Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Introduction to DevOps on AWS

Introduction to DevOps on AWS

Transcript

  1. © 2019, Amazon Web Services, inc. or its affiliates. All

    rights reserved. Introduction to DevOps on AWS Sébastien Stormacq Senior Developer Advocate Amazon Web Services, EMEA
  2. © 2019, Amazon Web Services, inc. or its affiliates. All

    rights reserved.
  3. None
  4. How it all started?

  5. © 2019, Amazon Web Services, inc. or its affiliates. All

    rights reserved.
  6. Cloud benefits

  7. References architectures VPC AWS Cloud Availability Zone 1 Auto Scaling

    group Availability Zone 2 NAT Gateway NAT Gateway Amazon EC2 instance Master database Replica database Application Load Balancer Amazon EC2 instance
  8. Infrastructure as click

  9. You choose your IDE Python Java, Python .NET, Node .NET

  10. You choose your IDE Python Java, Python .NET, Node .NET

    Node.js .NET New
  11. None
  12. Your IDE is in the cloud A cloud IDE for

    writing, running, and debugging code
  13. © 2019, Amazon Web Services, inc. or its affiliates. All

    rights reserved.
  14. You move your code to a code repository EBS volumes

    SSH or HTTPS Secure, scalable, and managed Git source control git push Amazon EC2
  15. You move your code to a code repository Git objects

    in Amazon S3 Git index in Amazon DynamoDB Encryption keys in AWS KMS SSH or HTTPS Secure, scalable, and managed Git source control git push AWS CodeCommit
  16. Getting started with CodeCommit & ssh $ ssh-keygen $ vi

    ~/.ssh Host git-codecommit.*.amazonaws.com User APKAEiBAERJR2EXAMPLE identityFile ~/.ssh/codecommit_rsa $ git clone \ ssh://git-codecommit.<region>.amazonaws.com/v1/repos/<repo> \ <dir>
  17. Branching strategy Whole dev team share a branch called Trunk

    (or Master)
  18. © 2019, Amazon Web Services, inc. or its affiliates. All

    rights reserved.
  19. Continuous integration workflow Version control Continuous integration server Commit to

    dev branch Pull code Send build report to development team; stop everything if build fails Distributed builds; run tests in parallel Hook Developer Test types Integration Unit Code coverage
  20. Continuous integration workflow Commit to dev branch Pull code Send

    build report to development team; stop everything if build fails Distributed builds; run tests in parallel Hook Test types Integration Unit Code coverage Developer AWS CodeCommit AWS CodeBuild
  21. Anatomy of a buildspec file version: 0.2 phases: pre_build: commands:

    - echo Logging in to Amazon ECR... - aws --version - $(aws ecr get-login --region eu-west-1 --no-include-email) - REPOSiTORY_URi=486652066693.dkr.ecr.eu-west-1.amazonaws.com/nginx - iMAGE_TAG=$(echo $CODEBUiLD_RESOLVED_SOURCE_VERSiON | cut -c 1-7) build: commands: - echo Build started on `date` - echo Building the Docker image... - docker build -t $REPOSiTORY_URi:latest nginx/. - docker tag $REPOSiTORY_URi:latest $REPOSiTORY_URi:$iMAGE_TAG post_build: commands: - echo Build completed on `date` - echo Pushing the Docker images... - docker push $REPOSiTORY_URi:latest - docker push $REPOSiTORY_URi:$iMAGE_TAG - echo Writing image definitions file... - printf '[{"name":"nginx","imageUri":"%s"}]’ $REPOSiTORY_URi:$iMAGE_TAG > imagedefinitions.json artifacts: files: imagedefinitions.json
  22. © 2019, Amazon Web Services, inc. or its affiliates. All

    rights reserved.
  23. One dev environment does not scale

  24. One dev/integration environment per developer

  25. Infrastructure as code—avoid snowflakes

  26. Cloud Development Kit (CDK) AWS CloudFormation template Resources AWS CDK

    application Stack(s) Construct Construct
  27. CDK: Package your application CDK: Create a VPC // //

    create VPC w/ public and private subnets in 2 AZ // this also creates a NAT Gateway // const vpc = new ec2.Vpc(this, 'NewsBlogVPC', { maxAzs : 2 }); // // create static web site as S3 assets // var path = require('path'); const asset = new assets.Asset(this, ’YourSampleApp', { path: path.join(__dirname, '../html') }); // define a user data script to install & launch our app const userData = UserData.forLinux(); userData.addCommands('yum install -y nginx’, 'chkconfig nginx on', 'service nginx start’); userData.addCommands(`aws s3 cp s3://${asset.s3BucketName}/${asset.s3ObjectKey} .`, `unzip *.zip`, `/bin/cp -r -n ${env}/* /usr/share/nginx/html/`); CDK: Bootstrap your servers // create an auto scaling group for each environment const asg = new autoscaling.AutoScalingGroup(this, 'YourAppgAutoScalingGroup ' , { vpc, instanceType: ec2.instanceType.of(ec2.instanceClass.BURSTABLE3, ec2.instanceSize.MiCRO), machineimage: new ec2.AmazonLinuximage(), desiredCapacity: 2, role: role, userData: userData }); CDK: Create an Auto Scaling group
  28. CDK: Deploy your own dev environment CloudFormation Template “compiler” CDK

