Slide 1

Slide 1 text

THE SAAS JOURNEY ON AWS_ JON TOPPER | @jtopper | he/him/his

Slide 2

Slide 2 text

$ whoami Founder/CEO/CTO The Scale Factory Working in hosting/infrastructure for 20 years Infrastructure / AWS / DevOps

Slide 3

Slide 3 text

No content

Slide 4

Slide 4 text

No content

Slide 5

Slide 5 text

THE TEAM_

Slide 6

Slide 6 text

OUR CLIENTS_

Slide 7

Slide 7 text

TODAY’S AGENDA_ Tenancy Options Relevant AWS Services Security Considerations Monitoring

Slide 8

Slide 8 text

THE SCALE FACTORY WAY_ People First Match solution to workload Leverage the AWS platform Automate Iterate

Slide 9

Slide 9 text

YOUR PRODUCT_ B2B or B2C? How many customers? Where are they? How much do they pay? Are there any regulatory considerations?

Slide 10

Slide 10 text

ARCHITECTURE CUSTOMER NEEDS (things you care about) COMPLIANCE NEEDS (things the government cares about) Features Cost Performance Availability Security Security Documentation Reporting Change Control

Slide 11

Slide 11 text

TENANCY OPTIONS All Tenants Tenant 1 Tenant 2 All Tenants Tenant 1 Tenant 2 POOL BRIDGE SILO Cost Isolation Complexity Lowest Highest

Slide 12

Slide 12 text

TENANT ISOLATION_ AWS Account Layer VPC Layer Subnet Layer Container Layer Application Layer Operational Complexity Lowest Highest Isolation Usage Transparency Cost

Slide 13

Slide 13 text

CASE STUDY_

Slide 14

Slide 14 text

BRIDGE TENANCY MODEL_

Slide 15

Slide 15 text

No content

Slide 16

Slide 16 text

LEVERAGE AWS SERVICES_

Slide 17

Slide 17 text

No content

Slide 18

Slide 18 text

Visible Invisible Value Chain Evolution Genesis Custom Product Commodity Power Customer MySQL Compute Storage Data Centre HA Scripts Monitoring Config Mgmt Networking

Slide 19

Slide 19 text

Visible Invisible Value Chain Evolution Genesis Custom Product Commodity Customer RDS Aurora

Slide 20

Slide 20 text

No content

Slide 21

Slide 21 text

RELEVANT SERVICES_ Amazon API Gateway Amazon Cognito SNS / SQS DynamoDB S3 Lambda

Slide 22

Slide 22 text

RELEVANT SERVICES_ Amazon API Gateway Amazon Cognito SNS / SQS DynamoDB S3 Lambda }Serverless

Slide 23

Slide 23 text

A CASE FOR SERVERLESS_ Scales with demand No cost for idle resources No traditional server maintenance Spend developer time on business value

Slide 24

Slide 24 text

AMAZON API GATEWAY_ OpenAPI definition Authentication / Authorization Quotas and throttling Result caching Lifecycle management Direct integration with AWS services

Slide 25

Slide 25 text

AMAZON COGNITO_ User directory Social & Enterprise identity federation MFA Role based access control Compromised credential protection

Slide 26

Slide 26 text

APPLICATION LAYER ISOLATION_

Slide 27

Slide 27 text

No content

Slide 28

Slide 28 text

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "dynamodb:GetItem", "dynamodb:BatchGetItem", "dynamodb:Query", "dynamodb:PutItem", "dynamodb:UpdateItem", "dynamodb:DeleteItem", "dynamodb:BatchWriteItem" ], "Resource": [ "arn:aws:dynamodb:us-west-2:123456789012:table/MyTable" ], "Condition": { "ForAllValues:StringEquals": { "dynamodb:LeadingKeys": ["${cognito-identity.amazonaws.com:sub}"] } } } ] }

Slide 29

Slide 29 text

FINE GRAINED POLICIES_ KMS key policies S3 bucket policies SNS Secrets Manager

Slide 30

Slide 30 text

Somebody Else's Problem

Slide 31

Slide 31 text

CASE STUDY_

Slide 32

Slide 32 text

No content

Slide 33

Slide 33 text

APPLICATION MONITORING_

Slide 34

Slide 34 text

WHAT TO MONITOR: USAGE_ Cost IO usage Storage usage CPU usage

Slide 35

Slide 35 text

Request rate Errors Performance WHAT TO MONITOR: SERVICE_

Slide 36

Slide 36 text

User activity Helpdesk load WHAT TO MONITOR: HUMAN_

Slide 37

Slide 37 text

Deployment Frequency Lead Time for Changes Time to Restore Service Change Failure Rate WHAT TO MONITOR: DEVOPS_

Slide 38

Slide 38 text

Aspect of So ware Delivery Performance* Elite High Medium Low Deployment frequency For the primary application or service you work on, how o en does your organization deploy code to production or release it to end users? On-demand (multiple deploys per day) Between once per day and once per week Between once per week and once per month Between once per month and once every six months Lead time for changes For the primary application or service you work on, what is your lead time for changes (i.e., how long does it take to go from code committed to code successfully running in production)? Less than one day Between one day and one week Between one week and one month Between one month and six months Time to restore service For the primary application or service you work on, how long does it generally take to restore service when a service incident or a defect that impacts users occurs (e.g., unplanned outage or service impairment)? Less than one hour Less than one daya Less than one daya Between one week and one month Change failure rate For the primary application or service you work on, what percentage of changes to production or released to users result in degraded service (e.g., lead to service impairment or service outage) and subsequently require remediation (e.g., require a hotfix, rollback, fix forward, patch)? 0-15%b,c 0-15%b,d 0-15%c,d 46-60% https:/ /cloud.google.com/blog/products/devops-sre/the-2019-accelerate-state-of-devops-elite-performance-productivity-and-scaling

Slide 39

Slide 39 text

CLOSING RECAP_ Design for a pooled tenancy model first Leverage the AWS services Use the AWS security features Monitoring as first class citizen

Slide 40

Slide 40 text

WHAT'S NEXT?_

Slide 41

Slide 41 text

TALK TO US ABOUT: CONSULTANCY TRAINING WELL-ARCHITECTED MIGRATION

Slide 42

Slide 42 text

Leading Well-Architected Partner Worldwide >200 Reviews Completed Since April 2018 Book a Well-Architected review today https:/ /scalefactory.com/services/well-architected/ $5,000 funding available to support improvement work

Slide 43

Slide 43 text

BREAKFAST OPS_ Monthly hosted discussion For CTOs and tech decision makers

Slide 44

Slide 44 text

Q&A_

Slide 45

Slide 45 text

KEEP IN TOUCH_ http:/ /www.scalefactory.com/ @scalefactory [email protected]