2. Why are you here?
• Mature organization that wants to innovate fast
• Startup that wants to scale its team
• Learnings from Amazon & other AWS customers
• Services for management & deployment
9. Multi-AZ architecture for High Availability
Availability Zone a
RDS DB
instance
Availability Zone b
www.example.com
Amazon Route 53
DNS service
Elastic Load
Balancing
Web
server
Web
server
RDS DB
standby
13. LOWER COSTS THAN ON-PREMISES
On-Premises
Traditional
Data Centre
On-Premises
Virtualised
Data Centre
AWS
CAPEX
CAPEX
OPEX
OPEX
OPEX
Cost savings from running
internal IT more efficiently
Cost savings from moving
to a cloud provider
AWS Scale
• Multiple new data centres built each year
• Volume purchasing, highly automated supply
chain optimisation
Utilisation fundamentally higher in the AWS
Cloud
• Aggregating non-correlated workloads, scale,
spot market
Amazon specific hardware designs
• OEM acquisition of custom servers and
networking equipment
• Direct purchasing of memory, disk & CPU
• AWS controlled hypervisor and network
protocol layers
14. AWS PRICING PHILOSOPHY
More AWS
Usage
More
Infrastructure
More
Customers
Lower
Infrastructure
Costs
Economies of
Scale
Reduced Prices
Ecosystem
Global Footprint
New Features
New Services
Infrastructure
Innovation
50PRICE
REDUCTIONS
We pass the savings along to our
customers in the form of low
prices and continuous reductions
28. CodeDeploy
• Scale from 1 instance to thousands
• Deploy without downtime
• Centralize deployment control and monitoring
Staging
CodeDeployv1, v2, v3
Production
Dev
Coordinate automated deployments, just like Amazon
Application
revisions
Deployment groups
36. Continuous integration and deployment
with AWS CodePipeline
Repeatable, automated integration and
deployment pipelines
Workflow modeling and visualization
Integrated with your existing development
tools
38. = 50 million deployments a year
Thousands of teams
× Microservice architecture
× Continuous delivery
× Multiple environments
39. 75%
Reduction in
outages triggered
by software
deployments
since 2006
90%
Reduction in
outage minutes
triggered by
software
deployments
Business Value of Frequent Deployments
~0.001%
Software
deployments
cause an
outage
42. Patterns of success: Zero remote access
• If you are forced to log in to an instance
– Agility is diminished
– Specialized configuration can cause prod-test drift
– Security is at risk
• Every node should be disposable & automatically configured
– Treat them as software variables – not pets
– Embrace automation
• Prerequisite: Centralized logs
– CloudWatch Logs
43. • Cloud-Init
• user-data starting with #! (hash-bang) will be
executed as a script during first boot
Combine CM tools:
#!/bin/sh
yum -y install httpd php
chkconfig httpd on
/etc/init.d/httpd start
Bootstrapping Support in EC2
44. Packaging/baking AMIs
• Decrease your boot time
– Software packages that require painful/long setup
– Standard software that must be there at startup
– Any configuration items that cannot be remotely sourced or automated
• Predictable & testable
• AWS provides easy interfaces to create the AMI or
import the AMI
• Tools can automate it as part of your build process
AMI Instances
45. Bake an AMI Configure dynamically
Time consuming
configuration (setup time)
Static configurations (less
change management)
Bootstrapping
46. Bake an AMI Configure dynamically
Continuous deployment
(latest code)
Environment specific (dev-
test-prod)
Bootstrapping
56. Describing Infrastructure with Code
Developers
&
Operations
Internal
Git
CI Server
Pre-commit
Hook
Testing Environment Subnet
CI Workers
Dev Environment VPC Subnet
DEV WEB
ELBDev Stack
Tier 1
Dev Stack
Tier 2
Dev MySQL
DB Instance
DEV APP
ELB
VPN
TUNNEL
VPN facing VPC Subnet
Internet
Gateway
VPN
Endpoint
Dev Admin
Instance
NAT Instance
Amazon S3
Amazon
DynamoDB
Amazon SQS
Amazon
CloudFront
Amazon
Route 53
This entire infrastructure stack can be constructed, configured, and deployed with code:
57. Template File
Defining Stack
Git
Subversion
Mercurial
Dev
Test
Prod
The entire application can be
represented in an AWS
CloudFormation template.
Use the version
control system of
your choice to store
and track changes to
this template
Build out multiple
environments, such
as for Development,
Test, and Production
using the template
AWS Cloudformation
58. {
"Description" : "Create an EC2 instance running the Amazon Linux 32 bit AMI.”,
"Parameters" : {
"KeyPair" : {
"Description" : "The EC2 Key Pair to allow SSH access to the instance",
"Type" : "String"
}
},
"Resources" : {
"Ec2Instance" : {
"Type" : "AWS::EC2::Instance",
"Properties" : {
"KeyName" : { "Ref" : "KeyPair" },
"ImageId" : "ami-75g0061f”,
“InstanceType” : “m1.medium”}
}
},
"Outputs" : {
"InstanceId" : {
"Description" : "The InstanceId of the newly created EC2 instance",
"Value" : { "Ref" : "Ec2Instance” }
}
}
}
61. Where to start?
• Pontificate?
