and your services perform action securely? All types of IAM roles: • Service roles • Controls what the service can access on your behalf (for example, access to DynamoDB) • https://docs.aws.amazon.com/IAM/latest/UserGuide/using-service-linked-roles.html • User roles • Represent a person, and what they can access. For example, a role “abby” with administrator access. • https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users.html • Groups • Logical groupings of IAM Users with shared permissions
worth a whole talk on its own. A few words of advice: • Rotate your keys, don’t share them between a) services, b) humans • Go for “principle of least access” • Where possible, store your keys somewhere else, and then control access (for example, store keys in KMS, and control access with IAM/service roles) • There are also third party tools out there (lots): for example, Vault: https://www.vaultproject.io/
local environments help eliminate “well it worked on my machine” • Some common approaches to this: Vagrant and/or VirtualBox, EC2 box with local access • Any approach should have a few things in common: shared configuration between team members (i.e., running the environment uses the same versions of packages), and is as close as possible to the production environment.
• AWS Cloud9: • Cloud development environment that integrates a shell, AWS resources, and an editor • https://aws.amazon.com/blogs/aws/aws-cloud9-cloud-developer-environments/ • https://aws.amazon.com/cloud9/ • There are also service or language specific tools to help you out, like SAM Local: https://github.com/awslabs/aws-sam-local
you also want a staging or test environment. This lets you test as closely as possible to real life. • There are also tools that will help you simulate your AWS environment: • https://github.com/localstack/localstack • A nice compilation of tools: https://medium.com/@takezoe/how-to-develop-aws- based-application-in-the-local-environment-3e36eb705adf • You can also write your own: stubs and mocks can simulate service responses
Not through AWS, so sometimes takes a bit to catch up with new services • For more info: • https://www.terraform.io/ • https://github.com/hashicorp/terraform
on resource management. • Cloudformation: planning and execution in one step. Meaning, just executes. • Terraform: planning and execution in two steps (terraform plan, terraform apply)
TravisCI, CircleCI, Shippable… • With AWS: • Code*: CodeCommit, CodePipeline, CodeBuild, CodeDeploy • Or, pick and choose and integrate your favorite 3rd party tool
is fine. Doing it for 10, 25, 50, 100 services is…not fine. • Creating a strong pipeline helps with this! Tests that run automatically are good tests. Automatic builds, that then run tests, and then deploy if tests pass are even better.
Git repositories CodePipeline: continuous integration and delivery service. Build, test, and deploy every time there is a code change in your source respository. CodeBuild: managed build service to compile, test, and package code. CodeDeploy: automated deployments to any type of instance, like EC2.
• twitch.tv/aws, twitch.tv/awsugn_dublin • #awswishlist on twitter • AWS evangelists on Twitter • Slack groups, forums • If you have a question, let us know!