Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
10 views67 pages

Module 9

Uploaded by

keerthanmorareddy
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
10 views67 pages

Module 9

Uploaded by

keerthanmorareddy
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 67

Module 9: Cloud Architecture

AWS Academy Cloud Foundations

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Module overview
Topics Activities
• AWS Well-Architected Framework
• AWS Well-Architected Framework
Design Principles
• Reliability and high availability • Interpret AWS Trusted Advisor
Recommendations
• AWS Trusted Advisor

Knowledge check

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 2
Module objectives
After completing this module, you should be able to:
• Describe the AWS Well-Architected Framework, including the six pillars
• Identify the design principles of the AWS Well-Architected Framework
• Explain the importance of reliability and high availability
• Identify how AWS Trusted Advisor helps customers
• Interpret AWS Trusted Advisor recommendations

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 3
Section 1: AWS Well-Architected
Framework
Module 9: Cloud Architecture

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Architecture: designing and building

Architect

Customer
Structure design (Decision maker) Completed structure
Building crew
(Delivery team)

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 5
What is the AWS Well-Architected Framework?
• A guide for designing infrastructures that are:
Secure
High-performing
Resilient
Efficient
• A consistent approach to evaluating and implementing cloud
architectures
• A way to provide best practices that were developed through lessons
learned by reviewing customer architectures

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 6
Pillars of the AWS Well-Architected Framework

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 7
Pillar organization
Best practice area Identity and Access Management
Question text SEC 1: How do you manage credentials and authentication?
Credential and authentication mechanisms include passwords, tokens, and
Question context keys that grant access directly or indirectly in your workload. Protect
credentials with appropriate mechanisms to help reduce the risk of accidental
or malicious use.
Best practices Best practices:
• Define requirements for identity and access management
• Secure AWS account root user
• Enforce use of multi-factor authentication
• Automate enforcement of access controls
• Integrate with centralized federation provider
• Enforce password requirements
• Rotate credentials regularly
• Audit credentials periodically
© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 8
Introduction to the
AWS Well-
Architected
Framework
Design Principles
Activity

Operational Performance Cost


Security Reliability
excellence efficiency optimization

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 9
AnyCompany background
• AnyCompany Corporation: “Cityscapes you can stand over”
• Founded in 2008 by John Doe
• Sells 3D-printed cityscapes
• About to apply for investment
• Has asked you to perform a review of their platform as part of their due
diligence
• Cloud native

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 10
AnyCompany background (continued)

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 11
AnyCompany architecture: Fly and Snap

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 12
AnyCompany architecture: Show and Sell

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 13
AnyCompany architecture: Make and Ship

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 14
Activity overview
• Break into small groups.
• You will learn about each of the pillars. At the end of each pillar, there is a set of
questions from the AWS Well-Architected Framework for you to work through with
your group. Use these Framework questions to guide your review of the
AnyCompany architecture.
• For each Well-Architected Framework question, answer the following questions
about the AnyCompany architecture:
• What is the CURRENT STATE (what is AnyCompany doing now)?
• What is the FUTURE STATE (what do you think AnyCompany should be doing?)
• Agree on the top improvement that AnyCompany should make to its architecture
for each set of Well-Architected Framework questions.
• Hint: There are no right or wrong answers.

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 15
Operational Excellence pillar

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 16
Operational Excellence pillar – deliver business value

• Focus
Operational
Excellence • Run and monitor systems to deliver business value, and to
pillar continually improve supporting processes and procedures.

• Key topics
• Automating changes
• Responding to events
Deliver
business • Defining standards to manage daily operations
value

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 17
Operational excellence design principles

• Perform operations as code


Operational
Excellence • Make frequent, small, reversible changes
pillar • Refine operations procedures frequently
• Anticipate failure
• Learn from all operational events and failures

Deliver
business
value

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 18
Operational excellence questions
Organization Operate
• How do you determine what your priorities are? • How do you understand the health of your
• How do you structure your organization to workload?
support your business outcomes?
• How do you understand the health of your
• How does your organizational culture support operations?
your business outcomes?
• How do you manage workload and operations
events?
Prepare
• How do you design your workload so that you Evolve
can understand its state?
• How do you reduce defects, ease remediation, • How do you evolve operations?
and improve flow into production?
• How do you mitigate deployment risks?
• How do you know that you are ready to support
a workload?

