How to use Infrastructure as Code for automated self-service AWS environments Sean Davis Ambassador, DevOps Institute @seanasaservice imseandavis
Chris Chapman Partner Solutions Architect at AWS About DevOps Institute
DevOps Institute’s mission is to advance the human elements of DevOps by creating a safe and interactive environment where our members can network, gain knowledge, grow their careers, support enterprise transformation and celebrate professional achievements.
We connect and enable the global DevOps community to drive change in the digital age. Become a professional member at www.devopsinstitute.com An Ideal Approach For Success
Culture Shared Responsibility Locality and Simplicity
Focus, Flow, and Joy Recovery Automation Continuous Plan for Failure Delivery DevOps Improvement of Daily Work Approach Psychological Safety
Measurement Lean Quantify The Optimize Value Customer Focus Effort Delivery Why Infrastructure as Code?
Focus Separation of Duties Allows developers to focus on Idempotent and declarative coding, not provisioning templates prevent infrastructure infrastructure configuration drift Collaboration Time Generates a shared bond Automation reduces time between developers and to deploy, release, and engineering teams scale infrastructure
Process Cost Resource templates enable Leverages native development effective spot and reserved practices and templates instance planning Orchestrating together
Quality Assurance
Security Integration Engineers
Validation Governance Self Service Secrets Continuous Management Testing Definitions Policy As Code Patterns Cost Devs Packages Ops Monitoring Source Control Infrastructure As Build / Release Code Considerations Traceability Leveraging Simplistic Design
Scale • Scale Design Patterns • Auto Scaling Automate • Spot/Reserved Instances • Practice A.U.T.O. Script • GitOps w/ Containers • Version Control Map • Serverless Functions • Test Templates • Manually Define Process • Secure Templates • Measure Feature Value Plan • Leverage Immutability • Establish Name & Tag • Complexity (Gall’s Law) Standards • Consider Cost Control • Define App Patterns • Operational Limitations • Policy As Code • Up/Downstream Impacts Guardrails • Consider End-To-End Supply Chain Evolving Infrastructure as Code Infrastructure as Code Success Checklist
Set A Baseline Of What Your Trying To Accomplish DevOps Done Right And Why It’s Valuable To Ensure Alignment Involve All Teams Required To Plan, Build, And Run Work Together Your Pipelines Consider Every Component In The End-to-End Supply The Glue That Binds Chain And Tool Chains Required Map The Manual Steps, Then Determine The Greatest Map, Then Automate Automation Value. Define Environment Requirements and Differences Simplify And Secure Before Building Templates And Approval Flows Avoid Vanity Metrics, Quantify The Impact Of Your Measure, Measure, Measure Toolchains, And Share Your Progress With Stakeholders Create Self Documenting Toolchains That Can Be Build For Reusability Consumed And Reused By Any Team Chris Chapman Partner Solutions Architect at AWS You can’t build a house without the right tools
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS provides flexibility for DevOps teams to work with tools of their choice
AWS Service Catalog AWS CloudFormation
AWS CodePipeline AWS Systems Manager
AWS Cloud Development Kit 1,600+ vendors | 8,000+ products
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Steps for automating DevOps pipelines
Automate Automate the Build your IaC Provide self- 1 2 deployment with 3 4 whole process of templates service template managing the IaC
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Self-Service tools for developers
AWS CodePipeline
Push image to ECR
AWS CodeCommit AWS CodeBuild Validate and Build Amazon Elastic Container Registry
Developers AWS Service Catalog AWS Internet CloudFormation Amazon Elastic Templates Container Service
AWS Fargate
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Automating self-service with AWS Service Catalog Manage IaC templates with Source Control
Git-Based Version Control 1. Infrastructure Engineer checks in new template
AWS CodeCommit AWS CloudFormation Product Portfolio Templates (CF Stack)
Release Automation 2. AWS CodePipeline automatically picks up the change and starts a deploy AWS CodePipeline AWS CodeBuild
Amazon S3 AWS CloudFormation 1. Copy releases product 2. Update Stack to deploy 3. AWS CloudFormation updates templates to S3 change the AWS Service Catalog portfolio and products AWS Service Catalog End Users provision updated Products
