Slide 1

Slide 1 text

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. Getting started with AWS, édition francophone. S u p I n f o , D a k a r – 7 m a i 2 0 2 2 Sébastien Stormacq Developer Advocate, AWS EMEA @sebsto /sebsto /sebsto /sebAWS

Slide 2

Slide 2 text

Agenda Global infrastructure Security Networking Compute Storage Q&A

Slide 3

Slide 3 text

AWS global platform AWS global infrastructure • 26 Regions with 84 Availability Zones • 8 Regions coming soon 310 CloudFront PoPs • 300+ edge locations • 13 Regional edge caches • 245 Countries & territories served AWS global network • Redundant 100 GbE network • 100% encrypted between facilities • Private network capacity between all AWS Regions except China

Slide 4

Slide 4 text

AWS Region and availability zones Region Availability zone a Availability zone b Availability zone c data center data center data center 2 or more AZs per region (new regions min 3) data center data center data center data center data center data center 1 or more data centers per AZ

Slide 5

Slide 5 text

Availability in parallel Component Availability Downtime X 99% (2-nines) 3 days 15 hours Two X in parallel 99.99% (4-nines) 52 minutes Three X in parallel 99.9999% (6-nines) 31 seconds

Slide 6

Slide 6 text

No content

Slide 7

Slide 7 text

AWS Identity and Access Management Security before the cloud Security in the cloud Corporate data center AWS Cloud L

Slide 8

Slide 8 text

IAM roles for nonhuman access AWS account Use IAM roles for access to AWS resources: • From your application running on an AWS compute environment, e.g., EC2 instance, Lambda function, etc. • To grant permission to an AWS service to access your resources (not shown) EC2 instance Lambda function Amazon S3 buckets Amazon DynamoDB table

Slide 9

Slide 9 text

There are many security services in AWS AWS Identity and Access Management (IAM)

Slide 10

Slide 10 text

No content

Slide 11

Slide 11 text

Private IP address range for your VPC – IPv4 • ”CIDR” range? • Classless inter-domain routing • No more class A, B, C • RFC1918 • 192.168.0.0 /16 • 172.16.0.0 /12 • 10.0.0.0 /8 • How much? • /16 • /28

Slide 12

Slide 12 text

Subnet Subnet Subnet Subnet VPC Availability Zone US-EAST-1A Availability Zone US-EAST-1B Amazon VPC (Virtual Private Cloud) 172.31. 172.31. 172.31. 172.31. Subnet Subnet Availability Zone US-EAST-1C 172.31. 172.31. 172.31.0.0/16: 172.31.0.1 to 172.31.255.254 = 65534 host IPs /24 = 254 hosts /20 = 4096 hosts

Slide 13

Slide 13 text

Subnet Subnet Subnet VPC Availability Zone US-EAST-1A Availability Zone US-EAST-1B Amazon VPC (Virtual Private Cloud) 172.31. 172.31. 172.31. 172.31. Subnet Subnet Availability Zone US-EAST-1C 172.31. 172.31. Application server security group

Slide 14

Slide 14 text

Subnet Subnet VPC Availability Zone US-EAST-1A Amazon VPC (Virtual Private Cloud) 172.31. 172.31. Subnet Subnet 172.31. 172.31. Web server security group Application server security group Availability Zone US-EAST-1C

Slide 15

Slide 15 text

What is Amazon CloudFront? CloudFront is the AWS content delivery network It securely delivers data, videos, applications, and APIs to customers globally with low latency and high transfer speeds CloudFront is integrated with AWS; physical locations are directly connected to the AWS Global Cloud Infrastructure and other AWS services It features a global network of >300 points of presence (PoPs)

Slide 16

Slide 16 text

Latency benefits with PoP launches Argentina 55% Latency reduction 79 ms à 35 ms Chile 73% Latency reduction 104 ms à 28 ms PoP launches ensure connectivity with majority views and redundant AWS backbone Bahrain: 40% Latency reduction 38 ms à 27 ms

