AWS for Microsoft Workloads

(Technical)
Emiliano Espinoza
AWS Partner Trainer
Agenda

1 Positioning AWS for Microsoft 4 Active Directory on AWS

workloads Using AWS to host all or part of AD
Choosing AWS 5 SQL Server on AWS
2 Designing AWS architectures Running SQL Server
for Microsoft workloads 6 Automating operations
Mapping on-premises services to AWS Building and maintaining server, database,
3 Running Microsoft Windows and directory services automatically
Server on AWS 7 Tools and .NET development
Creating and running virtual servers Building applications that run on the cloud

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 3
Module 1: Positioning AWS for
Microsoft Workloads
Module agenda

• Positioning
• Drivers and challenges
• AWS benefits
• How to assess the current workloads

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Key customer drivers

Microsoft software is widely used by customers of all sizes

• High demand from customers to support

Microsoft workloads
• Amazon EC2 for Windows is now among
the top five AWS services
• EC2 for Windows is growing at 63 percent
globally on AWS

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 6
AWS supports Microsoft
workloads

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 7
AWS services support Microsoft workloads
TECHNICAL AND BUSINESS SUPPORT

Support Professional
services
Optimization
guidance
Technical and business support
APN Partner
ecosystem
Training and
certification
Solutions management
Account
management
Security and billing
reports
Personalized
dashboard

AWS MARKETPLACE

Business applications
Business
intelligence
DevOps tools Security Migration
Networking Databases Storage

ANALYTICS DEVOPS MOBILE SERVICES IOT AI/ML ENTERPRISE APPLICATIONS HYBRID ARCHITECTURE MIGRATION
Amazon One-click application Amazon API Schema
Data warehousing Elasticsearch Rules engine Machine learning Virtual desktops Data integration
deployment Gateway conversion
Service
Single integrated Sharing and Integrated Exabyte-scale
Business intelligence Data pipelines Resource templates Device shadows Image recognition
console collaboration networking data migration

Hadoop/Spark
Analytics
Interactive SQL
queries
Build and test Identity Device SDKs Text to speech Corporate email
Integrated identity
and access
Application
migration

Dev/Ops Enterprise Hybrid Migra-

Streaming data Integrated resource and
Application lifecycle Conversational Database
ETL Sync Device gateway Application streaming deployment
IoT AI/ML
analysis Management interface migration
management
Streaming data
collection
Mobile services DevOps resource
management
Mobile analytics Registry
Deep learning
frameworks apps
Communications architecture
Integrated devices
and edge systems
tion
Server
migration

APPLICATION SERVICES App services Triggers Mobile app testing Local compute Custom model
training and hosting
Queuing and Email Targeted push
notifications Containers
notifications
Workflow Transcoding
Analyze and debug
Search

INFRASTRUCTURE CORE SERVICES SECURITY AND COMPLIANCE MANAGEMENT TOOLS

Compute Storage
VMs, automatic Object, blocks, file, Databases Identity Monitoring Assessment Web application Resource Service Configuration
Regions Access control
Infra- scaling, load archivals, Relational, management and logs and reporting firewall management catalog tracking
NoSQL, caching,

Core services Security and compliance Management tools

balancing, import/export,
containers, virtual exabyte-scale data migration,
Availability Zones
structure private servers,
batch computing,
transfer compatible with
PostgreSQL Configuration
compliance
Key management
and storage
Account
grouping
Resource and
usage auditing
DDOS protection Monitoring
Server
management
Resource
templates
Points of cloud functions, Networking CDN
Presence elastic GPUs, edge VPC, Amazon Direct
computing Connect, DNS

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
https://aws.amazon.com/products/
 10 years of innovation: Windows on AWS
60+
Different AMIs for
Customer Adoption
Windows workloads
Windows Server 2003
SQL Server 2008 R2
Windows Server 2008 R2
SQL Server 2008 R2
.NET SDK WS 2008 and SQL Server 2008 Visual Studio Toolkit
2008 2010
Windows Server 2019
150+
Amazon FSx for Windows
Amazon FSx for Windows File Server Active Directory cross-VPC
Azure to AWS migration tool support
Amazon Elastic Container Service for
Application migration using AWS Server Migration Service
Kubernetes for Windows
Instance types Amazon CloudWatch application insights for .NET and SQL Server
AWS License Manager
SQL Server Performance and
2008 Upgrade
.NET Developer AWS Lambda support for PowerShell Core
30+
Windows Server 1803 Dedicated Host enhancement tag-on
Sessions Manager AWS X-Ray .NET Core support
.NET Developer Hub Amazon DynamoDB Accelerator SDK for .NET
EC2 Windows on Bare Metal/Hyper-V AMI .NET Core 2.1 on Linux AMIs
Instance families Hyper-V support in AWS SMS SQL 2017 AMI AL2/Ubuntu
Windows Deep Learning AMI
.NET Core and Powershell on AL2/Ubuntu
Application-consistent snapshots through VSS
.NET Core 2.1 Support with AWS Lambda and AWS X-Ray
SQL Server 2017
Windows for Amazon Lightsail
.NET on AWS Lambda and AWS CodeBuild
Amazon Systems Manager AWS Trusted Advisor checks for Windows
Microsoft SharePoint 2016 (AWS Marketplace) AWS X-Ray .NET SDK
EC2 Dedicated Hosts (BYOL) Amazon Elastic Container Service for Windows containers
AWS Directory Service Windows Server 2016
SAP instance on AWS 2012 SQL Server 2016 Windows Server and EC2
Windows Server 2012 AWS Systems Manager Run Command
SQL Server 2012 Microsoft SCVMM Plugin
SQL Server
EC2 Dedicated
Instances (BYOL) AWS Tools for Windows PowerShell .NET
Amazon Relational Database Service adds SQL Server
Microsoft SCOM plugin release Application modernization
2012 2014 2016 2018 Today
Premier support for AWS customers

• AWS runs the largest deployment of

Windows servers globally
• Microsoft Premier Support helps
AWS assist end customers
• Business and Enterprise Tier can
escalate directly to Microsoft
Support
• AWS does not share customer
information without permission
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 10
Why AWS?

Secure Familiar

Reliable Cost-effective

High-performance Flexible

Extensive
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 11
AWS global reach

Largest
global
footprint
• Regions
• Availability
zones

https://www.infrastructure.aws/

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 12
Microsoft workloads use cases

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 13
 Microsoft workloads on AWS

AWS Cloud
Run the full array of Skype for
BizTalk Project Server
Microsoft workloads on Business Server
AWS Advanced Threat Remote Desktop SharePoint Microsoft
• Broader selection Analytics Services Server Dynamics
• Deeper capability Core Infrastructure System Center
System Center SQL Server
• AWS Deep Learning Suite Server
AMI for Microsoft Visual Studio Team
Windows Server Visual Studio Exchange Server
Windows Server Foundation Server
• FSx for Windows File Windows Desktop Enterprise
Server R Server Microsoft Office MSDN
Operating System

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 14
Microsoft on AWS use cases
1 2 3 4

Optimize SQL
Modernize .NET
Lift and shift Server and Active Innovate
applications
Directory
Retire technical debt and Increase performance Deploy faster and save Drive digital
increase reliability and resilience money transformation

Breadth, depth, and Flexibility, choice, and a

Easy to get started Many integration points
global reach number of options
SQL Server on Amazon Access to new
Better performance Innovate
EC2 or Amazon RDS technologies
Options to manage Active Move towards a DevOps
Hess case study Business agility
Directory services model

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 15
Windows Server on Amazon EC2

AWS Cloud • Easy to start and manage

Amazon EC2 instances Windows instances
• Use Amazon Machine
Windows Server 2008 Windows Server 2012 R2
Images (AMIs)
Windows Server 2008 R2 Windows Server 2016
• Maintain legacy applications
• Rewrite legacy applications
Windows Server 2012 Windows Server 2019 • Migrate to modern
operating systems

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 16
Running Active Directory
AWS Cloud

Existing on-premises AD DS
Extend extended to the AWS Cloud

Self-managed Cloud-based AD DS
Re-host environment

AWS Directory Service on the AWS

Re-platform Cloud

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 17
Running SQL Server on AWS

Re-host Re-platform Re-factor

SQL Server on SQL Server on Adopting cloud-
Amazon EC2 Amazon RDS native services

