Module 1 - Migrate On Premises To The Cloud

Download as pdf or txt
Download as pdf or txt
You are on page 1of 51

AWS Developer Essentials

AWS Training and Certification

Guilherme Hasse
[email protected]
AWS Partner Trainers Mgr. - Latam
Avisos
AWS Cloud & Core Services
LABS serão executados no aws.qwiklabs.com

Abra sua conta utilizando o email @everis.

Você receberá um email de ativação da conta.

Internet

Treinamento é das 18:00 às 21:30.


Pausa das 19:30 às 20:00.
Course Agenda
AWS Cloud & Core Services
Welcome and Introductions

Module 1: Migrate On Premise to the Cloud

Lab 1 - Deploying WebApp As-Is on the Cloud

Module 2: Automating the Development Pipeline

Lab 2 - Automating your DevOps

Module 3: Increasing Agility with Microservices

Lab 3 - Breaking the Monolith - Containers and DevOps

Module 4: Decreasing maintenance and costs – Go Serverless

Lab 4 - No Servers! Lambda and DevOps


Migrate existing On-Premises
Applications
What is AWS?
AWS provides a highly reliable, scalable, low-cost infrastructure platform in the cloud that
powers millions of businesses in 190 countries around the world.

Agility Elasticity Cost savings Deploy globally in


minutes

5
AWS Global Reach
AWS Global Infrastructure
24 Geographical Regions, 5 Local Region, 77 Availability Zones, 220+ PoPs

Region & Number of Availability Zones (AZs)


GovCloud (US) Europe
US-East (3), US-West (3) Frankfurt (3)
Ireland (3)
US West London (3)
Oregon (4) Paris (3)
Northern California (3) Stockholm (3)

US East Asia Pacific


N. Virginia (6), Ohio (3) Singapore (3), Sydney (3),
Tokyo (4), Osaka-Local (1)*
Canada Seoul (2), Mumbai (2)
Central (2) Hong Kong SAR (3)

South America China


São Paulo (3) Beijing (2), Ningxia (3)

Announced Regions
Six Regions and 18 AZs in Australia, India, Indonesia, Japan, Spain, Switzerland.

* Available to select AWS customers who request access. Customers wishing to use the Asia Pacific (Osaka) Local Region should speak with their sales representative.
8
AWS Region Design
AWS Regions are comprised of multiple AZs for high availability, high scalability, and high
fault tolerance. Applications and data are replicated in real time and consistent in the
AWS Availability Zone (AZ)
different Azs
AWS Region

Transit AZ

AZ AZ

Transit AZ

A Region is a physical location in the Availability Zones consist of one or more discrete data
world where we have multiple Availability centers, each with redundant power, networking, and
Zones. connectivity, housed in separate facilities.

9
Availability Zones
 Region is comprised of multiple Availability Zones

 Isolation from other Availability Zones (power, network, flood plains)

 Low latency (<10mS) direct connect between Availability Zones

 1 AZ can include multiple data centers


Region us-east-1 (N.Virginia)
 Physical Separation < 100km
Availability Zone Availability Zone Availability Zone

us-east-1a us-east-1b us-east-1c

11
Amazon EC2
Amazon EC2
Linux | Windows

ARM and x86 architectures

General purpose and workload optimized

Bare metal, disk, networking capabilities


Amazon EC2
Packaged | Custom | Community AMIs

Multiple purchase options: On-demand, RI, Spot

13
EC2 Terminology

Instance VPC VPC

AMI
EBS EBS EBS EBS EBS EBS

AZ Availability Zone
Virtual Machine Running or
Configuration Stopped VM
EBS
S3 Buckets
Snapshots
Amazon S3

Region

14
Instance Types

NEW
Amazon R5
T3 M5 D2 H1 R5 X1 X1e I3 I3m C5 G3 P3 F1 Z1d Z1 dm
Lightsail m

Virtual Burstable General Dense Big Data Memory Optimized In- Memory High I/O Bare Compute Graphics General FPGA Compute and
Private Purpose Storage Optimized memory Intensive Metal Intensive Intensive Purpose Memory Intensive
Servers High I/O GPU

EC2 Elastic GPUs EC2 Fleet


• Graphics acceleration • Simplified provisioning
for EC2 instances • Massive scale
• Flexible capacity allocation

20
Purchasing options at a glance
On-Demand Reserved Spot
Instances Instances Instances
Pay for compute capacity by the Make a low, one-time payment Bid for unused capacity,
hour with no long-term and receive a significant charged at a spot price which
commitments discount on the hourly charge fluctuates based on supply
and demand

For Spiky workloads or to For committed utilization For time-insensitive or


define needs transient workloads

21
Amazon EBS
What is Amazon EBS?

EC2
instance

• Block storage as a service


• Create, attach volumes through an API
• Service accessed over the network
!=
EBS
volume

23
Amazon EBS volume types

SSD HDD

Gp2/Gp3 Io1/Io2 st1 sc1


General Purpose Provisioned IOPS Throughput Cold HDD
SSD SSD Optimized HDD

24
Amazon VPC
Amazon VPC - Virtual Private Cloud
Provision a logically isolated section of the AWS Cloud where you can launch AWS resources
in a virtual network that you define.

