increase speed and agility with amazon web services
TRANSCRIPT
©2015, Amazon Web Services, Inc. or its affiliates. All rights reserved
Increase speed and agility with
Amazon Web Services
Andreas Chatzakis, AWS Solutions Architect
@achatzakis
1st Athens DevOps meetup – 29 October 2015
Why are you here?
• Mature organization that wants to innovate fast
• Startup that wants to scale its team
• Learnings from Amazon & other AWS customers
• Services for management & deployment
AWS 101
Utility computing
On demand Pay as you go
Uniform Available
Compute
Storage
SecurityScaling
Database
NetworkingMonitoring
Messaging
Workflow
DNS
Load Balancing
BackupCDN
On demand Pay as you go
Uniform Available
Utility computing
AWS Worldwide Network Backbone
Example AWS Region
AZ
AZ
AZ AZ AZ
Transit
Transit
Multi-AZ architecture for High Availability
Availability Zone a
RDS DB
instance
Availability Zone b
www.example.com
Amazon Route 53
DNS service
Elastic Load
Balancing
Web
serverWeb
server
RDS DB
standby
Startup Customers
Meerkat
Provisioning for peak traffic
76% waste
24%
Provisioned capacity
November
Enterprise Customers
LOWER COSTS THAN ON-PREMISES
On-Premises
Traditional
Data Centre
On-Premises
Virtualised
Data Centre
AWS
CAPEX
CAPEX
OPEX
OPEX
OPEX
Cost savings from running
internal IT more efficiently
Cost savings from moving
to a cloud provider
AWS Scale• Multiple new data centres built each year
• Volume purchasing, highly automated supply
chain optimisation
Utilisation fundamentally higher in the AWS
Cloud• Aggregating non-correlated workloads, scale,
spot market
Amazon specific hardware designs• OEM acquisition of custom servers and
networking equipment
• Direct purchasing of memory, disk & CPU
• AWS controlled hypervisor and network
protocol layers
AWS PRICING PHILOSOPHY
More AWS
Usage
More
Infrastructure
More
Customers
Lower
Infrastructure
Costs
Economies of
Scale
Reduced PricesEcosystem
Global Footprint
New Features
New Services
Infrastructure
Innovation
50PRICEREDUCTIONS
We pass the savings along to our
customers in the form of low
prices and continuous reductions
Cost is only part of the story
Enterprise
ApplicationsVirtual Desktop Sharing & Collaboration
Platform
Services
Analytics
Hadoop
Real-time
Streaming Data
Data
Warehouse
Data
Pipelines
App Services
Queuing &
Notifications
Workflow
App streaming
Transcoding
Search
Deployment & Management
One-click web
app deployment
Dev/ops resource
management
Resource
Templates
Mobile Services
Identity
Sync
Mobile
Analytics
Push
Notifications
Administration
& SecurityIdentity
Management
Access
Control
Usage
Auditing
Key
Storage
Monitoring
And Logs
Core
Services
Compute(VMs, Auto-scaling
and Load Balancing)
Storage(Object, Block
and Archival)
CDNDatabases(Relational, NoSQL,
Caching)
Networking(VPC, DX, DNS)
Infrastructure Regions Availability Zones Points of Presence
Speed & Focus
Transformation across virtually every
industry
Hotel Music Storage
Continuous Innovation
Business Idea
Implementation
Testing
Release
Customer Feedback
Customer
The Amazon DevOps story
Monolith development lifecycle
developers
releasetestbuild
delivery pipelineapp
Service-Oriented
Architecture (SOA)
Single-purpose
Connected through APIs
Highly decoupled
“Microservices”
Two-pizza teams
Autonomy
Full ownership
Full accountability
Aligned incentives
“DevOps”
Missing tools
developers delivery pipelineservices
???
