This webinar covered various DevOps topics using AWS services like CloudFormation, OpsWorks, CloudWatch, and WorkSpaces. CloudFormation allows defining infrastructure as code and bootstrapping instances. OpsWorks manages the application lifecycle. CloudWatch provides monitoring and logging. WorkSpaces enables provisioning cloud-based desktops for developers. Questions from attendees were taken using the webinar interface.

1. DEVOPS WEBINAR SERIES – EPISODE 6
DEVOPS OFFICE HOURS WITH
AWS SOLUTIONS ARCHITECTS
@AWScloud
@AWS_UKI

2. TOPICS FOR TODAY
• AWS CloudFormation
• Bootstrapping Windows Instances
• AWS OpsWorks
• Managing Dev/Staging/Production Environments Seamlessly
• Automated Centralised Logging
• Amazon WorkSpaces
SUBMIT ANY ADDITIONAL QUESTIONS OR TOPICS THAT YOU WOULD LIKE
US TO COVER USING THE Q&A PANEL IN THE WEBINAR INTERFACE

3. AWS CLOUDFORMATION

5. FIND OUT MORE AT
aws.amazon.com/cloudformation
www.brighttalk.com/webcast/9019/105175

6. HELPER SCRIPTS
AWS CloudFormation provides helper scripts
for deployment within your EC2 instances

7. Bootstrapping Applications & Handling Updates
"Resources"
:
{
"WebServer":
{
"Type":
"AWS::EC2::Instance",
"Metadata"
:
{
"Comment1"
:
"Configure
the
bootstrap
helpers
to
install
the
Apache
Web
Server
and
PHP",
"Comment2"
:
"The
website
content
is
downloaded
from
the
CloudFormationPHPSample.zip
file",
"AWS::CloudFormation::Init"
:
{
"config"
:
{
"packages"
:
{
"yum"
:
{
"mysql"
:
[],
"mysql-­‐server"
:
[],
"mysql-­‐libs"
:
[],
"httpd"
:
[],
"php"
:
[],
"php-­‐mysql"
:
[]
}
},
"sources"
:
{
"/var/www/html"
:
"https://s3.amazonaws.com/cloudformation-­‐examples/
CloudFormationPHPSample.zip"
}
}
}
}

8. Bootstrapping Applications & Handling Updates
The UserData key allows you to execute shell commands.
This template issues two shell commands: the first command installs the AWS
CloudFormation helper scripts; the second executes the cfn-init script.
"Properties":
{
"ImageId"
:
{
"Fn::FindInMap"
:
[
"AWSRegionArch2AMI",
{
"Ref"
:
"AWS::Region"
},
{
"Fn::FindInMap"
:
[
"AWSInstanceType2Arch",
{
"Ref"
:
"InstanceType"
},
"Arch"
]
}
]
},
"InstanceType"
:
{
"Ref"
:
"InstanceType"
},
"SecurityGroups"
:
[
{"Ref"
:
"WebServerSecurityGroup"}
],
"KeyName"
:
{
"Ref"
:
"KeyName"
},
"UserData"
:
{
"Fn::Base64"
:
{
"Fn::Join"
:
["",
[
"#!/bin/bash
-­‐vn",
"yum
update
-­‐y
aws-­‐cfn-­‐bootstrapn",
"#
Install
packagesn",
"/opt/aws/bin/cfn-­‐init
-­‐s
",
{
"Ref"
:
"AWS::StackName"
},
"
-­‐r
WebServer
",
"
-­‐-­‐region
",
{
"Ref"
:
"AWS::Region"
},
"
||
error_exit
'Failed
to
run
cfn-­‐init'n"
]]}}
}
},

9. Bootstrapping Applications & Handling Updates
The files key allows you to write files to the instance filesystem
"files"
:
{
"/tmp/setup.mysql"
:
{
"content"
:
{
"Fn::Join"
:
["",
[
"CREATE
DATABASE
",
{
"Ref"
:
"DBName"
},
";n",
"GRANT
ALL
ON
",
{
"Ref"
:
"DBName"
},
".*
TO
'",
{
"Ref"
:
"DBUsername"
},
"'@localhost
IDENTIFIED
BY
'",
{
"Ref"
:
"DBPassword"
},
"';n"
]]},
"mode"
:
"000644",
"owner"
:
"root",
"group"
:
"root"
}
}

