AWS Partner Network

AWS Solutions Training for Partners:

Foundations (Technical)
AWS Technical Professional Learning Path

YOU
ARE
HERE

https://aws.amazon.com/partners/training/path-tech-pro/
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 2
 Module 1 – Foundations

3
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Learning objectives

After completing this course, you will be able to:

• Design a basic solution using AWS services
• Select the right AWS services for a customer’s use case
• Address customer concerns about digital transformation
• Describe the AWS Well-Architected Framework
• Apply best practices
• Recognize architecture patterns for some typical AWS solutions

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 4
Course content

• What is AWS?
• What is an AWS solutions architect?
• You know more than you realize.
• What do customers want to know about AWS?
• Principles of AWS solution design: The Well-Architected Framework
• Designing a solution: A customer case study
• Common solution patterns
• Takeaways and next steps

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 5
 Here is the question you need to answer:

Why are your customers

moving to AWS?

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 6
Five core benefits of cloud computing

Agility Elasticity

Cost Global
reduction reach

Breadth
of services

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 7
What sets AWS apart
Security Fine-grained control.

More than 175 services to support any cloud workload; rapid

Service breadth and depth; pace of innovation customer-driven releases.

Experience – more than 1 million customers Building and managing cloud since 2006.

77 Availability Zones in 24 Regions, 1 local zone, 216 points of

Global footprint
presence (205 edge locations and 11 Regional edge caches).

More machine learning happens on AWS than anywhere else.

Machine learning
Machine learning in the hands of every developer and data scientist.
Tens of thousands of AWS Partner Network (APN) Partners. AWS
Experience Marketplace offers 39 categories, and more than 7,000 software
listings from more than 1,500 independent software vendors.

AWS positioned as a leader in the Gartner Magic Quadrant for

Enterprise leader cloud infrastructure as a service (IaaS), worldwide
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 8
 Why AWS?

• Amazon Simple Storage Service (Amazon S3) holds trillions of objects and
regularly peaks at millions of requests per second.
• In a single Region, S3 processes peak at over 60 TBps of traffic in a day.
• More than 200,000 databases have been migrated using AWS Database Migration
Service (AWS DMS).
• On September 30, 2019, Amazon's Consumer business turned off its final Oracle
database after migrating nearly 7,500 databases and 75 petabytes of data across
hundred of items to AWS database services.
• More than 10,000 customers use Amazon SageMaker.
• More than 10,000 customers use Amazon Redshift.
• At just 3 years after general availability, AWS Lambda already processes trillions of
executions every month.
*As of December 2019
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 9
 AWS recognized as
a cloud leader for the
ninth consecutive year

Gartner, Magic Quadrant for Cloud Infrastructure as a Service, Worldwide, Raj Bala, Bob
Gill, Dennis Smith, David Wright, July 2020. ID G00365830. Gartner does not endorse
any vendor, product or service depicted in its research publications, and does not advise
technology users to select only those vendors with the highest ratings. Gartner research
publications consist of the opinions of Gartner's research organization and should not be
construed as statements of fact. Gartner disclaims all warranties, expressed or implied,
with respect to this research, including any warranties of merchantability or fitness for a
particular purpose. The Gartner logo is a trademark and service mark of Gartner, Inc.,
and/or its affiliates, and is used herein with permission. All rights reserved.

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
10
Module 2 – AWS Solution
Architecture
What is an AWS solutions architect?

• Customer’s trusted advisor and partner in digital transformation

• Owner of the technical relationship with the customer
• Critical guide on the customer’s cloud journey
• Technical expert, consultant, architect, educator, and trainer
• Customer’s cloud CTO or chief cloud architect

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 12
 Breadth and depth of services
More services and more functionality in those services

TECHNICAL & BUSINESS SUPPORT

Professional Optimization Partner Training & Security & Billing Personalized
Support Solutions Management Account Management
Services Guidance Ecosystem Certification Reports Dashboard

MARKETPLACE
Business Apps Business Intelligence DevOps Tools Security Networking Databases Storage

ANALYTICS DEV OPS MOBILE SERVICES IoT MACHINE LEARNING ENTERPRISE APPS HYBRID ARCHITECTURE MIGRATION
One-click App Custom Model
Data Warehousing Elasticsearch API Gateway Rules Engine Virtual Desktops Data Integration Schema Conversion
Deployment Training & Hosting

Single Integrated Image & Scene Sharing & Exabyte-Scale

Business Intelligence Data Pipelines Resource Templates Device Shadows Integrated Networking Data Migration
Console Recognition Collaboration

Interactive SQL Facial Recognition & Integrated Identity & Application Migration
Hadoop/Spark Build & Test Identity Device SDKs Corporate Email Access
Queries Analysis
Streaming Data Application Lifecycle Integrated Resource & Database Migration
Analysis ETL Sync Device Gateway Facial Search App Streaming
Management Deployment Management

Streaming Data DevOps Resource Text to Speech Integrated Devices

Mobile Analytics Registry Communications Server Migration
Collection Management & Edge Systems

Triggers Local Compute Conversational Chatbots

Mobile App Testing Contact Center
APP SERVICES
Deep Learning
Queuing & Notifications Email Containers Targeted Push
(Apache MXNet,
Notifications
TensorFlow, & others)
Workflow Transcoding Analyze & Debug

Search Patching

INFRASTRUCTURE CORE SERVICES SECURITY & COMPLIANCE MANAGEMENT TOOLS

Compute Storage Databases Identity Monitoring & Assessment Web Application Manage Service Configuration
Regions VMs, Auto-scaling, Load Object, Blocks, File, Archivals, Relational, NoSQL, Access Control
Balancing, Containers, Import/Export, Exabyte-scale Caching, Migration, Management Logs & Reporting Firewall Resources Catalogue Tracking
Virtual Private Servers, data transfer PostgreSQL compatible
Availability Zones Batch Computing, Cloud
Key Management DDOS Server Resource
Functions, Elastic GPUs, Configuration Account Resource & Usage Monitoring
Networking CDN & Storage Management Templates
Edge Computing
VPC, DX, DNS Compliance Grouping Auditing Protection
Points of Presence

