Documente Academic
Documente Profesional
Documente Cultură
Q&A Session
Module 6: APN Resources to Help You
2
Welcome
• Should not be taken as the sole source of study to perform the exam AWS CCP.
4
.
AWS Certified Cloud Practitioner
Multiple-responses:
About the Exam What are AWS services? :
• 90 minutes ( • ) IAM
( • ) CloudFront
( ) AWS Games
• US$ 100,00 ( ) ForCloud
( ) Discovery Tiers
• Immediate Result
Multiple-Choice:
CloudFront Service Infrastructure:
• Score : 100 to 1000 (Minimum 700 PASS)
( • ) EdgeLocations
( ) Data Centers
• 65 questions ( ) AWS Transceivers
( ) Cloud Content
( ) External DNS
5
AWS Certified Cloud Practitioner
Exam Topics
https://aws.amazon.com/certification/certified-cloud-practitioner/
6
How to add 30min (1/2)
Non-native English speaking countries are eligible to add 30min to exam time.
How to do this?
Go to certification portal (aws.training/Certification)
7
How to add 30min (2/2)
8
AWS Certified Cloud Practitioner
Resources apn-portal.com
• AWS Training (aws.amazon.com/training)
– AWS Business Professional (Digital)
– AWS TCO and Cloud Economics (Digital)
• Whitepapers da AWS
– Overview of Amazon Web Services
– Architecting for the Cloud: AWS Best Practices
– How AWS Pricing Works
– Cost Management in the AWS Cloud
– AWS support plan comparison
9
.
AWS Certified Cloud Practitioner
To Do
• Review this material.
10
Module 1:
Understanding the AWS Cloud
What is Cloud Computing
13
Why Customers are Moving to AWS
Trade Capital
Expense for Variable
Expense
Scale Globally
Increase Speed
& Agility
Increase
Streamline & Innovation
Enhance
Infrastructure
Decisions Accelerate Time
to Business
Reduce Value
Expenses
14
Transitioning from a Self-Managed to a Fully Managed Service
17
What Sets AWS Apart?
Enterprise Leadership Service Breadth and Depth Pace of Innovation Global Presence
18
AWS Global Infrastructure
21 Geographical Regions, 1 Local Region, 65 Availability Zones, 160+ PoPs
Announced Regions
Four Regions and 12 AZs in Bahrain, Cape Town, Jakarta and Milan
* Available to select AWS customers who request access. Customers wishing to use the Asia Pacific (Osaka) Local Region should speak with their sales representative.
19
1
AWS Region Design
AWS Regions are comprised of multiple AZs for high availability, high scalability, and
high fault tolerance. Applications and data are replicated in real time and consistent in
the different Azs
AWS Availability Zone (AZ)
AWS Region
Transit AZ
AZ AZ
Transit AZ
A Region is a physical location in the Availability Zones consist of one or more discrete data
world where we have multiple Availability centers, each with redundant power, networking, and
Zones. connectivity, housed in separate facilities.
20
Amazon CloudFront
Content Delivery Network (CDN)
• Netflix
21
AWS Platform Services
Over 160 Services
Advanced
Services
Analytics Artificial Internet of Game AWS
Intelligence Mobile Things Development Marketplace
Business Process
Services
Desktop and App Technical and
Developer Management Business Application
Streaming Business Support
Tools Tools Productivity Services
Foundational
Services
Compute Storage Databases Networking/ Hybrid Cloud Messaging
Cont. Delivery Architecture
22
Introducing Amazon Enterprise Applications
WorkMail WorkDocs
Productivity
23
.
