aws meetup 2017-02-09-role-auto-scaling
TRANSCRIPT
AWS MeetupFebruary 09, 2017
Michael Baker
Yeung Siu
Introduction
●AWS access and security
●Autoscaling
●Why cloud computing!
●Demos
●Slides to be posted
Introduction
●Yeung Siu
○DevOps engineers
○AWS Associate Solution Architect certified
●Michael Baker
○Lead Software Engineer
AWS Credentials
Identity & Access ManagementIAM
Access Keys demo
IAM User Issue
●No Active Directory domain association.
●No Web Federation
○Google, Facebook, Amazon retail
●Quarterly credential rotation
○Application down time
●Hardcode in source control
Open Source AWS
Open Source AWS
Open Source AWS
AWS knows
Rise of the Bots
1. If AWS can find your keys then guess who
else can?
2. AWS keys mining
3. Use your AWS account to do other mining
IAM Role
IAM RoleTrust Relationships
EC2 IAM Role
Cloudberry
IAM Role demo
IAM Role
●No keys embedded into code.
●No need for credential rotation.
●Access to other AWS services.
●Allow secure external 3rd party access.
●Active Directory Federation.
●Web Identity Federation.
○Facebook, Google, Amazon retail
●Cross AWS account accesses
○Control multiple AWS accounts from one central AWS account with AD.
●Can only be associated at EC2 after creation.
○As of Feb. 09 AWS update its service to allow attaching role existing machine.
○Doesn’t work outside of the AWS.
●Application Architecture implementation
Important factors
AWS Access Control Recommendations
●Use AWS Role as much as you can.
●If not AWS Role then use AWS KMS.
●Recommendation to use HashiCorp Vault.
Questions?
AutoScaling
●AWS
●Azure
Motivation
What do you get with one DevOps Engineer in a room?
Motivation
What do you get with one DevOps Engineer in a room?
Alone with a 2:00am pager saying a site is down.
Why Cloud Computing
●No hardware to purchase and refresh
●On demand model
●Easy to scale
Legacy Cloud
“The first rule of any technology used in a business is that automation applied to
an efficient operation will magnify the efficiency. The second is that automation
applied to an inefficient operation will magnify the inefficiency. ”
Bill Gates
●Do the same thing on a different platform
●Do you use your smartphone to just make phone calls?
AWS Principal
“Build for failure”
AWS Vocabulary
●EC2 (Elastic Computing Instances) = Virtual Machines
●ELB (Elastic Load Balancer) = Load Balancer
●Lambda = Serverless compute
●RDS (Relational Database Service) = MySQL, Microsoft SQL server, Oracle,
Aurora, Postgresql
●Route53 = DNS
●S3 (Simple Storage Service) = object storage
●SNS (Simple Notification Service) = Messaging
●More at https://www.expeditedssl.com/aws-in-plain-english
Traditional Application
Traditional Application
Traditional Application
Traditional Application
Traditional Application
Traditional Application
Traditional Application
Immutable, Stateless app
Immutable, Stateless app
Immutable, Stateless app
Immutable, Stateless app
Immutable, Stateless appAWS Terms
Immutable, Stateless appAWS Terms
Immutable, Stateless appAWS Terms
Immutable, Stateless appAWS Terms
AWS Regions
AWS Region vs Availability Zones (AZs)
AWS Region vs Availability Zones (AZs)
AutoscalingDetails
AutoscaleScale Policies
AutoscaleNotification
AutoscaleInstances
AutoscalingActivity History
Autoscaling Load Testing
●Bee with Machine
○https://github.com/newsapps/beeswithmachineguns
●Siege
○https://github.com/JoeDog/siege
●GOAD
○https://goad.io/
Bee With Machine Guns
Bee With Machine Guns
Bee With Machine Guns
Bee With Machine Guns
Bee With Machine Guns
Bee With Machine Guns
Bee With Machine Guns
Bee With Machine Guns
Bee Hive
Bee With Machine Guns
●Lambda Demo
Serveless style
Demo
What happened?CloudWatch Metrics
Autoscaling
●Take an instance out of the autoscaling group
●Works with Microsoft Windows Servers
○Even Windows 2008 R2 with IIS
●Bootstrap script
●Event driven
○Network
○Disk I/O
●Schedule driven
Things you can do
Autoscaling
●Treat servers as lives stocks and not pets.
○Servers are commodity and should be short lived.
●High Availability.
○Outage vs lower performance.
●Handle peak traffic.
●Cost
○One big server cost vs little servers.
●AWS Reserved instances and Spot instances cost savings.
Benefits
Autoscaling
●On Demand instance
○$0.12 per hour
●Reserved instances
○One year = $0.008 per hour ~ 33% savings
○Three year = $0.005 per hour ~ %58 savings
●Spot instances
○User puts a price and wait for market to match it
○Good message queue or worker nodes
○Can be $0.0031 per Hour
Cost Saving T2.micro
Autoscaling
●Autoscale configuration
○2 minimum
○6 maximum
●Purchase 2 reserved instances for the 2 minimum.
●Place bids for 2 spot instances.
●Use on demand instances for the last 2.
Cost Saving scenario
Autoscaling
●Websites
○REST APIs
●RabbitMQ (AMQP) message queue
●MySQL cluster
○Master/slave
●Autoscale of One
Use Cases
Autoscaling
●Application Performance Monitoring
○DataDog
○NewRelic
○SolarWind
○splunk
●Monitoring
○AlertLogic
●Logging
○ElasticSearch
○AWS X-ray
○CloudWatch
Automation Requirements
Autoscaling
●AWS Cloudformation
○JSON
○YAML
●HashiCorp Terraform
Deployment
Autoscaling
1.Create a new base Amazon Machine Image
(AMI)
○Use HashiCorp Packer.io
2.Update Autoscaling configuration to the new
AMI
3.Turn off existing EC2 instances one by one
OS Patch
AutoscalingEvolution
Autoscaling
●Elastic Beanstalk
Evolution
How To Start With AWS
●CloudGuru
○Udemy $10 course
●Monthly AWS webinars
○https://aws.amazon.com/about-aws/events/monthlywebinarseries/
●AWS Associate Solution Architect Certification study guide
○Get AWS certification
●AWS Professional Partner Service
●Daily AWS updates/releases https://aws.amazon.com/new/
●Go to AWS re:invent
●Drawing done at https://cloudcraft.co/
Related Materials
●Life without SSH
○YouTube
○Slides
●Coding Apps In Cloud to Reduce Costs up to 90%
○YouTube
○Slides
Links
●Getting Started: https://aws.amazon.com/getting-started
●General Reference: http://docs.aws.amazon.com/general/latest/gr
●Global Infrastructure: https://aws.amazon.com/about-aws/global-infrastructure/
●FAQs: https://aws.amazon.com/faqs
●Documentation: https://aws.amazon.com/documentation/
●Architecture: https://aws.amazon.com/architecture
●Whitepapers: https://aws.amazon.com/whitepapers
●Security: https://aws.amazon.com/security
●Blog: https://aws.amazon.com/blogs
●SlideShare: http://www.slideshare.net/AmazonWebServices
●Github: https://github.com/aws and https://github.com/awslabs
Happy Ever “Appter”