© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. Getting started with AWS, édition francophone. S u p I n f o , D a k a r – 7 m a i 2 0 2 2 Sébastien Stormacq Developer Advocate, AWS EMEA @sebsto /sebsto /sebsto /sebAWS

Agenda Global infrastructure Security Networking Compute Storage Q&A

AWS global platform AWS global infrastructure • 26 Regions with 84 Availability Zones • 8 Regions coming soon 310 CloudFront PoPs • 300+ edge locations • 13 Regional edge caches • 245 Countries & territories served AWS global network • Redundant 100 GbE network • 100% encrypted between facilities • Private network capacity between all AWS Regions except China

AWS Region and availability zones Region Availability zone a Availability zone b Availability zone c data center data center data center 2 or more AZs per region (new regions min 3) data center data center data center data center data center data center 1 or more data centers per AZ

Availability in parallel Component Availability Downtime X 99% (2-nines) 3 days 15 hours Two X in parallel 99.99% (4-nines) 52 minutes Three X in parallel 99.9999% (6-nines) 31 seconds

No content

AWS Identity and Access Management Security before the cloud Security in the cloud Corporate data center AWS Cloud L

IAM roles for nonhuman access AWS account Use IAM roles for access to AWS resources: • From your application running on an AWS compute environment, e.g., EC2 instance, Lambda function, etc. • To grant permission to an AWS service to access your resources (not shown) EC2 instance Lambda function Amazon S3 buckets Amazon DynamoDB table

There are many security services in AWS AWS Identity and Access Management (IAM)

No content

Private IP address range for your VPC – IPv4 • ”CIDR” range? • Classless inter-domain routing • No more class A, B, C • RFC1918 • 192.168.0.0 /16 • 172.16.0.0 /12 • 10.0.0.0 /8 • How much? • /16 • /28

Subnet Subnet Subnet Subnet VPC Availability Zone US-EAST-1A Availability Zone US-EAST-1B Amazon VPC (Virtual Private Cloud) 172.31. 172.31. 172.31. 172.31. Subnet Subnet Availability Zone US-EAST-1C 172.31. 172.31. 172.31.0.0/16: 172.31.0.1 to 172.31.255.254 = 65534 host IPs /24 = 254 hosts /20 = 4096 hosts

Subnet Subnet Subnet VPC Availability Zone US-EAST-1A Availability Zone US-EAST-1B Amazon VPC (Virtual Private Cloud) 172.31. 172.31. 172.31. 172.31. Subnet Subnet Availability Zone US-EAST-1C 172.31. 172.31. Application server security group

Subnet Subnet VPC Availability Zone US-EAST-1A Amazon VPC (Virtual Private Cloud) 172.31. 172.31. Subnet Subnet 172.31. 172.31. Web server security group Application server security group Availability Zone US-EAST-1C

What is Amazon CloudFront? CloudFront is the AWS content delivery network It securely delivers data, videos, applications, and APIs to customers globally with low latency and high transfer speeds CloudFront is integrated with AWS; physical locations are directly connected to the AWS Global Cloud Infrastructure and other AWS services It features a global network of >300 points of presence (PoPs)

Latency benefits with PoP launches Argentina 55% Latency reduction 79 ms à 35 ms Chile 73% Latency reduction 104 ms à 28 ms PoP launches ensure connectivity with majority views and redundant AWS backbone Bahrain: 40% Latency reduction 38 ms à 27 ms

Learn networking with AWS Training and Certification Free digital courses cover topics related to networking and content delivery, including Introduction to Amazon CloudFront and AWS Transit Gateway Networking and Scaling Resources created by the experts at AWS to help you build and validate cloud networking skills Validate expertise with the AWS Certified Advanced Networking – Specialty exam Visit the advanced networking learning path at aws.amazon.com/training/path-advanced-networking

No content

Easiest way to get started Create larger instances Add attached block storage Load balance your application Connect to AWS services Networking & data transfer DNS management One static IP/instance Computing power

© 2019, Amazon Web Services, Inc. or its Affiliates.

© 2019, Amazon Web Services, Inc. or its Affiliates.

