Your SlideShare is downloading. ×
0
AWS CloudFormation and Puppet at PuppetConf - Jinesh Varia
AWS CloudFormation and Puppet at PuppetConf - Jinesh Varia
AWS CloudFormation and Puppet at PuppetConf - Jinesh Varia
AWS CloudFormation and Puppet at PuppetConf - Jinesh Varia
AWS CloudFormation and Puppet at PuppetConf - Jinesh Varia
AWS CloudFormation and Puppet at PuppetConf - Jinesh Varia
AWS CloudFormation and Puppet at PuppetConf - Jinesh Varia
AWS CloudFormation and Puppet at PuppetConf - Jinesh Varia
AWS CloudFormation and Puppet at PuppetConf - Jinesh Varia
AWS CloudFormation and Puppet at PuppetConf - Jinesh Varia
AWS CloudFormation and Puppet at PuppetConf - Jinesh Varia
AWS CloudFormation and Puppet at PuppetConf - Jinesh Varia
AWS CloudFormation and Puppet at PuppetConf - Jinesh Varia
AWS CloudFormation and Puppet at PuppetConf - Jinesh Varia
AWS CloudFormation and Puppet at PuppetConf - Jinesh Varia
AWS CloudFormation and Puppet at PuppetConf - Jinesh Varia
AWS CloudFormation and Puppet at PuppetConf - Jinesh Varia
AWS CloudFormation and Puppet at PuppetConf - Jinesh Varia
AWS CloudFormation and Puppet at PuppetConf - Jinesh Varia
AWS CloudFormation and Puppet at PuppetConf - Jinesh Varia
AWS CloudFormation and Puppet at PuppetConf - Jinesh Varia
AWS CloudFormation and Puppet at PuppetConf - Jinesh Varia
AWS CloudFormation and Puppet at PuppetConf - Jinesh Varia
AWS CloudFormation and Puppet at PuppetConf - Jinesh Varia
AWS CloudFormation and Puppet at PuppetConf - Jinesh Varia
AWS CloudFormation and Puppet at PuppetConf - Jinesh Varia
AWS CloudFormation and Puppet at PuppetConf - Jinesh Varia
AWS CloudFormation and Puppet at PuppetConf - Jinesh Varia
AWS CloudFormation and Puppet at PuppetConf - Jinesh Varia
AWS CloudFormation and Puppet at PuppetConf - Jinesh Varia
AWS CloudFormation and Puppet at PuppetConf - Jinesh Varia
AWS CloudFormation and Puppet at PuppetConf - Jinesh Varia
AWS CloudFormation and Puppet at PuppetConf - Jinesh Varia
AWS CloudFormation and Puppet at PuppetConf - Jinesh Varia
AWS CloudFormation and Puppet at PuppetConf - Jinesh Varia
AWS CloudFormation and Puppet at PuppetConf - Jinesh Varia
AWS CloudFormation and Puppet at PuppetConf - Jinesh Varia
AWS CloudFormation and Puppet at PuppetConf - Jinesh Varia
AWS CloudFormation and Puppet at PuppetConf - Jinesh Varia
AWS CloudFormation and Puppet at PuppetConf - Jinesh Varia
AWS CloudFormation and Puppet at PuppetConf - Jinesh Varia
AWS CloudFormation and Puppet at PuppetConf - Jinesh Varia
AWS CloudFormation and Puppet at PuppetConf - Jinesh Varia
AWS CloudFormation and Puppet at PuppetConf - Jinesh Varia
AWS CloudFormation and Puppet at PuppetConf - Jinesh Varia
AWS CloudFormation and Puppet at PuppetConf - Jinesh Varia
AWS CloudFormation and Puppet at PuppetConf - Jinesh Varia
AWS CloudFormation and Puppet at PuppetConf - Jinesh Varia
AWS CloudFormation and Puppet at PuppetConf - Jinesh Varia
AWS CloudFormation and Puppet at PuppetConf - Jinesh Varia
AWS CloudFormation and Puppet at PuppetConf - Jinesh Varia
AWS CloudFormation and Puppet at PuppetConf - Jinesh Varia
AWS CloudFormation and Puppet at PuppetConf - Jinesh Varia
AWS CloudFormation and Puppet at PuppetConf - Jinesh Varia
AWS CloudFormation and Puppet at PuppetConf - Jinesh Varia
AWS CloudFormation and Puppet at PuppetConf - Jinesh Varia
AWS CloudFormation and Puppet at PuppetConf - Jinesh Varia
AWS CloudFormation and Puppet at PuppetConf - Jinesh Varia
AWS CloudFormation and Puppet at PuppetConf - Jinesh Varia
AWS CloudFormation and Puppet at PuppetConf - Jinesh Varia
AWS CloudFormation and Puppet at PuppetConf - Jinesh Varia
AWS CloudFormation and Puppet at PuppetConf - Jinesh Varia
AWS CloudFormation and Puppet at PuppetConf - Jinesh Varia
AWS CloudFormation and Puppet at PuppetConf - Jinesh Varia
AWS CloudFormation and Puppet at PuppetConf - Jinesh Varia
AWS CloudFormation and Puppet at PuppetConf - Jinesh Varia
AWS CloudFormation and Puppet at PuppetConf - Jinesh Varia
AWS CloudFormation and Puppet at PuppetConf - Jinesh Varia
AWS CloudFormation and Puppet at PuppetConf - Jinesh Varia
AWS CloudFormation and Puppet at PuppetConf - Jinesh Varia
AWS CloudFormation and Puppet at PuppetConf - Jinesh Varia
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

AWS CloudFormation and Puppet at PuppetConf - Jinesh Varia

19,399

Published on

Jinesh varia - AWS CloudFormation Puppet at PuppetConf

Jinesh varia - AWS CloudFormation Puppet at PuppetConf

Published in: Technology, Travel, Business
2 Comments
50 Likes
Statistics
Notes
No Downloads
Views
Total Views
19,399
On Slideshare
0
From Embeds
0
Number of Embeds
11
Actions
Shares
0
Downloads
0
Comments
2
Likes
50
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • This is highly relevant in the cloud world because innovation is happening at break neck speed…..
