AWS Architecting and Ecosystem

 AWS Architecting and Ecosystem

Well Architected Framework General Guiding Principles

  • Stop guessing your capacity needs
  • Test systems at production scale
  • Automate to make architectural experimentation easier
  • Allow for evolutionary architectures
    • Design based on changing requirements
  • Drive based on changing requirements
  • Improve through game days
    • Simulate applications for flash sale days

AWS Cloud Best Practices - Design Principles

  • Scalability: vertical & horizontal
  • Disposable Resources: servers should be disposable & easily configured
  • Automation: Serverless, Infrastructure as a Service, Auto Scaling....
  • Loose Coupling:
    • Monolith are applications that do more and more over time, become bigger
    • Break it down into smaller, loosely coupled components
    • A change or a failure in one component should not cascade to other components
  • Services,  not Servers:
    • Don't use just EC2
    • Use managed services, databases, serverless, etc...

Well Architectural Framework 6 Pillars

  1. Operational Excellence
  2. Security
  3. Reliability
  4. Performance Efficiency
  5. Cost Optimization
  6. Sustainability
They are not something to balance, or trade-offs, they're a synergy.

1. Operational Excellence

  • Includes the ability to run and monitor systems to deliver business value and to continually improve supporting processes and procedures
  • Design Principles
    • Perform operations as code - Infrastructure as code
    • Make frequent, small, reversible changes - So that in case of any failure, you can reverse it
    • Refine operations procedures frequently - And ensure that team members are familiar with it
    • Anticipate failure
    • Learn from all operational failures
    • Use managed services - to reduce operational burden
    • Implement observability for actionable insights - performance, reliability, cost....

Prepare

  • AWS Cloudformation
  • AWS Config

Operate

  • AWS Cloudformation
  • AWS Config
  • AWS CloudTrail
  • Amazon CloudWatch
  • AWS X-Ray

Evolve

  • AWS Cloudformation
  • AWS CodeBuild
  • AWS CodeCommit
  • AWS CodeDeploy
  • AWS CodePipeline

2. Security

  • Includes the ability to protect information, systems and assets while delivcring business value through risk assessments and mitigation strategies
  • Design Principles:
    • Implementing a strong identity foundation - Centralize privilege management and reduce (or even eliminate) reliance on long-term credentials - Principle of least privilege - IAM
    • Enable traceability - Integrate logs and metrics with systems to automatically respond and take action
    • Apply security at all layers - Like edge network, VPC, subnet, load balancer, every instance, operating system and application
    • Automate security best practices
    • Protect data in transit and at rest - Encryption, tokenization and access control
    • Keep people away from data - Reduce or eliminate the need for direct access or manual processing of data
    • Prepare for security events - Run incident response simulations and use tools with automation to increase your speed for detection, investigation and recovery
  • AWS Services
    • Identity and Access Management
      • IAM
      • AWS-STS
      • MFA Token
      • AWS Organizations
    • Detective Controls
      • AWS Config
      • AWS CloudTrail
      • Amazon CloudWatch
    • Infrastructure Protection
      • Amazon CloudFront
      • Amazon VPC
      • AWS Shield
      • AWS WAF
      • Amazon Inspector
    • Data Protection
      • KMS
      • S3
      • Elastic Load Balancing (ELB)
      • Amazon EBS
      • Amazon RDS
    • Incident Response
      • IAM
      • AWS CloudFormation
      • Amazon CloudWatch Events