Services Availability per Region
Region Table
• Service values
vary by region.
https://aws.amazon.com/about-aws/global-infrastructure/regional-product-services/
24
AWS Marketplace Overview
AWS Marketplace is an
online store that supports:
0
Over 1,400 participating ISVs
1
0
190,000+ active customers
2
0
4,200+ software listings
3
0 Over 570M hours of software per
4 month
25
AWS Hybrid Architecture Support
79%
Almost every AWS customer with on-premises
01. of existing Enterprise
infrastructure is running a hybrid architecture.
workloads run on VMware*
26
Module 2:
Security and Compliance
Security Is Our #1 Priority
24/7
28
Customers Benefit from Advanced Security Controls
29
Shared Responsibility Model
30
AWS Controls and Responsibilities
AWS
AWS Prod
Corporate
Network
Network
New way
Old way
Code
31
AWS Built-In Security
Security Focus Security Services and Features
Amazon VPC
AWS WAF
Infrastructure Security Encryption in-transit with TLS with all services
AWS Artifact
AWS Identity and Access Management (IAM)
Identity and Access Control AWS Multi-Factor Authentication
AWS Directory Service
AWS Trusted Advisor
AWS CloudTrail
Monitoring and Logging Amazon CloudWatch
Amazon Macie
Amazon Inspector
Inventory and Configuration AWS Config
AWS CloudFormation
AWS Shield
Auto Scaling
DDoS Mitigation Amazon CloudFront
Amazon Route 53
Encryption with all AWS storage and database services
Data Encryption AWS KMS
AWS CloudHSM
32
AWS Trusted Advisor
How it works
https://aws.amazon.com/premiumsupport/technology/trusted-advisor/
33
AWS Organizations
Root Organization
Master
Root
Master account
BU1_Prod BU2_Prod SS_Prod
(member accounts)
Member accounts
BU1_Test BU2_Test SS_Dev
Organizational unit
34
Introducing AWS Organizations
Policy-based Management for Multiple AWS Accounts Linked accounts are not charged but they
can still see their usage and charges by
going to their AWS Bills pages.
35
Amazon Inspector
Vulnerability Assessment Service
Inspector Inspector
Agent Agent
https://aws.amazon.com/inspector/
36
AWS Shield and AWS Shield Advanced
DDoS : Distributed Denial of Service.
Botnets, massive attacks
37
AWS Assurance Programs:
58+ Certifications
38 https://aws.amazon.com/compliance/
On-Demand Access to Compliance Reports
AWS Artifact
39
AWS Security
Security Bulletins
40
Module 3:
AWS Architecture and Services
Mapping On-premises Services to AWS
Elastic Load
Balancing
LDAP server
AWS Directory
Service
Web Web
server server
Elastic Load
Balancing
SAN
App server App server App server
Amazon
Elastic
Block Store
DB RDS
Amazon DB RDS
Amazon Back-ups on
(Master)
(Master) (Slave)
(Standby) Backups
tapes to
Amazon S3 or
Amazon Glacier
42
AWS Cloud Hierarchy
Global Services > Regional > VPC > AZ > Host
Route 53 – DNS
CloudFront
Buckets S3
Region
AMI Images
Instances EC2/RDS
AZ Volumes EBS
Conteiners
43
Use Multi-AZ Patterns to Increase Reliability
44
Tools for Migrations
• Server Migration
Service
VMware AWS
• Database Migration
Service
Source DB Target DB
Amazon Amazon ECS Amazon Amazon EBS Elastic Load Amazon Amazon Amazon IAM AWS WAF Amazon AWS
EC2 Glacier Balancing* Route 53 RDS Aurora CloudWatch CloudTrail
Amazon
Auto Scaling AWS Amazon EFS Application Amazon Amazon Amazon AWS KMS AWS Shield AWS AWS
Lambda S3 Load VPC* DynamoDB ElastiCache CloudFormation Config
Balancer
46
AWS Compute Services
How will you deliver the application executables?
