Upgrade to Pro — share decks privately, control downloads, hide ads and more …

AWS a-b-c's

Andrew Best
October 13, 2015

AWS a-b-c's

A brief high-level overview of AWS's IaaS offering

Andrew Best

October 13, 2015

More Decks by Andrew Best

Other Decks in Technology


  1. Page A is for IAM › Identity and Access Management.

    › Allows you to define credentials with restricted capabilities that you can then use when working with the .net SDK / Powershell API. › Users are provisioned with a key pair that serves as your keys to your kingdom – you can only retrieve them once, so store in a safe place! / Copyright ©2014 by Readify Pty Ltd 3
  2. Page Regions and Availability Zones › AWS resources can be

    deployed into Regions, which are hosted in geographically separate locations – for example us-west-2 is in Oregon, whereas ap-southeast- 2 is in Sydney. › Each region has at least two Availability Zones, which are hosted in separate data-centres within the region, ensuring that we can provision our resources in a highly available fashion. / Copyright ©2014 by Readify Pty Ltd 4
  3. Page VPC › Virtual Private Cloud. › Is defined for

    a single region. › Defines a set of available IP addresses, subnets and routes. › They are used to isolate our EC2 instances (and other bits and bobs) from the rest of our AWS infrastructure, and control access to the internet. / Copyright ©2014 by Readify Pty Ltd 5
  4. Page VPC - Subnet › Defines a range of IP

    addresses that can be assigned to services. › Is defined for an availability zone within a region. › Instances a launched ‘into’ the subnet. › These IP addresses may be public or private, depending on the subnets preferences. › Subnets can talk to other subnets via Routing. › This controls ‘Who can I talk to?’ / Copyright ©2014 by Readify Pty Ltd 6
  5. Page VPC - Routing › Route tables are used to

    restrict or enable traffic to travel between subnets. › They also control access to the internet by allowing a subnet to be connected to an internet gateway or NAT box. › Instances in AWS are *not* connected to the internet by default – you need to ensure you have appropriate routing in place. / Copyright ©2014 by Readify Pty Ltd 7
  6. Page EC2 › Elastic Compute is virtual machines – IaaS.

    › EC2 instances are provisioned within a Subnet in a given VPC. › A range of ‘images’ are available that provide various Windows and Linux configurations out of the box. › EC2 instances are also associated with Security Groups that define what inbound and outbound connections are allowed. / Copyright ©2014 by Readify Pty Ltd 8
  7. Page EC2 - Security Groups › Security Groups define a

    group-level firewall to protect instances within the group. › ‘What language can I talk?’. › For example, you may want to allow inbound TCP over 3389 for remote desktop connectivity. › Don’t forget about your instance’s windows firewall though! / Copyright ©2014 by Readify Pty Ltd 9
  8. Page EC2 – Load Balancers › Load balancers provide an

    auto-scaling public entry point to our EC2 instance. › They can redirect traffic from given ports, terminate SSL, and check the health of instances that are enrolled in them. / Copyright ©2014 by Readify Pty Ltd 10
  9. Page EC2 – Auto scaling › Auto Scaling Groups allow

    us to automatically provision more instances on demand to meet load demand. › Instances are provisioned from a Launch Configuration which defines the ‘shape’ of the EC2 instance to launch into the ASG. / Copyright ©2014 by Readify Pty Ltd 11
  10. Page S3 › Simple Storage Solution. › Allows us to

    store files up in the clouds! › Files are stored in ‘buckets’, which is how S3 partitions content. › Can be used to host static websites. / Copyright ©2014 by Readify Pty Ltd 12
  11. Page CloudFormation › Actually has a name that almost makes

    sense! › Orchestrates the creation of AWS resources for us. › Takes the pain of ‘resiliently’ standing up / tearing down this stuff out of the process. › Processes ‘templates’ defined in JSON. / Copyright ©2014 by Readify Pty Ltd 13
  12. Page Honourable Mentions › RDS – Relational Database Service, Amazon’s

    PaaS SQL offering. › Route 53 – DNS services within AWS. › Elastic Beanstalk – PaaS compute, can be used to host IIS websites. › CloudWatch – monitoring service for your AWS resources. / Copyright ©2014 by Readify Pty Ltd 14