AWS Summit 2017
Amazon CTO - Werner
Firewall not enough, protect components.
Security by design:
- AWS Inspector
- AWS Shield for DDOS
Types of instance families
- Lambda & Step functions
- DynamoDB Accelerator
- Database Migration Service
- Aurora MySQL and Postgres
- Big data - Redshift and EMR
DVLA and BP downstream case study
Deliveroo case study
Kinesis as events stream with Lambda processing.
Data Warehouse in s3 using Snowflake and Looker.
Elasticsearch for priority users.
AI as a Service
- Image Recognition
Ocado warehouse case study
Kinesis 100000 events per second
Anyone can do AI as service
Security at Scale
Control at security group level - no box access.
Cloud more secure than on premise:
- can define security templates that can be iterated on
- easier to patch or patches managed
- define VPC and subnets at operations level
Deep Dive on Microservices & ECS
Characteristics of Microservices
Decentralised, Polyglot, Independent, Do one thing well, black box, you build it - you run it.
- Worry more about app running & less about scaling.
- Stream events to CloudWatch.
User the console; it’s quicker to get started.
- Create cluster - empty box
- Create Task - describes service
- Use Task to run service
- Scale up or down using cli or based on CloudWatch alarms & Autoscaling
Deep Dive: X-Ray
AWS X-Ray helps you debug and analyze your microservices applications with request tracing so you can find the root cause of issues and performance bottlenecks.
- Understand your dependencies
- Visualise services as a map
- Dig down into map to view details
- Gives real time telemetry of how production systems are running
- First 100000 traces free
- First 1000000 trace retrievals free
ELB, Lambda, API Gateway, EC2, Elastic Beanstalk
Compatible with third party services at network level.
Deep Dive: S3
Highly scalable object storage.
S3 Standard - CDN, Big Data Analytics, Static Sites.
S3 Infrequent - Backups and Disaster Recovery.
Amazon Glacier - Archives and digital preservation. Replacement for tape.
- Snowball device
- Direct Connect
- Kinesis Firehose
- S3 Analytics
- Lifecycle policies
Serve your frontend from S3.
Enable versioning and MFA on file deletions.
User tags instead of treating like a file system.
- Amazon Athena - Store JSON in S3 and query as SQL using Presto SQL subset
- Redshift Spectrum -
- Index data using Elastic Search
- Trigger Lambdas on S3 events
- Can automatically trigger SNS and push things into SQS
- Upload photo and do post processing
- Upload data and analyse
Use data as Event Triggers