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 19
Operational excellence activity breakout

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 20
Security pillar

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 21
Security pillar – protect and monitor systems

• Focus
Security
• Protect information, systems, and assets while delivering
pillar business value through risk assessments and mitigation
strategies.

• Key topics
• Protecting confidentiality and integrity of data
• Identifying and managing who can do what
Protect and
monitor • Protecting systems
systems • Establishing controls to detect security events

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 22
Security design principles

• Implement a strong identity foundation


Security
pillar • Enable traceability
• Apply security at all layers
• Automate security best practices
• Protect data in transit and at rest
• Keep people away from data
Protect and • Prepare for security events
monitor
systems

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 23
Security questions
Security Infrastructure protection
• How do you securely operate your workload? • How do you protect your network resources?
• How do you protect your compute resources?
Identity and access management
• How do you manage identities for people
and machines? Data protection
• How do you manage permissions for people • How do you classify your data?
and machines? • How do you protect your data at rest?
• How do you protect your data in transit?
Detection
• How do you detect and investigate security
events? Incident response
• How do you anticipate, respond to, and
recover from incidents?

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 24
Security activity breakout

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 25
Reliability pillar

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 26
Reliability pillar – recover from failure and mitigate disruption

• Focus
Reliability
pillar • Ensure a workload performs its intended function correctly
and consistently when it’s expected to.

• Key topics
• Designing distributed systems
Recover • Recovery planning
from failure
and mitigate • Handling change
disruption.

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 27
Reliability design principles

• Automatically recover from failure


Reliability
pillar • Test recovery procedures
• Scale horizontally to increase aggregate workload
availability
• Stop guessing capacity
• Manage change in automation
Recover
from failure
and mitigate
disruption.

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 28
Reliability questions
Foundations Change management
• How do you monitor workload resources?
• How do you manage service quotas and
• How do you design your workload to adapt
constraints? to changes in demand?
• How do you plan your network topology? • How do you implement change?
Workload architecture Failure management
• How do you back up data?
• How do you design your workload service • How do you use fault isolation to protect
architecture? your workload?
• How do you design interactions in a • How do you design your workload to
withstand component failures?
distributed system to prevent failure? • How do you test reliability?
• How do you design interactions in a • How do you plan for disaster recovery?
distributed system to mitigate or withstand
failures?

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 29
Activity breakout

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 30
Performance Efficiency pillar

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 31
Performance Efficiency pillar – use resources sparingly

• Focus
Performance • Use IT and computing resources efficiently to meet system
Efficiency requirements and to maintain that efficiency as demand
pillar changes and technologies evolve.

• Key topics
• Selecting the right resource types and sizes based on
workload requirements
• Monitoring performance
Use • Making informed decisions to maintain efficiency as business
resources needs evolve
sparingly.

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 32
Performance efficiency design principles

• Democratize advanced technologies


Performance
Efficiency
• Go global in minutes
pillar • Use serverless architectures
• Experiment more often
• Consider mechanical sympathy

Use
resources
sparingly.

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 33
Performance efficiency questions
Selection Review
• How do you select the best • How do you evolve your workload to
performing architecture? take advantage of new releases?
• How do you select your compute
solution? Monitoring
• How do you select your storage • How do you monitor your resources
solution? to ensure they are performing?
• How do you select your database
solution? Tradeoffs
• How do you configure your • How do you use tradeoffs to improve
networking solution? performance?

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 34
Activity breakout

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 35
Cost Optimization pillar

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 36
Cost Optimization pillar – eliminate unneeded expense

• Focus
Cost
Optimization • Avoid unnecessary costs.
pillar

• Key topics
• Understanding and controlling where money is being spent
• Selecting the most appropriate and right number of resource
types
Eliminate
unneeded • Analyzing spend over time
expense. • Scaling to meeting business needs without overspending

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 37
Cost optimization design principles

• Implement Cloud Financial Management


Cost
Optimization
• Adopt a consumption model
pillar • Measure overall efficiency
• Stop spending money on undifferentiated heavy lifting
• Analyze and attribute expenditure

Eliminate
unneeded
expense.