Self-service
Technology-agnostic
Encourage best
practices
Single-purpose services
Deployment service
No downtime
deployments
Health tracking
Versioned artifacts and
rollbacks
CodeDeploy
• Scale from 1 instance to thousands
• Deploy without downtime
• Centralize deployment control and monitoring
Staging
CodeDeployv1, v2, v3
Production
Dev
Coordinate automated deployments, just like Amazon
Application
revisions
Deployment groups
Rolling update – Deploy without downtime
v1v1 v1
Load Balancer
Rolling update – Deploy without downtime
v1v2 v1
Load Balancer
Rolling update – Deploy without downtime
v2v2 v1
Load Balancer
Rolling update – Deploy without downtime
v2v2v2
Load Balancer
Rolling update – Deploy without downtime
v2v2 v2
Load Balancer
PipelinesContinuous delivery
Automated release
process
Faster and more reliable
releases
>90% of teams
Microservice development lifecycle
developers delivery pipelinesservices
releasetestbuild
releasetestbuild
releasetestbuild
releasetestbuild
releasetestbuild
releasetestbuild
Continuous integration and deployment
with AWS CodePipeline
Repeatable, automated integration and deployment pipelines
Workflow modeling and visualization
Integrated with your existing development tools
Integrated with your Existing Development
Tools
= 50 million deployments a year
Thousands of teams
× Microservice architecture
× Continuous delivery
× Multiple environments
75%
Reduction in
outages triggered
by software
deployments
since 2006
90%
Reduction in
outage minutes
triggered by
software
deployments
Business Value of Frequent Deployments
~0.001%
Software
deployments
cause an
outage
Deployment models
Server Configuration
Patterns of success: Zero remote access
• If you are forced to log in to an instance
– Agility is diminished
– Specialized configuration can cause prod-test drift
– Security is at risk
• Every node should be disposable & automatically configured– Treat them as software variables – not pets
– Embrace automation
• Prerequisite: Centralized logs
– CloudWatch Logs
• Cloud-Init
• user-data starting with #! (hash-bang) will be executed as a script during first boot
Combine CM tools:
#!/bin/sh
yum -y install httpd php
chkconfig httpd on
/etc/init.d/httpd start
Bootstrapping Support in EC2
Packaging/baking AMIs
• Decrease your boot time – Software packages that require painful/long setup
– Standard software that must be there at startup
– Any configuration items that cannot be remotely sourced or automated
• Predictable & testable
• AWS provides easy interfaces to create the AMI or
import the AMI
• Tools can automate it as part of your build process
AMI Instances
Bake an AMI Configure dynamically
Time consuming configuration (setup time)
Static configurations (less change management)
Bootstrapping
Bake an AMI Configure dynamically
Continuous deployment (latest code)
Environment specific (dev-test-prod)
Bootstrapping
Blue Green Deployments
Blue/Green deployments at Expedia
Infrastructure orchestration
Automation of Provisioning and Life-Cycle Mgt
AWS
Elastic Beanstalk
AWS
OpsWorks
AWS
CloudFormation
Amazon EC2
Convenience Control
Elastic Beanstalk
Alert
Log
Mon
Ap
p
AZ
EL
B
http://your-app.elasticbeanstalk.com
Sony: Building At-Scale Services with AWS Elastic
Beanstalk
https://youtu.be/gA_m_4ikTgg
AWS OpsWorks
• Configuration as code (Chef)
• Orchestration
• Scaling
• Auto healing
• Application deployments
• Windows & Linux
Infrastructure as code
Describing Infrastructure with Code
Developers
&
OperationsInternal
GitCI Server
Pre-commit
Hook
Testing Environment Subnet
CI Workers
Dev Environment VPC Subnet
DEV WEB
ELBDev Stack
Tier 1
Dev Stack
Tier 2
Dev MySQL
DB Instance
DEV APP
ELB
VPN
TUNNEL
VPN facing VPC Subnet
Internet
GatewayVPN
Endpoint
Dev Admin
Instance
NAT Instance
Amazon S3
Amazon
DynamoDB
Amazon SQS
Amazon
CloudFront
Amazon
Route 53
This entire infrastructure stack can be constructed, configured, and deployed with code:
Template File
Defining Stack
Git
Subversion
Mercurial
Dev
Test
Prod
The entire application can be represented in an AWS CloudFormation template.
Use the version control system of your choice to store and track changes to this template
Build out multiple environments, such as for Development, Test, and Production using the template
AWS Cloudformation
{
"Description" : "Create an EC2 instance running the Amazon Linux 32 bit AMI.”,
"Parameters" : {
"KeyPair" : {
"Description" : "The EC2 Key Pair to allow SSH access to the instance",
"Type" : "String"
}
},
"Resources" : {
"Ec2Instance" : {
"Type" : "AWS::EC2::Instance",
"Properties" : {
"KeyName" : { "Ref" : "KeyPair" },
"ImageId" : "ami-75g0061f”,
“InstanceType” : “m1.medium”}
}
},
"Outputs" : {
"InstanceId" : {
"Description" : "The InstanceId of the newly created EC2 instance",
"Value" : { "Ref" : "Ec2Instance” }
}
}
}
DevSecOps
https://youtu.be/0E90-ExySb8
Where to start?
• Pontificate?
• Checklists?
• 1-pagers? 6-pagers? Documents?
