2016 Utah Cloud Summit: Architecting on AWS - Best Practices

Editor's Notes

• #3 Why is it important? We understand the value in educating our customers on architectural best practices for designing reliable, secure, efficient, and cost-effective systems in the cloud As part of this effort, we developed the AWS Well-Architected Framework, which helps you to understand the pros and cons of decisions you make while building systems on AWS. We believe that having well-architected systems greatly increases the likelihood of business success.
• #7 Data protection: Services such as Elastic Load Balancing, Amazon Elastic Block Store (EBS), Amazon Simple Storage Service (S3), and Amazon Relational Database Service (RDS) include encryption capabilities to protect your data in transit and at rest. AWS Key Management Service (KMS) makes it easier for customers to create and control keys used for encryption. Privilege management: IAM enables you to securely control access to AWS services and resources. Multi-factor authentication (MFA), adds an extra layer of protection on top of your user name and password. Infrastructure protection: Amazon Virtual Private Cloud (VPC) lets you provision a private, isolated section of the AWS cloud where you can launch AWS resources in a virtual network. Detective controls: AWS CloudTrail records AWS API calls, AWS Config provides a detailed inventory of your AWS resources and configuration, and Amazon CloudWatch is a monitoring service for AWS resources.
• #9 Foundations: AWS Identity and Access Management (IAM) enables you to securely control access to AWS services and resources. Amazon VPC lets you provision a private, isolated section of the AWS cloud where you can launch AWS resources in a virtual network. Change management: AWS CloudTrail records AWS API calls for your account and delivers log files to you for auditing. AWS Config provides a detailed inventory of your AWS resources and configuration, and continuously records configuration changes. Failure management: AWS CloudFormation enables the template creation of AWS resources and provisions them in an orderly and predictable fashion.
• #11 Compute: Auto Scaling is key to ensuring that you have enough instances to meet demand and maintain responsiveness. Storage: Amazon EBS provides a wide range of storage options (such as SSD and PIOPS) that allow you to optimize for your use case. Amazon S3 provides reduced-redundancy storage, lifecycle policies to Amazon Glacier (archival storage), and server-less content delivery. Database: Amazon RDS provides a wide range of database features (such as provisioned IOPS, and read replicas) that allow you to optimize for your use case. Amazon DynamoDB provides single-digit millisecond latency at any scale. Space-time trade-off: AWS has regions across the globe, allowing you to choose the optimal location for your resources, data, and processing. Use Amazon CloudFront to cache content even closer to your users.
• #13 Matched supply and demand: Auto Scaling allows you to add or remove resources to match demand without overspending. Cost-effective resources: You can use Reserved Instances and prepaid capacity to reduce your cost. AWS Trusted Advisor can be used to inspect your AWS environment and find opportunities to save money. Expenditure awareness: Amazon CloudWatch alarms and Amazon Simple Notification Service (SNS) notifications will warn you if you go, or are forecasted to go, over your budgeted amount. Optimizing over time: The AWS Blog and What’s New section on the AWS website are resources for learning about newly launched features and services. AWS Trusted Advisor inspects your AWS environment and finds opportunities to save money by eliminating unused or idle resources or committing to Reserved Instance capacity.
• #16 The whitepaper is available on our website