AWS re:Invent 2016: Amazon CloudFront Flash Talks: Best Practices on Configuring, Securing and Monitoring your Distribution (CTD301)

This document outlines best practices for content delivery using Amazon CloudFront. It discusses caching strategies for static assets, dynamic content, and streaming media. It also covers availability, security, performance, cost optimization, and analytics best practices such as monitoring, custom error pages, HTTPS usage, IAM policies, pricing classes, and access logs. The document encourages caching at every level, using signed URLs/cookies, and geo-targeting content based on viewer reports.

Join this workshop to understand the core concepts of “Cloud Computing” and how businesses around the world are running the infrastructure that supports their websites to lower costs, improve time-to-market, and enable rapid scalability matching resource to demands of users. Whether you are an enterprise looking for IT innovation, agility and resiliency or small and medium business who wants to accelerate growth without a big upfront investment in cash or time for technology, the AWS Cloud provides a complete set of services at zero upfront costs which are available with a few clicks and within minutes.

This document discusses design patterns for high availability used by Amazon CloudFront. It describes four key patterns: 1) FoodTasting which involves deploying changes incrementally to a small subset of servers first, 2) handling flash crowds by caching content, serving only necessary content, and using scheduled auto scaling, 3) implementing defense in depth strategies like multi-implementation and sharding to reduce the blast radius of failures, and 4) protecting against time bombs by jittering deployments and configurations across servers to avoid homogeneous outages. The document provides examples of how these patterns have been implemented in CloudFront and AWS services.

Video is a "last-mile problem" for search technology. Unlike webpages, documents, and email, content in videos has traditionally been impossible to search. Recent advances in automated speech and text recognition, however, let businesses and universities search inside video assets as easily as inside textual content. In this session, you'll learn how Panopto is using AWS to solve the video-search problem at scale, while saving over 50% in operating costs by taking advantage of Spot instances. We discuss the cross-platform architecture that combines Windows and Linux to provide cost-effective video processing and search indexing. We also dive deep into scaling Spot elastically based on user demand, handling fallback situations when instances are revoked, and using the Spot bidding process to optimize cost structure. Finally, we discuss future plans to reduce operating costs even further through Spot fleets and grid processing.

This document introduces Amazon CloudFront, a content delivery network (CDN) that provides fast, secure, and cost-effective global delivery of content. Some key features of CloudFront include its full-featured caching network with a global infrastructure tuned for optimal performance, high security, robust analytics, and self-service capabilities. CloudFront can deliver content for various market segments like media/entertainment, gaming, eCommerce, and software downloads. It aims to provide high performance, reach a wide global audience, and ensure financial feasibility for scalable content delivery.

This document provides an overview of a presentation on being well-architected on AWS. The presentation covers: 1. What is the Well-Architected Framework 2. An overview of the framework including security, reliability, performance efficiency, cost optimization, and operational excellence pillars 3. How to be well-architected following AWS best practices 4. A conclusion

Scaling your application as you grow should not mean slow to load and expensive to run. Learn how you can use different AWS building blocks such as Amazon ElastiCache and Amazon CloudFront to “cache everything possible” and increase the performance of your application by caching your frequently-accessed content. This means caching at different layers of the stack: from HTML pages to long-running database queries and search results, from static media content to application objects. And how can caching more actually cost less? Attend this session to find out!

An insider view of some of the innovations that help make the AWS cloud unique. We will show examples of innovative service offerings and will continue to discuss data center, power, and networking innovations used across the AWS platform. Join this session and walk away with a deeper understanding of the underlying innovations powering the cloud.

This document summarizes a discussion between Andreas Chatzakis and Chris Pitchford about optimizing WordPress websites on AWS. Some key points include: - Using AWS services like S3, CloudFront, Route 53, and EC2 with auto scaling to host WordPress sites for high performance and availability. - Configuring CloudFront caching rules for static, dynamic admin, and dynamic front-end content. - Leveraging RDS for the database with read replicas and ElastiCache for caching to improve database performance. - Monitoring with CloudWatch and auto scaling EC2 instances when CPU usage is high. - Implementing best practices like separating databases and web servers, using IAM roles

Distributed application security at scale with AWS WAF. Learn about how the AWS WAF can help protect your web and application services and run through a demo showing how the WAF blocks IP addresses, prevents SQL Injection, and how you can use string matching to defend against Bots, Crawlers, and XSS .