Bring your own network

IP Addresses Subnets Network Topology Routing Rules Security Rules

27
VPC Building Blocks
How to segment networks inside a VPC?
VPC Subnets

VPC 10.0.0.0/16

Availability Zone A Availability Zone B

Subnet A1 Subnet B1
• You can add one or more subnets in each
Availability Zone 10.0.0.0/24 10.0.2.0/24

• AZs provides fault isolations Subnet A2 Subnet B2

• Subnets are allocated as a subset of the 10.0.1.0/24 10.0.3.0/24


VPC CIDR range

30
How to direct traffic out of my Subnets?
Subnets and Route Tables VPC

• Each subnet can have a unique Route Table Internet gateway

• Route Tables direct traffic out of the VPC,


towards:
Public subnet

• Internet Gateway VPC

• Virtual Private Gateway


Route table
Public subnet
• VPC Endpoints

• Direct Connect
Router

• VPC Peering Private subnet


Route table

• AWS Transit Gateway


Corporate data center
• Subnets are named “Public Subnes” when
connected to an Internet Gateway Route table

31
How to connect my VPC to the Internet?
Internet Gateway
Internet

VPC

Internet gateway

• Horizontally scaled, redundant, highly Public subnet


available VPC component
Private IP: 10.0.0.1
• Connect your VPC Subnets to the Internet Public IP: 198.51.100.2
EC2
• Must be referenced on the Route Table Instance
Route table

• Performs NAT between Public and Private


IP Addresses Private subnet

Private IP: 10.1.1.1


EC2
Instance
Route table

32
Can I have outbound only Internet access?
NAT Gateway
Internet

VPC
• Enable outbound connection to the
internet Internet gateway

• No incoming connection - useful for


OS/packages updates, public web services Public subnet

access
• Fully managed by AWS EC2 NAT
Instance gateway
• Highly available
• Up to 10Gbps bandwidth Private subnet

• Supports TCP, UDP, and ICMP protocols


Private IP: 10.1.1.1
• Network ACLs apply to NAT gateway’s EC2
traffic Instance
Route table

34
VPC Security
Can I filter traffic reaching
VPC

my instances?
Internet gateway

HTTPS
(TCP 443)

Security Groups Security group “Web ELB”

• Virtual stateful firewall


• Inbound and Outbound customer defined Elastic Load Balancing (ELB)
rules “Web ELB”
HTTP
• Instance/Interface level inspection (TCP 80)
Security group “Web Tier”
• Micro segmentation

• Mandatory, all instances have an associated Web Server Web Server

Security Group Amazon EC2

• Can be cross referenced “Web Tier”


MySQL
(TCP 3306)
• Works across VPC Peering
Security group “DB Tier”
• Only supports allow rules
• Implicit deny all at the end
MySQL DB
36 Amazon Aurora
Can I filter traffic on a subnet level?
0.0.0.0/0
Network Access Control List HTTPS
(TCP 443)

NACL “External Access”

Inbound and Outbound


Public subnet

• Subnet level inspection Network

Optional level of security


access
• control list Amazon EC2

• By default, allow all traffic


• Stateless 10.0.0.0/16
MySQL
(TCP 3306)
• IP and TCP/UDP port based
Supports allow and deny rules
NACL “Database Access”

Private subnet
• Deny all at the end
Other IPs
Other Ports
Network
access
control list MySQL DB
Amazon Aurora
37
Traffic Distribution
How scale my app horizontally inside my VPC?
Elastic Load Balancing VPC

Internet gateway
• Distributes incoming application or
network traffic across multiple targets Elastic Load Balancing
(ELB)

• EC2 instances
Auto Scaling Group
• Containers
• IP address
EC2 EC2 EC2 EC2
Instance Instance Instance Instance
• Multiple Availability Zones
• Scales automatically Elastic Load Balancing
(ELB)
• Auto Scaling Groups can add or remove
instances as required Auto Scaling Group

