This document discusses using AWS CloudFormation and AWS CodePipeline to implement infrastructure continuous delivery. It begins by explaining the need for infrastructure as code and continuous delivery workflows for infrastructure changes. AWS CloudFormation allows treating infrastructure as code by authoring templates and provisioning AWS resources from them. AWS CodePipeline can then be used to automate building, testing and deploying infrastructure changes as code is updated. The document demonstrates decomposing a sample application into CloudFormation templates and setting up a CodePipeline to continuously deliver changes. It provides examples of how to model pipelines for network resources and application components separately with dependencies.
Whether you are a traditional enterprise exploring migrating workloads to the cloud or are already “all-in” on AWS, performing common tasks of inventory collection, OS patch management, and image creation at scale is increasingly complicated in hybrid infrastructure environments. Amazon EC2 Systems Manager allows you to perform automated configuration and ongoing management of your hybrid environment systems at scale. This session provides an overview of key EC2 Systems Manager capabilities that help you define and track system configurations, prevent drift, and maintain software compliance of your EC2 and on-premises configurations. We will also discuss common use cases for EC2 Systems Manager and give you a demonstration of a hybrid-cloud management scenario.
Today’s cutting edge companies have software release cycles measured in days instead of months. This agility is enabled by the DevOps practice of continuous integration and delivery, which automates building, testing, and deploying all code changes. This automation helps you catch bugs sooner and accelerates developer productivity. In this session, we’ll share the processes followed by Amazon engineers and discuss how you can bring them to your company by using a set of application lifecycle management tools from AWS: the newly announced AWS CodeBuild service, AWS CodePipeline, and AWS CodeDeploy.
Initially presented at AWS User Group Meetup Surabaya, Indonesia.
The AWS Cloud Development Kit is an open source software development framework to model and provision your cloud application resources using familiar programming languages. In this session, we will start with why IaC (Infrastructure as Code) is a good practice and explore various ways on its implementation. Then, we'll do a live coding as a step-by-step guidance on how you can use AWS CDK to programmatically provision a serverless APIs system.
다시보기 영상 링크: https://youtu.be/QGgQOcA3W6w
클라우드로의 마이그레이션이 증가하면서, 퍼블릭 클라우드를 목표로 한 공격도 폭증하고 있습니다. 특히, 클라우드 관리자의 자격증명을 탈취하려는 시도나 탈취된 자격증명을 이용하여 중요정보를 유출하고 대규모로 비트코인 채굴을 시도하는 행위들이 늘어가고 있습니다. AWS로의 이관을 고려하고 있거나 사용중인 고객들이라면, 이와 같이 클라우드의 특성을 활용하여 발생하고 있는 정교한 보안 위협들에 대응하기 위한 방법을 고민하셔야 합니다. 본 세션에서는 이러한 클라우드 네이티브 위협들에 효과적으로 대응하는 기능을 제공하는 GuardDuty, Inspector, Config, SecurityHub와 같은 AWS 보안 서비스들에 대한 설명을 진행합니다.
Docker containers have become a key component of modern application design. Increasingly, developers are breaking their applications apart into smaller components and distributing them across a pool of compute resources.
Whether you are a traditional enterprise exploring migrating workloads to the cloud or are already “all-in” on AWS, performing common tasks of inventory collection, OS patch management, and image creation at scale is increasingly complicated in hybrid infrastructure environments. Amazon EC2 Systems Manager allows you to perform automated configuration and ongoing management of your hybrid environment systems at scale. This session provides an overview of key EC2 Systems Manager capabilities that help you define and track system configurations, prevent drift, and maintain software compliance of your EC2 and on-premises configurations. We will also discuss common use cases for EC2 Systems Manager and give you a demonstration of a hybrid-cloud management scenario.
Today’s cutting edge companies have software release cycles measured in days instead of months. This agility is enabled by the DevOps practice of continuous integration and delivery, which automates building, testing, and deploying all code changes. This automation helps you catch bugs sooner and accelerates developer productivity. In this session, we’ll share the processes followed by Amazon engineers and discuss how you can bring them to your company by using a set of application lifecycle management tools from AWS: the newly announced AWS CodeBuild service, AWS CodePipeline, and AWS CodeDeploy.
Initially presented at AWS User Group Meetup Surabaya, Indonesia.
The AWS Cloud Development Kit is an open source software development framework to model and provision your cloud application resources using familiar programming languages. In this session, we will start with why IaC (Infrastructure as Code) is a good practice and explore various ways on its implementation. Then, we'll do a live coding as a step-by-step guidance on how you can use AWS CDK to programmatically provision a serverless APIs system.
다시보기 영상 링크: https://youtu.be/QGgQOcA3W6w
클라우드로의 마이그레이션이 증가하면서, 퍼블릭 클라우드를 목표로 한 공격도 폭증하고 있습니다. 특히, 클라우드 관리자의 자격증명을 탈취하려는 시도나 탈취된 자격증명을 이용하여 중요정보를 유출하고 대규모로 비트코인 채굴을 시도하는 행위들이 늘어가고 있습니다. AWS로의 이관을 고려하고 있거나 사용중인 고객들이라면, 이와 같이 클라우드의 특성을 활용하여 발생하고 있는 정교한 보안 위협들에 대응하기 위한 방법을 고민하셔야 합니다. 본 세션에서는 이러한 클라우드 네이티브 위협들에 효과적으로 대응하는 기능을 제공하는 GuardDuty, Inspector, Config, SecurityHub와 같은 AWS 보안 서비스들에 대한 설명을 진행합니다.
Docker containers have become a key component of modern application design. Increasingly, developers are breaking their applications apart into smaller components and distributing them across a pool of compute resources.
How can you accelerate the delivery of new, high-quality services? How can you be able to experiment and get feedback quickly from your customers? To get the most out of the agility afforded by serverless and containers, it is essential to build CI/CD pipelines that help teams iterate on code and quickly release features. In this talk, we demonstrate how developers can build effective CI/CD release workflows to manage their serverless or containerized deployments on AWS. We cover infrastructure-as-code (IaC) application models, such as AWS Serverless Application Model (AWS SAM) and new imperative IaC tools. We also demonstrate how to set up CI/CD release pipelines with AWS CodePipeline and AWS CodeBuild, and we show you how to automate safer deployments with AWS CodeDeploy.
AWS is architected to be one of the most flexible and secure cloud computing environments available today. It provides an extremely scalable, highly reliable platform that enables customers to deploy applications and data quickly and securely. When using AWS, not only are infrastructure headaches removed, but so are many of the security issues that come with them.
Amazon EC2 Container Service is a new AWS service that makes it easy to run and manage Docker-enabled applications across a cluster of Amazon EC2 instances. Amazon EC2 Container Service lets you define, schedule, and stop sets of containers. You have access to the state of your resources, making it easy to confirm that tasks are running or view the utilization of Amazon EC2 instances in your cluster. This session will describe the benefits of containers, introduce the Amazon EC2 Container Service, and demonstrate how to use Amazon EC2 Container Service for your applications.
Speakers:
Ian Massingham, AWS Technical Evangelist and
Boyan Dimitrov, Platform Automation Lead, Hailo Cabs
Today, the development and operations landscape has shifted to a more collaborative model merging the two (DevOps). Developers need to know much more about the operational components of their software - especially around network programming, services development, and continuous deployment. Likewise, the developer's IT counterpart needs to know much more about development - especially around infrastructure automation (Chef/Puppet), automated testing, and continuous deployment.
by Omar Lari, Partner Solutions Architect, AWS
Amazon Elastic Container Service for Kubernetes (Amazon EKS) is a new managed service for running Kubernetes on AWS. This session will provide an overview of Amazon EKS, why we built it, and how it works.