  • Lets put everything in a context of a web application
  • See the animation. DirectConnect
  • Autodesk story – Paul Cochrane…
  • The key advance was using our continuous build system to build not only the artifact from source code, but the complete software stack, all the way up to a deployable image in the form of an AMI (Amazon Machine Image for AWS EC2).
  • Cloud-init supports several different mechanisms for passing data to the instance including ways to pass larger, more structured data and a way to provide a script that is executed at instance launch time.
  • Till now people who wanted to evaluate MCollective had to go through a manual process of starting first the ActiveMQ instance, gathering some data and then start a number of other instances supplying user data for the ActiveMQ instance. This was by no means a painful solution but CloudFormation can make this much better.
  • Remember TVs without remote control. We had to walk up to the television set (hardware) to change the channel or the volume. Now we have remote controls, we sit back relax on our couch and control the hardware with our finger tips. Cloud APIs are remote control of the cloud hardware. You don’t have the need to walk up to your hardware, you don’t have to hug your servers anymore. You let go of your (physical) control but retain your ownership
  • Service OptimizationsArchitectural recommendationsHealth ChecksSecurity Audits
  • Transcript

    • 1. Architecting for the Cloud: AWS CloudFormation and Puppet<br />Jinesh Varia<br />
    • 2. Scale, <br />Pace of Innovation, <br />Expansion and <br />Ecosystem<br />
    • 3. Cloud Customers in 190 Countries<br />
    • 4. » Amazon EC2 with Windows Server <br /> 2008, <br /><ul><li>Spot Instances,
    • 5. Boot from Amazon EBS</li></ul>» Amazon CloudFront Streaming<br />» Amazon VPC enters Unlimited Beta<br />» AWS Region in Northern California<br />» International Support for AWS <br /> Import/Export<br />» AWS Multi-Factor Authentication<br />» Virtual Private Cloud<br />» Lower Reserved Instance Pricing<br />» Reserved Instances in EU Region<br />» Elastic MapReduce<br />» SQS in EU Region<br />» Amazon RDS<br />» High-Memory Instances<br />» Lower EC2 Pricing<br />» New SimpleDB Features<br />» FPS General Availability<br />» Amazon SNS<br />» AWS Security Center<br />2009<br />Jan<br />2010<br />Jan<br />Jul<br />Sep<br />Oct<br />Dec<br />Aug<br />Nov<br />Feb<br />Mar<br />Apr<br />Jun<br />May<br />Feb<br />Mar<br />» Amazon EC2 with Windows<br />» Amazon EC2 in EU Region<br />» AWS Toolkit for Eclipse<br />» Amazon EC2 Reserved<br /> Instances<br />» Amazon CloudFront <br /> Private Content<br />» SAS70 Type II Audit<br />» AWS SDK for .NET<br />» Amazon Elastic MapReduce<br /> in Europe<br />» Amazon EC2 Reserved Instances <br /> with Windows, Extra Large High <br /> Memory Instances<br />» Amazon S3 Versioning Feature<br />» Consolidated Billing for AWS<br />» Lower pricing for Outbound Data <br /> Transfer<br />» AWS Import/Export<br />» New CloudFront Feature<br />» Monitoring, Auto Scaling & Elastic Load Balancing<br />» EBS Shared Snapshots<br />» SimpleDB in EU Region<br />» Monitoring, Auto Scaling &<br /> Elastic Load Balancing in EU <br />» Lower pricing tiers for<br /> Amazon CloudFront<br />» AWS Management Console<br />The pace of innovation in 2009<br />
    • 6. » Free Monitoring EC2<br />» Amazon Route 53<br />» PCI DSS Level 1 Certification<br />» Mobile SDKs (Android, iPhone)<br />» Large Object S3 Support<br />» Florida POP<br />» Import/Export APAC<br />» Amazon SNS<br />» Combined AWS Data Transfer Savings<br />» Amazon EMR Bootstrap Actions<br />» Amazon ELB Session Stickiness<br />» Amazon RDS in EU<br />» New Singapore Region<br />» RDS Reserved<br />» CloudFront Default Root<br />» Startup Challenge 2010<br />» CloudFront Invalidation<br />» AWS Elastic Beanstalk<br />» Amazon Simple Email Service<br />» Improved AWS Support “Bronze”<br />» Amazon CloudWatch Console<br />» CloudFront HTTPS<br />» NYC Edge Location<br />» Lowers Pricing HTTP<br />» AWS Import Export GA<br />» Amazon SNS<br />» Amazon S3 Console<br />» Amazon EBS CloudWatch<br />» Amazon RDS Read Replicas<br />» Suse EC2 Linux<br />» Amazon SNS Console<br />» Amazon ELB HTTPS<br />» AWS Free Tier<br />» EMR Resizing Cluster<br />» EMR JobFlow Debugging<br />» Simple DB Consistent Reads<br />» Simple DB Conditional Puts<br />» VM Connector<br />» Tokyo Region<br />» AWS Support JP<br />2010<br />Jan<br />2011<br />Jan<br />Jul<br />Sep<br />Oct<br />Dec<br />Aug<br />Nov<br />Feb<br />Mar<br />Apr<br />Jun<br />May<br />Feb<br />Mar<br />» New VPC<br />» Dedicated Instances<br />» Windows<br />2008 R2<br />» Amazon S3 Lowered Pricing<br />» CloudFront GA, SLA<br />» S3 Multipart<br />» GPGPU Instance Types<br />» ISO27001/2 Certification<br />» Amazon SQS Longer retention, Free Tier<br />Amazon S3 Bucket Policies<br />» Amazon VPC IP Address<br />» Cluster Compute Instances<br />» Amazon S3 RRS Notifications<br />» AWS Java SDK<br />» Windows BYOL<br />» Singapore Pop<br />» CloudFront Private Streaming<br />» Lowered Pricing EC2<br />» AWS IAM<br />» Amazon VPC Console<br />» Micro Instances<br />» Amazon Linux AMI<br />» Amazon EC2 Tagging, Filtering, Idempotency, <br />» Oracle Certified AWS<br />» AWS PHP SDK<br />» AWS CloudFormation<br />» Amazon S3 Static Websites<br />» AWS IAM Website Login<br />» Paris Edge Location<br />» Amazon EC2 Reserved Instances <br /> with Windows, Extra Large High <br /> Memory Instances<br />» Amazon S3 Versioning Feature<br />» Consolidated Billing for AWS<br />» Lower pricing for Outbound Data <br /> Transfer<br />» VPC in EU<br />» Amazon RDS in US-west<br />» Amazon CloudFront Access Logs<br />» Amazon RDS Multi-AZ<br />» Amazon S3 RRS<br />» Amazon RDS Console<br />And pace accelerates in 2010….<br />
    • 7. “Every day is a launch day”<br />» On-demand Red Hat <br />» Stockholm Edge Location<br />» AWS Elastic Beanstalk new enhancements<br />» New Data Transfer pricing<br />» Free Inbound Data Transfer<br />» Spot Integration with HPC instances<br />» Amazon EMR in APAC<br />» AWS Mobile SDKs<br />» Live Streaming with CloudFront<br />» AWS IAM GA<br />» AWS IAM Web Console<br />» AWS Import/Export for EBS<br />» AWS CloudFormation new features<br />» AWS SDK for Ruby<br />» Attachment support for Amazon SES<br />» AWS Startup Challenge goes global<br />» AWS DirectConnect<br />» Amazon VPC Everywhere<br />» Mulit-AZ VPC<br />» AWS IAM Identity Federation<br />» AWS toolkit of eclipse 2.0<br />» AWS GovCloud US<br />» Spot in Amazon EMR<br />» Amazon ElastiCache<br />» Amazon VM import Win2k3<br />» VM Connector<br />» Tokyo Region<br />» AWS Support JP<br />» AWS IAM for CloudFront<br />» VPC Virtual Networking<br />» VPC Internet Access<br />2011<br />Jan<br />2012<br />Jan<br />Jul<br />Sep<br />Oct<br />Dec<br />Aug<br />Nov<br />Feb<br />Mar<br />Apr<br />Jun<br />May<br />Feb<br />Mar<br />» AWS CloudFormation<br />» Amazon S3 Static Websites<br />» AWS IAM Website Login<br />» Paris Edge Location<br />» Amazon Route53<br />» New VPC<br />» Dedicated Instances in VPC<br />» Windows 2008 R2<br />» New AZ in JP<br />» AWS IAM GA<br />» AWS IAM Web Console<br />» AWS Beanstalk Tomcat 7 Support<br />» Amazon CloudWatch Custom Metrics<br />» Amazon CloudWatch lower pricing<br />» AWS SAP Certification<br />» Amazon RDS for Oracle<br />» Amazon ELB ipv6 support, Zone Apex<br />» Amazon ELB Security Group integration<br />» Amazon Route53 GA, ELB integration<br />» Amazon Route 53 Weighted RR<br />» New pricing control for Spot<br />» AWS CloudFormation new enhancements<br />» AWS Mobile SDK GA<br />» AWS Toolkit of Visual Studio<br />» AWS DirectConnect USWest Location<br />» AWS Elastic Beanstalk<br />» Amazon Simple Email Service<br />» Improved AWS Support “Bronze”<br />» Amazon CloudWatch Console<br />
    • 8. Each day, AWS adds the equivalent server capacity to power Amazon when it was a global, $2.76B enterprise (circa 2000)<br />
