Posts

AWS Architecting and Ecosystem

Image
 AWS Architecting and Ecosystem Well Architected Framework General Guiding Principles Stop guessing your capacity needs Test systems at production scale Automate to make architectural experimentation easier Allow for evolutionary architectures Design based on changing requirements Drive based on changing requirements Improve through game days Simulate applications for flash sale days AWS Cloud Best Practices - Design Principles Scalability: vertical & horizontal Disposable Resources: servers should be disposable & easily configured Automation: Serverless, Infrastructure as a Service, Auto Scaling.... Loose Coupling: Monolith are applications that do more and more over time, become bigger Break it down into smaller, loosely coupled components A change or a failure in one component should not cascade to other components Services,  not Servers: Don't use just EC2 Use managed services, databases, serverless, etc... Well Architectural Framework 6 Pillars Operational Excelle...
Post a Comment
Read more

Other AWS Services

Image
 Other AWS Services Amazon WorkSpaces Managed Desktop as a Service (DaaS) solution to easily provision Windows or Linux desktops Great to eliminate management of on-premise VDI (Virtual Desktop Infrastructure) Fast and quickly scalable to thousands of users Secured data - integrates with KMS Pay-as-you-go service with monthly or hourly rates To reduce latency do create workspaces near to your office with respect to region. Amazon AppStream 2.0 Desktop Application Streaming Service Deliver to any computer, without acquiring, provisioning infrastructure The application is delivered from within a web browser Amazon AppStream 2.0 vs Workspaces Workspaces Fully managed VDI and desktop available The users connect to the VDI and open native or WAM applications Workspaces are on-demand or always on AppStream 2.0 Stream a desktop application to web browsers (no need to connect to VDI) Works with any device (that has a web browser) Allow to configure an instance type per application type (CP...
Post a Comment
Read more

Advanced Identity

Image
 Advanced Identity AWS STS (Security Token Service) Enables you to create temporary, limited privileges credentials to access your AWS resources Short-term credentials: you configure expiration period Use Cases: Identify federation: manage user identities in external systems, and provide them with STS tokens to access AWS resources IAM Roles for cross/same account access IAM Roles for Amazon EC2: provide temporary credentials for EC2 instances to access AWS resources Cognito Identity for your Web and Mobile applications users (potentially millions) Instead of creating them an IAM user, you create a user in Cognito What is Microsoft Active Directory (AD) ? Found on any Windows Server with AD Domain Services Database of objects: User Accounts, Computers, Printers, File Shares, Security Groups Centralized security management, create account assign permissions AWS Directory Services AWS Managed Microsoft AD Create your own AD in AWS, manage users locally, supports MFA Establish "trust...
Post a Comment
Read more

Account Management, Billing & Support

Image
 Account Management, Billing & Support AWS Organizations Global service Allows to manage multiple AWS accounts The main account is the master account Cost Benefits Consolidated Billing across all accounts - single payment method Pricing benefits from aggregated usage (volume discount for EC2, S3...) Pooling of Reserved EC2 instances for optimal savings API is available to automate AWS account creation Restrict account privileges using Service Control Policies (SCP) Multi Account Strategies Create accounts per department, per cost center, per dev/test/prod, based on regulatory restrictions (using SCP), for better resource isolation (ex: VPC), to have separate per-account service limits, isolated account for logging Multi Account vs One Account Multi VPC Use taging standards for billing purposes Enable CloudTrail on all accounts, send logs to central S3 account Send CloudWatch Logs to central logging account Service Control Policies (SCP) Whitelist or blacklist IAM actions Applie...
Post a Comment
Read more