Post on 17-May-2015
description
transcript
Amazon Web Services
Jinesh Variajvaria@amazon.com
Technology Evangelist
Amazon Web Services
Customers in 190 Countries
Keys to choosing a Cloud
Keys to choosing a CloudSecurity and OperationalExcellence
#1Priority
InvestmentFocusMotivation
SAS 70 Type II AuditISO 27001/2 CertificationPCI DSS 2.0 Level 1-5HIPAA/SOX ComplianceFISMA A&A Low
Enforce IAM policiesUse MFA, VPC, Leverage S3
bucket policies, EC2 Security groups, EFS in EC2 Etc..
Encrypt data in transitEncrypt data at rest
Protect your AWS CredentialsRotate your keys
Secure your application, OS, Stack and AMIs
In the cloud, Security is a Shared Responsibility
Application Security
Services Security
Infrastructure Security
How we secure our infrastructure
What security options and features are available to you?
How can you secure your application and what is your responsibility?
Keys to choosing a CloudSecurity and OperationalExcellence
Keys to choosing a Cloud
Provides Flexibility and Choice
Security and OperationalExcellence
The “Living and Evolving” AWS Cloud
ComputeAmazon EC2Auto Scaling
NetworkAmazon VPC
Elastic LBAmazon Route 53
Amazon Global Physical Infrastructure (Geographical Regions, Availability Zones, Edge Locations)
StorageAmazon S3
Amazon EBS
Content DeliveryAmazon
CloudFront
EmailAmazon SES
Your Application
PaymentsAmazon DevPay
Amazon FPS
Parallel Processing
Amazon Elastic MapReduce
DatabaseAmazon RDS
Amazon SimpleDB
MessagingAmazon SNSAmazon SQS
Libraries and SDKs.NET/Java etc.
Web InterfaceManagement Console
ToolsAWS Toolkit for Eclipse
Command Line Interface
WorkforceAmazon
Mechanical Turk
Authentication and AuthorizationAWS IAM, MFA
MonitoringAmazon CloudWatch
Deployment and AutomationAWS Elastic BeanstalkAWS CloudFormation
Low-level Infrastructure building blocks
High-level Infrastructure building blocks
Tools to access services
Cross Service features
The “Living and Evolving” AWS Cloud
ComputeAmazon EC2
NetworkAmazon VPC
Elasti c LBAmazon Route 53
Amazon Global Physical Infrastructure (Geographical Regions, Availability Zones, Edge Locations)
StorageAmazon S3
Amazon EBS
Content DeliveryAmazon
CloudFront
EmailAmazon
SES
Your Applicati on
Payments
Amazon DevPayAmazon
FPS
Parallel Processing
Amazon Elasti c
MapReduce
DatabaseAmazon RDS
Amazon SimpleDB
Messaging
Amazon SNS
Amazon SQS
Libraries and SDKs
.NET/Java etc.
