Simone Brunozzi ( @simon )
Senior Technology Evangelist, Amazon Web Services
Better, Faster, Stronger web apps
with Amazon Web Services
Slide 2
Slide 2 text
“Knowledge starts
from great questions.”
(from the previous presentation)
Slide 3
Slide 3 text
“Knowledge starts
from great questions.”
grows
grows
with inspiring answers”
with inspiring answers”
Slide 4
Slide 4 text
No content
Slide 5
Slide 5 text
BETTER
CloudSearch
Going Global
AWS Support
AWS Data Pipeline
Elastic Load Balancer
FASTER
CloudFront
DynamoDB
ElastiCache
Elastic Beanstalk
STRONGER
Security
IAM
VPC
Securing Apache/NGINX
Durability
Slide 6
Slide 6 text
BETTER FASTER STRONGER
CloudFront
DynamoDB
Security
IAM
CloudSearch
VPC
Going Global
ElastiCache
Securing Apache/NGINX
AWS Support
AWS Data Pipeline Durability
Elastic Beanstalk
Elastic Load Balancer
Slide 7
Slide 7 text
BETTER FASTER STRONGER
AWS Data Pipeline
Process/Move data
To/From AWS or on-premise sources
Scheduled intervals
Slide 8
Slide 8 text
(Video)
Slide 9
Slide 9 text
BETTER FASTER STRONGER
AWS Support
One-on-one, fast response
support channel Always available
Experienced
support engineers
x
y
Four Different plans
Slide 10
Slide 10 text
9
AWS Support: a Swiss knife
Slide 11
Slide 11 text
9
Reactive
troubleshooting
Help to get started
with AWS
Recommendations
on security, costs, and
availability Discuss architecture
and best practices
Integrate the 150+
annual AWS feature
releases
Configuration help
for a growing list of
3rd party software
AWS Support: a Swiss knife
Slide 12
Slide 12 text
AWS Support plans
Free
10
Basic
49 $ / month
Developer
(Min: 100 $)
% of your AWS
monthly bill:
10%: 0-10k
7%: 10k-80k
5%: 80k-250k
3%: 250k+
Business
(Min: 15,000 $)
% of your AWS
monthly bill:
10%: 0-150k
7%: 150k-500k
5%: 500k-1M
3%: 1M+
Enterprise
Slide 13
Slide 13 text
What do you get? (1)
11
Basic Developer Business Enterprise
YES
Customer Service 24/7/365 YES YES YES
YES
Support forums YES YES YES
YES
Documentation, guides YES YES YES
health checks
Access to Technical support E P/C/E P/C/E/TAM
-
Named contacts 1 5 Unlimited
-
Response time 12 hours 1 hour 15 minutes
-
Architecture support Building blocks Guidance App Architecture
-
Best practice guidance YES YES YES
-
Client side diagnostic tools YES YES YES
Slide 14
Slide 14 text
What do you get? (2)
12
Business Enterprise
Identity Access Management (IAM) YES YES
Direct routing to Senior Support Engineers YES YES
Third party Software Support (beta) YES YES
AWS Trusted Advisor (beta) YES YES
Infrastructure Event Management contact us YES
Direct Access to TAM (Technical Account Manager) - YES
White-Glove Case Routing - YES
Management Business Reviews - YES
Slide 15
Slide 15 text
AWS Trusted Advisor
Slide 16
Slide 16 text
AWS Trusted Advisor
in action
Slide 17
Slide 17 text
15 (Video)
Slide 18
Slide 18 text
BETTER FASTER STRONGER
AWS CloudSearch
A fully-managed search service in the cloud
Easy to integrate fast and scalable search functionality
Slide 19
Slide 19 text
BETTER FASTER STRONGER
AWS CloudSearch
A fully-managed search service in the cloud
Easy to integrate fast and scalable search functionality
• Faceted search
• Field weighting
• Stemming, Synonyms, Stop Words
• Autoscaling
• Index distribution / partition / replication
Slide 20
Slide 20 text
(Video)
Slide 21
Slide 21 text
BETTER FASTER STRONGER
Going global: AWS Regions
http://aws.amazon.com/about-aws/globalinfrastructure
(as of Jan 10th, 2013)
Regions (8) GovCloud Regions (1)