Unleash the Power of Temporary AWS Credentials (a.k.a. IAM roles) (SEC390-R1)...Amazon Web Services
In this chalk talk, we discuss why using temporary security credentials to manage access to your AWS resources is an AWS Identity and Access Management (AWS IAM) best practice. IAM roles help you follow this best practice by delivering and rotating temporary credentials automatically. We discuss the different types of IAM roles, the assume role functionality, and how to author fine-grained trust and access policies that limit the scope of IAM roles. We then show you how to attach IAM roles to your AWS resources, such as Amazon EC2 instances and AWS Lambda functions. We also discuss migrating applications that use long-term AWS access keys to temporary credentials managed by IAM roles.
Infrastructure is code with the AWS CDK - MAD312 - New York AWS SummitAmazon Web Services
The AWS Cloud Development Kit (AWS CDK) is a multi-language, open-source framework from AWS that enables developers to harness the full power of modern programming languages to define reusable cloud components and provision applications built from those components using AWS CloudFormation. In this session, we quickly cover the basic concepts of the AWS CDK. We then develop an application using the AWS CDK. We show you how to use the AWS CDK to quickly assemble your AWS infrastructure using the new Python CDK that launched earlier this year. We explore the AWS Construct Library and show you how easy it is configure your cloud resources, manage permissions, connect event sources, and even build and publish your own constructs. Join us for a fun session with a heavy emphasis on live coding.
This beginning terraform workshop will teach you how to safely create and provision Infrastructure as Code (IAC) using Hashicorp Terraform in an AWS environment. In this class you will learn how to setup and install terraform. You will also be given a walkthrough of Terraform fundamentals. You will be lead through the process of deploying a single server, deploying a cluster and setting up a load balancer. You will also learn how to author Terraform Modules, work with Route53 and how to manage DNS.
Requirements. You will need to have an AWS account set up already with Terraform v0.9.3 installed. You will also need to have git install to download the workshop material.
You can find more informaiton on how to install terraform here: https://www.terraform.io/intro/getting-started/install.html. You can sign up for an AWS account here: https://aws.amazon.com/account/
https://github.com/jasonvance/terraform-introduction
[AWS Dev Day] 앱 현대화 | AWS Fargate를 사용한 서버리스 컨테이너 활용 하기 - 삼성전자 개발자 포털 사례 - 정영준...Amazon Web Services Korea
삼성전자 개발자 포탈은 SmartThings Cloud, Bixby 와 같은 삼성전자의 어플리케이션 에코시스템에 개발자 도구를 활용하여 어플리케이션을 개발할 수 있게 해주는 플랫폼입니다. 이 플랫폼을 컨테이너로 개발하고, 컨테이너에 패키징하는 어플리케이션 로직에만 집중 할 수 있다면 배포와 관리가 얼마나 손쉬워 질까요? 삼성전자의 실제 사례를 통하여 Fargate 를 활용한 컨테이너 환경의 장점에 대해서 알아봅니다.
기존 데이타 센타 내 온프레미스 시스템을 Lift and shift 방식으로 안전하고 신속하게 마이그레이션하고자 하기 위해서는 발견(Discovery) 도구 및 마이그레이션 도구를 필요로 합니다. 이 세션에서는 AWS Application Discovery Service를 사용하여 기존 IT 인프라를 신속하게 발견하고 분석하는 방법을 보여줍니다. 또한 기존 인프라 디스커버리 및 마이그레이션 실행 자동화에 대한 모범 사례에 대해서도 설명합니다. 마지막으로, AWS DataSync와 같은 데이타 마이그레이션 서비스, 전체 어플리케이션의 마이그레이션 상황을 추적하도록 지원하고 가시화하는 AWS Migration Hub 서비스, 안전하고 확장성 있는 AWS 기본 환경인 AWS Landing Zone에 대해 소개합니다.
Your Virtual Data Center: VPC Fundamentals and Connectivity Options (NET201) ...Amazon Web Services
In this session, we walk through the fundamentals of Amazon VPC. First, we cover build-out and design fundamentals for VPCs, including picking your IP space, subnetting, routing, security, NAT, and much more. We then transition to different approaches and use cases for optionally connecting your VPC to your physical data center with VPN or AWS Direct Connect. This mid-level architecture discussion is aimed at architects, network administrators, and technology decision makers interested in understanding the building blocks that AWS makes available with Amazon VPC. Learn how you can connect VPCs with your offices and current data center footprint.
Deploy, Manage, and Scale your Apps with AWS Elastic BeanstalkAmazon Web Services
AWS Elastic Beanstalk is the fastest and simplest way to deploy your application on AWS. It is ideal for developers that are new to the platform but is also used by large organizations that want to manage and scale production workloads with minimum operational overhead. This session shows you how to deploy your code to AWS Elastic Beanstalk, easily manage multiple environments (e.g. Test & Production) and perform zero-downtime deployments through interactive demos and code samples.
Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...Amazon Web Services
In this session, we will walk through the fundamentals of Amazon Virtual Private Cloud (VPC). We will discuss core VPC concepts including picking your IP space, subnetting, routing, security, NAT and VPC Endpoints.
Infrastructure Continuous Delivery Using AWS CloudFormationAmazon Web Services
Review ways to manage the lifecycle of your Dev, test, and production infrastructure using CloudFormation. Learn how to architect your infrastructure through loosely coupled stacks using cross-stack references, tightly coupled nested stacks and other best practices. Learn how to use CloudFormation to provision and manage a continuous deployment pipeline for your infrastructure-as-code. Automate deployment of new development environments as your infrastructure evolves, promote your new architecture for testing, and deploy changes to production.
AWS re:Invent 2016: Infrastructure Continuous Delivery Using AWS CloudFormati...Amazon Web Services
In this session, we will review ways to manage the lifecycle of your dev, test, and production infrastructure using CloudFormation. Learn how to architect your infrastructure through loosely coupled stacks using cross-stack references, tightly coupled nested stacks and other best practices. Learn how to use CloudFormation to provision and manage a continuous deployment pipeline for your infrastructure-as-code. Automate deployment of new development environments as your infrastructure evolves, promote your new architecture for testing, and deploy changes to production.
How can you accelerate the delivery of new, high-quality services? How can you be able to experiment and get feedback quickly from your customers? To get the most out of the agility afforded by serverless and containers, it is essential to build CI/CD pipelines that help teams iterate on code and quickly release features. In this talk, we demonstrate how developers can build effective CI/CD release workflows to manage their serverless or containerized deployments on AWS. We cover infrastructure-as-code (IaC) application models, such as AWS Serverless Application Model (AWS SAM) and new imperative IaC tools. We also demonstrate how to set up CI/CD release pipelines with AWS CodePipeline and AWS CodeBuild, and we show you how to automate safer deployments with AWS CodeDeploy.
AWS is architected to be one of the most flexible and secure cloud computing environments available today. It provides an extremely scalable, highly reliable platform that enables customers to deploy applications and data quickly and securely. When using AWS, not only are infrastructure headaches removed, but so are many of the security issues that come with them.
Amazon EC2 Container Service is a new AWS service that makes it easy to run and manage Docker-enabled applications across a cluster of Amazon EC2 instances. Amazon EC2 Container Service lets you define, schedule, and stop sets of containers. You have access to the state of your resources, making it easy to confirm that tasks are running or view the utilization of Amazon EC2 instances in your cluster. This session will describe the benefits of containers, introduce the Amazon EC2 Container Service, and demonstrate how to use Amazon EC2 Container Service for your applications.
