Author: Aurobindo Sarkar & Amit Shah

Publisher: Packt Publishing
Print: 178728106X
Kindle: B0771MYVDH
Audience: Architects and DevOps
Rating: 4.0
Reviewer: Ian Stirk 

Chapter 6 Designing for and Implementing Security

Security is important because… your customers say it is! It is often the primary reason for the resistance in hosting applications in the cloud. This chapter outlines some of the best practices used to secure AWS applications, these include:   

• Security inbuilt into various services (IAM roles, CloudTrail, CloudWatch)

• Security considerations while using CloudFront (a content delivery network)

• Logging for security analysis

• Reviewing and auditing security configuration

There’s a helpful walkthrough on setting up security using IAM roles, the Key Management Service, and configuring SSL. Next, securing data at rest is examined in the context of Amazon Simple Storage Service (S3) and Relational Database Service (RDS).

The chapter then switches to applying various security aspects to the included sample application, with step-by-step instructions together with plenty of screenshots. Although the chapter is wide-ranging, it feels lightweight in terms of depth of explanation.

Chapter 7 Deploying to Production and Going Live

This chapter discusses various tools, approaches and best practices that ease the movement of your application to a production environment, together with subsequent monitoring.  

The primary tool discussed for creating and managing AWS environments is CloudFormation. You’re encourage to use the provided templates from the beginning, even if deployment via the console is easier initially, eventually your investment will pay off as the deployment process increases in complexity. An overview of building a DevOps pipeline is provided,

Once the application is in production, it will need monitoring. CloudWatch is the primary tool for this, it can monitor for various errors (e.g. S3 logs, HTTP exceptions). It can integrate with CloudTrail logs to monitor calls to AWS services.

Next, the chapter moves on to looking at the importance of backup and archiving. This is useful because it is a primary entry point for companies considering their first usage of the cloud. A good experience here can often lead to further, more comprehensive cloud usage. The importance of having a go-live set of instructions, and testing this plan is noted (this should occur on any platform, not just the cloud). The chapter ends with a step-by-step walkthrough of its content applied to the sample application.

This chapter provides useful guidance on what to consider when deploying your applications to the cloud. There’s a useful point about engaging with Amazon’s architects, since they’ve done this work before, so you can get it right first time. 

 (click cover to purchase from Packt)

The book ends with a further three chapters that relate to designing, implementing, and deploying a Big Data application with AWS.

Conclusion

Learning AWS, Second Edition aims to introduce Amazon Web Services to architects, and tentatively succeeds. On the upside, it has useful explanations, helpful diagrams, instructive step-by-step walkthroughs, and lots of real-world practical advice. The downside is the book is not for beginners, it assumes you’re an experienced software architect, familiar with the various patterns and approaches.

I wonder if it would have been better to expand the existing chapters for the beginner – perhaps this could have been done instead of including the final three chapters on designing, implementing, and deploying a Big Data application. Owing to the prevalence of acronyms, a glossary would be useful.

The book competes with various free offerings from Amazon itself. That said, it is useful to see the evolution of an AWS application from start to end.

I suspect in the near future, especially if privacy concerns abate, the cloud will become the default platform for software applications. As a personal insight into the advantages of using the cloud, I often work in financial environments, where the lead time for getting a new on-premise server can be 3 to 6 months - with a cloud-based offering the server can be available within minutes. Other advantages (e.g. cost-saving, on-demand scalability), are similarly convincing.

Overall, if you’re an existing architect wanting to learn about AWS, this is a very good book. Otherwise it is limited.

• For other recommended titles on cloud computing see Cloud Computing Books Pick Of The Bunch from our Programmer's Bookshelf 

To keep up with our coverage of books for programmers, follow @bookwatchiprog on Twitter or subscribe to I Programmer's Books RSS feed for each day's new addition to Book Watch and for new reviews.