Upgrade to Pro — share decks privately, control downloads, hide ads and more …

How (Not) to Deploy to AWS

Philipp Krenn
May 15, 2015
Programming
2
280

How (Not) to Deploy to AWS

Presenting the meanders of deploying your applications to Amazon Web Services (AWS). Using (hosted) Jenkins for building your artifacts and running them on Amazon is great, but the deployment process is not without hurdles. This talk shows some failed or suboptimal approaches and how to achieve a reliable and repeatable process. Additionally, we take a look at the security aspect while building and deploying, since you are facing different challenges than on your own infrastructure.

Philipp Krenn

May 15, 2015
Tweet

More Decks by Philipp Krenn

See All by Philipp Krenn
Full-Text Search Explained
xeraa
11
1.9k
360° Monitoring of Your Microservices
xeraa
7
3.2k
Scale Your Metrics with Elasticsearch
xeraa
4
120
YAML Considered Harmful
xeraa
0
1.9k
Scale Your Elasticsearch Cluster
xeraa
1
260
Hands-On ModSecurity and Logging
xeraa
2
120
Centralized Logging Patterns
xeraa
1
920
Dashboards for Your Management with Kibana Canvas
xeraa
1
440
Make Your Data FABulous
xeraa
3
750

Other Decks in Programming

See All in Programming
Azure OpenAI Serviceのプロンプトエンジニアリング入門
tomokusaba
3
710
try! Swift Tokyo 2024 参加報告 / try! Swift Tokyo 2024 Report
hironytic
0
210
Hanami and htmx
bkuhlmann
0
210
"config" ってなんだ? / What is "config"?
okashoi
0
240
GitHub Copilotのススメ
marcy731
1
200
検証も兼ねて個人開発でHonoとかと向き合った話
hanetsuki
1
1k
GitHub Actionsで泣かないためにやっておきたい設定 / Recommended GHA settings to avoid crying
pinkumohikan
3
540
Komplexe Oberflächen mit SVG und der Web Animation API
joergneumann
0
670
2 週間で Twitter Bot を作ってみた
contour_gara
0
500
OpenAPIを中心に考えるAPI開発入門 / Introduction to API Development with a Focus on OpenAPI
seike460
PRO
2
170
ゆるい個人開発のススメ
kuroppe1819
10
990
dbtのドメイン分割による データ基盤の改善とDigdagとの連携
sakama
0
350

Featured

See All Featured
Fashionably flexible responsive web design (full day workshop)
malarkey
398
65k
StorybookのUI Testing Handbookを読んだ
zakiyama
13
4.6k
Web Components: a chance to create the future
zenorocha
305
41k
Scaling GitHub
holman
457
140k
Making the Leap to Tech Lead
cromwellryan
124
8.5k
Rebuilding a faster, lazier Slack
samanthasiow
73
8.2k
Building a Scalable Design System with Sketch
lauravandoore
456
32k
Optimising Largest Contentful Paint
csswizardry
8
2.4k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
244
20k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
25
2.3k
Documentation Writing (for coders)
carmenintech
60
3.9k
RailsConf 2023
tenderlove
4
540

Transcript

  1. AWS Vienna How not to Deploy to AWS Philipp Krenn@xeraa

  2. Conferences and ViennaDB Papers We Love Vienna

  3. Electronic Data Interchange EDI Automated exchange of B2B documents

  4. None

  5. Stability Automated builds Manual blessing Weekend deployments

  6. Code master release Pull Requests

  7. Tools Java + Maven ↓ GitHub ↓ Jenkins ↓ AWS:

    S3 ⾯ EC2

  8. Environments local, vagrant, test development, stage, production

  9. Properties db.host=127.0.0.1 db.database=dev

  10. Blessing ! Promote the build on Jenkins $ mvn package

    -Dspring.profiles.active=development Copy the artifact to S3 Fetch it during the deployment
  11. None

  12. What You Bless Is not What You Package Changed snapshot

    dependencies Always packages the latest build MissingProjectException

  13. in the cloud, no one can hear you scream —

    @sadserver, https://twitter.com/sadserver/status/ 641960756678889472

  14. The Twelve-Factor App http://12factor.net

  15. Jo eh...

  16. I. Codebase Git

  17. None

  18. II. Dependencies Maven

  19. III. Config Properties

  20. IV. Backing Services RDS, ElastiCache MongoDB, ActiveMQ, Elasticsearch, Disque

  21. V. Build, Release, Run Jenkins

  22. The release stage takes the build produced by the build

    stage [...]

  23. VI. Processes Java Service Wrapper

  24. VII. Port Binding Embedded Jetty

  25. VIII. Concurrency DJ Bernstein Daemontools

  26. IX. Disposability ActiveMQ / Disque

  27. X. Dev / Prod Parity Hand crafted

  28. XI. Logs File LogEntries via Logback

  29. XII. Admin Processes Internal admin app

  30. Non-Issues Continuous Delivery Log appender

  31. Issues Builds Properties Dev / Prod Parity

  32. Builds

  33. Unified Build Package during the build Copy to S3 during

    the promotion

  34. Spring Profiles Load the right properties file Define the environment

    on the instance

  35. Jenkins: Archive

  36. Jenkins: Promote

  37. PS Jenkins: Release

  38. Parity

  39. Ansible Vagrant, AWS, deployments,...

  40. Eierlegende Wollmilchsau

  41. "egg-laying wool-milk-sow"

  42. Properties

  43. Ansible generated Decoupling code and config

  44. Encrypt all the properties http://ejohn.org/blog/keeping-passwords-in-source-control/

  45. None

  46. .gitignore env/*/secret.properties

  47. !/bin/sh FILE=$1 FILENAME=$(basename "$FILE") DIRECTORY=$(dirname "$FILE") EXTENSION="${FILENAME##*.}" NAME="${FILENAME%.*}" if [[

    "$EXTENSION" != "aes256" ]] then echo "Encrypting $FILENAME and removing the plaintext file" openssl aes-256-cbc -e -a -in $DIRECTORY/$FILENAME -out $DIRECTORY/${FILENAME}.aes256 rm $DIRECTORY/$FILENAME else then echo "Decrypting $FILENAME" openssl aes-256-cbc -d -a -in $DIRECTORY/$FILENAME -out $DIRECTORY/$NAME fi

  48. Deployment wget from S3 Create the config with Ansible Switch

    & restart Report

  49. Tips

  50. Security

  51. This outage was the result of an attack on our

    systems using a compromised API key. — http://status.bonsai.io/incidents/qt70mqtjbf0s

  52. Tip Color code environments

  53. Tip Add information to the artifacts $ cat version Build

    number: 544 Build date: 2015-05-13_15-30-42 Git SHA1: 52c86f63895606f08cd

  54. Demo

  55. None
  56. None

  57. Thank you! Questions? @xeraa

  58. Image Credits Paper https://flic.kr/p/7AdQmH Twelve https://flic.kr/p/3iRDd9 Austria https://flic.kr/p/cUsAR1 Eierlegende Wollmilchsau

    https://flic.kr/p/GzQTT