Whether you are building an e-commerce site or a business application, security is a key consideration when architecting your website or application. In this session, you will learn more about some of the things CloudFront does behind the scenes to protect the delivery of your content such as OCSP Stapling and Perfect Forward Secrecy. We will also share best practices on how you can use CloudFront to securely deliver content end-to-end, control who accesses your content, how to shield your origins from the Internet, and getting a A+ on SSL labs.

In this session, we will walk through the fundamentals of Amazon Virtual Private Cloud (VPC). First, we will cover build-out and design fundamentals for VPC, including picking your IP space, subnetting, routing, security, NAT, and much more. We will then transition into different approaches and use cases for optionally connecting your VPC to your physical data center with VPN or AWS Direct Connect. This mid-level architecture discussion is aimed at architects, network administrators, and technology decision-makers interested in understanding the building blocks AWS makes available with VPC and how you can connect this with your offices and current data center footprint.

Media delivery requirements are continually changing, driven by accelerating mobile, tablet, smart TV, and set-top technology advances. Broadcasters need agile solutions to the changing media and entertainment landscape that don't require multiyear projects with large upfront investments. In this session, we walk through Discovery Communications' migration of its broadcast playout and channel origination to AWS. Discovery Communications is a leader in nonfiction media, reaching more than 3 billion cumulative viewers in 220 countries and territories. Traditionally, broadcast origination for content delivered to telecommunications companies, cable TV, and satellite has existed only in on-premises data centers. In this session, we walk through Discovery's migration of broadcast playout supporting hundreds of channels worldwide to AWS. We show how Discovery has not only reduced their TCO but also has improved their agility by launching new channels on demand. We also walk through how channel origination is being deployed in a secure, automated fashion, and with a level of high availability that exceeds what is possible in a traditional data center.

VMware CloudTM on AWS brings VMware’s enterprise class Software-Defined Data Center software to Amazon’s public cloud, delivered as an on-demand, elastically scalable, cloud-based VMware sold, operated and supported service for any application and optimized for next-generation, elastic, bare metal AWS infrastructure. This solution enables customers to use a common set of software and tools to manage both their AWS-based and on-premises vSphere resources consistently. Further virtual machines in this environment have seamless access to the broad range of AWS services as well. This session will introduce this exciting new service and examine some of the use cases and benefits of the service. The session will also include a VMware Tech Preview that demonstrates standing up a complete SDDC cluster on AWS and various operations using standard tools like vCenter.

The document discusses best practices for building DDoS resilient services using AWS technologies. It provides an overview of common DDoS attack types and threats. It then details several AWS services that can be used to detect and mitigate DDoS attacks, including Amazon CloudFront, Route 53, WAF, VPC, and EC2. It also discusses AWS' global network and how traffic is routed to improve resilience against large DDoS attacks.

Protecting a small number of VPCs with a next-generation firewall is relatively easy, but what happens when you have hundreds of VPCs and regularly add more as business groups or new apps come on-line? How can you maintain a prevention architecture without slowing the business? One concept is to build a services VPC that protects your existing and new VPCs. This deep dive session will discuss how to integrate next-generation firewalls in a services VPC with the Palo Alto Networks VM-Series in AWS. Topics will include architectural design considerations, routing recommendations, and dynamic fail-over. Session sponsored by Palo Alto Networks.

Learn from AWS and Sony DADC how the transformation in content aggregation, management, and delivery are optimized with Sony Ven.ue; a Media as a Service (MaaS) offering. In this session, you learn about the Ven.ue architecture, which uses end-to-end AWS services for content preparation, protection, management, and global content delivery. We dive deep on the integrations with AWS that make Amazon CloudFront a core component of the Ven.ue service. You also hear from a customer of Sony Ven.ue, Funimation, on how they benefit from this platform.

Whether you are building an e-commerce site or a business application, security is a key consideration when architecting your website or application. In this session, you will learn more about some of the things CloudFront does behind the scenes to protect the delivery of your content such as OCSP Stapling and Perfect Forward Secrecy. We will also share best practices on how you can use CloudFront to securely deliver content end-to-end, control who accesses your content, how to shield your origins from the Internet, and getting a A+ on SSL labs.