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
13
 Customers build amazing things
Data Ingest Scale (batch) Serving Direct query Data scientists
Amazon Athena
sources
Transactions Internet Raw Data ETL
Interfaces Amazon S3 Amazon EMR Staged Data
(Data Lake) Schemaless
Amazon S3 Amazon Elasticsearch
ERP
Data analysts
Advanced
AWS Direct Analytics
Connect
Semi/Unstructured
Amazon EMR
MLlib
Web logs / Business users
cookies

AWS Data Warehouse

Stream Analysis
Database Amazon Redshift
Amazon EMR Event Scoring
Migration

Connected
devices
Event Handler Legacy Apps Engagement platforms
AWS Lambda Response Handler
AWS Lambda Amazon RDS

Event Capture
Amazon Kinesis
Amazon Kinesis
Amazon AI Near-Zero Latency Automation/events
Social media
Amazon DynamoDB

Speed (real time)

Amazon
AWS IAM AWS KMS AWS CloudTrail CloudWatch
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
14
Keys to AWS success
You

Customer Success
Customer obsession is key!

Amazon Leadership Principles

• Customer obsession • Earn trust • Invent and simplify • Bias for action
• Learn and be curious • Dive deep • Think big • Deliver results

We do things in peculiar ways.

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 15
Solutions architect is key

• Define your scope

• Dive deep
• Design well-architected solutions
• Earn trust
• Educate
• Iterate – invent and simplify – innovate

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 16
Guiding principles for AWS SAs

• Cloud migration is a process.

• Customers need your expertise and help.
• Know your customer.
• Know the AWS products and services.
• Act in the customer’s long-term, best interest.

Long-term, professional services revenue = Success.

We play the long game.
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 17
Some AWS services are familiar

Virtual machine instance running on an AWS hypervisor

Compute – EC2
VMs
(instances)

Block storage volumes for use with Amazon EC2 instances

Storage – EBS (block
SAN storage storage)

Isolated virtual subnets in the AWS Cloud

Networking Networking – Virtual Private

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. Cloud 18
Some AWS services are a little different

• AWS Lambda
• Stateless compute service
• Runs code in response to an even
• Triggers in milliseconds
• Low-cost, billed in 100 ms increments
• Focus on the application, not the infrastructure AWS Lambda

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 19
Amazon Machine Learning services

• Use Amazon Machine Learning

(Amazon ML) services
• Create ML models using simple APIs
• Build ML applications, regardless of
skill levels

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 20
…And some offer emerging technology

Amazon Managed Blockchain is a fully managed service

that makes it easy to create and manage scalable
blockchain networks using the popular open source
frameworks Hyperledger Fabric and Ethereum*.
Amazon Managed
Blockchain

Benefits Use cases

• Fully managed • Trading and asset transfer
• Choice of Hyperledger Fabric or Ethereum • Retail
• Scalable and secure • Supply chain
• Reliability

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 21
 The sum is greater than its parts
External services
Amazon
Content CloudFront
delivery
network

Amazon
DNS Route 53

Third-party tools

Monitoring Amazon AWS

Logging CloudTrail
CloudWatch

Load Elastic Load

balancing Balancing*

External services and third-party tools are native and integrated.

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 22
 Highly available global infrastructure

Region Interconnected using

high-speed private
AWS Availability Zone links

A AZ

AZ

Independent failure zone

https://infrastructure.aws/

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 23
What do you want to manage?

Self-managed
Amazon EC2 Fully managed
service service

Corporate data center AWS Cloud AWS Cloud

Database DB on instance RDS instance

Corporate data AWS data AWS data

center center(s) center(s)

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 24
Shared security model

Customer content Customers are

Customer responsible for their
Platform, Applications, Identity and Access Management security and
compliance IN the
Cloud.
Operating System, Network and Firewall Configuration

Client-side Data Server-side Data Network Traffic

Encryption Encryption Protection

AWS Foundation Services

AWS is responsible
Compute Storage Database Networking for the security OF
AWS

the Cloud.

Availability Zones
AWS Global
Edge Locations
Infrastructure Regions

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 25
AWS as code

Managing applications and infrastructure using code-based tools and

software development techniques.
1. Build an AWS solution.
2. Create templates of your solution stacks.
3. Use templates to replicate stack
deployments consistently, at scale.
4. Update templates as you update the AWS CloudFormation Designer
solution design.
5. Manage templates like code. AWS is API-driven.
Use the SDKs to build and operate.
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 26
Takeaways

• Your customers are moving to the cloud.

• AWS changes the way customers practice IT.
• Migrating to the cloud is a complex process.
• Customers need your help.

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 27
Cloud takeaways

• Starts with well-understood tools and constructs.

• Adds complex, powerful functionality and services.
• Cloud infrastructure is interchangeable and dynamic.
• The sum is greater than the parts.
• Solutions focused.
• There is much to know.
• You will build amazing things.