Speakers:
Ian Massingham, AWS Technical Evangelist and
Boyan Dimitrov, Platform Automation Lead, Hailo Cabs
Today, the development and operations landscape has shifted to a more collaborative model merging the two (DevOps). Developers need to know much more about the operational components of their software - especially around network programming, services development, and continuous deployment. Likewise, the developer's IT counterpart needs to know much more about development - especially around infrastructure automation (Chef/Puppet), automated testing, and continuous deployment.
by Omar Lari, Partner Solutions Architect, AWS
Amazon Elastic Container Service for Kubernetes (Amazon EKS) is a new managed service for running Kubernetes on AWS. This session will provide an overview of Amazon EKS, why we built it, and how it works.
Unleash the Power of Temporary AWS Credentials (a.k.a. IAM roles) (SEC390-R1)...Amazon Web Services
In this chalk talk, we discuss why using temporary security credentials to manage access to your AWS resources is an AWS Identity and Access Management (AWS IAM) best practice. IAM roles help you follow this best practice by delivering and rotating temporary credentials automatically. We discuss the different types of IAM roles, the assume role functionality, and how to author fine-grained trust and access policies that limit the scope of IAM roles. We then show you how to attach IAM roles to your AWS resources, such as Amazon EC2 instances and AWS Lambda functions. We also discuss migrating applications that use long-term AWS access keys to temporary credentials managed by IAM roles.
Infrastructure is code with the AWS CDK - MAD312 - New York AWS SummitAmazon Web Services
The AWS Cloud Development Kit (AWS CDK) is a multi-language, open-source framework from AWS that enables developers to harness the full power of modern programming languages to define reusable cloud components and provision applications built from those components using AWS CloudFormation. In this session, we quickly cover the basic concepts of the AWS CDK. We then develop an application using the AWS CDK. We show you how to use the AWS CDK to quickly assemble your AWS infrastructure using the new Python CDK that launched earlier this year. We explore the AWS Construct Library and show you how easy it is configure your cloud resources, manage permissions, connect event sources, and even build and publish your own constructs. Join us for a fun session with a heavy emphasis on live coding.
This beginning terraform workshop will teach you how to safely create and provision Infrastructure as Code (IAC) using Hashicorp Terraform in an AWS environment. In this class you will learn how to setup and install terraform. You will also be given a walkthrough of Terraform fundamentals. You will be lead through the process of deploying a single server, deploying a cluster and setting up a load balancer. You will also learn how to author Terraform Modules, work with Route53 and how to manage DNS.
Requirements. You will need to have an AWS account set up already with Terraform v0.9.3 installed. You will also need to have git install to download the workshop material.
You can find more informaiton on how to install terraform here: https://www.terraform.io/intro/getting-started/install.html. You can sign up for an AWS account here: https://aws.amazon.com/account/
https://github.com/jasonvance/terraform-introduction
[AWS Dev Day] 앱 현대화 | AWS Fargate를 사용한 서버리스 컨테이너 활용 하기 - 삼성전자 개발자 포털 사례 - 정영준...Amazon Web Services Korea
삼성전자 개발자 포탈은 SmartThings Cloud, Bixby 와 같은 삼성전자의 어플리케이션 에코시스템에 개발자 도구를 활용하여 어플리케이션을 개발할 수 있게 해주는 플랫폼입니다. 이 플랫폼을 컨테이너로 개발하고, 컨테이너에 패키징하는 어플리케이션 로직에만 집중 할 수 있다면 배포와 관리가 얼마나 손쉬워 질까요? 삼성전자의 실제 사례를 통하여 Fargate 를 활용한 컨테이너 환경의 장점에 대해서 알아봅니다.
기존 데이타 센타 내 온프레미스 시스템을 Lift and shift 방식으로 안전하고 신속하게 마이그레이션하고자 하기 위해서는 발견(Discovery) 도구 및 마이그레이션 도구를 필요로 합니다. 이 세션에서는 AWS Application Discovery Service를 사용하여 기존 IT 인프라를 신속하게 발견하고 분석하는 방법을 보여줍니다. 또한 기존 인프라 디스커버리 및 마이그레이션 실행 자동화에 대한 모범 사례에 대해서도 설명합니다. 마지막으로, AWS DataSync와 같은 데이타 마이그레이션 서비스, 전체 어플리케이션의 마이그레이션 상황을 추적하도록 지원하고 가시화하는 AWS Migration Hub 서비스, 안전하고 확장성 있는 AWS 기본 환경인 AWS Landing Zone에 대해 소개합니다.
Your Virtual Data Center: VPC Fundamentals and Connectivity Options (NET201) ...Amazon Web Services
In this session, we walk through the fundamentals of Amazon VPC. First, we cover build-out and design fundamentals for VPCs, including picking your IP space, subnetting, routing, security, NAT, and much more. We then transition to different approaches and use cases for optionally connecting your VPC to your physical data center with VPN or AWS Direct Connect. This mid-level architecture discussion is aimed at architects, network administrators, and technology decision makers interested in understanding the building blocks that AWS makes available with Amazon VPC. Learn how you can connect VPCs with your offices and current data center footprint.
Deploy, Manage, and Scale your Apps with AWS Elastic BeanstalkAmazon Web Services
AWS Elastic Beanstalk is the fastest and simplest way to deploy your application on AWS. It is ideal for developers that are new to the platform but is also used by large organizations that want to manage and scale production workloads with minimum operational overhead. This session shows you how to deploy your code to AWS Elastic Beanstalk, easily manage multiple environments (e.g. Test & Production) and perform zero-downtime deployments through interactive demos and code samples.
Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...Amazon Web Services
In this session, we will walk through the fundamentals of Amazon Virtual Private Cloud (VPC). We will discuss core VPC concepts including picking your IP space, subnetting, routing, security, NAT and VPC Endpoints.
Infrastructure Continuous Delivery Using AWS CloudFormationAmazon Web Services
Review ways to manage the lifecycle of your Dev, test, and production infrastructure using CloudFormation. Learn how to architect your infrastructure through loosely coupled stacks using cross-stack references, tightly coupled nested stacks and other best practices. Learn how to use CloudFormation to provision and manage a continuous deployment pipeline for your infrastructure-as-code. Automate deployment of new development environments as your infrastructure evolves, promote your new architecture for testing, and deploy changes to production.
AWS re:Invent 2016: Infrastructure Continuous Delivery Using AWS CloudFormati...Amazon Web Services
In this session, we will review ways to manage the lifecycle of your dev, test, and production infrastructure using CloudFormation. Learn how to architect your infrastructure through loosely coupled stacks using cross-stack references, tightly coupled nested stacks and other best practices. Learn how to use CloudFormation to provision and manage a continuous deployment pipeline for your infrastructure-as-code. Automate deployment of new development environments as your infrastructure evolves, promote your new architecture for testing, and deploy changes to production.
AWS re:Invent 2016: Chalk Talk: Succeeding at Infrastructure-as-Code (GPSCT312)Amazon Web Services
The days of manually managing infrastructure tasks are quickly coming to an end; businesses increasingly need their infrastructure teams to react with the same agility of their development teams. In this session, we discuss various approaches to infrastructure-as-code utilizing AWS solutions across the areas of templated infrastructure provisioning, configuration management, and policy as code. We invite you to bring your questions and join AWS Solutions Architects as we dive deeper into the concepts and best practices behind infrastructure-as-code.
AWS re:Invent 2016: How to Launch a 100K-User Corporate Back Office with Micr...Amazon Web Services
Learn how to build a scalable, compliance-ready, and automated deployment of the Microsoft “backoffice” servers for 100K users running on AWS. In this session, we show a reference architecture deployment of Exchange, SharePoint, Skype for Business, SQL Server and Active Directory in a single VPC. We discuss the following: (1) how the solution is automated for 100K users, (2) how the solution is enabled for compliance (e.g., FedRAMP, HIPAA, PCI), and (3) how the solution is built from modular 10K user blocks. Attendees should have knowledge of AWS CloudFormation, PowerShell, instance bootstrapping, VPCs, and Amazon Route 53, as well as the relevant Microsoft technologies.