Traditionally, content delivery networks (CDNs) were known to accelerate static content. Amazon CloudFront has come a long way and now supports delivery of entire websites that include dynamic and static content. In this session, we introduce you to CloudFront dynamic delivery features that help improve the performance, scalability and availability of your website, while helping you lower your costs. In this session we will talk about architectural patterns such as SSL termination, close proximity connection termination, origin offload with keep-alive connections and last-mile latency improvement. You will also learn how to take advantage of Amazon Route 53 health check, automatic failover and latency-based routing to build highly available web apps on AWS.

AWS CloudTrail, Amazon CloudWatch Events, AWS Identity & Access Management (IAM), Trusted Advisor, AWS Config Rules, other services? In this session, we will help you use existing and recently launched services to automate configuration governance so that security is embedded in the development process. We outline four easy steps (Control, Monitor, Fix, and Audit) and demonstrate how different services can be used to meet your governance needs. We will showcase real-life examples and you can take home a blog post with code examples and the full source code for scripts and tooling that AWS professional services have built using these services.

Amazon S3 is the central data hub for Netflix's big data ecosystem. We currently have over 1.5 billion objects and 60+ PB of data stored in S3. As we ingest, transform, transport, and visualize data, we find this data naturally weaving in and out of S3. Amazon S3 provides us the flexibility to use an interoperable set of big data processing tools like Spark, Presto, Hive, and Pig. It serves as the hub for transporting data to additional data stores / engines like Teradata, Redshift, and Druid, as well as exporting data to reporting tools like Microstrategy and Tableau. Over time, we have built an ecosystem of services and tools to manage our data on S3. We have a federated metadata catalog service that keeps track of all our data. We have a set of data lifecycle management tools that expire data based on business rules and compliance. We also have a portal that allows users to see the cost and size of their data footprint. In this talk, we’ll dive into these major uses of S3, as well as many smaller cases, where S3 smoothly addresses an important data infrastructure need. We will also provide solutions and methodologies on how you can build your own S3 big data hub.

AWS Step Functions is a new, fully-managed service that makes it easy to coordinate the components of distributed applications and microservices using visual workflows. Step Functions is a reliable way to connect and step through a series of AWS Lambda functions so that you can build and run multi-step applications in a matter of minutes. This session shows how to use AWS Step Functions to create, run, and debug cloud state machines to execute parallel, sequential, and branching steps of your application, with automatic catch and retry conditions. We share how customers are using AWS Step Functions to reliably scale multi-step applications such as order processing, report generation, and data transformation–all without managing any infrastructure.

Serverless architectures let you build and deploy applications and services with infrastructure resources that require zero administration. In the past, you had to provision and scale servers to run your application code, install and operate distributed databases, and build and run custom software to handle API requests. Now, AWS provides a stack of scalable, fully-managed services that eliminates these operational complexities. In this session, you learn about the concepts and benefits of serverless architectures and the basics of the serverless stack AWS provides (e.g., AWS Lambda and Amazon API Gateway). We discuss use cases such as data processing, website backends, serverless applications and "operational glue". After that, you get practical tips and tricks, best practices, and architecture patterns that you can take back and implement immediately.

As serverless architectures become more popular, AWS customers need a framework of patterns to help them deploy their workloads without managing servers or operating systems. This session introduces and describes four re-usable serverless patterns for web apps, stream processing, batch processing, and automation. For each, we provide a TCO analysis and comparison with its server-based counterpart. We also discuss the considerations and nuances associated with each pattern and have customers share similar experiences. The target audience is architects, system operators, and anyone looking for a better understanding of how serverless architectures can help them save money and improve their agility.

As enterprises move to the cloud, robust connectivity is often an early consideration. AWS Direct Connect provides a more consistent network experience for accessing your AWS resources, typically with greater bandwidth and reduced network costs. This session dives deep into the features of AWS Direct Connect and VPNs. We discuss deployment architectures and demonstrate the process from start to finish. We’ll show you how to configure public and private virtual interfaces, configure routers, use VPN backup, and provide secure communication between sites by using the AWS VPN CloudHub.

Learn how to make your AWS databases up to 10x faster and up to 90% less expensive with Amazon ElastiCache for Redis. We’ll look at how to determine whether caching will benefit your database environment and show how to easily test and implement a high speed solution.

