Increase Speed and Agility with Amazon Web Services

1. ©2015, Amazon Web Services, Inc. or its affiliates. All rights reserved Increase speed and agility with Amazon Web Services Andreas Chatzakis, AWS Solutions Architect @achatzakis 1st Athens DevOps meetup – 29 October 2015

2. Why are you here? • Mature organization that wants to innovate fast • Startup that wants to scale its team • Learnings from Amazon & other AWS customers • Services for management & deployment

3. AWS 101

4. Utility computing On demand Pay as you go Uniform Available

5. Compute Storage Security Scaling Database Networking Monitoring Messaging Workflow DNS Load Balancing BackupCDN On demand Pay as you go Uniform Available Utility computing

6. AWS Worldwide Network Backbone

7. Example AWS Region AZ AZ AZ AZ AZ Transit Transit

8. Multi-AZ architecture for High Availability Availability Zone a RDS DB instance Availability Zone b www.example.com Amazon Route 53 DNS service Elastic Load Balancing Web server Web server RDS DB standby

9. Startup Customers Meerkat

10. Provisioning for peak traffic 76% waste 24% Provisioned capacity November

11. Enterprise Customers

12. LOWER COSTS THAN ON-PREMISES On-Premises Traditional Data Centre On-Premises Virtualised Data Centre AWS CAPEX CAPEX OPEX OPEX OPEX Cost savings from running internal IT more efficiently Cost savings from moving to a cloud provider AWS Scale • Multiple new data centres built each year • Volume purchasing, highly automated supply chain optimisation Utilisation fundamentally higher in the AWS Cloud • Aggregating non-correlated workloads, scale, spot market Amazon specific hardware designs • OEM acquisition of custom servers and networking equipment • Direct purchasing of memory, disk & CPU • AWS controlled hypervisor and network protocol layers

13. AWS PRICING PHILOSOPHY More AWS Usage More Infrastructure More Customers Lower Infrastructure Costs Economies of Scale Reduced Prices Ecosystem Global Footprint New Features New Services Infrastructure Innovation 50PRICE REDUCTIONS We pass the savings along to our customers in the form of low prices and continuous reductions

14. Cost is only part of the story

15. Enterprise Applications Virtual Desktop Sharing & Collaboration Platform Services Analytics Hadoop Real-time Streaming Data Data Warehouse Data Pipelines App Services Queuing & Notifications Workflow App streaming Transcoding Email Search Deployment & Management One-click web app deployment Dev/ops resource management Resource Templates Mobile Services Identity Sync Mobile Analytics Push Notifications Administration & Security Identity Management Access Control Usage Auditing Key Storage Monitoring And Logs Core Services Compute (VMs, Auto-scaling and Load Balancing) Storage (Object, Block and Archival) CDN Databases (Relational, NoSQL, Caching) Networking (VPC, DX, DNS) Infrastructure Regions Availability Zones Points of Presence

16. Speed & Focus

17. Transformation across virtually every industry Hotel Music Storage

18. Continuous Innovation Business Idea Implementation Testing Release Customer Feedback Customer

19. The Amazon DevOps story

20. Monolith development lifecycle developers releasetestbuild delivery pipelineapp

21. Service-Oriented Architecture (SOA) Single-purpose Connected through APIs Highly decoupled “Microservices”

22. Two-pizza teams Autonomy Full ownership Full accountability Aligned incentives “DevOps”

23. Missing tools developers delivery pipelineservices ???

24. Self-service Technology-agnostic Encourage best practices Single-purpose services

25. Deployment service No downtime deployments Health tracking Versioned artifacts and rollbacks

26. CodeDeploy • Scale from 1 instance to thousands • Deploy without downtime • Centralize deployment control and monitoring Staging CodeDeployv1, v2, v3 Production Dev Coordinate automated deployments, just like Amazon Application revisions Deployment groups

27. Rolling update – Deploy without downtime v1v1 v1 Load Balancer

30. Rolling update – Deploy without downtime v2v2v2 Load Balancer

32. Pipelines Continuous delivery Automated release process Faster and more reliable releases >90% of teams

33. Microservice development lifecycle developers delivery pipelinesservices releasetestbuild releasetestbuild releasetestbuild releasetestbuild releasetestbuild releasetestbuild