Day 3 - DevOps Culture - Continuous Integration & Continuous Deployment on th...Amazon Web Services
Much has been said about DevOps culture, this webinar talks about exactly what it means to exercise a DevOps methodology inside your organisation and takes a more detailed look at Continuous Integration and Continuous Deployment – two of the elements of a successful DevOps framework. With AWS’s API driven infrastructure, running a lean platform becomes possible and the ability to treat ‘Infrastructure as Code’.
Reasons to attend:
- Learn how to set up and experience the benefits of 'Continuous Integration' and 'Continuous Deployment' for your Development Environment.
- Learn about DevOps best practices and the agility that the AWS Cloud can bring your business.
- Learn how business have successfully implemented DevOps methodologies.
WKS401 Deploy a Deep Learning Framework on Amazon ECS and EC2 Spot InstancesAmazon Web Services
Deep learning is an implementation of machine learning that uses neural networks to solve difficult and complex problems, such as computer vision, natural language processing, and recommendations. Due to the availability of deep learning libraries and frameworks, developers have the ability to enhance the capabilities of their applications and projects.
In this workshop, you learn how to build and deploy a powerful deep learning framework called MXNet on containers. The portability and resource management benefit of containers means developers can focus less on infrastructure and more on building. The labs start by demonstrating the automation capabilities of AWS CloudFormation to stand up core infrastructure; as an added bonus, you use Spot Fleet to leverage the cost benefits of using Spot Instances, especially for developer environments. Then, you walk through creating an MXNet container in Docker and deploying it with Amazon ECS. Finally, you walk through an image classification demo of MXNet to validate that everything is working as expected.
Pre-reqs: Laptop and AWS account
Introduction to DevOps on AWS. Basic introduction to Devops principles and practices, and how they can be implemented on AWS. Introduces basic cloudformation.
This mid-level technical session will help you choose among the AWS services that can help you deploy and run your applications more easily. You will learn how to get an application running using AWS OpsWorks and AWS Elastic Beanstalk and how to use AWS CloudFormation templates to document, version control, and share your application configuration
AWS Architecting Cloud Apps - Best Practices and Design Patterns By Jinesh VariaAmazon Web Services
Jinesh Varia, Technology Evangelist, Discusses AWS architecture best practices and design patterns at the AWS Enterprise Tour - SF - 2010
http://jineshvaria.s3.amazonaws.com/public/cloudbestpractices-jvaria.pdf
Continuous Integration and Deployment Best Practices on AWSAmazon Web Services
With AWS, organizations now have the ability to develop and run their applications with speed and flexibility like never before. Working with an infrastructure that can be 100% API-driven enables organizations to use lean methodologies and realize these benefits. In this session, we will explore some key concepts and design patterns for continuous deployment and continuous integration, two elements of lean application and infrastructure development. We will look at several use cases where IT organizations leveraged AWS to rapidly develop and iterate on applications for scale, high availability and cost optimization.
Speaker: Adrian White, Solutions Architect, Amazon Web Services
Delivering High-Availability Web Services with NGINX Plus on AWSNGINX, Inc.
Over 1/3 of websites running on Amazon Web Services (AWS) are delivered and accelerated using NGINX. In this webinar Nginx and Amazon explain how to get started with NGINX Plus on AWS and how to further increase performance and availability of large, dynamic, cloud-based applications integrating with critical AWS services.
Similar to Infrastructure Continuous Delivery Using AWS CloudFormation (20)
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
Il Forecasting è un processo importante per tantissime aziende e viene utilizzato in vari ambiti per cercare di prevedere in modo accurato la crescita e distribuzione di un prodotto, l’utilizzo delle risorse necessarie nelle linee produttive, presentazioni finanziarie e tanto altro. Amazon utilizza delle tecniche avanzate di forecasting, in parte questi servizi sono stati messi a disposizione di tutti i clienti AWS.
In questa sessione illustreremo come pre-processare i dati che contengono una componente temporale e successivamente utilizzare un algoritmo che a partire dal tipo di dato analizzato produce un forecasting accurato.
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
La varietà e la quantità di dati che si crea ogni giorno accelera sempre più velocemente e rappresenta una opportunità irripetibile per innovare e creare nuove startup.
Tuttavia gestire grandi quantità di dati può apparire complesso: creare cluster Big Data su larga scala sembra essere un investimento accessibile solo ad aziende consolidate. Ma l’elasticità del Cloud e, in particolare, i servizi Serverless ci permettono di rompere questi limiti.
Vediamo quindi come è possibile sviluppare applicazioni Big Data rapidamente, senza preoccuparci dell’infrastruttura, ma dedicando tutte le risorse allo sviluppo delle nostre le nostre idee per creare prodotti innovativi.
Ora puoi utilizzare Amazon Elastic Kubernetes Service (EKS) per eseguire pod Kubernetes su AWS Fargate, il motore di elaborazione serverless creato per container su AWS. Questo rende più semplice che mai costruire ed eseguire le tue applicazioni Kubernetes nel cloud AWS.In questa sessione presenteremo le caratteristiche principali del servizio e come distribuire la tua applicazione in pochi passaggi
Vent'anni fa Amazon ha attraversato una trasformazione radicale con l'obiettivo di aumentare il ritmo dell'innovazione. In questo periodo abbiamo imparato come cambiare il nostro approccio allo sviluppo delle applicazioni ci ha permesso di aumentare notevolmente l'agilità, la velocità di rilascio e, in definitiva, ci ha consentito di creare applicazioni più affidabili e scalabili. In questa sessione illustreremo come definiamo le applicazioni moderne e come la creazione di app moderne influisce non solo sull'architettura dell'applicazione, ma sulla struttura organizzativa, sulle pipeline di rilascio dello sviluppo e persino sul modello operativo. Descriveremo anche approcci comuni alla modernizzazione, compreso l'approccio utilizzato dalla stessa Amazon.com.
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
L’utilizzo dei container è in continua crescita.
Se correttamente disegnate, le applicazioni basate su Container sono molto spesso stateless e flessibili.
I servizi AWS ECS, EKS e Kubernetes su EC2 possono sfruttare le istanze Spot, portando ad un risparmio medio del 70% rispetto alle istanze On Demand. In questa sessione scopriremo insieme quali sono le caratteristiche delle istanze Spot e come possono essere utilizzate facilmente su AWS. Impareremo inoltre come Spreaker sfrutta le istanze spot per eseguire applicazioni di diverso tipo, in produzione, ad una frazione del costo on-demand!
In recent months, many customers have been asking us the question – how to monetise Open APIs, simplify Fintech integrations and accelerate adoption of various Open Banking business models. Therefore, AWS and FinConecta would like to invite you to Open Finance marketplace presentation on October 20th.
Event Agenda :
Open banking so far (short recap)
• PSD2, OB UK, OB Australia, OB LATAM, OB Israel
Intro to Open Finance marketplace
• Scope
• Features
• Tech overview and Demo
The role of the Cloud
The Future of APIs
• Complying with regulation
• Monetizing data / APIs
• Business models
• Time to market
One platform for all: a Strategic approach
Q&A
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
Per creare valore e costruire una propria offerta differenziante e riconoscibile, le startup di successo sanno come combinare tecnologie consolidate con componenti innovativi creati ad hoc.
AWS fornisce servizi pronti all'utilizzo e, allo stesso tempo, permette di personalizzare e creare gli elementi differenzianti della propria offerta.