    • 9. GovCloud-US<br />US West<br />(Northern California)<br />US East<br />(Northern Virginia)<br />Europe West<br />(Dublin)<br />Asia Pacific Region<br />(Singapore)<br />Asia Pacific Region<br />(Japan)<br />Ashburn, Dallas, Los Angeles, Miami, Newark, Palo Alto, Seattle, St. Louis, Amsterdam, Dublin, Frankfurt, London, Hong Kong, Singapore, Tokyo, New York, Paris<br />Amazon CloudFront<br />Edge Locations<br />
    • 10. The AWS Cloud<br />Your Application<br />Tools to access services<br />Libraries and SDKs<br />.NET/Java etc.<br />Web Interface<br />Management Console<br />Tools<br />AWS Toolkit Eclipse, VS<br />Command Line Interface<br />Cross Service features<br />Auth, Authorization, FederationAWS IAM, MFA<br />Monitoring<br />Amazon CloudWatch<br />Deployment and Automation<br />AWS Elastic BeanstalkAWS CloudFormation<br />High-level building blocks<br />Content Delivery<br />Amazon CloudFront<br />Email<br />Amazon SES<br />Payments<br />Amazon DevPay<br />Amazon FPS<br />Parallel Processing<br />Amazon Elastic MapReduce<br />Messaging<br />Amazon SNS<br />Amazon SQS<br />Workforce<br />Amazon Mechanical Turk<br />Low-level building blocks<br />Compute<br />Amazon EC2<br />Auto Scaling<br />Network<br />Amazon VPC, <br />ELB, DirectConnect <br />Amazon Route 53<br />Storage<br />Amazon S3<br />Amazon EBS<br />Database<br />Amazon RDS<br />Amazon SimpleDB<br />Amazon ElastiCache<br />Amazon Global Physical Infrastructure <br />(Geographical Regions, Availability Zones, Edge Locations)<br />
    • 11. www.yourApp.com<br />media.yourApp.com<br />(Static data)<br />Amazon CloudFront<br />Amazon Route 53<br />Elastic Load<br />Balancer<br />Amazon <br />CloudWatch<br />Amazon S3<br />Bucket<br />Amazon SNS<br />Notifications<br />Auto Scaling Group<br />Amazon SimpleDB<br />App Tier<br />Email<br />ElastiCache Tier<br />Amazon RDS<br />AZ-1<br />AZ-1<br />Region<br />
    • 12. Corporate data center<br />Availability Zone 1<br />DirectConnect<br />Location<br />10G<br />VPC Subnet<br />Router<br />VPN Gateway<br />Customer Gateway<br />Corporate Headquarters<br />VPC Subnet<br />Internet Gateway<br />Amazon VPC<br />Availability Zone 2<br />Branch Offices<br />The New Cloud-Ready Enterprise IT<br />Amazon S3<br />Amazon SES<br />Amazon SimpleDB<br />Amazon SQS<br />AWS Region<br />
    • 13. The “Living” AWS Cloud<br />Your Application<br />Tools to access services<br />Libraries and SDKs<br />.NET/Java etc.<br />Web Interface<br />Management Console<br />Tools<br />AWS Toolkit Eclipse, VS<br />Command Line Interface<br />Cross Service features<br />Auth, Authorization, FederationAWS IAM, MFA<br />Monitoring<br />Amazon CloudWatch<br />Deployment and Automation<br />AWS Elastic BeanstalkAWS CloudFormation<br />High-level building blocks<br />Content Delivery<br />Amazon CloudFront<br />Email<br />Amazon SES<br />Payments<br />Amazon DevPay<br />Amazon FPS<br />Parallel Processing<br />Amazon Elastic MapReduce<br />Messaging<br />Amazon SNS<br />Amazon SQS<br />Workforce<br />Amazon Mechanical Turk<br />Low-level building blocks<br />Compute<br />Amazon EC2<br />Auto Scaling<br />Network<br />Amazon VPC<br />Elastic LB<br />Amazon Route 53<br />Storage<br />Amazon S3<br />Amazon EBS<br />Database<br />Amazon RDS<br />Amazon SimpleDB<br />Amazon ElastiCache<br />Amazon Global Physical Infrastructure <br />(Geographical Regions, Availability Zones, Edge Locations)<br />
    • 14. The Need for Speed<br />
    • 15. DevOps<br />
    • 16. Ops = businessOps != businessOps ? business<br />
    • 17. Ops Ξ business<br />
    • 18. Elasticity <br />is the <br />fundamental <br />property <br />of the cloud<br />
    • 19. Implement Elasticity<br />Elasticity during the day<br />25% Savings<br />
    • 20. Implement Elasticity<br />Elasticity during the year<br />50% Savings<br />
    • 21. Implement Elasticity<br />Optimize during the month<br />75% Savings<br />
