248 lines
10 KiB
Markdown
248 lines
10 KiB
Markdown
# Deploying and Managing Infrastructure at Scale
|
||
|
||
- [Deploying and Managing Infrastructure at Scale](#deploying-and-managing-infrastructure-at-scale)
|
||
- [What is CloudFormation?](#what-is-cloudformation)
|
||
- [Benefits of AWS CloudFormation](#benefits-of-aws-cloudformation)
|
||
- [CloudFormation Stack Designer](#cloudformation-stack-designer)
|
||
- [AWS Cloud Development Kit (CDK)](#aws-cloud-development-kit-cdk)
|
||
- [Developer problems on AWS](#developer-problems-on-aws)
|
||
- [AWS Elastic Beanstalk Overview](#aws-elastic-beanstalk-overview)
|
||
- [Elastic Beanstalk - Health Monitoring](#elastic-beanstalk---health-monitoring)
|
||
- [AWS CodeDeploy](#aws-codedeploy)
|
||
- [AWS CodeCommit](#aws-codecommit)
|
||
- [AWS CodeBuild](#aws-codebuild)
|
||
- [AWS CodePipeline](#aws-codepipeline)
|
||
- [AWS CodeArtifact](#aws-codeartifact)
|
||
- [AWS CodeStar](#aws-codestar)
|
||
- [AWS Cloud9](#aws-cloud9)
|
||
- [AWS Systems Manager (SSM)](#aws-systems-manager-ssm)
|
||
- [How Systems Manager works](#how-systems-manager-works)
|
||
- [Systems Manager - SSM Session Manager](#systems-manager---ssm-session-manager)
|
||
- [AWS OpsWorks](#aws-opsworks)
|
||
- [Deployment - Summary](#deployment---summary)
|
||
- [Developer Services - Summary](#developer-services---summary)
|
||
|
||
## What is CloudFormation?
|
||
|
||
- CloudFormation is a declarative way of outlining your AWS Infrastructure, for any resources (most of them are supported).
|
||
- For example, within a CloudFormation template, you say:
|
||
- I want a security group
|
||
- I want two EC2 instances using this security group
|
||
- I want an S3 bucket
|
||
- I want a load balancer (ELB) in front of these machines
|
||
- Then CloudFormation creates those for you, in the right order, with the exact configuration that you specify
|
||
|
||
### Benefits of AWS CloudFormation
|
||
|
||
- Infrastructure as code
|
||
- No resources are manually created, which is excellent for control
|
||
- Changes to the infrastructure are reviewed through code
|
||
- Cost
|
||
- Each resources within the stack is tagged with an identifier so you can easily see how much a stack costs you
|
||
- You can estimate the costs of your resources using the CloudFormation template
|
||
- Savings strategy: In Dev, you could automation deletion of templates at 5 PM and recreated at 8 AM, safely
|
||
- Productivity
|
||
- Ability to destroy and re-create an infrastructure on the cloud on the fly
|
||
- Automated generation of Diagram for your templates!
|
||
- Declarative programming (no need to figure out ordering and orchestration)
|
||
- Don’t re-invent the wheel
|
||
- Leverage existing templates on the web!
|
||
- Leverage the documentation
|
||
- Supports (almost) all AWS resources:
|
||
- Everything we’ll see in this course is supported
|
||
- You can use “custom resources” for resources that are not supported
|
||
|
||
### CloudFormation Stack Designer
|
||
|
||
- Example: WordPress CloudFormation Stack
|
||
- We can see all the resources
|
||
- We can see the relations between the components
|
||
|
||
## AWS Cloud Development Kit (CDK)
|
||
|
||
- Define your cloud infrastructure using a familiar language:
|
||
- JavaScript/TypeScript, Python, Java, and .NET
|
||
- The code is “compiled” into a CloudFormation template (JSON/YAML)
|
||
- You can therefore deploy infrastructure and application runtime code together
|
||
- Great for Lambda functions
|
||
- Great for Docker containers in ECS / EKS
|
||
|
||
## Developer problems on AWS
|
||
|
||
- Managing infrastructure
|
||
- Deploying Code
|
||
- Configuring all the databases, load balancers, etc
|
||
- Scaling concerns
|
||
- Most web apps have the same architecture (ALB + ASG)
|
||
- All the developers want is for their code to run!
