Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Getting Started on AWS

Getting Started on AWS

A tout of AWS for beginners

- Networking (VPC and subnets)
- Virtual Machines (EC2)
- Containers (ECS, EKS)
- Lambda functions (serverless)
- Storage (EBS, S3)

More Decks by Sébastien Stormacq - AWS Developer Advocate

Other Decks in Technology

Transcript

  1. © 2022, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Getting started with AWS, édition francophone. S u p I n f o , D a k a r – 7 m a i 2 0 2 2 Sébastien Stormacq Developer Advocate, AWS EMEA @sebsto /sebsto /sebsto /sebAWS
  2. Agenda Global infrastructure Security Networking Compute Storage Q&A

  3. AWS global platform AWS global infrastructure • 26 Regions with

    84 Availability Zones • 8 Regions coming soon 310 CloudFront PoPs • 300+ edge locations • 13 Regional edge caches • 245 Countries & territories served AWS global network • Redundant 100 GbE network • 100% encrypted between facilities • Private network capacity between all AWS Regions except China
  4. AWS Region and availability zones Region Availability zone a Availability

    zone b Availability zone c data center data center data center 2 or more AZs per region (new regions min 3) data center data center data center data center data center data center 1 or more data centers per AZ
  5. Availability in parallel Component Availability Downtime X 99% (2-nines) 3

    days 15 hours Two X in parallel 99.99% (4-nines) 52 minutes Three X in parallel 99.9999% (6-nines) 31 seconds
  6. None
  7. AWS Identity and Access Management Security before the cloud Security

    in the cloud Corporate data center AWS Cloud L
  8. IAM roles for nonhuman access AWS account Use IAM roles

    for access to AWS resources: • From your application running on an AWS compute environment, e.g., EC2 instance, Lambda function, etc. • To grant permission to an AWS service to access your resources (not shown) EC2 instance Lambda function Amazon S3 buckets Amazon DynamoDB table
  9. There are many security services in AWS AWS Identity and

    Access Management (IAM)
  10. None
  11. Private IP address range for your VPC – IPv4 •

    ”CIDR” range? • Classless inter-domain routing • No more class A, B, C • RFC1918 • 192.168.0.0 /16 • 172.16.0.0 /12 • 10.0.0.0 /8 • How much? • /16 • /28
  12. Subnet Subnet Subnet Subnet VPC Availability Zone US-EAST-1A Availability Zone

    US-EAST-1B Amazon VPC (Virtual Private Cloud) 172.31. 172.31. 172.31. 172.31. Subnet Subnet Availability Zone US-EAST-1C 172.31. 172.31. 172.31.0.0/16: 172.31.0.1 to 172.31.255.254 = 65534 host IPs /24 = 254 hosts /20 = 4096 hosts
  13. Subnet Subnet Subnet VPC Availability Zone US-EAST-1A Availability Zone US-EAST-1B

    Amazon VPC (Virtual Private Cloud) 172.31. 172.31. 172.31. 172.31. Subnet Subnet Availability Zone US-EAST-1C 172.31. 172.31. Application server security group
  14. Subnet Subnet VPC Availability Zone US-EAST-1A Amazon VPC (Virtual Private

    Cloud) 172.31. 172.31. Subnet Subnet 172.31. 172.31. Web server security group Application server security group Availability Zone US-EAST-1C
  15. What is Amazon CloudFront? CloudFront is the AWS content delivery

    network It securely delivers data, videos, applications, and APIs to customers globally with low latency and high transfer speeds CloudFront is integrated with AWS; physical locations are directly connected to the AWS Global Cloud Infrastructure and other AWS services It features a global network of >300 points of presence (PoPs)
  16. Latency benefits with PoP launches Argentina 55% Latency reduction 79

    ms à 35 ms Chile 73% Latency reduction 104 ms à 28 ms PoP launches ensure connectivity with majority views and redundant AWS backbone Bahrain: 40% Latency reduction 38 ms à 27 ms
  17. Learn networking with AWS Training and Certification Free digital courses