• Launch SQL databases by • Managed service that makes • Additional savings and
using Amazon EC2 and it easy to deploy a relational flexibility
Amazon EBS database • Amazon RDS services like
• Manage your own SQL • Automates database Aurora
Server administration tasks • Refactoring tools and
• Maintain security, • Multi-AZ deployments services
management, and control provide automatic failover
• Integrates with IAM

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 18
 Managing operations

AWS AWS Systems Amazon AWS License AWS

CloudFormation Manager CloudWatch Manager OpsWorks
Model and provision Gain operational Gain visibility of your Set rules to manage, Automate
all your cloud insights and take cloud resources and discover, and report Operations with
infrastructure actions on applications software license usage Chef and Puppet
resources resources

19
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Build and run .NET applications on AWS

AWS provides full AWS services for .NET

• Supports features in .NET, .NET Core,
support for .NET and Core 2.1
applications and • Builds modern serverless and DevOps
Windows workloads solutions with AWS Lambda, AWS X-
Ray, AWS CodeStar
• Provides deep integration with Visual
AWS services support Studio and Visual Studio Team Services
the latest .NET, .NET • Provides a range of resources and tools
Core, and Core 2.1 • Offers a GitHub community

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 20
Module summary

In this module, you learned:

• How to position AWS for managing and hosting Microsoft workloads
• Which drivers and challenges lead to using AWS for Microsoft
workloads, and the benefits AWS provides
• How to assess the current workloads to find cost savings when
moving to AWS

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 22
Module 2: Designing AWS
Architectures for Microsoft
Workloads
Objectives

• Running Microsoft workloads using foundational AWS services

Amazon EC2, Storage services, Networking services, Domain services

• Shared responsibility model

• Security features
Virtual Private Cloud (VPC), Security Groups, Network Access Control Lists,
and firewalls

• Storage options for your Microsoft workloads

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Mapping on-premises services to AWS
Data center to AWS cloud
Elastic
SoftwareLoad Balancing
load balancer

Microsoft
AWSActive Web server
Web server Web
Web server
server
Directory
Directory
server
Service
Elastic Load
Software Balancing
load balancer

SAN
Application
Application Application
Application Application
Application
Amazon Elastic server
server server
server server
server
Storage
Block Store

SQL Server SQL Server Backups to

Amazon RDS
(primary) Amazon RDS
(standby) Backups tape
to Amazon S3
(primary) (standby) or Amazon S3 Glacier
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 26
Mapping on-premises services to AWS
AWS Cloud
Elastic Load
Balancing

AWS Web server Web server

Directory
Service
Elastic Load
Balancing

Application Application Application

Amazon
server server server
Elastic Block
Store

Amazon RDS Amazon RDS Backups to Amazon

(primary) (standby) S3 or Amazon S3
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. Glacier 28
 Shared responsibility model of security

Customer applications and content

Customer
Responsible for Platform, applications, identity, and access management
security in the Operating system, network, and firewall configuration
cloud Client-side data Server-side Network traffic protection
encryption and data encryption (file (encryption/integrity/
integrity authentication system and/or data) identity)

AWS Foundation Services

Responsible for Compute Storage Database Networking

security of the Availability Zones

AWS Global Edge
cloud Infrastructure locations
Regions
© 2018 Amazon Web, Services Inc. or its Affiliates. All rights reserved. Amazon confidential.
 Shared responsibility model of security
Examples
• IIS security Customer applications and content
• Windows OS patching

Customer
Platform, applications, identity, and access management
• Firewall configuration Operating System, network, and firewall configuration
• VPC/VPN
Client-side data Server-side Network traffic protection
• Security groups encryption and data encryption (file (encryption/integrity/
• SSL integrity authentication system and/or data) identity)
• Volume encryption
AWS Foundation Services
Examples Compute Storage Database Networking
• Physical devices
• Network AWS Global Availability Zones Edge
• Transport security Infrastructure Regions locations

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Layered security approach

AWS Cloud
VPC

Secured infrastructure Public/private

subnet
• VPC
• Data centers Network ACL • Subnet
• Hardware infrastructure
• Software infrastructure Security group • Security Group
• Network infrastructure • Network ACL
• Certifications and
• Instance-based
attestations Instance
firewall
firewall
• Alignments and frameworks

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 31
Amazon Virtual Private Cloud
(Amazon VPC)
• Provision virtual networks hosted on
Key configurable
AWS and dedicated to your AWS
features of Amazon
account
VPC:
• Logically isolate networks from other
• IP ranges
virtual networks
• Routing
• Launch many AWS resources, such as
• Network gateways Amazon EC2 instances, into VPCs
• Security settings • Provision dual-stack (IPv4 and IPv6)
addresses in VPCs
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 32
Isolating Windows workloads with VPC
AWS Cloud

VPC Availability Zone

Public subnet Private subnet VPCs provide:
Web application proxy • Workload
Web server MS SQL Application isolation
Remote desktop GW (IIS) Server server
• Security
VPC Availability Zone
boundaries
Public subnet Private subnet • Configurable IP
ranges for your
resources
VPC NAT Web server MS SQL Application
Gateway (IIS) Server server

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 33
Multi-AZ patterns increase reliability
AWS Cloud
Corporate VPC
network Availability Zone
Public subnet Private subnet

Web application proxy

Web server MS SQL Application

Remote desktop GW (IIS) Server server
Corporate
services
Availability Zone

Public subnet Private subnet

Web application proxy

Web server MS SQL Application

Remote desktop GW (IIS) Server server

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 34
Security groups and instance-based
firewalls
• Virtual firewalls
VPC
• Must specify, otherwise: default for Public/private subnet
VPC
• Stateful: respond to allowed traffic Security group “https”
• Restricted by IP protocol, service port,
source or destination IP
• Changes automatically applied Instance
firewall
• Cannot be controlled through guest
OS Security group “rdp”
• Guest OS-level protection is
encouraged

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 36
 Isolating resources with security groups
AWS Cloud
RDP-GW Security Group inbound rules
Corporate
Protocol Port Range
network Source VPC Availability Zone
TCP 443 Data center IP address rangePublic subnet Private subnet

Security group

Web server MS SQL Application

Remote desktop GW (IIS) Server server
Corporate
services
Availability Zone
Public subnet Private subnet
Security group

ApplicationSecurity
server Security
group Group inbound rules
Protocol Port Range Source Application
Web server MS SQL server
TCP Remote desktop GW
3389 (IIS)
RDP-GW Security Group Server

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 37
Network access control lists

• Optional stateless virtual • Inbound and outbound rules are

firewalls separate, numbered lists of rules
• Operates at subnet level • Rules are processed in
(security groups operate at the numbered order (security groups
instance level) are evaluated and applied
• VPCs contain a default network together)
ACL (which allows all traffic) that • Supports both allow and deny
you can modify traffic rules (security groups only
support allow rules)

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 38
 Network access control lists

VPC
• Stateless
Private subnet Public subnet
• virtual firewalls for subnets
• Numbered list of rules evaluated in Network ACL Network ACL
order
Security group
• Separate inbound and outbound rules Security group

Security
• Default, modifiable network ACL group
allows all traffic
• Each subnet must be associated with
a network ACL
• Managed through Amazon VPC APIs

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 39
Hybrid cloud architectures

Corporate data
centers
VPN connection

Internet VPC peering

Users router
VPC VPC

Virtual private Windows EC2 Windows EC2

Corporate gateway instance instance
AWS
data center Direct
Connect

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 41
 Example Microsoft architecture
VPC Availability Zone
Public subnet Private subnet
VPC
VPC NAT gateway endpoint Amazon S3
MS SQL AWS
Web server
Server Directory
Auto Scaling group

Remote (IIS)

Availability group
Service Corporate
desktop GW
network

Always-on
Internet
gateway AWS
Direct
Remote
Connect
desktop GW
AWS
Web server (IIS) MS SQL Directory
VPC NAT gateway Service
Public subnet Private subnet Server

Availability Zone

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 42
 Storage
• Relationship to Amazon EC2
• Storage types: Instance store, Amazon EBS, Amazon S3, Amazon
FSx

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 43
Storage options

Amazon Elastic Amazon EC2 instance store Amazon Simple Storage Service (Amazon S3)
Block Store
(Amazon EBS)

