Book Image

Implementing DevOps on AWS

By : Vaselin Kantsev
Book Image

Implementing DevOps on AWS

By: Vaselin Kantsev

Overview of this book

Knowing how to adopt DevOps in your organization is becoming an increasingly important skill for developers, whether you work for a start-up, an SMB, or an enterprise. This book will help you to drastically reduce the amount of time spent on development and increase the reliability of your software deployments on AWS using popular DevOps methods of automation. To start, you will get familiar with the concept of IaC and will learn to design, deploy, and maintain AWS infrastructure. Further on, you’ll see how to design and deploy a Continuous Integration platform on AWS using either open source or AWS provided tools/services. Following on from the delivery part of the process, you will learn how to deploy a newly created, tested, and verified artefact to the AWS infrastructure without manual intervention. You will then find out what to consider in order to make the implementation of Configuration Management easier and more effective. Toward the end of the book, you will learn some tricks and tips to optimize and secure your AWS environment. By the end of the book, you will have mastered the art of implementing DevOps practices onto AWS.

Related Content you might be interested in

Current Title:

Small book image
Implementing DevOps on AWS
Vaselin Kantsev
Jan, 2017 | 258 pages
Small book image
Getting Started with Terraform
Kirill Shirinkin
Jul, 2017 | 208 pages
Small book image
Getting Started with Terraform
Kirill Shirinkin
Jan, 2017 | 206 pages
Small book image
Implementing Cloud Design Patterns for AWS.
Sean Keery | Clive Harber | Marcus Young
Apr, 2019 | 274 pages
Table of Contents (17 chapters)
Implementing DevOps on AWS
Implementing DevOps on AWS
Credits
Credits
About the Author
About the Author
About the Reviewer
About the Reviewer
www.PacktPub.com
www.PacktPub.com
Customer Feedback
Customer Feedback
Preface
Preface
Free Chapter
1
What is DevOps and Should You Care?
What is DevOps and Should You Care?
What is DevOps?
Should you care
Summary
2
Start Treating Your Infrastructure as Code
Start Treating Your Infrastructure as Code
IaC using Terraform
IaC using CloudFormation
Summary
3
Bringing Your Infrastructure Under Configuration Management
Bringing Your Infrastructure Under Configuration Management
Introduction to SaltStack
Writing Configuration Management code
Bootstrapping nodes under Configuration Management (end-to-end IaC)
Summary
4
Build, Test, and Release Faster with Continuous Integration
Build, Test, and Release Faster with Continuous Integration
Prepare IaC
Deploy IaC
Setup CI
Summary
5
Ever-Ready to Deploy Using Continuous Delivery
Ever-Ready to Deploy Using Continuous Delivery
Preparing Terraform templates
Prepareing Salt code
Preparing Jenkins code
Preparing CodeCommit repositories
Deploy Terraform templates
Initializing Jenkins
Configuring Jenkins jobs
Summary
6
Continuous Deployment - A Fully Automated Workflow
Continuous Deployment - A Fully Automated Workflow
Terraform code (resources.tf)
Jenkins pipelines
Summary
7
Metrics, Log Collection, and Monitoring
Metrics, Log Collection, and Monitoring
Centralized logging
Metrics
Monitoring
Summary
8
Optimize for Scale and Cost
Optimize for Scale and Cost
Architectural considerations
The frontend layer
The backend layer
The object storage layer
Summary
9
Secure Your AWS Environment
Secure Your AWS Environment
Managing access using IAM
VPC security
EC2 security
Security auditing
Summary
10
AWS Tips and Tricks
AWS Tips and Tricks
Using VPCs
Keep the Main route table as a fallback
Staying within the VPC
Creating IAM roles in advance
Groups over users
Knowing the AWS service limits
Pre-warm ELBs if needed
Using termination protection
Tagging what you can
Deploying across multiple zones
Enhancing your ELB health-checks
Offloading SSL onto the ELB
EIP versus public IP
Mind the full-hour billing
Using Route53 ALIAS records
The S3 bucket namespace is global
- versus . in the S3 bucket name
Randomizing S3 filenames
Initializing (pre-warm) EBS volumes
Summary

VPC security

If you have deployed your resources in a VPC, you are already moving in the right direction. Here we are mostly going to concern ourselves with network security and the tools or features a VPC provides for enhancing it.

Security Groups

These represent our first layer of defense as stated in the AWS documentation. Security Groups (SG) get assigned to EC2 instances (generally speaking) and provide a type of stateful firewall, which supports allow rules only.

They are very flexible and an EC instance can have multiple such groups assigned to it. The rules can be based on host IP addresses, CIDRs or even on other Security Groups, for example, allow inbound HTTP:80 from group ID sg-12345.

Usually, within a VPC we would create an SG per role, such as web server, db, cache. Instances of the same component would then be assigned the respective SG, thus regulating traffic between the different components of a platform.

Tip

It is often tempting to allow traffic based on the VPC CIDR address...

Previous Section
End of Section 3
Next Section