10. Bootstrapping Applications & Handling Updates
The services key allows you ensures that the services are not only
running when cfn-init finishes (ensureRunning is set to true); but that
they are also restarted upon reboot (enabled is set to true).
"services"
:
{
"sysvinit"
:
{
"mysqld"
:
{
"enabled"
:
"true",
"ensureRunning"
:
"true"
},
"httpd"
:
{
"enabled"
:
"true",
"ensureRunning"
:
"true"
}
}
CloudFormation Helper Scripts Reference
docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/cfn-helper-scripts-reference.html

11. Bootstrapping Applications & Handling Updates
Yes!
All that functionality is available for
your Windows instances too!
Bootstrapping AWS CloudFormation Windows Stacks:
docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/cfn-windows-stacks-bootstrapping.html

12. Bootstrapping Applications & Handling Updates
What about Chef?
and/or
What about Puppet?
Find out more here: aws.amazon.com/cloudformation/aws-cloudformation-articles-and-tutorials/

13. NESTED STACKS
The AWS::CloudFormation::Stack type nests a
stack as a resource in a top-level template
AWS CloudFormation Nested Stack documentation:
docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-stack.html
{
"Type"
:
"AWS::CloudFormation::Stack",
"Properties"
:
{
"NotificationARNs"
:
[
String,
...
],
"Parameters"
:
{
CloudFormation
Stack
Parameters
Property
Type
},
"TemplateURL"
:
String,
"TimeoutInMinutes"
:
String
}
}

14. CREATING CLOUDWATCH
ALARMS WITH
CLOUDFORMATION
The AWS::CloudWatch::Alarm type creates a CloudWatch alarm
… also check out Amazon CloudWatch Namespaces,
Dimensions, and Metrics Reference in the Amazon CloudWatch
Developer Guide, which is linked off the page below…
AWS CloudFormation AWS::CloudWatch::Alarm documentation:
docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cw-alarm.html

15. CUSTOM RESOURCES
Defining custom resources allows you to include
non-AWS resources in a CloudFormation stack
More on Custom Resources in ‘AWS CloudFormation under the Hood’ from re:Invent 2013: http://youtu.be/ZhGMaw67Yu0
AWS CloudFormation Custom Resource Walkthrough documentation: docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/crpg-walkthrough.html

16. BOOTSTRAPPING
WINDOWS INSTANCES

17. USING AMAZON EC2
• EC2Config Service will execute User-Data if enclosed in:
1. <script>…</script> for cmd.exe
2. <powershell>…</powershell> for PowerShell
• Example:
<powershell>
$text = 'Hello World’
$text | Set-Content 'file.txt’
</powershell>

18. USING AWS CLOUDFORMATION
• cfn-init.exe helper run on instance boot via user-data script
• AWS::CloudFormation::Init metadata defines:
• Files to download
• Sources to download and unzip
• Commands to execute (via cmd.exe)
• Windows Installer (.msi) packages to install
• Windows Services to configure

19. USING AWS ELASTIC BEANSTALK
• *.config files in source bundle’s .ebextensions folder define:
• Files to download
• Sources to download and unzip
• Commands (via cmd.exe) to execute before and after
application version deployment
• Windows Installer (.msi) packages to install
• Windows Services to configure
• Beanstalk configuration and environment variables to set

20. AWS OPSWORKS
EVENT LIFE CYCLE

21. Life Cycle Events
setup
configure
deploy
undeploy
shutdown

22. Setup Event
• Sent when instance boots
• Includes deploy event
• Use for initial installation of
software & services

23. Setup Event – Recipe Execution Order
AWS
OpsWorks
setup
recipes
Your
setup
recipes
AWS
OpsWorks
deploy
recipes
Your
deploy
recipes

24. Configure Event
• Sent to all instances when any
instance enters or leaves online
state
• Use for making sure the
configuration is up-to-date
• Runs
the
instances'
built-­‐in
Configure
recipes,
followed
by
any
custom
Configure
recipes.