Buckets
Windows EC2 Shared, network attached
instance 2

Windows EC2
instance 1 Amazon FSx

ephemeral0 ephemeral[0-2]
Volumes Volumes
Directly attached, not shared Shared, network attached
44
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Amazon EBS volume types
Choose volume types that optimize cost and performance
GP2 General purpose ST1 Throughput-optimized
Use for boot volumes, low latency Use for streaming workloads, big data, and log
applications, and bursty databases processing that requires fast throughput at a
• 100 to 16,000 IOPs low price
• 250 MB/s maximum throughput • 20-500 MB/s base throughput

HDD
SSD

• Single-digit ms latency • 500 MB/s maximum throughput

IO1 Provisioned IOPS SC1 Cold

Use for critical applications and Lowest cost storage – use for large volumes
databases with sustained IOPS of data that is infrequently accessed
• 100 to 64,000 IOPs • 6-192 MB/s base throughput
• 1,000 MB/s maximum throughput • 250 MB/s maximum throughput
• Single-digit ms latency

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 45
Using Amazon S3 for Microsoft
workloads

Amazon Simple
• SharePoint BLOB storage
Storage Service
(Amazon S3)
• Snapshot (backups) storage

• Exchange mailbox backups

• Lync or Skype recording storage

Bucket

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 46
Amazon FSx for Windows File Server

• Is Windows native and built Clients

• SMB version 3.1.1 fully
on Microsoft Windows supported
Server Backwards-compatible with
SMB clients that are version 2.0
• Is simple and fully managed and later
• Microsoft Windows Server
• Delivers fast performance 2008 and later
• Is accessible in the cloud and • Amazon WorkSpaces and
Amazon AppStream 2.0
on-premises • VMware Cloud on AWS
• Offers features for security • Linux (smbclient)
and compliance
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 47
Module summary

In this module, you learned:

• Hhow foundational Amazon Web Services, or AWS, services pertain to
running Microsoft workloads. These include:
• Amazon Elastic Compute Cloud, or Amazon EC2
• Amazon storage services
• Networking services
• Domain services
• How to discuss the shared responsibility model, and how to use
Virtual Private Cloud (VPC), including Security Groups, Network Access
Control Lists, and firewalls.
• How to choose storage options for your Microsoft workloads.
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 48
References

• AWS maintains certifications and attestations for reference:

http://aws.amazon.com/compliance/
• AWS security model introduction
http://d0.awsstatic.com/whitepapers/Security/Intro_to_AWS_Security.pdf
• Virtual private clouds
http://aws.amazon.com/vpc/
• EC2 instance types for Windows Server
http://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/
instance-types.html

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 49
Module 3: Running Microsoft
Windows Server on AWS
Running Microsoft • Run Microsoft Windows Server
Windows Server on instances in Amazon Elastic
Compute Cloud (EC2)
AWS
• Create custom Amazon Machine
Images (AMIs) for running
Microsoft workloads

52 © 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Windows Server on AWS
• Amazon EC2 review
• Windows support
• Amazon Machine Images
• Instance types

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 53
Amazon EC2

With Amazon EC2, customers can:

• Launch and manage virtual instances with a few clicks or a few lines of
code
• Run Windows Server 2008 through Windows Server 2019
• Create, save, and reuse server images
• Launch one instance or a fleet of instances
• Add and terminate instances, as needed
• Use different types of instances, like CPU, memory, storage,
networking, graphics, and general purpose

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 54
Control the EC2 guest OS

• Maintain full control

• Use administrator privilege to control accounts, services, and
applications
• Use AWS Identity and Access Management (IAM) for authentication
and authorization to access AWS resources, but not for OS-level
access
• Own their OS credentials
• Connect remotely to Windows instances by using Remote Desktop
Protocol (RDP)
• Update and patch the guest OS, including security updates
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 55
Windows Server on Amazon EC2
2 Network placement and addressing

Amazon VPC 3 Family/type/CPU/memory

Security group(s)
4 Domain membership, tenancy
1
5 User data

6 Added Amazon EBS block storage

Amazon Windows EC2
Machine instance
Image (AMI) 7 Tags (optional)

8 Security group(s)

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 56
 EC2 instance types
General purpose Compute Storage optimized Accelerated computing Memory optimized Bare metal
optimized

A1 T3 T2 T2 Unlimited M5 M4 C5 C4 I2 I3 D2 H1 P3 P2 G3 F1 R5 R4 X1 X1e Z1d EC2 bare metal

ARM Burstable General High Dense GPU FPGA Higher memory Direct access to
purpose I/O storage to CPU ratio physical server
Graphics
resources
intensive

• Low-traffic websites • High-performance • Data warehousing • Computational finance • High-performance

and web applications front-end fleets • Log or data processing • 3D rendering databases
• Small databases and • Video encoding applications • Application streaming • Distributed memory
midsize databases caches

• Small
Instance size

• Medium
• Large
•
•
CPU
Memory Flexibility to choose the appropriate
• X-large
• etc
•
•
Storage type
Network capacity capacity and mix of resources
Choose an instance size
Start by reviewing the vendor-specified minimum requirements or sizing calculator

Role Processor RAM Boot volume

64-bit
Web server/frontend server 12 GiB 80 GiB
4 cores
64-bit
Application server/batch processing/backend 12 GiB 80 GiB
4 cores
64-bit
Database server (fewer than 1,000 users) 8 GiB 80 GiB
4 cores
Database server 64-bit
16 GiB 80 GiB
(between 1,000 and 10,000 users) 8 cores

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 58
Optimize instance cost

• Measure application performance

• Conduct rigorous load/scale testing
• Change instance size/types as needs change
• Analyze scalability
• Scale horizontally instead of vertically
• Use tools such as Amazon CloudWatch and AWS Cost Explorer
• Use Reserved and Spot instances

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 59
Amazon Machine Images (AMIs)
• AMI Windows details
• Custom images
• Dynamic user data

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 60
Amazon Machine Images

• Read-only file system image

• Launch permissions
Amazon
Machine • Block device mappings
Image (AMI)

• Template that contains a software configuration

• Use AMI to launch an instance as a copy of the AMI
• Launch many instances from a single AMI
• Launch instances from many AMIs

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 61
Windows AMIs
• Windows Server (base)
• Microsoft SQL Server (Web, Enterprise, Standard, Express)
• IIS and ASP.NET
• NVIDIA GRID
• Containers

Amazon • Windows Server 2019

Machine Windows 2003 no longer
• Windows Server 2016 (64-bit) provided
Image (AMI) • Windows Server 2012 R2 (64-bit)
• Windows Server 2012 (64-bit)
• Windows Server 2008 R2 (64-bit)
• Windows Server 2008 (64-bit)
• Windows Server 2008 (32-bit)

Windows AMIs:

https://aws.amazon.com/windows/resources/amis/
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 62
Customize Windows instances
Configure EC2Launch or EC2Config to:
• Change wallpaper
• Set the computer name and add DNS suffixes
• Forward information to the AWS console
• Send the RDP certificate thumbprint to the AWS console
• Set a random administrator password
• Extend the operating system partition
• Initialize secondary Amazon Elastic Block Store (EBS) volumes
• Run user data scripts
• Set persistent static routes to reach metadata and the AWS Key
Management Service
• Configure and schedule Sysprep

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 63
Configure instances with user data
User data
• Pass commands and data Batch script example
<script>
• Use EC2Config or EC2Launch winrm quickconfig –q
winrm set winrm/config/winrs @{MaxMemoryPerShellMB="300"}
• Specify scripts or commands winrm set winrm/config @{MaxTimeoutms="1800000"}
to run on first launch </script>

• <script> PowerShell example

<powershell>
Run batch scripts and commands
Import-Module ServerManager
• <powershell> Install-WindowsFeature web-server, web-webserver
Install-WindowsFeature web-mgmt-tools
Run PowerShell scripts </powershell>

• <persist> PowerShell with AWS tools

Run user data on every start <powershell>
Read-S3Object -BucketName myS3Bucket -Key
myFolder/myFile.zip -File C:\destinationFile.zip
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
</powershell> 64
Dynamic user data scripts with
metadata
PowerShell example
PS C:\>Invoke-RestMethod -uri http://169.254.169.254/latest/meta-data/ami-id
ami-12345678