Slide 17

Slide 17 text

Learn networking with AWS Training and Certification Free digital courses cover topics related to networking and content delivery, including Introduction to Amazon CloudFront and AWS Transit Gateway Networking and Scaling Resources created by the experts at AWS to help you build and validate cloud networking skills Validate expertise with the AWS Certified Advanced Networking – Specialty exam Visit the advanced networking learning path at aws.amazon.com/training/path-advanced-networking

Slide 18

Slide 18 text

No content

Slide 19

Slide 19 text

Easiest way to get started Create larger instances Add attached block storage Load balance your application Connect to AWS services Networking & data transfer DNS management One static IP/instance Computing power

Slide 20

Slide 20 text

© 2019, Amazon Web Services, Inc. or its Affiliates.

Slide 21

Slide 21 text

© 2019, Amazon Web Services, Inc. or its Affiliates.

Slide 22

Slide 22 text

AWS manages Customer manages Data source integrations Physical hardware, software, networking, and facilities Provisioning Application code Container orchestration, provisioning Cluster scaling Physical hardware, host OS/kernel, networking, and facilities Application code Data source integrations Security config and updates Network config Management tasks Container orchestration control plane Physical hardware, software, networking, and facilities Application code Data source integrations Work clusters Security config and updates, network config, firewall, and management tasks Physical hardware, software, networking, and facilities Application code Data source integrations Scaling Security config and updates Network config Management tasks Provisioning, managing scaling and patching of servers AWS Compute – from self-managed to serverless AWS Lambda Serverless functions AWS Fargate Serverless containers Amazon ECS/EKS Container-management -as-a-service Amazon EC2 Infrastructure-as-a-service Less More Opinionated

Slide 23

Slide 23 text

AWS manages Customer manages Data source integrations Physical hardware, software, networking, and facilities Provisioning Application code Container orchestration, provisioning Cluster scaling Physical hardware, host OS/kernel, networking, and facilities Application code Data source integrations Security config and updates Network config Management tasks Container orchestration control plane Physical hardware, software, networking, and facilities Application code Data source integrations Work clusters Security config and updates, network config, firewall, and management tasks Physical hardware, software, networking, and facilities Application code Data source integrations Scaling Security config and updates Network config Management tasks Provisioning, managing scaling and patching of servers AWS Compute – from self-managed to serverless AWS Lambda Serverless functions AWS Fargate Serverless containers Amazon ECS/EKS Container-management -as-a-service Amazon EC2 Infrastructure-as-a-service Less More Opinionated

Slide 24

Slide 24 text

Amazon EC2 Virtual servers in the cloud Physical servers in AWS global Regions Guest 1 Guest 2 Guest n Hypervisor Host server EC2 instances

Slide 25

Slide 25 text

Amazon EBS EC2 instance EBS volume EBS snapshot gp2 io1 st1 sc1 EBS SSD- backed volumes EBS HDD- backed volumes Amazon S3 Block storage as a service Create, attach, modify through an API Select storage and compute based on your workload Detach and attach between instances Choice of magnetic and SSD-based volume types Supports snapshots: Point-in-time backup of modified volume blocks

Slide 26

Slide 26 text

Amazon EC2 instance store Local to instance Nonpersistent data store Data not replicated (by default) No snapshot support SSD or HDD Physical host machine EC2 instances Instance store or

Slide 27

Slide 27 text

Amazon EC2 14+ years ago… Scale up or down quickly, as needed Pay for what you use “One size fits all” M1

Slide 28

Slide 28 text

Amazon EC2 instance characteristics M5d.xlarge Instance family Instance generation Instance size Instance type CPU Memory Storage Network performance Additional capabilities

Slide 29

Slide 29 text

Categories Capabilities Options Broadest and deepest platform choice General purpose Burstable Compute intensive Memory intensive Storage (high I/O) Dense storage GPU compute Graphics intensive Amazon Elastic Block Store Amazon Elastic Inference 270+ instance types for virtually every workload and business need Choice of processor (AWS, Intel, AMD) Fast processors (up to 4.0 GHz) High-memory footprint (up to 12 TiB) Instance storage (HDD and NVMe) Accelerated computing (GPUs and FPGA) Networking (up to 100 Gbps) Bare metal Size (Nano to 32xlarge) How do you select the right instance to launch and optimize?