34. Continuous integration and deployment with AWS CodePipeline Repeatable, automated integration and deployment pipelines Workflow modeling and visualization Integrated with your existing development tools

35. Integrated with your Existing Development Tools

36. = 50 million deployments a year Thousands of teams × Microservice architecture × Continuous delivery × Multiple environments

37. 75% Reduction in outages triggered by software deployments since 2006 90% Reduction in outage minutes triggered by software deployments Business Value of Frequent Deployments ~0.001% Software deployments cause an outage

38. Deployment models

39. Server Configuration

40. Patterns of success: Zero remote access • If you are forced to log in to an instance – Agility is diminished – Specialized configuration can cause prod-test drift – Security is at risk • Every node should be disposable & automatically configured – Treat them as software variables – not pets – Embrace automation • Prerequisite: Centralized logs – CloudWatch Logs

41. • Cloud-Init • user-data starting with #! (hash-bang) will be executed as a script during first boot Combine CM tools: #!/bin/sh yum -y install httpd php chkconfig httpd on /etc/init.d/httpd start Bootstrapping Support in EC2

42. Packaging/baking AMIs • Decrease your boot time – Software packages that require painful/long setup – Standard software that must be there at startup – Any configuration items that cannot be remotely sourced or automated • Predictable & testable • AWS provides easy interfaces to create the AMI or import the AMI • Tools can automate it as part of your build process AMI Instances

43. Bake an AMI Configure dynamically Time consuming configuration (setup time) Static configurations (less change management) Bootstrapping

44. Bake an AMI Configure dynamically Continuous deployment (latest code) Environment specific (dev- test-prod) Bootstrapping

45. Blue Green Deployments

46. Blue/Green deployments at Expedia

47. Learn more about Blue Green deployments https://youtu.be/aX54mhZbN58

48. Infrastructure orchestration

49. Automation of Provisioning and Life-Cycle Mgt AWS Elastic Beanstalk AWS OpsWorks AWS CloudFormation Amazon EC2 Convenience Control

50. Elastic Beanstalk Alert Log Mon App AZ ELB http://your-app.elasticbeanstalk.com

51. Sony: Building At-Scale Services with AWS Elastic Beanstalk https://youtu.be/gA_m_4ikTgg

52. AWS OpsWorks • Configuration as code (Chef) • Orchestration • Scaling • Auto healing • Application deployments • Windows & Linux

53. Infrastructure as code

54. Describing Infrastructure with Code Developers & Operations Internal Git CI Server Pre-commit Hook Testing Environment Subnet CI Workers Dev Environment VPC Subnet DEV WEB ELBDev Stack Tier 1 Dev Stack Tier 2 Dev MySQL DB Instance DEV APP ELB VPN TUNNEL VPN facing VPC Subnet Internet Gateway VPN Endpoint Dev Admin Instance NAT Instance Amazon S3 Amazon DynamoDB Amazon SQS Amazon CloudFront Amazon Route 53 This entire infrastructure stack can be constructed, configured, and deployed with code:

55. Template File Defining Stack Git Subversion Mercurial Dev Test Prod The entire application can be represented in an AWS CloudFormation template. Use the version control system of your choice to store and track changes to this template Build out multiple environments, such as for Development, Test, and Production using the template AWS Cloudformation

56. { "Description" : "Create an EC2 instance running the Amazon Linux 32 bit AMI.”, "Parameters" : { "KeyPair" : { "Description" : "The EC2 Key Pair to allow SSH access to the instance", "Type" : "String" } }, "Resources" : { "Ec2Instance" : { "Type" : "AWS::EC2::Instance", "Properties" : { "KeyName" : { "Ref" : "KeyPair" }, "ImageId" : "ami-75g0061f”, “InstanceType” : “m1.medium”} } }, "Outputs" : { "InstanceId" : { "Description" : "The InstanceId of the newly created EC2 instance", "Value" : { "Ref" : "Ec2Instance” } } } }

57. DevSecOps

58. https://youtu.be/0E90-ExySb8

59. Where to start? • Pontificate? • Checklists? • 1-pagers? 6-pagers? Documents? Page 3 of 433 Security as code

60. Config Rule • AWS managed rules • Defined by AWS • Require minimal (or no) configuration • Rules are managed by AWS • Customer managed rules • Authored by you using AWS Lambda • Rules execute in your account • You maintain the rule A rule that checks the validity of configurations recorded

