AWS BEST PRACTICES Module 1: Overview July 2017
Performance Optimization AWS Best Practices Training Program Basic Approaches Course overview Basic infrastructure requirements Reliability and Performance overview Costs optimization overview Monitoring tools overview Useful tools overview Costs Optimization The “Minimum Principle” and Auto Scaling Serverless architectures Container-based architectures Resources review and optimization Using Reserved Instances Using Spot Instances Security in AWS Basic security principles and tools Access management Data encryption and protection Network security Performance Optimization AWS Service Limits Components selection and review Backup Components failure withstanding
Basic Infrastructure Requirements Controlled access Secure data at rest Secure data at transit Reasonable network topology Traffic control Secure Pay for what you use Use as little as possible Stable performance Failure withstanding Backups Effective resources usage Correct resources selection Correct services selection Service limits consideration Reliable Cost-Optimized
Check PM in UPSA/Telescope Activating Your Project in AWS To start using Cloud, submit a project activation request on support.epam.com PM support.epam.com Leave request 1 BD Check PM in UPSA/Telescope ! Use project PMC code cloud.epam.com Sign In Any delays or issues? Address https://epa.ms/cloud-consulting
AWS Service Limits AWS Service Limits provide the default limits for AWS services for an AWS account (linked account) Elastic Compute Cloud (EC2) Service Limits Resource Default Limit Elastic IP addresses for EC2-Classic 5 Security groups for EC2-Classic per instance 500 Rules per security group for EC2-Classic 100 Key pairs 5,000 Throttle on the emails that can be sent from your Amazon EC2 account Throttle applied On-Demand Instances Limits vary depending on instance type. For more information, see How many instances can I run in Amazon EC2. Spot Instances Limits vary depending on instance type, region, and account. For more information, see Spot Instance Limits. Reserved Instances 20 Reserved Instances per Availability Zone, per month, plus 20 regional Reserved Instances. Dedicated Hosts Up to two Dedicated Hosts per instance family, per region can be allocated. AMI Copies Destination regions are limited to 50 concurrent AMI copies at a time, with no more than 25 of those coming from a single source region. Request increase
EPAM Orchestration Resource Quotas Item Description Limit Type Volumes Number of storage volumes created 5 Daily Volume size Size of each storage volume 500 GB Total volume size Total size of each volume 2.5 TB Instances Number of instances created 20 Resource utilization The cost of the utilized infrastructure 300 USD Monthly PM can set approvals for VM Creation!
Unusual Activities Report EPAM Orchestrator analyzes your AWS activities and informs you in case unusual activity is detected. When a daily resource creation quota in AWS is exceeded on your project within an hour, Project Coordinators and Delivery managers get a notification via SMS and a respective email with the details on these activities, and two action buttons: Approve: verify that the enormous resource creation activities are expected Reject: all the resources listed in the report will be terminated, and the related accounts deleted If Approve or Reject button is not pressed by Project Coordinator or Delivery Manager within 15 minutes after the notification, EPAM Cloud Support team can take the responsibility to Reject resources creation and to take all the necessary hack-protection measures.
Accessing AWS Infrastructure
Ordering an Instance via EPAM Cloud Dashboard You can run an AWS VM right from EPAM Cloud Dashboard
IAM Users Access: EPAM SSO Role Name Permissions BasicReadOnly access to EC2, S3, RDS, DynamoDB, Lambda with read-only access. FullReadOnly access to all services with read-only access. BasicUser access to EC2, S3, RDS, DynamoDB, Lambda with full access but without permissions to create IAM users, manage IAM roles, manage security groups. AdminUser access to all services with full access without permissions to create IAM users, manage IAM roles, manage security groups. Using temporary access (or2awsmc) Requesting an IAM user for extra permissions
Infrastructure Review
Monitoring: EPAM Cloud Tools The Monitoring page provides information on various infrastructure and resources performance metrics Service usage VM Lifetime Optimization Financial KPI CloudWatch
Monitoring: CloudWatch Use CloudWatch to track metrics, logs, set alarms and auto reaction Monitor AWS EC2 Monitor other AWS resources Monitor custom metrics Monitor and store logs View graphs and stats Set alarms and react
Monitoring: Cloud Trail Cloud Trail can be used as a basic monitoring tool
Using AWS Trusted Advisor AWS Trusted Advisor provides you with real-time services usage status and optimization statistics.
