More Related Content Similar to End-to-End CI/CD at scale with Infrastructure-as-Code on AWS (20) More from Bhuvaneswari Subramani (20) End-to-End CI/CD at scale with Infrastructure-as-Code on AWS2. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved.
End-to-End CI/CD at scale with
Infrastructure-as-Code on AWS
Bhuvaneswari Subramani (she/hers)
D1DEV102
Director, Engineering Operations, Infor
AWS DevTools Hero
3. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Quick Intro
• Bhuvaneswari Subramani (Bhuvana)
• Director, Engineering Operations, Infor
• AWS Hero since 2019
• Organizer, AWS User Group Bengaluru
• Leading cloud computing, DevOps,
and Performance QA
https://bhuvana.pro
/bhuvanas
@installjournal
4. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Agenda
• Why Infrastructure as Code (IaC) for CI CD ?
• CI CD multi-account Architecture
• Build & Deployment Infrastructure Setup
• Best Practices
5. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Why Infrastructure as Code
for CI CD ?
6. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Key Benefits
Speed Consistency Traceability
7. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved.
CI CD with multi-account
architecture
8. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved.
VPC Gateway
EndPoint
Continuous Integration
VPC
Developer Service Account
Private subnet
Build & Deploy
Server
Worker Nodes
Lin 1
2
3
Mirror Git
Repo
CI
1 - Initiate Build process
2 - Get Source code
3 - Compile & generate artifacts
4 - Publish artifacts
5 - Run code validation suite
AWS Cloud
9. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved.
VPC Gateway
EndPoint
Continuous Integration
VPC
Developer Service Account
Private subnet
Build & Deploy
Server
Worker Nodes
Lin 1
2
3
Mirror Git
Repo
Publish build
artifacts
4
S3 Buckets
CI
1 - Initiate Build process
2 - Get Source code
3 - Compile & generate artifacts
4 - Publish artifacts
5 - Run code validation suite
AWS Cloud
10. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved.
VPC Gateway
EndPoint
Continuous Integration
VPC
Developer Service Account
Private subnet
Build & Deploy
Server
Worker Nodes
Lin 1
2
3
Mirror Git
Repo
Publish build
artifacts
4
S3 Buckets
CI
1 - Initiate Build process
2 - Get Source code
3 - Compile & generate artifacts
4 - Publish artifacts
5 - Run code validation suite
5
AWS Cloud
11. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved.
VPC Gateway
EndPoint
Continuous Integration
VPC
Developer Service Account
Build & Deploy
Server
Worker Nodes
Lin
Private subnet
1
2
3
Mirror Git
Repo
Publish build
artifacts
4
S3 Buckets
5
App artifacts
Config artifacts
Data system artifacts
Test artifacts
AWS Cloud
12. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Mirror Git
Repo
Lin
VPC
Continuous Deployment – Nano Env
AWS Cloud AWS Cloud
Developer Service Account Nano Environment(s) Account
https://<env-id>.nano.infornexus.com
Public Subnet
Internet gateway
Windows
Peer
Linux
Peer
Users
Availability Zone
VPC
Private subnet
Build & Deploy
Server
S3 Buckets
Deploy
13. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Nano to Full Scale Environments
Beta
…
14. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Continuous Integration – Alpha / Beta / Prod Env
VPC
Developer Service Account
Private subnet
Build Server
Worker Nodes
Lin 1
2
3
Mirror Git
Repo
CI
1 - Initiate Build process
2 - Get Source code
3 - Compile & generate artifacts
4 - Publish artifacts
5 - Run code validation suite
AWS Cloud
15. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Continuous Integration – Alpha / Beta / Prod Env
VPC
Developer Service Account
Private subnet
Build Server
Worker Nodes
Lin 1
2
3
Mirror Git
Repo
Publish build
artifacts
4
S3 Buckets
CI
1 - Initiate Build process
2 - Get Source code
3 - Compile & generate artifacts
4 - Publish artifacts
5 - Run code validation suite
AWS Cloud
VPC Gateway
EndPoint
16. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Continuous Integration – Alpha / Beta / Prod Env
VPC
Developer Service Account
Private subnet
Build Server
Worker Nodes
Lin 1
2
3
Mirror Git
Repo
Publish build
artifacts
4
S3 Buckets
CI
1 - Initiate Build process
2 - Get Source code