Concentrandoci sulle tecnologie di Machine Learning, vedremo come selezionare i servizi di intelligenza artificiale offerti da AWS e, anche attraverso una demo, come costruire modelli di Machine Learning personalizzati utilizzando SageMaker Studio.
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
Con l'approccio tradizionale al mondo IT per molti anni è stato difficile implementare tecniche di DevOps, che finora spesso hanno previsto attività manuali portando di tanto in tanto a dei downtime degli applicativi interrompendo l'operatività dell'utente. Con l'avvento del cloud, le tecniche di DevOps sono ormai a portata di tutti a basso costo per qualsiasi genere di workload, garantendo maggiore affidabilità del sistema e risultando in dei significativi miglioramenti della business continuity.
AWS mette a disposizione AWS OpsWork come strumento di Configuration Management che mira ad automatizzare e semplificare la gestione e i deployment delle istanze EC2 per mezzo di workload Chef e Puppet.
Scopri come sfruttare AWS OpsWork a garanzia e affidabilità del tuo applicativo installato su Instanze EC2.
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
Vuoi conoscere le opzioni per eseguire Microsoft Active Directory su AWS? Quando si spostano carichi di lavoro Microsoft in AWS, è importante considerare come distribuire Microsoft Active Directory per supportare la gestione, l'autenticazione e l'autorizzazione dei criteri di gruppo. In questa sessione, discuteremo le opzioni per la distribuzione di Microsoft Active Directory su AWS, incluso AWS Directory Service per Microsoft Active Directory e la distribuzione di Active Directory su Windows su Amazon Elastic Compute Cloud (Amazon EC2). Trattiamo argomenti quali l'integrazione del tuo ambiente Microsoft Active Directory locale nel cloud e l'utilizzo di applicazioni SaaS, come Office 365, con AWS Single Sign-On.
Dal riconoscimento facciale al riconoscimento di frodi o difetti di fabbricazione, l'analisi di immagini e video che sfruttano tecniche di intelligenza artificiale, si stanno evolvendo e raffinando a ritmi elevati. In questo webinar esploreremo le possibilità messe a disposizione dai servizi AWS per applicare lo stato dell'arte delle tecniche di computer vision a scenari reali.
Amazon Web Services e VMware organizzano un evento virtuale gratuito il prossimo mercoledì 14 Ottobre dalle 12:00 alle 13:00 dedicato a VMware Cloud ™ on AWS, il servizio on demand che consente di eseguire applicazioni in ambienti cloud basati su VMware vSphere® e di accedere ad una vasta gamma di servizi AWS, sfruttando a pieno le potenzialità del cloud AWS e tutelando gli investimenti VMware esistenti.
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
Molte aziende oggi, costruiscono applicazioni con funzionalità di tipo ledger ad esempio per verificare lo storico di accrediti o addebiti nelle transazioni bancarie o ancora per tenere traccia del flusso supply chain dei propri prodotti.
Alla base di queste soluzioni ci sono i database ledger che permettono di avere un log delle transazioni trasparente, immutabile e crittograficamente verificabile, ma sono strumenti complessi e onerosi da gestire.
Amazon QLDB elimina la necessità di costruire sistemi personalizzati e complessi fornendo un database ledger serverless completamente gestito.
In questa sessione scopriremo come realizzare un'applicazione serverless completa che utilizzi le funzionalità di QLDB.
Con l’ascesa delle architetture di microservizi e delle ricche applicazioni mobili e Web, le API sono più importanti che mai per offrire agli utenti finali una user experience eccezionale. In questa sessione impareremo come affrontare le moderne sfide di progettazione delle API con GraphQL, un linguaggio di query API open source utilizzato da Facebook, Amazon e altro e come utilizzare AWS AppSync, un servizio GraphQL serverless gestito su AWS. Approfondiremo diversi scenari, comprendendo come AppSync può aiutare a risolvere questi casi d’uso creando API moderne con funzionalità di aggiornamento dati in tempo reale e offline.
Inoltre, impareremo come Sky Italia utilizza AWS AppSync per fornire aggiornamenti sportivi in tempo reale agli utenti del proprio portale web.
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
In queste slide, gli esperti AWS e VMware presentano semplici e pratici accorgimenti per facilitare e semplificare la migrazione dei carichi di lavoro Oracle accelerando la trasformazione verso il cloud, approfondiranno l’architettura e dimostreranno come sfruttare a pieno le potenzialità di VMware Cloud ™ on AWS.
Amazon Elastic Container Service (Amazon ECS) è un servizio di gestione dei container altamente scalabile, che semplifica la gestione dei contenitori Docker attraverso un layer di orchestrazione per il controllo del deployment e del relativo lifecycle. In questa sessione presenteremo le principali caratteristiche del servizio, le architetture di riferimento per i differenti carichi di lavoro e i semplici passi necessari per poter velocemente migrare uno o più dei tuo container.
Acorn Recovery: Restore IT infra within minutesIP ServerOne
Introducing Acorn Recovery as a Service, a simple, fast, and secure managed disaster recovery (DRaaS) by IP ServerOne. A DR solution that helps restore your IT infra within minutes.
Sharpen existing tools or get a new toolbox? Contemporary cluster initiatives...Orkestra
UIIN Conference, Madrid, 27-29 May 2024
James Wilson, Orkestra and Deusto Business School
Emily Wise, Lund University
Madeline Smith, The Glasgow School of Art
This presentation by Morris Kleiner (University of Minnesota), was made during the discussion “Competition and Regulation in Professions and Occupations” held at the Working Party No. 2 on Competition and Regulation on 10 June 2024. More papers and presentations on the topic can be found out at oe.cd/crps.
This presentation was uploaded with the author’s consent.
Have you ever wondered how search works while visiting an e-commerce site, internal website, or searching through other types of online resources? Look no further than this informative session on the ways that taxonomies help end-users navigate the internet! Hear from taxonomists and other information professionals who have first-hand experience creating and working with taxonomies that aid in navigation, search, and discovery across a range of disciplines.
0x01 - Newton's Third Law: Static vs. Dynamic AbusersOWASP Beja
f you offer a service on the web, odds are that someone will abuse it. Be it an API, a SaaS, a PaaS, or even a static website, someone somewhere will try to figure out a way to use it to their own needs. In this talk we'll compare measures that are effective against static attackers and how to battle a dynamic attacker who adapts to your counter-measures.
About the Speaker
===============
Diogo Sousa, Engineering Manager @ Canonical
An opinionated individual with an interest in cryptography and its intersection with secure software development.
2. Aboot Me
Hubert Cheung hubertc@amazon.com
Solutions Architect
Canuck
@ AWS 4.5 Years
- AWS Support
- AWS Solutions Architecture
3. What to expect from this session
• We’ll show you how to:
• Architect your infrastructure using AWS CloudFormation
• Use AWS CloudFormation to set up AWS CodePipeline
pipelines
• Continuously deliver changes to stacks as you make
changes to your templates
• Demo
4. Let’s look at release
processes
https://www.flickr.com/photos/jurvetson/5201796697/
5. • Integration
tests with
other systems
• Load testing
• UI tests
• Penetration
testing
Release processes have four major phases
Source Build Test Production
• Check-in
source code
such as .java
files.
• Peer review
new code
• Compile code
• Unit tests
• Style checkers
• Code metrics
• Create
container
images
• Deployment
to production
environments
9. What do we need for infrastructure continuous
delivery?
• A way to treat infrastructure as code.
• Tools to manage the workflow that creates and updates
infrastructure resources.
• Tools to properly test and inspect your changes for
defects and potential issues
10. What do we need for infrastructure continuous
delivery?