• Instances
– Amazon EC2
• Containers
– Amazon ECS, Amazon EKS
– AWS Fargate
• Serverless
– AWS Lambda
47
Amazon EC2: Virtual servers in the cloud
Hypervisor
Host server
Physical servers in
AWS global regions
48
Amazon EC2
Amazon Elastic Compute Cloud (Amazon EC2)
• Virtual machine instance running on an AWS hypervisor
• Support numerous distributions of Linux or Microsoft Windows
• Complete control of your host operating system with root and administrator accounts
• Responsible for all installed applications
• Multiple types and sizes of instances
• Remote access via SSH or Remote Desktop
https://aws.amazon.com/ec2/
49
Amazon Machine Image (AMI)
AMI Content
– Defines which OS to use (Linux, Windows)
– Public and private AMI’s
– Defined at instance launch process
EC2 AMI
50
EC2 instance characteristics
Instance generation
CPU
Memory i3.xlarge
Storage Instance family Instance size
Network perf
Instance type
51
Amazon EC2 - Instance Types
General Compute Storage and I/O GPU Memory
purpose optimized optimized enabled optimized
I3
P2 R5 & R5d
M5 t3 C5
G2 z1d
M4 t2 C4
F1 R4
Burst CPU
52
Broadest and deepest platform choice
Categories Capabilities Options
Choice of processor
General purpose
175
(AWS, Intel, AMD)
Burstable Fast processors
(up to 4.0 GHz) Amazon Elastic Block Store
Compute intensive
High memory footprint
Memory intensive + (up to 12 TiB) + Elastic Graphics = instance types
Storage (High I/O) Instance storage Elastic Inference for virtually
(HDD and NVMe) every workload
Dense storage
Accelerated computing and business need
GPU compute (GPUs and FPGA)
Graphics intensive Networking
(up to 100
Gbps)
Bare Metal
Size
(Nano to 32xlarge)
53
AWS Instance Access
Amazon EC2 Instance Launch:
AWS CLI
AWS SDK
54
AWS CLI
How to use the AWS CLI tool:
IAM > Users > ‘user’ > Security Credentials > Access keys
55
Amazon EC2 –Remote Access
At the moment of creation of the instance it is defined which key-
pair will be used to access the instance.
AWS
“A key pair consists of a public key that AWS
stores, and a private key file stored by the user.”
56
Auto Scaling
Automatically launch or terminate Amazon EC2 instances
• User-defined policies driven by CloudWatch
• Health status checks
• Schedules
• Manually using set-desired-capacity in the CLI
57
How Does Auto Scaling Work?
What Where When
Auto Scaling
AMI EC2
policy
CPU Load
alarm
Execute Auto
Scaling Policy
Auto Scaling CloudWatch
59
Auto Scaling: Maximum Capacity Size
Auto Scaling group: CPU utilization triggers the alarm: capacity is doubled until
CPU utilization drops below 60% or max capacity is reached.
• Minimum = 2
• Maximum = 12
60
Amazon Container
Elastic Container Service (ECS)
Elastic Container Service for Kubernetes (EKS)
• AWS runs the EC2 cluster management
• Eliminates the complexity of operating container infrastructure
• Microservices
61 https://aws.amazon.com/ecs/
AWS Lambda: Serverless Compute
No servers to manage Continuous Scaling Pay only for compute time used
62
AWS Lambda
Use Cases:
• Building modular, scalable, lightweight applications
• Serverless data processing on demand
• Perform data validation, filtering, sorting, or other transformations.
• Image thumb-nailing, in-app activity, website clicks, or output from devices
63 https://aws.amazon.com/lambda/
Architecture of a simple serverless web application
users internet
S3 Bucket API
Lambda IAM DynamoDB
Gateway
JavaScript
64
AWS Storage Services
Compute Storage Networking Databases Security Management
Amazon Amazon ECS Amazon Amazon EBS Elastic Load Amazon Amazon Amazon IAM AWS WAF Amazon AWS
EC2 Glacier Balancing* Route 53 RDS Aurora CloudWatch CloudTrail
Amazon
Auto Scaling AWS Amazon EFS Application Amazon Amazon Amazon AWS KMS AWS Shield AWS AWS
Lambda S3 Load VPC* DynamoDB ElastiCache CloudFormation Config
Balancer
66
Storage Options
Amazon EC2
Amazon EFS Amazon EBS Instance Store Amazon S3 Amazon Glacier
File Block Object
Data Transfer
EBS
Availability Zone
volume
AWS region
68
EBS Volume Types
SSD HDD
69
EBS Encryption
70
Amazon EBS Snapshot
• Point-in-time backup
Amazon EBS
snapshot
71
Amazon EFS
Amazon Elastic File System
• Fully managed EC2-Inst1 EC2-Inst3
EC2-Inst2
• No hardware, network, file layer
• No need to provision storage in
advance
• Create a scalable file system in
seconds!
