E-commerce websites often handle sensitive data, such as credit card information, user profiles, and purchase history. As such, they require a Payment Card Industry Data Security Standard (PCI DSS) compliant infrastructure in order to protect sensitive customer data. Because AWS is accredited as a Level 1 service provider under PCI DSS, you can run your application on PCI-compliant technology infrastructure for storing, processing, and transmitting credit card information in the cloud. As a merchant, you still have to manage your own PCI certification, but by using an accredited infrastr ucture service provider, you don’t need to put additional effort into PCI compliance at the infrastructure level. For more information about PCI compliance, go to the AWS Compliance Center . For example, you can create a VPC to host the customer database and manage the checkout process of your e-commerce website. To offer high availability, you set up private subnets in each Availability Zone within the same region and then deploy your customer and order management databases in each Availability Zone. Your checkout servers will be in an Auto Scaling group over several private subnets in different Availability Zones. Those servers will be behind an elastic load balancer that spans public subnets across all used Availability Zones. By combining VPC, subnets, network ACLs, and security groups, you have fine-grained control over access to your AWS infrastructure. Y ou’ll be prepared for the main challenges — scalability, security, elasticity, and availability — for the most sensitive part of e-commerce websites. Figure 5 shows an example of a checkout architecture.
Extend Your IT Infrastructure with Amazon Virtual Private Cloud December 2013 Page 9 of 17 Virtual Private Cloud Checkout Servers Auto Scaling Group Checkout Servers Availability Zone B Private Subnet Private Subnet Public Subnet Clients Users Elastic Load Balancer Security Group Elastic Load Balancer Availability Zone A Public Subnet Standby Replica of Customer and Order Database Private Subnet Private Subnet Customer and Order Database Master Internet Gateway Figure 5: Example of a checkout architecture Build a Development and Test Environment Software environments are in constant flux, with new versions, features, patches, and updates. Software changes must often be deployed rapidly, with little time to carry out regression testing. Your ideal test environment would be an exact replica of your production environment where you would apply your updates and then test them against a typical workload. When the update or new version passes all tests, you can roll it into production with greater confidence. To build such a test environment in-house, you would have to provision a lot of hardware that would go unused most of the time. Sometimes this unused hardware is subsequently repurposed, leaving you without your test environment when you need it. Amazon VPC can help you build an economical and functional test environment that simulates your live production environment that can be launched when you need it, and shut down when you’re finished testing. You
You've reached the end of your free preview.
Want to read all 17 pages?
- Spring '17
- ........., IP address, Amazon Web Services, Amazon Elastic Compute Cloud