your first week with amazon ec2
DESCRIPTION
Amazon Elastic Compute Cloud (Amazon EC2) provides resizable compute capacity in the cloud and is often the starting point for your first week using AWS. This session will introduce these concepts, along with the fundamentals of EC2, by employing an agile approach that is made possible by the cloud. Attendees will experience the reality of what a first week on EC2 looks like from the perspective of someone deploying an actual application on EC2. You will follow them as they progress from deploying their entire application from an EC2 AMI on day 1 to more advanced features and patterns available in EC2 by day 5. Throughout the process we will identify cloud best practices that can be applied to your first week on EC2 and beyond.TRANSCRIPT
Don Southard
Solutions Architect
April 18, 2013
Your First Week on Amazon EC2
A hands on approach to understanding
Amazon EC2 and the cloud
Questions for Your First Week on Amazon EC2
• What is Amazon EC2?
• Where do I start with EC2?
– What are the components of EC2?
– What are the big picture architecture cloud patterns?
– What other Amazon Web Services should I use?
• How do I map my existing infrastructure architecture to EC2?
– How do I configure my environment for high availability?
– How do manage my environment in the cloud?
– How do I monitor my environment in the cloud?
An Approach to Your First Week on Amazon EC2
• Leverage what you already know about web architectures
• Understand enough to get started with EC2
• Take an iterative approach
– Refactor and evolve
– Pay for what you use
• Understand and apply cloud best practices
– Capacity on demand
– Elasticity
– Design for failure
– Infrastructure automation
Day 1 – Identify and Deploy Application on EC2
Region
Availability Zone
Linux Apache Ruby MySQL
Source Protocol Port
0.0.0.0/0 HTTP 80
148.20.57.0/24 SSH 22
Day 1 – Launching Your First EC2 Instance
1. Login to the AWS Management Console and go to the Amazon EC2 console
2. Choose an Amazon Machine Image (AMI)
3. Choose an instance size
4. Create a key pair for SSH access
5. Create port-based security rules
6. Launch instance
7. Upload code
Day 1 – Choose AMI
Day 1 – Instance Details
Day 1 – Instance user-data
Day 1 – Tags
Day 1 – Create Key Pair
Day 1- Configure Firewall
Day 1 – Instance Launched
Day 1 – Application Tasks [laptop]$ ssh -i ~/ec2.pem [email protected]
__| __|_ )
_| ( / Amazon Linux AMI
___|\___|___|
https://aws.amazon.com/amazon-linux-ami/2012.09-release-notes/
There are 13 security update(s) out of 24 total update(s) available
Run "sudo yum update" to apply all updates.
[ec2-user@ip-10-40-203-29 ~]$ sudo yum -y -q update
[ec2-user@ip-10-40-203-29 ~]$ sudo yum -y -q install httpd mysql-server ruby19 git
[ec2-user@ip-10-40-203-29 ~]$ sudo service mysqld start
[ec2-user@ip-10-40-203-29 ~]$ sudo /etc/init.d/httpd start
Day 1 Day 2
Day 1 Recap Day 2 Considerations
1. Created an AWS account 2. Identified an application for cloud
deployment 3. Logged into the Web Console 4. Chose an AMI 5. Launched an EC2 instance 6. Setup application
• How can we capture our work efforts to make them repeatable or recover from failure?
• What options do we have for setting up a tiered architecture?
• How can we apply security to our instances?
Day 2 – Create a tiered architecture
Region
Availability Zone
Snapshot Amazon S3
Internet
User
HTTP (80)
Source Protocol Port
0.0.0.0/0 HTTP 80
148.20.57.0/24
SSH 22
Connection Type Details
EC2 Security Group
web-tier-sg
Day 2 – Launching a Tiered Web Application
1. Snapshot EC2 Instance
– Stop MySQL
– Bundle New AMI
2. Create a Relational Database (RDS) Instance
– We’ll use MySQL
– Other options: Oracle, SQL Server
3. Configure App to Use RDS MySQL Database
Day 2 – Create a snapshot of our AMI
Day 2 – New AMI
Day 2 – Launch RDS DB Instance
Day 2 – RDS DB Instance Details
Day 2 – RDS Management Options
Day 2 – Granting EC2 App Access to RDS
Day 2 – Connect to RDS Database
[ec2-user@ip-10-40-203-29 ~]$ mysql -uroot –p –D devdb \
–h nonprod.ctjsifycx3sq.us-east-1.rds.amazonaws.com
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 268
Server version: 5.5.27-log Source distribution
Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql>
Day 2 Day 3
Day 2 Recap Day 3 Considerations
1. Took a snapshot of AMI as a backup 2. Created an RDS MySQL Database 3. Created and validated security groups
• What tools does AWS provide to monitor EC2 and RDS?
• How can we better monitor the our environment (proactive vs. reactive)?
• How can we be notified when our servers hits certain thresholds?
