design for failure
build loosely-coupled systems
design for dynamism
build security in every layer
don't fear constraints
use many storage options
Managing your
AWS cloud
Steve Riley
Sr. Technical Program Manager
Amazon Web Services
steriley@amazon.com
@steveriley    @awscloud
http://stvrly.wordpress.com
CloudFront
1. store your objects in Amazon S3
2. create a distribution
3. (opt) assign a DNS CNAME
4. (opt) enable logging
5. (opt) enable digital signatures
    for controlled distribution
origin (S3)
CloudFront
copy
"fetch"
1st client
2nd client
popular content
media files
software distribution

pay as you go
no negotiated rates
no contracts
1 G / sec, 1000 req /sec (ask for more)

soon: streaming protocols
monitoring
CloudWatch
Amazon EC2 and ELB
CPU utilization
disk reads and writes
network traffic
request count and latency

1-minute intervals
rolling two-week history
save to S3 for longer retention
Auto Scaling
enabled by CloudWatch
no additional charge
scale up or down at thresholds you define
metrics monitored by CloudWatch

command-line API tools only
can set "no-more-than" limits
Elastic Load
Balancing
included with Amazon EC2
single DNS name for group
balances across all instances in group
stops routing to unhealthy instances
HTTP and HTTPS
single or multiple availability zones
command-line API tools only
is an EC2 instance under-the-hood
AWS SLAs
Amazon EC2: 99.95%
Amazon S3: 99.9%
Virtual
Private Cloud
your cloud, isolated from ours (and everyone else's)
your IP address range (no NAT)
your security rules and policies
IPsec ESP tunnel mode, IKE-PSK, AES-128, HMAC-SHA-1, PFS

domain join and create trusts
configure and manage with System Center
your cloud, isolated from ours (and everyone else's)
your IP address range (no NAT)
your security rules and policies
IPsec ESP tunnel mode, IKE-PSK, AES-128, HMAC-SHA-1, PFS

domain join and create trusts
configure and manage with System Center
build a test environment
model and establish a greenfield production environment
create branch office and business unit networks
isolate legacy and experimental applications from your corpnet
establish a disaster recovery and business continuity plan
stream applications and create virtual desktop environments
cloud architecture 101: scalability
design for failure
everything fails, all the time
assume everything fails and design backwards
  ------------------------------------------------------------
Elastic IP, multiple AZs, EBS, CloudWatch
more loosiness means more scale
create independent components
  ------------------------------------------
ELB, Simple Queue Service
don't assume health or fixed location
design for routine launches and terminations
  ----------------------------------------------------------
Auto Scaling, ELB, configuration databases in SimpleDB
physical security is free
network security is relatively easy
you still need to write secure applications
  ------------------------------------------------------
security groups, address restrictions, encryption
need more RAM? -- start more instances; create distributed cache
need more I/O? -- cluster multiple read-only databases, shard across nodes
need better config? -- keep thinking elasticity, elasticity :)
need static IP? -- maybe storing configs in SimpleDB is an alternate choice
typical web app architecture
use S3 for object storage
add CloudFront for performance
use Amazon EC2 for application
use Amazon EC2 for data processing
add EBS for data storage
incorporate Amazon SQS for loosiness
finish with SimpleDB for logs, metadata, ...