Web InterfaceManagement
Console
ToolsAWS Toolkit for
Eclipse
Command Line Interface
Workforce
Amazon Mechanical
Turk
Authenti cati on and Authorizati onAWS IAM, MFA
MonitoringAmazon
CloudWatch
Deployment and Automati onAWS Elasti c BeanstalkAWS CloudFormati on
Low-level Infrastructure building blocks
High-level Infrastructure building blocks
Tools to access services
Cross Service features
Keys to choosing a Cloud
Provides Flexibility and Choice
Security and OperationalExcellence
Keys to choosing a Cloud
Provides Flexibility and Choice
Listens to the customer’s requests and iterates quickly
Security and OperationalExcellence
2009Jan
» Amazon RDS» High-Memory Instances» Lower EC2 Pricing
» AWS Multi-Factor Authentication» Virtual Private Cloud» Lower Reserved Instance Pricing
» AWS Security Center
» Reserved Instances in EU Region» Elastic MapReduce» SQS in EU Region
» New SimpleDB Features» FPS General Availability
» Lower pricing tiers for Amazon CloudFront» AWS Management Console
» Amazon EC2 with Windows» Amazon EC2 in EU Region» AWS Toolkit for Eclipse» Amazon EC2 Reserved Instances » AWS Import/Export
» New CloudFront Feature» Monitoring, Auto Scaling & Elastic Load Balancing
» Amazon Elastic MapReduce in Europe
» EBS Shared Snapshots» SimpleDB in EU Region» Monitoring, Auto Scaling & Elastic Load Balancing in EU
Feb
Mar
Apr
May
JunAug
JulSep
Oct Nov
Dec
Feb
» Amazon CloudFront Private Content» SAS70 Type II Audit» AWS SDK for .NET
» Amazon EC2 with Windows Server 2008, Spot Instances, Boot from Amazon EBS» Amazon CloudFront Streaming» Amazon VPC enters Unlimited Beta» AWS Region in Northern California» International Support for AWS Import/Export
» Amazon EC2 Reserved Instances with Windows, Extra Large High Memory Instances» Amazon S3 Versioning Feature» Consolidated Billing for AWS» Lower pricing for Outbound Data Transfer
2010Jan Ma
r
» Amazon SNS
The pace of innovation in 2009
2010Jan
» Amazon RDS Read Replicas» Suse EC2 Linux» Amazon SNS Console» Amazon ELB HTTPS» AWS Free Tier» EMR Resizing Cluster
» RDS Reserved» CloudFront Default Root» Startup Challenge 2010» CloudFront Invalidation
» CloudFront HTTPS» NYC Edge Location» Lowers Pricing HTTP» AWS Import Export GA» Amazon SNS» Amazon S3 Console» Amazon EBS CloudWatch
» Amazon SNS» Combined AWS Data Transfer Savings» Amazon EMR Bootstrap Actions» Amazon ELB Session Stickiness» Amazon RDS in EU» New Singapore Region
» EMR JobFlow Debugging» Simple DB Consistent Reads» Simple DB Conditional Puts
» VPC in EU» Amazon RDS in US-west» Amazon CloudFront Access Logs» Amazon RDS Multi-AZ» Amazon S3 RRS» Amazon RDS Console
» Amazon SQS Longer retention, Free TierAmazon S3 Bucket Policies» Amazon VPC IP Address» Cluster Compute Instances» Amazon S3 RRS Notifications
» Lowered Pricing EC2» AWS IAM» Amazon VPC Console» Micro Instances» Amazon Linux AMI» Amazon EC2 Tagging, Filtering, Idempotency, » Oracle Certified AWS» AWS PHP SDK
Feb Mar
Apr May
Jun AugJul Sep Oct Nov Dec Feb
» Amazon S3 Lowered Pricing» CloudFront GA, SLA» S3 Multipart» GPGPU Instance Types» ISO27001/2 Certification
» AWS Elastic Beanstalk» Amazon Simple Email Service» Improved AWS Support “Bronze”» Amazon CloudWatch Console
» AWS CloudFormation» Amazon S3 Static Websites» AWS IAM Website Login» Paris Edge Location
2011Jan Mar
» VM Connector» Tokyo Region» AWS Support JP
And pace accelerates in 2010….