• Simple pricing = Pay for actual storage
consumed
• Multiple EC2 instances accessing at File System
the same time as a Service
72
Amazon S3 – Simple Storage Service
99.999999999% durability and 99.99% availability of objects over a given year
73
Amazon S3 Features
S3 Features
75
How fast is S3 Transfer Acceleration?
S3 Transfer Acceleration Public Internet
Try it at s3speedtest.com
1 2 3 4 5 6 7 8 9 10 11 12
77
Storage Tiered to Your Requirements
Durable
99.999999999%
79
Amazon S3 Glacier
Long term storage solution
• Long term archiving, backup
• Low cost
• Data are extracted by executing retrieval jobs
Ready to download!
Object ID 001
Object ID 025 ID ID
ID 150
Object ID 150 001 025
Object ID 400 Archive retrieval job
….
Expedited: 1~5min
ID 400
Standard: 3~5hs
Bulk: 5~12hs
80
99.999999999% durability of objects over a given year
What is AWS Storage Gateway?
Service connecting an on-premises software appliance
with cloud-based storage
Gateway VM
MEDIA
VT
S
INITIATOR
82
AWS Networking Services
Compute Storage Networking Databases Security Management
Amazon Amazon ECS Amazon Amazon EBS Elastic Load Amazon Amazon Amazon IAM AWS WAF Amazon AWS
EC2 Glacier Balancing* Route 53 RDS Aurora CloudWatch CloudTrail
Amazon
Auto Scaling AWS Amazon EFS Application Amazon Amazon Amazon AWS KMS AWS Shield AWS AWS
Lambda S3 Load VPC* DynamoDB ElastiCache CloudFormation Config
Balancer
84
Amazon VPC
Provision a logically isolated section of the AWS cloud
• Control your virtual networking environment
– Subnets
– Route tables
– Security groups
– Network ACLs
• Connect to your on-premises network via VPN or Direct
Connect
• Control if and how your instances access the Internet
86
Security in Your VPC
Security groups instance instance instance instance
88
Amazon Elastic Load Balancing (ELB)
ELB increases application resiliency
• Automatically distributes incoming application traffic
• Health Checks for application high availability
• Integrates with other AWS services
– Route 53 Load balancer
– Internet Gateway
– Identity and Access Management Rule Listener
Target Target
Target Group Health
Check
https://aws.amazon.com/elasticloadbalancing/
89
Application Load Balancer: How It Works
Load balancer routes request at the Application layer
(HTPP/HTTPS).
90
Network Load Balancer
Rule Listener
Target Target
Target Group Health
Check
91
Amazon CloudFront
https://aws.amazon.com/cloudfront/
92
How You Configure CloudFront to Deliver Content
Developer
2 Edge
1 3 locations
Objects/ http://d111111abcdef8.cloudfront.