    • 22. Mr. Automate<br />Development<br />Automate <br />Using <br />Cloud APIs<br />Management<br />Logistics<br />Monitoring<br />Deployment<br />
    • 23. The Automation You Always Meant to Build<br />Provision and attach 1TB of storage in 2 minutes (from the back of an auto-rickshaw in India).<br />10 new Linux servers in 2 minutes (while sitting by the pool on a nice day).<br />Monitoring server resources from an iPhone (in a bar).<br />Source: Autodesk<br />
    • 24. AWS CloudFormation“Provision your infrastructure stack using one script”<br />
    • 25. www.yourApp.com<br />media.yourApp.com<br />(Static data)<br />Input Parameters<br />Resources<br />Outputs<br />JSON<br />Plain Text<br />Perfect for Version Control<br />Validate-able<br />Mappings<br />Custom Metadata<br />Amazon CloudFront<br />Amazon Route 53<br />Elastic Load<br />Balancer<br />Amazon <br />CloudWatch<br />JSON Template<br />AWS CloudFormation <br />Service<br />Amazon S3<br />Bucket<br />Amazon SNS<br />Notifications<br />Auto Scaling Group<br />Atomically creates and <br />destroys groups of <br />AWS Cloud Resources<br />Amazon SimpleDB<br />App Tier<br />Configures the resources <br />Multi-Tier or Multi-AZ stacks <br />Manages the ordering <br />of provisioning<br />Email<br />ElastiCache Tier<br />Amazon RDS<br />AZ-1<br />Rolls back in case of failure <br />Or issues<br />AZ-1<br />Region<br />
    • 26. AWS CloudFormation “Stacks”<br />JSON Template<br />
    • 27. Declarative language<br />
    • 28. {<br /> "AWSTemplateFormatVersion" : "2010-09-09",<br /> "Description" : "Create an EC2 instances",<br /> "Parameters" : {<br /> "KeyName" : {<br /> "Description" : "Name of an existing EC2 KeyPair to enable SSH access to the instance",<br /> "Type" : "String"<br /> }<br /> },<br /> "Mappings" : {<br /> "RegionMap" : {<br /> "us-east-1" : {<br /> "AMI" : "ami-76f0061f"<br /> },<br /> "us-west-1" : {<br /> "AMI" : "ami-655a0a20"<br /> },<br /> "eu-west-1" : {<br /> "AMI" : "ami-7fd4e10b"<br /> },<br /> "ap-southeast-1" : {<br /> "AMI" : "ami-72621c20"<br /> },<br /> "ap-northeast-1" : {<br /> "AMI" : "ami-8e08a38f"<br /> }<br /> }<br /> },<br /> "Resources" : {<br /> "Ec2Instance" : {<br /> "Type" : "AWS::EC2::Instance",<br /> "Properties" : {<br /> "KeyName" : { "Ref" : "KeyName" },<br /> "ImageId" : { "Fn::FindInMap" : [ "RegionMap", { "Ref" : "AWS::Region" }, "AMI" ]},<br /> "UserData" : { "Fn::Base64" : "80" }<br /> }<br /> }<br /> },<br /> "Outputs" : {<br /> "InstanceId" : {<br /> "Description" : "InstanceId of the newly created EC2 instance",<br /> "Value" : { "Ref" : "Ec2Instance" }<br /> },<br /> "AZ" : {<br /> "Description" : "Availability Zone of the newly created EC2 instance",<br /> "Value" : { "Fn::GetAtt" : [ "Ec2Instance", "AvailabilityZone" ] }<br /> },<br /> "PublicIP" : {<br /> "Description" : "Public IP address of the newly created EC2 instance",<br /> "Value" : { "Fn::GetAtt" : [ "Ec2Instance", "PublicIp" ] }<br /> }<br /> }<br />}<br />
    • 29. Headers<br />{<br /> "AWSTemplateFormatVersion" : "2010-09-09",<br /> "Description" : "Create an EC2 instances",<br /> "Parameters" : {<br /> "KeyName" : {<br /> "Description" : "Name of an existing EC2 KeyPair to enable SSH access to the instance",<br /> "Type" : "String"<br /> }<br /> },<br /> "Mappings" : {<br /> "RegionMap" : {<br /> "us-east-1" : {<br /> "AMI" : "ami-76f0061f"<br /> },<br /> "us-west-1" : {<br /> "AMI" : "ami-655a0a20"<br /> },<br /> "eu-west-1" : {<br /> "AMI" : "ami-7fd4e10b"<br /> },<br /> "ap-southeast-1" : {<br /> "AMI" : "ami-72621c20"<br /> },<br /> "ap-northeast-1" : {<br /> "AMI" : "ami-8e08a38f"<br /> }<br /> }<br /> },<br /> "Resources" : {<br /> "Ec2Instance" : {<br /> "Type" : "AWS::EC2::Instance",<br /> "Properties" : {<br /> "KeyName" : { "Ref" : "KeyName" },<br /> "ImageId" : { "Fn::FindInMap" : [ "RegionMap", { "Ref" : "AWS::Region" }, "AMI" ]},<br /> "UserData" : { "Fn::Base64" : "80" }<br /> }<br /> }<br /> },<br /> "Outputs" : {<br /> "InstanceId" : {<br /> "Description" : "InstanceId of the newly created EC2 instance",<br /> "Value" : { "Ref" : "Ec2Instance" }<br /> },<br /> "AZ" : {<br /> "Description" : "Availability Zone of the newly created EC2 instance",<br /> "Value" : { "Fn::GetAtt" : [ "Ec2Instance", "AvailabilityZone" ] }<br /> },<br /> "PublicIP" : {<br /> "Description" : "Public IP address of the newly created EC2 instance",<br /> "Value" : { "Fn::GetAtt" : [ "Ec2Instance", "PublicIp" ] }<br /> }<br /> }<br />}<br />Parameters<br />Mappings<br />Resources<br />Outputs<br />