Example categories
• Retrieve data about an instance to use in a
ami-id script or command
hostname
• User data and other scripts can become self-
instance-id
local-ipv4
describing.
public-ipv4 • Metadata service is available from EC2
security-groups instances at:
http://169.254.169.254/latest/meta-data/.
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 65
Create custom AMIs

AMIs Key points

• Contain customizations • Run Sysprep to strip instance-specific
• Are anchored to the current networking information
Region • Use EC2Config or EC2Launch with the
• Reboot the instance by shutdown with sysprep option
default to ensure consistency • Building an AMI creates a snapshot, which
• Create the instance with all incurs costs
attached volumes • Cannot create an AMI directly from Windows
volume snapshots
• Create AMI from an existing instance

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 66
Create a new custom AMI

Custom
Amazon Volume
Amazon Custom
Machine snapshot
Windows Machine Windows
Image
EC2 Image EC2
instance instance

aws ec2 create-image --instance-id i-1026251cc00125c52 --name “New_Base_Image”

https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/Creating_EBSbacked_WinAMI.html
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 67
Licensing
• Available license models

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 68
Licensing
License included License mobility
• AWS manages the license • Requires Microsoft
Software Assurance
• Customers pay as they go
• AWS provides images • Requires a verification
process with Microsoft
• AWS supports legacy
versions • Eligible software includes
SQL Server, Remote
Desktop Services, Exchange,
and SharePoint
• Import images and software
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Bring your own
license (BYOL)
• Most choose Dedicated Host
• Software Assurance not
required
• Windows Server can be
deployed on dedicated
hosts
• Customers are responsible
for compliance with
Microsoft
• Customers can import and
use own software
69
References
• Security model
http://d0.awsstatic.com/whitepapers/Security/Intro_to_AWS_Security.pdf
https://d0.awsstatic.com/whitepapers/aws-security-whitepaper.pdf
• Certifications and attestations
http://aws.amazon.com/compliance/
• Amazon Virtual Private Cloud
http://aws.amazon.com/vpc
• EC2 instance types
http://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/instance-types.html
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html
http://aws.amazon.com/ec2/instance-types/
• EC2 sizing for SharePoint
http://docs.aws.amazon.com/quickstart/latest/sharepoint/ec2.html
• Windows AMIs
http://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/AMIs.html
• Metadata options
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 70
Module 4: Active Directory on
AWS
 • Run Active Directory services on
Active Directory AWS
on AWS • Use three available options for
deploying Active Directory on
AWS
• Position each option for
acceptance
• Provide authentication and
network naming services that
apply to running Active Directory
on AWS

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Microsoft Active Directory on AWS
Central policy
Single sign-on Group access
management

• Seamless, secure, • Centralize • Join computers to

convenient application and an AD domain
• Active Directory is resource access • Centrally manage
required • Manage access computers with
• Assign IAM roles to control policies group policies
AD • AD-integrated
group policies to
centralize access
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 74
 Active Directory options

Connect Re-host Re-platform

CONNECT ON-PREMISES ACTIVE DIRECTORY AWS MANAGED ACTIVE
ACTIVE DIRECTORY INSTANCE ON EC2 DIRECTORY
Operations Customer managed Customer managed AWS managed

Customer must design for Customer must design for Built-in redundancy and
Availability
high availability (HA) high availability replication
Ports to support cloud to on- Trust or replication ports Trust ports from cloud to on-
Networking premises Active Directory from cloud to on-premises premises Active Directory
(most exposed) Active Directory (least exposed)
Admin Designated organizational
Full control Full control unit (OU) control; some apps
Control unsupported
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
 Select an Active Directory option

CONNECT ON-PREMISES ACTIVE DIRECTORY AWS MANAGED ACTIVE

ACTIVE DIRECTORY INSTANCE ON EC2 DIRECTORY
Use cases • Minimal EC2 instances • Applications unsupported by • Minimize cost and effort
requiring Active Directory AWS Managed Active
• Run cloud-based applications,
Directory
• Some latency acceptable such as
• Need a replicated, multi-
• Allow Active Directory ports to o Amazon RDS SQL Server
Region Active Directory
be open o AWS enterprise
solution
applications
• Architect high availability to
o Windows workloads on
on-premises Active Directory
EC2

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Active Directory Connector

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Active Directory Connector

Active Directory Connector:

• Connects AWS applications to
AWS Management
existing on-premises Microsoft Amazon
Chime Console
Amazon
WorkDocs
Active Directory
• Does not require directory
synchronization or federation Amazon Connect Amazon QuickSight Amazon
infrastructure WorkMail

• Forwards AWS sign-in requests to

on-premises Active Directory
domain controllers for Amazon EC2 for
Windows Server
AWS Single Sign-On Amazon WorkSpaces

authentication
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Active Directory Connector benefits

• Use corporate credentials to log on to AWS Small Active

applications Directory
Large Active
• Manage AWS resources through IAM role-based Connector Directory
access to the AWS Management Console Up to 500

• Enforce existing security policies consistently

users Connector
500–5,000 users
• Enable MFA for AWS applications
• Eliminate the need for directory synchronization
• Eliminate cost and complexity of hosting a
federation infrastructure
• Join EC2 windows instances to an on-premises AD
• Only requires one service account to Active
Directory

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Re-host: Microsoft Active
Directory on EC2

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Deploy and manage AD DS on AWS

Re-host Quick Start

Self-managed cloud-based
AD DS environment on
Amazon EC2 • Amazon VPCs with subnets
• NAT gateways
• Deploy and manage AD DS on EC2 • Private and public routes
• Set up the same as on-premises • Systems Manager Automation documents
for AD DS and AD-integrated DNS
• Retain end-to-end control • Windows Server instances
• Retain all features • Security groups and rules
• Active Directory sites and subnets
https://aws.amazon.com/quickstart/ • Sync/replication or trust to corporate DCs
architecture/active-directory-ds/

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
 Microsoft Active Directory on EC2
Amazon VPC
Corporate network Availability Zone
Private subnet
Auth /
LDAP 3
4
Application
Remote users
Web server Application SQL Server Domain
2 Controller
Auth /

(IIS) server
LDAP

Trust or replication
1
VPN
AWS
Direct
Connect
Corporate Active
Directory
domain Web server Application SQL Server Domain
(IIS) server
controllers Controller
Active Directory on EC2 with
Private subnet
sync or Active Directory trust Availability Zone
84
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Re-platform: AWS Directory
Service for Microsoft Active
Directory

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS Directory Service for Microsoft
Active Directory
• Easy to set up:
AWS Managed Active Directory
• A few clicks to set up from
• AWS Managed Active Directory Service console
Directory built on actual
• Scripted install via application
Microsoft Active Directory
programming interface (API)
• Powered by Windows Server
• Automatic patching, replication, and
2012 R2 Domain Controllers
daily snapshots
• Two Domain Controllers –
• Scale out with additional DCs
each in separate Availability
Zones • Compliance audited, approved for
Health Insurance Portability and
Accountability Act (HIPAA) and
Payment Card Industry Data Security
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. Standard (PCI DSS), when enabled
 AWS Microsoft Active Directory trust to
on premises
VPC
Corporate network Availability Zone
Private subnet AWS Managed Services
4

Application
Amazon RDS for SQL Server
Remote users
Web server Application Auth / 1
LDAP
Auth /

(IIS) server
LDAP

2 AWS Managed Microsoft

Active Directory
Trust
3 VPN
AWS Auth /
Direct LDAP
Connect
AWS Managed Microsoft Active
Corporate Active Directory
Directory
domain Web server Application
(IIS) server
controllers Amazon RDS for SQL Server

Private subnet AWS Managed Services

Availability Zone
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 88
AWS Managed Microsoft Active
Directory Editions
Managed Active Directory
Editions
• Standard Edition is optimized for small to Standard Edition
midsized business Up to 5000 employees
30,000 directory objects*
Enterprise Edition
100,000+ employees
• Enterprise Edition supports larger
500,000 directory objects*
enterprise organizations
1 GB
• Pricing varies by edition, Region, number
of domain controllers, and directory
sharing
• Switching between editions is not
supported,
• For pricing information, see:
https://aws.amazon.com/directoryservice/pricing * Directory objects such as
users, groups, and
computers; upper limits
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
are approximations 17 GB
AWS Quick Starts for Microsoft Active
Directory
Amazon VPC
Availability Zone