Slide 22
Slide 22 text
BETTER FASTER STRONGER
Availability Zones
http://aws.amazon.com/about-aws/globalinfrastructure
(as of Jan 10th, 2013)
Availability Zones (23)
Slide 23
Slide 23 text
BETTER FASTER STRONGER
CloudFront / Route 53
http://aws.amazon.com/about-aws/globalinfrastructure
(as of Jan 10th, 2013)
Edge Locations (39)
Dallas
(2)
St.Louis
Miami
Jacksonville
Los
Angeles
(2)
Palo
Alto
Sea>le
Ashburn
(2)
Newark
New
York
(3)
Dublin
London
(2) Amsterdam
(2)
Stockholm
Frankfurt
(2)
Paris
(2)
Singapore
(2)
Hong
Kong
(2)
Tokyo
(2)
Sao
Paulo
South
Bend
San
Jose
Osaka
Milan
Sydney
Madrid
Slide 24
Slide 24 text
BETTER FASTER STRONGER
AWS Support
http://aws.amazon.com/about-aws/globalinfrastructure
(as of Jan 10th, 2013)
Customer Service & Technical Support
Remote TAMs (Technical Account Manager)
Slide 25
Slide 25 text
BETTER FASTER STRONGER
Elastic Load Balancer
Automatically balances traffic across EC2 instances
Protocols: HTTP, HTTPS, TCP, SSL, or Custom
One or multiple Availability Zones
Automatic health checks
Slide 26
Slide 26 text
No content
Slide 27
Slide 27 text
BETTER FASTER STRONGER
CloudFront
DynamoDB
Security
IAM
CloudSearch
VPC
Going Global
ElastiCache
Securing Apache/NGINX
AWS Support
AWS Data Pipeline Durability
Elastic Beanstalk
Elastic Load Balancer
Slide 28
Slide 28 text
BETTER FASTER STRONGER
Amazon ElastiCache
Database
Web
Server
Slide 29
Slide 29 text
BETTER FASTER STRONGER
Amazon ElastiCache
Cache
Database
Web
Server
BETTER FASTER STRONGER
CloudFront
What’s new?
• New Edge locations
• Support for cookies
• Price classes (exclude edge locations based on cost)
• New access log fields
• Front End Optimization (compression, rendering, etc)
• Dynamic content from EC2 (query / cache parameters)
Slide 40
Slide 40 text
BETTER FASTER STRONGER
CloudFront
DynamoDB
Security
IAM
CloudSearch
VPC
Going Global
ElastiCache
Securing Apache/NGINX
AWS Support
AWS Data Pipeline Durability
Elastic Beanstalk
Elastic Load Balancer
Slide 41
Slide 41 text
BETTER FASTER STRONGER
Durability
EC2 internal storage: ephemeral.
EBS: redundant.
S3: designed for high durability.
Glacier, compared to S3: delayed retrieval, lower price.
RDS: backups to Amazon S3.
DynamoDB: use AWS Data Pipeline to backup to S3.
EBS: snapshots to S3.
Slide 42
Slide 42 text
BETTER FASTER STRONGER
Amazon Virtual Private Cloud (VPC)
Launch a private section of the AWS Cloud, with user-
defined network topology and security/routing rules.
Start using VPC today - No excuses.
Slide 43
Slide 43 text
(Video)
Slide 44
Slide 44 text
BETTER FASTER STRONGER
Security
[ Shared Responsibility Model ]
Slide 45
Slide 45 text
BETTER FASTER STRONGER
Security
Slide 46
Slide 46 text
BETTER FASTER STRONGER
Security
Slide 47
Slide 47 text
BETTER FASTER STRONGER
Security
Security Groups
Credentials
Encryption
Your apps
Slide 48
Slide 48 text
BETTER FASTER STRONGER
Securing Apache/NGINX
• ModSecurity (currently 2.7)
• Proper security guides (e.g. RHEL 6.0 Security Guide)
• Remove unnecessary modules / services / daemons
• SSH using a Bastion Host
• Patch / Update
• Hide version
• Use “smart” access (e.g. strong passwords / certificates)
• Run it within VPC!
Slide 49
Slide 49 text
BETTER FASTER STRONGER
IAM
Control access to AWS services and resources for your users,
with users/roles/permissions.
• Separate Master Account from everything else
• Cross-account API access
• Temporary security credentials (remember?)
• Multi-Factor Authentication (MFA)