© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
How to quickly deploy and monitor applications and infrastructure on AWS
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AgendaBuilding CI/CD Pipelines with AWS CloudFormation – Luis Colon• CloudFormation 101• Pipeline building blocks• Tool examples• Best practices
Deploying and Monitoring applications and infrastructure on AWS - Sagar Khasnis• AWS Marketplace deployment options• Building your DevOps pipeline with AWS Marketplace• Using New Relic in AWS environment • Customer case studies (New Relic, Kong, Armory)
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Luis Colon Senior Developer AdvocateAWS CloudFormation@luiscolon1
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
IntroductionAWS Cloud
VPC
Availability Zone 1 Availability Zone 2
10.0.0.0/16
Auto Scaling group
Auto Scaling group
Amazon EC2 Auto Scaling
NAT Gateway
Instance
NAT Gateway
Instance
Instance Instance
Resources are the building blocks of cloud applications
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Resources
Options to manage resource lifecycle (creation, updates, deletion)
AWS Management Console
AWS Command Line Interface
AWS Tools & Software Development Kits
AWS CloudFormation
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS CloudFormation: Infrastructure as Code
Supports dependencies, rollbacks, stabilization, drift detection, change sets, imports, and more
1 2 3 4Code your template
Upload, test, and review changes
Deployment creates stacks
Manage stacks and stack sets
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Balancing Agility and Discipline
• Automation• Brings agility, making changes and deployments
predictable and auditable• Enables scaling when managing dozens or hundreds of
resources and apps• Guardrails
• Preventive and ongoing checks bring discipline• Coding best practices• Company standards and policies
• Test!
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Testing Infrastructure
“As a general rule, we want to be writing less code in the serverless world. It's quite possible to write a useful service in AWS using mostly configuration. For example, you can build a CRUD API using API Gateway and DynamoDB alone - no Lambda functions in the middle required.
The more serverless you get, the less code you can usefully unit test, and the more you have to rely on tests of yourdeployed infrastructure.”
Forrest BrazealCloud Architect, A Cloud Guru
AWS Serverless Community Hero@forrestbrazeal
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Pipeline building blocks (1/3)
• Works on smallest thing possible
• Only local code branches
• Develops and tests locally
• Explicitly defines dependencies (including those needed for testing)
• Publishes changes for review
Developer workstation
DependenciesAWS CodeCommit
Developer AWS account
Code review
Development Mid Stage(s) Production
Should be fast
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Pipeline building blocks (2/3)
DependenciesCode review Package and build
Development Mid Stage(s) Production
• Builds and runs unit testing
• Bundles code and run-time dependencies into a combined artifact
• Providence of dependencies is tracked
Should be thorough
Developer AWS account
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Pipeline building blocks (3/3)
Dependencies Package and build
Development Mid Stage(s) Production
Looking for any reason to fail
Beta• Wild west—no
impact on other environments
• Run destructive or any other testing
Gamma• Isolated, but
“prod-like”
• Run integration testing, full‘end-to-end’
Production• Start small, fan out
• Deploy in waves, give each wave time to “bake”
• Always monitor, when baking monitors usually more sensitive
Only promote on success, test failures rollback, bake failures stop
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Integrating IaC controls in your pipeline
Region
AWS Cloud
Git push
TemplatesAWS
CodeCommitAWS
CodePipelineAWS
CodeBuildtaskcat AWS
CloudFormation
cfn-lintcfn-guard test stack
change set
staging
production
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Shift left: lint while authoring your code
• Plugins for VisualStudio Code, Sublime, Atom, VIM
• Process multiple files at a time• Handles Conditions/Fn::If• SAM Local integration• Available on GitHub
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Headless linting as a pipeline build step
• Prevents promotion if a rule evaluation fails• Great for pull requests and open source projects
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
• Require specific tags• Forbid creation of resources or specific configurations
• i.e. no insecure storage buckets• Require a property
• i.e. all volumes must be encrypted• Custom rules options
• Python, Ruby • New cfn-guard tool: build rules with simple,
policy-as-code language
Enforcing rules and guardrails
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Taskcat: integration testing across regions
• Open Source from AWS QuickStarts• Tests templates by creating stacks in
multiple AWS regions• Catches runtime problems that
aren’t obvious• Generates a report with a pass/fail
grade for each region• Cleans up after itself
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
• Small changes to small components• Templates, stacks, resources• Split by how often the resource types change• Leverage change sets• Manage customizations
• Large deployments• Immutable vs upgrade in place• Blue/green and canaries• Break large fleets into waves• Instrument pipelines for observability
Best practices
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Example pipeline
AWS CodeBuild
AWS CodeCommit AWS CodePipeline
AWS Cloud9
AWS Command Line Interface
AWS Toolsand SDKs
Amazon CloudWatch
AWS X-Ray
CodePipeline Template
Amazon S3
Third-partytool(s)
AWS CodeDeploy Integration
AWS Cloud
User
EC2 Developer Instance
One Box Fleet One Box Fleet
Performance
Pen-testing
One Box Fleet
One Box FleetRules enforcement
AWS Config