    cover topics related to networking and content delivery, including Introduction to Amazon CloudFront and AWS Transit Gateway Networking and Scaling Resources created by the experts at AWS to help you build and validate cloud networking skills Validate expertise with the AWS Certified Advanced Networking – Specialty exam Visit the advanced networking learning path at aws.amazon.com/training/path-advanced-networking
  18. None
  19. Easiest way to get started Create larger instances Add attached

    block storage Load balance your application Connect to AWS services Networking & data transfer DNS management One static IP/instance Computing power
  20. © 2019, Amazon Web Services, Inc. or its Affiliates.

  21. © 2019, Amazon Web Services, Inc. or its Affiliates.

  22. AWS manages Customer manages Data source integrations Physical hardware, software,

    networking, and facilities Provisioning Application code Container orchestration, provisioning Cluster scaling Physical hardware, host OS/kernel, networking, and facilities Application code Data source integrations Security config and updates Network config Management tasks Container orchestration control plane Physical hardware, software, networking, and facilities Application code Data source integrations Work clusters Security config and updates, network config, firewall, and management tasks Physical hardware, software, networking, and facilities Application code Data source integrations Scaling Security config and updates Network config Management tasks Provisioning, managing scaling and patching of servers AWS Compute – from self-managed to serverless AWS Lambda Serverless functions AWS Fargate Serverless containers Amazon ECS/EKS Container-management -as-a-service Amazon EC2 Infrastructure-as-a-service Less More Opinionated
  23. AWS manages Customer manages Data source integrations Physical hardware, software,

    networking, and facilities Provisioning Application code Container orchestration, provisioning Cluster scaling Physical hardware, host OS/kernel, networking, and facilities Application code Data source integrations Security config and updates Network config Management tasks Container orchestration control plane Physical hardware, software, networking, and facilities Application code Data source integrations Work clusters Security config and updates, network config, firewall, and management tasks Physical hardware, software, networking, and facilities Application code Data source integrations Scaling Security config and updates Network config Management tasks Provisioning, managing scaling and patching of servers AWS Compute – from self-managed to serverless AWS Lambda Serverless functions AWS Fargate Serverless containers Amazon ECS/EKS Container-management -as-a-service Amazon EC2 Infrastructure-as-a-service Less More Opinionated
  24. Amazon EC2 Virtual servers in the cloud Physical servers in

    AWS global Regions Guest 1 Guest 2 Guest n Hypervisor Host server EC2 instances
  25. Amazon EBS EC2 instance EBS volume EBS snapshot gp2 io1

    st1 sc1 EBS SSD- backed volumes EBS HDD- backed volumes Amazon S3 Block storage as a service Create, attach, modify through an API Select storage and compute based on your workload Detach and attach between instances Choice of magnetic and SSD-based volume types Supports snapshots: Point-in-time backup of modified volume blocks
  26. Amazon EC2 instance store Local to instance Nonpersistent data store

    Data not replicated (by default) No snapshot support SSD or HDD Physical host machine EC2 instances Instance store or
  27. Amazon EC2 14+ years ago… Scale up or down quickly,

    as needed Pay for what you use “One size fits all” M1
  28. Amazon EC2 instance characteristics M5d.xlarge Instance family Instance generation Instance

    size Instance type CPU Memory Storage Network performance Additional capabilities
  29. Categories Capabilities Options Broadest and deepest platform choice General purpose