3 - Compile & generate artifacts
4 - Publish artifacts
5 - Run code validation suite
AWS Cloud
VPC Gateway
EndPoint
ECR
Publish container
images
VPC Interface
EndPoint
4
17. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Continuous Deployment – Alpha / Beta / Prod Env
VPC
Developer Service Account
Private subnet
Build Server
Worker Nodes
Lin 1
2
3
Mirror Git
Repo
Publish build
artifacts
4
S3 Buckets
CI
1 - Initiate Build process
2 - Get Source code
3 - Compile & generate artifacts
4 - Publish artifacts
5 - Run code validation suite
5
AWS Cloud
VPC Gateway
EndPoint
AWS Cloud
Prod Account
Deploy Server
ECR
Publish container
images
VPC Interface
EndPoint
4
18. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Mirror Git
Repo
Lin
Continuous Deployment – Alpha / Beta / Prod Env
AWS Cloud
Developer Service Account
VPC
Private subnet
Build Server
VPC
AWS Cloud
Alpha / Beta / Prod Environment Account
Private subnet
App Container Services
• Web Tier
• Integration Tier
Intermediate Tier
• Caching
• Lock co-ordination
• Service Discovery
Data Tier
• Queueing
• AWS Hosted Data Services
• AWS Managed Data Services
Logging
&
Monitoring
Supply
Chain
Intelligence
Deploy Server
Deploy Nodes
A
Publish build
artifacts
ECR
B Publish
container
images
19. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Mirror Git
Repo
Lin
Continuous Deployment – Alpha / Beta / Prod Env
AWS Cloud
Developer Service Account
VPC
Private subnet
Build Server
VPC
AWS Cloud
Alpha / Beta / Prod Environment Account
Private subnet
App Container Services
• Web Tier
• Integration Tier
Intermediate Tier
• Caching
• Lock co-ordination
• Service Discovery
Data Tier
• Queueing
• AWS Hosted Data Services
• AWS Managed Data Services
Logging
&
Monitoring
Supply
Chain
Intelligence
Deploy Server
Deploy Nodes
A
Publish build
artifacts
C
ECR
B Publish
container
images
20. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Mirror Git
Repo
Lin
Continuous Deployment – Alpha / Beta / Prod Env
AWS Cloud
Developer Service Account
VPC
Private subnet
Build Server
VPC
AWS Cloud
Alpha / Beta / Prod Environment Account
Private subnet
App Container Services
• Web Tier
• Integration Tier
Intermediate Tier
• Caching
• Lock co-ordination
• Service Discovery
Data Tier
• Queueing
• AWS Hosted Data Services
• AWS Managed Data Services
Logging
&
Monitoring
Supply
Chain
Intelligence
Deploy Server
Deploy Nodes
A
Publish build
artifacts
C
ECR
B Publish
container
images
D
D
VPC Gateway
EndPoint
VPC Interface
EndPoint
21. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Build & Deployment
Infrastructure Setup
22. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Build Infrastructure Components
AWS
CloudFormation
Mirror Git Repo
Jenkins Master
S3 Bucket
IAM Roles
Secrets
Jenkins Win Agent Jenkins Linux
Agent
VPC EndPoints
ECR
23. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Setup Mirror Git Repo using IaC
Create Git repo tar.gz &
Upload to S3
Create EC2 Instance
Pull Git repo tar.gz from S3
and place in EC2
Configure Cron job to sync
Git repo
AWS
CloudFormation
Mirror Git Repo
24. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Setup Jenkins Master using IaC
Pipeline
Create
EC2
Salt
minion
Jenkins
Server
Gitlab
IaC Developers
Source - Bootstrap
Bootstrap
Jenkins
Linux Agent
Windows Agent
Jenkins Job
Configuration
Source - IaC
25. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Dev Environment for Jenkins Bootstrapping
Run Jenkins as Container
Install Docker
Setup local repo
Bind mount the directories into
Docker Containers
Install Jenkins as a Container
Configure Jenkins
26. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Dev Environment for Jenkins Bootstrapping
Run Jenkins as Container
Install Docker
Setup local repo
Bind mount the directories into
Docker Containers
Install Jenkins as a Container
Configure Jenkins
27. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Dev Environment for Jenkins Bootstrapping
Run Jenkins as Container
Install Docker
Setup local repo
Bind mount the directories into
Docker Containers
Install Jenkins as a Container
Configure Jenkins
28. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Dev Environment for Jenkins Bootstrapping