Public subnet Private subnet

Available via

Active Directory
AWS Quick

Site (AZ1)
VPC NAT gateway

Domain
Controller
Start
Remote desktop GW

Internet
GW
Active Directory
Site (AZ2)

Remote desktop GW

Domain
Controller
VPC NAT gateway

Public subnet Private subnet

https://aws.amazon.com/quick
Availability Zone
start/architecture/active-
directory-ds/
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 90
Summary

• Run Active Directory services on AWS

• Use three available options for deploying Active Directory on AWS
• Position each option for acceptance
• Provide authentication and network naming services that apply to
running Active Directory on AWS

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Module 5: Database Services
Objectives

In this module, you will learn how to:

• Run Microsoft SQL Server databases on Amazon Web Services (AWS)
• Choose deployment options, and select compute and storage
resources
• Migrate databases from existing platforms to AWS

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Database services on AWS

Re-host
SQL Server on Amazon Elastic
Compute Cloud (Amazon EC2)

Cost-effective
Re-platform
Amazon Relational Database Service Complete control
(Amazon RDS) for SQL Server
Rapid provisioning

Re-factor
Adopting cloud-native
services

https://aws.amazon.com/sql/sql2008-eos/

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
SQL Server on AWS
Re-host Re-platform
SQL Server on Amazon EC2 Amazon RDS for SQL Server

• Fully control the database and the operating • Consider Amazon RDS for SQL Server first
system (OS) • Automates administration tasks:
• Control backups, replication, and clustering • Provisioning
• Use features and options not available in • Patching
Amazon RDS • Backup/recovery
• Adopt hybrid architectures • Failure detection and repair
• License options: • Runs in Multi-AZ deployments to provide
• Purchase EC2 Windows + Bring Your automatic failover
Own License (BYOL) SQL • Integrates with AWS IAM for granular
• Purchase EC2 Windows + SQL resource permission controls
• BYOL Windows and SQL

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 100
SQL Server features at a glance
SQL Server on EC2 SQL Server on Amazon RDS
VERSIONS All 2008R2, 2012, 2014, 2016, 2017
EDITIONS Express, Web, Standard, Enterprise
HIGH AVAILABILITY AND Self-managed; always on, mirroring, Managed by AWS; multiple Availability Zone (AZ)
SCALING log ship deployments; database mirroring or always on
availability groups
ENCRYPTION Encrypted storage using AWS Key Management Service (AWS KMS) (all editions);
Transparent Data Encryption (TDE) support
AUTHENTICATION Windows and SQL Server authentication
OS INSTALLATION AND
MAINTENANCE, POWER, Managed by AWS
HVAC, NETWORKING
OS PATCHING AND Self-managed, full control Managed by AWS
CONTROL
DBMS INSTALLATION, Self-managed Automated software patching, instance
PATCHING, AND replacement
MAINTENANCE
BACKUPS Self-managed maintenance plans
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Managed automated backups with selectable
and third-party tools retention periods (up to 35 days)
Re-factor: Adopt cloud-native database
services
Amazon RDS Amazon Aurora Amazon Redshift

• Set up, operate, and • Database built for the • Fast, scalable data
scale relational cloud warehouse
databases in the cloud • Fully managed • Fast performance
• Choose Amazon • High performance • Easy to use
Aurora, PostgreSQL,
MySQL, MariaDB, • High availability and • Cost-effective
Oracle Database, or durability • Scales quickly
SQL Server • Highly secure • Queries data lakes
• Secure

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 102
Selecting the right instance

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Scale to meet needs

Match compute capacity Provision storage for Scale to control costs

to demand additional data
Scale up or down in minutes Change size, type, and Scale storage and compute
IOPS, usually with no instance type separately to
downtime increase storage or improve
performance cost-effectiveness
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Performance planning considerations

SQL Server workloads Select instances of Select instances with

typically benefit from the appropriate DB the appropriate
large amounts of instance type. storage class.
memory. • Scale compute capacity • Modify size, type, and
• Consider r type, with the workload. IOPS.
memory-optimized • Changing instance • Size modifications are
instances. classes might require available in minutes.
• Service edition and reboot or Multi-AZ • Storage performance
licensing impacts failover. might be degraded
instance class during optimization.
availability.

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
 Database instance types
General purpose Compute Storage optimized Accelerated computing Memory optimized Bare metal
optimized

A1 T3 T2 T2 Unlimited M5 M4 C5 C4 I2 I3 D2 H1 P3 P2 G3 F1 R3 R4 X1 X1e Z1d EC2 bare metal

ARM Burstable Standard High Dense GPU FPGA Higher memory Direct access to
I/O storage to CPU ratio physical server
Graphics
resources
intensive
Burstable – Provide a Standard – Provide a balance of Optimized for memory-intensive applications – X offers
baseline performance compute, memory, and network one of the lowest prices per GiB of RAM among the DB
level, with the ability to resources instance classes, and R offers improved networking and
burst to full CPU usage Amazon Elastic Block Store (Amazon EBS) performance

• Small
Instance size

• CPU
• Medium
• Large
• Memory Storage specifications
• Storage type
• X-large • General Purpose SSD
• Network capacity
• etc. • Provisioned IOPS

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
 Storage performance
GP2 General Purpose IO1 Provisioned IOPS
Predictable performance and burst capabilities Ideal for critical databases with sustained IOPS
that require fast and consistent I/O performance
Amazon RDS Amazon EC2 Amazon RDS Amazon EC2
SSD

20 GB – 16 TB (min 100 1 GB – 16 TB 100 GB – 16 TB 4 GB – 16 TB

GiB recommended)
Fixed burst allocation Fixed burst allocation
Burst up to 3,000 IOPs/GB Burst up to 3,000 IOPs/GB
Up to 64,000 IOPS Up to 64,000 IOPS
Performance based on size: Performance based on size: 3
3 IOPS/GB IOPS/GB for volumes <1 TB, Single-digit ms latency Single-digit ms latency
up to 10,000 IOPS for larger
volumes
Single-digit ms latency Single-digit ms latency

ST1 Throughput optimized

HDD

Great for native backups! Less than

half the price of SSD volumes
Performant for sequential writes – throughput at a low price
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Improving SQL Server availability

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Native SQL Server availability features
Database mirroring Always on availability
groups
• Provides a mirror of a • Provides high availability and
disaster recovery
database on a separate
• Uses Windows Failover Cluster
database instance and SQL Server Enterprise
• Increases availability Edition
and data protection • Support failover of a set of user
databases as unit or group.
• Improves availability • Secondary databases can be
during upgrades
made available as read-only
• Secondary databases used for
backup operations
Log shipping
• Automatically send
transaction log backups to
one or more secondary
databases on secondary
servers
• Limited read-only access to
secondary databases
• Optional delay to allow data
recovery

Amazon RDS Amazon RDS

Amazon EC2
Amazon EC2 Amazon EC2
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
 Highly available SQL Server on EC2

Amazon VPC Availability Zone Active Directory Site

Public subnet
Private subnet
MS SQL Server
Elastic IP NAT Primary replica
Remote address gateway
MSSQL

WSFC and Always-on

administration and

Auto Scaling group

management

Availability group
Remote
desktop GW
Internet AWS
GW Directory
Remote Service
desktop GW MSSQL

MS SQL Server
AWS Quick Elastic IP
address Secondary
File share
witness
Start NAT
Public subnet gateway
replicasubnet
Private
Active Directory site
Availability Zone

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
http://docs.aws.amazon.com/quickstart/latest/sql/welcome.html110
SQL Server availability on Amazon RDS

Amazon VPC Multi-AZ deployments

Witness instance
(managed by • Create a database subnet group with
RDS)
subnets in two Availability Zones.
Instance Instance
availability availability • RDS configures all the databases to
status status
use database mirroring or always on
based on the version deployed.
M S • If a database on a primary host fails
over, all SQL databases on the host
DB subnet group
fail over as one atomic unit.
• RDS provisions a healthy host that
Availability Zone Availability Zone
replaces the unhealthy host.
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. 111
SQL Server failover on Amazon RDS