data net
Web 4
distribution
Your
distribution’s
configuration
CloudFront
S3 bucket or HTTP
93
server
Amazon Route 53
https://aws.amazon.com/route53/
94
Amazon API Gateway
Serverless
Amazon Amazon ECS Amazon Amazon EBS Elastic Load Amazon Amazon Amazon IAM AWS WAF Amazon AWS
EC2 Glacier Balancing* Route 53 RDS Aurora CloudWatch CloudTrail
Amazon
Auto Scaling AWS Amazon EFS Application Amazon Amazon Amazon AWS KMS AWS Shield AWS AWS
Lambda S3 Load VPC* DynamoDB ElastiCache CloudFormation Config
Balancer
97
Amazon RDS
• Relational databases
• Fully managed and secure
• Fast, predictable performance
Amazon
• Simple and fast to scale
Aurora
Amazon
• Low cost, pay for what you use
RDS
https://aws.amazon.com/rds/
98
Amazon RDS: Replication and Failover
RDS Multi-AZ Option – Avoid Single Point of Failure
99
Amazon Aurora
Delivered as a managed service on top of RDS
100
Amazon DynamoDB
Fully managed NoSQL database
Fast, consistent performance
Highly scalable
Flexible
Event-driven programming
Fine-grained access control
101
Amazon ElastiCache
A fully-managed in-memory data store or cache environment in
the cloud.
• Improves performance by retrieving data from high-throughput and low-latency, in-
memory data stores.
• Use Cases:
– Gaming
– Ad-Tech
– Financial Services
– Healthcare
– IoT
https://aws.amazon.com/elasticache/
102
AWS Security Services
Compute Storage Networking Databases Security Management
Amazon Amazon ECS Amazon Amazon EBS Elastic Load Amazon Amazon Amazon IAM AWS WAF Amazon AWS
EC2 Glacier Balancing* Route 53 RDS Aurora CloudWatch CloudTrail
Amazon
Auto Scaling AWS Amazon EFS Application Amazon Amazon Amazon AWS KMS AWS Shield AWS AWS
Lambda S3 Load VPC* DynamoDB ElastiCache CloudFormation Config
Balancer
104
The Layered Security Approach
• Secured Infrastructure
– Secured endpoints
– Compliance alignments and
frameworks
– Certifications and attestations Instance
• VPC Firewall
– Workload isolation
Security group
• Security Group
– Port/protocol filtering Subnet
• Instance Firewall
VPC
– Rule-based protection at the OS
level
105
AWS Identity & Access Management
A core AWS security service.
https://aws.amazon.com/iam/
106
AWS Principals
Account Owner ID (Root Account)
• Access to all subscribed services.
• Access to billing.
• Access to console and APIs.
• Access to Customer Support.
107 https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html
IAM Root Account Best Practices
https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html
108
IAM Roles Best Practices
IAM identity that can be assumable by anyone who needs it.
Ex.: users, applications, services, federated users
API Call
Apps.
Assuming IAM Role [credentials]
codes
Create, delete, change bucket
110
AWS Key Management Service (AWS KMS)
Data encryption with KMS
• Managed service to use encryption keys
• Integrated with many AWS services
• Integrated with AWS CloudTrail
– provide auditable logs of key usage
111 https://aws.amazon.com/kms/
AWS Web Application Firewall (AWS WAF)
https://aws.amazon.com/waf/
112
AWS Shield (Standard or Advanced)
https://aws.amazon.com/shield/
113
AWS Management Services
Compute Storage Networking Databases Security Management
Amazon Amazon ECS Amazon Amazon EBS Elastic Load Amazon Amazon Amazon IAM AWS WAF Amazon AWS
EC2 Glacier Balancing* Route 53 RDS Aurora CloudWatch CloudTrail
Amazon
Auto Scaling AWS Amazon EFS Application Amazon Amazon Amazon AWS KMS AWS Shield AWS AWS
Lambda S3 Load VPC* DynamoDB ElastiCache CloudFormation Config
Balancer
114
AWS CloudWatch
https://aws.amazon.com/cloudwatch/
115
AWS CloudWatch Alarms
Amazon
CloudWatch
PageViewCount
Available
statistics
CloudWatch Metrics
Custom Auto Scaling
Application-
Specific Metrics
AWS Statistics
Management Consumer
Console
116
AWS CloudTrail
CloudTrail provides the event history of AWS account activity
Who did
• Permits governance, compliance, audit.
that?!
• Logs API calls.