Slide 30

Slide 30 text

Instance Discovery AWS Compute Optimizer New search and discovery experience to easily find EC2 instance types Quicker and easier for you to find and compare different instance types and project costs Machine learning–based service that recommends optimal AWS resources Recommends optimal EC2 instances and Amazon EC2 Auto Scaling group config Lower costs Optimize performance Get started quickly

Slide 31

Slide 31 text

No content

Slide 32

Slide 32 text

AWS manages Customer manages Data source integrations Physical hardware, software, networking, and facilities Provisioning Application code Container orchestration, provisioning Cluster scaling Physical hardware, host OS/kernel, networking, and facilities Application code Data source integrations Security config and updates Network config Management tasks Container orchestration control plane Physical hardware, software, networking, and facilities Application code Data source integrations Work clusters Security config and updates, network config, firewall, and management tasks Physical hardware, software, networking, and facilities Application code Data source integrations Scaling Security config and updates Network config Management tasks Provisioning, managing scaling and patching of servers AWS Lambda Serverless functions AWS Fargate Serverless containers Amazon ECS/EKS Container-management -as-a-service Amazon EC2 Infrastructure-as-a-service Less More Opinionated AWS Compute – from self-managed to serverless

Slide 33

Slide 33 text

Containers and Docker A container is a standard unit of software that packages up code and all its dependencies so the application runs quickly and reliably from one computing environment to another.1 1 https://www.docker.com/resources/what-container Server Operating System Docker Engine App A App B App C App D

Slide 34

Slide 34 text

Amazon ECS Development cluster Container instance Container instance Container instance Production cluster Container instance Container instance Container instance Amazon Elastic Container Service (Amazon ECS) Container Container Volume Task definition Amazon Elastic Container Registry

Slide 35

Slide 35 text

ECS agent Docker agent OS Amazon Elastic Compute Cloud (Amazon EC2) instance ECS agent Docker agent OS EC2 instance ECS agent Docker agent OS EC2 instance Amazon Elastic Container Service (Amazon ECS)

Slide 36

Slide 36 text

Kubectl EKS Architecture

Slide 37

Slide 37 text

AWS manages Customer manages Data source integrations Physical hardware, software, networking, and facilities Provisioning Application code Container orchestration, provisioning Cluster scaling Physical hardware, host OS/kernel, networking, and facilities Application code Data source integrations Security config and updates Network config Management tasks Container orchestration control plane Physical hardware, software, networking, and facilities Application code Data source integrations Work clusters Security config and updates, network config, firewall, and management tasks Physical hardware, software, networking, and facilities Application code Data source integrations Scaling Security config and updates Network config Management tasks Provisioning, managing scaling and patching of servers AWS Compute – from self-managed to serverless AWS Lambda Serverless functions AWS Fargate Serverless containers Amazon ECS/EKS Container-management -as-a-service Amazon EC2 Infrastructure-as-a-service Less More Opinionated

Slide 38

Slide 38 text

No content

Slide 39

Slide 39 text

AWS manages Customer manages Data source integrations Physical hardware, software, networking, and facilities Provisioning Application code Container orchestration, provisioning Cluster scaling Physical hardware, host OS/kernel, networking, and facilities Application code Data source integrations Security config and updates Network config Management tasks Container orchestration control plane Physical hardware, software, networking, and facilities Application code Data source integrations Work clusters Security config and updates, network config, firewall, and management tasks Physical hardware, software, networking, and facilities Application code Data source integrations Scaling Security config and updates Network config Management tasks Provisioning, managing scaling and patching of servers AWS Compute – from self-managed to serverless AWS Lambda Serverless functions AWS Fargate Serverless containers Amazon ECS/EKS Container-management -as-a-service Amazon EC2 Infrastructure-as-a-service Less More Opinionated

Slide 40

Slide 40 text

Anatomy of an AWS Lambda function Handler() function Function to be executed upon invocation Event object Data sent during Lambda function invocation Context object Methods available to interact with runtime information (request ID, log group, more) import json def lambda_handler(event, context): # TODO implement return { 'statusCode': 200, 'body': json.dumps('Hello World!') }