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 28
 Module 3 – Building Blocks

29
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS foundational services

AWS Compute AWS Storage AWS Networking AWS Database AWS Security AWS Management

Amazon Amazon Amazon Amazon Amazon Amazon Amazon Amazon AWS AWS AWS AWS
EC2 Elastic S3 EBS ELB Route 53 RDS Aurora IAM WAF CloudWatch CloudTrail
Container Glacier
Service

Amazon Amazon Amazon Amazon Amazon AWS AWS AWS AWS

Amazon AWS
S3 ALB VPC Dynamo DB ElastiCache KMS Shield CloudFormation Config
EC2 Auto Lambda
Scaling

AWS Amazon AWS Systems

Direct VPN Manager
Connect

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 30
Amazon Elastic Compute Cloud

• Virtual machine instance running on an AWS hypervisor

• Support numerous distributions of Linux or Microsoft Windows
• Complete control of your host operating system with root and
administrator accounts
• Responsible for all installed applications

https://aws.amazon.com/ec2/

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 31
EC2 instances: Families and generations

General purpose: A1 T3 T3a T2 M6g M5 M5a M5n M4

Compute optimized: C5 C5n C4
Memory optimized: R5 R5a R5n R4 X1e X1 High Memory z1d
Accelerated computing : P3 P2 Inf1 G4 G3 F1
Storage optimized: I3 I3en D2 H1

Customers can change instance types seamlessly.

https://aws.amazon.com/ec2/instance-types/
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 32
 EC2 instances: Types and sizes

m6g.16xlarge
Instance family Instance generation Instance size
Powered by Arm-based AWS Graviton2 processors. 64 virtual CPUs
Balance of compute, memory, and networking resources for a broad set of 256 GB memory
workloads 25 GBps network bandwidth
18,000 Mbps EBS bandwidth

https://aws.amazon.com/ec2/instance-types/
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 33
EC2 purchasing options
On-Demand Reserved Spot Savings Plan
Pay for compute capacity Make a 1- or 3-year Spare EC2 capacity at Savings Plan offers up to
by the second with no commitment and receive savings of up to 90% off 72% savings in exchange
long-term commitments a significant discount off On-Demand prices for a commitment to
On-Demand prices consistent amount of
Spiky workloads, to define Fault-tolerant, dev/test, usage for a 1- or 3-year
needs Committed, steady-state time-flexible, stateless term
use workloads

https://aws.amazon.com/ec2/pricing/
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 34
Amazon EC2 Auto Scaling

• Scale Amazon EC2 instances seamlessly and automatically

• Launch or terminate instances to meet desired capacity
• Keeps capacity balanced across AZs
• Replace unhealthy or unreachable instances
• Policy-based – integrates with other AWS services
• Use cases:
• Dynamic scaling – optimize EC2 resources rapidly
• Reduce cost and manage pricing
• Fleet management – balance and recover from failures

https://aws.amazon.com/ec2/autoscaling/
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
35
Amazon ECS and Amazon EKS

• Elastic Container Service and Elastic Container Service

for Kubernetes
• AWS runs the EC2 cluster management for you
• Eliminates the complexity of operating container
infrastructure
• Use cases
• Deploy microservices to speed innovation
• Batch processing
• Migrate legacy applications without requiring code changes
• Accelerate machine learning
https://aws.amazon.com/ecs/
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 36
AWS Fargate

• Allows customers to run containers without managing a cluster

• Uses Amazon ECS and EKS
• Launch tens of thousands of containers in seconds
• Integrates with auto scaling for optimal usage

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. https://aws.amazon.com/fargate/ 37
Containers- Summary
If you want to... Consider using Because...

Store, encrypt, and manage ECR compresses and encrypts your container images, making them fast to start and
Amazon ECR
container images available to run anywhere.

Amazon Elastic Container Service (Amazon ECS) is a fully managed container

Run containerized applications or
Amazon ECS orchestration service that provides the most secure, reliable and scalable way to run
build microservices
containerized applications.

Amazon Elastic Kubernetes Service (Amazon EKS) is a fully managed Kubernetes

Manage containers with
Amazon EKS service that provides the most secure, reliable, and scalable way to run containerized
Kubernetes
applications using Kubernetes.

AWS Fargate is a serverless compute engine for containers that works with both
Run containers without managing Amazon Elastic Container Service (ECS) and Amazon Elastic Kubernetes Service
servers AWS Fargate (EKS). Fargate removes the need to provision and manage servers, lets you specify
and pay for resources per application, and improves security through application
isolation by design.

Run containers with server-level EC2 virtual machines gives you control of your server clusters and provide a broad
Amazon EC2
control range of customization options.

Containerize and migrate existing AWS App2Container (A2C) is a software tool for modernizing .NET and Java
AWS App2Container
applications applications into containerized applications.
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. https://aws.amazon.com/fargate/ 38
AWS Lambda

• Stateless compute service that runs code in response to an event

• Triggers in milliseconds
• Billed in 100 ms increments – pay only for what you use
• No virtual servers required
• Use cases:
• Building modular, scalable, lightweight applications
• Serverless data processing on demand
• Use AWS Step-Functions to orchestrate Lambda architectures
• Perform data validation, filtering, sorting, or other transformations
• Image thumb-nailing, in-app activity, website clicks, or output from
devices https://aws.amazon.com/lambda/
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 39
AWS foundational services

AWS Compute AWS Storage AWS Networking AWS Database AWS Security AWS Management

Amazon Amazon Amazon Amazon Amazon Amazon Amazon Amazon AWS AWS AWS AWS
EC2 Elastic S3 EBS ELB Route 53 RDS Aurora IAM WAF CloudWatch CloudTrail
Container Glacier
Service

Amazon Amazon Amazon Amazon Amazon AWS AWS AWS AWS

Amazon AWS
S3 ALB VPC Dynamo DB ElastiCache KMS Shield CloudFormation Config
EC2 Auto Lambda
Scaling

AWS Amazon AWS Systems

Direct VPN Manager
Connect

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 40
Amazon Elastic Block Storage

• Block storage volumes for use with Amazon EC2 instances

• Persistent storage attached to EC2 instances as native disk
• Formatted using a standard OS file system (such as ext4 or NTFS)
• Scalable, high-performance storage for applications
• Use cases
• Boot/root volumes for EC2 instances
• Data volumes for enterprise applications such as SAP, Microsoft Exchange, and
Microsoft SharePoint
• Relational or NoSQL databases supporting millions of users

https://aws.amazon.com/ebs/
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 41
Amazon Simple Storage Service
(Amazon S3)
• Highly scalable, reliable, fast, durable object storage
• Store and retrieve any amount of data from anywhere on the web
using HTTP or HTTPS
• Workhorse service that serves many purposes
• Use cases:
• Application file hosting
• Backup for disaster recovery
• Static web hosting
• Streaming data
• Data lakes
https://aws.amazon.com/s3/
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 42
Storage classes on Amazon S3

