Book Image

Implementing DevOps on AWS

By : Vaselin Kantsev
Book Image

Implementing DevOps on AWS

By: Vaselin Kantsev

Overview of this book

Knowing how to adopt DevOps in your organization is becoming an increasingly important skill for developers, whether you work for a start-up, an SMB, or an enterprise. This book will help you to drastically reduce the amount of time spent on development and increase the reliability of your software deployments on AWS using popular DevOps methods of automation. To start, you will get familiar with the concept of IaC and will learn to design, deploy, and maintain AWS infrastructure. Further on, you’ll see how to design and deploy a Continuous Integration platform on AWS using either open source or AWS provided tools/services. Following on from the delivery part of the process, you will learn how to deploy a newly created, tested, and verified artefact to the AWS infrastructure without manual intervention. You will then find out what to consider in order to make the implementation of Configuration Management easier and more effective. Toward the end of the book, you will learn some tricks and tips to optimize and secure your AWS environment. By the end of the book, you will have mastered the art of implementing DevOps practices onto AWS.

Related Content you might be interested in

Current Title:

Small book image
Implementing DevOps on AWS
Vaselin Kantsev
Jan, 2017 | 258 pages
Small book image
Getting Started with Terraform
Kirill Shirinkin
Jul, 2017 | 208 pages
Small book image
Getting Started with Terraform
Kirill Shirinkin
Jan, 2017 | 206 pages
Small book image
Implementing Cloud Design Patterns for AWS.
Sean Keery | Clive Harber | Marcus Young
Apr, 2019 | 274 pages
Table of Contents (17 chapters)
Implementing DevOps on AWS
Implementing DevOps on AWS
Credits
Credits
About the Author
About the Author
About the Reviewer
About the Reviewer
www.PacktPub.com
www.PacktPub.com
Customer Feedback
Customer Feedback
Preface
Preface
Free Chapter
1
What is DevOps and Should You Care?
What is DevOps and Should You Care?
What is DevOps?
Should you care
Summary
2
Start Treating Your Infrastructure as Code
Start Treating Your Infrastructure as Code
IaC using Terraform
IaC using CloudFormation
Summary
3
Bringing Your Infrastructure Under Configuration Management
Bringing Your Infrastructure Under Configuration Management
Introduction to SaltStack
Writing Configuration Management code
Bootstrapping nodes under Configuration Management (end-to-end IaC)
Summary
4
Build, Test, and Release Faster with Continuous Integration
Build, Test, and Release Faster with Continuous Integration
Prepare IaC
Deploy IaC
Setup CI
Summary
5
Ever-Ready to Deploy Using Continuous Delivery
Ever-Ready to Deploy Using Continuous Delivery
Preparing Terraform templates
Prepareing Salt code
Preparing Jenkins code
Preparing CodeCommit repositories
Deploy Terraform templates
Initializing Jenkins
Configuring Jenkins jobs
Summary
6
Continuous Deployment - A Fully Automated Workflow
Continuous Deployment - A Fully Automated Workflow
Terraform code (resources.tf)
Jenkins pipelines
Summary
7
Metrics, Log Collection, and Monitoring
Metrics, Log Collection, and Monitoring
Centralized logging
Metrics
Monitoring
Summary
8
Optimize for Scale and Cost
Optimize for Scale and Cost
Architectural considerations
The frontend layer
The backend layer
The object storage layer
Summary
9
Secure Your AWS Environment
Secure Your AWS Environment
Managing access using IAM
VPC security
EC2 security
Security auditing
Summary
10
AWS Tips and Tricks
AWS Tips and Tricks
Using VPCs
Keep the Main route table as a fallback
Staying within the VPC
Creating IAM roles in advance
Groups over users
Knowing the AWS service limits
Pre-warm ELBs if needed
Using termination protection
Tagging what you can
Deploying across multiple zones
Enhancing your ELB health-checks
Offloading SSL onto the ELB
EIP versus public IP
Mind the full-hour billing
Using Route53 ALIAS records
The S3 bucket namespace is global
- versus . in the S3 bucket name
Randomizing S3 filenames
Initializing (pre-warm) EBS volumes
Summary

EC2 security

Diving deeper into our VPC, we are now going to look at ways to enhance the security around our EC2 instances.

IAM Roles

IAM EC2 Roles are the recommended way to grant your application access to AWS services.

As an example, let us assume we had a web app running on our web server EC2 instance and it needs to be able to upload assets to S3.

A quick way of satisfying that requirement would be to create a set of IAM access keys and hardcode those into the application or its configuration. This however means that from that moment on it might not be very easy to update those keys unless we perform an app/config deployment. Furthermore, we might for one reason or another end up re-using the same set of keys with other applications.

The security implications are evident: reusing keys increases our exposure if those get compromised and having them hardcoded greatly increases our reaction time (it takes more effort to rotate such keys).

An alternative to the preceding method would be to use...

Previous Section
End of Section 4
Next Section