This webinar covered various DevOps topics using AWS services like CloudFormation, OpsWorks, CloudWatch, and WorkSpaces. CloudFormation allows defining infrastructure as code and bootstrapping instances. OpsWorks manages the application lifecycle. CloudWatch provides monitoring and logging. WorkSpaces enables provisioning cloud-based desktops for developers. Questions from attendees were taken using the webinar interface.
DevOps Webinar Series Episode 6 DevOps Office Hours
1. DEVOPS WEBINAR SERIES – EPISODE 6
DEVOPS OFFICE HOURS WITH
AWS SOLUTIONS ARCHITECTS
@AWScloud
@AWS_UKI
2. TOPICS FOR TODAY
• AWS CloudFormation
• Bootstrapping Windows Instances
• AWS OpsWorks
• Managing Dev/Staging/Production Environments Seamlessly
• Automated Centralised Logging
• Amazon WorkSpaces
SUBMIT ANY ADDITIONAL QUESTIONS OR TOPICS THAT YOU WOULD LIKE
US TO COVER USING THE Q&A PANEL IN THE WEBINAR INTERFACE
9. Bootstrapping Applications & Handling Updates
The files key allows you to write files to the instance filesystem
"files"
:
{
"/tmp/setup.mysql"
:
{
"content"
:
{
"Fn::Join"
:
["",
[
"CREATE
DATABASE
",
{
"Ref"
:
"DBName"
},
";n",
"GRANT
ALL
ON
",
{
"Ref"
:
"DBName"
},
".*
TO
'",
{
"Ref"
:
"DBUsername"
},
"'@localhost
IDENTIFIED
BY
'",
{
"Ref"
:
"DBPassword"
},
"';n"
]]},
"mode"
:
"000644",
"owner"
:
"root",
"group"
:
"root"
}
}
10. Bootstrapping Applications & Handling Updates
The services key allows you ensures that the services are not only
running when cfn-init finishes (ensureRunning is set to true); but that
they are also restarted upon reboot (enabled is set to true).
"services"
:
{
"sysvinit"
:
{
"mysqld"
:
{
"enabled"
:
"true",
"ensureRunning"
:
"true"
},
"httpd"
:
{
"enabled"
:
"true",
"ensureRunning"
:
"true"
}
}
CloudFormation Helper Scripts Reference
docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/cfn-helper-scripts-reference.html
11. Bootstrapping Applications & Handling Updates
Yes!
All that functionality is available for
your Windows instances too!
Bootstrapping AWS CloudFormation Windows Stacks:
docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/cfn-windows-stacks-bootstrapping.html
12. Bootstrapping Applications & Handling Updates
What about Chef?
and/or
What about Puppet?
Find out more here: aws.amazon.com/cloudformation/aws-cloudformation-articles-and-tutorials/
13. NESTED STACKS
The AWS::CloudFormation::Stack type nests a
stack as a resource in a top-level template
AWS CloudFormation Nested Stack documentation:
docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-stack.html
{
"Type"
:
"AWS::CloudFormation::Stack",
"Properties"
:
{
"NotificationARNs"
:
[
String,
...