3. Reliability 

  • Ability of a system to recover from infrastructure or service disruptions, dynamically acquire computing resources to meet demand and mitigate disruptions such as misconfigurations or transient network issues
  • Design Principles
    • Test recovery procedures - Use automation to simulate different failures or to recreate scenarios that led to failures before
    • Automatically recover from failure - Anticipate and remediate failures before they occur
    • Scale horizontally to increase aggragate system availability - Distribute requests across multiple, smaller resources to ensure that they don't share a common point of failure
    • Stop guessing capacity - Maintian the optimal level to satisfy demand without over or under provisioning - Use Auto Scaling
    • Manage change in automation - Use automation to make changes to infrastructure
  • AWS Services
    • Foundations
      • IAM
      • Amazon VPC
      • Service limits/Service Quotas
      • AWS Trusted Advisor
    • Change Management
      • AWS Auto Scaling
      • Amazon CloudWatch
      • AWS CloudTrail
      • AWS Config
    • Failure Management
      • Backups
      • AWS CloudFormation
      • Amazon S3
      • Amazon S3 Glacier
      • Amazon Route 53

4. Performance Efficiency

  • Includes the ability to use computing resources efficiently to meet system requierments and to maintain that efficiency as demand changes and technologies evolve
  • Design Principles
    • Democratize advanced technologies - Advance technologies become services and hence you can focus more on product development
    • Go global in minutes - Easy deployment in multiple regoins
    • Use serverless architectures - Avoid burden of managing servers
    • Experiment more often - Easy to carry out comparative testing
    • Mechanical sympathy - Be aware of all AWS services
  • AWS services
    • Selection
      • AWS Auto Scaling
      • AWS Lambda
      • Amazon Elastic Block Store (EBS)
      • Amazon RDS
    • Review
      • AWS CloudFormation 
      • AWS News Blog
    • Monitoring
      • Amazon CloudWatch
      • AWS Lambda
    • Tradeoffs
      • Amazon RDS
      • Amazon ElastiCache
      • AWS Snowball
      • Amazon CloudFront

5. Cost Optimization

  • Includes the ability to run systems to deliver business value at the lowest price point
  • Design Principles
    • Adopt a consumption mode - Pay only for what you use
    • Measure overall efficiency - Use CloudWatch
    • Stop spending money on data center operations - AWS does the infrastructure part and enables customer to focus on organization projects
    • Analyze and attribute expenditure - Accurate identification of system usage and costs, helps measure return on investment (ROI) - Make sure to use tags
    • Use managed and application level services to reduce cost of ownership - As managed services operate at cloud scale, they can offer a lower cost per transaction or service
  • AWS services
    • Expenditure Awareness
      • AWS Budgets
      • AWS Cost and Usage Report
      • AWS Cost Explorer
      • Reserved Instance Reporting
    • Cost-Effective Resources
      • Spot Instance
      • Reserved Instance
      • Amazon S3 Glacier
    • Matching supply and demand
      • AWS Auto Scaling
      • AWS Lambda
    • Optimizing Over Time
      • AWS Trusted Advisor
      • AWS Cost and Usage Report

6. Sustainability

  • The sustainability pillar focuses on minimizing the environment impacts of running cloud workloads
  • Design Principles
    • Uderstand your impact - establish performance indicators, evaluate imporvements
    • Establish sustainability goals - Set long-term goals for each workload, model return on investment (ROI)
    • Maximize utilization - Right size each workload to maximize the energy efficiency of the underlying hardware and minimize idle resources.
    • Anticipate and adopt new, more efficient hardware and software offerings - and design for flexibility to adopt new technologies over time.
    • Use managed services - Shared services reduce the amount of infrastructure, Managed services help automate sustainability best practices as moving infrequent accessed data to cloud storage and adjusting compute capacity
    • Reduce the downstream impact of your cloud workloads - Reduce the amount of energy or resources required to use your services and reduce the need for your customers to upgrade their devices
  • AWS services
    • EC2 Auto Scaling, Serverless Offering (Lambda, Fargate)
    • Cost Explorer - AWS Graviton 2, EC2 T instances, Spot Instances
    • EFS-IA, Amazon S3 Glacier, EBS Cold HDD volumes
    • S3 Lifecycle Configurations, S3 Intelligent Tiering
    • Amazon Data Lifecycle Manager
    • Read Local, Write Global: RDS Read Replicas, Aurora Global DB, DynamoDB Global Table, CloudFront

