Database Help migrating your databases to AWS easily
Migration Service migration downtime
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
What is Amazon Relational Database Service?

Easy to set up, operate, and sca

Amazon RDS Engines

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Amazon RDS Benefits

Easy to administer F

Highly scalable S

Available and durable I

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
What is Amazon Aurora?

• Enterprise-class relational database

• MySQL or PostgreSQL-compatible

• Up to 5X faster than standard MySQL d

• Up to 3X faster than standard PostgreS


• Continuous backup to Amazon S3

• Up to 15 low-latency read replicas

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
What is Amazon DynamoDB?

Fast and flexible NoSQL database service

Fully managed

Low-latency queries

Fine-grained access control

Regional and global options

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Amazon DynamoDB Use Cases

Serverless web applications


Microservices data store
Mobile backends
Ad tech
Gaming
Internet of Things (IoT)

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
What is AWS Database Migration Servi
Migrate databases to AWS quickly and secure

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
What is Lambda?
Run code without prov

AWS HTTP
SERVICES ENDPOINTS
MOBILE APPS
Upload your code to Set up your code to trigger from Lambda runs your code only w
Lambda other AWS services, HTTP triggered
endpoints, or in-app activity

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Benefits of Lambda

Bring your own code


Completely automated administ
Built-in fault tolerance
Automatic scaling
Orchestrate multiple functions
Integrated security model
Pay per use
Flexible resource model

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Lambda Example: Create Thumbnails

1
2 3

User

Source Lambda
bucket

5
Access
policy

JSON

Target
bucket 4
Lambda
function
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
What is Elastic Beanstalk?

Upload your application code


The service handles:
Resource provisioning
Load balancing
Auto scaling
Monitoring
Support applications that scale to
serve millions of users

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Elastic Beanstalk Features

• Wide selection of application platforms • Manag

• Variety of application deployment options • Scalin

• Monitoring • Custom

• Application health • Comp

• Monitoring, logging, and tracing

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
What is AWS Cloud Formation?
Model and provision all your cloud infrastructur

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS CloudFormation Example

Template-file
(YAML/JSON)
----- -- -- --- -- ----
- -- -- --- --
----- -- -- --- --
----- -- -- --- --

Int
ga
Template-file
(YAML/JSON)
----- -- -- --- -- ----
- -- -- --- --
----- -- -- --- --
----- -- -- --- --
CloudFormation Designer

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Module Summary
Elastic Load Balancing
Deploy highly available applications that scale with
Auto Scaling

Amazon CloudWatch Have complete visibility of your cloud resources and

Amazon Route 53 Run a highly available and scalable Domain Name S

AWS Database Services Run SQL or NoSQL databases without the managem

AWS Lambda Run code without managing servers

AWS Elastic Beanstalk Deploy your application in the simplest way possibl

AWS CloudFormation Programmatically deploy repeatable infrastructure

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Example: High Availability through ELB

Availability Zone

Web App
Server Server

Web App
Server Server

Availability Zone

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Example: Web Application Hosting
Amazon S3
Auto
Web Scaling
Resources Server Groups
and
Static
Content
Web
Application
Server

Amazon Load Balancer


CloudFront Web
Server

Amazon Web
Route 53
Server

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Scenario

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Security Is Our Top Priority

Designed for Constantly Highly Hig


Security Monitored Automated Ava

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Security, Identity, and Compliance Products

AWS Artifact Amazon Inspect


Amazon Inspec
AWS Certificate Manager AWS Key Manag
Amazon Cloud Directory Amazon Macie
AWS CloudHSM AWS Organizati
Amazon Cognito AWS Shield
Shield
AWS Directory Service AWS Secrets Ma
AWS Firewall Manager AWS Single Sign
Amazon GuardDuty AWS WAF
IAM
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Topics
The Shared Responsibility Model
Identity and Access Management (IAM)
Security Compliance

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Shared Responsibility
Customer Customer Data
Platform, Applications, Identity & Access Ma

Operating System, Network & Firewall Conf


Client-side Data Encryption & Data Server-side Encryption Ne
Integrity Authentication (File System and/or Data) (Enc

Foundation Services
AWS

Compute Storage Database

AWS Global Availability Zones


E
Infrastructure Regions
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Security of the Cloud

Foundation Services
AWS
Compute Storage Database

AWS Global Availability Zones


E
Infrastructure Regions

Hosts, network, software, facilities


Protection of the AWS global infrastructur
Availability of third-party audit reports

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Security in the Cloud
Customer
Customer Data
Platform, Applications, Identity & Access Man

Operating System, Network & Firewall Config


Client-side Data Encryption & Data Server-side Encryption Netw
Integrity Authentication (File System and/or Data) (Encry

Considerations
• What to store
• Which AWS services
• In what location
• In what content format and structure
• Who has access
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
What is IAM?
Securely control access to AWS resourc

Manage users and their access


AWS users

Manage roles and their permission


Roles

Manage federated users and their


Corp users

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
IAM Authentication

$ aws
AWS
CLI

AWS
SDKs
IAM
user
AWS
Management
Console

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
IAM Authorization

Full
access

Read
IAM only
group
IAM
policies

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Account Root User
Account root user has complete access to all AWS ser

Recommendations
Delete root user acce

IAM
Create an IAM user

Grant administrator a

Use IAM credentials t

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
IAM Roles

• IAM users, applicatio


services may assume
• Uses an IAM policy fo
IAM Role permissions

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Using Roles for Temporary Security Credentials

APP

EC2
instance

Assume

IAM role Amazo


polic

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
IAM – Best Practices

• Delete AWS root account access • Rotate cre


keys • Remove u
• Activate multi-factor authentication and crede
(MFA) • Monitor ac
• Only give IAM users permissions account
they need • …And mo
• Use roles for applications

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Assurance Programs

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
How AWS Helps Customers Achieve Compliance

Sharing Information Assurance P


Industry certifications • Certificatio
Security and control practices • Laws, regu
Compliance reports directly • Alignment
under NDA

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
What Is Trusted Advisor?
A service providing guidance to help you red
increase performance, and improve secu

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Trusted Advisor: Core vs. Full

Core Checks and Recommendations Full Trusted A


(included) (With Business o

Seven core checks around security • Full set of c


and performance • Notification
Service limits • Programma

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Course Summary
In this course, we covered:
The AWS Value Proposition
The AWS Global infrastructure
Several key services
Security and compliance
Fundamental architectural considerations

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Expand Your Cloud Skills with AWS

Digital Training Classroom Training


Free, self-paced Classes taught by
online courses accredited AWS
built by AWS instructors i
experts
aws.training aws.amazon.com/training aws.a

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS ILT Training Courses

AWS Technical Essentials or AWS Cloud Prac


1 day

Architecting on AWS Developing on AWS


3 days 3 days

Advanced Architecting on AWS DevOps Engineering on AWS


3 days 3 days

Migrating to AWS Big Data on AWS


2 days 3 days

Building a Serverless Datalake


Deep Learning on AWS
on AWS 3 days
1 day

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS ILT Training Courses

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Today’s Presenter
Scott Jones
Sr. Technical Trainer
Boston, MA, USA

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Thank you!
Scott Jones
scojoe@amazon.com

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Potrebbero piacerti anche