61. Feedback loop

62. Cloudwatch, CloudWatch logs, VPC Flow logs

63. Amazon Elasticsearch Service Easy cluster creation and configuration management Support for ELK Security with AWS IAM Monitoring with Amazon CloudWatch Auditing with AWS CloudTrail Integration options with other AWS services (CloudWatch Logs, Amazon DynamoDB, Amazon S3, Amazon Kinesis)

64. AnalyzeStore Amazon Glacier Amazon S3 Amazon DynamoDB Amazon RDS/ Aurora Analytics on AWS AWS Data Pipeline Amazon CloudSearch Amazon EMR Amazon EC2 Amazon Redshift Amazon Machine LearningAWS Import/Export AWS Direct Connect Collect Amazon Kinesis Amazon Elasticsearch Launched AWS Database Migration New Amazon Kinesis Analytics New Amazon Kinesis Firehose New Amazon QuickSight New

65. What about microservices?

66. Challenges Complexity in Interactions Complexity in Code Base

67. Microservices and the Cloud • On Demand Resources of various sizes • Managed Services • All Services are programmable • Infrastructure as code • Built-in features – monitoring, security, logging, … – scalability, availability, …

68. Docker on AWS Amazon Linux A supported and maintained Linux image provided by Amazon Web Services Amazon EC2 Container Service Highly scalable, high performance container management service AWS Elastic Beanstalk For deploying and scaling web applications and services

69. Why Amazon EC2 Container Service Manage underlying cluster and intelligently place your containers • What instances are available? • What resources are available on those? • How do I prioritize container X vs Y • How do I spread in multiple AZs? • How do I know when container dies? • How to hook in ELB?

70. https://youtu.be/a45J6xAGUvA

72. Pattern: ECS service update • Deployment process: • Start with blue task definition referenced by an ECS service • Create a green revision of the existing task definition • Update existing ECS service to use the updated task definition • ECS will deploy the new task definition to container instances in a rolling fashion

77. Service Discovery Web Tier API Tier Where is the API service? Is the API service healthy?

78. Hard coded address (bad) Web Tier API Tier 10.0.1.60 • Doesn’t scale with services/nodes • Not resilient to failures • Localized visibility/auditability • Manual locality of services

79. Discovery via Route 53 Private Hosted Zones Amazon Route 53 Private hosted zone service1 CNAME elb1.xyz Service2 CNAME elb2.xyz Service3 CNAME elb3.xyz Route 53 Health Checks

80. Use a Dynamic Service Registry • Avoids the DNS TTL issue • More than service registry & discovery – Configuration management – Health checks • Plenty of options – ZooKeeper (Apache) – Eureka (Netflix) – Consul (HashiCorp) – SmartStack (Airbnb) – Weave (Weaveworks)

81. ELB based service discovery Web Tier API Tier API Tier API Tier • Easy – supported by ECS • Health checks • Fixed hostname

82. Empire – PaaS on top of ECS https://youtu.be/8zbbQkszP04

83. More Dev – Less Ops Serverless Computing

84. No server is easier to manage than "no server”. Werner Vogels, Amazon CTO

85. AWS Lambda Serverless, event-driven compute service Lambda = microservice without servers

86. AWS Lambda – Benefits EVENT-DRIVEN SCALESERVERLESS SUBSECOND BILLING

87. Introducing the AWS API Gateway Internet Mobile Apps Websites Services API Gateway AWS Lambda functions AWS API Gateway Cache Endpoints on Amazon EC2 / Amazon Elastic Beanstalk Any other publicly accessible endpoint Amazon CloudWatch Monitoring

88. Summary

89. CI/CD Stack on AWS 95 MonitorProvisionDeployTestBuildCode AWS Elastic Beanstalk CloudWatchCloudFormationCodeDeploy CodeCommit CodePipeline AWS Opsworks AWS Elastic Container Service

90. Athens

Increase Speed and Agility with Amazon Web Services

Amazon Web Services

Increase Speed and Agility with Amazon Web Services

A particular slide catching your eye?