Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

AWS re:Invent 2016: Taking DevOps to the AWS Edge (CTD302)

646 views

Published on

In this session, we dive deep into how you can integrate Amazon CloudFront and related services into your application, be agile in developing and adapting the application, and follow best practices when configuring the services to improve security and performance, all while reducing costs. Attend this session and learn how to avoid needless forwarding of headers and cookies, test your application when making changes to the origin, version your configuration changes, monitor usage and automate security, create templates for new distributions, configure SSL/TLS certificates, and more.

Published in: Technology
  • Be the first to comment

AWS re:Invent 2016: Taking DevOps to the AWS Edge (CTD302)

  1. 1. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Lee Atkinson, Solutions Architect December 1, 2016 Taking DevOps to the AWS Edge CTD302
  2. 2. What to Expect from the Session • Integrate Amazon CloudFront and other AWS edge services into your agile development process. • Follow best practices to improve security, performance, and reduce costs. • Automate edge deployment and testing. • Monitor and analyze usage of AWS edge services.
  3. 3. Agenda 1. What is the AWS Edge? 2. The application edge 3. Patterns for the DevOps Edge
  4. 4. What is the AWS Edge?
  5. 5. AWS edge locations 68 Edge locations
  6. 6. AWS edge services • Amazon CloudFront • Content Delivery Network • Amazon Route 53 • DNS registration and hosting, health checks • AWS WAF • Web Application Firewall
  7. 7. The application edge
  8. 8. Your Application = EC2/ELB/S3 Route 53/CloudFront/AWS WAF HTML5/Mobile/Desktop Origin+ Edge+ Client
  9. 9. ClientClient Amazon Backbone Edge location Edge location Edge location CloudFront helps improve user experience Origin
  10. 10. CloudFront helps reduce costs Free data transfer cost AWS origin to CloudFront Less load on origin Lower data transfer cost CloudFront to Internet compared to AWS Region to Internet Client Edge location Edge location Edge location Origin
  11. 11. Amazon Route 53 health checks Amazon Route 53 health checks Endpoint Endpoint www.test Amazon CloudWatch Amazon SNS
  12. 12. Patterns for the DevOps Edge
  13. 13. Patterns for the DevOps Edge 1. Cache as much as possible 2. Forward as little as possible 3. Validate efficiently 4. Automate the edge 5. Monitor the edge
  14. 14. Patterns for the DevOps Edge 1. Cache as much as possible 2. Forward as little as possible 3. Validate efficiently 4. Automate the edge 5. Monitor the edge
  15. 15. HTTP Cache-Control Origin Client Cache-Control: max-age:1800Cache-Control: max-age:1800,s-maxage:900Cache-Control: max-age:1800,privateCache-Control: no-cacheCache-Control: no-store HTTP/1.1 200 OK Last-Modified: Fri, 02 Dec 2016 01:00:00 GMT ETag: "TGVlQXRraW5zb25Xb3onRXJl" GET /barchart.jpg HTTP/1.1 If-None-Match: "TGVlQXRraW5zb25Xb3onRXJl" HTTP/1.1 304 Not ModifiedHTTP/1.1 200 OK Last-Modified: Fri, 02 Dec 2016 02:00:00 GMT ETag: "TGVlQXRraW5zb24nRXJlVG9v" Amazon CloudFront
  16. 16. Cache-Control s-maxage? Cache-Control max-age? Expires? > MinTTL?< MaxTTL? Use DefaultTTL Use MaxTTL Use MinTTL Use Origin-Defined TTL The origin has defined the TTL for the object CloudFront TTL
  17. 17. Use the client in increase cacheability
  18. 18. Patterns for the DevOps Edge 1. Cache as much as possible 2. Forward as little as possible 3. Validate efficiently 4. Automate the edge 5. Monitor the edge
  19. 19. Forwarding GET /search?query=widget&foo=bar HTTP/1.1 Host: www.test User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:49.0) Gecko/201001 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-GB,en;q=0.7,en-US;q=0.3 Accept-Encoding: gzip, deflate Cookie: session=cjZYuh3fVXzf6rXGAwV2; theme=modern; currency=gbp GET /search?query=widget&foo=bar HTTP/1.1 Host: www.test User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:49.0) Gecko/201001 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-GB,en;q=0.7,en-US;q=0.3 Accept-Encoding: gzip, deflate Cookie: session=cjZYuh3fVXzf6rXGAwV2; theme=modern; currency=gbp GET /search?query=widget&foo=bar HTTP/1.1 Host: www.test User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:49.0) Gecko/201001 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-GB,en;q=0.7,en-US;q=0.3 Accept-Encoding: gzip, deflate Cookie: session=cjZYuh3fVXzf6rXGAwV2; theme=modern; currency=gbp GET /search?query=widget&foo=bar HTTP/1.1 Host: www.test User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:49.0) Gecko/201001 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-GB,en;q=0.7,en-US;q=0.3 Accept-Encoding: gzip, deflate Cookie: session=cjZYuh3fVXzf6rXGAwV2; theme=modern; currency=gbp GET /search?query=widget&foo=bar HTTP/1.1 Host: www.test User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:49.0) Gecko/201001 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-GB,en;q=0.7,en-US;q=0.3 Accept-Encoding: gzip, deflate Cookie: session=cjZYuh3fVXzf6rXGAwV2; theme=modern; currency=gbp GET /search?query=widget&foo=bar HTTP/1.1 Host: www.test User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:49.0) Gecko/201001 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-GB,en;q=0.7,en-US;q=0.3 Accept-Encoding: gzip, deflate Cookie: