Cloud First Resources

Cloud First Resources

AWS Best Practices

"Migrating applications to AWS, even without significant changes (an approach known as “lift and shift”), provides organizations the benefits of a secured and cost-efficient infrastructure. However, to make the most of the elasticity and agility possible with cloud computing, engineers will have to evolve their architectures to take advantage of the AWS capabilities."

The Cloud Computing Difference
IT Assets Become Programmable Resources
Global, Available, and Unlimited Capacity
Higher Level Managed Services
Security Built In

Design Principles

Scalability
Disposable Resources Instead of Fixed Servers
Automation
Loose Coupling
Services, Not Servers
Databases
Removing Single Points of Failure
Optimize for Cost
Caching
Security
 
Size: 852.9K bytes Modified: 23 May 2016, 06:44
To learn more about AWS capabilities and the AWS Best Practices, check out these AWS sites:
https://aws.amazon.com/premiumsupport/knowledge-center/
 

UA AWS Sandbox

Welcome to the UA AWS Sandbox. This is a free service provided to you by OIT for learning and experimenting. Resources available are EC2 (Compute), S3 (Storage), RDS (Database), and VPC (Networking). As this project progresses and evolves, more services will be made available. Our goal is to make this a collaborative environment, where users are able to discuss and contribute to the current state of the sandbox in addition to providing a safe environment for our users to be innovative. A project website, currently under development expected to be published in the near future, will provide much more detail and roadmap information for UA AWS as a whole.

Access

To begin using the UA AWS Sandbox, use the following URL (You will need to request access to the sandbox):

https://idp.alaska.edu/idp/profile/SAML2/Unsolicited/SSO?providerId=urn%3Aamazon%3Awebservices

Enter your UA username and password. While all services will be presented to you in the Amazon Management Console, you will only be able to access the previously mentioned services. Again, this is just the initial rollout of the sandbox, and as the reaper script is expanded, more services will become available to use.

For users wanting access to the UA AWS Sandbox, submit a Cherwell Ticket requesting access to the UA AWS Sandbox. The OIT Service Desk will be able to provision access.

Guidelines

  • Be courteous and respectful to peers in the sandbox
  • Do not spin up excessive resources (example:  100 compute nodes)
  • To keep cost low, the reaper service has been deployed to terminate/delete created objects every day at 4:00 am; therefore, please do not deploy services that require a persistent state, and assume zero data retention in the sandbox
  • By default, resources are limited in quantity; use only what you need to allow as many users as possible the opportunity to explore AWS services
  • Make a practice of terminating and deleting objects when no longer in use
  • Logins are done through a federated authentication service; sessions are limited to 1 hour intervals regardless of activity

Projects

Reaper Script

https://github.alaska.edu/OIT-CSS/aws-sandbox-cleanup This script is run as a lambda function to wipe all resources at 4am every day. To make services available in the sandbox, we need to be able to properly clean them up during the 4am cleanup window. We will be continuing to add support for all existing AWS services and new services as they come out. If there is a particular service that is important to you, feel free to submit a pull request adding support if you are able to get to it before we do.

API Key Provisioning for SAML Authentication

https://github.alaska.edu/OIT-CSS/aws-saml-api This script is used to generate API keys on your local workstation using SAML credentials. These API keys can be used to interface with AWS services via the AWS SDK, Terraform, or other automation tools. The credentials timeout after an hour, as they have the same expiration as the SAML web login. Again, feel free to raise any issues or submit pull requests if you have suggestions for this script.

Learning and Community Resources

AWS Webinar Series
https://aws.amazon.com/about-aws/events/monthlywebinarseries/

Slack channel at UA for Amazon discussions
https://ualaska.slack.com/messages/amazon/

Getting Started with AWS
http://docs.aws.amazon.com/gettingstarted/latest/awsgsg-intro/gsg-aws-intro.html

Getting Started with Amazon EC2 Linux Instances
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EC2_GetStarted.html

Getting Started with Amazon EC2 Windows Instances
http://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/EC2_GetStarted.html

Best Practices for Amazon EC2
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-best-practices.html

We here at OIT are excited about introducing this new service to UA and look forward to future innovations and collaboration. Feel free to send us feedback, or ask questions to make this service even better!