Deploying and Managing Infrastructure at Scale

Question 1

CloudFormation

Answer 1

• CloudFormation is a declarative way of outlining your AWS Infrastructure, for any resources (most of them are supported).
• For example, within a CloudFormation template, you say:
  I want a security group
  I want two EC2 instances using this security group
  I want an S3 bucket
  I want a load balancer (ELB) in front of these machines
• Then CloudFormation creates those for you, in the right order, with the exact configuration that you specify

========================================================================

• Benefits of AWS CloudFormation:
• Infrastructure as code
  No resources are manually created, which is excellent for control
  Changes to the infrastructure are reviewed through code
• Cost
  Each resources within the stack is tagged with an identifier so you can easily see how much a stack costs you
  You can estimate the costs of your resources using the CloudFormation template
  Savings strategy: In Dev, you could automation deletion of templates at 5 PM and recreated at 8 AM, safely
• Productivity
  Ability to destroy and re-create an infrastructure on the cloud on the fly
  Automated generation of Diagram for your templates!
  Declarative programming (no need to figure out ordering and orchestration)
• Don’t re-invent the wheel
  Leverage existing templates on the web!
  Leverage the documentation
• Supports (almost) all AWS resources:
  Everything we’ll see in this course is supported
  You can use “custom resources” for resources that are not supported

==========================================================================

• CloudFormation Stack Designer
• We can see all the resources
• We can see the relations between the components

Question 2

AWS Cloud Development Kit
(CDK)

Answer 2

• Define your cloud infrastructure using a familiar language: JavaScript/TypeScript, Python, Java, and .NET
• The code is “compiled” into a CloudFormation template (JSON/YAML)
• You can therefore deploy infrastructure and application runtime code together
• Great for Lambda functions
• Great for Docker containers in ECS / EKS

Question 3

Elastic Beanstalk

Answer 3

• Elastic Beanstalk is a developer centric view of deploying an application on AWS
• It uses all the component’s we’ve seen before: EC2, ASG, ELB, RDS, etc…
• We still have full control over the configuration
• Beanstalk = Platform as a Service (PaaS)
• ## Beanstalk is free but you pay for the underlying instances======================================================================
• Managed service
  Instance configuration / OS is handled by Beanstalk
  Deployment strategy is configurable but performed by Elastic Beanstalk
  Capacity provisioning
  Load balancing & auto-scaling
  Application health-monitoring & responsiveness
• Just the application code is the responsibility of the developer
• Three architecture models:
  Single Instance deployment: good for dev
  LB + ASG: great for production or pre-production web applications
  ASG only: great for non-web apps in production (workers, etc..)
  ———————————————————————————————————————————
  =========================================================================
• Support for many platforms:
  Go
  Java SE
  Java with Tomcat
  .NET on Windows Server with IIS
  Node.js
  PHP
  Python
  Ruby
  Packer Builder
• Single Container Docker
• Multi-Container Docker
• Preconfigured Docker
• If not supported, you can write your custom platform (advanced)

=======================================================================

• Health agent pushes metrics to CloudWatch
• Checks for app health, publishes health events

Question 4

AWS CodeDeploy

Answer 4

• We want to deploy our application automatically
• Works with EC2 Instances
• Works with On-Premises Servers
• Hybrid service
• Servers / Instances must be provisioned and configured ahead of time with the CodeDeploy Agent

Question 5

AWS CodeCommit

Answer 5

• Before pushing the application code to servers, it needs to be stored somewhere
• Developers usually store code in a repository, using the Git technology
• ## A famous public offering is GitHub, AWS’ competing product is CodeCommit=======================================================================
• CodeCommit:
  *Source-control service that hosts Git-based repositories
  *Makes it easy to collaborate with others on code
  *The code changes are automatically versioned
• Benefits:
  *Fully managed
  *Scalable & highly available
  *Private, Secured, Integrated with AWS

Question 6

AWS CodeBuild

Answer 6

• Code building service in the cloud (name is obvious)
• Compiles source code, run tests, and produces packages that are ready to be deployed (by CodeDeploy for example)
• Benefits:
  *Fully managed, serverless
  *Continuously scalable & highly available
  *Secure
  *Pay-as-you-go pricing – only pay for the build time

Question 7

AWS CodePipeline

Answer 7

• Orchestrate the different steps to have the code automatically pushed to production
• Code => Build => Test => Provision => Deploy
• Basis for CICD (Continuous Integration & Continuous Delivery)
• Benefits:
• Fully managed, compatible with CodeCommit, CodeBuild, CodeDeploy, Elastic Beanstalk,
  CloudFormation, GitHub, 3rd-party services (GitHub…) & custom plugins…
• Fast delivery & rapid updates

Question 8

AWS CodeArtifact

Answer 8

• Software packages depend on each other to be built (also called code dependencies), and new ones are created
• Storing and retrieving these dependencies is called artifact management
• Traditionally you need to setup your own artifact management system
• CodeArtifact is a secure, scalable, and cost-effective artifact management for software development
• Works with common dependency management tools such as Maven, Gradle, npm, yarn, twine, pip, and NuGet
• Developers and CodeBuild can then retrieve dependencies straight from CodeArtifact

Question 9

AWS CodeStar

Answer 9

• Unified UI to easily manage software development activities in one place
• “Quick way” to get started to correctly set-up CodeCommit, CodePipeline, CodeBuild, CodeDeploy, Elastic Beanstalk, EC2, etc…
• Can edit the code ”in-the-cloud” using AWS Cloud9

Question 10

AWS Systems Manager (SSM)

Answer 10

• Helps you manage your EC2 and On-Premises systems at scale
• Another Hybrid AWS service
• Get operational insights about the state of your infrastructure
• Suite of 10+ products

==================================================================
* Most important features are:
Patching automation for enhanced compliance
Run commands across an entire fleet of servers
Store parameter configuration with the SSM Parameter Store
Works for Linux, Windows, MacOS, and Raspberry Pi OS (Raspbian)

 ====================================================================

• We need to install the SSM agent onto the systems we control
• Installed by default on Amazon Linux AMI & some Ubuntu AMI
• If an instance can’t be controlled with SSM, it’s probably an issue with the SSM agent!
• Thanks to the SSM agent, we can run commands, patch & configure our servers

========================================================================

• Allows you to start a secure shell on your EC2 and on-premises servers
• No SSH access, bastion hosts, or SSH keys needed
• No port 22 needed (better security)
• Supports Linux, macOS, and Windows
• Send session log data to S3 or CloudWatch Logs

Question 11

AWS OpsWorks

Answer 11

• Chef & Puppet help you perform server configuration automatically, or repetitive actions
• They work great with EC2 & On-Premises VM
• AWS OpsWorks = Managed Chef & Puppet
• It’s an alternative to AWS SSM
• Only provision standard AWS resources: EC2 Instances, Databases, Load Balancers, EBS volumes…