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
• Supports 530+ resource types across 110+ AWS services• New registry resource types inherit support for rollback,
changesets, event tracking, more
Customizing CloudFormation
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
• Supports 530+ resource types across 110+ AWS services
• New registry resource types inherit support for rollback, changesets, event tracking, and more
• APN and 3rd party contributions
CloudFormation Integrations
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Sagar KhasnisPartner Solutions Architect, AWS Marketplace@90cigars
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Flexible software build and deliveryAWS Marketplace deployment options
Amazon Machine Image
Meant for single instance solutions deployed directly into your VPC
Provides flexible BYOL, pay-for-what-you-use, free trials, and curated Open Source options
CloudFormation Template
Meant for clustered and high availability implementations
Combines third-party software with AWS services and a complete solution implementation including multi-instance, tie-ins to AWS Services, and high availability cluster architectures
SaaS
Software offered as a service with no resources required to manage infrastructure
API
Application Program Interface is designed to integrate directly to an application
Amazon SageMaker
Amazon Container Services
Find container products in AWS Marketplace or the Amazon Elastic Container Service (Amazon ECS) console and deploy them on Amazon ECS, Amazon Elastic Container Service for Kubernetes (Amazon EKS), and AWS Fargate
Find machine learning algorithms and models that can be deployed directly onto Amazon SageMaker
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Ideas
Ideas
Ideas Plan Build ReleaseTest OperateIdeas
Build your DevOps pipeline with AWS Marketplace
Secure
Sample AWS Marketplace solution providers
Continuous delivery
Security & compliance
Continuous integration
Testing & quality management
Monitoring & observability
Incident management
Collaboration & communication
Microservices and everything-as-code
Core practices
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Ideas
Ideas
Ideas Plan Build ReleaseTest OperateIdeas
Build your DevOps pipeline with AWS Marketplace
Secure
Sample AWS Marketplace solution providers
Continuous delivery
Security & compliance
Continuous integration
Testing & quality management
Monitoring & observability
Incident management
Collaboration & communication
Microservices and everything-as-code
Core practices
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
TracesMetrics Events Logs
How are AWS customers leveraging New Relic?
AWS Personal Health
AWS CloudFormation
Amazon EC2
Amazon CloudWatch
Amazon CloudWatch
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
New Relic provides deep AWS integrations
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
New Relic supports AWS CloudFormation RegistryStep 1: Register Step 2: Use
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Benefits:• DevOps cycle went from
once-a-month to once-a-week
• Real-time mission critical data at scale
• System-wide monitoring helps accelerate cloud migration
Fleet Complete achieves faster cloud migrationwith New Relic Infrastructure and Application Monitoring
Data Lakes
External service
1Billion Data
Points Collected
Daily
Connected Vehicles
External service
Listeners
Amazon EC2 Amazon EC2
Amazon EC2 Amazon EC2 Amazon EC2 Amazon EC2Amazon EC2Amazon S3
Listeners Listeners Listeners
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Xero thrives with continuous deploymentUsing Armory Spinnaker
Benefits:• Improved deployment
process by eliminating manual steps and custom tooling
• Controlled cloud costs and reduce errors and time to create infrastructure
• Improved visibility into deployment process and developer productivity
VPC
K8s Cluster for Spinnaker
Application Load Balancer
Amazon Aurora
Amazon Identity and Access Manager
(IAM)
AWS Cloud owned by customer
AWSWAF (Optional)
Amazon S3
Git Repository
Prometheus
Managed Services Engineer
AWS Cloud
Customer Engineer
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Microservice 1
Microservice N
Consumers
Microservices ClusterAdmins
Apps Network Load
Balancer
Kong Instance
Kong Instance
Kong Instance
AWS Services
Amazon Dynamo DB
MySQL Instance
Amazon SQS
Benefits:• Up to 65x faster
deployment with automated validations
• 450+ new digital services created in the past six months
• Dynamic infrastructure that auto-scales up and down with demand
Cargill modernizes its IT infrastructureLeveraging Kong
Amazon ESK
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Why AWS Marketplace?
Flexible consumption and contract models
Quick and easy deployment
Helpful humans to support you
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
How can you get started?Find
A breadth of DevOps solutions:
Buy
Free trial
Pay-as-you-go
Hourly | Monthly | Annual | Multi-Year
Bring Your Own License (BYOL)
Seller Private Offers
Channel Partner Private Offers
Through flexible pricing options:
Deploy
AWS CloudFormation (Infrastructure as Code)
Software as a Service (SaaS)
Amazon Machine Image (AMI)
Amazon Elastic Container Service(ECS)
Amazon Elastic Kubernetes Service(EKS)
With multiple deployment options:
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Webinar summary
New tools? Select solutions in AWS Marketplace for a curated list proven on AWS.
Current tools? Bring your own license to leverage benefits of AWS Marketplace.
Use AWS Marketplace solutions like New Relic, Kong, and Armory to quickly deploy and monitor your applications and infrastructure.
AWS CloudFormation, combined with DevOps best practices, allows you to automate and accelerate cloud application development in a diligent way
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Thank you!Luis ColonSr. Dev Advocate, AWS CloudFormation@luiscolon1
Sagar KhasnisPartner Solutions Architect, AWS Marketplace@90cigars