],
"Parameters"
:
{
CloudFormation
Stack
Parameters
Property
Type
},
"TemplateURL"
:
String,
"TimeoutInMinutes"
:
String
}
}
14. CREATING CLOUDWATCH
ALARMS WITH
CLOUDFORMATION
The AWS::CloudWatch::Alarm type creates a CloudWatch alarm
… also check out Amazon CloudWatch Namespaces,
Dimensions, and Metrics Reference in the Amazon CloudWatch
Developer Guide, which is linked off the page below…
AWS CloudFormation AWS::CloudWatch::Alarm documentation:
docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cw-alarm.html
15. CUSTOM RESOURCES
Defining custom resources allows you to include
non-AWS resources in a CloudFormation stack
More on Custom Resources in ‘AWS CloudFormation under the Hood’ from re:Invent 2013: http://youtu.be/ZhGMaw67Yu0
AWS CloudFormation Custom Resource Walkthrough documentation: docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/crpg-walkthrough.html
17. USING AMAZON EC2
• EC2Config Service will execute User-Data if enclosed in:
1. <script>…</script> for cmd.exe
2. <powershell>…</powershell> for PowerShell
• Example:
<powershell>
$text = 'Hello World’
$text | Set-Content 'file.txt’
</powershell>
18. USING AWS CLOUDFORMATION
• cfn-init.exe helper run on instance boot via user-data script
• AWS::CloudFormation::Init metadata defines:
• Files to download
• Sources to download and unzip
• Commands to execute (via cmd.exe)
• Windows Installer (.msi) packages to install
• Windows Services to configure
19. USING AWS ELASTIC BEANSTALK
• *.config files in source bundle’s .ebextensions folder define:
• Files to download
• Sources to download and unzip
• Commands (via cmd.exe) to execute before and after
application version deployment
• Windows Installer (.msi) packages to install
• Windows Services to configure
• Beanstalk configuration and environment variables to set
22. Setup Event
• Sent when instance boots
• Includes deploy event
• Use for initial installation of
software & services
23. Setup Event – Recipe Execution Order
AWS
OpsWorks
setup
recipes
Your
setup
recipes
AWS
OpsWorks
deploy
recipes
Your
deploy
recipes
24. Configure Event
• Sent to all instances when any
instance enters or leaves online
state
• Use for making sure the
configuration is up-to-date
• Runs
the
instances'
built-‐in
Configure
recipes,
followed
by
any
custom
Configure
recipes.
25. Deploy Event
• Sent you deploy via UI/API
also part of each setup
• Use for custom deployment
26. Undeploy Event
• Sent via UI/API when apps are
deleted
• Use to remove apps from
running instances
27. Shutdown Event
• Sent when an instance
is shut down
• ~45s to execute
• Use for clean shutdown
37. Store
App
Config
in
the
Environment
• opJon_seLngs:
•
-‐
opJon_name:
ENV_VAR
•
value:
”env_var_value”
Java
String some_var =
System.getProperty(‘ENV_VAR’)
38. Store
App
Config
in
the
Environment
opJon_seLngs:
-‐
opJon_name:
CDN_DNS
value:
”hRp://dmorf1fvvsmuy.cloudfront.net”
opJon_seLngs:
-‐
opJon_name:
DB_CONN_STRING
value:
”jdbc:mysql://3yta.us-‐west-‐2.rds.amazonaws.com:3306/amediamanager”
opJon_seLngs:
-‐
opJon_name:
ENABLE_MEMCACHED
value:
”false”
39. Cloudformation secrets
• cfn-init can use roles to download from S3
• Secured files are not just for proprietary code
– Non-AWS credentials
– Private service endpoints
– Dynamic code (enabling or disabling features)
41. Opsworks Secrets – Environment Variables
• Passed to EC2 during instance setup
• Can be updated on each application deployment.
• Can be defined as protected values
– Not viewed on console, SDK or CLI
42. Opsworks Secrets – Encrypted databags
• Chef 11.10
• Encrypt data and add to custom JSON
• Upload key to S3 with SSE, access via IAM roles
bucket = node['acme']['bucket']
key = node['acme']['key']
s3 = AWS::S3.new
secret = s3.buckets[bucket].objects[key]
secret.read
• Decrypt in your recipe
rdscredentials = Chef::EncryptedDataBagItem. load ( "rdscredentials",
"rdscredentials", secret )
44. CLOUDWATCH LOGS
• Deliver Log Events into CloudWatch for monitoring & storing
• Linux logs agent for sending file logs
• Windows EC2Config for sending file logs, Windows Event
Logs and Performance Counters
• Search for literal terms in logs (e.g. for error codes), create
CloudWatch metrics and alarms
46. AMAZON WORKSPACES
Easily provision cloud-based desktops that allow end-users
to access the documents, applications and
resources they need with the device of their choice,
Developers
You can provision WorkSpaces for
developers and install the tools they need
to build applications for your business.
Your source code is not stored on
developers’ devices helping you keep
your intellectual property safe.