©2015, Amazon Web Services, Inc. or its affiliates. All rights reserved

Increase speed and agility with

Amazon Web Services

Andreas Chatzakis, AWS Solutions Architect

@achatzakis

1st Athens DevOps meetup – 29 October 2015

Why are you here?

• Mature organization that wants to innovate fast

• Startup that wants to scale its team

• Learnings from Amazon & other AWS customers

• Services for management & deployment

AWS 101

Utility computing

On demand Pay as you go

Uniform Available

Compute

Storage

SecurityScaling

Database

NetworkingMonitoring

Messaging

Workflow

DNS

Load Balancing

BackupCDN

On demand Pay as you go

Uniform Available

Utility computing

AWS Worldwide Network Backbone

Example AWS Region

AZ

AZ

AZ AZ AZ

Transit

Transit

Multi-AZ architecture for High Availability

Availability Zone a

RDS DB

instance

Availability Zone b

www.example.com

Amazon Route 53

DNS service

Elastic Load

Balancing

Web

serverWeb

server

RDS DB

standby

Startup Customers

Meerkat

Provisioning for peak traffic

76% waste

24%

Provisioned capacity

November

Enterprise Customers

LOWER COSTS THAN ON-PREMISES

On-Premises

Traditional

Data Centre

On-Premises

Virtualised

Data Centre

AWS

CAPEX

CAPEX

OPEX

OPEX

OPEX

Cost savings from running

internal IT more efficiently

Cost savings from moving

to a cloud provider

AWS Scale• Multiple new data centres built each year

• Volume purchasing, highly automated supply

chain optimisation

Utilisation fundamentally higher in the AWS

Cloud• Aggregating non-correlated workloads, scale,

spot market

Amazon specific hardware designs• OEM acquisition of custom servers and

networking equipment

• Direct purchasing of memory, disk & CPU

• AWS controlled hypervisor and network

protocol layers

AWS PRICING PHILOSOPHY

More AWS

Usage

More

Infrastructure

More

Customers

Lower

Infrastructure

Costs

Economies of

Scale

Reduced PricesEcosystem

Global Footprint

New Features

New Services

Infrastructure

Innovation

50PRICEREDUCTIONS

We pass the savings along to our

customers in the form of low

prices and continuous reductions

Cost is only part of the story

Enterprise

ApplicationsVirtual Desktop Sharing & Collaboration

Platform

Services

Analytics

Hadoop

Real-time

Streaming Data

Data

Warehouse

Data

Pipelines

App Services

Queuing &

Notifications

Workflow

App streaming

Transcoding

Email

Search

Deployment & Management

One-click web

app deployment

Dev/ops resource

management

Resource

Templates

Mobile Services

Identity

Sync

Mobile

Analytics

Push

Notifications

Administration

& SecurityIdentity

Management

Access

Control

Usage

Auditing

Key

Storage

Monitoring

And Logs

Core

Services

Compute(VMs, Auto-scaling

and Load Balancing)

Storage(Object, Block

and Archival)

CDNDatabases(Relational, NoSQL,

Caching)

Networking(VPC, DX, DNS)

Infrastructure Regions Availability Zones Points of Presence

Speed & Focus

Transformation across virtually every

industry

Hotel Music Storage

Continuous Innovation

Business Idea

Implementation

Testing

Release

Customer Feedback

Customer

The Amazon DevOps story

Monolith development lifecycle

developers

releasetestbuild

delivery pipelineapp

Service-Oriented

Architecture (SOA)

Single-purpose

Connected through APIs

Highly decoupled

“Microservices”

Two-pizza teams

Autonomy

Full ownership

Full accountability

Aligned incentives

“DevOps”

Missing tools

developers delivery pipelineservices

???