Amazon RDS automatically • Amazon RDS Multi-AZ deployments

performs a failover when the do not fail over automatically in
response to database operations such
following events occur: as long running queries, deadlocks, or
• Availability in the primary Availability database corruption errors
Zone is lost
• When operations such as DB instance
• Network connectivity to the primary scaling or system upgrades like OS
database node is lost patching are initiated for Multi-AZ
• Compute unit failure on the primary deployments, they are generally
database node applied first on the secondary
instance, before the automatic fail
• Storage failure on the primary over of the primary instance, for
database node enhanced availability

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Deploying and managing
Amazon Relational Database
Service (Amazon RDS)

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Start and manage SQL Server resources

Start and manage SQL Server using:

• AWS Management Console
• AWS Command Line Interface (AWS CLI)
• AWS software development kits (SDKs)
• AWS CloudFormation
Android, iOS, Java, JavaScript,
• AWS Toolkit for Eclipse .NET, Node.js, PHP, Python, boto,
Ruby, and Xamarin
• AWS Toolkit for Visual Studio
• AWS Tools for Windows PowerShell

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Launch an RDS instance with PowerShell

General properties PS C:\> New-RDSDBInstance

-DBInstanceIdentifier "demo-sqlsrv" -DBInstanceClass "db.r4.large“

and performance
-Engine "sqlserver-se" -EngineVersion “14.00.3049.1.v1“
-AllocatedStorage 200 -StorageType "gp2”

-MultiAZ 1 -DBParameterGroupName "demo-2014se" -AutoMinorVersionUpgrade 1

Reliability and tuning -MonitoringInterval 15 -MonitoringRoleArn "arn:aws:iam:..."
-BackupRetentionPeriod 35

Domain membership -Domain "d-xxxxxxxxxx"-DomainIAMRoleName "rds-ds-access-role"

-DBSubnetGroupName "demo-subnets" -VpcSecurityGroupId "sg-xxxxxxxx”

Network and security -MasterUsername "demoadmin"-MasterUserPassword "demopassword"
-StorageEncrypted 1

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Monitor SQL Server performance

• Monitor performance by using

Amazon CloudWatch  CPU use
 Read/write IOPS
• Alarms and notifications
 Disk queue depth
• Default metrics
 Memory (RDS)
• Custom metrics (EC2 only)  Storage space
• Use SQL Server Profiler and (RDS)
Tuning Advisor to trace query  Connections (RDS)
performance  I/O throughput
(EC2)
…

~$ aws cloudwatch list-metrics --namespace AWS/RDS

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Amazon RDS Enhanced Monitoring

Enhanced Monitoring overview Compared to CloudWatch metrics

• Deeper visibility into Amazon RDS • Agent-based metrics collections
health • Differences with CloudWatch metrics
• OS-level monitoring metrics – 26 due to using different collection
system and per process metrics sources (for example, CPU use
• Metrics delivered to Amazon collected by an agent vs. the
CloudWatch Logs hypervisor)
• Up to 1-second granularity

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Amazon RDS Enhanced Monitoring

• Provides detailed OS-level metrics with up to 1-

second granularity
• Uses an agent on the instance
• Provides granular data
• Might contribute to the load
• Reports on granular CPU use, disks, processes,
threads, network, and process load

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Tools for Amazon RDS SQL Server

• Manage using common tools: SQL Server Management Studio,

sqlcmd, and so forth
• Data source or target only for SSAS, SSIS, and SSRS
• Maximum 30 databases per Amazon RDS instance
• Amazon RDS does not provide desktop, administrator, or
file-system access to DB instances
• Not supported: Maintenance plans, database mail, Microsoft
Distributed Transaction Coordinator (MSDTC)
• Limited support for linked servers available

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Database backups

Automated backup and recovery SQL native backups

• Amazon RDS creates scheduled daily • Back up and restore directly from S3
volume backup of the entire instance buckets (.BAK files)
during the backup window • Use SQL Server’s native backup
• Customers can also manually back up functionality
instances • Support compression
• Database change logs archived • Create full backups only (no log
• Up to 35-day retention shipping)
• Minimal impact on database
performance
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Appendix.SQLServer.Options.BackupRestore.html

© 2020 Amazon Web Services, Inc. or its Affili.ates. All rights reserved.
Securing SQL Server on AWS

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Secure the SQL Server platform

Secure the network Secure the data

• Deploy in Amazon VPC • Encrypt data at rest with AWS KMS
• Define subnets, each specific to an AZ • Use encrypted EBS volumes
• Use route tables, and network ACLs • Use application layer encryption
• Restrict traffic to the instance with • Encrypt data in transit
network access control list (ACLs) and Encrypt connections via SSL or forced SSL
security groups • Use same mechanisms in use today
• Avoid or limit public access
• Encrypt traffic (turn on force SSL)

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Access and auditing

• Control access to the infrastructure and ability to modify database

instances
• Use AWS IAM to control permissions to create, modify, and delete
AWS resources
• Enhance security by enabling MFA
• Lock away AWS account root user credentials
• Grant least privileges to IAM users, groups roles
• Use strong password policies
• Rotate credentials
• Use federated access from Active Directory
• Use AWS CloudTrail to log AWS API invocations
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Migrate data to and from Amazon RDS

• .BAK file save and restore

Use SQL Server’s native backup functionality
• Microsoft SQL Server Database Publishing Wizard, Import/Export
Export to T-SQL files, load using sqlcmd
• AWS Database Migration Service (AWS DMS)
Minimize downtime during migrations, migrate between different DB platforms, Schema
Conversion Tool
• AWS Marketplace
Third-party data import and export tools and solutions
• SQL Server replication
Push subscriptions to transactional replication

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
SQL 2017 – SQL Linux

• SQL Server 2017 Linux is supported on Amazon EC2

• RHEL licenses included
• Cluster and cluster-less availability groups
• Docker-based environments with SQL Server run on EC2

Deploy SQL Server on Linux!

docker pull mcr.microsoft.com/mssql/server:2017-latest
docker run -e 'ACCEPT_EULA=Y' -e 'SA_PASSWORD=<YourStrong!Passw0rd>' \
-p 1433:1433 --name sql1 \
-d mcr.microsoft.com/mssql/server:2017-latest
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Using SQL on EC2 best practices

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Storage performance for EC2 SQL
Server
• Consider IOPS and throughput
performance requirements Example volume layout
• Enable EBS optimization on instance C:\ Boot on General Purpose
• Create a single volume for data and SSD
logs D:\ Data and log files on
• Format with 64 K allocation unit size PIOPS single or striped set
• Match total EBS IOPS and throughput E:\ Backups on ST1 or SC1
to instance type Z:\ tempdb on instance
• Stripe EBS PIOPS volumes for more storage (if available)
than 20,000 IOPS

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Configure tempdb on instance storage

1. Move tempdb files to instance-storage-backed drives.

ALTER DATABASE tempdb
MODIFY FILE (NAME = tempdev, FILENAME = 'Z:\tempdb.mdf');
GO
ALTER DATABASE tempdb
MODIFY FILE (NAME = templog, FILENAME = 'Z:\templog.mdf');
GO

2. Modify the drive’s access control list to grant service account access.
icacls Z:\ /grant "NT SERVICE\MSSQLSERVER”:(OI)(CI)(F)

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Migrating databases

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Database components to migrate

1 2 3 4
Migrate the schema Migrate stored Migrate data Verify the schema
procedures and other DB and data
objects
Migrate table schema from Migrate Stored Procedures, Set up data Perform schema
source to target DB functions and other DB objects migration scripts comparison of tables,
from source to target DB indexes
Migrate user accounts and Perform unit testing of the Perform data Perform data
permissions from source to migrated schema as per test plan migration verification between
target DB source and target
database
Log shipping Unit testing of data
migrated from
source to target DB
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Database migration strategies

One-step • Suitable for small databases

that can have 24 – 72 hours
migration of downtime

Two-step • Suitable for databases of any size

migration • Requires minimal downtime

Zero or
• Suitable for mission critical databases
near-zero
• Requires detailed planning and appropriate
downtime continuous data replication tools
migration
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Database Migration Service

1
Replication
instance
4
3
2
5
Data Source Target
connection endpoint endpoint
Replication task

Source Target
database AWS Database Migration Service database

SOURCE TARGET
ON-PREMISES DATA CENTER AMAZON EC2 OR RDS
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Summary