    • 30. Parameters<br />Provision-time specification<br />Command line options<br />
    • 31. "Parameters" : {<br /> "KeyName" : {<br /> "Description" : "Name of an existing <br /> EC2 KeyPair to enable SSH access to <br /> the instance",<br /> "Type" : "String"<br /> }<br /> },<br />
    • 32. Mappings<br />Conditionals<br />Case statements<br />
    • 33. "Mappings" : {<br /> "RegionMap" : {<br /> "us-east-1" : {<br /> "AMI" : "ami-76f0061f"<br /> },<br /> "us-west-1" : {<br /> "AMI" : "ami-655a0a20"<br /> },<br /> "eu-west-1" : {<br /> "AMI" : "ami-7fd4e10b"<br /> },<br /> "ap-southeast-1" : {<br /> "AMI" : "ami-72621c20"<br /> },<br /> "ap-northeast-1" : {<br /> "AMI" : "ami-8e08a38f"<br /> }<br /> }<br /> },<br />
    • 34. "Mappings": {<br /> "AWSInstanceType2Arch" : {<br /> "t1.micro" : { "Arch" : "64" },<br /> "m1.large" : { "Arch" : "64" },<br /> "m1.xlarge" : { "Arch" : "64" },<br /> "m2.xlarge" : { "Arch" : "64" },<br /> "m2.2xlarge" : { "Arch" : "64" },<br /> "m2.4xlarge" : { "Arch" : "64" },<br /> "c1.xlarge" : { "Arch" : "64" },<br /> "cc1.4xlarge" : { "Arch" : "64" }<br /> },<br />
    • 35. Dereference this mappings<br /> "ImageId": {<br />"Fn::FindInMap": [<br /> "AWSRegionArch2AMI",<br /> {<br /> "Ref": "AWS::Region"<br /> },<br />
    • 36. Resources<br />
    • 37. "Resources" : {<br /> "Ec2Instance" : {<br /> "Type" : "AWS::EC2::Instance",<br /> "Properties" : {<br /> "KeyName" : { "Ref" : "KeyName" },<br /> "ImageId" : { "Fn::FindInMap" : [ "RegionMap", { "Ref" : "AWS::Region" }, "AMI" ]},<br /> "UserData" : { "Fn::Base64" : "80" }<br /> }<br /> }<br /> }<br />
    • 38. "Resources" : {<br /> "Ec2Instance" : {<br />"Type" : "AWS::EC2::Instance",<br /> "Properties" : {<br /> "KeyName" : { "Ref" : "KeyName" },<br /> "ImageId" : { "Fn::FindInMap" : [ "RegionMap", { "Ref" : "AWS::Region" }, "AMI" ]},<br /> "UserData" : { "Fn::Base64" : "80" }<br /> }<br /> }<br /> }<br />
    • 39. "Resources" : {<br /> "Ec2Instance" : {<br /> "Type" : "AWS::EC2::Instance",<br />"Properties" : {<br /> "KeyName" : { "Ref" : "KeyName" },<br /> "ImageId" : { "Fn::FindInMap" : [ "RegionMap", { "Ref" : "AWS::Region" }, "AMI" ]},<br /> "UserData" : { "Fn::Base64" : "80" }<br /> }<br /> }<br /> }<br />
    • 40. "KeyName" : { "Ref" : "KeyName" },<br />Parameter reference<br />
    • 41. "ImageId" : { <br /> "Fn::FindInMap" : <br /> [ "RegionMap", { "Ref" : "AWS::Region" }, "AMI" ]<br />},<br />
    • 42. Map conditional<br />"ImageId" : { <br /> "Fn::FindInMap" : <br /> [ "RegionMap", { "Ref" : "AWS::Region" }, "AMI" ]<br />},<br />
    • 43. "ImageId" : { <br /> "Fn::FindInMap" : <br /> [ "RegionMap", { "Ref" : "AWS::Region" }, "AMI" ]<br />},<br />Name of map<br />
    • 44. "ImageId" : { <br /> "Fn::FindInMap" : <br /> [ "RegionMap", { "Ref" : "AWS::Region" }, "AMI" ]<br />},<br />Intrinsic property reference<br />
    • 45. Outputs<br />Returned values<br />
    • 46. "Outputs" : {<br /> "InstanceId" : {<br /> "Description" : "InstanceId of the newly created EC2 instance",<br /> "Value" : { "Ref" : "Ec2Instance" }<br /> },<br /> "AZ" : {<br /> "Description" : "Availability Zone of the newly created EC2 instance",<br /> "Value" : { "Fn::GetAtt" : [ "Ec2Instance", "AvailabilityZone" ] }<br /> },<br /> "PublicIP" : {<br /> "Description" : "Public IP address of the newly created EC2 instance",<br /> "Value" : { "Fn::GetAtt" : [ "Ec2Instance", "PublicIp" ] }<br /> }<br /> }<br />}<br />