AWS Well-Architected Tool

  • Free tool to review your architectures against the 6 pillars Well-Architected Framework and adopt architectural best practices
  • How does it work?
    • Select your workload and answer questions
    • Review your answers against the 6 pillars
    • Obtain advice: get videos and documentations, generate a report, see the results in a dashboard
  • Let's have a look: https://console.aws.amazon.com/wellarchitected

AWS Customer Carbon Footprint Tool

  • Track, measure, review and forecast the Carbon emissions generated from your AWS usage
  • Helps you meet your own sustainability goals
  • It is present in Billing portal

AWS Cloud Adoption Framework (AWS CAF)

  • Helps you build and then execute a comprehensive plan for your digital transformation through innovative use of AWS
  • Created by AWS professionals by taking advantage of AWS Best Practices and lessons learned from 1000s of customers
  • AWS CAF identifies specific organizational capabilities that underpin successful cloud transformations
  • AWS CAF groups its capabilities in six perspectives:
    • Business 
    • People
    • Governance
    • Platform
    • Security
    • Operations

CAF Perspectives and Foundational Capabilities

Business Capabilities

  • Business Perspective - helps ensure that your cloud investments accelerate your digital transformation ambitions and business outcomes
  • People Perspective - serves as a bridge between technology and business, accelerating the cloud journey to help organizations more rapidly evolve to a culture of continous growth, learning and where change becomes business-as-normal, with focus on culture, organizational structure, leadership and workforce
  • Governance Perspective - helps you orchestrate your cloud initiatives while maximizing organizational benefits and minimizing transformation-related risks.
  • Business Capabilities 
    • Strategy Management
    • Portfolio Management
    • Innovation Management
    • Product Management
    • Strategic Partnership
    • Data Monitization
    • Business Insight
    • Data Science
  • People
    • Culture Evolution
    • Transformational Leadership
    • Cloud Fluency
    • Workforce Transformation
    • Change Acceleration
    • Organization Design
    • Organizational Alignment
  • Governance
    • Program and Project Management
    • Benefits Management
    • Risk Management
    • Cloud Financial Management
    • Application Portfolio Management
    • Data Governance
    • Data Curation

Techinical Capabilities

  • Platform Perspective - helps you build an enterprise-grade, scalable, hybrid cloud platform, modernize existing workloads, and implement new cloud-native solutions
  • Security Perspective - helps you achieve the confidentiality, integrity and availability of your data and cloud workloads
  • Operations Perspective - helps ensure that your cloud services are delivered at a level that meets the needs of your business
  • Platform
    • Platform Architecture
    • Data Architecture
    • Platform Engineering
    • Data Engineering
    • Provisioning and Orchestration
    • Modern Application Development
    • Continous integration and Continous Delivery
  • Security
    • Security Governance
    • Security Assurance
    • Identity and Access Management
    • Thread Detection
    • Vulnerability Management
    • Infrastructure Protection
    • Data Protection
    • Application Security
    • Incident Response
  • Operations
    • Observability
    • Event Mangement (AIOps)
    • Incident and Problem Management
    • Change and Release Management
    • Performance and Capacity Management
    • Configuration Management
    • Patch Management
    • Availability and Continuity Management
    • Application Management

AWS CAF - Transformation Domains

  • Technology - using the cloud to migrate and modernize legacy infrastructure, applications, data and analytics platforms....
  • Process - digitizing, automating and optimizing your business operations
    • leveraging new data and analytics platforms to create actionable insights
    • using machine learning (ML) to improve your customer service experience...
  • Organization - Reimagining your operating model
    • Organizing your teams around products and value strams
    • Leveraging agile methods to rapidly iterate and evolve
  • Product - reimagining your business model by creating new value propositions (products & services) and revenue models 

AWS CAF - Transformation Phases

  • Envision - demonstrate how the Cloud will accelerate business outcomes by identifying transformation opportunities and create a foundation for your digital transformation
  • Align - identify capability gaps across the 6 AWS CAF Perspectives which results in an Action Plan
  • Launch - build and deliver pilot initiatives in production and demonstrate incremental business value
  • Scale - expand pilot initiatives to the desired scale while realizing the desired business benefits

