In the light of development of technology, an organization needs to evolve and improve their products at the same type of fast pace. DevOps is a method that can enhance the traditional software development and infrastructure management processes.
AWS provides a set of tools and services for DevOps practices. In this Workshop, Nextlink will provide an in-depth introduction and demonstration for AWS Code Services family and AWS CloudFormation.
Let DevOps become one of the best practices of your organization!
2. LINK YOU TO THE CLOUD
Introduction
Nextlink
Founded in 2006 | Hong Kong . Taiwan . Thailand
is an internationally renowned Asia-Pacific agent, voted one
of the most promising AWS partner by CIO Solution
Magazine. We are an expert in cloud services: specialized,
speedy, and with an eye and heart for detail. We actively
integrate our own cloud, ICT, cost optimization, hosting, and
migration services, with the best international resources to
develop customized solutions, such as global CDN networks,
video streaming, and Big Data.
3. LINK YOU TO THE CLOUD
Our Services
www.nextlink.com.hkISO 9001 | ISO 27001
Cloud
Management
• Infrastructure
• Application
• Information
Security
• Migration
Strategy
• Architecture
• Operation
• 24/7 Monitoring
• Emergency
Notification
Cloud
Migration
Smart
IDC
Smart
Monitoring
Support
Center
Customized
Service
• Multi-loop
Backup Network
• Exclusive
Hosting Services
• Help Desk
Technical Support
• Customized
Training
• Customized Project,
Solution Planning,
Deployment and
Execution.
4. LINK YOU TO THE CLOUD
Products and Solutions
www.nextlink.com.hkISO 9001 | ISO 27001
Big DataSmart Monitoring IoTSecurity Streaming
X
6. LINK YOU TO THE CLOUDAWS CodePipeline Integrations
Depl
oy
AWS
CodeBuild
AWS
CodeDeploy
AWS
CodeCommit
Amazon S3 AWS
Elastic Beanstalk
AWS
CloudFormation
AWS
OpsWorks
Third-party
tooling
AWS
CodePipeline
www.nextlink.com.hkISO 9001 | ISO 27001
Source Build Test Deploy
7. LINK YOU TO THE CLOUDAWS Infrastructure Deployment
AWS
OpsWorks
AWS
CloudFormation
AWS Elastic
Beanstalk
DevOps framework for
application lifecycle
management and
automation
Templates to deploy &
update infrastructure
as code
Automated resource
management – web
apps made easy
DIY
On Demand
DIY, on demand
resources: EC2, S3,
custom AMI’s, etc.
Convenience Control
8. LINK YOU TO THE CLOUDInfrastructure as Code
www.nextlink.com.hkISO 9001 | ISO 27001
A practice in which traditional infrastructure management
techniques are supplemented by or replaced with code-
based tools and software development techniques.
9. LINK YOU TO THE CLOUDInfrastructure as Code Workflow
It’s all software!
Text Editor Git/SVN/Perforce Review Tools
Syntax
Validation Tools
AWS Services
Code
Version Control
Code Review
Integrate
Deploy
www.nextlink.com.hkISO 9001 | ISO 27001
10. AWS Resources
LINK YOU TO THE CLOUDInfrastructure as Code Workflow
Operating System and Host Configuration
Application Configuration
www.nextlink.com.hkISO 9001 | ISO 27001
11. LINK YOU TO THE CLOUDInfrastructure as Code Workflow
AWS Resources
Operating System and Host
Configuration
Application Configuration
AWS CloudFormation
AWS CloudFormation
AWS CloudFormation
Amazon Virtual Private Cloud
(Amazon VPC)
Amazon Elastic Compute Cloud
(Amazon EC2)
AWS Identity and Access
Management (IAM)
Amazon Relational Database
Service (Amazon RDS)
Amazon Simple Storage Service
(Amazon S3)
AWS CodePipeline
Microsoft Windows Registry
Linux networking
OpenSSH
LDAP
Active Directory Domain
registration
Centralized logging
System metrics
Deployment agents
Host monitoring
Application dependencies
Application configuration
Service registration
Management scripts
Database credentials
12. LINK YOU TO THE CLOUDApplication Deployment Approaches
• Deploy in place
• Rolling updates
• Blue-Green Deployment (aka Red-Black Deployment)
• Multiple environments deployment
• Support A/B testing
• “ Rolling DNS”
• Blue-Green Deployment (with ELB and ASG)
• Alternate auto scaling group
• Avoid messing with DNS
www.nextlink.com.hkISO 9001 | ISO 27001
13. LINK YOU TO THE CLOUDDeploy in place – Rolling update
www.nextlink.com.hkISO 9001 | ISO 27001