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 38
Cost optimization questions
Practice cloud financial management Cost-effective resources
• How do you implement cloud financial • How do you evaluate cost when you select
management? services?
• How do you meet cost targets when you select
resource type, size, and number?
Expenditure and usage awareness • How do you use pricing models to reduce cost?
• How do you govern usage? • How do you plan for data transfer changes?
• How do you monitor usage and cost?
• How do you decommission resources? Manage demand and supply resources
• How do you manage demand and supply
resources?

Optimize over time


• How do you evaluate new services?

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 39
Activity breakout

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 40
The AWS Well-Architected Tool
• Helps you review the state of your workloads and compares them to
the latest AWS architectural best practices
• Gives you access to knowledge and best practices used by AWS
architects, whenever you need it
• Delivers an action plan with step-by-step guidance on how to build
better workloads for the cloud
• Provides a consistent process for you to review and measure your
cloud architectures

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 41
• The AWS Well-Architected Framework provides a
Section 1 key consistent approach to evaluate cloud
takeaways architectures and guidance to help implement
designs.
• The AWS Well-Architected Framework documents
a set of design principles and best practices that
enable you to understand if a specific architecture
aligns well with cloud best practices.
• The AWS Well-Architected Framework is organized
into six pillars.
• Each pillar includes its own set of design principles
and best practices.

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 42
Section 2: Reliability and
availability
Module 9: Cloud Architecture

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved.
“Everything fails, all the time.”
Werner Vogels, CTO, Amazon.com

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 44
Reliability

• A measure of your system’s


ability to provide functionality Car
when desired by the user.
• System includes all system
components: hardware,
firmware, and software. Brakes
• Probability that your entire System
system will function as Component Ignition
intended for a specified period. Cooling System
• Mean time between failures System
Component

(MTBF) = total time in component


service/number of failures
System
© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 45
Understanding reliability metrics

System brought online


(system available)

Mean Time Between Failures Mean Time to Failure


(MTBF = MTTF + MTTR) (MTTF)

System System
(component) Mean Time to Repair
(component)
repaired (MTTR) fails

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 46
Availability
• Normal operation time / total time
• A percentage of uptime (for example, 99.9 percent) over time (for
example, 1 year)
• Number of 9s – Five 9s means 99.999 percent availability

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 47
High availability

• System can withstand some measure of


degradation while still remaining available.
• Downtime is minimized.
• Minimal human intervention is required.

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 48
Availability tiers

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 49
Factors that influence availability
Fault tolerance Recoverability
• The built-in redundancy of an • The process, policies, and
application's components and procedures that are related to
its ability to remain operational. restoring service after a
catastrophic event.
Scalability
• The ability of an application to
accommodate increases in
capacity needs without
changing design.

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 50
• Reliability is a measure of your system’s ability to
Section 2 key provide functionality when desired by the user, and
takeaways it can be measured in terms of MTBF.
• Availability is the percentage of time that a system
is operating normally or correctly performing the
operations expected of it (or normal operation time
over total time).
• Three factors that influence the availability of your
applications are fault tolerance, scalability, and
recoverability.
• You can design your workloads and applications to
be highly available, but there is a cost tradeoff to
consider.

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 51
Section 3: AWS Trusted Advisor
Module 9: Cloud Architecture

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Trusted Advisor

• Online tool that provides real-time guidance to help you


provision your resources following AWS best practices.
AWS Trusted • Looks at your entire AWS environment and gives you real-
Advisor time recommendations in five categories.
Cost Optimization Performance Security Fault Tolerance Service Limits

Potential monthly savings

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 53
Activity: Interpret AWS Trusted Advisor recommendations

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 54
Activity: Recommendation #1

MFA on Root Account


Description: Checks the root account and warns if multi-factor authentication (MFA) is not enabled. For
increased security, we recommend that you protect your account by using MFA, which requires a user to
enter a unique authentication code from their MFA hardware or virtual device when interacting with the AWS
console and associated websites.
Alert Criteria: MFA is not enabled on the root account.
Recommended Action: Log in to your root account and activate an MFA device.

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 55
Activity: Recommendation #2
IAM Password Policy
Description: Checks the password policy for your account and warns when a password policy is not enabled,
or if password content requirements have not been enabled. Password content requirements increase the
overall security of your AWS environment by enforcing the creation of strong user passwords. When you
create or change a password policy, the change is enforced immediately for new users but does not require
existing users to change their passwords.
Alert Criteria: A password policy is enabled, but at least one content requirement is not enabled.
Recommended Action: If some content requirements are not enabled, consider enabling them. If no
password policy is enabled, create and configure one. See Setting an Account Password Policy for IAM
Users.