Infrastructure as code
A practice in which infrastructure
is provisioned and managed using
code and software development
techniques, such as version
control and continuous
integration.
Workflow
Build, test, and deploy your code
every time there is a code
change, based on the release
process models you define,
enabling you to rapidly and
reliably deliver changes.
12. AWS CloudFormation
• Create templates of your infrastructure
• Version control /code review /update
templates like code
• CloudFormation provisions AWS resources
based on dependency needs
• Integrates with development, CI/CD,
management tools
• No additional charge to use
13. Author templates in JSON or YAML
Use change sets to preview your changes
Continuous delivery workflows for stacks
Support for AWS Serverless App Model
Enable cross-stack references with exports
Key new features
16. Preview the set of actions that CloudFormation will take on your
behalf before you create or update stacks.
CloudFormation Change Sets
Change sets show you what resources will be created, updated
or replaced. This ensures that only expected operations are
executed.
17. Cross Stack References (Exports)
Network Stack
Outputs:
VPC
Description: reference VPC
Value: !Ref VPC
Export:
Name: ProdVPC
App Stack
Resources:
myTargetGroup:
Type: AWS::ELBV2::TargetGroup
Properties:
VpcId:
Fn::ImportValue: ProdVPC
• Allows you to share information between independent stacks.
• Export a stack’s output values. Other stacks in the same account and region
can import the exported values.
19. Considerations for Exports and Nested Stacks
Nested Stacks Cross Stack References
Recommended
uses cases
Advantages
Considerations
• Template reuse
• Use multiple templates but
manage as single stack
• Sharing common resources
• Allows for independent stacks based
on resource lifecycle or ownership.
• Convenient management.
One stack manages all
resources and nested stacks.
• Creation order and
dependencies are managed
• Separation of concern
• Share databases and VPCs
• Lets you limit blast radius with
safeguards
• Updates and rollbacks have
a wide surface area
• Reusing templates that have
custom resource names
• Replacing updates requires
changes to the importing stacks to
execute.
• Does not manage creation order
21. Let’s examine a sample application
Deconstruct the application into the necessary AWS resources
Create CloudFormation templates based your management needs
Model your continuous delivery pipeline
Continuously deliver infrastrucure changes as you iterate on your architecture
Use CloudFormation to model, provision, and manage changes to your pipeline
22. Microservices Application Based on Amazon
ECS
Two interconnecting microservices deployed as ECS
services (website-service and product-service).
The application runs on a highly available ECS cluster
deployed across multiple Availability Zones with auto
scaling
Available at github.com/awslabs/ecs-refarch-cloudformation
23. Reference architecture
Public Subnet
Private Subnet
Availability Zone
Internet
Gateway
Public Subnet
Private Subnet
Availability Zone
Application
Load Balancer
NAT GatewayNAT Gateway
ECS Cluster
CloudWatch Logs (Container Logs)
ECS Host ECS Host ECS Host ECS HostAuto Scaling Group
github.com/awslabs/ecs-refarch-cloudformation
24. Decompose into AWS resource types
NAT
Gateway
Elastic IP
Default
Public Route
Public Subnet 1Private Subnet 1
Default
Private
Route
Private
Route
Table
NAT
Gateway
Elastic IP
Public Subnet 2Private Subnet 2
Default
Private
Route
Private
Route
Table
AvailabilityZone1AvailabilityZone2
VPC
Internet
Gateway
Public
Route Table
Load Balancer
Security Group
ECS Host
Security Group
Application
Load Balancer
Load Balancer
Listener
Load Balancer
Default TargetGroup
ECS Cluster
Auto Scaling
Group
Auto Scaling
Launch Configuration
ECS (IAM) Role
IAM
Instance Profile
ECS Service
ECS Task Definition
CloudWatch
Log Group
TargetGroup
Listener Rule
Service Role
ECS Service
ECS Task Definition
CloudWatch
Log Group
TargetGroup
Listener Rule
Service Role
Network Security
Load
Balancing
Front End
Service
ECS
Cluster
Back End
Service
25. Build CloudFormation templates based on this
logical grouping
Template Description
Network
VPC, Availability Zones, subnets, routing, NAT and
internet gateways
Security groups Security groups for the application
Load balancers ALBs that are deployed to the public subnets
ECS cluster ECS cluster deployed to private subnets
Back end service ECS service and task definition for the back end app
Front end service ECS service and task definition for the webpage
26. Set up your template to flow configuration to
each other
Network
Template
Security
Template
Load Balancing
Template
Front End svc
Template
ECS Cluster
Template
Back End Svc
Template
Outputs
Load Balancer
Listener
Load Balancer
DNS Name
ECS Cluster
Load Balancer
Security Group
ECS Host
Security Group
VPC
Public
Subnets
Private
Subnets
27. Network
Security
Load Balancing
ECS Cluster
Front End
Back End
with nested stacks
Use these templates to build your stacks
with cross-stack references
Network
Security
Load
Balancing
ECS Cluster
Front End
Back End
Parent Template Microservices
Stack
Nested
templates
Templates Individual Stacks
29. Applying continuous delivery for your
infrastructure
Continuous delivery service for fast and reliable
application and infrastructure updates
Builds, tests and deploys your code each time there is a
code change.
Built in actions for AWS CloudFormation
AWS
CodePipeline
30. How does this align with release phases?
Source Test Deploy
Source stage for
CloudFormation
templates can be
AWS CodeCommit,
S3, or GitHub
Use CloudFormation
change sets to ensure
to verify deployments
prior to execution
Create, update or
delete stacks, or
change sets.
31. Model your pipelines
Iterate more often on your application
and infrastructure code
Launch new versions in dev and
promote to prod
Manage your network resources
separately per its own cadence.
Maintain separate, mirror sandbox, and
production network environments.
Production
VPC, Security Groups,
Load Balancing
Sandbox
VPC, Security Groups,
Load Balancing
Production
ECS Cluster, Application
Front & Back Ends
Dev
ECS Cluster, Application
Front & Back Ends
Application PipelineNetwork Resources Pipeline
32. Create and manage your pipeline using
CloudFormation
Pipeline artifact store
S3 bucket
Pipeline notifications
SNS email notifications
Pipeline IAM roles
CloudFormation template to set up your pipeline
Could be provisioned
in a separate stack
with IAM resources –
with cross-stack refs
33. Create and manage your pipeline using
CloudFormation
Choose ‘deploy’ action with CloudFormation
as the provider
CloudFormation has enabled several action modes
– REPLACE_ON_FAILURE creates a new stack if one
doesn’t exist, updates it if it does, or replaces it if
its in a failed state
You can use template configuration files or
specify parameter overrides within the template
that defines your pipeline
Stage
Action
Action
config
Name of your CloudFormation template
34. Pipeline for network resources
Source repo
Networking resources for
sandbox/dev environments
Individual stacks. Ordered to
account for dependencies.
Change sets to preview changes to prod
Manual approval before you
changes are applied to prod
Apply changes to Prod
1
2
3
4
5
35. Pipeline for your application
Pipeline triggered as soon as new
versions are posted
Run your tests and clean up
your dev environment when
done, so you aren’t charged
for the instances you don’t
use.
Review to ensure resource modification
or replacement is what you expect
Continuously deliver changes to Prod
1
2
3
4
38. FIN, ACK
We’ve seen how to compose and continuously deliver your
infrastructure as code on our software release process:
• Different ways to decompose your infrastructure into
templates and stacks
• Create and provision your continuous delivery pipeline
for your infrastructure
• Deliver changes to your environments with speed and
quality.
