Deploying and Managing Infrastructure at Scale

Deploy and Manage Infrastructure at Scale

CloudFormation

  • CloudFormation is a declarative way of outline your AWS Infrastructure, for any resources (most of them are supported)
  • For example, within a CloudFormation template, you say:
    • I want a security group
    • I want two EC2 instances using this security group
    • I want an S3 bucket
    • I want a load balancer (ELB) in front of these machines
  • Then CloudFormation creates those for you, in the right order, with the exact configuration that you specify

Benefits of CloudFormation

  • Infrastructure as code
    • No resource are manually created, which is excellent for control
    • Changes to the infrastructure are reviewed through code
  • Cost
    • Each resources within the stack is tagged with an identifier so you can easily see how much a stack costs you
    • You can estimate the costs of your resources using the CloudFormation template
    • Savings strategy: In Dev, you could automation deletion of templates at 5 PM and recreated at 8 AM safely
  • Productivity
    • Ability to destroy and re-create an infrastructure on the cloud on the fly
    • Automated generation of Diagram for your templates!
    • Declarative programming (no need to figure out ordering and orchestration)
  • Don't re-invent the wheel
    • Leverage existing templates on the web!
    • Leverage the documentation
  • Supports (almost) all AWS resources:
    • Everything we'll see in this course is supported
    • You can use "custom resources" for resources that are not supported

CloudFormation + Infrastructure Composer

  • We can see all the resources
  • We can see the relations between the components


AWS Cloud Development Kit (CDK)

  • Define  your cloud infrastructure using a familiar language:
    • JavaScript/TypeScript, Python, Java and .NET
  • The code is "compiled" into a CloudFormation template (JSON/YAML)
  • You can therefore deploy infrastructure and application runtime code together
    • Great for Lambda functions
    • Great for Docker containers in ECS/EKS



Beanstalk

Example as typical web application which has 3-tier architecture

Developer problems on AWS

  • Managing infrastructure
  • Deploying Code
  • Configuring all the databases, load balancers etc.
  • Scaling concerns
  • Most web apps have the same architecture (ALB + ASG)
  • All the developers want is for their code to run!
  • Possibly, consistently across different applications and environments.

Elastic Beanstalk

  • Elastic Beanstalk is a developer centric view of deploying an application on AWS
  • It uses all the component's we've seen before: EC2, ASG, ELB, RDS etc...
  • But it's all in one view that's easy to make sense of!
  • We still have full control over the configuration
  • Beanstalk = Platform as a Service (PaaS)
  • Beanstalk is free but you pay for the underlying instances.
  • Managed service:
    • Instance configuration/OS is handled by Beanstalk
    • Deployment strategy is configurable but performed by Elastic Beanstalk
    • Capacity provisioning
    • Load balancing & auto-scaling
    • Application health-monitoring & responsiveness
  • Just the application code is the responsibility of the developer
  • Three architecture models:
    • Single instance deployment: good for dev
    • LB + ASG: great for production or pre-production web applications
    • ASG only: great for non-web apps in production (workers, etc....)
  • Support for many platforms:
    • Go
    • Java
    • Java with Tomcat
    • .Net or Windows Server with IIS
    • Node.js
    • PHP
    • Python
    • Ruby
    • Packer Builder
    • Single Container Docker
    • Multi-Container Docker
    • Preconfigured Docker

Elastic Beanstalk - Health Monitoring

  • Health agent pushes metrics to CloudWatch
  • Checks for app health, publishes health events



AWS CodeDeploy

  • We want to deploy our application automatically
  • Works with EC2 Instances
  • Works with On-Premises Servers
  • Hybrid service
  • Servers/Instances must be provisioned and configured ahead of time with the CodeDeploy Agent

CodeCommit - Important - Deprecation

  • On July 25th 2024, AWS abruptly discontinued CodeCommit
  • New customers cannot use the service
  • AWS recommends to migrate to an external Git solution 
  • For this course:
    • CodeCommit might still appear at the exam (for now)
    • Every time I mention CodeCommit, assume there's a GitHub integration
  • Before pushing the application code to servers, it needs to be stored somewhere
  • Developers usually store code in a repository, using the Git technology
  • A famous public offering is GitHub, AWS' competing product is CodeCommit
  • CodeCommit:
    • Source-control service that hosts Git-Based repositories
    • Makes it easy to collaborate with others on code
    • The code changes are automatically versioned
  • Benefits:
    • Fully managed
    • Scalable & highly available
    • Private, Secured, Integrated with AWS

AWS CodeBuild

  • Code building service in the cloud (name is obvious)
  • Compiles source code, run tests, and produces packages that are ready to be deployed (by CodeDeploy for example)
  • Benefits:
    • Fully managed, serverless
    • Continuously scalable & highly available
    • Secure
    • Pay-as-you-go pricing - only pay for the build time

AWS CodePipeline

  • Orchestrate the different steps to have the code automatically pushed to production
    • Code => Build => Test => Provision => Deploy
    • Basis of CICD (Continuous Integration & Continuous Delivery)
  • Benefits:
    • Fully managed, compatible with CodeCommit, CodeBuild, CodeDeploy, Elastic Beanstalk, CloudFormation, GitHub, 3rd-party services (GitHub...) & custom plugins...
    • Fast delivery & rapid updates

