AWS Design Architecture Exercise

Exercise 1: Build a Hybrid Architecture

Task: Use a diagramming tool to design an architecture that meets the needs of the
provided customer.

Customer: An ad-serving company that currently runs their application and corporate
infrastructure in a data center, but wants to move some of their operations onto AWS.
We'll provide you with a list of diagramming tools and some instructions to get you started.

Customer's needs: The customer wants to leverage AWS for ad-serving while maintaining
the log processing infrastructure on-premises.
As the ad-serving infrastructure will be spread between AWS and on-premises, they need a
highly available private connection to the AWS cloud.
With their rapid growth, they also want to outsource the monitoring of their ad service to a
third party.
The third party, also running on AWS, needs access to a web service that grants monitoring
access and enables them to submit tickets to the customer's internal support ticketing
system.

Consider:
• Is there a need for more than one VPC? More than one account?
• How will you manage authentication?
• What permissions will each user (support, ad-request client, monitoring) need?
• Which subnets will be public? What traffic will be allowed by the security
groups/Network ACLs?
• Which layers need Auto Scaling?
• How will the infrastructure be deployed/updated?
• What about environments for the dev teams?
• How will you manage changes to infrastructure made by the support team?
 • How will you ensure that the third party has least privileged access to your internal
infrastructure?
• What networking strategies can you use to make sure the applications are as
performant as possible?

Important notes about these exercises:

• While you should be using the knowledge you've gained in the course so far and in
your career, there isn't necessarily one correct solution to this exercise; think outside
the box where possible, but be prepared to defend your decision.
• Feel free to work on your own, in pairs, or in groups.
• You can also use AWS documentation or any other online resource to design your
architecture.
• Feel free to leverage third party applications (such as from AWS Marketplace) or
other solutions not discussed in the prior modules.
• Since this is a hypothetical scenario, you are free to make assumptions about the
customer and their application wherever those details have not been specified in the
materials. Be sure to explain your assumptions if you present your solution to the
class.

Next steps:
• The following slides include a list of diagramming tools that you are free to use to
create your solution. We have also provided instructions on how to get started with
these tools.
• You are also free to use whatever tool you'd like to create the solution. You can even
build your own using the simple icons toolset located at
https://aws.amazon.com/architecture/icons/ (clickable link in the notes)
• Once your solution is complete, if you'd like, you can use your tool's export, publish,
or share function to provide your instructor with access to your diagram. When it's
time to discuss solutions from the class, your instructor can use this to display your
solution.

Tools:
Here are some free tools to create diagrams for the exercises:
• Creately (top-down, no registration required)
• Draw.io (top down, no registration required)
• Cloudcraft (isometric view diagrams, registration required)
Note: If you use Cloudcraft, the free version has a size limit.
It is likely that you will need to create multiple, smaller diagrams.

Creately instructions:
1. Click Start Drawing Now.
2. Once Creately has loaded, you will need to load the AWS icons into your objects
panel.
3. To do this, click + Get More Objects at the bottom left corner of your page.
4. In the menu that appears, select the check box for Amazon Web Services and click
Load.
 5. The default diagram provides some helpful tips on how to use Creately. You can also
see a list of keyboard shortcuts for Creately by clicking Help on the right side of the
page.
6. To add an object, drag it from the bar on the left onto the page.
7. Once on the page, a menu appears above any object you've selected that offers
several buttons that help you connect that object to other objects as well as layer
them and add text.
8. You can add a comment to an object by selecting the object, clicking Comments on
the right side of the page, and typing in the text box that appears.
9. Only one object category can be shown at a time in Creately. You can expand an
object category (such as Compute & Networking) by clicking the name of the
category in the menu.
10. To share your diagram, click the green Share icon, click Invite Collaborators, and add
your instructor's email to the list. That will send them a link to your diagram.

Draw.io instructions:
1. If you're prompted to ask where to save your diagrams, you can select your
preference or click
Decide later if you'd prefer.
2. Click Help. In the drop-down list that appears, click Quick start video… to watch a
very short video that explains some of the important features of Draw.io.
3. Draw.io has all of the icons from the AWS Simple Icons set as well as some additional
icons.
4. While service icons are grouped by their normal AWS functional category, group
boundaries (Region, AZ, VPC, etc.) are located in the AWS / Groups section.
5. Once you've dropped an icon onto the page, you can add connectors by selecting the
icon, and then holding CTRL and clicking one of the blue arrows on the side, top and
bottom of the icon. If you want to clone the icon and automatically connect the two,
don't hold CTRL when you click the arrow.
6. To change the type of the connector that appears, use these options at the top of
the page:
7. To add shapes that are not AWS icons, click View, and in the drop-down list, click
Shapes…
8. In the File menu, you can use the Publish or Export options to share your diagram.

Cloudcraft instructions:
WARNING: If you use Cloudcraft, you will most likely have to break up your solution into
several diagrams, as the free version limits how large your diagrams can be.
1. Follow the instructions to sign up for a new account, if you don't already have one.
You can sign in with your Google account, or create a brand new account if you'd
prefer.
2. You'll start with the AWS Web App Reference Architecture.
3. In the upper right hand corner, click the icon for your account. It should look like
this:
4. In the drop-down list, click Start tutorial.
5. In the menu that appears, click SHOW ME.
6. Follow the instructions in the tutorial to learn how to use Cloudcraft.
 7. While there are many service icons available, some diagram elements such as region
and VPC boundaries are not built in. To add these to your diagram, use the AREA
shape and add a text box to the shape to describe what it represents.
8. For services that do not have shapes available, you can add them to the blueprint
using the ICON shape, and from the Icon set drop-down list, selecting AWS Simple.

Design Exercise 2: Big Data and Multi-Region Architectures

Task:
Modify the customer's new architecture to accommodate their new requirements.
Customer:
The customer is growing rapidly and would like to migrate its entire infrastructure into AWS.
It also needs its ad-serving application to be available in another region.
Customer's needs: The log processing solution needs to be moved into AWS. Currently, they
process their logs running on clustered servers running Hive on Hadoop.
They have accumulated a large amount of user behavior data in their logs, and will have to
transfer 6 TB over their 100Mbps Internet connection to AWS (assume this to be true
regardless of how you connected their on-prem infrastructure to AWS in the last exercise or
what cloud storage solution you may have used).
They would also like to perform analysis on their ad data, but don't want that analysis to
impact the performance of their database.
Finally, they need their ad-serving service to be available in a second region, but services in
both regions need to store and draw from identical pools of log data.

Consider:
• How will you execute migration of the data? How can you minimize or
potentially avoid downtime for the application during this period, without
data getting out of sync?

• How will resources be shared between the two regions?

• Will your multi-region solution have failover? If so, how will it work?

• Can you improve on the performance of the database in any way?

• Are you following SOA principles? Can your services be bounded into micro-
services?