AWS Summit 2017


Amazon CTO - Werner

Services Overview

Firewall not enough, protect components.

Security by design:

  • AWS Inspector
  • AWS Shield for DDOS
  • Types of instance families

  • Lambda & Step functions
  • X-Ray
  • DynamoDB
  • DynamoDB Accelerator
  • Database Migration Service
  • Aurora MySQL and Postgres
  • Big data - Redshift and EMR

DVLA and BP downstream case study

Deliveroo case study

Kinesis as events stream with Lambda processing.

Data Warehouse in s3 using Snowflake and Looker.

Elasticsearch for priority users.

AI as a Service

  • Lex
  • Polly
  • Image Recognition

Ocado warehouse case study

Kinesis 100000 events per second

Anyone can do AI as service

Security at Scale

Control at security group level - no box access.

Cloud more secure than on premise:

  • can define security templates that can be iterated on
  • easier to patch or patches managed
  • define VPC and subnets at operations level

Deep Dive on Microservices & ECS

Characteristics of Microservices

Decentralised, Polyglot, Independent, Do one thing well, black box, you build it - you run it.

ECS Benefits

  • Worry more about app running & less about scaling.
  • Stream events to CloudWatch.

User the console; it’s quicker to get started.


  1. Create cluster - empty box
  2. Create Task - describes service
  3. Use Task to run service
  4. Scale up or down using cli or based on CloudWatch alarms & Autoscaling

Deep Dive: X-Ray

AWS X-Ray helps you debug and analyze your microservices applications with request tracing so you can find the root cause of issues and performance bottlenecks.

Use cases

  • Understand your dependencies
  • Visualise services as a map
  • Dig down into map to view details
  • Gives real time telemetry of how production systems are running


  • First 100000 traces free
  • First 1000000 trace retrievals free

Compatible services

ELB, Lambda, API Gateway, EC2, Elastic Beanstalk

Compatible with third party services at network level.

Deep Dive: S3

Highly scalable object storage.


S3 Standard - CDN, Big Data Analytics, Static Sites.

S3 Infrequent - Backups and Disaster Recovery.

Amazon Glacier - Archives and digital preservation. Replacement for tape.

Data Collection

  • Snowball device
  • Direct Connect
  • Kinesis Firehose


  • S3 Analytics
  • Lifecycle policies


Serve your frontend from S3.

Enable versioning and MFA on file deletions.

User tags instead of treating like a file system.

Dynamic Applications

  • Amazon Athena - Store JSON in S3 and query as SQL using Presto SQL subset
  • Redshift Spectrum -
  • Index data using Elastic Search
  • Trigger Lambdas on S3 events
  • Can automatically trigger SNS and push things into SQS


  • Upload photo and do post processing
  • Upload data and analyse

Use data as Event Triggers