14. LINK YOU TO THE CLOUDDeploy in place – Rolling update
www.nextlink.com.hkISO 9001 | ISO 27001
15. LINK YOU TO THE CLOUDDeploy in place – Rolling update
www.nextlink.com.hkISO 9001 | ISO 27001
16. LINK YOU TO THE CLOUDDeploy in place – Rolling update
www.nextlink.com.hkISO 9001 | ISO 27001
17. LINK YOU TO THE CLOUDDeploy in place – Rolling update
www.nextlink.com.hkISO 9001 | ISO 27001
18. LINK YOU TO THE CLOUDDeploy in place – Rolling update
www.nextlink.com.hkISO 9001 | ISO 27001
19. LINK YOU TO THE CLOUDBlue-Green deployment
www.nextlink.com.hkISO 9001 | ISO 27001
Amazon
Route 53
EC2 Instances
ELB
100%
DynamoDB
MySQL RDS
Instance
ElastiCache
Cache Node
20. LINK YOU TO THE CLOUDBlue-Green deployment
www.nextlink.com.hkISO 9001 | ISO 27001
Amazon
Route 53
EC2 Instances
ELB
EC2 Instances
ELB
100%
UAT
DynamoDB
MySQL RDS
Instance
ElastiCache Cache
Node
21. LINK YOU TO THE CLOUDBlue-Green deployment
www.nextlink.com.hkISO 9001 | ISO 27001
Amazon
Route 53
EC2 Instances
ELB
EC2 Instances
ELB
90% 10%
DynamoDB
MySQL RDS
Instance
ElastiCache Cache
Node
22. LINK YOU TO THE CLOUDBlue-Green deployment
www.nextlink.com.hkISO 9001 | ISO 27001
Amazon
Route 53
EC2 Instances
ELB
EC2 Instances
ELB
50% 50%
DynamoDB
MySQL RDS
Instance
ElastiCache Cache
Node
23. LINK YOU TO THE CLOUDBlue-Green deployment
www.nextlink.com.hkISO 9001 | ISO 27001
Amazon
Route 53
EC2 Instances
ELB
EC2 Instances
ELB
0% 100%
DynamoDB
MySQL RDS
Instance
ElastiCache Cache
Node
24. LINK YOU TO THE CLOUDBlue-Green deployment
www.nextlink.com.hkISO 9001 | ISO 27001
Amazon
Route 53
EC2 Instances
ELB
EC2 Instances
ELB
0% 100%
DynamoDB
MySQL RDS
Instance
ElastiCache
Cache Node
25. LINK YOU TO THE CLOUDBlue-Green deployment with ELB
www.nextlink.com.hkISO 9001 | ISO 27001
26. LINK YOU TO THE CLOUDCloudFormation
www.nextlink.com.hkISO 9001 | ISO 27001
• Create templates of the infrastructure and
applications you want to run on AWS.
• Have CloudFormation automatically provision the
required AWS resources and their relationships
from the templates.
• Easily version, replicate, or update the
infrastructure and applications using the
templates.
• Integrates with other development, CI/CD, and
management tools.
27. LINK YOU TO THE CLOUDBenefits
www.nextlink.com.hkISO 9001 | ISO 27001
Templated resource
provisioning
Infrastructure
as code
Declarative
and flexible
Easy to use
28. LINK YOU TO THE CLOUDTemplated resource provisioning
www.nextlink.com.hkISO 9001 | ISO 27001
• Create templates to describe the AWS
resources used to run your application
• Provision identical copies of a stack
29. LINK YOU TO THE CLOUDInfrastructure as code
www.nextlink.com.hkISO 9001 | ISO 27001
• Templates can be stored in a source
control system
• Track all changes made to your
infrastructure stack
• Modify and update resources in a
controlled and predictable way
30. LINK YOU TO THE CLOUDDeclarative and flexible
www.nextlink.com.hkISO 9001 | ISO 27001
• Just choose the resources and
configurations you need
• Customize your template through
parameters
31. LINK YOU TO THE CLOUDEasy to use
www.nextlink.com.hkISO 9001 | ISO 27001
• Access through console, CLI, or SDKs
• Start with one of the many sample
templates
• Integrate with your development and
management tools
32. LINK YOU TO THE CLOUDCommon use cases
www.nextlink.com.hkISO 9001 | ISO 27001
Stack replication Blue/green
deployments
Infrastructure
as code
Infrastructure
scale out
33. LINK YOU TO THE CLOUDPricing
www.nextlink.com.hkISO 9001 | ISO 27001
• There is no additional charge for CloudFormation
• Customers pay only for the AWS resources (e.g., EC2 instances,
EBS volumes) created using CloudFormation
34. LINK YOU TO THE CLOUDUse a wide range of AWS services
and more …
35. LINK YOU TO THE CLOUDCloudFormation Concept & Terminology
36. LINK YOU TO THE CLOUDCloudFormation template: JSON
Plain text
Perfect for version control
Can be validated
37. LINK YOU TO THE CLOUDCloudFormation template: JSON
38. LINK YOU TO THE CLOUDCloudFormation template: JSON
39. LINK YOU TO THE CLOUDTemplate components
Headers Description of what your stack does, contains, and so on
Parameters Provision time values that add structured flexibility and customization