Slide 41

Slide 41 text

Serverless applications Event source Function Node.js Python Java C# Go Ruby Powershell Runtime API Changes in data state Requests to endpoints Changes in resource state

Slide 42

Slide 42 text

Anatomy of an AWS Lambda function Function myhandler(event, context) { { result = SubfunctionA() }else { result = SubfunctionB() return result; } Your handler

Slide 43

Slide 43 text

Anatomy of a Lambda function Import sdk Import http-lib Import ham-sandwich Pre-handler-secret-getter() Pre-handler-db-connect() Function myhandler(event, context) { { result = SubfunctionA() }else { result = SubfunctionB() return result; } Your handler

Slide 44

Slide 44 text

Anatomy of a Lambda function Import sdk Import http-lib Import ham-sandwich Pre-handler-secret-getter() Pre-handler-db-connect() Function myhandler(event, context) { { result = SubfunctionA() }else { result = SubfunctionB() return result; } Your handler Dependencies, configuration information, common helper functions

Slide 45

Slide 45 text

Anatomy of a Lambda function Import sdk Import http-lib Import ham-sandwich Pre-handler-secret-getter() Pre-handler-db-connect() Function myhandler(event, context) { { result = SubfunctionA() }else { result = SubfunctionB() return result; } Function Pre-handler-secret-getter() { } Function Pre-handler-db-connect(){ } Your handler Dependencies, configuration information, common helper functions

Slide 46

Slide 46 text

Anatomy of a Lambda function Import sdk Import http-lib Import ham-sandwich Pre-handler-secret-getter() Pre-handler-db-connect() Function myhandler(event, context) { { result = SubfunctionA() }else { result = SubfunctionB() return result; } Function Pre-handler-secret-getter() { } Function Pre-handler-db-connect(){ } Function subFunctionA(thing){ ## logic here } Function subFunctionB(thing){ ## logic here } Business logic sub-functions Your handler Dependencies, configuration information, common helper functions Common helper functions

