Effective DevOps with AWS电子书

Title Page

Copyright

Effective DevOps with AWS

Credits

About the Author

About the Reviewer

www.PacktPub.com

Why subscribe?

Customer Feedback

Preface

What this book covers

What you need for this book

Who this book is for

Conventions

Reader feedback

Customer support

Downloading the example code

Downloading the color images of this book

Errata

Piracy

Questions

The Cloud and the DevOps Revolution

Thinking in terms of cloud and not infrastructure

Deploying your own hardware versus in the cloud

Cost analysis

Just-in-time infrastructure

The different layers of building a cloud

Adopting a DevOps culture

The origin of DevOps

The developers versus operations dilemma

Too much code changing at once

Differences in the production environment

Communication

Key characteristics of a DevOps culture

Source control everything

Automate testing

Automate infrastructure provisioning and configuration

Automate deployment

Measure everything

Deploying in AWS

How to best take advantage of the AWS ecosystem

How AWS synergizes with a DevOps culture

Summary

Deploying Your First Web Application

Creating and configuring your account

Signing up

Enabling multi-factor authentication on the root account

Creating a new user in IAM

Installing and configuring the command-line interface (CLI)

Installing Windows Subsystem for Linux (Windows only)

Installing the AWS CLI package

Configuring the AWS CLI

Creating our first web server

AMI

Instance type

Security group

Generating your ssh keys

Launching an EC2 instance

Connecting to the EC2 instance using ssh

Creating a simple Hello World web application

Installing node.js

Running a node.js Hello World.