AWS CodeArtifact

  • Software packages depend on each other to be built (also called code dependencies), and new ones are created
  • Storing and retrieving these dependencies is called artifact management
  • Traditionally you need to setup your own artifact management system
  • CodeArtifact is a secure, scalable and cost-effective artifact management for software development
  • Works with common dependency management tools such as Maven, Gradle, npm, yarn, twine, pip and NuGet
  • Developers and CodeBuild can then retrieve dependencies straight from CodeArtifact

AWS Systems Manager (SSM)

  • Helps to manage your EC2 and On-Premises systems at scale
  • Another Hybrid AWS Service
  • Get operational insights about the state of your infrastructure
  • Suite of 10+ products
  • Most important features are:
    • Patching automation for enhanced compliance
    • Run commands across an entire fleet of servers
    • Store parameter configuration with the SSM Parameter Store
  • Works for Linux, Windows, MacOS, and Raspberry Pi OS (Raspbian)

How Systems Manager Works

  • We need to install the SSM agent onto the systems we control
  • Installed by default on Amazon Linux AMI & some Ubuntu AMI
  • If an instance can't be controlled with SSM, it's probably an issue with the SSM agent!
  • Thanks to the SSM agent, we can run commands, patch & configure our servers

Systems Manager - SSM Session Manager

  • Allows you to start a secure shell on your EC2 and on-premises servers
  • No SSH access, bastion hosts, or SSH keys needed
  • No port 22 needed (better security)
  • Supports Linux, macOS, and Windows
  • Send session log data to S3 or CloudWatch Logs

System Manager Parameter Store

  • Secure storage for configuration and secrets
  • API Keys, passwords, configurations...
  • Serverless, scalable, durable, easy SDK
  • Control access permissions using IAM
  • Version tracking & encryption (optional)

Deployment - Summary

  • Only AWS
    • CloudFormation:
      • Infrastructure as Code, works with almost all of AWS resources
      • Repeat across Regions & Accounts
    • Beanstalk:
      • Platform as a Service (PaaS), limited to certain programming languages or Docker
      • Deploy code consistently with a known architecture: ex - ALB + EC2 + RDS
  • Hybrid
    • CodeDeploy
      • Deploy & upgrade any application onto servers
    • System Manager
      • patch, configure and run commands at scale

Developer Services - Summary

  • CodeCommit - Store code in private git repository (version controlled)
  • CodeBuild - Build & test code in AWS
  • CodeDeploy - Deploy code onto servers
  • CodePipeline - Orchestration of pipeline (from code to build to deploy)
  • CodeArtifact - Store software packages/dependencies on AWS
  • AWS CDK - Define your cloud infrastructure using a programming language




Comments

Post a Comment

Popular posts from this blog

Machine Learning

Image
 Machine Learning Amazon Rekognition Find objects, people, text, scenes in images and videos using ML Facial analysis and facial search to do user verification, people counting Create a database of "familiar faces" or compare against celebrities Use cases: Labeling Content Moderation Text Detection Face Detection and Analysis (gender, age ranges, emotions...) Face Search and Verification Celebrity Recognition Pathing (ex: for sports game analysis) Amazon Transcribe Automatically convert speech to text Uses a deep learning process called automatic speech recognition (ASR) to convert speech to text quickly and accurately Automatically remove Personally Identifiable Information (PII) using Redaction Supports Automatic Language Identification for multi-lingual audio Use cases: transcribe customer service calls automate closed captioning and subtitling generate metadata for medis assets to create a fully searchable archive Amazon Polly Turn text into lifelike speech using deep lea...
Read more

Cloud Computing and IT

Image
Cloud Computing and IT How Website work?   Server composed of: Compute, memory, storage(file or database), network - Routers, switch, DNS server. IT terminology: Network: cables, routers and servers connected with each other. Router: A networking device that forwards data packets between computer networks. They know where to send your packets on the internet. Switch: takes a packet and send it to the correct server/client on your network. Problems: Pay rent for datacenter Pay for power, cooling and maintenance Adding and replacing hardware takes time Scaling is limited Hire 24/7 team to monitor the infrastructure Plan for taking care of disasters. eg: Earth-Quake, Power-Supply issue etc... Demand: How to externalize all above task? Solution: Cloud Cloud Computing: (on-demand/pay-as-you-go/) Cloud computing is the on-demand delivery of compute power, database storage, applications and other IT resources. Cloud services are pay-as-you-go pricing. Provision exactly the right type and ...
Read more

Cloud Monitoring

Image
 Cloud Monitoring Amazon CloudWatch Metrics CloudWatch provides metrics for every services in AWS Metric is a variable to monitor ( CPUUtilization, Networking...) Metrics have timestamps Can create CloudWatch dashboards of metrics Important Metrics EC2 instances: CPU Utilization, Status Checks, Network (not RAM) Default metrics every 5 minutes Option for Detailed Monitoring ($$$): metrics every 1 minute EBS volumes: Disk Read/Writes S3 buckets: BucketSizeBytes, NumberOfObjects, AllRequests Billing: Total Estimated Charge (only in us-east-1) Service Limits: how many you've been using a service API Custom mertics: push your own metrics Amazon CloudWatch Alarms Alarms are used to trigger notifications for any metric Alarms actions Auto Scaling: increase or decrease EC2 instances "desired" count EC2 Actions: stop, terminate, reboot or recover an EC2 instance SNS notifications: send a notification into an SNS topic Various options (sampling, %, max, min, etc...) Can choose the...
Read more