Please enable JavaScript.
Coggle requires JavaScript to display documents.
Deployment - Coggle Diagram
AWS Elastic Beanstalk
- Fully automated provisioning of various services to deploy the code without operational overheads (ASG, Load Balancer, Route 53, RDS, etc.)
- Provisioning is free. Charged for the used resources.
- If needed, container image can be directly used
Modes
Single Instance
- Provision a single EC2 instance and a RDS
- Elastic IP is attached to access the EC2 instance
ALB + ASG
- ASG span EC2 instances across multiple AZs
- ALB is deployed to distribute traffic to the instances
- Each AZ gets RDS and one is the master and the rest is standby nodes
ASG only
- Can be integrated with SQS
- Each instance pick events from the queue and process in parallel
AWS CodeDeploy
- Deploy application to EC2, ASG, ECS, Lambda without much operational overhead
- Deploying to EC2, Lambda, and ECS is free
- Deploying to on-premise instance has charges
Hooks
-
appspec.yml must exist in every application that is being deployed
- Can configure hooks to the various deployment stages to verify the deployment process
ASG
- Deploy the new application to instances of the ASG
In place
- Application is updated to the existing instances at once
- Newly provisioned instances will use the new application
Blue/Green
- An exact clone of an ASG is created
- The new application is deployed to the cloned ASG
- Portion of traffic will be directed to the new ASG
- If Green ASG is good, discard the Blue ASG, or if error is found, discard Green ASG and back to normal operation
AWS Lambda
- Blue/Green-ish by default where both old and new version coexists
- CodeDeploy automatically shift traffics to both versions
ECS
Blue/Green
- Works as same as ASG Blue/Green deployment
Canary
- Only a small portion of the traffic is forwarded to the new deployments
- If no error is found, old version is discarded, otherwise, keep updating the application
AWS CloudFormation
- Infrastructure as Code (IaC) dedicated for AWS
Deletion Policy
- Decide what to do with the resources/configurations applied by the CloudFormation when the CloudFormation template is deleted
Retain
- Specify what resources to keep
Snapshot
- Specify what resources to take a snapshot of
- EBS Volume, ElastiCache Cluster, RDS DB Instances, etc.
Delete (default)
- Delete everything that is provisioned by CloudFormation
- RDS DBCluster, however, will take snapshot by default
- S3 buckets are not deleted unless it is empty
Custom Resource Control
- Non AWS resource or not-yet-supported resource can still be confiugred with CloudFormation
- CloudFormation will simply execute the Lambda Function , created by user, that will do the manual provisioning job
StackSet
- Collection of CloudFormation Stack that can be shared across the accounts/regions
- Can use
TemplateURL to specify the template to use
- Can deploy a stack to multiple accounts in a single operation
EC2 User Data Script
- Specify the script to be launched
- Also be launched when EC2 is provisioned by ASG later
Mapping Override
- The stack itself can define the Mapping
- If it is duplicated with the one in template, the stack's Mapping overrides
CloudFormation Stack
- JSOn or YAML template that defines stacks to be deployed
- Can use
TemplateURL to specify the template to use
Drift
- Detect any manual changes out of the Stack
- It only gives the diff information, not preventing it from happening
Secrets Manager
- Can easily set up secrets manager to generate passwords
- The generated password can be easily referenced in the same template, make it very easy to provide sensitive parameters to the services
Resource Import
- Existing resources can be included to the running stack
- Unique identifier must be provided
- Importing resource must have Deletion Policy attribute
Nesting CloudFormation Stack
- Even the CloudFormation Stack can be the part of the stack of the another CloudFormation Stack to enable nested stacks
-
Cloud Development Kit (CDK)
- Use the popular programming languages to generate the CloudFormation template
- CDK converts the code into the JSON or YAML appropriately
CloudFormation Template
- JSON or YAML template that specifies the resources to provision
Mapping
- Simple key-value pair can be configured to be referenced when provisioning the resources
- Use
FindInMap to read the values
- Ex)
!FindInMap [RegionMap, !Ref 'AWS::Region', AMI]
AWS Service Catalog
- Pre-configured cloud configuration
- Convenient for meeting compliance, deploying simple applications, etc.
Portfolio
- Collection of CloudFormation Stack
- IAM Permission can restrict access to the Portfolio
Provisioning
- If the user has appropriate IAM permission, he/she can lanuch the Portfolio, and the services will provision automatically
Serverless Application Model (SAM)
- Provision Lambda, API Gateway, and DynamoDB locally
- Good for testing the entire infrastructure before deploying them to AWS
- Uses CloudFormation to configure exact same environment in the AWS
EC2
Systems Manager (SSM)
- SSM agent is installed to EC2 manually or comes with Amazon Linux AMI
- SSM communicates with the instances through the agents
- EC2 instances must assume the proper IAM role, so it can access SSM
Post-processing EC2 Instance
- A command can be sent to the instance that is about to be terminated by ASG
Patch Manager
- Run patches according to the maintenance window
Session Manager
- Access EC2 instances without direct SSH connection
- Can forward ports
- Logs and audits session activity by default
Ops Center
- Accumulate OpsItems related to the operational issues of the AWS resources
Run Command
- Send a command to be executed in EC2 instance
Placement Group
Types
Partition
- Set of EC2 instances are spread across logical partition
- Each partition utilizes different rack
- But racks are still in the same AZ
- Maximum 7 partitions per AZ and 100 instances per partition
Cluster
- Closely packed in a same rack
- Very low latency due to the proximity
- All instances fail at the same time
Enhanced Networking (SR-IOV)
- Even higher bandwidth and lower latency
Elastic Network Adapter (ENA)
#
Intel 82599 VF
- EC2 instances can be equipped with VF, which supports bandwidth up to 10Gbps
- Legacy version and replaced with ENA
Spread
- Each EC2 instances gets the distinct rack
- Can have maximum 7 instances per AZ (so can utilize up to 7 racks)
Moving instances in/out to/from PG
- Must stop the target instance and modify the configuration
- Once the instant restart, it will be appropriately placed according to the configuration
CloudMap
- Fully managed resource discovery service
- Applications can discover resources through AWS SDKs, RESTful API, or DNS queries
- Resources itself must register itself to the CloudMap to be discovered
AWS OpsWorks
- Managed configuration management service
Infrastructure as Code
- Managed servers for IaC service
-
Chef Automation
- Create and managed Chef Cookbooks and Recipes