Better, Faster, Stronger web apps with Amazon Web Serviceswith AWS Recommendations on security,...

of 54 /54
Simone Brunozzi ( @simon ) Senior Technology Evangelist, Amazon Web Services Better, Faster, Stronger web apps with Amazon Web Services

Embed Size (px)

Transcript of Better, Faster, Stronger web apps with Amazon Web Serviceswith AWS Recommendations on security,...

  • Simone Brunozzi ( @simon )Senior Technology Evangelist, Amazon Web Services

    Better, Faster, Stronger web appswith Amazon Web Services

  • “Knowledge starts from great questions.”

    (from the previous presentation)

  • “Knowledge starts from great questions.”

    growsgrows

    with inspiring answers”with inspiring answers”

  • BETTER

    CloudSearch

    Going Global

    AWS Support

    AWS Data Pipeline

    Elastic Load Balancer

    FASTER

    CloudFront

    DynamoDB

    ElastiCache

    Elastic Beanstalk

    STRONGER

    Security

    IAM

    VPC

    Securing Apache/NGINX

    Durability

  • BETTER FASTER STRONGER

    CloudFront

    DynamoDB

    Security

    IAM

    CloudSearch

    VPC

    Going Global

    ElastiCache

    Securing Apache/NGINX

    AWS Support

    AWS Data Pipeline Durability

    Elastic Beanstalk

    Elastic Load Balancer

  • BETTER FASTER STRONGER

    AWS Data Pipeline

    Process/Move dataTo/From AWS or on-premise sourcesScheduled intervals

  • (Video)

  • BETTER FASTER STRONGER

    AWS Support

    One-on-one, fast response support channel Always available

    Experienced support engineers

    x

    y

    Four Different plans

  • 9

    AWS Support: a Swiss knife

  • 9

    Reactivetroubleshooting

    Help to get started with AWS

    Recommendations on security, costs, and

    availability Discuss architecture and best practices

    Integrate the 150+ annual AWS feature

    releases

    Configuration help for a growing list of 3rd party software

    AWS Support: a Swiss knife

  • AWS Support plans

    Free

    10

    Basic

    49 $ / month

    Developer

    (Min: 100 $)% of your AWS monthly bill:10%: 0-10k7%: 10k-80k5%: 80k-250k3%: 250k+

    Business

    (Min: 15,000 $)% of your AWS monthly bill:10%: 0-150k7%: 150k-500k5%: 500k-1M3%: 1M+

    Enterprise

  • What do you get? (1)

    11

    Basic Developer Business Enterprise

    YESCustomer Service 24/7/365 YES YES YES

    YESSupport forums YES YES YES

    YESDocumentation, guides YES YES YES

    health checksAccess to Technical support E P/C/E P/C/E/TAM

    -Named contacts 1 5 Unlimited

    -Response time 12 hours 1 hour 15 minutes

    -Architecture support Building blocks Guidance App Architecture

    -Best practice guidance YES YES YES

    -Client side diagnostic tools YES YES YES

  • What do you get? (2)

    12

    Business Enterprise

    Identity Access Management (IAM) YES YES

    Direct routing to Senior Support Engineers YES YES

    Third party Software Support (beta) YES YES

    AWS Trusted Advisor (beta) YES YES

    Infrastructure Event Management contact us YES

    Direct Access to TAM (Technical Account Manager) - YES

    White-Glove Case Routing - YES

    Management Business Reviews - YES

  • AWS Trusted Advisor

  • AWS Trusted Advisorin action

  • 15 (Video)

  • BETTER FASTER STRONGER

    AWS CloudSearch

    A fully-managed search service in the cloud Easy to integrate fast and scalable search functionality

  • BETTER FASTER STRONGER

    AWS CloudSearch

    A fully-managed search service in the cloud Easy to integrate fast and scalable search functionality

    • Faceted search• Field weighting• Stemming, Synonyms, Stop Words• Autoscaling• Index distribution / partition / replication

  • (Video)

  • BETTER FASTER STRONGER

    Going global: AWS Regions

    http://aws.amazon.com/about-aws/globalinfrastructure

    (as of Jan 10th, 2013)

    Regions (8) GovCloud Regions (1)

  • BETTER FASTER STRONGER

    Availability Zones

    http://aws.amazon.com/about-aws/globalinfrastructure

    (as of Jan 10th, 2013)

    Availability Zones (23)

  • BETTER FASTER STRONGER

    CloudFront / Route 53

    http://aws.amazon.com/about-aws/globalinfrastructure

    (as of Jan 10th, 2013)

    Edge Locations (39)

    Dallas  (2)

    St.LouisMiami

    JacksonvilleLos  Angeles  (2)

    Palo  Alto

    Sea>le

    Ashburn  (2)

    NewarkNew  York  (3)

    DublinLondon  (2) Amsterdam  (2)

    Stockholm

    Frankfurt  (2)Paris  (2)

    Singapore  (2)

    Hong  Kong  (2)

    Tokyo  (2)