AWS manages Customer manages Data source integrations Physical hardware, software, networking, and facilities Provisioning Application code Container orchestration, provisioning Cluster scaling Physical hardware, host OS/kernel, networking, and facilities Application code Data source integrations Security config and updates Network config Management tasks Container orchestration control plane Physical hardware, software, networking, and facilities Application code Data source integrations Work clusters Security config and updates, network config, firewall, and management tasks Physical hardware, software, networking, and facilities Application code Data source integrations Scaling Security config and updates Network config Management tasks Provisioning, managing scaling and patching of servers AWS Compute – from self-managed to serverless AWS Lambda Serverless functions AWS Fargate Serverless containers Amazon ECS/EKS Container-management -as-a-service Amazon EC2 Infrastructure-as-a-service Less More Opinionated

AWS manages Customer manages Data source integrations Physical hardware, software, networking, and facilities Provisioning Application code Container orchestration, provisioning Cluster scaling Physical hardware, host OS/kernel, networking, and facilities Application code Data source integrations Security config and updates Network config Management tasks Container orchestration control plane Physical hardware, software, networking, and facilities Application code Data source integrations Work clusters Security config and updates, network config, firewall, and management tasks Physical hardware, software, networking, and facilities Application code Data source integrations Scaling Security config and updates Network config Management tasks Provisioning, managing scaling and patching of servers AWS Compute – from self-managed to serverless AWS Lambda Serverless functions AWS Fargate Serverless containers Amazon ECS/EKS Container-management -as-a-service Amazon EC2 Infrastructure-as-a-service Less More Opinionated

Amazon EC2 Virtual servers in the cloud Physical servers in AWS global Regions Guest 1 Guest 2 Guest n Hypervisor Host server EC2 instances

Amazon EBS EC2 instance EBS volume EBS snapshot gp2 io1 st1 sc1 EBS SSD- backed volumes EBS HDD- backed volumes Amazon S3 Block storage as a service Create, attach, modify through an API Select storage and compute based on your workload Detach and attach between instances Choice of magnetic and SSD-based volume types Supports snapshots: Point-in-time backup of modified volume blocks

Amazon EC2 instance store Local to instance Nonpersistent data store Data not replicated (by default) No snapshot support SSD or HDD Physical host machine EC2 instances Instance store or

Amazon EC2 14+ years ago… Scale up or down quickly, as needed Pay for what you use “One size fits all” M1

Amazon EC2 instance characteristics M5d.xlarge Instance family Instance generation Instance size Instance type CPU Memory Storage Network performance Additional capabilities

Categories Capabilities Options Broadest and deepest platform choice General purpose Burstable Compute intensive Memory intensive Storage (high I/O) Dense storage GPU compute Graphics intensive Amazon Elastic Block Store Amazon Elastic Inference 270+ instance types for virtually every workload and business need Choice of processor (AWS, Intel, AMD) Fast processors (up to 4.0 GHz) High-memory footprint (up to 12 TiB) Instance storage (HDD and NVMe) Accelerated computing (GPUs and FPGA) Networking (up to 100 Gbps) Bare metal Size (Nano to 32xlarge) How do you select the right instance to launch and optimize?

Instance Discovery AWS Compute Optimizer New search and discovery experience to easily find EC2 instance types Quicker and easier for you to find and compare different instance types and project costs Machine learning–based service that recommends optimal AWS resources Recommends optimal EC2 instances and Amazon EC2 Auto Scaling group config Lower costs Optimize performance Get started quickly

No content

AWS manages Customer manages Data source integrations Physical hardware, software, networking, and facilities Provisioning Application code Container orchestration, provisioning Cluster scaling Physical hardware, host OS/kernel, networking, and facilities Application code Data source integrations Security config and updates Network config Management tasks Container orchestration control plane Physical hardware, software, networking, and facilities Application code Data source integrations Work clusters Security config and updates, network config, firewall, and management tasks Physical hardware, software, networking, and facilities Application code Data source integrations Scaling Security config and updates Network config Management tasks Provisioning, managing scaling and patching of servers AWS Lambda Serverless functions AWS Fargate Serverless containers Amazon ECS/EKS Container-management -as-a-service Amazon EC2 Infrastructure-as-a-service Less More Opinionated AWS Compute – from self-managed to serverless

Containers and Docker A container is a standard unit of software that packages up code and all its dependencies so the application runs quickly and reliably from one computing environment to another.1 1 https://www.docker.com/resources/what-container Server Operating System Docker Engine App A App B App C App D

Amazon ECS Development cluster Container instance Container instance Container instance Production cluster Container instance Container instance Container instance Amazon Elastic Container Service (Amazon ECS) Container Container Volume Task definition Amazon Elastic Container Registry

ECS agent Docker agent OS Amazon Elastic Compute Cloud (Amazon EC2) instance ECS agent Docker agent OS EC2 instance ECS agent Docker agent OS EC2 instance Amazon Elastic Container Service (Amazon ECS)