    Burstable Compute intensive Memory intensive Storage (high I/O) Dense storage GPU compute Graphics intensive Amazon Elastic Block Store Amazon Elastic Inference 270+ instance types for virtually every workload and business need Choice of processor (AWS, Intel, AMD) Fast processors (up to 4.0 GHz) High-memory footprint (up to 12 TiB) Instance storage (HDD and NVMe) Accelerated computing (GPUs and FPGA) Networking (up to 100 Gbps) Bare metal Size (Nano to 32xlarge) How do you select the right instance to launch and optimize?
  30. Instance Discovery AWS Compute Optimizer New search and discovery experience

    to easily find EC2 instance types Quicker and easier for you to find and compare different instance types and project costs Machine learning–based service that recommends optimal AWS resources Recommends optimal EC2 instances and Amazon EC2 Auto Scaling group config Lower costs Optimize performance Get started quickly
  31. None
  32. AWS manages Customer manages Data source integrations Physical hardware, software,

    networking, and facilities Provisioning Application code Container orchestration, provisioning Cluster scaling Physical hardware, host OS/kernel, networking, and facilities Application code Data source integrations Security config and updates Network config Management tasks Container orchestration control plane Physical hardware, software, networking, and facilities Application code Data source integrations Work clusters Security config and updates, network config, firewall, and management tasks Physical hardware, software, networking, and facilities Application code Data source integrations Scaling Security config and updates Network config Management tasks Provisioning, managing scaling and patching of servers AWS Lambda Serverless functions AWS Fargate Serverless containers Amazon ECS/EKS Container-management -as-a-service Amazon EC2 Infrastructure-as-a-service Less More Opinionated AWS Compute – from self-managed to serverless
  33. Containers and Docker A container is a standard unit of

    software that packages up code and all its dependencies so the application runs quickly and reliably from one computing environment to another.1 1 https://www.docker.com/resources/what-container Server Operating System Docker Engine App A App B App C App D
  34. Amazon ECS Development cluster Container instance Container instance Container instance

    Production cluster Container instance Container instance Container instance Amazon Elastic Container Service (Amazon ECS) Container Container Volume Task definition Amazon Elastic Container Registry
  35. ECS agent Docker agent OS Amazon Elastic Compute Cloud (Amazon

    EC2) instance ECS agent Docker agent OS EC2 instance ECS agent Docker agent OS EC2 instance Amazon Elastic Container Service (Amazon ECS)
  36. Kubectl EKS Architecture

  37. AWS manages Customer manages Data source integrations Physical hardware, software,

    networking, and facilities Provisioning Application code Container orchestration, provisioning Cluster scaling Physical hardware, host OS/kernel, networking, and facilities Application code Data source integrations Security config and updates Network config Management tasks Container orchestration control plane Physical hardware, software, networking, and facilities Application code Data source integrations Work clusters Security config and updates, network config, firewall, and management tasks Physical hardware, software, networking, and facilities Application code Data source integrations Scaling Security config and updates Network config Management tasks Provisioning, managing scaling and patching of servers AWS Compute – from self-managed to serverless AWS Lambda Serverless functions AWS Fargate Serverless containers Amazon ECS/EKS Container-management -as-a-service Amazon EC2 Infrastructure-as-a-service Less More Opinionated
  38. None
  39. AWS manages Customer manages Data source integrations Physical hardware, software,

    networking, and facilities Provisioning Application code Container orchestration, provisioning Cluster scaling Physical hardware, host OS/kernel, networking, and facilities Application code Data source integrations Security config and updates Network config Management tasks Container orchestration control plane Physical hardware, software, networking, and facilities Application code Data source integrations Work clusters Security config and updates, network config, firewall, and management tasks Physical hardware, software, networking, and facilities Application code Data source integrations Scaling Security config and updates Network config Management tasks Provisioning, managing scaling and patching of servers AWS Compute – from self-managed to serverless AWS Lambda Serverless functions AWS Fargate Serverless containers Amazon ECS/EKS Container-management -as-a-service Amazon EC2 Infrastructure-as-a-service Less More Opinionated
  40. Anatomy of an AWS Lambda function Handler() function Function to

    be executed upon invocation Event object Data sent during Lambda function invocation Context object Methods available to interact with runtime information (request ID, log group, more) import json def lambda_handler(event, context): # TODO implement return { 'statusCode': 200, 'body': json.dumps('Hello World!') }
  41. Serverless applications Event source Function Node.js Python Java C# Go