Self-service

Technology-agnostic

Encourage best

practices

Single-purpose services

Deployment service

No downtime

deployments

Health tracking

Versioned artifacts and

rollbacks

CodeDeploy

• Scale from 1 instance to thousands

• Deploy without downtime

• Centralize deployment control and monitoring

Staging

CodeDeployv1, v2, v3

Production

Dev

Coordinate automated deployments, just like Amazon

Application

revisions

Deployment groups

Rolling update – Deploy without downtime

v1v1 v1

Load Balancer

Rolling update – Deploy without downtime

v1v2 v1

Load Balancer

Rolling update – Deploy without downtime

v2v2 v1

Load Balancer

Rolling update – Deploy without downtime

v2v2v2

Load Balancer

Rolling update – Deploy without downtime

v2v2 v2

Load Balancer

PipelinesContinuous delivery

Automated release

process

Faster and more reliable

releases

>90% of teams

Microservice development lifecycle

developers delivery pipelinesservices

releasetestbuild

releasetestbuild

releasetestbuild

releasetestbuild

releasetestbuild

releasetestbuild

Continuous integration and deployment

with AWS CodePipeline

Repeatable, automated integration and deployment pipelines

Workflow modeling and visualization

Integrated with your existing development tools

Integrated with your Existing Development

Tools

= 50 million deployments a year

Thousands of teams

× Microservice architecture

× Continuous delivery

× Multiple environments

75%

Reduction in

outages triggered

by software

deployments

since 2006

90%

Reduction in

outage minutes

triggered by

software

deployments

Business Value of Frequent Deployments

~0.001%

Software

deployments

cause an

outage

Deployment models

Server Configuration

Patterns of success: Zero remote access

• If you are forced to log in to an instance

– Agility is diminished

– Specialized configuration can cause prod-test drift

– Security is at risk

• Every node should be disposable & automatically configured– Treat them as software variables – not pets

– Embrace automation

• Prerequisite: Centralized logs

– CloudWatch Logs

• Cloud-Init

• user-data starting with #! (hash-bang) will be executed as a script during first boot

Combine CM tools:

#!/bin/sh

yum -y install httpd php

chkconfig httpd on

/etc/init.d/httpd start

Bootstrapping Support in EC2

Packaging/baking AMIs

• Decrease your boot time – Software packages that require painful/long setup

– Standard software that must be there at startup

– Any configuration items that cannot be remotely sourced or automated

• Predictable & testable

• AWS provides easy interfaces to create the AMI or

import the AMI

• Tools can automate it as part of your build process

AMI Instances

Bake an AMI Configure dynamically

Time consuming configuration (setup time)

Static configurations (less change management)

Bootstrapping

Bake an AMI Configure dynamically

Continuous deployment (latest code)

Environment specific (dev-test-prod)

Bootstrapping

Blue Green Deployments

Blue/Green deployments at Expedia

Learn more about Blue Green deployments

https://youtu.be/aX54mhZbN58

Infrastructure orchestration

Automation of Provisioning and Life-Cycle Mgt

AWS

Elastic Beanstalk

AWS

OpsWorks

AWS

CloudFormation

Amazon EC2

Convenience Control

Elastic Beanstalk

Alert

Log

Mon

Ap

p

AZ

EL

B

http://your-app.elasticbeanstalk.com

Sony: Building At-Scale Services with AWS Elastic

Beanstalk

https://youtu.be/gA_m_4ikTgg

AWS OpsWorks

• Configuration as code (Chef)

• Orchestration

• Scaling

• Auto healing

• Application deployments

• Windows & Linux

Infrastructure as code

Describing Infrastructure with Code

Developers

&

OperationsInternal

GitCI Server

Pre-commit

Hook

Testing Environment Subnet

CI Workers

Dev Environment VPC Subnet

DEV WEB

ELBDev Stack

Tier 1

Dev Stack

Tier 2

Dev MySQL

DB Instance

DEV APP

ELB

VPN

TUNNEL

VPN facing VPC Subnet

Internet

GatewayVPN

Endpoint

Dev Admin

Instance

NAT Instance

Amazon S3

Amazon

DynamoDB

Amazon SQS

Amazon

CloudFront

Amazon

Route 53

This entire infrastructure stack can be constructed, configured, and deployed with code:

Template File

Defining Stack

Git

Subversion

Mercurial

Dev

Test

Prod

The entire application can be represented in an AWS CloudFormation template.

Use the version control system of your choice to store and track changes to this template

Build out multiple environments, such as for Development, Test, and Production using the template

AWS Cloudformation

{

"Description" : "Create an EC2 instance running the Amazon Linux 32 bit AMI.”,

"Parameters" : {

"KeyPair" : {

"Description" : "The EC2 Key Pair to allow SSH access to the instance",

"Type" : "String"

}

},

"Resources" : {

"Ec2Instance" : {

"Type" : "AWS::EC2::Instance",

"Properties" : {

"KeyName" : { "Ref" : "KeyPair" },

"ImageId" : "ami-75g0061f”,

“InstanceType” : “m1.medium”}

}

},

"Outputs" : {

"InstanceId" : {

"Description" : "The InstanceId of the newly created EC2 instance",

"Value" : { "Ref" : "Ec2Instance” }

}

}

}

DevSecOps

https://youtu.be/0E90-ExySb8

Where to start?

• Pontificate?

• Checklists?

• 1-pagers? 6-pagers? Documents?

