SlideShare a Scribd company logo

GoDataFest 2019 Data Hubs

M
Martijn van Dongen

This document discusses architectural patterns and security best practices for data-intensive AWS platforms. It provides an overview of AWS services for data lakes, analytics, machine learning and networking. Specific sections cover permissions management using IAM, SCP and resource-based policies, data ingestion from databases into S3, analytics using Glue and Athena, and deploying a SageMaker model using API Gateway. The final slides discuss a data hub implementation at Pathé.

Technology
1 of 23
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
Data HubsData Hubs Architectural Patterns & Security BestArchitectural Patterns & Security Best Practices for Data-Intensive AWSPractices for Data-Intensive AWS PlatformsPlatforms Martijn van DongenMartijn van Dongen AWS Cloud Evangelist | Founder AWSug.nl | AWS APN AmbassadorAWS Cloud Evangelist | Founder AWSug.nl | AWS APN Ambassador 1
Hands-on AWSHands-on AWS WorkshopsWorkshops instruqt.cominstruqt.com 2
Doing "Consultancy"Doing "Consultancy" Currently @ PathéCurrently @ Pathé 3
Organizing MeetupsOrganizing Meetups AWSug.nlAWSug.nl 4
SpeakingSpeaking 5
Data HubsData Hubs Architectural Patterns & Security BestArchitectural Patterns & Security Best Practices for Data-Intensive AWSPractices for Data-Intensive AWS PlatformsPlatforms Martijn van DongenMartijn van Dongen AWS Cloud Evangelist | Founder AWSug.nl | AWS APN AmbassadorAWS Cloud Evangelist | Founder AWSug.nl | AWS APN Ambassador 6
Well Known Analytics & ML ServicesWell Known Analytics & ML Services Athena EMR QuickSight GlueLake Formation Sagemaker Forecast Personalize DeepRacer Rekognition S3 IAM 7
But, how about these...?But, how about these...? EFS KMS API Gateway RDSDMS VPC VPN Transit Gateway ECS Lambda 8
High Level OverviewHigh Level Overview AWS Cloud CRM ERP Database Migration Service S3 Data Lake Sagemaker Athena API Gateway Quicksight Analysts Apps 9
So, AWS Lake Formation?So, AWS Lake Formation? 10
PermissionsPermissions AWS Account Key Management Service Users S3 Organizations Service Control Policies Key Policies Identity-Based Policies Bucket Policies Resource- Based Policies 11
Service Control Policies (SCP)Service Control Policies (SCP) Statement: - Sid: "DenyAllOutsideEU" Effect: Deny NotAction: - "s3:*" - "rds:*" - "ec2:*" # ... Resource: "*" Condition: StringNotEquals: "aws:RequestedRegion": - "eu-west-1" - "eu-central-1" 12
Identity-Based Policies (IAM)Identity-Based Policies (IAM) Statement: - Sid: "AllowUserSeeBuckets" Effect: Allow Action: - "s3:ListAllMyBuckets" Resource: "arn:aws:s3:::*" - Sid: "AllowUserReadDataSet" Effect: Allow Action: - "s3:Get*" Resource: - "arn:aws:s3:::examplebucket/dataset/*" 13
Identity-Based Policies (IAM)Identity-Based Policies (IAM) Statement: - Sid: "AllowUserReadDataSet" Effect: Allow Action: - "s3:Get*" Resource: - "arn:aws:s3:::examplebucket/dataset/*" Condition: StringEquals: { "s3:ResourceTag/PCI": "False" } 14
Resource-Based PoliciesResource-Based Policies Statement: - Sid: "DenyWhenNotEncrypted" Effect: Deny Principal: * Action: "s3:PutObject" Resource: "arn:aws:s3:::examplebucket/*" Condition: StringNotLikeIfExists: { "s3:x-amz-server-side-encryption-aws-kms-key-id": "arn:aws:kms:eu-west-1:111122223333:key/*" } 15
NetworkingNetworking AWS Cloud Datacenter A Datacenter B CRM ERP Data Transit VPC Dev VPC Transit Gateway DMS Sagemaker S3 Data Lake 16
Data IngestionData Ingestion Source Database Migration Service RDS S3 Staging Glue S3 Datalake Internet 17
OverviewOverview AWS Cloud CRM ERP Database Migration Service S3 Data Lake Sagemaker Athena API Gateway Quicksight Analysts Apps 18
AnalyticsAnalytics Crawl S3 Datalake Schema Glue Athena Quicksight Analysts 19
OverviewOverview AWS Cloud CRM ERP Database Migration Service S3 Data Lake Sagemaker Athena API Gateway Quicksight Analysts Apps 20
Sagemaker VPCSagemaker VPC VPC Public subnet Private subnet Data subnet Elastic File SystemNAT Gateway Internet Sagemaker VPC EndpointS3 Data Lake 21
Now publish that APINow publish that API S3 Datalake Sagemaker Elastic Container Repository Internet Elastic Container Service (ECS) ECS for  Kubernetes API Gateway Sagemaker Inference Lambda 22
Pathé Data HubPathé Data Hub Diederik MeijerinkDiederik Meijerink 23