Turning our simple code into a service using upstart

Terminating our EC2 instance

Summary

Treating Your Infrastructure As Code

Managing your infrastructure with CloudFormation

Getting started with CloudFormation

AWS CloudFormation designer

CloudFormer

Recreating our helloworld example with CloudFormation

Using troposphere to create a Python script for our template

Creating the stack in the CloudFormation console

Adding our template to a source control system

Updating our CloudFormation stack

Updating our Python script

Updating our stack

Change sets

Deleting our CloudFormation stack

Adding a configuration management system

Getting started with Ansible

Installing Ansible on your computer

Creating our Ansible playground

Creating our Ansible repository

Executing modules

Running arbitrary commands

Ansible playbooks

Creating a playbook

Creating roles to deploy and start our web application

Creating the playbook file

Executing a playbook

Canary-testing changes

Running Ansible in pull mode

Installing Git and Ansible on our EC2 instance

Configuring Ansible to run on localhost

Adding a cronjob to our EC2 instance

Integrating Ansible with CloudFormation

Monitoring

Summary

Adding Continuous Integration and Continuous Deployment

Building a continuous integration pipeline

Creating a Jenkins server using Ansible and CloudFormation

Creating the Ansible playbook for Jenkins

Creating the CloudFormation template

Launching the stack and configuring Jenkins

Preparing our CI environment

Creating a new GitHub repository

Creating a GitHub personal access token

Adding the access token to the credentials in Jenkins

Creating the Jenkins job to automatically run the builds

Implementing the helloworld application using our CI environment

Initializing the project

Creating a functional test using mocha

Developing the remaining of the application

Creating the CI pipeline in Jenkins

Productionizing the CI pipeline

Building a continuous deployment pipeline

Creating new web servers for continuous deployment

Importing a custom library to Ansible for AWS CodeDeploy

Creating a CodeDeploy Ansible role

Creating the web server CloudFormation template

Launching our web server

Integrating our helloworld application with CodeDeploy

Creating the IAM service role for CodeDeploy

Creating the CodeDeploy application

Adding the CodeDeploy configuration and scripts to our repository

Building our deployment pipeline with AWS CodePipeline

Creating a continuous deployment pipeline for staging

Integrating Jenkins to our CodePipeline pipeline

Updating the IAM profile through CloudFormation

Installing and using the CodePipeline Jenkins plugin

Adding a test stage to our pipeline

Building a continuous delivery pipeline for production

Creating the new CloudFormation stack for production

Creating a CodeDeploy group to deploy to production

Adding a continuous delivery step to our pipeline

Strategies to practice continuous deployments in production

Fail fast

Canary Deployment

Feature flags

Summary

Scaling Your Infrastructure

Scaling a monolithic application

Using Auto Scaling Groups to scale web servers

Updating our CloudFormation template

Removing the instance creation

Adding an ELB to our stack

Adding an auto scaling capability

Launching our new stack

Updating CodeDeploy

Basics of scaling a traditional database

Improving performance and cost saving

ElastiCache

CloudFront

Architecting your application to handle massive amounts of traffic

Load balancers

Elastic Load Balancer

Application Load Balancer

Offline processing with SQS and Kinesis

Serverless architecture

AWS Lambda

API Gateway

Data stores at scale

Multi-region applications

Summary

Running Containers in AWS

Dockerizing our helloworld application

Getting started with Docker

Docker fundamentals

Docker in action

Creating our Dockerfile

Using the EC2 container service

Creating an ECR repository to manage our Docker image

Creating an ECS cluster

Creating an ALB

Creating our ECS hello world service

Creating a CI/CD pipeline to deploy to ECS

Creating our production ECS cluster

Automating the creation of containers with CodeBuild

Creating our deployment pipeline with CodePipeline

Adding the CloudFormation template to our code base

Creating a CloudFormation template for CodePipeline

Starting and configuring our CloudFormation stack

Summary

Monitoring and Alerting

Instrumenting our application for monitoring

AWS CloudWatch

Metrics

Logs

Events

Using CloudWatch to monitor our helloworld application

Adding logs to our application

Creating a custom logger for our application

Making changes to provide the version and save the console log

Making changes to CodeDeploy to better handle logging

Adding metrics and events to our application

Sending logs, events, and metrics to CloudWatch from EC2

Creating an Ansible role for CloudWatch logs

Updating our CloudFormation template

Handling logs, events, and metrics in ECS

Advanced logging infrastructure with ElasticSearch, Kibana, and Firehose

Creating and launching an ElasticSearch cluster

Creating and launching a Kinesis Firehose stream

Updating our application to send logs to the Firehose endpoint

Adding permissions to EC2 to communicate with Firehose

Changing the logging transport to send logs to Firehose

Using Kibana to visualize logs

Monitoring our infrastructure

Monitoring EC2

Providing custom metrics to CloudWatch

Updating our CloudFormation template

Creating a CloudWatch role in Ansible

Monitoring ECS clusters

Monitoring ECS hosts

Monitoring the ECS service

Monitoring your containers

Monitoring ALB and ELB instances

Creating alarms using CloudWatch and SNS

AWS Simple Notification Service (SNS)

Creating an alert of an elevated error rate in our application

Using CloudWatch events and Lambda to create alerts on custom metrics

Monitoring and alerting with AWS health

Summary

Hardening the Security of Your AWS Environment

Understanding where to focus your effort

The shared responsibility model

Auditing the security in your cloud

AWS trusted advisor

AWS Inspector

Scout2

AWS CloudTrail

Enabling CloudTrail using CloudFormation

Validating CloudTrail logs integrity

Using CloudTrail logs

Sending CloudTrail logs to ElasticSearch using Lambda

Creating a Kibana Dashboard for our CloudTrail logs

Improving the security of the IAM layer

Managing users in AWS

Configuring a user password policy

Creating groups for users and operators

Creating proper IAM policies to empower users to do their work securely

Empowering users to manage their accounts

Enforcing the use of MFA devices

Using a script to create an MFA session

Managing service permissions in AWS

Strengthening the security at the network level

Creating a VPC with public and private subnets

Recreating our helloworld stack using our new VPC

Recreating our application to take advantage of private subnets

Creating our helloworld application in the new VPC

Creating a VPN connection to our VPC

Deploying a VPN server to AWS

Configuring your computer to use this VPN

Protecting against targeted attacks

Protecting against DOS and DDOS attacks

Protecting against ransomware

Summary