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Marketplace: Destination for third-party DevOps and IaC solutions to use with AWS DevOps Core practices
Collaboration & communication Continuous integration Continuous delivery Monitoring & observability Microservices and everything-as-code Testing & quality management Security & compliance Incident management
Ideas Ideas Ideas Plan Build Test Secure Release Operate Ideas
Sample AWS Marketplace solution providers
1,600+ vendors | 8,000+ products
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Marketplace: Destination for third-party DevOps and IaC solutions to use with AWS DevOps Core practices
Collaboration & communication Continuous integration Continuous delivery Monitoring & observability Microservices and everything-as-code Testing & quality management Security & compliance Incident management
Ideas Ideas Ideas Plan Build Test Secure Release Operate Ideas
Sample AWS Marketplace solution providers
1,600+ vendors | 8,000+ products
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. DevOps value stream platform Infrastructure automation from development to production
Plan Dev Testing and Security Staging Production
CI CI/CD
Infrastructure Automation at Scale
AWS CloudFormation INFRASTRUCTURE AS CODE
SOURCE CONTROL Pre-built, pre-configured, ARTIFACT REPOSITORY AWS Artifact Repository battle-tested plugins to your existing SECRET MANAGEMENT AWS Secrets Manager ecosystems tools AIOPS / MONITORING / LOGGING
Infrastructure automation from Dev-centric and no-code dev to production self-service alternative
Baked-in cloud cost control Free DevOps and platform teams with IaC © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. and compliance without reinventing the wheel How Resident scales DevOps with AWS and Quali CloudShell Colony
AWS Cloud
VPC Provided environments Target Group Port = 80 Port = 80 to global teams in under Application subnet Internet Gateway 5 minutes Amazon Load Balancer
Application Instance Management subnet Route Table Consume native AWS Port = 3000 Port = 8080 S SH/RDP Auto Scaling services group QualiY CloudAMQP Hosted Zone
Amazon Load Balancer Increased development Amazon S3 speed with dynamic environments Sidecar Instances
Amazon DynamoDB
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How Resident scales DevOps with AWS and Quali CloudShell Colony
On-Demand Secure Environments throughout the release pipeline:
Development QA Staging Production
Used for: Used for: Used for: Feature Development, Manual QA Tests Product Review Wovenly Resident Integration Tests (CI) Last mile Validation DREAMCLOUD Nectar Security tests
… and more
AWS Cloud ChatOps Bot Source Control Artifact Repository Pipeline
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Resident: Use case drill down – Self-service environments
1 2
Environment Ready!
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Quali Cloudshell Colony – new 30 day free trial https://aws.amazon.com/marketplace
CloudShell Colony 30 Day Free Trial
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Marketplace can help you get started
Find Buy Deploy
A breadth Through flexible With multiple of DevOps solutions: pricing options: deployment options:
Free trial AWS Control Tower Pay-as-you-go AWS Solution Catalog Hourly | Monthly | Annual AWS CloudFormation | Multi-Year (Infrastructure as Code) Bring Your Own License (BYOL) Software as a Service (SaaS) Seller Private Offers Amazon Machine Image (AMI) Channel Partner Private Offers Amazon Elastic Container Service (ECS) Amazon Elastic Kubernetes Service (EKS)
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Why AWS Marketplace?
Find, buy, and deploy solutions quicker Make more satisfying purchases
IT decision-makers (ITDMS) cut their ITDMS feel 2.4x better about time in half using AWS Marketplace purchasing using AWS Marketplace compared to other sources. compared to other sources.
*Amazon Web Services (AWS) Marketplace surveyed 500 IT decision-makers (ITDMs) and influencers across the U.S. to understand software usage, purchasing, consumption models, and compared savings.
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Webinar summary
Modernize your application development and speed up your time-to-market by leveraging Infrastructure as Code
Provide self-service environments and pipelines to streamline application delivery
Easily experiment with software using AWS Marketplace – without license lock-in
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.