More Related Content

PDF
Move fast, build things with AWS (June 2016)
Julien SIMON
 
PDF
Busting the Myths to AWS Cloud Adoption_Liam Caskie
Helen Rogers
 
PDF
IoT at the Edge_Greengrass and More_ Craig Lawton_AWS
Helen Rogers
 
PDF
Building Dynamic Pipelines in Azure Data Factory (SQLSaturday Oslo)
Cathrine Wilhelmsen
 
PDF
Modern Data Platforms - Thinking Data Flywheel on the Cloud
Alluxio, Inc.
 
PDF
A Public Sector Guide to AWS_ Avi Lewin
Helen Rogers
 
PDF
Cloudreach Voices - Azure Active Directory
Cloudreach
 
PDF
The Economics of Innovation_Andrew Phillips_AWS
Helen Rogers
 
Move fast, build things with AWS (June 2016)
Julien SIMON
 
Busting the Myths to AWS Cloud Adoption_Liam Caskie
Helen Rogers
 
IoT at the Edge_Greengrass and More_ Craig Lawton_AWS
Helen Rogers
 
Building Dynamic Pipelines in Azure Data Factory (SQLSaturday Oslo)
Cathrine Wilhelmsen
 
Modern Data Platforms - Thinking Data Flywheel on the Cloud
Alluxio, Inc.
 
A Public Sector Guide to AWS_ Avi Lewin
Helen Rogers
 
Cloudreach Voices - Azure Active Directory
Cloudreach
 
The Economics of Innovation_Andrew Phillips_AWS
Helen Rogers
 

Similar to GoDataFest 2019 Data Hubs (12)

PPTX
AWS Startup Day Bangalore: Being Well-Architected in the Cloud
Adrian Hornsby
 
PPTX
2016 Utah Cloud Summit: Architecting on AWS - Best Practices
1Strategy
 
PDF
Denver AWS Meetup - March 2019 slides
David McDaniel
 
PDF
Well Architected Framework Presentation @ TU Delft
Sander Knape
 
PPTX
AWS Big Data Demystified #1.2 | Big Data architecture lessons learned
Omid Vahdaty
 
PDF
AWS Meetup - Well-architected Framework (31012017)
Jamie van Brunschot
 
PPTX
Getting to 1.5M Ads/sec: How DataXu manages Big Data
Qubole
 
PDF
Denver AWS Meetup - February 2019
David McDaniel
 
PPTX
Cloud platforms - Cloud Computing
Aditi Rai
 
PPTX
AWS Skills for the Modern IT Professional.
CBitss Technologies
 
PDF
Making it easy to work with data
Charles Smith
 
PPTX
Being Well Architected in the Cloud (Updated)
Adrian Hornsby
 
AWS Startup Day Bangalore: Being Well-Architected in the Cloud
Adrian Hornsby
 
2016 Utah Cloud Summit: Architecting on AWS - Best Practices
1Strategy
 
Denver AWS Meetup - March 2019 slides
David McDaniel
 
Well Architected Framework Presentation @ TU Delft
Sander Knape
 
AWS Big Data Demystified #1.2 | Big Data architecture lessons learned
Omid Vahdaty
 
AWS Meetup - Well-architected Framework (31012017)
Jamie van Brunschot
 
Getting to 1.5M Ads/sec: How DataXu manages Big Data
Qubole
 
Denver AWS Meetup - February 2019
David McDaniel
 
Cloud platforms - Cloud Computing
Aditi Rai
 
AWS Skills for the Modern IT Professional.
CBitss Technologies
 
Making it easy to work with data
Charles Smith
 
Being Well Architected in the Cloud (Updated)
Adrian Hornsby
 
Ad

Recently uploaded (20)

PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
PDF
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PDF
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
SHREYAS PHANSE
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PDF
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
SHREYAS PHANSE
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
Ad

GoDataFest 2019 Data Hubs