    Ruby Powershell Runtime API Changes in data state Requests to endpoints Changes in resource state
  42. Anatomy of an AWS Lambda function Function myhandler(event, context) {

    <Event handling logic> { result = SubfunctionA() }else { result = SubfunctionB() return result; } Your handler
  43. Anatomy of a Lambda function Import sdk Import http-lib Import

    ham-sandwich Pre-handler-secret-getter() Pre-handler-db-connect() Function myhandler(event, context) { <Event handling logic> { result = SubfunctionA() }else { result = SubfunctionB() return result; } Your handler
  44. Anatomy of a Lambda function Import sdk Import http-lib Import

    ham-sandwich Pre-handler-secret-getter() Pre-handler-db-connect() Function myhandler(event, context) { <Event handling logic> { result = SubfunctionA() }else { result = SubfunctionB() return result; } Your handler Dependencies, configuration information, common helper functions
  45. Anatomy of a Lambda function Import sdk Import http-lib Import

    ham-sandwich Pre-handler-secret-getter() Pre-handler-db-connect() Function myhandler(event, context) { <Event handling logic> { result = SubfunctionA() }else { result = SubfunctionB() return result; } Function Pre-handler-secret-getter() { } Function Pre-handler-db-connect(){ } Your handler Dependencies, configuration information, common helper functions
  46. Anatomy of a Lambda function Import sdk Import http-lib Import

    ham-sandwich Pre-handler-secret-getter() Pre-handler-db-connect() Function myhandler(event, context) { <Event handling logic> { result = SubfunctionA() }else { result = SubfunctionB() return result; } Function Pre-handler-secret-getter() { } Function Pre-handler-db-connect(){ } Function subFunctionA(thing){ ## logic here } Function subFunctionB(thing){ ## logic here } Business logic sub-functions Your handler Dependencies, configuration information, common helper functions Common helper functions
  47. Anatomy of a serverless application /orders /forums /search /lists /user

