Download - HB Smith에서는 AWS 이렇게 사용한다
발표자�소개
• 한종원�(https://www.linkedin.com/in/addnull/)�
• Python과�Cloud�Infra,�Lean/Agile�방법론�그리고�애플의�제품을�사랑.�
• 2012년�석사�학위를�마치고,�스타트업을�시작(이때부터�AWS를�production�level에서�사용)�
• '의미가�있는�일을,�올바르게�하고�싶다.'�
• 경력�
• (현)�DevOps�전문�스타트업�‘HB�Smith’�대표�(https://hbsmith.io)�
• 택시�O2O�서비스�스타트업�‘Kanizsa�Lab’의�backend�server�/�infra�devops�담당�
• Cloud�computing�전문�스타트업�'A2�company'�co-founder�(‘KINX’에�인수합병)�
• NEXON�'MapleStory�국내�Live�Team'에서�DBA,�SA로�근무�(산업�기능�요원)
2
발표�내용
• Hello,�AWS!�
• AWS�Accounts:�Beyond�IAM�
• VPC�
• Elastic�Beanstalk(EB)�for�Continuous�Deployment�
• ###�QUIZ�###�
• Wrap�Up�
• QnA�
(예상�발표시간:�25~30분)
3
Hello,�AWS!
Hello,�AWS!
• AWS�란?LEGO�블럭처럼�여러�개의�서비스(IaaS)를�조합해서�나만의�Infra�구축
5
(이미지�출처:�lego.com)
Hello,�AWS!
• 수많은�LEGO�블럭�같은�AWS�서비스들
6
Hello,�AWS!
• ‘음..�서비스가�너무�많아..’ ‘어디서부터�시작해야하지?’‘이�서비스를�제대로�쓰고�있는거�맞나?’�
• 이�발표에서�AWS를�사용하는꽤�괜찮은�use�case를�발표합니다.(best가�아닐�수도�있음)
7
AWS�Accounts:�Beyond�IAM
AWS�Accounts:�Beyond�IAM
• 3단계�deployment�phase
9
AWS�Accounts:�Beyond�IAM
• 기본�룰:�1�phase�1�AWS�account�
• 결제는�‘consolidated�billing’
10
AWS�Accounts:�Beyond�IAM
• 왜�IAM�대신에�AWS�account를�쓰는가?�
• 장점:�
• 한�AWS�account의�resource의�실�사용자가�명확함�
• 한�개발자의�실수(예:�실수로�OP�resource�수정�등)가�개발팀�전체로�전파되는�걸�방지�
• AWS�account�단위로�제한되는�soft/hard�limitation의�영향을�덜�받음�
• AWS�장애�현상이�발견될�경우,�해당�account에�한정된�문제여부�등�비교가�가능함(아주�가끔�특정�account에서만�벌어지는�장애가�있음.)�
• 퇴사자�처리는�해당�‘DV’�계정을�‘consolidated�billing’에서�제거로�끝
11
AWS�Accounts:�Beyond�IAM
• 단점:�
• 신입�개발자가�들어올�때마다�계정�추가�작업을�해야함�
• AWS�monthly�invoice�billing�정보가�매우�방대해짐(따로�요약�정리�필요)
12
AWS�Accounts:�Beyond�IAM
• 그럼�언제�IAM�쓰고�AWS�account를�쓰는가?�
• AWS�account는�특정�사용자�또는개발팀�전체를�위한�용도(즉,�QA/OP)�
• IAM�은�각�software/program�의�목적에�맞게�생성�
• (예시)�AWS�iOS/Android�App을�위해서�‘read-only’�IAM�생성�
• (예시)�DB�backup�file�upload�cron�job을�위해서’S3�upload’�IAM�생성
13
VPC
VPC
• VPC는�infrastructure의�뼈대�
• public/private�subnet�
• public/private�route�table�
• internet�gateway�(for�public�subnet)�
• nat�gateway�(for�private�subnet)�
• VPC는�network�traffic�흐름과instance(EC2,�RDS�등)의�위치를�결정
15
(이미지�출처:�https://kr.pinterest.com/pin/93238654757169806/)
VPC
• 가장�간단하지만�있을건�다�있는�VPC�예시
16
VPC
• 왜�AWS�VPC의�VPN�기능을�사용하지�않는가?�
• 비용�문제:connection�별�시간당�접속료와�network�traffic�비용이�청구�
• 만약�VPN으로�고려하는�traffic�특성에�따라서�아래�2가지�방법�추천�
• 관리/운영용�traffic은�OpenVPN�사용을�추천�
• 서비스를�위한�외부�private�network(IDC/다른�IaaS)와�통신은VPN�보다는�NAT,�route�table,�security�group를�이용해서site-to-site�peer�설정을�추천�
• 참고로�VPC의�NAT는�HA를�기본�지원하므로,다소�비용이�비싸지만,�어느�정도�합리적인�수준이라�파악
17
Elastic�Beanstalk(EB)�forContinuous�Deployment
Elastic�Beanstalk�for�Continuous�Deployment
• 실제�instance(EC2,�RDS)를�고려한�VPC->�EC2�는�EB�로�관리�/�RDS�는�별도로�관리
19
Elastic�Beanstalk�for�Continuous�Deployment