In this module, you learned how to:

• Run Microsoft SQL Server databases on AWS
• Choose which deployment option is most suitable, and how to select
compute and storage resources
• Migrate databases from existing platforms to AWS

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Module 6: Automate Operations
Objectives

In this module, you will learn how to:

• Automate Microsoft workloads operations with AWS services
• Migrate virtual machines (VMs) and server applications to AWS
• Provision workload environments
• Automate change and configuration
• Provide ongoing maintenance using AWS services

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Automate server migrations

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
 VM Import/Export
Virtualization formats Import methods
• VMware ESX AWS Command Line Interface (AWS CLI)
• VMware workstation 1. Download and install AWS CLI.
• Microsoft Hyper-V 2. Upload to Amazon Simple Storage Service
(Amazon S3).
• Citrix Xen
3. Run AWS commands:
Image formats • ec2 import-image
• ec2 describe-import-image-tasks
• Open Virtualization Archive (OVA) • ec2 run-instances
• Virtual Machine Disk (VMDK)
• Virtual Hard Disk (VHD)
• Raw disk
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS Server Migration Service

Migrate on-premises Windows Servers to AWS

• Automates migrating Hyper-V and VMware virtual machines to AWS

• Incrementally replicates VMs as AMIs ready to deploy on Amazon EC2
• Migrates groups of servers with few clicks
• Replicates volumes of live servers, creating new AMIs periodically
• Schedule replications and track progress for a group of servers
• Migrate on-premises servers’ incremental changes

Free to use; pay only for the storage resources that the migration uses.

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
 AWS SMS

Corporate data center AWS Cloud

3 AWS SMS
VM VM VM
2
Replication job Replication job
VM VM Agentless
Server … …
VM Migration
• Remote Desktop (RD)
W • .NET framework
Connector
Appliance
4 5
VMDK
1 (OVA or
VM VHD)
• Secure Shell (SSH) Snapshot Convert
L • GRUB bootloader
Amazon S3 Amazon EBS
VMware vCenter/ESXi or Hyper-V snapshot AMIs

SOURCE: ON-PREMISES DATA CENTER TARGET: AMAZON MACHINE IMAGE(S)

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS migration and data transfer services

Migration services Data transfer services

AWS Snowball
AWS Server Migration Service
and AWS Snowmobile
AWS Database Migration Service
(AWS DMS) AWS Storage Gateway

AWS Schema Conversion Tool AWS DataSync

Amazon S3 Transfer Acceleration

AWS Direct Connect

Amazon Kinesis Data Firehose

https://aws.amazon.com/cloud-data-migration/
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Automate change and
configuration

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Configuration management

• Use code to represent the infrastructure state

• Operate at scale, automate by using code
• Assure configuration is compliant and repeatable
• Ensure that hosts are compliant and at the desired state
• Align resources with specific policies, and report
• Enforce security policy – automatically remediate unwanted changes
• Automate manual steps to complete tasks

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS OpsWorks

• Fully managed Chef or Puppet server

• OpsWorks Stacks: Chef local mode in AWS
• OpsWorks for Chef Automate
• OpsWorks for Puppet Enterprise
AWS OpsWorks
• Management dashboards give visibility
• Programmable infrastructure in both AWS Cloud and on
premises
• Simple to manage hybrid environments
• Easy scaling, no manual steps to attach new nodes to
automatically scaled instances
• Community support through Chef Supermarket, Puppet Forge

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Use cases
• Bootstrap new instances
• Create new Windows Servers, apply desired state from code in GitHub
• Bootstrap from Chef Supermarket or Puppet Forge, change and customize where needed
• Update configurations on running instances or servers
• Apply policy changes or new versions
• Use a single commit to apply pretested changes
• Define policies
• Define configurations that enforce a policy on nodes (for example, all nodes must run a new
log rotation policy to prevent file systems filling)
• Use the configuration manager (CM) server to vet configurations and bring server into spec
• Use continuous integration and continuous delivery (CI/CD) pipelines to promote
changes (adopt software metaphor)
• Drive changes from developer desktop to production
• Revert changes quickly (reduces fear of changes)
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Automate management

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS Systems Manager

• View and control infrastructure

• View operational data from multiple AWS services
AWS Systems • Automate operational tasks across AWS resources
Manager
• Maintain security and compliance
• Associate AWS resources together and view operational data
as a resource group
• Integrate with AWS IAM

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS Systems Manager capabilities

• Enables role-based server management

• Audits every management action
AWS Systems • Manages Windows and Linux instances running anywhere,
Manager including Amazon EC2, other clouds, or on premises
• Scales to manage 1 to10,000 servers or more

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS Systems Manager

Instances and nodes Shared resources

Parameter Store
Run Command Session Manager State Manager Documents

Actions and change

Inventory Compliance Patch Manager Automation Maintenance

Windows

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS Systems Manager Agent (SSM)

• Installed and configured on Amazon EC2 instances, on-premises server, or

VM
• Allows System Manager to update, manage, and configure these resources
• Is preinstalled on the following Amazon AMIs:
• Windows Server 2016 and newer: SSM Agent only
• Windows Server 2012R2 and older: SSM Agent and EC2Config service
• Amazon Linux, Amazon Linux2, and Ubuntu AMIs
• Can be installed on other platforms
• Logs activity for Run Command, State Manager, joining domains, and
Amazon CloudWatch
• Is open source, and available on GitHub

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
SSM Agent in hybrid environments

Customers run the SSM Agent on corporate servers and VMs on

premises by completing the following steps:
1. Install a Transport Layer Security (TLS) certificate.
2. Create a managed-instance activation code from the AWS console or API:
• Provide a description, number of instances
• Select an IAM role, so the agent can retrieve parameter objects and so forth
3. Download, install, and start the agent, using the activation code:
• Note that activation codes have an expiration date
• Record and store activation codes separately – they are only available once
• Ensure outbound internet access or Amazon Virtual Private Cloud (Amazon VPC) endpoint
(required)

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
 AWS Systems Manager Run Command
Overview
• Remotely manage instance configurations securely

Run Command • Delegate instances to eliminate the need for RDP and secure shell access
• Retrieve the status and output of commands and receive notifications about them
Configuration
• Install the SSM Agent
• Configure an IAM user
• Configure an instance profile role for any instance that will process commands (or activate with a code)
• Configure the network
Using
• Choose command document
• Specify the command to run and its parameters
• Store the commands’ output in an Amazon S3 bucket and send notifications

Available plugins, including Shell script, PowerShell, and so forth:

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. https://docs.aws.amazon.com/ssm/latest/APIReference/ssm-plugins.html
 State Manager

Use State Manager to: State Manager can:

• Bootstrap • Determine the state to
State Manager
• Update agents apply.
• Configure network settings • Determine if a
preconfigured SSM
• Join instances to a Windows Document is available.
domain
• Create an association.
• Patch instances with software
updates • Monitor and update.
• Run scripts

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Automation
Use Automation to:
• Define common tasks in a
Automation simplified automation solution
for maintenance and deployment
• Control the flow of the
automation process with
repeatable steps that can include
manual interaction
• Delegate administration through
IAM integration to enhance
security
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Automated AWS services can:
• Create or delete AWS
CloudFormation stacks
• Invoke AWS Lambda functions
• Create an AMI from an instance
• Launch an instance from an AMI
• Start a Run Command
• Run other automations
 Patch Manager
Manage patching Windows or Linux servers, Amazon EC2, or on premises

Patch Manager
Use Patch Manager to: Patch groups can:
• Create patch baselines • Tie instances to a patch baseline
• Organize instances into • Ensure instances use the rules defined
patch groups in the associated baseline
• Assign to Maintenance • Group instances for patch compliance
Windows reporting
• Monitor status and Note: An instance can be a member of
compliance only one patch group

Amazon provides many patch baselines for customers.