session=cjZYuh3fVXzf6rXGAwV2; theme=modern; currency=gbp GET /search?query=widget&foo=bar HTTP/1.1 Host: www.test User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:49.0) Gecko/201001 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-GB,en;q=0.7,en-US;q=0.3 Accept-Encoding: gzip, deflate Cookie: session=cjZYuh3fVXzf6rXGAwV2; theme=modern; currency=gbp GET /search?query=widget&foo=bar HTTP/1.1 Host: www.test User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:49.0) Gecko/201001 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-GB,en;q=0.7,en-US;q=0.3 Accept-Encoding: gzip, deflate Cookie: session=cjZYuh3fVXzf6rXGAwV2; theme=modern; currency=gbp GET /search?query=widget&foo=bar HTTP/1.1 Host: www.test User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:49.0) Gecko/201001 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-GB,en;q=0.7,en-US;q=0.3 Accept-Encoding: gzip, deflate Cookie: session=cjZYuh3fVXzf6rXGAwV2; theme=modern; currency=gbp
  20. 20. Tips when forwarding • Only forward when it affects the response • Reduce variability in forwarded values • Use CloudFront logs or beacon for tracking • Authorize using signed URLs/cookies, CloudFront restrictions, and AWS WAF • Use Vary response header
  21. 21. Forward User-Agent? GET / HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:49.0) Gecko/20100101 Firefox/49.0 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_5) AppleWebKit/601.6.17 (KHTML, like Gecko) Version User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.84 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.84 S User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50 HTTP/1.1 307 Temporary Redirect Location: /user-agent?return-url=/ Vary: Cookie origin client GET /user-agent?return-url=/ HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; … HTTP/1.1 307 Temporary Redirect Location: / Set-Cookie: OS=MacOSX Vary: User-Agent GET / HTTP/1.1 Cookie: OS=MacOSX CloudFront-Is-Mobile-Viewer CloudFront-Is-Tablet-Viewer CloudFront-Is-Desktop-Viewer CloudFront-Is-SmartTV-Viewer Cache-Behavior for “/user-agent”: Forward Header ‘User-Agent’ Default Cache Behavior: Forward Cookie ‘OS’
  22. 22. Responsive web design /* Use CSS3 media-selectors */ @media only screen and (max-width: 768px) { … }
  23. 23. Patterns for the DevOps Edge 1. Cache as much as possible 2. Forward as little as possible 3. Validate efficiently 4. Automate the edge 5. Monitor the edge
  24. 24. HTTP does not provide invalidation • CDN invalidation is not recognized by downstream caches: • Origin ✓ • CloudFront ✓ • ISP / corporate / hotel caches ✗ • Browser caches ✗
  25. 25. HTTP does provide validation • Use conditional HTTP requests • If-Modified / If-None-Match / If-Match • Origin should efficiently generate 304s • Use low s-maxage and higher max-age • Use URL versioning to ‘cache-bust’
  26. 26. Patterns for the DevOps Edge 1. Cache as much as possible 2. Forward as little as possible 3. Validate efficiently 4. Automate the edge 5. Monitor the edge
  27. 27. AWS edge services automation • Route 53, CloudFront, and AWS WAF have APIs • AWS SDK available for 11 languages and platforms • Deploy DNS, CDN, and WAF using AWS CloudFormation • Change configuration as your application develops • Use AWS IAM to control access to your resources
  28. 28. Amazon Route 53 AWS WAF Amazon CloudFront Elastic Load Balancing EC2 EU-WEST-1 Amazon S3 Corporate data center Elastic Load Balancing EC2 US-WEST-1 Amazon Route 53 DNS, CDN, and WAF ‘as code’ AWS Lambda AWS Certificate Manager Client
  29. 29. AWS WAF automation • Automate AWS WAF using your application or Lambda • ‘AWS Answers’ AWS WAF Security Automations https://aws.amazon.com/answers/security/aws-waf-security-automations/
  30. 30. Patterns for the DevOps Edge 1. Cache as much as possible 2. Forward as little as possible 3. Validate efficiently 4. Automate the edge 5. Monitor the edge
  31. 31. AWS CloudTrail • Route 53 • CloudFront • AWS WAF
  32. 32. Amazon CloudWatch metrics & alarms • Route 53 • CloudFront • AWS WAF
  33. 33. CloudFront reporting
  34. 34. CloudFront access logs Amazon CloudFront S3 bucket AWS Lambda S3 bucket Amazon QuickSight #Version: 1.0 #Fields: date time x-edge-location sc-bytes c-ip cs-method cs(Host) cs-uri-stem sc-status cs(Referer) cs(User- 2014-05-23 01:13:11 FRA2 182 192.0.2.10 GET d111111abcdef8.cloudfront.net /view/my/file.html 200 www.displaymyfiles.com Mozi 2014-05-23 01:13:12 LAX1 2390282 192.0.2.202 GET d111111abcdef8.cloudfront.net /soundtrack/happy.mp3 304 www.unknownsingers. AWS Data Pipeline Amazon Redshift W3C Log Processor Amazon CloudWatch Logs
  35. 35. Patterns for the DevOps Edge 1. Cache as much as possible 2. Forward as little as possible 3. Validate efficiently 4. Automate the edge 5. Monitor the edge
  36. 36. Key takeaways 1. Consider the AWS Edge as a part of your application 2. Optimise and use caching efficiently 3. Automate configuration of the AWS Edge 4. Monitor the AWS Edge using CloudTrail, CloudWatch, and services logs
  37. 37. Thank you!
  38. 38. Remember to complete your evaluations!
  39. 39. Related Sessions 1. CTD301 - Amazon CloudFront Flash Talks: Best Practices on Configuring, Securing, and Monitoring your Distribution Friday 09:30, Venetian, Level 2, Venetian D 2. SAC316-R - Security Automation: Spend Less Time Securing Your Applications Friday 10:30, Venetian, Level 3, Lido 3003

×