Slide 47

Slide 47 text

Anatomy of a serverless application /orders /forums /search /lists /user /... Amazon API Gateway AWS Secrets Manager / Parameter Store Amazon DynamoDB I m p o r t s d k I m p o r t h t t p - l i b I m p o r t h a m - s a n d w i c h P r e - h a n d l e r - s e c r e t - g e t t e r ( ) P r e - h a n d l e r - d b - c o n n e c t ( ) F u n c t i o n m y h a n d l e r ( e v e n t , c o n t e x t ) { < E v e n t h a n d l i n g l o g i c > { r e s u l t = S u b f u n c t i o n A ( ) } e l s e { r e s u l t = S u b f u n c t i o n B ( ) r e t u r n r e s u l t ; } F u n c t i o n P r e - h a n d l e r - s e c r e t - g e t t e r ( ) { } F u n c t i o n P r e - h a n d l e r - d b - c o n n e c t ( ) { } F u n c t i o n s u b F u n c t i o n A ( t h i n g ) { # # l o g i c h e r e } F u n c t i o n s u b F u n c t i o n A ( t h i n g ) { # # l o g i c h e r e } Dependencies, configuration information, common helper functions Common helper functions Business logic sub-functions Your handler I m p o r t s d k I m p o r t h t t p - l i b I m p o r t h a m - s a n d w i c h P r e - h a n d l e r - s e c r e t - g e t t e r ( ) P r e - h a n d l e r - d b - c o n n e c t ( ) F u n c t i o n m y h a n d l e r ( e v e n t , c o n t e x t ) { < E v e n t h a n d l i n g l o g i c > { r e s u l t = S u b f u n c t i o n A ( ) } e l s e { r e s u l t = S u b f u n c t i o n B ( ) r e t u r n r e s u l t ; } F u n c t i o n P r e - h a n d l e r - s e c r e t - g e t t e r ( ) { } F u n c t i o n P r e - h a n d l e r - d b - c o n n e c t ( ) { } F u n c t i o n s u b F u n c t i o n A ( t h i n g ) { # # l o g i c h e r e } F u n c t i o n s u b F u n c t i o n A ( t h i n g ) { # # l o g i c h e r e } Dependencies, configuration information, common helper functions Common helper functions Business logic sub-functions Your handler I m p o r t s d k I m p o r t h t t p - l i b I m p o r t h a m - s a n d w i c h P r e - h a n d l e r - s e c r e t - g e t t e r ( ) P r e - h a n d l e r - d b - c o n n e c t ( ) F u n c t i o n m y h a n d l e r ( e v e n t , c o n t e x t ) { < E v e n t h a n d l i n g l o g i c > { r e s u l t = S u b f u n c t i o n A ( ) } e l s e { r e s u l t = S u b f u n c t i o n B ( ) r e t u r n r e s u l t ; } F u n c t i o n P r e - h a n d l e r - s e c r e t - g e t t e r ( ) { } F u n c t i o n P r e - h a n d l e r - d b - c o n n e c t ( ) { } F u n c t i o n s u b F u n c t i o n A ( t h i n g ) { # # l o g i c h e r e } F u n c t i o n s u b F u n c t i o n A ( t h i n g ) { # # l o g i c h e r e } Dependencies, configuration information, common helper functions Common helper functions Business logic sub-functions Your handler I m p o r t s d k I m p o r t h t t p - l i b I m p o r t h a m - s a n d w i c h P r e - h a n d l e r - s e c r e t - g e t t e r ( ) P r e - h a n d l e r - d b - c o n n e c t ( ) F u n c t i o n m y h a n d l e r ( e v e n t , c o n t e x t ) { < E v e n t h a n d l i n g l o g i c > { r e s u l t = S u b f u n c t i o n A ( ) } e l s e { r e s u l t = S u b f u n c t i o n B ( ) r e t u r n r e s u l t ; } F u n c t i o n P r e - h a n d l e r - s e c r e t - g e t t e r ( ) { } F u n c t i o n P r e - h a n d l e r - d b - c o n n e c t ( ) { } F u n c t i o n s u b F u n c t i o n A ( t h i n g ) { # # l o g i c h e r e } F u n c t i o n s u b F u n c t i o n A ( t h i n g ) { # # l o g i c h e r e } Dependencies, configuration information, common helper functions Common helper functions Business logic sub-functions Your handler I m p o r t s d k I m p o r t h t t p - l i b I m p o r t h a m - s a n d w i c h P r e - h a n d l e r - s e c r e t - g e t t e r ( ) P r e - h a n d l e r - d b - c o n n e c t ( ) F u n c t i o n m y h a n d l e r ( e v e n t , c o n t e x t ) { < E v e n t h a n d l i n g l o g i c > { r e s u l t = S u b f u n c t i o n A ( ) } e l s e { r e s u l t = S u b f u n c t i o n B ( ) r e t u r n r e s u l t ; } F u n c t i o n P r e - h a n d l e r - s e c r e t - g e t t e r ( ) { } F u n c t i o n P r e - h a n d l e r - d b - c o n n e c t ( ) { } F u n c t i o n s u b F u n c t i o n A ( t h i n g ) { # # l o g i c h e r e } F u n c t i o n s u b F u n c t i o n A ( t h i n g ) { # # l o g i c h e r e } Dependencies, configuration information, common helper functions Common helper functions Business logic sub-functions Your handler I m p o r t s d k I m p o r t h t t p - l i b I m p o r t h a m - s a n d w i c h P r e - h a n d l e r - s e c r e t - g e t t e r ( ) P r e - h a n d l e r - d b - c o n n e c t ( ) F u n c t i o n m y h a n d l e r ( e v e n t , c o n t e x t ) { < E v e n t h a n d l i n g l o g i c > { r e s u l t = S u b f u n c t i o n A ( ) } e l s e { r e s u l t = S u b f u n c t i o n B ( ) r e t u r n r e s u l t ; } F u n c t i o n P r e - h a n d l e r - s e c r e t - g e t t e r ( ) { } F u n c t i o n P r e - h a n d l e r - d b - c o n n e c t ( ) { } F u n c t i o n s u b F u n c t i o n A ( t h i n g ) { # # l o g i c h e r e } F u n c t i o n s u b F u n c t i o n A ( t h i n g ) { # # l o g i c h e r e } Dependencies, configuration information, common helper functions Common helper functions Business logic sub-functions Your handler