Standard – One Zone – Amazon S3 Amazon S3

Standard Infrequent Access Infrequent Access Glacier Glacier
Deep Archive

Active data Infrequently accessed data Archived data

Amazon S3 Intelligent-Tiering

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 43
Amazon S3 One Zone-IA

• S3 storage class built for easily re-creatable data

• Designed in a single Availability Zone
• Still 99.9999999% durable but less available and resilient – for 20%
less cost

Use it for:
• Mobile or enterprise backup data
• Offsite compliance data
• Disaster recovery data
• Derived analysis data

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 44
 Amazon S3 for data lakes
Catalog & Search Access & User Interface
Access & Search Metadata Give your users easy & secure access

Amazon Amazon IAM Amazon

Amazon ES Cognito
DynamoDB API Gateway
Data Ingestion
Get your data into S3 Processing & Analytics
quickly and securely Use predictive and prescriptive
Central Storage analytics to gain better understanding

Amazon Kinesis AWS AWS AWS Database Amazon Amazon Amazon Amazon
Data Firehose Direct Connect Snowball Migration Service Amazon AWS Lake Athena QuickSight EMR Redshift
S3 Formation

Protect & Secure

Use entitlements to ensure data is secure and users identities are verified

AWS STS Amazon AWS AWS Key

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. CloudWatch CloudTrail Management 45
Service
Amazon S3 Glacier and
S3 Glacier Deep Archive
• Long-term, secure, durable Amazon S3 object storage classes
for data archiving
• Minutes to hours to begin accessing stored data
• Extremely low cost
• Use cases:
• Long-term storage
• Data archiving
• Data lifecycle automation

https://aws.amazon.com/glacier/
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 46
AWS foundational services

AWS Compute AWS Storage AWS Networking AWS Database AWS Security AWS Management

Amazon Amazon Amazon Amazon Amazon Amazon Amazon Amazon AWS AWS AWS AWS
EC2 Elastic S3 EBS ELB Route 53 RDS Aurora IAM WAF CloudWatch CloudTrail
Container Glacier
Service

Amazon Amazon Amazon Amazon Amazon AWS AWS AWS AWS

Amazon AWS
S3 ALB VPC Dynamo DB ElastiCache KMS Shield CloudFormation Config
EC2 Auto Lambda
Scaling

AWS Amazon AWS Systems

Direct VPN Manager
Connect

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 47
Amazon Virtual Private Cloud

• Isolated virtual subnets in the AWS Cloud

• Secure, performant, highly configurable
• Support rich security
• Use cases:
• Host both public and private resources
• Organize/isolate applications components
• Isolate resources by logical entity, group, sensitivity, or function
• Extend on-premises networks into the cloud

https://aws.amazon.com/vpc/
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 48
Amazon VPC

• Your own logically isolated section in the Amazon VPC

AWS Cloud.
• By default, your VPC has no access to the internet,
nor are instances addressable from the internet.
• You have complete control over your virtual
networking environment.
• Proven and well-understood networking concepts:
• User-defined IP address range
• Subnets
• Route tables
• Access control lists
• Network gateways
• A way to gain agility as well as additional security

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 49
VPCs as strategy
AWS Cloud
Prod Like any production application,
VPC AWS solutions should be
deployed in a landscape of
multiple environments

AZ A
• Each environment should be
Test
in its own Amazon VPC.
Availability zone A

VPC
• At a minimum, consider

AZ A
production and development
NAT | Bastion VPC environments.
VPC
peering • Can make sense to add
Dev
Availability zone B

VPC environments for test, future

Security
appliances for development (“dev+1”),
monitoring,
logging, etc. AZ A
staging, and other purposes.
• Remember, AWS
environments with
intermittent use (such as test)
can be stopped when not in
AZ A

use, helping to limit costs.

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 50
Amazon VPC data center connectivity

Connect to resources in your VPC:

• Over the internet
• Virtual private network (VPN) using IPsec, which can be configured in
minutes
• AWS Direct Connect, which is a service provided by AWS Partner
Network (APN) Partners
• Private link
• Elastic network interface

https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/endpoint-service.html
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 51
Elastic Load Balancing (ELB)

• Automatically distributes incoming application traffic

• Incorporates new resources as applications scale, automatically
• Detects and accommodates application faults
• Pools AWS Cloud and on-premises resources seamlessly
• Integrates with other AWS services
• Route 53
• Internet Gateway
• Identity and Access Management

https://aws.amazon.com/elasticloadbalancing/
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 52
Load balancer options

Application Load Balancer Network Load Balancer Classic Load Balancer

• Best suited for HTTP/HTTPS • Best suited for TCP/UDP/TLS • Provides basic load balancing
• Provides advanced request • Operates at the connection across EC2 instances
routing level (Layer 4) • Operates at both the request
• Targeted for modern • Capable of handling millions level and connection level
architectures including of requests per second • Intended for applications built
microservices and containers • Optimized for sudden and in EC2-Classic network
• Operates at the individual volatile traffic patterns
request level (Layer 7)
• Routes traffic based on the
content of the request

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 53
Amazon CloudFront

• Content delivery network (CDN) with optimization

• Distribute content to end users with low latency and high data
transfer rates
• Broad, geographic presence beyond AWS Regions
• Accelerate data uploaded from end users
• Use cases:
• Accelerating web application performance
• Caching static web content and frequent database query results
• Offloading TLS termination

https://aws.amazon.com/cloudfront/
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 54
Amazon Route 53