Kubectl EKS Architecture

AWS manages Customer manages Data source integrations Physical hardware, software, networking, and facilities Provisioning Application code Container orchestration, provisioning Cluster scaling Physical hardware, host OS/kernel, networking, and facilities Application code Data source integrations Security config and updates Network config Management tasks Container orchestration control plane Physical hardware, software, networking, and facilities Application code Data source integrations Work clusters Security config and updates, network config, firewall, and management tasks Physical hardware, software, networking, and facilities Application code Data source integrations Scaling Security config and updates Network config Management tasks Provisioning, managing scaling and patching of servers AWS Compute – from self-managed to serverless AWS Lambda Serverless functions AWS Fargate Serverless containers Amazon ECS/EKS Container-management -as-a-service Amazon EC2 Infrastructure-as-a-service Less More Opinionated

No content

AWS manages Customer manages Data source integrations Physical hardware, software, networking, and facilities Provisioning Application code Container orchestration, provisioning Cluster scaling Physical hardware, host OS/kernel, networking, and facilities Application code Data source integrations Security config and updates Network config Management tasks Container orchestration control plane Physical hardware, software, networking, and facilities Application code Data source integrations Work clusters Security config and updates, network config, firewall, and management tasks Physical hardware, software, networking, and facilities Application code Data source integrations Scaling Security config and updates Network config Management tasks Provisioning, managing scaling and patching of servers AWS Compute – from self-managed to serverless AWS Lambda Serverless functions AWS Fargate Serverless containers Amazon ECS/EKS Container-management -as-a-service Amazon EC2 Infrastructure-as-a-service Less More Opinionated

Anatomy of an AWS Lambda function Handler() function Function to be executed upon invocation Event object Data sent during Lambda function invocation Context object Methods available to interact with runtime information (request ID, log group, more) import json def lambda_handler(event, context): # TODO implement return { 'statusCode': 200, 'body': json.dumps('Hello World!') }

Serverless applications Event source Function Node.js Python Java C# Go Ruby Powershell Runtime API Changes in data state Requests to endpoints Changes in resource state

Anatomy of an AWS Lambda function Function myhandler(event, context) { { result = SubfunctionA() }else { result = SubfunctionB() return result; } Your handler

Anatomy of a Lambda function Import sdk Import http-lib Import ham-sandwich Pre-handler-secret-getter() Pre-handler-db-connect() Function myhandler(event, context) { { result = SubfunctionA() }else { result = SubfunctionB() return result; } Your handler

Anatomy of a Lambda function Import sdk Import http-lib Import ham-sandwich Pre-handler-secret-getter() Pre-handler-db-connect() Function myhandler(event, context) { { result = SubfunctionA() }else { result = SubfunctionB() return result; } Your handler Dependencies, configuration information, common helper functions

Anatomy of a Lambda function Import sdk Import http-lib Import ham-sandwich Pre-handler-secret-getter() Pre-handler-db-connect() Function myhandler(event, context) { { result = SubfunctionA() }else { result = SubfunctionB() return result; } Function Pre-handler-secret-getter() { } Function Pre-handler-db-connect(){ } Your handler Dependencies, configuration information, common helper functions

Anatomy of a Lambda function Import sdk Import http-lib Import ham-sandwich Pre-handler-secret-getter() Pre-handler-db-connect() Function myhandler(event, context) { { result = SubfunctionA() }else { result = SubfunctionB() return result; } Function Pre-handler-secret-getter() { } Function Pre-handler-db-connect(){ } Function subFunctionA(thing){ ## logic here } Function subFunctionB(thing){ ## logic here } Business logic sub-functions Your handler Dependencies, configuration information, common helper functions Common helper functions

