How to quickly deploy and monitor applications and ...

© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

How to quickly deploy and monitor applications and infrastructure on AWS


AgendaBuilding CI/CD Pipelines with AWS CloudFormation – Luis Colon• CloudFormation 101• Pipeline building blocks• Tool examples• Best practices

Deploying and Monitoring applications and infrastructure on AWS - Sagar Khasnis• AWS Marketplace deployment options• Building your DevOps pipeline with AWS Marketplace• Using New Relic in AWS environment • Customer case studies (New Relic, Kong, Armory)


Luis Colon Senior Developer AdvocateAWS CloudFormation@luiscolon1


IntroductionAWS Cloud

VPC

Availability Zone 1 Availability Zone 2

10.0.0.0/16

Auto Scaling group

Auto Scaling group

Amazon EC2 Auto Scaling

NAT Gateway

Instance

NAT Gateway

Instance

Instance Instance

Resources are the building blocks of cloud applications


Resources

Options to manage resource lifecycle (creation, updates, deletion)

AWS Management Console

AWS Command Line Interface

AWS Tools & Software Development Kits

AWS CloudFormation


AWS CloudFormation: Infrastructure as Code

Supports dependencies, rollbacks, stabilization, drift detection, change sets, imports, and more

1 2 3 4Code your template

Upload, test, and review changes

Deployment creates stacks

Manage stacks and stack sets


Balancing Agility and Discipline

• Automation• Brings agility, making changes and deployments

predictable and auditable• Enables scaling when managing dozens or hundreds of

resources and apps• Guardrails

• Preventive and ongoing checks bring discipline• Coding best practices• Company standards and policies

• Test!


Testing Infrastructure

“As a general rule, we want to be writing less code in the serverless world. It's quite possible to write a useful service in AWS using mostly configuration. For example, you can build a CRUD API using API Gateway and DynamoDB alone - no Lambda functions in the middle required.

The more serverless you get, the less code you can usefully unit test, and the more you have to rely on tests of yourdeployed infrastructure.”

Forrest BrazealCloud Architect, A Cloud Guru

AWS Serverless Community Hero@forrestbrazeal

https://aws.amazon.com/blogs/compute/using-amazon-api-gateway-as-a-proxy-for-dynamodb/


Pipeline building blocks (1/3)

• Works on smallest thing possible

• Only local code branches

• Develops and tests locally

• Explicitly defines dependencies (including those needed for testing)

• Publishes changes for review

Developer workstation

DependenciesAWS CodeCommit

Developer AWS account

Code review

Development Mid Stage(s) Production

Should be fast



DependenciesCode review Package and build


• Builds and runs unit testing

• Bundles code and run-time dependencies into a combined artifact

• Providence of dependencies is tracked

Should be thorough

Developer AWS account



Dependencies Package and build


Looking for any reason to fail

Beta• Wild west—no

impact on other environments

• Run destructive or any other testing

Gamma• Isolated, but

“prod-like”

• Run integration testing, full‘end-to-end’

Production• Start small, fan out

• Deploy in waves, give each wave time to “bake”

• Always monitor, when baking monitors usually more sensitive

Only promote on success, test failures rollback, bake failures stop


Integrating IaC controls in your pipeline

Region

AWS Cloud

Git push

TemplatesAWS

CodeCommitAWS

CodePipelineAWS

CodeBuildtaskcat AWS

CloudFormation

cfn-lintcfn-guard test stack

change set

staging

production


Shift left: lint while authoring your code

• Plugins for VisualStudio Code, Sublime, Atom, VIM

• Process multiple files at a time• Handles Conditions/Fn::If• SAM Local integration• Available on GitHub


Headless linting as a pipeline build step

• Prevents promotion if a rule evaluation fails• Great for pull requests and open source projects


• Require specific tags• Forbid creation of resources or specific configurations

• i.e. no insecure storage buckets• Require a property

• i.e. all volumes must be encrypted• Custom rules options

• Python, Ruby • New cfn-guard tool: build rules with simple,

policy-as-code language

Enforcing rules and guardrails


Taskcat: integration testing across regions

• Open Source from AWS QuickStarts• Tests templates by creating stacks in

multiple AWS regions• Catches runtime problems that

aren’t obvious• Generates a report with a pass/fail

grade for each region• Cleans up after itself


• Small changes to small components• Templates, stacks, resources• Split by how often the resource types change• Leverage change sets• Manage customizations

• Large deployments• Immutable vs upgrade in place• Blue/green and canaries• Break large fleets into waves• Instrument pipelines for observability

Best practices


Example pipeline

AWS CodeBuild

AWS CodeCommit AWS CodePipeline

AWS Cloud9

AWS Command Line Interface

AWS Toolsand SDKs

Amazon CloudWatch

AWS X-Ray

CodePipeline Template

Amazon S3

Third-partytool(s)