    /... Amazon API Gateway AWS Secrets Manager / Parameter Store Amazon DynamoDB I m p o r t s d k I m p o r t h t t p - l i b I m p o r t h a m - s a n d w i c h P r e - h a n d l e r - s e c r e t - g e t t e r ( ) P r e - h a n d l e r - d b - c o n n e c t ( ) F u n c t i o n m y h a n d l e r ( e v e n t , c o n t e x t ) { < E v e n t h a n d l i n g l o g i c > { r e s u l t = S u b f u n c t i o n A ( ) } e l s e { r e s u l t = S u b f u n c t i o n B ( ) r e t u r n r e s u l t ; } F u n c t i o n P r e - h a n d l e r - s e c r e t - g e t t e r ( ) { } F u n c t i o n P r e - h a n d l e r - d b - c o n n e c t ( ) { } F u n c t i o n s u b F u n c t i o n A ( t h i n g ) { # # l o g i c h e r e } F u n c t i o n s u b F u n c t i o n A ( t h i n g ) { # # l o g i c h e r e } Dependencies, configuration information, common helper functions Common helper functions Business logic sub-functions Your handler I m p o r t s d k I m p o r t h t t p - l i b I m p o r t h a m - s a n d w i c h P r e - h a n d l e r - s e c r e t - g e t t e r ( ) P r e - h a n d l e r - d b - c o n n e c t ( ) F u n c t i o n m y h a n d l e r ( e v e n t , c o n t e x t ) { < E v e n t h a n d l i n g l o g i c > { r e s u l t = S u b f u n c t i o n A ( ) } e l s e { r e s u l t = S u b f u n c t i o n B ( ) r e t u r n r e s u l t ; } F u n c t i o n P r e - h a n d l e r - s e c r e t - g e t t e r ( ) { } F u n c t i o n P r e - h a n d l e r - d b - c o n n e c t ( ) { } F u n c t i o n s u b F u n c t i o n A ( t h i n g ) { # # l o g i c h e r e } F u n c t i o n s u b F u n c t i o n A ( t h i n g ) { # # l o g i c h e r e } Dependencies, configuration information, common helper functions Common helper functions Business logic sub-functions Your handler I m p o r t s d k I m p o r t h t t p - l i b I m p o r t h a m - s a n d w i c h P r e - h a n d l e r - s e c r e t - g e t t e r ( ) P r e - h a n d l e r - d b - c o n n e c t ( ) F u n c t i o n m y h a n d l e r ( e v e n t , c o n t e x t ) { < E v e n t h a n d l i n g l o g i c > { r e s u l t = S u b f u n c t i o n A ( ) } e l s e { r e s u l t = S u b f u n c t i o n B ( ) r e t u r n r e s u l t ; } F u n c t i o n P r e - h a n d l e r - s e c r e t - g e t t e r ( ) { } F u n c t i o n P r e - h a n d l e r - d b - c o n n e c t ( ) { } F u n c t i o n s u b F u n c t i o n A ( t h i n g ) { # # l o g i c h e r e } F u n c t i o n s u b F u n c t i o n A ( t h i n g ) { # # l o g i c h e r e } Dependencies, configuration information, common helper functions Common helper functions Business logic sub-functions Your handler I m p o r t s d k I m p o r t h t t p - l i b I m p o r t h a m - s a n d w i c h P r e - h a n d l e r - s e c r e t - g e t t e r ( ) P r e - h a n d l e r - d b - c o n n e c t ( ) F u n c t i o n m y h a n d l e r ( e v e n t , c o n t e x t ) { < E v e n t h a n d l i n g l o g i c > { r e s u l t = S u b f u n c t i o n A ( ) } e l s e { r e s u l t = S u b f u n c t i o n B ( ) r e t u r n r e s u l t ; } F u n c t i o n P r e - h a n d l e r - s e c r e t - g e t t e r ( ) { } F u n c t i o n P r e - h a n d l e r - d b - c o n n e c t ( ) { } F u n c t i o n s u b F u n c t i o n A ( t h i n g ) { # # l o g i c h e r e } F u n c t i o n s u b F u n c t i o n A ( t h i n g ) { # # l o g i c h e r e } Dependencies, configuration information, common helper functions Common helper functions Business logic sub-functions Your handler I m p o r t s d k I m p o r t h t t p - l i b I m p o r t h a m - s a n d w i c h P r e - h a n d l e r - s e c r e t - g e t t e r ( ) P r e - h a n d l e r - d b - c o n n e c t ( ) F u n c t i o n m y h a n d l e r ( e v e n t , c o n t e x t ) { < E v e n t h a n d l i n g l o g i c > { r e s u l t = S u b f u n c t i o n A ( ) } e l s e { r e s u l t = S u b f u n c t i o n B ( ) r e t u r n r e s u l t ; } F u n c t i o n P r e - h a n d l e r - s e c r e t - g e t t e r ( ) { } F u n c t i o n P r e - h a n d l e r - d b - c o n n e c t ( ) { } F u n c t i o n s u b F u n c t i o n A ( t h i n g ) { # # l o g i c h e r e } F u n c t i o n s u b F u n c t i o n A ( t h i n g ) { # # l o g i c h e r e } Dependencies, configuration information, common helper functions Common helper functions Business logic sub-functions Your handler I m p o r t s d k I m p o r t h t t p - l i b I m p o r t h a m - s a n d w i c h P r e - h a n d l e r - s e c r e t - g e t t e r ( ) P r e - h a n d l e r - d b - c o n n e c t ( ) F u n c t i o n m y h a n d l e r ( e v e n t , c o n t e x t ) { < E v e n t h a n d l i n g l o g i c > { r e s u l t = S u b f u n c t i o n A ( ) } e l s e { r e s u l t = S u b f u n c t i o n B ( ) r e t u r n r e s u l t ; } F u n c t i o n P r e - h a n d l e r - s e c r e t - g e t t e r ( ) { } F u n c t i o n P r e - h a n d l e r - d b - c o n n e c t ( ) { } F u n c t i o n s u b F u n c t i o n A ( t h i n g ) { # # l o g i c h e r e } F u n c t i o n s u b F u n c t i o n A ( t h i n g ) { # # l o g i c h e r e } Dependencies, configuration information, common helper functions Common helper functions Business logic sub-functions Your handler
  48. Learn compute with AWS Training and Certification 20+ free digital