Slide 48

Slide 48 text

Learn compute with AWS Training and Certification 20+ free digital courses cover topics related to cloud compute, including introduction to the following services: Resources created by the experts at AWS to help you build cloud compute skills Compute is also covered in the classroom offering, Architecting on AWS, which features AWS expert instructors and hands-on activities • Amazon Elastic Compute Cloud (Amazon EC2) • Amazon EC2 Auto Scaling • AWS Systems Manager • AWS Inferentia and Amazon EC2 Inf1 instances Visit the learning library at https://aws.training

Slide 49

Slide 49 text

No content

Slide 50

Slide 50 text

No content

Slide 51

Slide 51 text

Hardware and software installation Database configuration, patching, and backups Cluster setup and data replication for high availability Capacity planning, and scaling clusters for compute and storage Managing databases on-premises: Time-consuming and complex

Slide 52

Slide 52 text

You You Fully managed services on AWS Spend time innovating and building new applications, not managing infrastructure AWS Self-managed Fully managed Schema design Query construction Query optimization Automatic failover Backup and recovery Isolation and security Industry compliance Push-button scaling Automated patching Advanced monitoring Routine maintenance Built-in best practices

Slide 53

Slide 53 text

Broad database and analytics services portfolio Relational databases Non-relational databases Data warehouses Hadoop and Spark Amazon Redshift Amazon EMR Operational analytics Amazon Elasticsearch Service Amazon Aurora Amazon DynamoDB Business Intelligence Amazon QuickSight Amazon RDS Amazon DocumentDB Amazon ElastiCache Real-time analytics Amazon Managed Streaming for Apache Kafka PostgreSQL logstash elasticsearch kibana

Slide 54

Slide 54 text

Learn databases with AWS Training and Certification 25+ free digital training courses cover topics and services related to relational and nonrelational databases Resources created by the experts at AWS to help you build and validate database skills Validate expertise with the AWS Certified Database – Specialty exam The classroom offering, Planning and Designing Databases on AWS, features AWS expert instructors and hands-on activities Visit the databases learning path at aws.amazon.com/training/path-databases

Slide 55

Slide 55 text

Amazon RDS Managed relational database service with a choice of popular databases Easy to administer Easily deploy and maintain hardware, OS, and database software; built-in monitoring Available & durable Automatic Multi-AZ data replication; automated backup, snapshots, and failover Performant & scalable Scale compute and storage with a few clicks; minimal downtime for your application Secure & compliant Data encryption at rest and in transit; industry compliance and assurance programs PostgreSQL

Slide 56

Slide 56 text

Amazon Aurora MySQL- and PostgreSQL-compatible relational database built for the cloud Performance and availability of commercial-grade databases at 1/10th the cost Performance and scalability Availability and durability Highly secure Fully managed 5x the throughput of standard MySQL and 3x that of standard PostgreSQL; scale out up to 15 read replicas Fault-tolerant, self-healing storage; six copies of data across three Availability Zones; continuous backup to Amazon S3 Network isolation, encryption at rest/transit, compliance and assurance programs Managed by Amazon RDS: No server provisioning, software patching, setup, configuration, or backups

Slide 57

Slide 57 text

Sizing the database

Slide 58

Slide 58 text

Storage Block Amazon EBS Amazon FSx for Windows File Server Amazon FSx for Lustre Amazon EFS File Amazon S3 Object

Slide 59

Slide 59 text

Providing a fast, durable, highly available, key-based access to objects Amazon S3

Slide 60

Slide 60 text

Providing a more reliable, cost-effective, and cloud- native NFS service Amazon EFS

Slide 61

Slide 61 text

https://sebs.to/podcast

Slide 62

Slide 62 text

https://sebs.to/biendemarrer

Slide 63

Slide 63 text

Thank you! @sebsto /sebsto /sebsto /sebAWS