AWS CodeDeploy Integration

AWS Cloud

User

EC2 Developer Instance

One Box Fleet One Box Fleet

Performance

Pen-testing

One Box Fleet

One Box FleetRules enforcement

AWS Config


• Supports 530+ resource types across 110+ AWS services• New registry resource types inherit support for rollback,

changesets, event tracking, more

Customizing CloudFormation


• Supports 530+ resource types across 110+ AWS services

• New registry resource types inherit support for rollback, changesets, event tracking, and more

• APN and 3rd party contributions

CloudFormation Integrations


Sagar KhasnisPartner Solutions Architect, AWS Marketplace@90cigars


Flexible software build and deliveryAWS Marketplace deployment options

Amazon Machine Image

Meant for single instance solutions deployed directly into your VPC

Provides flexible BYOL, pay-for-what-you-use, free trials, and curated Open Source options

CloudFormation Template

Meant for clustered and high availability implementations

Combines third-party software with AWS services and a complete solution implementation including multi-instance, tie-ins to AWS Services, and high availability cluster architectures

SaaS

Software offered as a service with no resources required to manage infrastructure

API

Application Program Interface is designed to integrate directly to an application

Amazon SageMaker

Amazon Container Services

Find container products in AWS Marketplace or the Amazon Elastic Container Service (Amazon ECS) console and deploy them on Amazon ECS, Amazon Elastic Container Service for Kubernetes (Amazon EKS), and AWS Fargate

Find machine learning algorithms and models that can be deployed directly onto Amazon SageMaker


Ideas

Ideas

Ideas Plan Build ReleaseTest OperateIdeas

Build your DevOps pipeline with AWS Marketplace

Secure

Sample AWS Marketplace solution providers

Continuous delivery

Security & compliance

Continuous integration

Testing & quality management

Monitoring & observability

Incident management

Collaboration & communication

Microservices and everything-as-code

Core practices


TracesMetrics Events Logs

How are AWS customers leveraging New Relic?

AWS Personal Health

AWS CloudFormation

Amazon EC2

Amazon CloudWatch

Amazon CloudWatch


New Relic provides deep AWS integrations


New Relic supports AWS CloudFormation RegistryStep 1: Register Step 2: Use


Benefits:• DevOps cycle went from

once-a-month to once-a-week

• Real-time mission critical data at scale

• System-wide monitoring helps accelerate cloud migration

Fleet Complete achieves faster cloud migrationwith New Relic Infrastructure and Application Monitoring

Data Lakes

External service

1Billion Data

Points Collected

Daily

Connected Vehicles

External service

Listeners

Amazon EC2 Amazon EC2

Amazon EC2 Amazon EC2 Amazon EC2 Amazon EC2Amazon EC2Amazon S3

Listeners Listeners Listeners


Xero thrives with continuous deploymentUsing Armory Spinnaker

Benefits:• Improved deployment

process by eliminating manual steps and custom tooling

• Controlled cloud costs and reduce errors and time to create infrastructure

• Improved visibility into deployment process and developer productivity

VPC

K8s Cluster for Spinnaker

Application Load Balancer

Amazon Aurora

Amazon Identity and Access Manager

(IAM)

AWS Cloud owned by customer

AWSWAF (Optional)

Amazon S3

Git Repository

Prometheus

Managed Services Engineer

AWS Cloud

Customer Engineer


Microservice 1

Microservice N

Consumers

Microservices ClusterAdmins

Apps Network Load

Balancer

Kong Instance

Kong Instance

Kong Instance

AWS Services

Amazon Dynamo DB

MySQL Instance

Amazon SQS

Benefits:• Up to 65x faster

deployment with automated validations

• 450+ new digital services created in the past six months

• Dynamic infrastructure that auto-scales up and down with demand

Cargill modernizes its IT infrastructureLeveraging Kong

Amazon ESK


Why AWS Marketplace?

Flexible consumption and contract models

Quick and easy deployment

Helpful humans to support you


How can you get started?Find

A breadth of DevOps solutions:

Buy

Free trial

Pay-as-you-go

Hourly | Monthly | Annual | Multi-Year

Bring Your Own License (BYOL)

Seller Private Offers

Channel Partner Private Offers

Through flexible pricing options:

Deploy

AWS CloudFormation (Infrastructure as Code)

Software as a Service (SaaS)

Amazon Machine Image (AMI)

Amazon Elastic Container Service(ECS)

Amazon Elastic Kubernetes Service(EKS)

With multiple deployment options:


Webinar summary

New tools? Select solutions in AWS Marketplace for a curated list proven on AWS.

Current tools? Bring your own license to leverage benefits of AWS Marketplace.

Use AWS Marketplace solutions like New Relic, Kong, and Armory to quickly deploy and monitor your applications and infrastructure.

AWS CloudFormation, combined with DevOps best practices, allows you to automate and accelerate cloud application development in a diligent way


Thank you!Luis ColonSr. Dev Advocate, AWS CloudFormation@luiscolon1

Sagar KhasnisPartner Solutions Architect, AWS Marketplace@90cigars

How to quickly deploy and monitor applications and ...

Documents

Transcript of How to quickly deploy and monitor applications and ...