Effective DevOps with AWS

Other Books You May Enjoy

Chapter 8: Hardening the Security of Your AWS Environment

Chapter 7: Running Containers in AWS

Chapter 6: Scaling Your Infrastructure

Chapter 5: Adding Continuous Integration and Continuous Deployment

Chapter 4: Infrastructure as Code with Terraform

Chapter 3: Treating Your Infrastructure as Code

Chapter 2: Deploying Your First Web Application

Chapter 1: The Cloud and DevOps Revolution

Assessment

Further reading

Questions

Summary

WAF for SQL Injection (SQLi)

DDoS attach consideration

Creating AWS WAF with Terraform

Blocking DoS/DDoS attacks

Identifying the WAF from the web console

Testing with the command line

Allow a sub-URL to be accessible only from an IP

Web application playground

AWS WAF

Endpoint routing

Identifying subnets from the web console

What to place in which subnet?

Accessing private subnets

Routing and subnet types

VPC subnets

VPC Flow Log consideration

Verifying the flow logs

Creating the flow log for one subnet

VPC Flow Logs

CloudTrail

Final security status

AmazonEC2FullAccess policy

Creating an administrator group and a personal IAM user

Setting up a password policy for IAM users

Delete your root access keys

Root account password

Root account

IAM security

Technical requirements

Hardening the Security of Your AWS Environment

Further reading

Questions

Summary

Starting and configuring our CloudFormation stack

Creating a CloudFormation template for CodePipeline

Adding the CloudFormation template to our code base

Creating our deployment pipeline with CodePipeline

Automating the creation of containers with CodeBuild

Creating our production ECS cluster

Creating a CI/CD pipeline to deploy to ECS

Creating our ECS hello world service

Creating an ALB

Creating an ECS cluster

Creating an ECR repository to manage our Docker image

Using the EC2 container service

Creating our Dockerfile

Docker in action

Docker fundamentals

Getting started with Docker

Dockerizing our Hello World application

Technical requirements

Running Containers in AWS

Further reading

Questions

Summary

Using microservices and serverless

Removing the manually created instance from the balancer

Modifying the Auto Scaling group

Scaling policies

Auto Scaling group part

Using the wizard launch configuration part

Preparing the image

Moving our example inside Auto Scaling

Configure Auto Scaling

Pushing the logs out

Moving the state outside the EC2 machine

The next step

Access/error logs

Pre-warming a load balancer

ALB and integration with Auth0

Configuring the SSL certificate

Step 4 – removing the Apache software from the machine

Step 3 – creating an alias for the ELB

Step 2 – Creating the ALB and associate to the EC2 machine

Step 1 – open the access for the port 8080 from the whole VPC CIDR

Deploying the balancer

Choosing the right ELB

Elastic Load Balancer (ELB)

ElastiCache

Multi-AZ

Backup

Choose the RDS type

Moving the database to the RDS

The database

Advantages of a monolith

Scaling a monolithic application

Associating a DNS name

What is a monolithic application?

A monolithic application

Technical requirements

Scaling Your Infrastructure

Further reading

Questions

Summary

Feature flags

Canary deployment

Fail fast

Strategies to practice continuous deployments in production

Adding a continuous delivery step to our pipeline

Creating a CodeDeploy group to deploy to production

Creating the new CloudFormation stack for production

Building a continuous delivery pipeline for production

Adding a test stage to our pipeline

Installing and using the CodePipeline Jenkins plugin

Updating the IAM profile through CloudFormation

Integrating Jenkins to our CodePipeline pipeline

Creating a continuous deployment pipeline for staging

Building our deployment pipeline with AWS CodePipeline

Adding the CodeDeploy configuration and scripts to our repository

Creating the CodeDeploy application

Creating the IAM service role for CodeDeploy

Integrating our helloworld application with CodeDeploy

Launching our web server

Creating the web server CloudFormation template

Creating a CodeDeploy Ansible role

Importing a custom library to Ansible for AWS CodeDeploy

Creating new web servers for continuous deployment

Building a continuous deployment pipeline

Productionizing the CI pipeline

Creating the CI pipeline in Jenkins

Developing the remainder of the application

Creating a functional test using Mocha

Initializing the project

Implementing the helloworld application using our CI environment

Creating the Jenkins job to automatically run the builds

Adding the access token to the credentials in Jenkins

Creating a GitHub personal access token

Creating a new GitHub organization and repository

Preparing our CI environment

Launching the stack and configuring Jenkins

Creating the CloudFormation template

Creating the Ansible playbook for Jenkins

Creating a Jenkins server using Ansible and CloudFormation

Building a CI pipeline

Technical requirements

Adding Continuous Integration and Continuous Deployment

Further reading

Questions

Summary

Terraform with Ansible using the pull-based approach

Terraform with Ansible using a push-based approach

Integrating AWS Terraform and Ansible

A second Terraform template for deploying a Hello World application

First Terraform template for AWS instance provisioning

Creating our Terraform repository

Deployment using AWS CLI

Deployment using AWS Management Console

Terraform and AWS for automated provisioning

Getting started with Terraform

What is Terraform?