Anatomy of a serverless application /orders /forums /search /lists /user /... Amazon API Gateway AWS Secrets Manager / Parameter Store Amazon DynamoDB I m p o r t s d k I m p o r t h t t p - l i b I m p o r t h a m - s a n d w i c h P r e - h a n d l e r - s e c r e t - g e t t e r ( ) P r e - h a n d l e r - d b - c o n n e c t ( ) F u n c t i o n m y h a n d l e r ( e v e n t , c o n t e x t ) { < E v e n t h a n d l i n g l o g i c > { r e s u l t = S u b f u n c t i o n A ( ) } e l s e { r e s u l t = S u b f u n c t i o n B ( ) r e t u r n r e s u l t ; } F u n c t i o n P r e - h a n d l e r - s e c r e t - g e t t e r ( ) { } F u n c t i o n P r e - h a n d l e r - d b - c o n n e c t ( ) { } F u n c t i o n s u b F u n c t i o n A ( t h i n g ) { # # l o g i c h e r e } F u n c t i o n s u b F u n c t i o n A ( t h i n g ) { # # l o g i c h e r e } Dependencies, configuration information, common helper functions Common helper functions Business logic sub-functions Your handler I m p o r t s d k I m p o r t h t t p - l i b I m p o r t h a m - s a n d w i c h P r e - h a n d l e r - s e c r e t - g e t t e r ( ) P r e - h a n d l e r - d b - c o n n e c t ( ) F u n c t i o n m y h a n d l e r ( e v e n t , c o n t e x t ) { < E v e n t h a n d l i n g l o g i c > { r e s u l t = S u b f u n c t i o n A ( ) } e l s e { r e s u l t = S u b f u n c t i o n B ( ) r e t u r n r e s u l t ; } F u n c t i o n P r e - h a n d l e r - s e c r e t - g e t t e r ( ) { } F u n c t i o n P r e - h a n d l e r - d b - c o n n e c t ( ) { } F u n c t i o n s u b F u n c t i o n A ( t h i n g ) { # # l o g i c h e r e } F u n c t i o n s u b F u n c t i o n A ( t h i n g ) { # # l o g i c h e r e } Dependencies, configuration information, common helper functions Common helper functions Business logic sub-functions Your handler I m p o r t s d k I m p o r t h t t p - l i b I m p o r t h a m - s a n d w i c h P r e - h a n d l e r - s e c r e t - g e t t e r ( ) P r e - h a n d l e r - d b - c o n n e c t ( ) F u n c t i o n m y h a n d l e r ( e v e n t , c o n t e x t ) { < E v e n t h a n d l i n g l o g i c > { r e s u l t = S u b f u n c t i o n A ( ) } e l s e { r e s u l t = S u b f u n c t i o n B ( ) r e t u r n r e s u l t ; } F u n c t i o n P r e - h a n d l e r - s e c r e t - g e t t e r ( ) { } F u n c t i o n P r e - h a n d l e r - d b - c o n n e c t ( ) { } F u n c t i o n s u b F u n c t i o n A ( t h i n g ) { # # l o g i c h e r e } F u n c t i o n s u b F u n c t i o n A ( t h i n g ) { # # l o g i c h e r e } Dependencies, configuration information, common helper functions Common helper functions Business logic sub-functions Your handler I m p o r t s d k I m p o r t h t t p - l i b I m p o r t h a m - s a n d w i c h P r e - h a n d l e r - s e c r e t - g e t t e r ( ) P r e - h a n d l e r - d b - c o n n e c t ( ) F u n c t i o n m y h a n d l e r ( e v e n t , c o n t e x t ) { < E v e n t h a n d l i n g l o g i c > { r e s u l t = S u b f u n c t i o n A ( ) } e l s e { r e s u l t = S u b f u n c t i o n B ( ) r e t u r n r e s u l t ; } F u n c t i o n P r e - h a n d l e r - s e c r e t - g e t t e r ( ) { } F u n c t i o n P r e - h a n d l e r - d b - c o n n e c t ( ) { } F u n c t i o n s u b F u n c t i o n A ( t h i n g ) { # # l o g i c h e r e } F u n c t i o n s u b F u n c t i o n A ( t h i n g ) { # # l o g i c h e r e } Dependencies, configuration information, common helper functions Common helper functions Business logic sub-functions Your handler I m p o r t s d k I m p o r t h t t p - l i b I m p o r t h a m - s a n d w i c h P r e - h a n d l e r - s e c r e t - g e t t e r ( ) P r e - h a n d l e r - d b - c o n n e c t ( ) F u n c t i o n m y h a n d l e r ( e v e n t , c o n t e x t ) { < E v e n t h a n d l i n g l o g i c > { r e s u l t = S u b f u n c t i o n A ( ) } e l s e { r e s u l t = S u b f u n c t i o n B ( ) r e t u r n r e s u l t ; } F u n c t i o n P r e - h a n d l e r - s e c r e t - g e t t e r ( ) { } F u n c t i o n P r e - h a n d l e r - d b - c o n n e c t ( ) { } F u n c t i o n s u b F u n c t i o n A ( t h i n g ) { # # l o g i c h e r e } F u n c t i o n s u b F u n c t i o n A ( t h i n g ) { # # l o g i c h e r e } Dependencies, configuration information, common helper functions Common helper functions Business logic sub-functions Your handler I m p o r t s d k I m p o r t h t t p - l i b I m p o r t h a m - s a n d w i c h P r e - h a n d l e r - s e c r e t - g e t t e r ( ) P r e - h a n d l e r - d b - c o n n e c t ( ) F u n c t i o n m y h a n d l e r ( e v e n t , c o n t e x t ) { < E v e n t h a n d l i n g l o g i c > { r e s u l t = S u b f u n c t i o n A ( ) } e l s e { r e s u l t = S u b f u n c t i o n B ( ) r e t u r n r e s u l t ; } F u n c t i o n P r e - h a n d l e r - s e c r e t - g e t t e r ( ) { } F u n c t i o n P r e - h a n d l e r - d b - c o n n e c t ( ) { } F u n c t i o n s u b F u n c t i o n A ( t h i n g ) { # # l o g i c h e r e } F u n c t i o n s u b F u n c t i o n A ( t h i n g ) { # # l o g i c h e r e } Dependencies, configuration information, common helper functions Common helper functions Business logic sub-functions Your handler