Run Jenkins as Container
Install Docker
Setup local repo
Bind mount the directories into
Docker Containers
Install Jenkins as a Container
Configure Jenkins
29. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Dev Environment for Jenkins Bootstrapping
Run Jenkins as Container
Install Docker
Setup local repo
Bind mount the directories into
Docker Containers
Install Jenkins as a Container
Configure Jenkins
30. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Dev Environment for Jenkins Bootstrapping
Run Jenkins as Container
Install Docker
Setup local repo
Bind mount the directories into
Docker Containers
Install Jenkins as a Container
Configure Jenkins
31. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Best Practices
32. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Best Practices
• Operational excellence
• Security
• Reliability
• Performance efficiency
• Cost optimization
• Sustainability
AWS Well-Architected Framework
33. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Operational excellence
• Continually improving quality process
• Design for failure
• Opportunities for improvement
• Clearly defined Promotion model for IaC
34. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Operational Excellence – Promotion Model
Stable
Staging
Feature
• Holds IaC for services that are live on an Env
• Protected Branch ; Changes needs approval
• Holds IaC for services ready to go live
• Protected Branch ; Changes needs approval
• To apply changes to production or alpha
branch
35. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Operational Excellence – Promotion Model
[STAGING]
[FEATURE-1]
{Create} {rebase} {promote}
[FEATURE-N] {Create}
{Promote to Stable for go
live}
[ … ]
Conventions
o commit
+ branch create
* rebase
^ promote
/ code flow
[ ] branch
36. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Operational Excellence – Promotion Model
[STAGING]
[FEATURE-1]
{Create} {rebase} {promote}
[FEATURE-N] {Create}
[STABLE]
Conventions
o commit
+ branch create
* rebase
^ promote
/ code flow
[ ] branch
{Promote to Stable for go
live}
[ … ]
[FEATURE-1] {Create} {rebase} {promote}
[FEATURE-N]
{Create}
[ … ]
{Code flow to Staging}
37. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Security
• Infrastructure protection
• Centralized identities with SAML 2.0
• End-to-end Traceability
• Data Protection
38. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Reliability
• Monitor workload Resources
• Adapt to changes in Demand
• Implement resiliency for reliable workload
39. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Performance Efficiency
• Capability to deploy the workload in multiple AWS
Regions
• Use serverless architectures
• Monitor your resources
40. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Cost Optimization
• Implement cloud financial management
• Monitor Cost and Usage
• Stop spending money on undifferentiated heavy
lifting
41. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Sustainability
• Remove or refactor workload components with low or
no use
• Increase utilization of build environments
• Optimize areas of code that consume the most time or
resources
42. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Key Benefits
Speed Consistency Traceability
43. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Additional resources
Link 1
About Link 1
AWS speakers,
more resources
are on the wiki
Link 1
About Link 1
Link 1
About Link 1
Link 1
About Link 1
44. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Deepen your skills with digital
learning on demand
Access 500+ free digital courses
and Learning Plans
Earn an industry-recognized credential
AWS Skill Builder AWS Certifications
Explore resources with a variety of
skill levels and 16+ languages to
meet your learning needs
Join the AWS Certified community and
get exclusive benefits
Receive Foundational,
Associate, Professional, and
Specialty certifications
Train now
Access new
exam guides
© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Learn in-demand AWS Cloud skills
45. Thank you!
© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Bhuvaneswari Subramani
https://bhuvana.pro
/bhuvanas
@installjournal