Technical requirements

Infrastructure as Code with Terraform

Further reading

Questions

Summary

Monitoring

Integrating Ansible with CloudFormation

Adding a cron job to our EC2 instance

Configuring Ansible to run on localhost

Installing Git and Ansible on our EC2 instance

Running Ansible in pull mode

Canary-testing changes

Executing a playbook

Creating the playbook file

Creating roles to deploy and start our web application

Creating a playbook

Ansible playbooks

Running arbitrary commands

Executing modules

Creating our Ansible repository

Creating our Ansible playground

Installing Ansible on your computer

Getting started with Ansible

Adding a configuration management system

Deleting our CloudFormation stack

Change sets

Updating our stack

Updating our Python script

Updating our CloudFormation stack

Adding our template to a source control system

Creating the stack in the CloudFormation console

Using Troposphere to create a Python script for our template

Recreating our Hello World example with CloudFormation

CloudFormer

AWS CloudFormation Designer

Getting started with CloudFormation

Managing your infrastructure with CloudFormation

Technical requirements

Treating Your Infrastructure as Code

Further reading

Questions

Summary

Terminating our EC2 instance

Turning our simple code into a service using upstart

Running a Node.js Hello World application

Installing Node.js

Creating a simple Hello World web application

Connecting to the EC2 instance using SSH

Launching an EC2 instance

Generating your SSH keys

Security groups

Instance types

Amazon Machine Images (AMIs)

Creating our first web server

Configuring the AWS CLI

Installing the AWS CLI package

Installing WSL (Windows only)

Installing and configuring the command-line interface (CLI)

Creating a new user in IAM

Enabling MFA on the root account

Signing up

Creating and configuring your account

Technical requirements

Deploying Your First Web Application

Further reading

Questions

Summary

How does AWS synergize with a DevOps culture?

How to take advantage of the AWS ecosystem?

Deploying in AWS

Measuring everything

Automating deployment

Automating infrastructure provisioning and configuration

Automating testing

Source control everything

Key characteristics of a DevOps culture

Communication

Differences in the production environment

Too much code changing at once

The developers versus operations dilemma

The origin of DevOps

Adopting a DevOps culture

The different layers of a cloud

Just-in-time infrastructure

Cost analysis

Deploying your own hardware versus in the cloud

Thinking in terms of the cloud and not infrastructure

The Cloud and DevOps Revolution

Reviews

Get in touch

Conventions used

Download the color images

Download the example code files

To get the most out of this book

What this book covers

Who this book is for

Preface

Packt is searching for authors like you

About the reviewer

About the authors

Contributors

Packt.com

Why subscribe?

Packt Upsell

Effective DevOps with AWS Second Edition

Copyright and Credits

Title Page

封面

封面

Title Page

Copyright and Credits

Effective DevOps with AWS Second Edition

Packt Upsell

Why subscribe?

Packt.com

Contributors

About the authors

About the reviewer

Packt is searching for authors like you

Preface

Who this book is for

What this book covers

To get the most out of this book

Download the example code files

Download the color images

Conventions used

Get in touch

Reviews

The Cloud and DevOps Revolution

Thinking in terms of the cloud and not infrastructure

Deploying your own hardware versus in the cloud

Cost analysis

Just-in-time infrastructure

The different layers of a cloud

Adopting a DevOps culture

The origin of DevOps

The developers versus operations dilemma

Too much code changing at once

Differences in the production environment

Communication

Key characteristics of a DevOps culture

Source control everything

Automating testing

Automating infrastructure provisioning and configuration

Automating deployment

Measuring everything

Deploying in AWS

How to take advantage of the AWS ecosystem?

How does AWS synergize with a DevOps culture?