|
||
- Possibly, consistently across different applications and environments
|
||
|
||
## AWS Elastic Beanstalk Overview
|
||
|
||
- Elastic Beanstalk is a developer centric view of deploying an application on AWS
|
||
- It uses all the component’s we’ve seen before: EC2, ASG, ELB, RDS, etc…
|
||
- But it’s all in one view that’s easy to make sense of!
|
||
- We still have full control over the configuration
|
||
- Beanstalk = Platform as a Service (PaaS)
|
||
- Beanstalk is free but you pay for the underlying instances
|
||
- Managed service
|
||
- Instance configuration / OS is handled by Beanstalk
|
||
- Deployment strategy is configurable but performed by Elastic Beanstalk
|
||
- Capacity provisioning
|
||
- Load balancing & auto-scaling
|
||
- Application health-monitoring & responsiveness
|
||
- Just the application code is the responsibility of the developer
|
||
- Three architecture models:
|
||
- Single Instance deployment: good for dev
|
||
- LB + ASG: great for production or pre-production web applications
|
||
- ASG only: great for non-web apps in production (workers, etc..)
|
||
|
||
- Support for many platforms:
|
||
- Go
|
||
- Java SE
|
||
- Java with Tomcat
|
||
- .NET on Windows Server with IIS
|
||
- Node.js
|
||
- PHP
|
||
- Python
|
||
- Ruby
|
||
- Packer Builder
|
||
- Single Container Docker
|
||
- Multi-Container Docker
|
||
- Preconfigured Docker
|
||
|
||
### Elastic Beanstalk - Health Monitoring
|
||
|
||
- Health agent pushes metrics to CloudWatch
|
||
- Checks for app health, publishes health events
|
||
|
||
## AWS CodeDeploy
|
||
|
||
- We want to deploy our application automatically
|
||
- Works with EC2 Instances
|
||
- Works with On-Premises Servers
|
||
- Hybrid service
|
||
- Servers / Instances must be provisioned and configured ahead of time with the CodeDeploy Agent
|
||
|
||
## AWS CodeCommit
|
||
|
||
- Before pushing the application code to servers, it needs to be stored somewhere
|
||
- Developers usually store code in a repository, using the Git technology
|
||
- A famous public offering is GitHub, AWS’ competing product is CodeCommit
|
||
- CodeCommit:
|
||
- Source-control service that hosts Git-based repositories
|
||
- Makes it easy to collaborate with others on code
|
||
- The code changes are automatically versioned
|
||
- Benefits:
|
||
- Fully managed
|
||
- Scalable & highly available
|
||
- Private, Secured, Integrated with AWS
|
||
|
||
## AWS CodeBuild
|
||
|
||
- Code building service in the cloud (name is obvious)
|
||
- Compiles source code, run tests, and produces packages that are ready to be deployed (by CodeDeploy for example)
|
||
- Benefits:
|
||
- Fully managed, serverless
|
||
- Continuously scalable & highly available
|
||
- Secure
|
||
- Pay-as-you-go pricing – only pay for the build time
|
||
|
||
## AWS CodePipeline
|
||
|
||
- Orchestrate the different steps to have the code automatically pushed to production
|
||
- Code => Build => Test => Provision => Deploy
|
||
- Basis for CICD (Continuous Integration & Continuous Delivery)
|
||
- Benefits:
|
||
- Fully managed, compatible with CodeCommit, CodeBuild, CodeDeploy, Elastic Beanstalk, CloudFormation, GitHub, 3rd-party services (GitHub…) & custom plugins…
|
||
- Fast delivery & rapid updates
|
||
|
||
- CodePipeline: orchestration layer
|
||
- CodeCommit => CodeBuild => CodeDeploy => Elastic Beanstalk
|
||
|
||
## AWS CodeArtifact
|
||
|
||
- Software packages depend on each other to be built (also called code dependencies), and new ones are created
|
||
- Storing and retrieving these dependencies is called artifact management
|
||
- Traditionally you need to setup your own artifact management system
|
||
- CodeArtifact is a secure, scalable, and cost-effective artifact management for software development
|
||