• Global Domain Name System (DNS) service

• Highly available and scalable – 100% availability SLA
• Critical tool integrated with many AWS services
• Use cases:
• Optimized routing
• Failover
• Geolocation compliance
• Integrated with other AWS services
• Micro-segmentation

https://aws.amazon.com/route53/
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 55
AWS foundational services

AWS Compute AWS Storage AWS Networking AWS Database AWS Security AWS Management

Amazon Amazon Amazon Amazon Amazon Amazon Amazon Amazon AWS AWS AWS AWS
EC2 Elastic S3 EBS ELB Route 53 RDS Aurora IAM WAF CloudWatch CloudTrail
Container Glacier
Service

Amazon Amazon Amazon Amazon Amazon AWS AWS AWS AWS

Amazon AWS
S3 ALB VPC Dynamo DB ElastiCache KMS Shield CloudFormation Config
EC2 Auto Lambda
Scaling

AWS Amazon AWS Systems

Direct VPN Manager
Connect

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 56
Amazon Relational Database Service

• Managed service including support for Amazon Aurora,

PostgreSQL, MySQL, MariaDB, Oracle Database, and SQL Server
• Handles time-consuming database management tasks, such as
backups, patch management, and replication
• Works with existing code, applications, and tools
• Use cases:
• Any applications requiring a relational database
• Improving database performance, availability, and scalability

https://aws.amazon.com/rds/
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 57
Amazon Aurora

• MySQL/PostgreSQL-compatible relational database service

• Part of Amazon RDS
• Higher performance than standard MySQL and PostgreSQL
• High availability without complex server management
• Scales and optimizes storage automatically
• Use cases
• Any application that uses a relational database
• Replace on-premises or AWS EC2-hosted MySQL or PostgreSQL

https://aws.amazon.com/rds/aurora/
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 58
Amazon DynamoDB

• Fast, flexible, fully managed, NoSQL database service

• Single-digit millisecond latency at any scale
• Highly available, replicated across multiple Availability Zones and
between Regions
• Use cases:
• High-performance database applications
• Ad tech
• Big data
• Gaming
• Mobile/Internet of Things (IoT)
https://aws.amazon.com/dynamodb/
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 59
Amazon ElastiCache

• Fully managed, open source compatible, Redis and Memcached

service
• Improves performance by retrieving data from high-throughput and
low-latency, in-memory data stores
• Use cases:
• Gaming
• Ad tech
• Financial services
• Healthcare
• IoT

https://aws.amazon.com/elasticache/
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 60
AWS foundational services

AWS Compute AWS Storage AWS Networking AWS Database AWS Security AWS Management

Amazon Amazon Amazon Amazon Amazon Amazon Amazon Amazon AWS AWS AWS AWS
EC2 Elastic S3 EBS ELB Route 53 RDS Aurora IAM WAF CloudWatch CloudTrail
Container Glacier
Service

Amazon Amazon Amazon Amazon Amazon AWS AWS AWS AWS

Amazon AWS
S3 ALB VPC Dynamo DB ElastiCache KMS Shield CloudFormation Config
EC2 Auto Lambda
Scaling

AWS Amazon AWS Systems

Direct VPN Manager
Connect

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 61
AWS Identity and Access Management
(IAM)
• Core AWS security service
• Create and manage AWS users, roles, and groups AWS Identity and
Access Management
• Manage fine-grained access control to AWS resources, (IAM)
such as control what operations a user or service can
perform
• Integrates with Microsoft Active Directory using SAML
identity federation and AWS Directory Service (AD
Connector)
• Allows scalable, consistent security and auditability
• Multifactor authentication supported
https://aws.amazon.com/iam/
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 62
AWS principals
Account Owner ID (Root Account)
• Access to all subscribed services
• Access to billing
• Access to console and APIs
• Access to Customer Support

IAM Users, Groups, and Roles

• Access to specific services
• Access to console and/or APIs
• Access to Customer Support (Business and Enterprise)

Temporary Security Credentials

• Access to specific services
• Access to console and/or APIs
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 63
AWS Key Management Service
(AWS KMS)
• Managed service that simplifies management and
use of encryption keys
AWS Key Management
• Integrated with many AWS services Service

• Integrated with AWS CloudTrail to provide auditable

logs of key usage for regulatory and compliance activities

https://aws.amazon.com/kms/
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 64
AWS Shield

• Guards against distributed denial of service (DDoS) attacks

• AWS Shield Standard
• Addresses common layer 3-4 DDoS incidents
• Monitors network flows for quick attack detection
• Mitigates service impacts automatically
• AWS Shield Advanced
• Enhanced DDoS detection and response
• Supports customized rules against sophisticated attacks
• Includes AWS DDoS Response Team 24x7
• Covers cost of increased resource usage due to attack
https://aws.amazon.com/shield/
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 65
AWS foundational services

AWS Compute AWS Storage AWS Networking AWS Database AWS Security AWS Management

Amazon Amazon Amazon Amazon Amazon Amazon Amazon Amazon AWS AWS AWS AWS
EC2 Elastic S3 EBS ELB Route 53 RDS Aurora IAM WAF CloudWatch CloudTrail
Container Glacier
Service

Amazon Amazon Amazon Amazon Amazon AWS AWS AWS AWS

Amazon AWS
S3 ALB VPC Dynamo DB ElastiCache KMS Shield CloudFormation Config
EC2 Auto Lambda
Scaling

AWS Amazon AWS Systems

Direct VPN Manager
Connect

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 66
Amazon CloudWatch

• Monitoring service for AWS Cloud resources and applications

• Collect and track metrics, monitor log files, and set alarms
• Automate response to operational changes with CloudWatch Events
• Gain visibility into resource use, application performance, and
operational health
• Set alarms to send notifications or take other automated actions
• Supports custom dashboards
• Use cases:
• Cost management
• Billing alerts https://aws.amazon.com/cloudwatch/
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 67
AWS CloudTrail