    courses cover topics related to cloud compute, including introduction to the following services: Resources created by the experts at AWS to help you build cloud compute skills Compute is also covered in the classroom offering, Architecting on AWS, which features AWS expert instructors and hands-on activities • Amazon Elastic Compute Cloud (Amazon EC2) • Amazon EC2 Auto Scaling • AWS Systems Manager • AWS Inferentia and Amazon EC2 Inf1 instances Visit the learning library at https://aws.training
  49. None
  50. None
  51. Hardware and software installation Database configuration, patching, and backups Cluster

    setup and data replication for high availability Capacity planning, and scaling clusters for compute and storage Managing databases on-premises: Time-consuming and complex
  52. You You Fully managed services on AWS Spend time innovating

    and building new applications, not managing infrastructure AWS Self-managed Fully managed Schema design Query construction Query optimization Automatic failover Backup and recovery Isolation and security Industry compliance Push-button scaling Automated patching Advanced monitoring Routine maintenance Built-in best practices
  53. Broad database and analytics services portfolio Relational databases Non-relational databases

    Data warehouses Hadoop and Spark Amazon Redshift Amazon EMR Operational analytics Amazon Elasticsearch Service Amazon Aurora Amazon DynamoDB Business Intelligence Amazon QuickSight Amazon RDS Amazon DocumentDB Amazon ElastiCache Real-time analytics Amazon Managed Streaming for Apache Kafka PostgreSQL logstash elasticsearch kibana
  54. Learn databases with AWS Training and Certification 25+ free digital

    training courses cover topics and services related to relational and nonrelational databases Resources created by the experts at AWS to help you build and validate database skills Validate expertise with the AWS Certified Database – Specialty exam The classroom offering, Planning and Designing Databases on AWS, features AWS expert instructors and hands-on activities Visit the databases learning path at aws.amazon.com/training/path-databases
  55. Amazon RDS Managed relational database service with a choice of

    popular databases Easy to administer Easily deploy and maintain hardware, OS, and database software; built-in monitoring Available & durable Automatic Multi-AZ data replication; automated backup, snapshots, and failover Performant & scalable Scale compute and storage with a few clicks; minimal downtime for your application Secure & compliant Data encryption at rest and in transit; industry compliance and assurance programs PostgreSQL
  56. Amazon Aurora MySQL- and PostgreSQL-compatible relational database built for the

    cloud Performance and availability of commercial-grade databases at 1/10th the cost Performance and scalability Availability and durability Highly secure Fully managed 5x the throughput of standard MySQL and 3x that of standard PostgreSQL; scale out up to 15 read replicas Fault-tolerant, self-healing storage; six copies of data across three Availability Zones; continuous backup to Amazon S3 Network isolation, encryption at rest/transit, compliance and assurance programs Managed by Amazon RDS: No server provisioning, software patching, setup, configuration, or backups
  57. Sizing the database

  58. Storage Block Amazon EBS Amazon FSx for Windows File Server

    Amazon FSx for Lustre Amazon EFS File Amazon S3 Object
  59. Providing a fast, durable, highly available, key-based access to objects

    Amazon S3
  60. Providing a more reliable, cost-effective, and cloud- native NFS service

    Amazon EFS
  61. https://sebs.to/podcast

  62. https://sebs.to/biendemarrer

  63. Thank you! @sebsto /sebsto /sebsto /sebAWS