2016 utah cloud summit: architecting on aws - best practices
TRANSCRIPT
Architecting on AWS:Best PracticesAsha Chakrabarty, AWS Solutions Architect
The AWS Well-Architected Framework
• Increase awareness of architectural best practices• Addresses foundational areas that are often
neglected • Consistent approach to evaluating architectures• Composed of:
• Pillars• Design principles• Questions
Pillars of Well-Architected
Security Reliability Performance Efficiency
Cost Optimization
Security
• The ability to protect information, systems, and assets while delivering business value through risk assessments and mitigation strategies.
• Data protection• Privilege management• Infrastructure protection• Detective controls
Security is shared between AWS and you
AWS Foundation ServicesCompute Storage Database Networking
AWS Global Infrastructure Regions
Availability Zones
Edge Locations
Client-side Data Encryption
Server-side Data Encryption
Network Traffic Protection
Platform, Applications, Identity & Access Management
Operating System, Network, & Firewall Configuration
Customer applications & contentCu
stom
ers
Customers have their choice of security configurations IN the Cloud
AWS is responsible for the security OFthe Cloud
Key AWS Services for Security• Data Protection:
- Elastic Load Balancer- Amazon EBS, Amazon S3, Amazon RDS, AWS KMS
• Privilege Management: - AWS IAM, MFA
• Infrastructure Protection: - Amazon VPC
• Detective Controls: - AWS CloudTrail- Amazon CloudWatch- AWS Config
Reliability
• The ability of a system to recover from infrastructure or service failures, dynamically acquire computing resources to meet demand, and mitigate disruptions such as misconfigurations or transient network issues.
• Foundations• Change management• Failure management
Key AWS Services for Reliability• Foundations:
- AWS IAM- Amazon VPC
• Change Management: - AWS CloudTrail- AWS Config
• Failure Management: - AWS CloudFormation
Performance Efficiency
• The ability to use computing resources efficiently to meet system requirements, and to maintain that efficiency as demand changes and technologies evolve.
• Compute• Storage• Database• Go Global
Key AWS Services for Performance Efficiency• Compute: Auto Scaling • Storage:
- Amazon EBS- Amazon S3- Amazon Glacier
• Database: - Amazon RDS - Amazon DynamoDB
• Go Global: - Global presence with regions spanning the globe- Amazon CloudFront
Cost Optimization
• The ability to avoid or eliminate unneeded cost or suboptimal resources.
• Matched supply and demand • Cost-effective resources • Expenditure awareness• Optimizing over time
Key AWS Services for Cost Optimization• Matched supply and demand: Auto Scaling • Cost-effective resources:
- Reserved Instances (RI): prepaid capacity to reduce your cost- AWS Trusted Advisor: inspect your AWS environment and find
opportunities to save money. • Expenditure awareness:
- Amazon CloudWatch alarms - Amazon Simple Notification Service (SNS) notifications
• Optimizing over time: - The AWS Blog and What’s New section on the AWS website - AWS Trusted Advisor
Design Principles
• The Well-Architected Framework has identified a set of design principles to facilitate good design in the cloud:
• General design principles• Pillar-specific design principles
Automate responses to security events: Monitor and automatically trigger responses to event-driven, or condition-driven, alerts.
Questions
• A set of questions you can use to evaluate how well an architecture is aligned to AWS best practices.
Next Steps
• Read the whitepaper• Apply it to your architectures• Schedule time for an architectural review with
your Solutions Architect
Thank you!