• Security analysis.
• Tracking of resource changes.
• Problems solution.
118
Benefits of AWS CloudFormation
119
AWS Config
Managed service for tracking AWS inventory and configuration, and
configuration change notification.
AWS Config
Amazon Amazon
EC2 EBS
Amazon AWS
VPC CloudTrail
120
AWS Backup
121
AWS Backup: Features
122
Module 4:
Pricing, TCO and Cost Optimization on
AWS
Cloud Value Framework
126
TCO the way customers typically see it
illustrative
Software - OS, Virtualization Licenses
1 Server Costs Hardware – Server, (+Maintenance)
(+Maintenance)
127
TCO the way it really is Overhead
On-prem.
Colocation
illustrative
Hardware – Server, Rack Software - OS, Facilities Cost
1 Server Costs Chassis PDUs, ToR Switches Virtualization Licenses
(+Maintenance) (+Maintenance) Space Power Cooling
Cost of delays
Network Hardware – LAN Facilities Cost Risk premium
Software – Network
3 Network Costs Switches, Load Balancer
Monitoring Space Power Cooling
Competitive abilities
Bandwidth costs
Governance
Etc.
4 IT Labor Costs Server Admin, Virtualization Admin, Storage Admin, Network Admin, Support Team
128
Resources to get started
129
Tools for Cost Visibility
Cost Explorer TAGs
• Monthly Spend by Service View • Identify and organize your AWS resources
• Monthly Spend by Linked Account View • Integrated with multi AWS Services
• Daily Spend View • EC2, RDS, S3, Glaciers, Redshift, etc...
130
AWS Pricing Philosophy
01 02 03
131
Amazon EC2 Instance
General Purpose Compute Optimized Memory Optimized
R3
M4
M5 T2
M3
T3 X1
R4
C5 C3
C4
P2
132
On-Demand and Reserved
Instance Type Benefits When to Position Workloads
133
Convertible Reserved Instances
Instance Type Benefits When to Position Workloads
Convertible – Reserved Reduced price during For customers lacking Steady-state but can
Instance Reserved Instance understanding of future change
term workloads
Change Reserved
Instance family, type, Example
OS, or tenancy
C3 RI C4 RI
134
Spot Instances
Instance Type Benefits When to Position Workloads
135
.
Dedicated Instance Instances run on For workloads that Data isolation required
hardware dedicated to require dedicated
you only hardware to meet
unique security and
compliance needs
Customer must pay an hourly instance fee Customer must pay a dedicated per region fee
Dedicated Host Instances run on For existing server- Data isolation required
hardware dedicated to bound software License dependent
you only licenses that are bound applications or
License portability to VMs, sockets, or services
Fine grain control of physical cores
hardware
136
Billing Comparison
N.Virginia, 30thJan2019.
Reserved
Convertible
137
Estimating Cost Savings
Simple Monthly Calculator
138
Module 5:
AWS Well-Architected Framework
The AWS Well-Architected Framework
Design Principles
• Stop guessing your capacity needs
• Test systems at production scale
• Automate to make architectural experimentation easier
• Allow for evolutionary architectures
• Data-Driven Architectures
• Improve through game days
140
Pillars of AWS Well-Architected
141
Operational Excellence
The ability to run and monitor systems to deliver business value and continually improve supporting
processes and procedures.
Principles
• Perform operations with code
• Align operations processes to business objectives
• Make regular, small, incremental changes
• Test for responses to unexpected events
• Learn from operational events and failures
• Keep operations procedures current
Coverage Area
• Preparation
• Operation
• Response
142
Operational Excellence: AWS Services
Prepare
• AWS Config rules
Operate
• Amazon CloudWatch
Evolve
• Amazon ElastiSearch Services (Amazon ES)
143
Applying Operational Excellence
Availability Zone A
Public Web Tier App Tier Data Tier 2. Use of CodeStar
1. Use of Subnet (Private (Private
Subnet) Subnet)
Amazon to deploy
CloudWatch to users
x.x.x.x/x
Aurora
x.x.x.x/x x.x.x.x/x Infrastructure as
achieve visibility Example
Services: Code
in the cloud RDGW
NAT Reserved Reserved
ISD/WAF
On-Demand On-Demand
replication
Auto Auto
Scaling Scaling
Group Group
Availability Zone B
144
Security
The ability to protect information, systems, and assets while delivering business value through risk
assessments and mitigation strategies.