- The document provides guidance on implementing security best practices on AWS using a prescriptive approach, beginning with understanding AWS's shared security responsibility model and then covering topics like building compliance foundations, integrating identity and access management, enabling detective controls, establishing network security, implementing data protection, optimizing change management, and automating security functions. - It highlights AWS services and features for each topic and includes case studies showing how organizations have improved security and saved money by leveraging AWS security tools and services.

Erik Weaver, ETC Cloud Project Manager's presentation in the Storage and Archive track at the Media & Entertainment Cloud Symposium on November 8, 2016

[1] O documento discute os passos para uma jornada de migração para a nuvem, incluindo desenvolver um business case, estabelecer um modelo de pessoas, criar uma arquitetura de nuvem e estratégia de migração, e definir um modelo operacional. [2] É importante ter uma estratégia e plano detalhado, entender os componentes envolvidos e como otimizar os custos, e determinar o melhor caminho de migração. [3] Recursos como parceiros, ferramentas e serviços da AWS podem a

Amazon Web Services IoT is a managed cloud service that enables Internet-connected things to easily and securely interact with each other and cloud resources. We dive into demo applications that tie together physical IoT devices, web browsers and identity providers to create smart, connected applications using Amazon Web Services. Speaker: Adam Larter, Solutions Architect, Amazon Web Services

This document outlines best practices and anti-patterns for using Amazon CloudFront. It begins with an overview of CloudFront and its key capabilities as a content delivery network. It then discusses important CloudFront concepts and provides details on best practices for caching, object invalidation, versioning, compression, expiration settings, domain sharding, and origin server configurations. Anti-patterns around expensive and unmanageable cache invalidation approaches are also presented. The document aims to help users optimize CloudFront performance and manageability.

This document discusses Amazon Web Services and provides information about Kien Nguyen, an AWS Cloud leader at SETA International Vietnam. It lists Amazon S3 for simple storage and Amazon CloudFront for content delivery. The document notes that AWS currently has 13 regions and 35 availability zones, and next year will add 4 more regions and 9 more availability zones. It also provides links to join AWS Vietnam meetup and slack groups to learn more about architecting for high availability.

Twilio provides a communications API that enables voice, VoIP, and messaging capabilities for web and mobile apps. They migrated their infrastructure from the isolated EC2-Classic platform to EC2-VPC to enable global routing between regions and services. This reduced complexity, improved performance and latency, and allowed for more frequent and less risky deployments. The migration required bridging traffic between EC2-Classic and EC2-VPC instances and using software routers and service discovery for peering between regions. The new global VPC infrastructure improved customer experience and satisfaction.

The document discusses Bridget Kromhout, who lives in Minneapolis, Minnesota and works at Pivotal. It references several resources on monitoring including "The Art of Monitoring" by James Turnbull from 2016, which discusses monitoring containers and includes a monitoring maturity model. It also references a paper from Google about cluster management at Google with Borg that discusses tasks publishing health and performance metrics. Finally, it references a quote from Mel Conway about system design copying an organization's communication structure.

Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the AWS cloud where you can launch AWS resources in a virtual network that you define. In this talk, we discuss advanced tasks in Amazon VPC, including the implementation of VPC peering, the creation of multiple network zones, the establishment of private connections, and the use of multiple routing tables. We also provide information for current Amazon EC2-Classic network customers and help you prepare to adopt Amazon VPC.

This document provides an overview and summary of recent innovations to Amazon S3. It discusses new storage classes like Standard - Infrequent Access storage, data ingestion options like S3 Transfer Acceleration and Amazon Kinesis Firehose, enhanced visibility and control of data, and expanded integration with services like AWS CloudTrail and CloudWatch. It also provides examples of how to use lifecycle policies to transition objects between storage classes and automatically delete incomplete multipart uploads or expired object delete markers.

Get end to end web transaction awareness by deploying our PHP agent on your Apache server. Ensure all your performance issues are isolated and resolved quickly.