    • 47. "AppDatabase": {"Type": "AWS::CloudFormation::Stack",<br />"Metadata": { … },<br />"Properties": {<br />"TemplateURL": {<br />"Fn::Join": [<br />"/",<br />[<br />{ … },<br />"RDS_MySQL_55.template"<br />]<br />]<br />},<br />Embedded Stacks<br />
    • 48. Custom Metadata<br />"Resources": {"Ec2Instance": {<br />"Type": "AWS::EC2::Instance",<br />"Metadata": {<br />"Comment": "This metadata is available via the cfn-describe-stack-resource command line tool or the DescribeStackResource API call",<br />"MyAMI": { "Fn::FindInMap": [ "RegionMap", { "Ref": "AWS::Region“ }, "AMI"]},<br />"MyRegion": {"Ref": AWS::Region"},<br />"MyStack": {"Ref": "AWS::StackName"}<br />},<br />"Properties": {<br />"ImageId": {"Fn::FindInMap": ["RegionMap",{"Ref": "AWS::Region"}, AMI"]},<br />"UserData": { "Fn::Base64": "80"}<br />}<br />}<br />},<br />
    • 49. Standardized Application Stacks<br />Apache<br />Apache<br />IIS<br />Apache<br />Mongrel<br />Tomcat<br />ASP.NET<br />Mongrel<br />Web Server<br />Rails<br />Struts<br />ASP.NET MVC<br />Rails<br />App Server<br />Your Code<br />Your Code<br />Your Code<br />Your Code<br />MVC<br />logger<br />Log4J<br />Log4Net<br />logger<br />Your Code<br />RubyGems<br />Spring <br />Spring.NET <br />RubyGems<br />Libraries<br />memcached<br />Hibernate<br />nHibernate<br />memcached<br />Packages<br />Ruby Runtime<br />JEE<br />.NET <br />Ruby Runtime<br />DB Caching<br />Centos<br />Linux<br />Windows<br />Centos<br />Framework<br />OS<br />Java Stack<br />.NET Stack<br />RoR stack<br />
    • 50. Bootstrapping Applications with AWS CloudFormation<br />
    • 51. Implement Elasticity<br />1. Frozen Pizza Model<br />IIS<br />IIS<br />IIS<br />IIS<br />Apache<br />Apache<br />IIS<br />IIS<br />IIS<br />IIS<br />Tomcat<br />Tomcat<br />ASP.NET MVC<br />ASP.NET MVC<br />ASP.NET MVC<br />ASP.NET MVC<br />Struts<br />Struts<br />Your Code<br />Your Code<br />Your Code<br />Your Code<br />Your Code<br />Your Code<br />Log4Net<br />Log4Net<br />Log4Net<br />Log4Net<br />Log4J<br />Log4J<br />Spring.NET <br />Spring.NET <br />Spring.NET <br />Spring.NET <br />Spring<br />Spring<br />nHibernate<br />nHibernate<br />nHibernate<br />nHibernate<br />Hibernate<br />Hibernate<br />.NET <br />.NET <br />.NET <br />.NET <br />JEE<br />JEE<br />Amazon EC2<br />Windows<br />Windows<br />Windows<br />Windows<br />Linux<br />Linux<br />Java AMI<br />Java Stack<br />
    • 52. Build Job does the following:<br />build the artifact, <br />publish it to Artifactory, <br />build the package, <br />publish the package to the repo . <br />Then there is a follow on job that mounts a base OS image, installs the packages and then creates the final AMI.<br />Source: http://techblog.netflix.com/2011/08/building-with-legos.html<br />
    • 53. Implement Elasticity<br />2. Take N Bake Pizza Model<br />Apache<br />Your Code<br />Amazon S3<br />Tomcat<br />Struts<br />Log4J<br />Spring<br />Fetch on boot time<br />Apache<br />Struts<br />Tomcat<br />Source Control<br />Hibernate<br />Your Code<br />JEE<br />Linux<br />Log4J<br />Spring<br />IIS<br />IIS<br />IIS<br />IIS<br />Hibernate<br />IIS<br />IIS<br />IIS<br />IIS<br />JEE<br />.NET <br />.NET <br />.NET <br />.NET <br />Linux<br />Amazon EC2<br />Windows<br />Windows<br />Windows<br />Windows<br />Golden AMI<br />Java Stack<br />
    • 54. Cloud-Init and EC2 Instance User Data<br />Cloud-init supports several different mechanisms for passing data to the instance including ways to pass larger, more structured data and a way to provide a script that is executed at instance launch time. <br /><ul><li>Amazon Linux AMIs
    • 55. Ubuntu Distributions</li></li></ul><li>
    • 56. "UserData": {<br /> "Fn::Base64": {<br /> "Fn::Join": [<br /> "",<br /> [<br />"#!/bin/bash -exn",<br /> "yum -y install git-coren",<br /> "yum -y install php-pearn",<br /> "pear install Crypt_HMAC2-1.0.0n",<br /> "pear install HTTP_Request-1.4.4n",<br />"pear channel-discover pear.amazonwebservices.comn",<br />"pear install aws/sdkn",<br />Bootstrap using User Data<br />