• Managed service that records all AWS API calls for

your account
• Records information about API calls to AWS service AWS CloudTrail

• Delivers results in log files for automatic response

• Use cases:
• Security, alerting
• Compliance
• Troubleshooting
• Remediation

https://aws.amazon.com/cloudtrail/
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 68
AWS CloudFormation

• Service to create and manage a collection of related

AWS resources
AWS CloudFormation
• Describe sets of AWS resources using template file
• Customize values for different application environments and Regions
• Maintain and update infrastructure as code (IaC)
• Use cases
• Standardize application deployments for scale and consistency
• Test, design, and automatically roll back newly provisioned resources
• Replicate service architectures globally in minutes

https://aws.amazon.com/cloudformation/
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 69
AWS Config
Managed service for tracking AWS inventory, configuration, and change notification

Amazon

AWS Config
Amazon
EC2 EBS

Amazon AWS
VPC CloudTrail

Security Audit Change

Troubleshooting Discovery
analysis compliance management
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 70
Popular AWS Marketplace vendors by
category

https://aws.amazon.com/marketplace
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 71
 Module 4 – The AWS
Well-Architected Framework

72
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS Well-Architected Framework

• Increases awareness of architectural best practices

• Addresses foundational areas that are often neglected
• Consistent methodology for evaluating architectures
• Composed of:
• Pillars
• Design principles
• Questions

https://aws.amazon.com/architecture/well-architected
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 73
AWS Well-Architected Pillars

Operational Security Reliability Performance Cost

excellence efficiency optimization

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 74
Operational excellence (OE)

The ability to run and monitor systems to deliver business

value and continually improve supporting processes and
procedures
• Prepare
• Operate
• Evolve

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 75
Question: Operational excellence

Item Example

Pillar Area Prepare

Question Text How do you determine what your priorities are?

Everyone needs to understand their part in enabling business success. Have shared
Question Context goals in order to set priorities for resources. This will maximize the benefits of your
efforts.
Implement the minimum number of architecture standards for your workloads.
Balance the cost to implement a standard against the benefit to the workload and the
Best Practices burden upon operations. Reduce the number of supported standards to reduce the
chance that lower-than-acceptable standards will be applied by error. Operations
personnel are often constrained resources.
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 76
Security

The ability to protect information, systems, and assets while

delivering business value through risk assessments and
mitigation strategies.
• Identity and access management
• Detective controls
• Infrastructure protection
• Data protection
• Incident response

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 77
Question: Security

Item Example

Pillar Area Incident Response

Question Text How do you respond to an incident?

Preparation is critical to timely investigation and response to security incidents to help

Question Context
minimize potential disruption to your organization.

Detailed logging is available that contains important content, such as file access and
Best Practices
changes.

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 78
Reliability

The ability of a system to recover from infrastructure or

service failures, dynamically acquire computing resources
to meet demand, and mitigate disruptions such as
misconfigurations or transient network issues
• Foundations
• Change management
• Failure management

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 79
Question: Reliability

Item Example

Pillar Area Failure Management

Question Text How does your system withstand component failures?

If your workloads have a requirement, implicit or explicit, for high availability and low
Question Context mean time to recovery (MTTR), architect your workloads for resilience and distribute
your workloads to withstand outages.

A key to managing failure is the frequent and automated testing of systems to cause
Best Practices
failure, and then observe how they recover.

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 80
Performance efficiency (PE)

The ability to use computing resources efficiently to meet

system requirements, and to maintain that efficiency as
demand changes and technologies evolve
• Selection
• Review
• Monitoring
• Tradeoffs

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 81
Question: Performance efficiency
Item Example

Pillar Area Selection

Question Text How do you select your database solution?

The optimal database solution for a system varies based on requirements for
availability, consistency, partition tolerance, latency, durability, scalability, and
query capability. Many systems use different database solutions for various sub-
Question Context
systems and enable different features to improve performance. Selecting the
wrong database solution and features for a system can lead to lower
performance efficiency.

It is critical to consider the access patterns of your workload, and also to

Best Practices consider if other non-database solutions could solve the problem more
efficiently (such as using a search engine or data warehouse).
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
82
Cost optimization (CO)

The ability to avoid or eliminate unneeded cost or

suboptimal resources
• Cost-effective resources
• Matched supply and demand
• Expenditure awareness
• Optimizing over time

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 83
Question: Cost optimization
Item Example

Pillar Area Cost-Effective Resources

Question Text How do you evaluate cost when you select services?

Amazon EC2, Amazon EBS, and Amazon S3 are building-block AWS services. Managed
services, such as Amazon RDS and Amazon DynamoDB, are higher level, or application
level, AWS services. By selecting the appropriate building blocks and managed
Question Context
services, you can optimize this workload for cost. For example, using managed
services, you can reduce or remove much of your administrative and operational
overhead, freeing you to work on applications and business-related activities

By factoring in cost during service selection, and using tools such as Cost Explorer and
Best Practices AWS Trusted Advisor to regularly review your AWS usage, you can actively monitor
your usage and adjust your deployments accordingly.
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 84
Design principles

The Well-Architected Framework has identified a set of design

principles to facilitate good design in the cloud:
• General design principles
• Pillar-specific design principles

Enable traceability: Log and audit all actions and changes to your
environment. Automatically respond and take action.

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 85
Value proposition

Help customers:
• Apply consistent approach to reviewing architectures
• Understand and reduce risk in their architecture
• Learn best practices
• Influence future architectures
• Accelerate cloud migration

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 86
AWS Well-Architected Tool

AWS Well-
Architected Tool 2

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 87
Resources

• AWS Well-Architected Framework whitepaper

• Pillar-specific whitepapers
• Prescriptive high-level implementation guidance
• Lens whitepapers
• Free online training

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 88
Useful Well-Architected links

• General information
https://aws.amazon.com/well-architected

• Well-Architected whitepaper
http://d0.awsstatic.com/whitepapers/architecture/AWS_Well-
Architected_Framework.pdf

• Digital, Well-Architected course

https://www.aws.training/learningobject/curriculum?id=12049

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 89
 Architecting a Solution on AWS

90
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Guiding principles for AWS SAs

• Cloud migration is a process.