39. re:Invent 2016 sessions on Continuous Delivery:
• DEV201 - DevOps on AWS: Accelerating Software Delivery with the AWS Developer
Tools
• CON302 - Development Workflow with Docker and Amazon ECS
• DEV403 - DevOps on AWS: Advanced Continuous Delivery Techniques
Resources to learn more:
• Continuous delivery: https://aws.amazon.com/devops/continuous-delivery/
• Continuous delivery for CloudFormation stacks -
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/continuous-
delivery-codepipeline.html
• CodePipeline - https://aws.amazon.com/documentation/codepipeline/
But wait, there’s more!
And together we will take next one hour to focus more on “how” and less on “what”.
We will show you how to architect your infrastructure using AWS CloudFormation. Then, we will see how to setup up a continuous delivery workflow using CloudFormation and AWS CodePipeline, and finally we will see how to use this workflow to update a CloudFormation stack and continuously deliver changes to this stack. Also, we will follow up with a demo.
But before doing all this, we will take a look at software release processes.
If you have any questions, we are happy to answer them after our session. After the session, Dominic and I will hang around a bit off stage. So, please come and find us. You can also visit our AWS management tools booth if you want to interact with us further.
https://www.flickr.com/photos/jurvetson/5201796697/
- Let’s take a step back and see all the phases involved in the software release process.
I want to take a moment to talk about different release processes.
Each team’s release process takes a different shape to accommodate the needs of each team.
Nearly all release processes can be simplified down to four stages – source, build, test and production. Each phase of the process provides increase confidence that the code being made available to customers will work in the way that was intended.
During the source phase, developers check changes into a source code repository. Many teams require peer feedback on code changes before shipping code into production. Some teams use code reviews to provide peer feedback on the quality of code change. Others use pair programming as a way to provide real time peer feedback.
During the Build phase an application’s source code is built and the quality of the code is tested on the build machine. The most common type of quality check are automated tests that do not require a server in order to execute and can be initiated from a test harness. Some teams extend their quality tests to include code metrics and style checks. There is an opportunity for automation any time a human is needed to make a decision on the code.
The goal of the test phase is to perform tests that cannot be done on during the build phase and require the software to be deployed to a production like stages. Often these tests include testing integration with other live systems, load testing, UI testing and penetration testing. At Amazon we have many different pre-production stages we deploy to. A common pattern is for engineers to deploy builds to a personal development stage where an engineer can poke and prod their software running in a mini prod like stage to check that their automated tests are working correctly. Teams deploy to pre-production stages where their application interacts with other systems to ensure that the newly changed software work in an integrated environment.
Finally code gets deployed to production. Different teams have different deployment strategies though we all share a goal of reducing risk when deploying new changes and minimizing the impact if a bad change does get out to production.
Each of these steps can be automated without the entire release process being automated. There are several levels of release automation that I’ll step through.
Continuous Integration
Continuous Integration is the practice of checking in your code to the continuously and verifying each change with an automated build and test process. Over the past 10 years Continuous Integration has gained popularity in the software community. In the past developers were working in isolation for an extended period of time and only attempting to merge their changes into the mainline of their code once their feature was completed. Batching up changes to merge back into the mainline made not only merging the business logic hard, but it also made merging the test logic difficult. Continuous Integration practices have made teams more productive and allowed them to develop new features faster. Continuous Integration requires teams to write automated tests which, as we learned, improve the quality of the software being released and reduce the time it takes to validate that the new version of the software is good.
There are different definitions of Continuous Integration, but the one we hear from our customers is that CI stops at the build stage, so I’m going to use that definition.
Continuous Delivery
Continuous Delivery extends Continuous Integration to include testing out to production-like stages and running verification testing against those deployments. Continuous Delivery may extend all the way to a production deployment, but they have some form of manual intervention between a code check-in and when that code is available for customers to use.
Continuous Delivery is a big step forward over Continuous Integration allowing teams to be gain a greater level of certainty that their software will work in production.
Continuous Deployment
Continuous Deployment extends continuous delivery and is the automated release of software to customers from check in through to production without human intervention. Many of the teams at Amazon have reached a state of continuous deployment. Continuous Deployment reduces the time for your customers to get value from the code your team has just written, with the team getting faster feedback on the changes you’ve made. This fast customer feedback loop allow you to iterate quickly, allowing you to deliver more valuable software to your customers, quicker.
Continuous Integration
Continuous Integration is the practice of checking in your code to the continuously and verifying each change with an automated build and test process. Over the past 10 years Continuous Integration has gained popularity in the software community. In the past developers were working in isolation for an extended period of time and only attempting to merge their changes into the mainline of their code once their feature was completed. Batching up changes to merge back into the mainline made not only merging the business logic hard, but it also made merging the test logic difficult. Continuous Integration practices have made teams more productive and allowed them to develop new features faster. Continuous Integration requires teams to write automated tests which, as we learned, improve the quality of the software being released and reduce the time it takes to validate that the new version of the software is good.
There are different definitions of Continuous Integration, but the one we hear from our customers is that CI stops at the build stage, so I’m going to use that definition.
Continuous Delivery
Continuous Delivery extends Continuous Integration to include testing out to production-like stages and running verification testing against those deployments. Continuous Delivery may extend all the way to a production deployment, but they have some form of manual intervention between a code check-in and when that code is available for customers to use.
Continuous Delivery is a big step forward over Continuous Integration allowing teams to be gain a greater level of certainty that their software will work in production.
Continuous Deployment
Continuous Deployment extends continuous delivery and is the automated release of software to customers from check in through to production without human intervention. Many of the teams at Amazon have reached a state of continuous deployment. Continuous Deployment reduces the time for your customers to get value from the code your team has just written, with the team getting faster feedback on the changes you’ve made. This fast customer feedback loop allow you to iterate quickly, allowing you to deliver more valuable software to your customers, quicker.
So what about tools that can help us implement continuous delivery for creating and updating infrastructure.
Let’s start at a high level and then we will filter down to specific AWS Services that you can make use of to implement continuous delivery for creating and updating infrastructure on AWS.
The first thing is that you have to start treating Infrastructure as code.
Then you need a tool or a service to manage the workflow that binds all the different phases that I talked about earlier.
Lastly, you should be in a position to test or preview your changes for any potential issues.
In few minutes Dominic will show you how you can use a feature to preview proposed changes before executing them.
Ok, let’s distill this further.
We have to use code and software development techniques to provision and manage infrastructure.
Once you have something in a codified format you enjoy a number of benefits:
you can version it,
you can share with your colleagues for review,
you can create and codify standards,
you can re-use it and use it to replicate environments rapidly.
And then we need a workflow. On every code commit your workflow should be able to build, test and deploy changes.
Build test and deploy Infrastructure changes.
You can use AWS CloudFormation - our Infrastructure as code service and AWS CodePipeline – our continuous delivery workflow service to achieve all this. You can use these two service together to continuously deliver fast and reliable infrastructure updates.
We’ve assumed that most of you are pretty familiar with CloudFormation, but lets start off with a quick overview of the basics
CloudFormation is an Infrastructure as code service by AWS. It helps you model and set up your AWS resources.
You use declarative ways to describe all the AWS resources that you need in a template and CloudFormation takes care of provisioning and configuring those resources for you. CloudFormation figures out all the dependencies and execution order, provisions and configures all your resources.
You can update your templates and version control them as you make incremental changes to your infrastructure.
CloudFormation integrates with popular CI/CD and management tools including AWS CodePipleine.
Here are some of the key features that we've added this year:
We’ve added the capability to author templates in YAML. YAML provides for concise, readable templates that you can comment. You can also use new shorthands for functions and a new Sub function to substitute variables in an string.