Page 3 of 433

Security as code

Config Rule

• AWS managed rules• Defined by AWS

• Require minimal (or no) configuration

• Rules are managed by AWS

• Customer managed rules• Authored by you using AWS Lambda

• Rules execute in your account

• You maintain the rule

A rule that checks the validity of configurations recorded

Feedback loop

Cloudwatch, CloudWatch logs, VPC Flow logs

Amazon Elasticsearch Service

Easy cluster

creation and

configuration

management

Support for ELK Security with AWS

IAM

Monitoring with

Amazon

CloudWatch

Auditing with AWS

CloudTrail

Integration options

with other AWS

services

(CloudWatch Logs,

Amazon DynamoDB,

Amazon S3, Amazon

Kinesis)

AnalyzeStore

Amazon

Glacier

AmazonS3

Amazon

DynamoDB

Amazon RDS/

Aurora

Analytics on AWS

AWS Data

Pipeline

Amazon

CloudSearch

Amazon EMR

Amazon EC2

Amazon

Redshift

Amazon

Machine

LearningAWS

Import/Export

AWS Direct

Connect

Collect

Amazon Kinesis Amazon

Elasticsearch

Launched

AWS Database

Migration

New Amazon

Kinesis

Analytics

New

Amazon

Kinesis

Firehose

New

Amazon

QuickSight

New

What about microservices?

Challenges

Complexity in

Interactions

Complexity in

Code Base

Microservices and the Cloud

• On Demand Resources of various sizes

• Managed Services

• All Services are programmable

• Infrastructure as code

• Built-in features – monitoring, security, logging, …

– scalability, availability, …

Docker on AWS

Amazon

Linux

A supported and

maintained Linux

image provided by

Amazon Web Services

Amazon EC2

Container

Service

Highly scalable, high

performance container

management service

AWS

Elastic

Beanstalk

For deploying and

scaling web

applications and

services

Why Amazon EC2 Container Service

Manage underlying cluster and intelligently place your containers

• What instances are available?

• What resources are available on those?

• How do I prioritize container X vs Y

• How do I spread in multiple AZs?

• How do I know when container dies?

• How to hook in ELB?

https://youtu.be/a45J6xAGUvA

Docker Deployments

©2015, Amazon Web Services, Inc. or its affiliates. All rights reserved

Pattern: ECS service update

• Deployment process:

• Start with blue task definition

referenced by an ECS service

• Create a green revision of the

existing task definition

• Update existing ECS service to

use the updated task definition

• ECS will deploy the new task

definition to container instances in

a rolling fashion

Pattern: ECS service update

• Deployment process:

• Start with blue task definition

referenced by an ECS service

• Create a green revision of the

existing task definition

• Update existing ECS service to

use the updated task definition

• ECS will deploy the new task

definition to container instances in

a rolling fashion

Pattern: ECS service update

• Deployment process:

• Start with blue task definition

referenced by an ECS service

• Create a green revision of the

existing task definition

• Update existing ECS service to

use the updated task definition

• ECS will deploy the new task

definition to container instances in

a rolling fashion

Pattern: ECS service update

• Deployment process:

• Start with blue task definition

referenced by an ECS service

• Create a green revision of the

existing task definition

• Update existing ECS service to

use the updated task definition

• ECS will deploy the new task

definition to container instances in

a rolling fashion

Service Discovery

©2015, Amazon Web Services, Inc. or its affiliates. All rights reserved

Service Discovery

Web Tier API Tier

Where is the API service?

Is the API service healthy?

Hard coded address (bad)

Web Tier API Tier10.0.1.60

• Doesn’t scale with services/nodes

• Not resilient to failures

• Localized visibility/auditability

• Manual locality of services

Discovery via Route 53 Private Hosted ZonesAmazon

Route 53

Private

hosted zone

service1 CNAME elb1.xyz

Service2 CNAME elb2.xyz

Service3 CNAME elb3.xyz

Route 53

Health Checks

Use a Dynamic Service Registry

• Avoids the DNS TTL issue

• More than service registry & discovery– Configuration management

– Health checks

• Plenty of options– ZooKeeper (Apache)

– Eureka (Netflix)

– Consul (HashiCorp)

– SmartStack (Airbnb)

– Weave (Weaveworks)

ELB based service discovery

Web Tier

API Tier

API Tier

API Tier

• Easy – supported by ECS

• Health checks

• Fixed hostname

Empire – PaaS on top of ECS

https://youtu.be/8zbbQkszP04

More Dev – Less Ops

Serverless Computing

No server is easier to manage than

"no server”.

Werner Vogels, Amazon CTO

AWS Lambda

Serverless, event-driven compute service

Lambda = microservice without servers

AWS Lambda – Benefits

EVENT-DRIVEN SCALESERVERLESS SUBSECOND BILLING

Introducing the AWS API Gateway

Internet

Mobile Apps

Websites

Services

API

Gateway

AWS Lambda

functions

AWS

API Gateway

Cache

Endpoints on

Amazon EC2 /

Amazon

Elastic

Beanstalk

Any other publicly

accessible endpointAmazon

CloudWatch

Monitoring

Summary

CI/CD Stack on AWS

95

MonitorProvisionDeployTestBuildCode

AWS Elastic Beanstalk

CloudWatchCloudFormationCodeDeploy

CodeCommit CodePipeline

AWS Opsworks

AWS Elastic Container Service

Athens