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
 Maintenance Windows

Use Maintenance Windows to:

• Schedule and control running potentially disruptive tasks
Maintenance
Windows • Use cron or rate expressions to schedule when maintenance starts
• Set a 1 to 24 hour maximum duration (does not stop running tasks,
only stops scheduling remaining tasks)
• Select targets by tag or instance ID
• Perform the following types of tasks:
• Run Command commands
• Automation workflows
• Lambda functions
• Step functions
• Retain run history for up to 30 days
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Inventory

Use AWS Systems Manger AWS Systems Manager

Inventory to: Inventory can:
Inventory
• Create an inventory policy by • Create an end-to-end collection
selecting targets in the console, of operating system-specific
or using State Manager to create information
an association with targets • Be queried using attributes
• Schedule how often to collect • Integrate with AWS Config to
inventory metadata record changes over time and
• Choose types of metadata to detect drift
collect

Create custom inventory types

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Compliance

Use Compliance to:

• Scan the environment for inconsistencies
Compliance
• Collect and aggregate data and drill-down to specific
resources
• Show compliance data about Patch Manager and State
Manager associations
• Use with AWS Config to view compliance history
• Create custom compliance types
• Remediate issues

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Parameter Store

User Parameter Store to:

• Eliminate manually managing configuration files
Parameter
Store • Centrally manage passwords and encryption strings
• Store values to use in in Run Command, State Manager, Automation,
and bootstrapping (user data)
• Encrypt sensitive data by using AWS Key Management Service (AWS
KMS) or custom KMS
• Track parameter changes with versions
• Restrict access through integration with IAM

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Automate management

• View and control

infrastructure on AWS Run Command Maintenance
AWS Systems
Manager
• Automate operational Windows

tasks across AWS and

on-premises resources
• Maintain inventory and State Manager Inventory

compliance across
cloud-based and on-
premises servers Automation Compliance

Patch Manager Parameter Store

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Automate deployment with AWS
CloudFormation

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS CloudFormation

Infrastructure as code
AWS CloudFormation

Plan and design Build and test Optimize and enhance

• Secure • Scripting • Maintainable
• Reliable • Orchestration • Flexible
• Performant • Source control • Reusable
• Efficient • Standardized

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Reduce complexity with AWS
CloudFormation and Quick Starts

Quick Starts include AWS

CloudFormation templates
to help deploy popular
technologies

1. Sign in.
2. Choose a Region and create a key
pair.
3. Launch AWS Quick Start.
4. Specify details for the parameters.
https://aws.amazon.com/quickstart/
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS CloudFormation concepts

• Manage infrastructure as collections of resources

• Replicate infrastructure
• Control and track infrastructure changes

Template Stack Change set

JSON or Collection of Changes to

YAML file resources the template

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
How AWS CloudFormation works

Create or use an Save locally or in an Use AWS AWS CloudFormation

existing template. Amazon S3 bucket. CloudFormation to configures and
create a stack based constructs resources
on the template. specified in the stack.

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS CloudFormation stack sets

AcctA AcctB AcctC

Region

Stack Stack Stack

Region
Template
Stack set

Stack Stack Stack

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Summary

In this module, you learned how to:

• Automate Microsoft workloads operations with AWS services
• Migrate virtual machines and server applications to AWS
• Provision workload environments
• Automate change and configuration
• Provide ongoing maintenance using AWS services

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Module 7: Tools and .NET
Development
Objectives

In this module, you will learn how to :

• Use AWS to build and run .NET applications
• Identify the tools available to build architectures that support .NET
• Identify available code management services and code build
architectures
• Use AWS PowerShell to automate functions from scripted solutions

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Tools and .NET • Run .NET applications and
development on Windows workloads on AWS
AWS • Use AWS Lambda, AWS X-Ray,
and AWS CodeStar with .NET,
.NET Core, and Core 2.1
• Use AWS to host, manage, and
run .NET applications
• Build architectures that support
.NET with familiar tools
• Use code management services
and code build architectures

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Scripting AWS with PowerShell

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS Tools for PowerShell

Modules include: • Script operations on AWS resources

from the PowerShell command line
• Microsoft .NET Framework Features
• Use AWS functions in a familiar
• AWS SDK for .NET PowerShell format
• AWS Tools for Windows PowerShell • Control AWS service resources,
• AWS Command Line Interface (AWS including:
CLI) • Amazon Simple Storage Service (Amazon S3)
• AWS Identity and Access Management (IAM)
• Amazon Elastic Compute Cloud (Amazon EC2)
• AWS Lambda
• Amazon Simple Queue Service (Amazon SQS)
• Amazon Simple Notification Service (Amazon
SNS)
• Amazon CloudWatch
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
PowerShell Desired State Configuration
(DSC)
• Built into Windows and based on [DSCLocalConfigurationManager()]
open standards; also available for configuration LCMConfig
Linux {
Node ‘localhost’ {
• Primary components:
Settings {
• Configurations
RefreshMode = ‘Push’
• Resources
ActionAfterReboot = ‘StopConfiguration’
• Local Configuration Manager (LCM)
RebootNodeIfNeeded = $false
• cmdlets – configuration script }
• Compiled to Managed }
Object Format (MOF) file }
• LCM applies resources LCM Config –OutputPath
‘C:\AWSQuickStart\LCMConfig’
Set-DscLocalConfigurationManager –Path
‘C:\AWSQuickStart\LCMConfig’
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS tools for .NET

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS tools for .NET

• AWS SDK for .NET

• AWS Toolkit for Visual Studio
• AWS Tools for Microsoft Visual Studio Team Services (VSTS)
• AWS Cloud Development Kit (CDK) for .NET

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS Tools for Microsoft Visual Studio
Team Services

Amazon Elastic AWS Lambda AWS AWS AWS Elastic AWS

Container Registry Deployment CodeDeploy CloudFormation Beanstalk Lambda
(Amazon ECR)

AWS Systems AWS Systems Amazon Amazon AWS CLI AWS Tools for
Manager Manager S3 SNS PowerShell
Parameter Store Run Command
https://github.com/aws/aws-vsts-tools/
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Publish .NET applications to AWS
Elastic Beanstalk
• Enables customers to quickly deploy and
manage applications in the AWS Cloud
without worrying about the infrastructure
• Visual Studio 2013, 2015, and 2017
supports application deployment to
Elastic Beanstalk
• Supports deploying .NET Core 1.0, 1.1,
2.0, and 2.1 web applications
• Supports deploying .NET Framework web
applications

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS Cloud Development Kit for .NET

• Define cloud infrastructure as code and provision with AWS

CloudFormation
• Use C# and other common language runtime-based languages
• Benefit from simplicity – use simple constructs rather than full
complexity
• Benefit from familiarity – develop using Visual Studio, VS Code, and
JetBrains Rider
• Use built-in best practices
• Create and share custom constructs

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS code services

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
 AWS CodePipeline

AWS Source Build Test Deploy Production

CodePipeline
Plug and play a variety of tools across continuous integration
and continuous delivery (CI/CD) stages

Pull source code from Build with Test with Deploy with
• AWS CodeCommit • AWS CodeBuild • AWS CodeBuild • AWS CloudFormation
• Amazon ECR • CloudBees • AWS Device Farm • AWS CodeDeploy
• Amazon S3 • Jenkins • BlazeMeter • Amazon Elastic Container Service
• GitHub • Solano CI • Ghost Inspector (Amazon ECS)
• TeamCity • HPE StormRunner Load • AWS Elastic Beanstalk
• Nouvola • AWS OpsWorks Stacks
• Runscope • AWS Service Catalog
© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved. • XebiaLabs
AWS CodeStar

• Create, manage, and work with software development projects on AWS

• Develop, build, and deploy application
• Project creates and integrates AWS services for a project development toolchain
• Toolchain might include source control, build, deployment, virtual servers, serverless resources, and more.
• Manages the permissions required for project users, who are called team members
• Add users as team members to a project, and grant access to a project and its resources

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Summary

In this module, you learned how to:

• Use AWS to build and run .NET applications
• Identify the tools available to build architectures that support .NET
• Identify available code management services and code build
architectures
• Use AWS PowerShell to automate functions from scripted solutions

© 2020 Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Course evaluation

• Please answer the course evaluation:

1. https://www.aws.training/
2. My Account -> Transcript
3. Archived
4. Evaluate
Thank You

© 2020 Amazon Web Services, Inc. or its affiliates. All rights reserved. This work may not be reproduced or redistributed, in whole or in part, without prior written permission
from Amazon Web Services, Inc. Commercial copying, lending, or selling is prohibited. Corrections, feedback, or other questions? Contact us at
https://support.aws.amazon.com/#/contacts/aws-training. All trademarks are the property of their owners.