Principles
• Apply security at all layers
• Enable traceability
• Implement a principle of least privilege
• Focus on securing your system
• Automate security best practices
Coverage Areas
• Identity and access management
• Detective controls
• Infrastructure protection
• Data protection
• Incident response
145
Security: AWS Services
146
Applying Security Best Practices
Security
3. The use of CloudTrail
1. Public and private Availability Zone A
and Config to maintain
subnets
Public Web Tier App Tier Data Tier a known infrastructure
• ELB and other edge Subnet (Private (Private Amazon
x.x.x.x/x Subnet) Subnet) state
devices are the only users x.x.x.x/x x.x.x.x/x Aurora
things the public can Example
Services:
reach RDGW
• The application of NAT
ISD/WAF
Reserved Reserved
replication
Auto Auto roles that ensure that
Scaling Scaling
Group Group only the App tier can
talk to the database
internet
Public Web Tier App Tier Data Tier
Subnet (Private (Private Amazon
x.x.x.x/x Subnet) Subnet)
x.x.x.x/x x.x.x.x/x Aurora
Example
Services:
RDGW
Reserved Reserved
NAT
IDS/WAF
admin
Web App DB
On-Demand Security On-Demand Security Security
Group Group Group
2. The use of IAM (Dive
deep – Understand the Availability Zone B
roles and users.)
147 AWS
CloudFormation
Reliability
The ability of a system to recover from infrastructure or service failures, dynamically acquire
computing resources to meet demand, and mitigate disruptions such as misconfigurations or
transient network issues.
Principles
• Test recovery procedures
• Automatically recover from failure
• Scale horizontally to increase aggregate system availability
• Stop guessing capacity
• Manage change in automation
Coverage Areas
• Foundations
• Change Management
• Failure Management
148
Reliability: AWS Services
Foundations
• AWS Trusted Advisor , IAM, Amazon VPC, DirectConnect
Change Management
• AWS CloudTrail, AWS Config, Auto Scaling, CloudWatch
Failure Management
• AWS CloudFormation, Amazon S3, Amazon Glacier, AWS KMS
149
Applying Reliability
Reliability
Availability Zone A 3. Scalable ELB
Public Web Tier App Tier Data Tier instances
Subnet (Private (Private Amazon • Independent
x.x.x.x/x Subnet) Subnet)
users x.x.x.x/x x.x.x.x/x RDS resource scalability.
Example
Services:
• Independent service
1. Multi-AZ
RDGW recovery – when
NAT
ISD/WAF used with auto-
scaling
2. Database • This will be relevant
replication
replication when we talk about
between the “Performance
two AZs Efficiency” as well.
internet
Public Web Tier App Tier Data Tier
Subnet (Private (Private Amazon
x.x.x.x/x Subnet) Subnet)
x.x.x.x/x x.x.x.x/x RDS
Example
Services:
RDGW
NAT
IDS/WAF
admin
Availability Zone B
150
Performance Efficiency
The ability to use computing resources efficiently to meet system requirements, and to
maintain that efficiency as demand changes and technologies evolve.