Change sets provides you with a preview of the actions CloudFormation will take on your behalf when you create or update a stack
Cross Stack references lets use output values from another stack that are given an export name
You can now build continuous delivery workflows for CloudFormation stacks using CodePipeline. AWS CodePipeline has built-in integration with AWS CloudFormation, so you can specify AWS CloudFormation-specific actions, such as creating, updating, or deleting a stack and Change Sets, within a pipeline
We launched newer abstractions for serverless architectures. CloudFormation now supports the AWS Serverless Application Model with special resource types that simplify expression of Lambda functions, APIs, mappings and IAM resources to create Serverless applications. It’s little bit our of scope for this session, but please meet us after the session if you need more details on this.
Based on customer feedback we launched support for YAML ver 1.1
YAML is more concise and readable with a lot less punctuation.
YAML allows you to add comment blocks to your templates.
YAML supports all the functionality that is available with JSON.
1. We have not only added the YAML support but we have enhanced some syntaxes to further improve the template authoring experience.
2. We have introduced short forms. Using these short forms you can express CloudFormation intrinsic functions (such as Fn::Join, Fn::FindInMap, Fn::GetAtt, Fn::GetAZs) in a more readable and concise manner in CloudFormation YAML templates.
3. Also, we have introduced a new intrinsic Function called Fn::Sub for conducting basic string interpolations within a CloudFormation template. This intrinsic function Fn::Sub substitutes variables in an input string with values that you specify.
4. Here is an arbitrary user data section in CloudFormation JSON template.
And here is how you can express the same thing in YAML using these new enhancements.
…and here’s the same user data section in YAML with a new Sub function that can substitute variables & in this case pseudo parameters in a string.
There’s another enhancement - you can use YAML tag directive and then the CloudFormation intrinsic function name as a short form.
1. Many customers asked for insight into the changes or preview the changes that CloudFormation is planning to perform when it creates or updates a stack based on whatever is present in the CloudFormation template and parameter values. Previewing the changes, can help verify if they are in line with the expectations.
2. Change sets lets you preview and approve the set of actions CloudFormation will take on your behalf when you create or update a stack.
You can view exactly what resources will get created, modified or replaced, so you can ensure only expected operations are executed.
3. What I am showing you here is a basic flow involving change sets during stack update.
Suppose you have your original stack, and you want to update it. Next step is to provide updated template and create change sets
Change Set is generated. It provides blow by blow information of what is going to be created , modified and deleted. You can review this and make sure that the changes are in line with your expectation, and if you’re happy you can go ahead and execute the changes sets to update the stack.
There was this need for making configuration values flow from one independent stack to another independent stack. You can tackle some the bits using customer resources but a native CloudFormation feature would just making things easier, standardized and improve overall experience with CloudFormation.
2. So we launched a feature called cross stack references :
Cross stack reference feature can help you do things such as share IAM roles, VPC information, and security groups across CloudFormation stacks in a standard way.
You can export values from one stack and use them in another
Let’s take a short example: In this case the Network stack is exporting its VPC with an export name of ProdVPC
The App stack is consuming this value using a new function Fn::ImportValue
Just considering this example, using this feature you can manage your network resources separately from the application resources that support your application.
Any stack within the account and region can consume the exported value
You can view your available exports using the console, API or CLI
I wanted to talk little bit about Nested stacks. Its not a new CloudFormation concepts at all . It has been there for years, but its worth recapping as this concept is later used later in this session.
The Nested stacks feature lets you create stacks using multiple templates.
You can describe nested templates within a parent template using the AWS::CloudFormation::Stack resource type and a pointer to the S3 URL where the template is located.
When you use CloudFormation to create a stack using the parent template, CloudFormation creates all the resources in the template including nested stacks with its resources that are described in the nested templates.
Nested stacks provides a way to break up and organize templates that are too large.
It allows you to separate commonly used infrastructure components into their own templates
Lets recap the use cases, advantages and considerations for Nested Stacks and Cross Stack References.
Its important to remember that these are not alternative approaches but rather tools that can be used together!
If you like to separate and re-use templates that contain descriptions of commonly used infrastructure resources, nested stacks gives you a good way to provision and manage them together as a single unit
When you use nested stacks CloudFormation manages all the dependencies and creation order including your nested templates to provisions all of your resources.
However, you do need to consider that all the resources in the stack are subject to updates and rollbacks….and if you are looking to reuse generic templates you’ll want to make sure you don’t have any custom names for resources.
Cross stack references is a great way to share common resources like networking or database resources that may need to used by several applications.
It allows you to manage stacks of resources independently. The folks that own network and security can manage those resources independent of the instances, containers or functions.
However, you do need to consider that CloudFormation will prevent you from deleting or replacing a resource that is being imported by another stack.
Nested stacks is a convenient way to deploy using a library of common/ shared templates. Cross stack references is a convenient way to share resources across stacks.
Again, its important to remember that these are not alternative approaches but rather tools that can be used together!
Consider a simple micro services based application.
Deconstruct the application into the necessary AWS resources
Create CloudFormation templates based your management needs – determine if you need to structure your resources in nested stacks for convenience or cross stack references so they may be managed independently
Use CloudFormation to model your continuous delivery pipeline as code and version control it like you would your application code
CodePipeline uses CloudFormation to continuously deliver changes you make to your infrastructure code
The sample application we’ve picked to examine is available at github at awslabs under ecs-refarch-cloudformation.
The application consists of two interconnecting microservices deployed as ECS services
The application runs on a highly available ECS cluster deployed across multiple availability zones with auto scaling
Lets look at the published reference architecture for this application.
A tiered VPC with public and private subnets, spanning an AWS region.
A highly available ECS cluster
NAT gateways (1 per Zone) to handle outbound traffic.
An Application Load Balancer (ALB) to the public subnets to handle inbound traffic.
ALB path-based routes for each ECS service to route the inbound traffic to the correct service.
Centralized container logging with Amazon CloudWatch Logs.
Lets look at the AWS resource types that are needed to support this application.
Decomposing the requisite elements by category we will need:
VPC
A pair of public and private subnets split across two zones
A pair of private route tables, default routes and associations that tie them together
A pair of NAT gateways and an EIP for each public subnet
A public route table, default route and an internet gateway
Create templates based on the logical grouping
The Network template outputs the VPC, and subnets that are consumed by all other templates
Security groups are managed and exported out of the security template.
The loadbalancer is launched in the public subnets and outputs the DNS name and Listener ARN
The ECS cluster exports the ARN of the ECS cluster
Different ways to compose infrastructure
Single stack supporting the application per region
One parent stack and several nested stacks leveraging standard templates
Multiple standalone stacks, loosely coupled together with cross stack references
Combination of nested stacks and cross stack references
For the rest of this demo lets examine using Cross Stack references within a continuous delivery workflow
Integrate your infrastructure with your Continuous Delivery framework. Lets review modeling a release pipeline for this infrastrucure.
To automate the rollout of infrastructure changes lets use CodePipeline to trigger deployments using CloudFormation
Lets look at incorporating continuous delivery for your infrastructure
AWS CodePipeline is a continuous delivery service for fast and reliable application and infrastructure updates.
CodePipeline builds, tests and deploys your code each time there is a code change, based on the release process you define.
We’ve added new built-in actions for CloudFormation that let you create, update or delete stacks and create and execute change sets
Take a common scenario for many customers. Network resources are managed by a separate team with separate policies and update needs than the resources that support applications.
Lets model an example for this pipeline with two separate VPCs
Use a CloudFormation template to setup and manage your pipeline
This particular example creates:
an S3 bucket as an artifact store for the pipeline
SNS Topic to subscribe to email notifications for approvals
The pipeline with its various stages
IAM roles that CloudFormation will use to provision resources and CodePipeline will need too call CloudFormation on your behalf. A best practice for this would be to model this in a separate