• Customers need your expertise and help.
• Know your customer.
• Know the AWS products and services.
• Act in the customer’s long-term best interest.
• The first architecture is not the final architecture.

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 91
Architect a customer solution

• Understand the business impacts

• Identify the stakeholders
• Determine the line of business – what is the business problem?
• Understand the use case
• Learn how have other customers done it – find a similar case study
and reference architecture

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 92
Manage scope

• Customers are excited about using AWS

• Many stakeholders, many goals
• Focus the conversation on specific deliverables
• Identify applications that are candidates for migration

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 93
Manage scope

• Identify an application’s speeds and feeds

• Understand the business and operational context
• Develop a solution that addresses both of those
• Define measurable, time-bound success criteria
• Deliver!

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 94
 Case Study Detailed Debrief

95
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Capture customer information

What are the customer’s goals?

What requirements did you capture?

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 96
Key functional question

?
For any application, an architect needs to understand the value
that application provides.

• How does this application help the organization fulfill its mission?
Does it…
• Increase revenue?
• Decrease expenses?
• Provide a needed service to stakeholders (customers, suppliers, regulators,
others)?

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 97
Key functional question: Why?

?
• Why is cloud computing the best approach to solving this need?
• Why is using an application to solve this problem in the customer’s best interest?
• Why should this application be in the cloud?

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 98
Define requirements

Functional requirements define what an application does

INPUT APPLICATION OUTPUT

What are the inputs to the application? What are the outputs from the
Is data generated by humans? application? Where is the output
By machines? A mixture? to be sent?
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 99
Define requirements

Non-functional requirements define how the application operates

Durability, reliability, Management and Performance,

and business monitoring scalability,
continuance and elasticity

Usability and Security, compliance, and Documentation

globalization privacy
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 100
Key non-functional question: How?

• How will the application meet performance, scalability, and elasticity

requirements?
• How is performance measured?
• How do needs change over time?
• How will the application be managed and monitored?
• How do you know if the application is working?
• How do you deal with problems?
• How will the application provide durability, reliability, and business
continuance?
• What is the uptime requirement?
• How will the application meet it?
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 101
Key non-functional question: How?

• How will the application be secured?

• How will it meet standards for compliance and privacy?
• How will you know if the application is secure?
• How will the application provide usability and globalization?
• How will you support users with special needs (vision, mobility, cognitive
challenges)?
• How will you support languages other then English?
• Which languages will you support?
• Documentation
• How will you keep information about the application accurate and up to date?

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 102
 Proposed CSI Solution Architecture

103
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Apply Well-Architected Pillars

Operational Security Reliability Performance Cost

excellence efficiency optimization

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 104
Proposed CSI solution architecture
Cloud Migrated
AWS Cloud Availability zone A
Public Subnet Web Tier App Tier Data Tier
Private Subnet Private Subnet Private Subnet
Example
Services:
RDGW
NAT
ISD/WAF

Users

Internet

Admin

Services: Services:
Services: EC2 EC2
ELB ECS/EKS ECS/EKS
Guard Duty Fargate Fargate
Shield Advanced Lambda Lambda
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. WAF EBS EBS 105
S3 S3
Proposed CSI solution architecture
Reliability
AWS Cloud Availability zone A
Public Subnet Web Tier App Tier Data Tier
Private Subnet Private Subnet Private Subnet
Example
Services:
RDGW
NAT
ISD/WAF

Users

Replication
Internet
Public Subnet Web Tier App Tier Data Tier
Private Subnet Private Subnet Private Subnet
Example
Services:
RDGW
NAT
ISD/WAF

admin
Availability zone B

Services: Services:
Services: EC2 EC2
ELB ECS/EKS ECS/EKS
Guard Duty Fargate Fargate
Shield Advanced Lambda Lambda
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. WAF EBS EBS 106
S3 S3
Proposed CSI solution architecture
Performance Efficiency
AWS Cloud Availability zone A
Public Subnet Web Tier App Tier Data Tier
Private Subnet Private Subnet Private Subnet
Example
Services:
RDGW
NAT
ISD/WAF

Users

Replication
Auto Scaling Auto Scaling
group group
Internet
Public Subnet Web Tier App Tier Data Tier
Private Subnet Private Subnet Private Subnet
Example
Services:
RDGW
NAT
ISD/WAF

admin
Availability zone B

Services: Services:
Services: EC2 EC2
ELB ECS/EKS ECS/EKS
Guard Duty Fargate Fargate
Shield Advanced Lambda Lambda
WAF
AWS
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. EBS EBS
CloudFormation 107
S3 S3
Proposed CSI solution architecture
Cost Optimization
AWS Cloud Availability zone A
Public Subnet Web Tier App Tier Data Tier
Private Subnet Private Subnet Private Subnet
Example
Services:
RDGW
NAT
ISD/WAF
Reserved Reserved

Users On-Demand On-Demand

Replication
Auto Scaling Auto Scaling
group group
Internet
Public Subnet Web Tier App Tier Data Tier
Private Subnet Private Subnet Private Subnet
Example
Services:
RDGW
NAT
ISD/WAF
Reserved Reserved

admin On-Demand On-Demand

Availability zone B

Services: Services:
Services: EC2 EC2
ELB ECS/EKS ECS/EKS
Guard Duty Fargate Fargate
Shield Advanced Lambda Lambda
WAF
AWS
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. EBS EBS
CloudFormation 108
S3 S3
Proposed CSI solution architecture
Security
AWS Cloud Availability zone A
Public Subnet Web Tier App Tier Data Tier
Private Subnet Private Subnet Private Subnet
Example
Services: Web Security Group App Security Group Data Security Group
RDGW
NAT
ISD/WAF
Reserved Reserved

