Deploying and Managing Infrastructure at scale #

CloudFormation #

CloudFormation is a declarative way of outlining an AWS infrastructure.

Example:

• Security Group
• Two EC2 instances using this Security Group
• S3 Bucket
• Load Balancer (ELB) in front

Then CloudFormation creates those resources in the right order and with the exact configuration that was specified (declared).

Benefits of CloudFormation #

• Infrastructure as Code
  • No resources are manually created
  • Changes to the infrastructure are reviewed through code
• Cost
  • Each resource within the stack is tagged with an identifier so you can easily see how much a stack costs
  • Cost can be estimated by using CloudFormation template
  • Cost savings strategy: in Dev, automation can delete resources at 5pm and recreate at 8am automatically
• Productivity
  • Ability to destroy and re-create and infrastructure in the cloud on the fly
  • Declarative programming (no need to figure out ordering and orchestration)
• Don’t re-invent the wheel
  • Leverage existing templates on the web
  • Leverage the documentation
• Supports (almost) all AWS resources
  • “Custom resources” can be used for resources that are not supported

CloudFormation + Infrastructure Composer #

Example: Wordpress CloudFormation Stack

• We can see all the resources
• We can see the relations between components

More: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/infrastructure-composer-for-cloudformation.html

AWS Cloud Development Kit (CDK) #

• Define your cloud infrastructure using a familiar language:
  • JavaScript/TypeScript, Python, Java, .NET
  • For that reason infrastructure and application can be deployed “together” - they share the runtime
• The infrastructure code is converted into a CloudFormation template (JSON / YAML)

Beanstalk #

Elastic Beanstalk is a developer-centric view of deploying an application on AWS.

It uses all the components mentioned earlier (EC2, ASG, ELB, RDS, etc…)

Beanstalk = Platform as a Service (PaaS) #

• Managed service
  • Instance configuration / OS is handled by Beanstalk
  • Deployment strategy is configurable but performed by Elastic Beanstalk
  • Capacity provisioning
  • Load Balancing and Auto-Scaling
  • Application health-monitoring and responsiveness
• Just the application code is the responsibility of the developer
• Three architecture models:
  • Single instance deployment: for DEV environments
  • LB + ASG: for prod or pre-prod web apps
  • ASG only: for non-web apps in production (workers, etc…)

Beanstalk supports many platforms: #

• Go
• Java SE
• Java with Tomcat
• .NET on Windows Server with IIS
• Node.js
• PHP
• Python
• Ruby
• Packer Builder
• Single-Container Docker
• Multi-Container Docker
• Preconfigured Docker

Beanstalk Health Agent pushes metrics to CloudWatch, checks for app health and publishes health events.

AWS CodeDeploy #

AWS CodeDeploy is a deployment service that automates application deployments to:

• EC2 instances as well as on-premise instances - it is a Hybrid service
• serverless Lambda functions
• Amazon ECS (Elastic Container Services)

Servers / Instances must be provisioned and configured ahead of time with the CodeDeploy Agent.

AWS CodeBuild #

Code building service in the cloud.

CodeBuild compiles source code, run tests, produces packages that are ready to be deployed.

AWS CodePipeline #

CodePipeline orchestrates the different steps to have the code automatically pushed to production.

Code > Build > Test > Provision > Deploy

AWS CodeArtifact #

Software packages depends on each other to be built (also called code dependencies). Storing and retrieving those dependencies is called artifact management. Traditionally you need to setup your own artifact management system.

CodeArtifact works with common dependency management tools such as:

Maven, Gradle, npm, yarn, twine, pip, NuGet.

Developers and CodeBuild can retrieve dependencies straight from CodeArtifact.

Systems Manager (SSM) #

SSM helps managing EC2 and On-Premises systems at scale.

• Another Hybrid AWS service
• Get operational insights about the state of the infrastructure
• Suite of 10+ products
• Features:
  • Patching automation for enhanced compliance
  • Run commands across entire fleet of servers
  • Store parameter configuration with the SSM Parameter Store
• Works with Linux, Windows, MacOS and Raspberry Pi OS (Raspbian)
  • Allows starting SSH session on EC2 and On-Premise servers
  • No SSH access, bastion hosts or SSH keys needed
  • No port 22 needed
  • Send session log data to S3 or CloudWatch

Systems Manager Parameter Store #

• Secure storage for configuration and secrets
• API Keys, passwords, configurations
• Serverless, scalable, durable, easy SDK
• Control access permissions with IAM policies
• Version tracking and encryption (optional)

More: https://docs.aws.amazon.com/systems-manager/

» Sources « #

• Infrastructure Composer: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/infrastructure-composer-for-cloudformation.html
• AWS Systems Manager (SSM): https://docs.aws.amazon.com/systems-manager/

» Highlights « #

• Infrastructure Composer
• Systems Manager (SSM)

» Table of contents (CLF-C02) « #

» Disclaimer « #