    • 57. Implement Elasticity<br />3. Made to Order Pizza Model <br />Amazon S3<br />Apache<br />Apache<br />Struts<br />Tomcat<br />Log4J<br />Hibernate<br />Your Code<br />Spring<br />Tomcat<br />Struts<br />Cookbooks <br />Recipes<br />Source Control<br />Your Code<br />PuppetMaster<br />Log4J<br />Spring<br />Hibernate<br />JEE<br />PuppetClient<br />Agent<br />Linux<br />Linux<br />Windows<br />Amazon EC2<br />AMI (JeOS)<br />Java Stack<br />
    • 58. Instances ask you a question “Who am I and what is my role?”<br />
    • 59. Mcollective + CloudFormation<br /><ul><li>Great for small or large clusters of servers
    • 60. Simple naming conventions
    • 61. Parallel job execution
    • 62. Consistent servers</li></ul>Great EC2 Demo : http://docs.puppetlabs.com/mcollective/ec2demo.html<br />
    • 63. Best Practices<br />Puppet is great for incremental implementation!<br />All modules and manifests should be kept under version control.<br />Manage users and groups from the outset.<br />Puppet Environments are your friend<br />Skinny classes, fat modules.<br />Use 'notify' for logging. Make it easy to check logs.<br />‘The Trifecta‘- Use the Package, file, service.<br />
    • 64. Implement Elasticity<br />3 approaches to designing your AMIs<br />Easier to Setup<br />Inventory of fully baked AMIs<br />(Frozen/Ready made)<br />“Golden AMIs” with fetch on boot<br />(Take N’ Bake) <br />AMIs with JeOSand PuppetMaster (Made to Order)<br />More Control<br />Easier to maintain<br />
    • 65. More Tools: CloudFormer<br />Create a template from the running resources in your account<br />Select the resources that should be included<br />Customize the logical names<br />Define the template output section<br />Creates a starting point template for your to edit<br />Add parameters<br />Abstract properties and flow properties<br />One-click launch in your account<br />CloudFormer is an appliance that runs in your account<br />
    • 66. One more thing….<br />
    • 67. Optimizing = Cost Savings<br />Free Memory<br />Free CPU<br />Free HDD<br />At 1-min intervals<br />PUT<br />2 weeks<br />Alarm<br />Amazon CloudWatch<br />Instance<br />Custom Metrics<br />“You could save a bunch of money by switching <br />to a small instance, Click on CloudFormation Script to <br />Save”<br />
    • 68. In Summary,<br /><ul><li>Bridge the gap : Ops = business
    • 69. Elasticity is the fundamental property of the cloud and implement elasticity
    • 70. AWS CloudFormation gives you an easy way to create the set of cloud resources
    • 71. 3 Pizza Models 
    • 72. Bootstrapping applications using CloudFormation and Puppet removes the muck</li></li></ul><li>Thank you!<br />Jinesh Varia<br />jvaria@amazon.com Twitter:@jinman<br />
    • 73. Still working……<br />
    • 74. Let go of (physical) control <br />but retain your ownership<br />
    • 75. Enterprise Security Features<br />Amazon VPC<br />AWS Identity And Access Management<br />User management<br />Policy-based granular access control<br />Web login to individual users<br />Identity Federation (New!)<br />Multi-Factor Authentication<br />Services Security features <br />Amazon S3 ACL and Bucket policies<br />Amazon EC2 Security Groups, iptables<br />HTTPS API Endpoints<br />
    • 76. SAS 70 Type II Audit<br />ISO 27001/2 Certification<br />PCI DSS 2.0 Level 1-5<br />HIPAA/SOX Compliance<br />FISMA A&A Low<br />Encrypt data in transit<br />Encrypt data at rest<br />Protect your AWS Credentials<br />Rotate your keys<br />Secure your application<br />Enforce IAM policies<br />Use MFA, VPC, Leverage S3 bucket policies, EC2 Security groups, EFS in EC2 Etc..<br />In the Cloud, Security is a Shared Responsibility<br />How we secure our <br />infrastructure<br />How can you secure your application and what is your responsibility?<br />What security options and features are available to you?<br />
    • 77. New World<br />Old World<br />Build security in every layer<br />
    • 78. mcollective<br />

    ×