Users On-Demand On-Demand

Replication
Auto Scaling Auto Scaling
group group
Internet
Public Subnet Web Tier App Tier Data Tier
Private Subnet Private Subnet Private Subnet
Example AWS KMS
Services:
RDGW
NAT
ISD/WAF
Reserved Reserved

admin On-Demand On-Demand

IAM AWS WAF AWS
Shield
Availability zone B

Services: Services:
Services: EC2 EC2
ELB ECS/EKS ECS/EKS
Guard Duty Fargate Fargate
Shield Advanced AWS AWS
Lambda Lambda AWS
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. WAF 109
EBS EBS CloudFormation CloudTrail Config
S3 S3
Proposed CSI solution architecture
Operational Excellence
AWS Cloud Availability zone A
Public Subnet Web Tier App Tier Data Tier
Private Subnet Private Subnet Private Subnet
Example
Services: Web Security Group App Security Group Data Security Group
RDGW
NAT
ISD/WAF
Reserved Reserved

Users On-Demand On-Demand

Replication
Auto Scaling Auto Scaling
group group
Internet
Public Subnet Web Tier App Tier Data Tier
Private Subnet Private Subnet Private Subnet
Example
Services: AWS KMS
RDGW
NAT
ISD/WAF
Reserved Reserved

admin On-Demand On-Demand

IAM AWS WAF AWS
Availability zone B Shield

Services: Services:
Services: EC2 EC2
ELB ECS/EKS ECS/EKS
Guard Duty Fargate Fargate
Shield Advanced Lambda Lambda
WAF AWS Amazon AWS AWS AWS
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. EBS EBS
CloudFormation 110
Config
S3 S3
CodeStar CloudWatch CloudTrail
Proposed CSI solution architecture
CloudFormation template Availability zone A
Public Subnet Web Tier App Tier Data Tier
Private Subnet Private Subnet Private Subnet
Example
Services: Web Security Group App Security Group Data Security Group
RDGW
NAT
ISD/WAF
Reserved Reserved

Users On-Demand On-Demand

Replication
Auto Scaling Auto Scaling
group group
Internet
Public Subnet Web Tier App Tier Data Tier
Private Subnet Private Subnet Private Subnet
Example
Services: AWS KMS
RDGW
NAT
ISD/WAF
Reserved Reserved

admin On-Demand On-Demand

IAM AWS WAF AWS
CloudFormation template Availability zone B Shield

Services: Services:
Services: EC2 EC2
ELB ECS/EKS ECS/EKS
Guard Duty Fargate Fargate
Shield Advanced Lambda Lambda
WAF AWS Amazon AWS AWS AWS
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. EBS EBS
CloudFormation 111
Config
S3 S3
CodeStar CloudWatch CloudTrail
Iterate. Invent and simplify. Innovate.

• Microservices – Containers, AWS Lambda

• Big Data – Amazon S3, Amazon EMR, Amazon ML
• DevOps and CI/CD – AWS CodeStar
• Database – Amazon DynamoDB, Amazon ElastiCache
• Manageability and Scale - AWS CloudFormation
• Security – Amazon GuardDuty, AWS WAF, Micro-segmentation,…
• Performance and Global Reach - Amazon CloudFront, TLS offload,
localization…
• Amazon EC2 pricing – Reserve Instances, Spot, On-Demand

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 112
 Builders welcome

• AWS Free Tier

https://aws.amazon.com/free/
• Check out your SDK of choice
https://aws.amazon.com/tools/
• Go build something!

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 113
Next step: Advance your technical skills

YOU
ARE
HERE

https://aws.amazon.com/partners/training/path-tech-pro/
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 114
AWS Certifications

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 115
AWS Well-Architected

• AWS Well-Architected Framework whitepaper

• Pillar-specific whitepapers, which provide prescriptive high-level
implementation guidance
• Lens whitepapers
• Free online training

https://aws.amazon.com/well-architected

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 116
 Available security training

Security Fundamentals on AWS

(Free online course)

Security Operations on AWS

(3-day class)

Details at aws.amazon.com/training

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 117
AWS Cloud Security

Comprehensive security portal to provide a variety of security notifications,

information and documentation.

Security whitepapers
• Overview of Security Process
• AWS Risk and Compliance
• AWS Security Best Practices
Security Bulletin
Security Resources
Vulnerability Reporting
Penetration Testing
Requests
Report Suspicious Emails

http://aws.amazon.com/security
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 118
AWS announcements and updates

• AWS: What’s New? http://aws.amazon.com/new

• AWS blog – https://aws.amazon.com/blogs/aws
• AWS podcast – https://aws.amazon.com/podcasts/aws-podcast
• APN blog – https://aws.amazon.com/blogs/apn
• This is MY Architecture YouTube channel –
https://aws.amazon.com/this-is-my-architecture
• AWS loft schedule – https://aws.amazon.com/start-ups/loft
• @awscloud twitter – https://twitter.com/awscloud

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 119
Suggested reading

• AWS Certified Solutions Architect Official Study Guide: Associate Exam

• Ahead in the Cloud: Best Practices for Navigating the Future of Enterprise IT

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 120
Thank You!

© 2020 Amazon Web Services, Inc. or its affiliates. All rights reserved. This work may not be reproduced or redistributed, in whole or in part, without prior written permission
from Amazon Web Services, Inc. Commercial copying, lending, or selling is prohibited. Corrections or feedback on the course, please email us at: aws-course-
[email protected]. For all other questions, contact us at: https://aws.amazon.com/contact-us/aws-training/. All trademarks are the property of their owners.

121