AWS MeetupFebruary 09, 2017

Michael Baker

Yeung Siu

Introduction

●AWS access and security

●Autoscaling

●Why cloud computing!

●Demos

●Slides to be posted

Introduction

●Yeung Siu

○DevOps engineers

○AWS Associate Solution Architect certified

●Michael Baker

○Lead Software Engineer

AWS Credentials

Identity & Access ManagementIAM

Access Keys demo

IAM User Issue

●No Active Directory domain association.

●No Web Federation

○Google, Facebook, Amazon retail

●Quarterly credential rotation

○Application down time

●Hardcode in source control

Open Source AWS

Open Source AWS

Open Source AWS

AWS knows

Rise of the Bots

1. If AWS can find your keys then guess who

else can?

2. AWS keys mining

3. Use your AWS account to do other mining

IAM Role

IAM RoleTrust Relationships

EC2 IAM Role

Cloudberry

IAM Role demo

IAM Role

●No keys embedded into code.

●No need for credential rotation.

●Access to other AWS services.

●Allow secure external 3rd party access.

●Active Directory Federation.

●Web Identity Federation.

○Facebook, Google, Amazon retail

●Cross AWS account accesses

○Control multiple AWS accounts from one central AWS account with AD.

●Can only be associated at EC2 after creation.

○As of Feb. 09 AWS update its service to allow attaching role existing machine.

○Doesn’t work outside of the AWS.

●Application Architecture implementation

Important factors

AWS Access Control Recommendations

●Use AWS Role as much as you can.

●If not AWS Role then use AWS KMS.

●Recommendation to use HashiCorp Vault.

Questions?

AutoScaling

●AWS

●Azure

Motivation

What do you get with one DevOps Engineer in a room?

Motivation

What do you get with one DevOps Engineer in a room?

Alone with a 2:00am pager saying a site is down.

Why Cloud Computing

●No hardware to purchase and refresh

●On demand model

●Easy to scale

Legacy Cloud

“The first rule of any technology used in a business is that automation applied to

an efficient operation will magnify the efficiency. The second is that automation

applied to an inefficient operation will magnify the inefficiency. ”

Bill Gates

●Do the same thing on a different platform

●Do you use your smartphone to just make phone calls?

AWS Principal

“Build for failure”

AWS Vocabulary

●EC2 (Elastic Computing Instances) = Virtual Machines

●ELB (Elastic Load Balancer) = Load Balancer

●Lambda = Serverless compute

●RDS (Relational Database Service) = MySQL, Microsoft SQL server, Oracle,

Aurora, Postgresql

●Route53 = DNS

●S3 (Simple Storage Service) = object storage

●SNS (Simple Notification Service) = Messaging

●More at https://www.expeditedssl.com/aws-in-plain-english

Traditional Application

Traditional Application

Traditional Application

Traditional Application

Traditional Application

Traditional Application

Traditional Application

Immutable, Stateless app

Immutable, Stateless app

Immutable, Stateless app

Immutable, Stateless app

Immutable, Stateless appAWS Terms

Immutable, Stateless appAWS Terms

Immutable, Stateless appAWS Terms

Immutable, Stateless appAWS Terms

AWS Regions

AWS Region vs Availability Zones (AZs)

AWS Region vs Availability Zones (AZs)

AutoscalingDetails

AutoscaleScale Policies

AutoscaleNotification

AutoscaleInstances

AutoscalingActivity History

Autoscaling Load Testing

●Bee with Machine

○https://github.com/newsapps/beeswithmachineguns

●Siege

○https://github.com/JoeDog/siege

●GOAD

○https://goad.io/

Bee With Machine Guns

Bee With Machine Guns

Bee With Machine Guns

Bee With Machine Guns

Bee With Machine Guns

Bee With Machine Guns

Bee With Machine Guns

Bee With Machine Guns

Bee Hive

Bee With Machine Guns

●Lambda Demo

Serveless style

Demo

What happened?CloudWatch Metrics

Autoscaling

●Take an instance out of the autoscaling group

●Works with Microsoft Windows Servers

○Even Windows 2008 R2 with IIS

●Bootstrap script

●Event driven

○Network

○Disk I/O

●Schedule driven

Things you can do

Autoscaling

●Treat servers as lives stocks and not pets.

○Servers are commodity and should be short lived.

●High Availability.

○Outage vs lower performance.

●Handle peak traffic.

●Cost

○One big server cost vs little servers.

●AWS Reserved instances and Spot instances cost savings.

Benefits

Autoscaling

●On Demand instance

○$0.12 per hour

●Reserved instances

○One year = $0.008 per hour ~ 33% savings

○Three year = $0.005 per hour ~ %58 savings

●Spot instances

○User puts a price and wait for market to match it

○Good message queue or worker nodes

○Can be $0.0031 per Hour

Cost Saving T2.micro

Autoscaling

●Autoscale configuration

○2 minimum

○6 maximum

●Purchase 2 reserved instances for the 2 minimum.

●Place bids for 2 spot instances.

●Use on demand instances for the last 2.

Cost Saving scenario

Autoscaling

●Websites

○REST APIs

●RabbitMQ (AMQP) message queue

●MySQL cluster

○Master/slave

●Autoscale of One

Use Cases

Autoscaling

●Application Performance Monitoring

○DataDog

○NewRelic

○SolarWind

○splunk

●Monitoring

○AlertLogic

●Logging

○ElasticSearch

○AWS X-ray

○CloudWatch

Automation Requirements

Autoscaling

●AWS Cloudformation

○JSON

○YAML

●HashiCorp Terraform

Deployment

Autoscaling

1.Create a new base Amazon Machine Image

(AMI)

○Use HashiCorp Packer.io

2.Update Autoscaling configuration to the new

AMI

3.Turn off existing EC2 instances one by one

OS Patch

AutoscalingEvolution

Autoscaling

●Elastic Beanstalk

Evolution

How To Start With AWS

●CloudGuru

○Udemy $10 course

●Monthly AWS webinars

○https://aws.amazon.com/about-aws/events/monthlywebinarseries/

●AWS Associate Solution Architect Certification study guide

○Get AWS certification

●AWS Professional Partner Service

●Daily AWS updates/releases https://aws.amazon.com/new/

●Go to AWS re:invent

●Drawing done at https://cloudcraft.co/

Related Materials

●Life without SSH

○YouTube

○Slides

●Coding Apps In Cloud to Reduce Costs up to 90%

○YouTube

○Slides

Links

●Getting Started: https://aws.amazon.com/getting-started

●General Reference: http://docs.aws.amazon.com/general/latest/gr

●Global Infrastructure: https://aws.amazon.com/about-aws/global-infrastructure/

●FAQs: https://aws.amazon.com/faqs

●Documentation: https://aws.amazon.com/documentation/

●Architecture: https://aws.amazon.com/architecture

●Whitepapers: https://aws.amazon.com/whitepapers

●Security: https://aws.amazon.com/security

●Blog: https://aws.amazon.com/blogs

●SlideShare: http://www.slideshare.net/AmazonWebServices

●Github: https://github.com/aws and https://github.com/awslabs

Happy Ever “Appter”