- Works with common dependency management tools such as Maven, Gradle, npm, yarn, twine, pip, and NuGet
|
||
- Developers and CodeBuild can then retrieve dependencies straight from CodeArtifact
|
||
|
||
## AWS CodeStar
|
||
|
||
- Unified UI to easily manage software development activities in one place
|
||
- “Quick way” to get started to correctly set-up CodeCommit, CodePipeline, CodeBuild, CodeDeploy, Elastic Beanstalk, EC2, etc…
|
||
- Can edit the code ”in-the-cloud” using AWS Cloud9
|
||
|
||
## AWS Cloud9
|
||
|
||
- AWS Cloud9 is a cloud IDE (Integrated Development Environment) for writing, running and debugging code
|
||
- “Classic” IDE (like IntelliJ, Visual Studio Code…) are downloaded on a computer before being used
|
||
- A cloud IDE can be used within a web browser, meaning you can work on your projects from your office, home, or anywhere with internet with no setup necessary
|
||
- AWS Cloud9 also allows for code collaboration in real-time (pair programming)
|
||
|
||
## AWS Systems Manager (SSM)
|
||
|
||
- Helps you manage your EC2 and On-Premises systems at scale
|
||
- Another Hybrid AWS service
|
||
- Get operational insights about the state of your infrastructure
|
||
- Suite of 10+ products
|
||
- Most important features are:
|
||
- Patching automation for enhanced compliance
|
||
- Run commands across an entire fleet of servers
|
||
- Store parameter configuration with the SSM Parameter Store
|
||
- Works for both Windows and Linux OS
|
||
|
||
### How Systems Manager works
|
||
|
||
- We need to install the SSM agent onto the systems we control
|
||
- Installed by default on Amazon Linux AMI & some Ubuntu AMI
|
||
- If an instance can’t be controlled with SSM, it’s probably an issue with the SSM agent!
|
||
- Thanks to the SSM agent, we can run commands, patch & configure our servers
|
||
|
||
### Systems Manager - SSM Session Manager
|
||
|
||
- Allows you to start a secure shell on your EC2 and on-premises servers
|
||
- No SSH access, bastion hosts, or SSH keys needed
|
||
- No port 22 needed (better security)
|
||
- Supports Linux, macOS, and Windows
|
||
- Send session log data to S3 or CloudWatch Logs
|
||
|
||
## AWS OpsWorks
|
||
|
||
- Chef & Puppet help you perform server configuration automatically, or repetitive actions
|
||
- They work great with EC2 & On-Premises VM
|
||
- AWS OpsWorks = Managed Chef & Puppet
|
||
- It’s an alternative to AWS SSM
|
||
- Only provision standard AWS resources:
|
||
- EC2 Instances, Databases, Load Balancers, EBS volumes…
|
||
- **Chef or Puppet needed => AWS OpsWorks**
|
||
|
||
## Deployment - Summary
|
||
|
||
- CloudFormation: (AWS only)
|
||
- Infrastructure as Code, works with almost all of AWS resources
|
||
- Repeat across Regions & Accounts
|
||
- Beanstalk: (AWS only)
|
||
- Platform as a Service (PaaS), limited to certain programming languages or Docker
|
||
- Deploy code consistently with a known architecture: ex, ALB + EC2 + RDS
|
||
- CodeDeploy (hybrid): deploy & upgrade any application onto servers
|
||
- Systems Manager (hybrid): patch, configure and run commands at scale
|
||
- OpsWorks (hybrid): managed Chef and Puppet in AWS
|
||
|
||
## Developer Services - Summary
|
||
|
||
- CodeCommit: Store code in private git repository (version controlled)
|
||
- CodeBuild: Build & test code in AWS
|
||
- CodeDeploy: Deploy code onto servers
|
||
- CodePipeline: Orchestration of pipeline (from code to build to deploy)
|
||
- CodeArtifact: Store software packages / dependencies on AWS
|
||
- CodeStar: Unified view for allowing developers to do CICD and code
|
||
- Cloud9: Cloud IDE (Integrated Development Environment) with collab
|
||
- AWS CDK: Define your cloud infrastructure using a programming language
|
||
|
||
* * *
|
||
|
||
[👈 Other Compute Section](./other_compute.md) [Home](../README.md) [Global Infrastructure 👉](./global_infrastructure.md)
|