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 56
Activity: Recommendation #3

Security Groups – Unrestricted Access

Description: Checks security groups for rules that allow unrestricted access to a resource. Unrestricted
access increases opportunities for malicious activity (hacking, denial-of-service attacks, loss of data).

Alert Criteria: A security group rule has a source IP address with a /0 suffix for ports other than 25, 80, or 443.)

Recommended Action: Restrict access to only those IP addresses that require it. To restrict access to a
specific IP address, set the suffix to /32 (for example, 192.0.2.10/32). Be sure to delete overly permissive
rules after creating rules that are more restrictive.

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 57
Activity: Recommendation #4
Amazon EBS Snapshots

Description: Checks the age of the snapshots for your Amazon Elastic Block Store (Amazon EBS)
volumes (available or in-use). Even though Amazon EBS volumes are replicated, failures can
occur. Snapshots are persisted to Amazon Simple Storage Service (Amazon S3) for durable
storage and point-in-time recovery.

Alert Criteria:
Yellow: The most recent volume snapshot is between 7 and 30 days old.
Red: The most recent volume snapshot is more than 30 days old.
Red: The volume does not have a snapshot.

Recommended Action: Create weekly or monthly snapshots of your volumes

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 58
Activity: Recommendation #5
Amazon S3 Bucket Logging
Description: Checks the logging configuration of Amazon Simple Storage Service (Amazon S3) buckets.
When server access logging is enabled, detailed access logs are delivered hourly to a bucket that you
choose. An access log record contains details about each request, such as the request type, the resources
specified in the request, and the time and date the request was processed. By default, bucket logging is not
enabled; you should enable logging if you want to perform security audits or learn more about users and
usage patterns.
Alert Criteria:
Yellow: The bucket does not have server access logging enabled.
Yellow: The target bucket permissions do not include the owner account. Trusted Advisor cannot check it.
Recommended Action:
Enable bucket logging for most buckets.
If the target bucket permissions do not include the owner account and you want Trusted Advisor to check
the logging status, add the owner account as a grantee.

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 59
• AWS Trusted Advisor is an online tool that provides
Section 3 key real-time guidance to help you provision your
takeaways resources by following AWS best practices.
• AWS Trusted Advisor looks at your entire AWS
environment and gives you real-time
recommendations in five categories.
• You can use AWS Trusted Advisor to help you
optimize your AWS environment as soon as you
start implementing your architecture designs.

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 60
Module wrap-up
Module 9: Cloud Architecture

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Module summary
In summary, in this module you learned how to:
• Describe the AWS Well-Architected Framework, including the six pillars
• Identify the design principles of the AWS Well-Architected Framework
• Explain the importance of reliability and high availability
• Identify how AWS Trusted Advisor helps customers
• Interpret AWS Trusted Advisor recommendations

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 62
Complete the knowledge check

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 63
Sample exam question
A SysOps engineer working at a company wants to protect their data in transit and at rest. What
services could they use to protect their data?

Choice Response

A Elastic Load Balancing

B Amazon Elastic Block Storage (Amazon EBS)

C Amazon Simple Storage Service (Amazon S3)

D All of the above

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 64
Sample exam question answer
A SysOps engineer working at a company wants to protect their data in transit and at rest. What
services could they use to protect their data?

The correct answer is D.


The keywords in the question are “protect their data in transit and at rest”.

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 65
Additional resources
• AWS Well-Architected website: https:
//aws.amazon.com/architecture/well-architected/?wa-lens-
whitepapers.sort-by=item.additionalFields.sortDate&wa-lens-
whitepapers.sort-order=desc
• AWS Well-Architected Labs: https://wellarchitectedlabs.com/
• AWS Trusted Advisor Best Practice Checks: https:
//docs.aws.amazon.com/awssupport/latest/user/trusted-advisor-
check-reference.html

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 66
Thank you

Corrections, feedback, or other questions?


Contact us at https://support.aws.amazon.com/#/contacts/aws-academy.
All trademarks are the property of their owners.

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 67

You might also like