25. Deploy Event
• Sent you deploy via UI/API
also part of each setup
• Use for custom deployment

26. Undeploy Event
• Sent via UI/API when apps are
deleted
• Use to remove apps from
running instances

27. Shutdown Event
• Sent when an instance
is shut down
• ~45s to execute
• Use for clean shutdown

28. MONITORINGS OPSWORKS
STACKS/LAYERS

29. Opsworks Cloudwatch metrics
• US East (N. Virginia) region
• View 13 metrics for
– entire stack
– specified layer
– a specified instance.

30. Alarm
on
Layer-­‐wide
aggregate

31. SEAMLESS
DEV/STAGING/PRODUCTION
ENVIRONMENTS

32. Using
Branches
Users
git
commit
Git
repository
Branch1
Branch2
V1
V2
V1
V2

33. h6p://www.your-­‐app.com
V1
V1
V2
V2

34. h6p://www.your-­‐app.com
V1
V1
V2
V2

35. Controlling
Traffic
h6p://your-­‐app.com
Weight
100
Weight
0
V1
V1
V2
V2

36. Controlling
Traffic
h6p://your-­‐app.com
Weight
90
Weight
10
V1
V1
V2
V2

37. Store
App
Config
in
the
Environment
• opJon_seLngs:
•
-­‐
opJon_name:
ENV_VAR
•
value:
”env_var_value”
Java
String some_var =
System.getProperty(‘ENV_VAR’)

38. Store
App
Config
in
the
Environment
opJon_seLngs:
-­‐
opJon_name:
CDN_DNS
value:
”hRp://dmorf1fvvsmuy.cloudfront.net”
opJon_seLngs:
-­‐
opJon_name:
DB_CONN_STRING
value:
”jdbc:mysql://3yta.us-­‐west-­‐2.rds.amazonaws.com:3306/amediamanager”
opJon_seLngs:
-­‐
opJon_name:
ENABLE_MEMCACHED
value:
”false”

39. Cloudformation secrets
• cfn-init can use roles to download from S3
• Secured files are not just for proprietary code
– Non-AWS credentials
– Private service endpoints
– Dynamic code (enabling or disabling features)

40. Roleplaying Template Snippet
“AWS::CloudFormaJon::AuthenJcaJon”
:
{
“roleCreds”
:
{
“type”
:
“S3”,
“roleName”
:
“MyS3Role”
}
}
…
“files”
:
{
“/etc/secrets.txt”
:
{
“source”
:
“hRps://s3.amazonaws.com/mybucket/secrets.txt”,
“authenJcaJon”
:
“roleCreds”
}
}

41. Opsworks Secrets – Environment Variables
• Passed to EC2 during instance setup
• Can be updated on each application deployment.
• Can be defined as protected values
– Not viewed on console, SDK or CLI

42. Opsworks Secrets – Encrypted databags
• Chef 11.10
• Encrypt data and add to custom JSON
• Upload key to S3 with SSE, access via IAM roles
bucket = node['acme']['bucket']
key = node['acme']['key']
s3 = AWS::S3.new
secret = s3.buckets[bucket].objects[key]
secret.read
• Decrypt in your recipe
rdscredentials = Chef::EncryptedDataBagItem. load ( "rdscredentials",
"rdscredentials", secret )

43. AUTOMATED
CENTRALISED LOGGING

44. CLOUDWATCH LOGS
• Deliver Log Events into CloudWatch for monitoring & storing
• Linux logs agent for sending file logs
• Windows EC2Config for sending file logs, Windows Event
Logs and Performance Counters
• Search for literal terms in logs (e.g. for error codes), create
CloudWatch metrics and alarms

45. AMAZON WORKSPACES

46. AMAZON WORKSPACES
Easily provision cloud-based desktops that allow end-users
to access the documents, applications and
resources they need with the device of their choice,
Developers
You can provision WorkSpaces for
developers and install the tools they need
to build applications for your business.
Your source code is not stored on
developers’ devices helping you keep
your intellectual property safe.

47. DEVOPS WEBINAR SERIES – EPISODE 6
THANK YOU!
@AWScloud
@AWS_UKI