AWS Right Sizing

  • EC2 has many instance types, but choosing the most powerful instance type isn't the best choice, because the cloud is elastic
  • Right sizing is the process of matching instance types and sizes to your workload performance and capacity requirements at the lowest possible cost
  • Scaling up is easy so always start small
  • It's also the process of looking at deployed instances and identifying opportunities to eliminate or downsize without compromising capacity or other requirements, which results in lower costs
  • It's important to Right size....
    • before a Cloud Migration
    • continously after the cloud onboarding process (requirements change over time)
  • CloudWatch, Cost Explorer, Trusted Advisor, 3rd party tools can help

AWS Ecosystem - Free Resources

  • AWS Blogs
  • AWS Forums (community)
  • AWS Whitepapers & Guides
  • AWS Solutions Library (formerly Quick Starts)
    • Vetted Technology Solutions for the AWS Cloud
    • Example: live streaming on AWS

AWS Ecosystem - AWS Support

  • Developer
    • Business hours email access to Cloud Support Associates
    • General guidance - < 24 business hours
    • System impaired - < 12 business hours
  • Business 
    • 24*7 phone, email and chat access to Cloud Support Engineers
    • Production system impaired < 4 hours
    • Production system down < 1 hour
  • Enterprise
    • Access to a Technical Account Manager (TAM)
    • Concierge Support Team (for billing and account best practices)
    • Business-critical system down < 15 minutes

AWS Marketplace

  • Digital catalog with thousands of software lisitings from independent software vendors (3rd party)
  • Example:
    • Custom AMI (custom OS, firewalls, technical solutions...)
    • CloudFormation templates
    • Software as a Service
    • Containers
  • If you buy thorugh the AWS Marketplace, it goes into your AWS bill
  • You can sell your own solutions on the AWS Marketplace

AWS Training

  • AWS Digital (online) and Classroom Training (in-person or virtual)
  • AWS Private Training (for your organization)
  • Training and Certification for the US Government
  • Training and Certification for the Enterprise
  • AWS Academy - helps universities teach AWS
  • Online teacher

AWS Professional Services & Partner Network

  • The AWS Professional Services organization is a global team of experts
  • They work alongside your team and a chosen member of the APN
  • APN - AWS Partner Network
  • APN Technology Partners - providing hardware, connectivity, and software
  • APN Consulting Partners - professional services firm to help build on AWS
  • APN Training Partners - find who can help you learn AWS
  • AWS Competency Program - AWS Competencies are granted to APN Partners who have demonstrated technical proficiency and proven customer success in specialized solution areas
  • AWS Navigate Program - help Partners become better Partners

AWS IQ

  • Quickly find professional help for your AWS projects
  • Engage and pay AWS Certified 3rd party experts for on-demand project work
  • Video-conferencing, contract management, secure collaboration, integrated billing
  • For Customers
    • Submit Request - describe your project
    • Review Responses - Connect to experts (requirements & timelines)
    • Select expert - Based on rates, experiences....
    • Work Securely - Give experts appropriate access to your AWS account
    • Pay per Milestone - Charges added into your AWS Bill
  • For Experts
    • Create Profile - Photo, bio, certs...
    • Connect with Customers
    • Start a Proposal - work description, price, milestones, ....
    • Work Securely - Get appropriate access to customers AWS account
    • Get Paid - Request payment after milestones are met

AWS re:Post

  • AWS-managed Q&A service offering crowd-sourced, expert-reviewed answers to your technical questions about AWS that replaces the original AWS Forums
  • Community members can earn reputation points to build up their community expert status by providing accepted answers and reviewing answers from other users
  • Questions from AWS Premium Support customers that do not receive a response from the community are passed on to AWS Support engineers
  • AWS re:Post is not intended to be used for quesitons that are time-sentivite or involve any proprietary information

