Lock in $30 Savings on PRO—Offer Ends Soon! ⏳

Dev tools are cool (AWS UG Dublin)

Abby Fuller
April 27, 2018
88

Dev tools are cool (AWS UG Dublin)

Abby Fuller

April 27, 2018
Tweet

Transcript

  1. Tools are cool. A mostly random and unordered diatribe, brought

    to you by ”too much time on planes” Abby Fuller, AWS @abbyfuller
  2. Identity and access management In other words, how you can,

    and your services perform action securely? All types of IAM roles: • Service roles • Controls what the service can access on your behalf (for example, access to DynamoDB) • https://docs.aws.amazon.com/IAM/latest/UserGuide/using-service-linked-roles.html • User roles • Represent a person, and what they can access. For example, a role “abby” with administrator access. • https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users.html • Groups • Logical groupings of IAM Users with shared permissions
  3. I have secrets. • Storing secret keys and passwords is

    worth a whole talk on its own. A few words of advice: • Rotate your keys, don’t share them between a) services, b) humans • Go for “principle of least access” • Where possible, store your keys somewhere else, and then control access (for example, store keys in KMS, and control access with IAM/service roles) • There are also third party tools out there (lots): for example, Vault: https://www.vaultproject.io/
  4. The key here (pun intended) is that you’re not managing

    artisanal, handcrafted secrets yourself. You delegate to a role, or service, and then control access.
  5. Good development starts locally • Standardized, easy to set up

    local environments help eliminate “well it worked on my machine” • Some common approaches to this: Vagrant and/or VirtualBox, EC2 box with local access • Any approach should have a few things in common: shared configuration between team members (i.e., running the environment uses the same versions of packages), and is as close as possible to the production environment.
  6. Some tools that might help you out • Vagrant: https://www.vagrantup.com/intro/index.html

    • AWS Cloud9: • Cloud development environment that integrates a shell, AWS resources, and an editor • https://aws.amazon.com/blogs/aws/aws-cloud9-cloud-developer-environments/ • https://aws.amazon.com/cloud9/ • There are also service or language specific tools to help you out, like SAM Local: https://github.com/awslabs/aws-sam-local
  7. You can still use local tools! • Beyond local environments,

    you also want a staging or test environment. This lets you test as closely as possible to real life. • There are also tools that will help you simulate your AWS environment: • https://github.com/localstack/localstack • A nice compilation of tools: https://medium.com/@takezoe/how-to-develop-aws- based-application-in-the-local-environment-3e36eb705adf • You can also write your own: stubs and mocks can simulate service responses
  8. Cloudformation (duh) • Common language for describing, creating, and deleting

    AWS resources. • Created and maintained by Amazon. • Free to use, just pay for the resources created. • For more info: • aws.amazon.com/cloudformation
  9. Trendier: Terraform • Created by Hashicorp • Open source! •

    Not through AWS, so sometimes takes a bit to catch up with new services • For more info: • https://www.terraform.io/ • https://github.com/hashicorp/terraform
  10. So what do I use? • Either one: both focus

    on resource management. • Cloudformation: planning and execution in one step. Meaning, just executes. • Terraform: planning and execution in two steps (terraform plan, terraform apply)
  11. You’ve automated your resources: now what about code? Tests?** Deployments?

    **Unless you don’t write tests, I guess. Shame on you, though.
  12. Pipelines are your friends • Lots of options: • Jenkins,

    TravisCI, CircleCI, Shippable… • With AWS: • Code*: CodeCommit, CodePipeline, CodeBuild, CodeDeploy • Or, pick and choose and integrate your favorite 3rd party tool
  13. Why CI/CD? • Manually building, testing, and deploying one service

    is fine. Doing it for 10, 25, 50, 100 services is…not fine. • Creating a strong pipeline helps with this! Tests that run automatically are good tests. Automatic builds, that then run tests, and then deploy if tests pass are even better.
  14. Building complete pipelines with Code* CodeCommit: managed source control for

    Git repositories CodePipeline: continuous integration and delivery service. Build, test, and deploy every time there is a code change in your source respository. CodeBuild: managed build service to compile, test, and package code. CodeDeploy: automated deployments to any type of instance, like EC2.
  15. Observability • Keep looking for ways to improve performance. That

    could be something like Amazon X-Ray (aws.amazon.com/xray)
  16. Or, something like Honeycomb.io • Answer hard questions like “why

    are reads slow?” • https://honeycomb.io
  17. A CLI is your most powerful friend for automation •

    Beyond just aws-cli! • For ECS: • ecs-cli, • coldbrew-cli • fargate-cli • For Lambda: • Serverless • aws-sam-local And tons more.
  18. Learn from (and teach) your peers • Events like this!

    • twitch.tv/aws, twitch.tv/awsugn_dublin • #awswishlist on twitter • AWS evangelists on Twitter • Slack groups, forums • If you have a question, let us know!
  19. I’ll leave you with (as always), words of wisdom from

    my spirit animal, Charity Majors: “There’s no such thing as the “best” tool: there is only the tool that best fits your needs.”