Amazon VPC Constructs

VPC Construct Banner

Amazon Virtual Private Cloud

  • Amazon Virtual Private Cloud (VPC) is a virtual network that resembles a traditional network that you would operate in your own Data Centre, with the benefits of using the scalable infrastructure of AWS.
  • Although it ‘resembles’ does not mean it is identical. Amazon VPC is a software defined network which provides familiar constructs that implements controls and rules in the EC2 hypervisor for network traffic.
  • It enables network, workload or environmental isolation for application deployment, management and operations.

VPC Constructs

Continue reading “Amazon VPC Constructs”

AWS Account Structures

In this post I’m going to go into one of the sections that is an important consideration for any enterprise that is looking to migrate into AWS which is Account Structures.

AWS offers a variety of services and features that allow for flexible control of the account(s) managing your cloud computing resources. Implementing the most appropriate account structure for your use case can help to ensure proper cost allocation, agility and security.

Key Design Considerations include the following:

  • Don’t over engineer your initial account structure.
    • Use an iterative approach to creating and structuring your accounts.
  • Use seperate AWS account for things that are clearly separate.
  • Use group e-mail addresses as your account e-mail addresses.
  • Standardize your e-mail aliases and your AWS Account names.

From my own perspective this has been something that I’ve been working on lately and have utilised the below as a starting point.

Continue reading “AWS Account Structures”

Planning for AWS re:Invent 2017

reInvent

Given that it’s now just under 5 weeks until I fly to Las Vegas not just for re:Invent but also for a much needed vacation – I’ve now planned out my sessions for the conference.  I appear to have been one of the lucky people that was actually able to login to the Web App for the reserved seating as I’ve pretty much been able to reserve a seat in the majority of sessions I wanted to attend.

Unfortunately if you’ve been following #reinvent on twitter over the last 24 hours it’s become apparent that there were significant issues with people receiving a variety of errors and either not being able to reserve a seat or once they had managed to login the seating had become full on the sessions that those people were hoping to attend.

Continue reading “Planning for AWS re:Invent 2017”

AWS SA Professional – Practice Question 12

question

Your customer is implementing a video on-demand streaming platform on AWS. The requirements are; support for multiple devices such as IOS, Android and PC and client devices, using a standard client player, using streaming technology (not download) and scalable architecture with cost effectiveness. Which architecture meets the requirements? (Choose 1)

a. Store the video contents to Amazon Simple Storage Service (S3) as an origin server. Configure the Amazon CloudFront distribution with a streaming option to stream the video contents

b. Store the video contents to Amazon Simple Storage Service (S3) as an origin server. Configure the Amazon CloudFront distribution with a download option to stream the video contents.

c. Launch a streaming server on Amazon Elastic Cloud Compute (EC2) (for example, Adobe Media Server), and store the video contents as an origin server. Configure the Amazon CloudFront distribution with a download option to stream the video contents

d. Launch a streaming server on Amazon EC2 (for example, Adobe Media Server), and store the video contents as an origin server. Launch and configure the required amount of streaming servers on Amazon EC2 as an edge server to stream the video contents.

This question is testing your understanding of a both Amazon S3 and CloudFront. I’d highly recommend reading the following articles from the AWS Blog and CloudFront Documentation:

Continue reading “AWS SA Professional – Practice Question 12”

AWS SA Professional – Practice Question 11

question

An enterprise customer is starting their migration to the cloud, their main reason for migrating is agility, and they want to make their internal Microsoft Active Directory available to any applications running on AWS; this is so internal users only have to remember one set of credentials and as a central point of user control for leavers and joiners. How could they make their Active Directory secure, and highly available, with minimal on-premises infrastructure changes, in the most cost and time-efficient way? (Choose 1)

a. Using Amazon Elastic Cloud Compute (EC2), they could create a DMZ using a security group; within the security group they could provision two smaller Amazon EC2 instances that are running Openswan for resilient IPSEC tunnels, two larger instances that are domain controllers, they would use multiple availability zones.

b. Using VPC, they could create an extension to their data centre and make use of resilient hardware IPSEC tunnels; they could then have two domain controller instances that are joined to their existing domain and reside within different subnets, in different availability zones.

c. Within the customer’s existing infrastructure, they could provision new hardware to run Active Directory Federation Services; this would present Active Directory as a SAML2 endpoint on the internet; any new application on AWS could be written to authenticate using SAML2.

d. The customer could create a stand-alone VPC with its own Active Directory Domain Controllers; two domain controller instances could be configured, one in each availability zone; new applications would authenticate with those domain controllers.

This question is testing your understanding of how to extend your existing on-premises Active Directory Service into AWS as well as the varying options that AWS offers. There are a few fundamentals of Active Directory that are worth knowing in order to know how you might begin with answering this question.

Continue reading “AWS SA Professional – Practice Question 11”