» Amazon EC2 Reserved Instances with Windows, Extra Large High Memory Instances» Amazon S3 Versioning Feature» Consolidated Billing for AWS» Lower pricing for Outbound Data Transfer
» AWS Java SDK» Windows BYOL» Singapore Pop» CloudFront Private Streaming
» Free Monitoring EC2» Amazon Route 53» PCI DSS Level 1 Certification» Mobile SDKs (Android, iPhone)» Large Object S3 Support» Florida POP» Import/Export APAC
» New VPC» Dedicated Instances» Windows2008 R2
Innovative Business Models
On-demandInstances
• Pay as you go
• Starts from 0.03/Hour
ReservedInstances
• Onetime upfront + Pay as you go
• $56 for 1 year term and then $0.01/Hour
SpotInstances
• Requested Bid Price and Pay as you go
• $0.005 /Hour as of today at 9 AM
Dedicated Instances
• Multi-Tenant Single Customer
• $10 /Region + $0.105/Hour
For Spiky workloads
For Steady State
Workloads
For Time-insensitive workloads
For Regulatory and Compliant
Workloads
Keys to choosing a Cloud
Provides Flexibility and Choice
Listens to the customer’s requests and iterates quickly
Security and OperationalExcellence
Keys to choosing a Cloud
Provides Flexibility and Choice
Listens to the customer’s requests and iterates quickly
Continues to lower costs for customers
Security and OperationalExcellence
AWS History of Lowering Prices
Apr 22, 2008 AWS Lowers Data Transfer Costs – Effective May 1Oct 09, 2008 New Tiered Pricing for Amazon S3 StorageJan 28, 2009 New Lower Pricing Tiers for Amazon CloudFrontAug 20, 2009 New Lower Prices for Amazon EC2 Reserved InstancesSep 30, 2009 New Lower Price for Windows Instances with Authentication ServicesOct 27, 2009 Announcing Lower Amazon EC2 Instance PricingDec 08, 2009 AWS Announces Pricing Changes Amazon S3 Storage Pricing Tiers Amazon S3 EU (Ireland) Pricing Amazon EC2 Windows Instance EU (Ireland) Pricing Free Inbound Data Transfer (until June 30, 2010)Feb 01, 2010 AWS Announces Lower Pricing for Outbound Data TransferApr 01, 2010 Announcing Combined AWS Data Transfer PricingMay 19, 2010 Announcing Amazon S3 Reduced Redundancy StorageJun 07, 2010 Amazon CloudFront Adds HTTPS Support, Lowers Prices, Opens NYC Edge LocationJul 01, 2010 Amazon SQS introduces Free TierSep 01, 2010 New Lower Prices for High Memory Double and Quadruple XL InstancesOct 05, 2010 Lower High Memory DB Instance Prices for Amazon RDSOct 21, 2010 Announcing AWS Free Usage Tier Nov 01, 2010 Amazon S3 Reduces Storage PricingDec 03, 2010 Amazon CloudWatch Free Monitoring
Keys to choosing a Cloud
Provides Flexibility and Choice
Listens to the customer’s requests and iterates quickly
Continues to lower costs for customers
Helps the customer compete in the Global Market
Security and OperationalExcellence
Keys to choosing a Cloud
Provides Flexibility and Choice
Listens to the customer’s requests and iterates quickly
Continues to lower costs for customers
Helps the customer compete in the Global Market
Security and OperationalExcellence
US West(Northern California)
US East(Northern Virginia)
Europe West(Dublin)
Asia Pacific Region
(Singapore)
Ashburn, Dallas, Los Angeles, Miami, Newark, Palo Alto, Seattle, St. Louis, Amsterdam, Dublin, Frankfurt, London, Hong Kong, Singapore, Tokyo
Amazon CloudFrontEdge Locations
Asia Pacific Region(Japan)
Singapore-1b
RDSMulti-
AZ
Singapore
Auto Scaling group : Web App Tier
RDSMast
er
Europe TrafficAsia Traffic
ELB
Geo IP/Directional DNS Server
US West Traffic
DNS
CNAME
Software-based Data Replicator
US East Traffic
WebApp
WebApp
WebApp
WebApp Web
App
WebApp
EU-West-1b
RDSMulti-
AZ
EU-West
Auto Scaling group : Web App Tier
RDSMast
er
ELB
WebApp
WebApp
WebApp
WebApp Web
App
WebApp
US-East-1b
RDSMulti-
AZ
US-East
Auto Scaling group : Web App Tier
RDSMast
er
ELB
WebApp
WebApp
WebApp
WebApp Web
App
WebApp
US-West-1b
RDSMulti-
AZ
US-West
Auto Scaling group : Web App Tier
RDSMast
er
ELB
WebApp
WebApp
WebApp
WebApp Web
App
WebApp
Keys to choosing a Cloud
Provides Flexibility and Choice
Listens to the customer’s requests and iterates quickly
Continues to lower costs for customers
Helps the customer compete in the Global Market
Security and OperationalExcellence
Jinesh Variajvaria@amazon.com Twitter:@jinman
Thank you!
Thank You!
Jinesh Variajvaria@amazon.com
Follow me on Twitter: @jinman