    CLI “processor” “assembly language” “source” synthesize deploy executes
  29. © 2019, Amazon Web Services, inc. or its affiliates. All

    rights reserved.
  30. Continuous deployment Merge PR into trunk Hook pull code Developer

  31. Complex pipeline example—Trek10

  32. IaC also for dev infrastructure // create the source action

    (github) const sourceOutput = new pipeline.Artifact(); const sourceAction = new pipeline_actions.GitHubSourceAction({ actionName: "GitHubTrigger", owner: github.owner, repo: github.repo, oauthToken: cdk.SecretValue.secretsManager(github.secret_manager_secret_name), output: sourceOutput, branch: 'master' }); // create the build action const buildProject = new codebuild.PipelineProject(pipelineStack, 'CodeBuildProje ct', { projectName: 'DockerBuild', buildSpec: BuildSpec.fromSourceFilename('nginx/buildspec.yml'), environment: { buildimage: codebuild.LinuxBuildimage.STANDARD_2_0, privileged: true } }); // add codebuild permissions to access ECR (to push the image to the repo) const role = <Role>buildProject.role; role.addManagedPolicy(ManagedPolicy.fromAwsManagedPolicyName('AmazonEC2ContainerR egistryPowerUser')); const buildOutput = new pipeline.Artifact(); const buildAction = new pipeline_actions.CodeBuildAction({ actionName: 'CodeBuildDockerimage', project: buildProject, input: sourceOutput, outputs: [buildOutput] }); const deployAction = new irEcsDeployAction({ actionName: 'Deploy', serviceName: ecs.serviceName, clusterName: ecs.clusterName, input: buildOutput, }); // finally, create the pipeline const codePipeline = new pipeline.Pipeline(pipelineStack, 'Pipeline', { pipelineName: 'ECSDeploy', stages: [ { stageName: 'GetSource', actions: [sourceAction], }, { stageName: 'BuildDockerimage', actions: [buildAction] }, { stageName: 'DeployToEcs', actions: [deployAction] } ], });
  33. Blue-green deployment 100% Prod traffic

  34. Blue-green deployment Target group 2 100% Prod traffic

  35. Blue-green deployment Green tasks: v2 code Provision green tasks 100%

    Prod traffic
  36. Blue-green deployment Run hook against test endpoint before green tasks

    receive prod traffic 0% Prod traffic 100% Prod traffic
  37. Blue-green deployment Flip traffic to green tasks, rollback in case

    of alarm 80% Prod traffic 20% Prod traffic
  38. Blue-green deployment Drain blue tasks 0% Prod traffic 100% Prod

    traffic
  39. © 2019, Amazon Web Services, inc. or its affiliates. All

    rights reserved.
  40. None
  41. © 2019, Amazon Web Services, inc. or its affiliates. All

    rights reserved.
  42. Debugging modern apps locally is hard New developer patterns Mockups

    are not perfect Applications are large
  43. You are debugging in the cloud AWS Cloud

  44. © 2019, Amazon Web Services, inc. or its affiliates. All

    rights reserved.
  45. None
  46. © 2019, Amazon Web Services, inc. or its affiliates. All

    rights reserved.
  47. ChatOps

  48. AWS Chatbot Receive notifications from AWS services about infrastructure events,

    billing, security, and more Easily integrate with Slack Built-in security templates for common use cases simplify configuration and enable best practices AWS Chatbot Events
  49. AWS Chatbot can now run commands Interactive agent for ChatOps

  50. © 2019, Amazon Web Services, inc. or its affiliates. All

    rights reserved.
  51. None
  52. © 2019, Amazon Web Services, inc. or its affiliates. All

    rights reserved.
  53. How Amazon does DevOps? (microservices, 2 pizza teams) (governance, templates)

  54. © 2019, Amazon Web Services, inc. or its affiliates. All

    rights reserved.
  55. What we built Trunk-based source code control AWS CDK Developers

    Services Delivery pipelines Monitor Build Test Release Monitor Build Test Release Monitor Build Test Release Monitor Build Test Release Monitor Build Test Release
  56. Think big—impossibly big Start small Iterate

  57. impact on dev hiring and retention

  58. Start anywhere but start somewhere

  59. Thank you! © 2019, Amazon Web Services, inc. or its

    affiliates. All rights reserved. Sébastien Stormacq @sebsto
  60. © 2019, Amazon Web Services, inc. or its affiliates. All

    rights reserved.