Upgrade to Pro — share decks privately, control downloads, hide ads and more …

The SaaS Journey with AWS

The SaaS Journey with AWS

Good security starts with a solid architecture. This is a presentation on how to build secure SaaS infrastructure on the AWS platform.

You'll learn about the security building blocks available on AWS, how to think about security as a first class consideration, and how customers in the e-commerce, media, healthcare, and financial services sectors are leveraging these techniques to secure their data.

For a limited time a recording of this webinar is available at:
https://us02web.zoom.us/rec/share/xdIoPY7Q-3lJc43w0BracPA7GL-mX6a8gXNKr_AFzEZFPXAMDOUedIJ-t39RhC-O
Password: 2P#41=p6

The Scale Factory

May 06, 2020
Tweet

More Decks by The Scale Factory

Other Decks in Technology

Transcript

  1. THE SAAS JOURNEY ON AWS_ JON TOPPER | @jtopper |

    he/him/his
  2. $ whoami Founder/CEO/CTO The Scale Factory Working in hosting/infrastructure for

    20 years Infrastructure / AWS / DevOps
  3. None
  4. None
  5. THE TEAM_

  6. OUR CLIENTS_

  7. TODAY’S AGENDA_ Tenancy Options Relevant AWS Services Security Considerations Monitoring

  8. THE SCALE FACTORY WAY_ People First Match solution to workload

    Leverage the AWS platform Automate Iterate
  9. YOUR PRODUCT_ B2B or B2C? How many customers? Where are

    they? How much do they pay? Are there any regulatory considerations?
  10. ARCHITECTURE CUSTOMER NEEDS (things you care about) COMPLIANCE NEEDS (things

    the government cares about) Features Cost Performance Availability Security Security Documentation Reporting Change Control
  11. TENANCY OPTIONS All Tenants Tenant 1 Tenant 2 All Tenants

    Tenant 1 Tenant 2 POOL BRIDGE SILO Cost Isolation Complexity Lowest Highest
  12. TENANT ISOLATION_ AWS Account Layer VPC Layer Subnet Layer Container

    Layer Application Layer Operational Complexity Lowest Highest Isolation Usage Transparency Cost
  13. CASE STUDY_

  14. BRIDGE TENANCY MODEL_

  15. None
  16. LEVERAGE AWS SERVICES_

  17. None
  18. Visible Invisible Value Chain Evolution Genesis Custom Product Commodity Power

    Customer MySQL Compute Storage Data Centre HA Scripts Monitoring Config Mgmt Networking
  19. Visible Invisible Value Chain Evolution Genesis Custom Product Commodity Customer

    RDS Aurora
  20. None
  21. RELEVANT SERVICES_ Amazon API Gateway Amazon Cognito SNS / SQS

    DynamoDB S3 Lambda
  22. RELEVANT SERVICES_ Amazon API Gateway Amazon Cognito SNS / SQS

    DynamoDB S3 Lambda }Serverless
  23. A CASE FOR SERVERLESS_ Scales with demand No cost for

    idle resources No traditional server maintenance Spend developer time on business value
  24. AMAZON API GATEWAY_ OpenAPI definition Authentication / Authorization Quotas and

    throttling Result caching Lifecycle management Direct integration with AWS services
  25. AMAZON COGNITO_ User directory Social & Enterprise identity federation MFA

    Role based access control Compromised credential protection
  26. APPLICATION LAYER ISOLATION_

  27. None
  28. { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [

    "dynamodb:GetItem", "dynamodb:BatchGetItem", "dynamodb:Query", "dynamodb:PutItem", "dynamodb:UpdateItem", "dynamodb:DeleteItem", "dynamodb:BatchWriteItem" ], "Resource": [ "arn:aws:dynamodb:us-west-2:123456789012:table/MyTable" ], "Condition": { "ForAllValues:StringEquals": { "dynamodb:LeadingKeys": ["${cognito-identity.amazonaws.com:sub}"] } } } ] }
  29. FINE GRAINED POLICIES_ KMS key policies S3 bucket policies SNS

    Secrets Manager
  30. Somebody Else's Problem

  31. CASE STUDY_

  32. None
  33. APPLICATION MONITORING_

  34. WHAT TO MONITOR: USAGE_ Cost IO usage Storage usage CPU

    usage
  35. Request rate Errors Performance WHAT TO MONITOR: SERVICE_

  36. User activity Helpdesk load WHAT TO MONITOR: HUMAN_

  37. Deployment Frequency Lead Time for Changes Time to Restore Service

    Change Failure Rate WHAT TO MONITOR: DEVOPS_
  38. Aspect of So ware Delivery Performance* Elite High Medium Low

    Deployment frequency For the primary application or service you work on, how o en does your organization deploy code to production or release it to end users? On-demand (multiple deploys per day) Between once per day and once per week Between once per week and once per month Between once per month and once every six months Lead time for changes For the primary application or service you work on, what is your lead time for changes (i.e., how long does it take to go from code committed to code successfully running in production)? Less than one day Between one day and one week Between one week and one month Between one month and six months Time to restore service For the primary application or service you work on, how long does it generally take to restore service when a service incident or a defect that impacts users occurs (e.g., unplanned outage or service impairment)? Less than one hour Less than one daya Less than one daya Between one week and one month Change failure rate For the primary application or service you work on, what percentage of changes to production or released to users result in degraded service (e.g., lead to service impairment or service outage) and subsequently require remediation (e.g., require a hotfix, rollback, fix forward, patch)? 0-15%b,c 0-15%b,d 0-15%c,d 46-60% https:/ /cloud.google.com/blog/products/devops-sre/the-2019-accelerate-state-of-devops-elite-performance-productivity-and-scaling
  39. CLOSING RECAP_ Design for a pooled tenancy model first Leverage

    the AWS services Use the AWS security features Monitoring as first class citizen
  40. WHAT'S NEXT?_

  41. TALK TO US ABOUT: CONSULTANCY TRAINING WELL-ARCHITECTED MIGRATION

  42. Leading Well-Architected Partner Worldwide >200 Reviews Completed Since April 2018

    Book a Well-Architected review today https:/ /scalefactory.com/services/well-architected/ $5,000 funding available to support improvement work
  43. BREAKFAST OPS_ Monthly hosted discussion For CTOs and tech decision

    makers
  44. Q&A_

  45. KEEP IN TOUCH_ http:/ /www.scalefactory.com/ @scalefactory [email protected]