• Checklists?
• 1-pagers? 6-pagers?
Documents?
Page 3 of 433
Security as code
62. Config Rule
• AWS managed rules
• Defined by AWS
• Require minimal (or no) configuration
• Rules are managed by AWS
• Customer managed rules
• Authored by you using AWS Lambda
• Rules execute in your account
• You maintain the rule
A rule that checks the validity of configurations recorded
66. Amazon Elasticsearch Service
Easy cluster
creation and
configuration
management
Support for ELK Security with AWS
IAM
Monitoring with
Amazon
CloudWatch
Auditing with AWS
CloudTrail
Integration options
with other AWS
services
(CloudWatch Logs,
Amazon DynamoDB,
Amazon S3, Amazon
Kinesis)
68. AnalyzeStore
Amazon
Glacier
Amazon
S3
Amazon
DynamoDB
Amazon RDS/
Aurora
Analytics on AWS
AWS Data
Pipeline
Amazon
CloudSearch
Amazon
EMR
Amazon
EC2
Amazon
Redshift
Amazon
Machine
LearningAWS
Import/Export
AWS Direct
Connect
Collect
Amazon Kinesis Amazon
Elasticsearch
Launched
AWS Database
Migration
New Amazon
Kinesis
Analytics
New
Amazon
Kinesis
Firehose
New
Amazon
QuickSight
New
71. Microservices and the Cloud
• On Demand Resources of various sizes
• Managed Services
• All Services are programmable
• Infrastructure as code
• Built-in features
– monitoring, security, logging, …
– scalability, availability, …
72. Docker on AWS
Amazon
Linux
A supported and
maintained Linux
image provided by
Amazon Web Services
Amazon EC2
Container
Service
Highly scalable, high
performance container
management service
AWS
Elastic
Beanstalk
For deploying and
scaling web
applications and
services
73. Why Amazon EC2 Container Service
Manage underlying cluster and intelligently place your
containers
• What instances are available?
• What resources are available on those?
• How do I prioritize container X vs Y
• How do I spread in multiple AZs?
• How do I know when container dies?
• How to hook in ELB?
76. Pattern: ECS service update
• Deployment process:
• Start with blue task definition
referenced by an ECS service
• Create a green revision of the
existing task definition
• Update existing ECS service to
use the updated task definition
• ECS will deploy the new task
definition to container instances in
a rolling fashion
77. Pattern: ECS service update
• Deployment process:
• Start with blue task definition
referenced by an ECS service
• Create a green revision of the
existing task definition
• Update existing ECS service to
use the updated task definition
• ECS will deploy the new task
definition to container instances in
a rolling fashion
78. Pattern: ECS service update
• Deployment process:
• Start with blue task definition
referenced by an ECS service
• Create a green revision of the
existing task definition
• Update existing ECS service to
use the updated task definition
• ECS will deploy the new task
definition to container instances in
a rolling fashion
79. Pattern: ECS service update
• Deployment process:
• Start with blue task definition
referenced by an ECS service
• Create a green revision of the
existing task definition
• Update existing ECS service to
use the updated task definition
• ECS will deploy the new task
definition to container instances in
a rolling fashion
82. Hard coded address (bad)
Web Tier API Tier
10.0.1.60
• Doesn’t scale with services/nodes
• Not resilient to failures
• Localized visibility/auditability
• Manual locality of services
83. Discovery via Route 53 Private Hosted Zones
Amazon
Route 53
Private
hosted zone
service1 CNAME elb1.xyz
Service2 CNAME elb2.xyz
Service3 CNAME elb3.xyz
Route 53
Health Checks
84. Use a Dynamic Service Registry
• Avoids the DNS TTL issue
• More than service registry & discovery
– Configuration management
– Health checks
• Plenty of options
– ZooKeeper (Apache)
– Eureka (Netflix)
– Consul (HashiCorp)
– SmartStack (Airbnb)
– Weave (Weaveworks)
85. ELB based service discovery
Web Tier
API Tier
API Tier
API Tier
• Easy – supported by ECS
• Health checks
• Fixed hostname
86. Empire – PaaS on top of ECS
https://youtu.be/8zbbQkszP04
91. Introducing the AWS API Gateway
Internet
Mobile Apps
Websites
Services
API
Gateway
AWS Lambda
functions
AWS
API Gateway
Cache
Endpoints on
Amazon EC2 /
Amazon
Elastic
Beanstalk
Any other publicly
accessible endpoint
Amazon
CloudWatch
Monitoring