Page 3 of 433
Security as code
Config Rule
• AWS managed rules• Defined by AWS
• Require minimal (or no) configuration
• Rules are managed by AWS
• Customer managed rules• Authored by you using AWS Lambda
• Rules execute in your account
• You maintain the rule
A rule that checks the validity of configurations recorded
Feedback loop
Cloudwatch, CloudWatch logs, VPC Flow logs
Amazon Elasticsearch Service
Easy cluster
creation and
configuration
management
Support for ELK Security with AWS
IAM
Monitoring with
Amazon
CloudWatch
Auditing with AWS
CloudTrail
Integration options
with other AWS
services
(CloudWatch Logs,
Amazon DynamoDB,
Amazon S3, Amazon
Kinesis)
AnalyzeStore
Amazon
Glacier
AmazonS3
Amazon
DynamoDB
Amazon RDS/
Aurora
Analytics on AWS
AWS Data
Pipeline
Amazon
CloudSearch
Amazon EMR
Amazon EC2
Amazon
Redshift
Amazon
Machine
LearningAWS
Import/Export
AWS Direct
Connect
Collect
Amazon Kinesis Amazon
Elasticsearch
Launched
AWS Database
Migration
New Amazon
Kinesis
Analytics
New
Amazon
Kinesis
Firehose
New
Amazon
QuickSight
New
What about microservices?
Challenges
Complexity in
Interactions
Complexity in
Code Base
Microservices and the Cloud
• On Demand Resources of various sizes
• Managed Services
• All Services are programmable
• Infrastructure as code
• Built-in features – monitoring, security, logging, …
– scalability, availability, …
Docker on AWS
Amazon
Linux
A supported and
maintained Linux
image provided by
Amazon Web Services
Amazon EC2
Container
Service
Highly scalable, high
performance container
management service
AWS
Elastic
Beanstalk
For deploying and
scaling web
applications and
services
Why Amazon EC2 Container Service
Manage underlying cluster and intelligently place your containers
• What instances are available?
• What resources are available on those?
• How do I prioritize container X vs Y
• How do I spread in multiple AZs?
• How do I know when container dies?
• How to hook in ELB?
https://youtu.be/a45J6xAGUvA
Docker Deployments
©2015, Amazon Web Services, Inc. or its affiliates. All rights reserved
Pattern: ECS service update
• Deployment process:
• Start with blue task definition
referenced by an ECS service
• Create a green revision of the
existing task definition
• Update existing ECS service to
use the updated task definition
• ECS will deploy the new task
definition to container instances in
a rolling fashion
Pattern: ECS service update
• Deployment process:
• Start with blue task definition
referenced by an ECS service
• Create a green revision of the
existing task definition
• Update existing ECS service to
use the updated task definition
• ECS will deploy the new task
definition to container instances in
a rolling fashion
Pattern: ECS service update
• Deployment process:
• Start with blue task definition
referenced by an ECS service
• Create a green revision of the
existing task definition
• Update existing ECS service to
use the updated task definition
• ECS will deploy the new task
definition to container instances in
a rolling fashion
Pattern: ECS service update
• Deployment process:
• Start with blue task definition
referenced by an ECS service
• Create a green revision of the
existing task definition
• Update existing ECS service to
use the updated task definition
• ECS will deploy the new task
definition to container instances in
a rolling fashion
Service Discovery
©2015, Amazon Web Services, Inc. or its affiliates. All rights reserved
Service Discovery
Web Tier API Tier
Where is the API service?
Is the API service healthy?
Hard coded address (bad)
Web Tier API Tier10.0.1.60
• Doesn’t scale with services/nodes
• Not resilient to failures
• Localized visibility/auditability
• Manual locality of services
Discovery via Route 53 Private Hosted ZonesAmazon
Route 53
Private
hosted zone
service1 CNAME elb1.xyz
Service2 CNAME elb2.xyz
Service3 CNAME elb3.xyz
Route 53
Health Checks
Use a Dynamic Service Registry
• Avoids the DNS TTL issue
• More than service registry & discovery– Configuration management
– Health checks
• Plenty of options– ZooKeeper (Apache)
– Eureka (Netflix)
– Consul (HashiCorp)
– SmartStack (Airbnb)
– Weave (Weaveworks)
ELB based service discovery
Web Tier
API Tier
API Tier
API Tier
• Easy – supported by ECS
• Health checks
• Fixed hostname
More Dev – Less Ops
Serverless Computing
No server is easier to manage than
"no server”.
Werner Vogels, Amazon CTO
AWS Lambda
Serverless, event-driven compute service
Lambda = microservice without servers
AWS Lambda – Benefits
EVENT-DRIVEN SCALESERVERLESS SUBSECOND BILLING
Introducing the AWS API Gateway
Internet
Mobile Apps
Websites
Services
API
Gateway
AWS Lambda
functions
AWS
API Gateway
Cache
Endpoints on
Amazon EC2 /
Amazon
Elastic
Beanstalk
Any other publicly
accessible endpointAmazon
CloudWatch
Monitoring
Summary
CI/CD Stack on AWS
95
MonitorProvisionDeployTestBuildCode
AWS Elastic Beanstalk
CloudWatchCloudFormationCodeDeploy
CodeCommit CodePipeline
AWS Opsworks
AWS Elastic Container Service
Athens