Graduate Program KB

Deploying and Managing Infrastructure at Scale

  • CloudFormation is a declarative way of outlining your AWS Infrastructure for any resources

    • Ex. within a CloudFormation template, you may want:
      • A security group
      • Two EC2 instances using this security group
      • An S3 bucket
      • A load balancer (ELB) in front of these machines
    • Based on the details provided, CloudFormation creates it for you in the right order and exact configuration

  • Benefits:

    • Infrastructure as code
      • No resources are manually created
      • Changes to the infrastructure are reviewed through code
    • Cost
      • Each resources within the stack is tagged with an identifier, allowing you to easily view how much a stack costs
      • You can estimate the costs of your resources using the CloudFormation template
      • A savings strategy is during development, you can automate deletion of templates at 5 PM and re-create them at 8 AM safely
    • Productivity
      • Ability to destroy and re-create an infrastructure on the cloud instantly
      • Automated generation of diagrams for your templates
      • Declarative programming (don't need to figure out ordering and orchestration)
    • Don't re-invent the wheel
      • Leverage existing templates on the web
      • Leverage the documentation
    • Supports almost all AWS resources
      • All resources in the Cloud Practitioner course is supported
      • Can use "custom resources" for resources that are not supported

  • Example of CloudFormation template in YAML

    Resources:
    MyInstance:
        Type: AWS::EC2::Instance
        Properties:
            AvailabilityZone: ap-south-1a
            ImageId: ami-a4c7edb2
            InstanceType: t2.micro

AWS Cloud Development Kit (CDK)

  • Define cloud infrastructure using a programming language

    • JavaScript / TypeScript, Python, Java, .NET

  • Code is "compiled" into a CloudFormation template (JSON / YAML)

  • Can deploy infrastructure and application runtime code together

    • Good for Lambda functions and Docker containers in ECS / EKS

  • Developer problems in AWS

    • Managing infrastructure
    • Deploying code
    • Configuring all databases, load balancers, etc.
    • Concerns with scaling

Elastic Beanstalk

  • Elastic Beanstalk is Platform as a Service (PaaS) and is a developer centric view of deploying an application on AWS

    • Uses all components / services in previous sections
    • Provides a single view that's easy to understand and configure
    • Free service but pay for underlying instances
    • It's a managed service
      • Instance configuration / OS
      • Deployment strategy is configurable but performed by Elastic Beanstalk
      • Capacity provisioning
      • Load balancing and auto-scaling
      • Application health monitoring and responsiveness
    • The user's responsibility is the application code

  • Three architecture models:

    • Single instance deployment (good for development)
    • LB + ASG (good for production or pre-production web applications)
    • ASG only (good for non-web applications in production)

  • Supporting platforms:

    • Go, Java SE, Java with Tomcat, Node.js, PHP, Python, Ruby, Packer Builder, .NET on Windows Server with IIS
    • Single Container Docker, Multi-Container Docker, Preconfigured Docker

  • Health monitoring

    • Metrics are pushed to CloudWatch
    • App health is checked and health events are published

AWS CodeDeploy

  • A hybrid service that deploys applications automatically
    • Servers / Instances must be provisioned and configured ahead of time with the CodeDeploy Agent
  • Works with EC2 Instances, On-Premises Servers

AWS CodeCommit

  • A managed source control service for storing code in a repository using Git technology
    • Basically the GitHub of AWS
  • Easy to collaborate with others
  • Code changes are automatically versioned
  • Benefits:
    • Fully managed
    • Scalable & highly available
    • Private, secured and integrated with AWS

AWS CodeBuild

  • A code building service in the cloud for compiling source code, running tests and producing packages that are ready to be deployed
  • Benefits:
    • Fully managed
    • Continuously scalable & highly available
    • Secure
    • Pay as you go for build time

AWS CodePipeline

  • A service for orchestrating the different steps to have code automatically pushed to production

    • Code --> Build --> Test --> Provision --> Deploy
    • Ex. CodeCommit --> CodeBuild --> CodeDeploy --> Elastic Beanstalk
    • Basis for Continuous Integration & Continuous Delivery (CICD)

  • Benefits:

    • Fully managed
    • Compatible with CodeCommit, CodeBuild, CodeDeploy, Elastic Beanstalk, CloudFormation, GitHub, custom plugins and other 3rd-party services
    • Fast delivery & rapid updates

AWS CodeArtifact

  • A secure, scalable and cost-effective artifact management service for software development
  • Artifact management is the concept of storing and retrieving dependencies
    • Code dependencies are software packages that depend on other packages to be built
  • Works with common dependency management tools
    • Maven, Gradle, npm, yarn, twine, pip, NuGet
  • Developers and CodeBuild can retrieve dependencies straight from CodeArtifact

AWS CodeStar

  • A service to easily manage software development activities in one place by providing a unified UI
  • A quick way to get started setting up CodeCommit, CodePipeline, CodeBuild, CodeDeploy, Elastic Beanstalk, EC2, etc.
  • Can edit the code in the cloud using AWS Cloud9

AWS Cloud9

  • A cloud IDE (Integrated Development Environment) for writing, running and debugging code
  • Cloud IDEs are used within a web browser, allowing you to work on projects from anywhere with internet without setup
    • Normal IDEs such as VSCode and IntelliJ are downloaded and used on a computer
  • Allows for code collaboration in real-time (pair programming)

AWS Systems Manager (SSM)

  • A hybrid service which helps you manage your EC2 and On-Premises systems at scale

  • Provides operational insights about your infrastructure state

  • Consists of a suite of 10+ products

  • Features:

    • Patching automation for enhanced compliance
    • Run commands across many servers
    • Store parameter configuration with SSM Parameter Store

  • Works for Linux, Windows, MacOS and Raspberry Pi OS (Raspbian)

  • How SSM works

    • Install SSM agent onto the systems we control
      • By default, installed on Amazon Linux AMI and some Ubuntu AMIs
    • If an instance can't be controlled with SSM, most likely an issue with the agent
    • The SSM agent enables us to run commands, patch and configure the servers

  • SSM Session Manager

    • Allows you to start a secure shell on your EC2 and On-Premises servers
    • No SSH access, bastion hosts or SSH keys needed
    • Don't need port 22
    • Supports Linux, macOS and Windows
    • Session log data is sent to S3 or CloudWatch Logs

  • Systems Manager Parameter Store

    • Secure storage for:
      • Configurations, API keys, passwords, etc.
    • Benefits:
      • Serverless
      • Scalable
      • Durable
      • Easy to use SDK
    • Control access permissions using IAM
    • Optionally, you can use version tracking & encryption