Architecting Applications on Amazon Web Services with Node.js

Speaker: Henry FougereCurrent Role:

Director, Tech Lead, Software Engineering & Delivery

Experience:15+ Years Full Stack Developer5 Years Using AWS

When I’m not doing technology stuff, I enjoy: Marathon Running

PhotographyGraphic DesignTennis, SoccerLongs walks on the beach

What are we building today???

VPC - Virtual Private Cloud10.0.0.0/26Start: 10.0.0.02^ (32-26) = 2^ 6 = 64End: 10.0.0.63

Internet Gateway: communication between instances in VPC and the Internethorizontally scaled, redundant, highly available- Default VPC has an Internet Gateway- 1 IGW per VPC- VPC spans all availability zones

Route Tables: contain a set of rules called routes that determine where traffic is directed- restricted to 1 availability zone

VPC (cont.)

VPC - Virtual Private Cloud

● Fully managed NoSQL database service

● Provides fast and predictable performance

● Don't have to worry about hardware provisioning, setup and configuration, replication, software

patching, or cluster scaling

● Core components: Tables, Items, and Attributes

● Partition key – A simple primary key

● Partition key and sort key – Referred to as a composite primary key

DynamoDB

DynamoDB

● First service launched by Amazon back in 2006

● S3 is used to store and retrieve any amount of data at any time

● Can be integrated with other services such as Lambda and CloudFront.

● Amazon S3 objects can range in size from a minimum of 0 bytes to a maximum of 5 terabytes.

● The largest object that can be uploaded in a single PUT is 5 gigabytes.

● There are three highly durable storage classes:

○ Amazon S3 Standard for general-purpose storage of frequently accessed data

○ Amazon S3 Standard - Infrequent Access for long-lived, but less frequently accessed data

○ Amazon Glacier for long-term archive.

S3 (Simple Storage Service)

S3 (Simple Storage Service)

● Amazon CloudFront is a global content delivery network (CDN) service

● Deep Integration with key AWS Services such as Amazon S3, AWS Lambda and API Gateway

● Securely delivers data, videos, applications, and APIs to your viewers with low latency and high

transfer speeds.

● Optimized for low latency and high data transfer speeds.

CloudFront (CDN)

CloudFront (CDN)

● Securely control access to AWS services and resources

● Create and manage users and groups

● Use permissions to allow and deny access to AWS resources.

● IAM is a feature of your AWS account offered at no additional charge.

● You will be charged only for use of other AWS services by your users.

IAM - Identity and Access Management

IAM - Identity and Access Management

● Run code without provisioning or managing servers.

● You pay only for time your code is running.

● Run code for any type of application or backend service - all with zero administration.

● Takes care of everything required to run and scale your code with high availability.

● Set up your code to automatically trigger from other AWS services or call it directly from any web or

mobile app.

Lambda

Lambda

● Run code without provisioning or managing servers.

● You pay only for time your code is running.

● Run code for any type of application or backend service - all with zero administration.

● Takes care of everything required to run and scale your code with high availability.

● Set up your code to automatically trigger from other AWS services or call it directly from any web or

mobile app.

API Gateway

API Gateway

● Add user sign-up and sign-in to your mobile and web apps● Federate identities and provide secure access to AWS resources● Store and sync across devices

Cognito Identity

Cognito Identity

● Secure, resizable compute capacity in the cloud. ● Configure capacity with minimal friction. ● Reduces time required to obtain and boot new server instances to minutes● Quickly scale capacity up and down, as computing requirements change. ● Pay only for capacity that you actually use.

EC2 - Elastic Compute Cloud

EC2 - Elastic Compute Cloud

Cloud Computing Tips...● Be sure to deprovision resources as needed.

● Grant Least Privilege

● Lock Away Account Access Keys, and Passwords. Don’t not share them by any means

● Create Individual IAM Users

● Use Groups to Assign Permissions to IAM Users

● Configure a Strong Password Policy

● Rotate Credentials Regularly

● Remove Unnecessary Credentials

● Monitor Activity in Your AWS Account

Thank You!Henry Fougere

hfougere@yahoo.com