Learning Objectives: • Learn how to use CloudFront dynamic delivery features • See a live demo and learn how to take advantage of Cloud Front newest features Traditionally, content delivery networks (CDNs) were designed to accelerate static content. Amazon CloudFront supports delivery of an entire website, including dynamic, static, streaming and interactive content using a global network of edge locations. CloudFront integrates with other AWS services that are built to scale massively. Together, the solution can automatically scale to millions of users by leveraging the global reach of CloudFront and the auto scaling capability of AWS platform. In this talk, we introduce you to various design patterns and best practices to build a massively scalable solution using CloudFront. We discuss how this scale can be achieved without compromising on availability, security or cost.

The document provides tips for building a scalable and high-performance website, including using caching, load balancing, and monitoring. It discusses horizontal and vertical scalability, and recommends planning, testing, and version control. Specific techniques mentioned include static content caching, Memcached, and the YSlow performance tool.

Traditionally, content delivery networks (CDNs) were known to accelerate static content. Amazon CloudFront has come a long way and now supports delivery of entire websites that include dynamic and static content. In this session, we introduce you to CloudFront’s dynamic delivery features that help improve the performance, scalability, and availability of your website while helping you lower your costs. We talk about architectural patterns such as SSL termination, close proximity connection termination, origin offload with keep-alive connections, and last-mile latency improvement. Also learn how to take advantage of Amazon Route 53's health check, automatic failover, and latency-based routing to build highly available web apps on AWS.

Over the past decade the field of Cloud Computing has been the focus of intensive research. In this paper we propose a framework that will simulate the architectural setup of a cloud environment and examine how it can leverage Apriori and Sequential Pattern based recommendation algorithms through R. Furthermore, we present a multi layered application encompassing its backend architecture, user interface built using the responsive web design technique and its development workflow. The proposed system was also exhaustively load tested using Apache JMeter to ensure its reliability at scale and the experimental results are presented.

The document discusses strategies for transitioning from monolithic architectures to microservice architectures. It outlines some of the challenges with maintaining large monolithic applications and reasons for modernizing, such as handling more data and needing faster changes. It then covers microservice design principles and best practices, including service decomposition, distributed systems strategies, and reactive design. Finally it introduces Lagom as a framework for building reactive microservices on the JVM and outlines its key components and development environment.

DevNexus 2017 Microservices-based architectures are en-vogue. The last couple of years we have learned how the thought-leaders implement them, and every other week we have heard about how containers and Platform-as-a-Service offerings make them ultimately happen. The problem is that the developers are almost forgotten and left alone with provisioning and continuous delivery systems, containers and resource schedulers, and frameworks and patterns to help slice existing monoliths. How can we get back in control and efficiently develop them without having to provision complete production-like environments locally, by hand? All the new buzzwords, frameworks, and hyped tools have made us forget ourselves—Java developers–and what it means to be productive and have fun building systems. The problem that we set out to solve is: how can we run real-world Microservices-based systems on our local development machines, managing provisioning, and orchestration of potentially hundreds of services directly from a single command line tool, without sacrificing productivity enablers like hot code reloading and instant turnaround time? During this talk, you’ll experience first-hand how much fun it can be to develop large-scale Microservices-based systems. You will learn a lot about what it takes to fail fast and recover and truly understand the power of a fully integrated Microservices development environment.

NBCUniversal, a worldwide mass media corporation, was looking for a more affordable and easier way to manage their database solution that hosts their extensive online digital assets. With Datavail’s assistance, NBCUniversal, made the move from MongoDB 3.6 to MongoDB Atlas on AWS.

You know PowerShell and you must have heard of DSC, but 6 years after its creation, where are we at? Join Gael Colas, a well-known DSC contributor and Microsoft MVP, in this session, he will show what's happening in the DSC community, how to get started, where to find information or help, and some best practices to follow. He will demo some concepts, practices and use cases, share some code, and insights about who's behind DSC and what they are doing, so you have no excuse for not learning Configuration Management! - Demo code: https://github.com/gaelcolas/packer-templates Follow & connect with Gael Colas: - Twitter: https://twitter.com/gaelcolas - LinkedIn: https://www.linkedin.com/in/gaelcolas/ - Blog: https://gaelcolas.com/ Thanks to dotdigital Group (https://dotdigital.com / https://twitter.com/dotdigital) for providing the venue, food and drinks. We very much appreciate your continued support of our community of PowerShell & DevOps tech enthusiasts. Join our next event at https://www.meetup.com/PowerShell-London-UK/. We are running at least one Meetup every month. #PowerShell #PSDSC