Mappings Predefined conditional case statements
Conditionals Conditional values set through evaluations of passed references
Resources AWS resource definitions
Outputs Resulting attributes of stack resource creation
40. LINK YOU TO THE CLOUD“How do I plan my stacks?”
41. LINK YOU TO THE CLOUDHow to get start?
Start with
existing Template
42. LINK YOU TO THE CLOUDAWS CloudFormation Designer
43. LINK YOU TO THE CLOUDCloudFormation Designer toolbar
Toolbar Navigation
Open: Local files/S3/stack
Save: Local files/launch stack
Validation: AWS resource schema
Refresh: Synchronize JSON text changes
44. LINK YOU TO THE CLOUDCloudFormation Designer Resources
All supported resources
Organized by service
Drag and drop onto canvas
Color-coded icons
45. LINK YOU TO THE CLOUDCloudFormation Designer canvas
Container Resources
e.g. EC2 VPCs, subnets
Connections between resources
e.g. Ref, DependsOn, GetAtt
Contextual Resource menu
Code/Clone/Delete/Docs
46. LINK YOU TO THE CLOUDCloudFormation Designer JSON Editor
Ctrl+Space : Within the Properties key of a
resource, lists all the available properties
for the resource
Ctrl+F : Search for a value in the JSON
editor.
Ctrl+ : Formats the text with proper
indentation and new lines
Ctrl+Shift+ : Removes all white space
50. LINK YOU TO THE CLOUDCloudFormation Change Sets
Preview the set of actions CloudFormation will take on
your behalf before you create or update stacks
Change Sets show you what resources will be created,
updated or replaced. This ensures that only expected
operations are executed
Original Stack
1.Create change set
Change set
2.View change set
Change set
3.Execute Change Set
AWS Cloud Formation
updates your stack
52. LINK YOU TO THE CLOUDAWS CloudFormation: Application Stack Example
Template File
Defining Stack
Git
Subversion
Mercurial
Dev
Test
Prod
The entire application can be represented
in an AWS CloudFormation template.
Use the version control system
of your choice to store and track
changes to this template
Build out multiple
environments, such as for
Development, Test, and
Production using the template
53. LINK YOU TO THE CLOUDBootstrapping applications and handling updates
Option 1
Use Amazon EC2 UserData, which is available as a property of
AWS::EC2::Instance resources
54. LINK YOU TO THE CLOUDBootstrapping applications and handling updates
Option 2
CloudFormation provides helper scripts for deployment
within your EC2 instances
Metadata key—
AWS::CloudFormation::Init
The cfn-init helper script reads this
metadata key and installs the
packages listed in this key (for
example, httpd, mysql, and php); cfn-
init also retrieves and expands files
listed as sources
55. LINK YOU TO THE CLOUDBootstrapping applications and handling updates
Option 2
Install packages with the native package management tool:
56. LINK YOU TO THE CLOUDBest practices
Reference: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/best-practices.html
Planning and organizing
• Organize your stacks by lifecycle and ownership
• Reuse templates to replicate stacks in multiple environments
• Verify quotas for all resource types
• Use nested stacks to reuse common template patterns
Creating templates
• Do not embed credentials in your templates
• Use AWS-specific parameter types
• Use parameter constraints
• Validate templates before using them
57. LINK YOU TO THE CLOUDBest practices
Reference: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/best-practices.html
Managing stacks
• Manage all stack resources through CloudFormation
• Create change sets before updating your stacks
• Use stack policies
• Use CloudTrail to log CloudFormation calls
• Use code reviews and revision controls to manage your templates
58. LINK YOU TO THE CLOUDBest practices
{
"Effect":"Allow”,
"Action":[
"cloudformation:CreateStack",
"cloudformation:UpdateStack”
],
"Condition":{
"ForAllValues:StringLike":{
"cloudformation:TemplateUrl":
["https://.amazonaws.com/TestBucket/*"]
}
}
}
{
"Effect":"Allow”,
"Action":[
"cloudformation:UpdateStack”
],
"Condition":{
"ForAllValues:StringEquals":{
"cloudformation:StackPolicyUrl":
["https://.amazonaws.com/TestBucket/Foo.json
"]
}
}
}
Only allow specific templates and stack policies
59. LINK YOU TO THE CLOUDBest practices
{
"Effect":"Allow”,
"Action":[
"cloudformation:CreateStack”
],
"Condition":{
"ForAllValues:StringEquals":{
"cloudformation:ResourceType":
[”AWS::EC2::Instance”…]
}
}
}
{
"Effect":"Allow”,
"Action":[
"cloudformation:CreateStack”
]
},
{
"Effect":”Deny”,
"Action":[
"cloudformation:CreateStack”
]
"Condition":{
"ForAnyValue:StringLike":{
"cloudformation:ResourceType":
[”AWS::IAM::*"]
}
}
Only allow specific resource types