AWS CosTS Optimization
AWS COSTS ELEMENTS OVERVIEW EC2 Instance (Compute) EBS Volumes EBS IOPS AWS VM Price Date Transfer Elastic IP Elastic LB Mind Other Services!
EPAM Orchestrator Monthly Quotas: Overview Monthly quotas specify the desired limit for Cloud Expenses within the month. In case several quota rules are specified, the narrowest (with smallest limit) is applied. ALL - the quota is applied cumulatively to all regions in which the project is activated. All AWS(EPAM/GCP/Azure) – the quota is applied cumulatively to all regions of an external provider, in which the project is activated. EACH - the quota is applied to each region in which the project is activated. EACH AWS(EPAM/GCP/Azure) – the quota is applied in each region of an external provider, in which the project is activated. Region by name – Specify a quota for a specific region
EPAM Orchestrator Quotas: Management Review quota settings Update quota limits Specify quota depletion actions
Using Schedules Running VM CRON Stopped VM The Idea Running VM CRON Stopped VM <show live schedules> Automate infrastructure management Minimize human factor Set up any convenient schedule Automatic check of schedules execution
Cuts ONLY compute price! Using Schedules Profit Start VMs when you need to use them, and stop when they are not needed <show live schedules> Cuts ONLY compute price!
Using Schedules <show live schedules> Get an email notification, if an issue with your schedule occurs!
AWS COSTS OPTIMIZATION: SHORT OVERVIEW Project costs is one of the crucial challenges managers face. Uncontrolled and unreasonable usage of virtual resources on AWS can lead to unexpected expenses, that can be easily omitted by keeping in mind several simple rules: Use the “Minimum” principle: order the resources with the minimum capacity, necessary for your needs. You can always expand, when necessary. Select proper resources: the correct resource selection can provide you with the necessary results without extra expenses. Utilize resources reasonably: monitor low utilized resources and adjust their usage. Stopped resources cost up to 70% less than running ones Use schedules: automate the start/stop processes Set up Quotas: to track and control monthly expenses
Next Steps
Security Education: Online Course Get a free course on AWS APN portal (https://partnercentral.awspartner.com/SelfRegisterPartner) Pass an APN Course or a Certification Submit a Certificate Get a badge Get to the pro-list for further courses + Investigate our Web Site (https://epa.ms/cloud-learn) + Watch the Video Portal (https://videoportal.epam.com)
Issues Resolving Flow Please also feel free to address EPAM Cloud Consulting team (SpecialEPM-CSUPConsulting@epam.com)
AWS Enterprise Support Access 24/7 customer support with less than 1 hour response time Response to critical events less than 15 minutes Support by Senior Cloud Support Engineers via email, chat and phone in case of critical events Unlimited number of cases Dedicated technical Account Manager and Concierge Agent Free Infrastructure Event Management Service Access to AWS Trusted Advisor and Support API functions Regular communication including AWS resource usage reporting, monitoring, recommendations on infrastructure optimization and improvement Access to Amazon documentation
Home Work Get a free course on AWS APN portal (https://partnercentral.awspartner.com/SelfRegisterPartner) Pass AWS Business Professional Course Pass AWS Technical Professional Course
Documentation Hybrid Cloud Guide Terms and Conditions Cloud Security Policy https://epa.ms/hybrid-cloud https://epa.ms/cloud-doc-terms https://epa.ms/cloud-security The guide providing the details on integration with AWS and Azure. EPAM Cloud terms and conditions: terms definitions, parties responsibilities EPAM Cloud Security policies and approaches FAQ Cloud Glossary Cloud Consulting https://epa.ms/cloud-faq https://epa.ms/cloud-glossary https://epa.ms/cloud-consulting What’s New Release Notes Video Overview Address us if you have any questions! EPAM Cloud frequently asked questions See the whole documentation set on https://epa.ms/cloud-doc
NEXT: Costs Optimization Performance Optimization AWS Best Practices Training Program Basic Approaches Course overview Basic infrastructure requirements Reliability and Performance overview Costs optimization overview Monitoring tools overview Useful tools overview NEXT: Costs Optimization The “Minimum Principle” and Auto Scaling Serverless architectures Container-based architectures Resources review and optimization Using Reserved Instances Using Spot Instances Security in AWS Basic security principles and tools Access management Data encryption and protection Network security Performance Optimization AWS Service Limits Components selection and review Backup Components failure withstanding
Thank you for attention! Cloud in Yammer: https://epa.ms/cloud-yammer EPAM Cloud Consulting team (SpecialEPM-CSUPConsulting@epam.com)