Deployment & Instance Management

Question 1

Elastic Beanstalk Billing

Answer 1

Free itself, pay for underlying instances

Question 2

Elastic Beanstalk Managed Services

Answer 2

• Instance/OS configuration (EC2, Elastic IP, RDS master)

- Configurable deployment strategy

Question 3

Elastic Beanstalk Architecture Models

Answer 3

• Single Instance - Dev
• LB + ASG + Standby RDS - Prod/Staging, multi AZ
• SQS + ASG - Prod, non-web, workers etc

Question 4

Elastic Beanstalk Worker Setup

Answer 4

• Long to complete, decoupling app into two tiers
• Can be called from web-app tier through SQS
• Can define periodic tasks into cron.yaml

Question 5

Elastic Beanstalk Blue/Green

Answer 5

• Using Route53 weighted routing

- Swap urls (DNS swap), when test v2 is done

Question 6

OpsWorks

Answer 6

• Chef & Puppet based on-prem, helps migrate to cloud
• Linux/Windows
• Open source, cross-cloud
• Cannot manage ASG

Question 7

OpsWorks Layers

Answer 7

Stack contains Layers

• ELB (ex ALB)
• Application Server (EC2) needs cookbook and app repository access
• Database (RDS)

Question 8

AWS CodeDeploy

Answer 8

- Managed Service
Using CodeDeploy Agent:
- EC2
- ASG
- ECS
- Lambda

Question 9

AWS CodeDeploy EC2

Answer 9

• appspec.yml + deployment strategy
• in place updates
• hooks for verification after each deploy phase
• Example -> half n half

Question 10

AWS CodeDeploy Lambda

Answer 10

• Traffic shifting feature
• Pre and Post traffic hooks (lambda functions) to validate deployment (before traffic shift starts and after it ends)
• Easy & automated rollback using CW Alarms
• SAM framework natively uses CodeDeploy

Question 11

AWS CodeDeploy ECS

Answer 11

• Facilitates Blue/Green in ECS
• Setup is within ECS service definition
• Creates new task set, traffic shifting
• If stable for x minutes, old task set terminated

Question 12

CloudFormation (IaC) & ASG

Answer 12

• CF manages ASG only, not underlying EC2
• Can define “success conditions”, for launch of EC2 via CreationPolicy
• Can define “update strategies” for update of EC2 via UpdatePolicy

Question 13

CloudFormation - Retaining Data on Deletes

Answer 13

• Attach DeletePolicy to resource to control CF del action
• Retain - preserve/backup (works on nested stack)
• Snapshot
• Delete - default for most except (RDS DB cluster which is Snapshot)
• To delete S3 bucket, remove contents first

Question 14

CloudFormation and IAM

Answer 14

• Uses IAM principal permissions
• Or can assign IAM role to the stack
• To create IAM resources, need to explicitly provide capability to CF, CAPABILITY_IAM or CAPABILITY_NAMED_IAM

Question 15

CloudFormation Custom Resources using Lambda

Answer 15

• Not yet supported in CF new aws service
• Empty content of S3 bucket
• On-prem resource
• Fetch AMI id, etc…

Question 16

CloudFormation Cross Stack

Answer 16

• Use Outputs Export and Fn::ImportValue

- example VPC id from CF stack needed to be referenced in other stacks, e.g. EC2

Question 17

CloudFormation Nested Stack

Answer 17

• Module, to be re-used by other parent stacks

Question 18

CloudFormation - CloudFormer

Answer 18

• Create CF template from existing AWS resources

Question 19

CloudFormation - ChangeSet

Answer 19

• Generate & Preview CF changes before the get applied

Question 20

CloudFormation - StackSet

Answer 20

• Deploy a CF stack across multiple accounts and region

Question 21

CloudFormation - Stack Policies

Answer 21

Prevent accidental deletes/updates to stack resources

Question 22

Service Catalog

Answer 22

• Controlled env where users can deploy pre-authorised (by admins) service catalog products
• Service Catalog is set of CF templates that users can use based on their IAM permissions
• CF templates ensure resources are standardized, consistent, compliant
• Teams are aligned with Product Portfolios for IAM permissions
• Integration with self-service portals, eg ServiceNow

Question 23

AWS SAM (Serverless Application Model)

Answer 23

• Framework for developing and deploying serverless applications
• Configuration is in YAML
• • Lambda (AWS::Serverless::Function)
• • DDB (AWS::Serverless::SimpleTable)
• • API Gateway (AWS::Serverless:API)
• • Cognito User Pools

Question 24

AWS SAM Features

Answer 24

• Can help run Lambda, API Gateway, DDB locally
• Uses CodeDeploy for Lambda (traffic shifting)
• Leverages CloudFormation in the backend

Question 25

Deployment Options

Answer 25

• EC2 + User Data bootstrap
• Pre-built AMI + User Data
• ASG with launch template of pre-built AMI
• CodeDeploy - application deployments
• Elastic Beanstalk, great for migration from on-prem
• • In-place all at once
• • Rolling upgrades (with or without additional instances)
• • Immutable upgrades(new instances)
• • Blue/Green
• OpsWorks
• SAM - leverage CF + CodeDeploy

Question 26

AWS SSM

Answer 26

• Helps manage EC2 fleet or On-premise systems
• Free
• Linux and Windows
• Easily detect problems or check inventory across fleets
• Patching automation for enhanced compliance
• Automation of Actions (Shut Down, create AMIs)
• Integrates with CW metrics/dashboard, AWS Config

Question 27

AWS SSM How it works

Answer 27

• SSM Service + SSM agents on controlled systems
• SSM Agent installed by default on Linux AMIs & some Ubuntu AMIs
• Make sure EC2 has IAM role to allow SSM actions

Question 28

AWS SSM Run Command

Answer 28

• Script or command
• Run across resource groups (bundled instances)
• Rate Control and Error Control
• Integrated with IAM and CT
• NO need for SSH
• Results in console

Question 29

AWS SSM Patch Manager Patch Types

Answer 29

• Linux
• • AWS-{OS}DefaultPatchBaseline
• Windows
• • AWS-DefaultPatchBaseline: Critical & Security Updates
• • AWS-WindowsPredefinedPatchBaseline-OS
• • AWS-WindowsPredefinedPatchBaseline-Applications
• Custom

Question 30

AWS SSM Patch Manager Steps

Answer 30

• Define Patch Baseline
• Define Patch Groups (dev, test ) using tag Patch Group
• Define Maintenance Window
• • Schedule, duration, patch groups and registered tasks
• • Add AWS-RunPatchBaseline Run Command as part of Maintenance Window registered tasks
• Rate Control
• Monitor Patch Compliance using SSM Inventory