AWS re:Post - Knowledge Center

  • Contains the most frequent & common questions and requests

AWS Managed Services (AMS)

  • Provides infrastructure and application support on AWS
  • AMS offers a team of AWS experts who manage and operate your infrastructure for security, reliability and availability
  • Helps organizations offload routine management tasks and focus on their business objectives
  • Fully managed service, so AWS handles common activities such as change requests, monitoring, patch management, security and backup services
  • Implements best practices and maintains your AWS infrastructure to reduce your operational overhead and risk
  • AMS business hours are 24/365

Steps:

  • AWS Managed Services
  • Enable - Create a baseline governance and control model using inputs from people, process, and tool sets
  • Sustain, Build or Migrate - Determine the fastest and most efficient way to integrate, develop and migrate your workloads
  • Operate - Achieve operational outcomes at scale, anywhere, through observability, compliance and financial management
  • Improve Security
  • Focus on Automation
  • Stronger Compliance
  • Reduced Operating Costs
  • Simplified Management
  • Frictionless Innovation


Comments

Post a Comment

Popular posts from this blog

Machine Learning

Image
 Machine Learning Amazon Rekognition Find objects, people, text, scenes in images and videos using ML Facial analysis and facial search to do user verification, people counting Create a database of "familiar faces" or compare against celebrities Use cases: Labeling Content Moderation Text Detection Face Detection and Analysis (gender, age ranges, emotions...) Face Search and Verification Celebrity Recognition Pathing (ex: for sports game analysis) Amazon Transcribe Automatically convert speech to text Uses a deep learning process called automatic speech recognition (ASR) to convert speech to text quickly and accurately Automatically remove Personally Identifiable Information (PII) using Redaction Supports Automatic Language Identification for multi-lingual audio Use cases: transcribe customer service calls automate closed captioning and subtitling generate metadata for medis assets to create a fully searchable archive Amazon Polly Turn text into lifelike speech using deep lea...
Read more

Cloud Computing and IT

Image
Cloud Computing and IT How Website work?   Server composed of: Compute, memory, storage(file or database), network - Routers, switch, DNS server. IT terminology: Network: cables, routers and servers connected with each other. Router: A networking device that forwards data packets between computer networks. They know where to send your packets on the internet. Switch: takes a packet and send it to the correct server/client on your network. Problems: Pay rent for datacenter Pay for power, cooling and maintenance Adding and replacing hardware takes time Scaling is limited Hire 24/7 team to monitor the infrastructure Plan for taking care of disasters. eg: Earth-Quake, Power-Supply issue etc... Demand: How to externalize all above task? Solution: Cloud Cloud Computing: (on-demand/pay-as-you-go/) Cloud computing is the on-demand delivery of compute power, database storage, applications and other IT resources. Cloud services are pay-as-you-go pricing. Provision exactly the right type and ...
Read more

Cloud Monitoring

Image
 Cloud Monitoring Amazon CloudWatch Metrics CloudWatch provides metrics for every services in AWS Metric is a variable to monitor ( CPUUtilization, Networking...) Metrics have timestamps Can create CloudWatch dashboards of metrics Important Metrics EC2 instances: CPU Utilization, Status Checks, Network (not RAM) Default metrics every 5 minutes Option for Detailed Monitoring ($$$): metrics every 1 minute EBS volumes: Disk Read/Writes S3 buckets: BucketSizeBytes, NumberOfObjects, AllRequests Billing: Total Estimated Charge (only in us-east-1) Service Limits: how many you've been using a service API Custom mertics: push your own metrics Amazon CloudWatch Alarms Alarms are used to trigger notifications for any metric Alarms actions Auto Scaling: increase or decrease EC2 instances "desired" count EC2 Actions: stop, terminate, reboot or recover an EC2 instance SNS notifications: send a notification into an SNS topic Various options (sampling, %, max, min, etc...) Can choose the...
Read more