• Automatically register to the Load


Balancer EC2 EC2 EC2 EC2
Instance Instance Instance Instance

39
Auto Scaling
Auto Scaling group
Max

Logical group of instances


for your service
Desired Minimum and maximum bound
for the number of instances that can
be in the Auto Scaling group
Launch or terminate instances
to meet the desired capacity

Min

43
Launch template determines what will launch

• Amazon EC2 instance type


1

• Amazon Machine Image (AMI)


2

• Security groups, SSH keys, AWS Identity 3

and Access Management (IAM) instance


profile

• User data

44
Fully automated bootstrapping
Sample user data
#!/bin/bash

# Install updates
sudo yum update -y;

# Install AWS CodeDeploy agent


cd /home/ec2-user;
curl https://aws-codedeploy-us-east-1.s3.amazonaws.com/latest/install \ -o install &&
chmod +x ./install &&
sudo ./install auto && sudo service codedeploy-agent start;

47
Scaling options
Max

Desired

Manual Scheduled Dynamic Predictive


scaling scaling scaling scaling
New!
Min

48
Amazon RDS
Amazon RDS
Managed relational database service with a choice of popular database
engines

Easy to administer Performant & scalable Available & durable Secure and compliant

Easily deploy and maintain Scale compute Automatic Multi-AZ data Data encryption at rest and
hardware, OS and DB and storage with a few replication; automated in transit; industry
software; built-in monitoring clicks; minimal downtime for backup, snapshots, and compliance and assurance
your application failover programs

55
If you host your databases on-premises
App optimization
Scaling
High availability
Database backups
DB s/w patches
DB s/w installs
OS patches
OS installation
Server maintenance
Rack & stack
Power, HVAC, net

you

60
If you host your databases in Amazon EC2
App optimization
Scaling
High availability
Database backups
DB s/w patches
DB s/w installs
OS patches
OS installation OS installation
Server maintenance Server maintenance
Rack & stack Rack & stack
Power, HVAC, net Power, HVAC, net

you

61
If you choose Amazon RDS
App optimization
Scaling Scaling
High availability High availability
Database backups Database backups
DB s/w patches DB s/w patches
DB s/w installs DB s/w installs
OS patches OS patches
OS installation OS installation
Server maintenance Server maintenance
Rack & stack Rack & stack
Power, HVAC, net Power, HVAC, net

you

62
Monitoring and Logging
AWS CloudWatch
Monitoring services for AWS Resources and AWS -based Applications
What does it do?
Collect and Track Metrics

Monitor and Store Logs

Set Alarms (react to changes)

View Graphs and Statistics

How can you use it?


Monitor CPU, Memory, Disk I/O, Network, etc. CloudWatch Metrics
React to application log events and availability CloudWatch Logs / CloudWatch Events
Automatically scale EC2 instance fleet CloudWatch Alarms
View Operational Status and Identify Issues CloudWatch Dashboards
64
CloudWatch Metrics & Alarms

AWS
Resource

Metric Alarm Action

Your
Custom
Data
CloudWatch

66
CloudWatch Logs + Filter

AWS
Resource

Logs Filter Metric Alarm Action

Your
Custom
Data
CloudWatch

72
AWS CloudTrail
What can you answer using a CloudTrail event?

• Who made the API call?


• When was the API call made?
• What was the API call?
• Which resources were acted up on in the API call?
• Where was the API call made from and made to?

Supported services
http://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-supported-services.html

74
Secrets Manager
AWS Secrets Manager enables customers to
manage, retrieve, and rotate database credentials,
API keys, and other secrets throughout their
lifecycle
Sample command
aws secretsmanager create-secret --name TestApplication/MyTestDatabaseSecret
--description “Upload credentials for my test database from the CLI. Team Isengard
owns this secret."
--secret-string file://mycreds.json

aws secretsmanager get-secret-value --secret-id TestApplication/MyTestDatabaseSecret

80
Rotate secrets safely
• Built-in integrations for rotating all Amazon Relational Database
Service (Amazon RDS)
database types
• Extensible with AWS Lambda
• Use versioning so that applications don’t break
when secrets are rotated
• Pay for the API call; no additional charge for
rotating secrets

Transform a long-term secret in to a short-term secret that is rotated


automatically

82
Questions?
Lab 1
• Go to https://aws.qwiklabs.com
• Login with your account.
• If you don’t have an account, register and then activate the account using the email that you
will receive.
• Start the Lab 1, and read the instructions.
• If you have doubts about the activity, please ask the trainer to receive help.
• You have 45 minutes to complete this lab.

84

You might also like