• RDS�를�별도로�관리하는�이유?“To�decouple�your�database�instance�from�your�environment,�you�can�run�a�database�instance�in�Amazon�Relational�Database�Service�and�configure�your�application�to�connect�to�it�on�launch.�This�allows�you�to�connect�multiple�environments�to�a�database,�terminate�an�environment�without�affecting�the�database,�and�perform�seamless�updates�with�blue-green�deployments.” (출처:�AWS�docs)�
• EB�를�쓰는�이유?->�서비스�무중단�‘continuous�deployment’�구현이�간단함
20
Elastic�Beanstalk�for�Continuous�Deployment
• Continuous�deployment�란?“개발(source�code�수정)�->�test�->�packaging�->�deploy”�과정을하나의�단위로�자동화
21
(이미지�출처:�https://en.wikipedia.org/wiki/Continuous_delivery)
Elastic�Beanstalk�for�Continuous�Deployment
• 즉,�continuous�Integration/delivery�보다�한걸음�더�들어간�방법
22
"한걸음�더�들어가�보겠습니다"
(이미지�출처:�http://www.joins.com)
Elastic�Beanstalk�for�Continuous�Deployment
• EB�에서�continuous�deployment�방법:�CNAME�Swapping�
• 즉,�EB�environment(아래�녹색�box)를�처음부터�새로�만들고,기존의�것을�대체한다.
23
Elastic�Beanstalk�for�Continuous�Deployment
• (예시)�기존�API�서버�'Nova'를�새로운�'Nova'로�교체�(no�downtime)
24
Elastic�Beanstalk�for�Continuous�Deployment
• CNAME�Swapping�(before)
25
Elastic�Beanstalk�for�Continuous�Deployment
• CNAME�Swapping�(in�progress)
26
Elastic�Beanstalk�for�Continuous�Deployment
• CNAME�Swapping�(after)
27
Elastic�Beanstalk�for�Continuous�Deployment
• EB�의�CNAME�swapping으로�continuous�deployment를�하는�이유�
• 장점�
• ‘t2’�instance를�새로�띄우면,�초기�CPU�credit�bonus를�쓸�수�있음�
• 오랜�기간�서버를�운영할�시에�발생되는�장애가�없어짐(예:�memory�leak�문제)�
• DR�예상�시간(새로�서버를�deploy해야하는�시간)�추정에�도움�
• AWS의�최신�패치가�적용된�OS,�그리고�좀�더�새�물리�머신을�사용할�가능성이�있음(참고:�아주�가끔�AWS에서�구형�물리머신�교체를�위해서�EC2�재부팅�요구할�때가�있음)
28
Elastic�Beanstalk�for�Continuous�Deployment
• 단점�
• 처음부터�이�환경에�맞게�server�logic,�architecture를�설계해야함�
• 이�작업을�위한�추가�script�작성,�유지보수가�필요함�(Python�추천)
29
(이미지�출처:�‘슬램덩크’)
Elastic�Beanstalk�for�Continuous�Deployment
• EB를�이용한�continuous�deployment�관련된�자세한�사항�
• (발표�자료)�https://www.pycon.kr/2016apac/program/15�
• (OSS)�https://github.com/HardBoiledSmith/tiamat/
30
###�QUIZ�###
###�QUIZ�###
• 2017년�1월�현재�다양한�service를�가진�AWS
32
###�QUIZ�###
• 첫번째�AWS�서비스는?
33
###�QUIZ�###
• “We�started�out�with�the�November�2004�introduction�of�the�Amazon�Simple�Queue�Service”�
• “a�scalable�messaging�model�is�an�essential�component�of�a�scalable�system�architecture.”�
• “The�next�step�was�Amazon�S3�in�the�spring�of�2006.”“In�the�summer�of�2006�I�took�a�break�from�my�summer�vacation�to�announce�Amazon�EC2"�
• (출처:�AWS�docs)
34
Wrap�Up
Wrap�Up
• Hello,�AWS!AWS를�어떻게�시작해야하는지�
• AWS�Accounts:�Beyond�IAMAWS�account를�쓸�때와�IAM를�쓸�때를�구별�
• VPCVPC의�가장�핵심�component�와�비용�이슈�
• Elastic�Beanstalk(EB)�for�Continuous�DeploymentVPC�+�EB�조합으로�no�downtime�continuous�deployment�구현
36