JAWS-UG CLI #33 LT - AWS Directory ServiceをLDAP Serverとして利用してみた
What makes AWS invincible? from JAWS Days 2014
-
Upload
haruka-iwao -
Category
Technology
-
view
6.012 -
download
0
description
Transcript of What makes AWS invincible? from JAWS Days 2014
What makes AWS invincible?Haruka Iwao, 2014/03/15
Before talking about AWS
About myself
Haruka Iwao (@Yuryu) DevOps Engineer
at FreakOut, Inc.
Lived in Osaka, Tsukuba, Yokohama. Now in Tokyo.
Playing FFXIV ARR
Me
Final Fantasy XIV ARR Status:Cleared the Coil Turn 5.Got my Allagan Weapon.
Kindle Publishing
Publishing Kindle books about the Linux Kernel
Search “Yuryu Linux”
About FreakOut, Inc.
Not about freaking out :p Advertisement company
Established in 2010
“Real-time Bidding”
Real-time bidding
SSPSupply-side
Platform
DSPDemand-side
Platform
DSPDemand-side
Platform
DSPDemand-side
PlatformRequest a page
Read an ad tag
Call for bids
DSP decides the best ad for the user and page
Real-time bidding (2)
SSPSupply-side
Platform
DSPDemand-side
Platform
DSPDemand-side
Platform
DSPDemand-side
Platform
Bid
Auction
Return the winning ad
Real-time bidding (3)
http://londoncreative.com/real-time-bidding-spending-to-significantly-increase/
Our motto
50ms or die. Return a response within
50ms or lose an auction automatically.
Latency matters. Literally.
How we use AWS
Our system at a glance
http://aws.amazon.com/jp/solutions/case-studies/freakout/
Mix of on-premise and AWS
On-premise in Japan AWS in North America
Starting small Scaling well No need to visit a DC
Latency matters
Latency matters
Latency is important for our service
1ms = 1/50 of processing time
Latency between servers
Freedom to build an arbitrary network
... Gives you an arbitrary latency
Longer latency in AWS
On-premise
time=0.063 ms
time=0.083 ms
time=0.077 ms
time=0.070 ms
time=0.092 ms
time=0.069 ms
time=0.077 ms
AWS, extreme case
time=1.88 ms
time=1.96 ms
time=2.60 ms
time=3.72 ms
time=2.46 ms
time=1.05 ms
time=2.37 ms
Longer latency in AWS (2)
Hard to see? Let’s make a graph...
Longer latency, illustrated
On-premise AWS0
0.5
1
1.5
2
2.5
RTT(ms)
RTT(ms)
Longer latency in AWS (3)
This is not always true Just an extreme case
This applies to intra-AZ “Option” to group servers
in near racks would be great
Placement groups
Placement groups are not enough
Only available to cluster compute instances
Guarantees bandwidth, not latency
Possible workarounds
Assume the latency Design your app accordingly Use persistent connections Put hot data on local
Still, lower latency gives “extra” room
Infrastructure as Code
The “Awesome” Console
... So awesome to make mistakes easily...
AWS is Programmable.
Thou hast SDK.
Python
Thou hast CLI.
CLI
Thou hast CloudFormation.
AWS CloudFormation
SDK + CLI + CloudFormation You can “code” your
infrastructure Infrastructure becomes
“reproducible” and “reusable”
Always use CLI
Always use CLI to make changes “Review” the commands Less chance of “oops”
But...
CLI is hard to understand!
VS
aws ec2 run-instances --image-id ami-xxxxxxxx --count 1 --instance-type t1.micro --key-name MyKeyPair --security-group-ids sg-xxxxxxxx --subnet-id subnet-xxxxxxxx
Easy enough?
No way...
Record & Play
“Record” instructions on the Web Console
“Playback” them using CLI In other words...
Converted to
aws ec2 run-instances --image-id ami-xxxxxxxx --count 1 --instance-type t1.micro --key-name MyKeyPair --security-group-ids sg-xxxxxxxx --subnet-id subnet-xxxxxxxx
With “playback”
You could review changes beforehand
You could record changes and reuse them
Easier than writing CLI commands by hand
A very famous quote about “code”
All your code are belong to test
Testing is Important
Every program has bugs “Infrastructure as Code” is
no exception
How do you test?How do you
test?
Bugs can be fatal
A bug can destroy your whole system
What if you accidentally Terminate an instance Set a wrong route table Delete RR from Route53
“Sandbox” for testing
VPC is (sometimes) not enough
Test 100% bootstrap in a safe environment Register IAM accounts Add Route53 zones Set up S3 buckets, etc…
Framework for testing
Test-kitchen to test your Chef cookbooks
Serverspec to test your server setups
How do you verify your changes to AWS?
Possible workarounds
Use a separate account Maybe we need more
environments in the future? Costs money
CloudFormer converts environments to configuration
Scenario #1
You add a new rule to your security group aws ec2 authorize-security-
…
You want to make sure a port is open or closed between particular hosts How?
Workaround #1
Create a new VPC Apply the new rule Launch two instances Check connectivity
Scenario #2
You set up Route53 Health Checks
Now you want to test if it actually fails-over How?
Workaround #2
Set up two ELBs / instances Stop instances registered
to one ELB Query to R53 until it fails-
over
Need a solution!
A “common language” to verify AWS configuration
Want to run tests cheaper, quicker and safer
Even the requirements are not yet clear…
In the end of the presentation…
What makes AWS invincible? Lower latency
Giving options or hints to EC2
“Playback” feature Generate CLI commands
using simple UI
Testing methodology
Thank you!