Learn compute with AWS Training and Certification 20+ free digital courses cover topics related to cloud compute, including introduction to the following services: Resources created by the experts at AWS to help you build cloud compute skills Compute is also covered in the classroom offering, Architecting on AWS, which features AWS expert instructors and hands-on activities • Amazon Elastic Compute Cloud (Amazon EC2) • Amazon EC2 Auto Scaling • AWS Systems Manager • AWS Inferentia and Amazon EC2 Inf1 instances Visit the learning library at https://aws.training

No content

No content

Hardware and software installation Database configuration, patching, and backups Cluster setup and data replication for high availability Capacity planning, and scaling clusters for compute and storage Managing databases on-premises: Time-consuming and complex

You You Fully managed services on AWS Spend time innovating and building new applications, not managing infrastructure AWS Self-managed Fully managed Schema design Query construction Query optimization Automatic failover Backup and recovery Isolation and security Industry compliance Push-button scaling Automated patching Advanced monitoring Routine maintenance Built-in best practices

Broad database and analytics services portfolio Relational databases Non-relational databases Data warehouses Hadoop and Spark Amazon Redshift Amazon EMR Operational analytics Amazon Elasticsearch Service Amazon Aurora Amazon DynamoDB Business Intelligence Amazon QuickSight Amazon RDS Amazon DocumentDB Amazon ElastiCache Real-time analytics Amazon Managed Streaming for Apache Kafka PostgreSQL logstash elasticsearch kibana

Learn databases with AWS Training and Certification 25+ free digital training courses cover topics and services related to relational and nonrelational databases Resources created by the experts at AWS to help you build and validate database skills Validate expertise with the AWS Certified Database – Specialty exam The classroom offering, Planning and Designing Databases on AWS, features AWS expert instructors and hands-on activities Visit the databases learning path at aws.amazon.com/training/path-databases

Amazon RDS Managed relational database service with a choice of popular databases Easy to administer Easily deploy and maintain hardware, OS, and database software; built-in monitoring Available & durable Automatic Multi-AZ data replication; automated backup, snapshots, and failover Performant & scalable Scale compute and storage with a few clicks; minimal downtime for your application Secure & compliant Data encryption at rest and in transit; industry compliance and assurance programs PostgreSQL

Amazon Aurora MySQL- and PostgreSQL-compatible relational database built for the cloud Performance and availability of commercial-grade databases at 1/10th the cost Performance and scalability Availability and durability Highly secure Fully managed 5x the throughput of standard MySQL and 3x that of standard PostgreSQL; scale out up to 15 read replicas Fault-tolerant, self-healing storage; six copies of data across three Availability Zones; continuous backup to Amazon S3 Network isolation, encryption at rest/transit, compliance and assurance programs Managed by Amazon RDS: No server provisioning, software patching, setup, configuration, or backups

Sizing the database

Storage Block Amazon EBS Amazon FSx for Windows File Server Amazon FSx for Lustre Amazon EFS File Amazon S3 Object

Providing a fast, durable, highly available, key-based access to objects Amazon S3

Providing a more reliable, cost-effective, and cloud- native NFS service Amazon EFS

https://sebs.to/podcast

https://sebs.to/biendemarrer

Thank you! @sebsto /sebsto /sebsto /sebAWS