Day 3 – Monitor Environment
Region
Availability Zone
Internet User
Amazon CloudWatch
Users
Alarm
Administrator
Email Notification
Day 3 – Create CloudWatch Alarm
1. Select metric to monitor
– Database write latency is an accurate indicator of our application’s health
2. Define a threshold
– Write latency that exceeds 500ms typically requires some intervention on our part
3. Create a topic for our alarm and subscribe to the topic via email
Day 3 – Create Alarm
Day 3 – Create Alarm
Day 3 – Create Alarm
Day 3 – Create Alarm
Day 3 – Alarm Created
Day 3 Day 4
Day 3 Recap Day 4 Considerations
1. Identified CloudWatch metrics available for EC2 and RDS
2. Created a CloudWatch alarm 3. Set up alarm to email on failure 4. Reviewed CloudWatch dashboard
• What happens if our EC2 instance fails?
• What happens if an entire AZ is unavailable?
• How can we elastically scale based on increased/decreased traffic?
• What happens if our primary RDS instance fails?
Day 4 – Designing for High Availability
Region
Availability Zone
Internet
Amazon CloudWatch
Users
Alarm
Availability Zone
RDS DB Standby
Auto scaling Group
Day 4 – Steps to High Availability
1. Create an Elastic Load Balancer (ELB)
– Balances traffic across multiple EC2 instances
– Enables running instances in multiple Availability Zones (AZ’s)
2. Configure Auto Scaling
– Automatically scale up if demand increases
– And scale down to save money
3. Setup RDS Multi-AZ
– Synchronous replication to standby in another AZ
– Automatic fails over if needed
– Also minimizes backup window (slave is used)
Day 4 – Define Load Balancer
Day 4 – Configure Health Check
Day 4 – Add EC2 Instance(s)
Day 4 – Elastic Load Balancer is Active
Day 4 – Configure Auto Scaling
1. Use the Amazon Machine Image (AMI) we created
2. Leverage multiple Availability Zones
– Distribute instances across two AZ’s
– Ensure at least two instances are up
3. Create an Auto Scaling trigger
– Same concept as CloudWatch alarm from earlier
– Just now we’re proactively taking action
Day 4 – Find That AMI We Created
Day 4 – Set Up Auto Scaling
[laptop]$ as-create-launch-configuration webcfg \
--image-id ami-08dc4461 --instance-type m1.small \
--region us-east-1
[laptop]$ as-create-auto-scaling-group webscg \
--launch-configuration-name webcfg \
--availability-zones us-east-1a us-east-1c \
--min-size 2 --max-size 10 --load-balancer-names frontlb
Day 5 – Setup Auto Scaling continued
[laptop]$ as-put-scaling-policy WebScaleUpPolicy \
--auto-scaling group webscg \
--adjustment=1 --type ChangeInCapacity --cooldown 300
[laptop]$ mon-put-metric-alarm WebHighCPUAlarm \
--comparison-operator Greater ThanThreshold \
--evaluation-periods 1 --metric-name CPUUtilization \
--namespace "AWS/EC2" --period 600 \
--statistic Average --threshold 80 \
--alarm-actions POLICY-ARN_from_previous_step \
--dimensions "AutoScalingGroup Name=webscg"
Day 4 – Check on Our Instances
Day 4 – Set Up RDS Multi-AZ
[laptop]$ aws rds modify-db-instance \
--db-instance-identifier nonprod \
--multi-az --region us-east-1
Yep, that’s it.
No mouse required. :)
Day 4 Day 5
Day 4 Recap Day 5 Considerations
1. Spread our application across Availability Zones.
2. Automated scaling across availability zone leveraging Auto Scaling.
3. Implemented load balancing via AWS Elastic Load Balancing.
4. Implemented a highly available database by applying RDS multi-AZ.
• How do we make use of a custom DNS domain for our load balancer?
• How can we configure accounts for other AWS users?
• How can we template and replicate our server environment?
Day 5 – DNS, Identity & Access Management, Deployment Automation
Region
Availability Zone
Internet
S3 Bucket
Amazon CloudWatch
Users
Alarm
Availability Zone
RDS DB Standby
AWS IAM
www.example.com
AWS Management Console
AWS CloudFormation
Template Stack
images.example.com
Day 5 – Route 53 (DNS)
Day 5 – Identity & Access Management
Day 5 – Deployment Automation
First Week on Amazon EC2
• Evolution from Day 1 Day 5
– Single AMI Tiered Monitored HA DNS,IAM,Automation
• Cloud architecture best practices implemented in week 1 on EC2
– Proactive scaling – Auto scaling triggers
– Elasticity – EC2
– Design for failure – ELB, Auto scaling groups, Availability Zones
– Decouple your components – EC2, RDS
– Infrastructure automation – CloudFormation
…and Beyond
• Moving beyond week 1 on EC2
– AWS Management Console is great but you have other options
• Command Line Interface
• API
– Other AWS Services
• VPC, Elasticache, OpsWorks, Beanstalk, DynamoDB, SQS
– Operational Checklist
• http://media.amazonwebservices.com/AWS_Operational_Checklists.pdf
– Deployment Automation
• http://aws.amazon.com/cloudformation/aws-cloudformation-articles-and-tutorials/
– Links to whitepapers and architectures
• http://aws.amazon.com/whitepapers/
• http://aws.amazon.com/architecture/
Your First Week on Amazon Elastic Compute Cloud A hands on approach to understanding Amazon EC2