    Sao  Paulo

    South  Bend

    San  Jose

    OsakaMilan

    Sydney

    Madrid

  • BETTER FASTER STRONGER

    AWS Support

    http://aws.amazon.com/about-aws/globalinfrastructure

    (as of Jan 10th, 2013)

    Customer Service & Technical Support

    Remote TAMs (Technical Account Manager)

  • BETTER FASTER STRONGER

    Elastic Load Balancer

    Automatically balances traffic across EC2 instancesProtocols: HTTP, HTTPS, TCP, SSL, or CustomOne or multiple Availability ZonesAutomatic health checks

  • BETTER FASTER STRONGER

    CloudFront

    DynamoDB

    Security

    IAM

    CloudSearch

    VPC

    Going Global

    ElastiCache

    Securing Apache/NGINX

    AWS Support

    AWS Data Pipeline Durability

    Elastic Beanstalk

    Elastic Load Balancer

  • BETTER FASTER STRONGER

    Amazon ElastiCache

    DatabaseWeb

    Server

  • BETTER FASTER STRONGER

    Amazon ElastiCache

    Cache

    DatabaseWeb

    Server

  • BETTER FASTER STRONGER

    Amazon ElastiCache

    • Memcached-compliant• Different cache node types• Monitoring statistics• Dynamic scaling• Automatic failure detection / recovery• Automatic software patching

  • BETTER FASTER STRONGER

    Amazon DynamoDB

    • NoSQL key-value store• Provisioned throughput (automated scaling)• Fully distributed• Fault tolerant

  • BETTER FASTER STRONGER

    AWS Elastic Beanstalk

  • BETTER FASTER STRONGER

    AWS Elastic Beanstalk

    PHP Python Ruby .NET Java

    Passenger IIS TomcatApache

    Visual Studio EclipseGit

  • BETTER FASTER STRONGER

    AWS Elastic Beanstalk

    Passenger IIS TomcatApache

  • BETTER FASTER STRONGER

    AWS Elastic Beanstalk

    PassengerIISTomcatApacheweb/app server

  • BETTER FASTER STRONGER

    AWS Elastic Beanstalk

    web/app server

  • BETTER FASTER STRONGER

    AWS Elastic Beanstalk

    MasterDB

    web/app server

    web/app server

    Elastic Load Balancer

    IP

    StandbyDB

    web/app server

  • BETTER FASTER STRONGER

    • Easy deploy / rollback• Monitoring metrics (CloudWatch)• Receive SNS notifications (health, add/remove servers)• Access server log files• Quickly restart the entire stack• Custom application server settings

    AWS Elastic Beanstalk

  • BETTER FASTER STRONGER

    CloudFront

    What’s new?

    • New Edge locations• Support for cookies• Price classes (exclude edge locations based on cost)• New access log fields• Front End Optimization (compression, rendering, etc)• Dynamic content from EC2 (query / cache parameters)

  • BETTER FASTER STRONGER

    CloudFront

    DynamoDB

    Security

    IAM

    CloudSearch

    VPC

    Going Global

    ElastiCache

    Securing Apache/NGINX

    AWS Support

    AWS Data Pipeline Durability

    Elastic Beanstalk

    Elastic Load Balancer

  • BETTER FASTER STRONGER

    Durability

    EC2 internal storage: ephemeral.EBS: redundant.S3: designed for high durability.Glacier, compared to S3: delayed retrieval, lower price.

    RDS: backups to Amazon S3.DynamoDB: use AWS Data Pipeline to backup to S3.EBS: snapshots to S3.

  • BETTER FASTER STRONGER

    Amazon Virtual Private Cloud (VPC)

    Launch a private section of the AWS Cloud, with user-defined network topology and security/routing rules.

    Start using VPC today - No excuses.

  • (Video)

  • BETTER FASTER STRONGER

    Security

    [ Shared Responsibility Model ]

  • BETTER FASTER STRONGER

    Security

  • BETTER FASTER STRONGER

    Security

  • BETTER FASTER STRONGER

    Security

    Security Groups

    Credentials

    EncryptionYour apps

  • BETTER FASTER STRONGER

    Securing Apache/NGINX

    • ModSecurity (currently 2.7)• Proper security guides (e.g. RHEL 6.0 Security Guide)• Remove unnecessary modules / services / daemons• SSH using a Bastion Host• Patch / Update• Hide version• Use “smart” access (e.g. strong passwords / certificates)• Run it within VPC!

  • BETTER FASTER STRONGER

    IAM

    Control access to AWS services and resources for your users, with users/roles/permissions.

    • Separate Master Account from everything else• Cross-account API access• Temporary security credentials (remember?)• Multi-Factor Authentication (MFA)

  • (Video)

  • http://aws.amazon.com/

  • http://aws.amazon.com/awspodcast

  • Simone Brunozzi ( @simon )Senior Technology Evangelist, Amazon Web Services

  • Simone Brunozzi ( @simon )Senior Technology Evangelist, Amazon Web Services

    Better, Faster, Stronger web appswith Amazon Web Services

    Thank you!