Principles
• Democratize advanced technologies
• Go global in minutes
• Use serverless architectures
• Experiment more often
• Mechanical sympathy
Coverage Areas
• Selection
• Review
• Tradeoffs
151
Performance Efficiency: AWS Services
Selection
• Compute: Auto Scaling
• Storage: Amazon EBS, Amazon S3
• Database: Amazon RDS, Amazon DynamoDB
• Network: Amazon Route 53, Amazon VPC, AWS Direct Connect
Review
• AWS Blog
Monitoring
• Amazon CloudWatch, AWS Lambda
Tradeoffs
• Amazon ElastiCache, Amazon CloudFront, AWS Snowball, Read replicas for RDS
152
Applying Performance Efficiency
Availability Zone A
Public Web Tier App Tier Data Tier
Subnet (Private (Private Amazon
x.x.x.x/x Subnet) Subnet)
users x.x.x.x/x x.x.x.x/x Aurora
Example
Services:
RDGW
NAT
ISD/WAF
2. CloudFormation
replication
Auto Auto
Scaling Scaling as a tool to
1. Auto Scaling Group Group
facilitate
groups repeatability and
internet
Web Tier App Tier Data Tier
Public
(Private (Private
global
Subnet Amazon
x.x.x.x/x Subnet)
x.x.x.x/x
Subnet)
x.x.x.x/x Aurora deployment
Example
Services:
RDGW
NAT
IDS/WAF
admin
Availability Zone B
153 AWS
CloudFormation
Cost Optimization
The ability to avoid or eliminate unneeded cost or suboptimal resources
Principles
• Adopt a consumption model
• Benefit from economies of scale
• Stop spending money on data center operations
• Analyze and attribute expenditure
• Use managed services to reduce cost of ownership
Coverage Areas
• Cost-Effective Resources
• Matching Supply and Demand
• Expenditure Awareness
• Optimizing Over Time
154
Cost Optimization: AWS Services
Cost-Effective Resources
• AWS Well-Architected Framework
Matching Supply and Demand
• Auto Scaling
Expenditure Awareness
• Amazon CloudWatch, Amazon Simple Notification Services (SNS)
Optimizing Over Time
• AWS Blogs, AWS Trusted Advisor, AWS Cost Explorer
155
Applying Cost Optimization
Availability Zone A
Public Web Tier App Tier Data Tier
Subnet (Private (Private Amazon
x.x.x.x/x Subnet) Subnet)
users x.x.x.x/x x.x.x.x/x Aurora
Example
Services:
RDGW
NAT Reserved Reserved
ISD/WAF
On-Demand On-Demand
2. The use of
replication
Auto Auto
1. combination of Scaling Scaling Aurora as the
reserved and Group Group
relational
on-demand database layer
internet
instances Public Web Tier App Tier Data Tier
Subnet (Private (Private Amazon
x.x.x.x/x Subnet) Subnet)
x.x.x.x/x x.x.x.x/x Aurora
Example
Services:
RDGW
Reserved Reserved
NAT
IDS/WAF
admin
On-Demand On-Demand
Availability Zone B
156 AWS
CloudFormation
Value Proposition
Help Customers:
• Consistent approach to reviewing architectures
• Understand and reduce risk in your architecture
• Learn best practices
• Influence future architectures
• Generate additional opportunities
157
Simulation: CPC Prep Test and Discussion
Module 6:
APN Resources to Help You
APN Program Resources
Monthly Partner-Facing
APN Program Guide APN Personnel Resources
Webinars
Benefits and
Requirements
Training and
Certification APN Blog, Newsletter,
Twitter
APN Portal
Marketing
https://partnercentral.awspartner.com
APN Partner
I
Programs
160
APN How-To Guides and AWS Events
Sponsorship
AWS How-To Guides AWS Events
Opportunities
500-6,000
50-500
+50,000
161
Partner Training
AWS Digital Learning Platform
https://www.aws.training/
Workshops and Bootcamps Videos, Labs, and Classes
Specialty Courses for APN Partners With Business and Technical Tracks
162 https://partnercentral.awspartner.com
AWS Certification
https://youtu.be/WqUQNp1hAH8
163
Linking a Partner Account to a Certification Account
Problem: Partners not be credited for employee certifications.
Solution: fill in a new field called "AWS Training and Certification Account Email"
164
Class Evaluation and Assessment
165