Summary

Questions

Further reading

Deploying Your First Web Application

Technical requirements

Creating and configuring your account

Signing up

Enabling MFA on the root account

Creating a new user in IAM

Installing and configuring the command-line interface (CLI)

Installing WSL (Windows only)

Installing the AWS CLI package

Configuring the AWS CLI

Creating our first web server

Amazon Machine Images (AMIs)

Instance types

Security groups

Generating your SSH keys

Launching an EC2 instance

Connecting to the EC2 instance using SSH

Creating a simple Hello World web application

Installing Node.js

Running a Node.js Hello World application

Turning our simple code into a service using upstart

Terminating our EC2 instance

Summary

Questions

Further reading

Treating Your Infrastructure as Code

Technical requirements

Managing your infrastructure with CloudFormation

Getting started with CloudFormation

AWS CloudFormation Designer

CloudFormer

Recreating our Hello World example with CloudFormation

Using Troposphere to create a Python script for our template

Creating the stack in the CloudFormation console

Adding our template to a source control system

Updating our CloudFormation stack

Updating our Python script

Updating our stack

Change sets

Deleting our CloudFormation stack

Adding a configuration management system

Getting started with Ansible

Installing Ansible on your computer

Creating our Ansible playground

Creating our Ansible repository

Executing modules

Running arbitrary commands

Ansible playbooks

Creating a playbook

Creating roles to deploy and start our web application

Creating the playbook file

Executing a playbook

Canary-testing changes

Running Ansible in pull mode

Installing Git and Ansible on our EC2 instance

Configuring Ansible to run on localhost

Adding a cron job to our EC2 instance

Integrating Ansible with CloudFormation

Monitoring

Summary

Questions

Further reading

Infrastructure as Code with Terraform

Technical requirements

What is Terraform?

Getting started with Terraform

Terraform and AWS for automated provisioning

Deployment using AWS Management Console

Deployment using AWS CLI

Creating our Terraform repository

First Terraform template for AWS instance provisioning

A second Terraform template for deploying a Hello World application

Integrating AWS Terraform and Ansible

Terraform with Ansible using a push-based approach

Terraform with Ansible using the pull-based approach

Summary

Questions

Further reading

Adding Continuous Integration and Continuous Deployment

Technical requirements

Building a CI pipeline

Creating a Jenkins server using Ansible and CloudFormation

Creating the Ansible playbook for Jenkins

Creating the CloudFormation template

Launching the stack and configuring Jenkins

Preparing our CI environment

Creating a new GitHub organization and repository

Creating a GitHub personal access token

Adding the access token to the credentials in Jenkins

Creating the Jenkins job to automatically run the builds

Implementing the helloworld application using our CI environment

Initializing the project

Creating a functional test using Mocha

Developing the remainder of the application

Creating the CI pipeline in Jenkins

Productionizing the CI pipeline

Building a continuous deployment pipeline

Creating new web servers for continuous deployment

Importing a custom library to Ansible for AWS CodeDeploy

Creating a CodeDeploy Ansible role

Creating the web server CloudFormation template

Launching our web server

Integrating our helloworld application with CodeDeploy

Creating the IAM service role for CodeDeploy

Creating the CodeDeploy application

Adding the CodeDeploy configuration and scripts to our repository

Building our deployment pipeline with AWS CodePipeline

Creating a continuous deployment pipeline for staging

Integrating Jenkins to our CodePipeline pipeline

Updating the IAM profile through CloudFormation

Installing and using the CodePipeline Jenkins plugin

Adding a test stage to our pipeline

Building a continuous delivery pipeline for production

Creating the new CloudFormation stack for production

Creating a CodeDeploy group to deploy to production

Adding a continuous delivery step to our pipeline

Strategies to practice continuous deployments in production

Fail fast

Canary deployment

Feature flags

Summary

Questions

Further reading

Scaling Your Infrastructure

Technical requirements

A monolithic application

What is a monolithic application?

Associating a DNS name

Scaling a monolithic application

Advantages of a monolith

The database

Moving the database to the RDS

Choose the RDS type

Backup

Multi-AZ

ElastiCache

Elastic Load Balancer (ELB)

Choosing the right ELB

Deploying the balancer

Step 1 – open the access for the port 8080 from the whole VPC CIDR

Step 2 – Creating the ALB and associate to the EC2 machine

Step 3 – creating an alias for the ELB

Step 4 – removing the Apache software from the machine

Configuring the SSL certificate

ALB and integration with Auth0

Pre-warming a load balancer

Access/error logs

The next step

Moving the state outside the EC2 machine

Pushing the logs out

Configure Auto Scaling

Moving our example inside Auto Scaling

Preparing the image

Using the wizard launch configuration part

Auto Scaling group part

Scaling policies

Modifying the Auto Scaling group

Removing the manually created instance from the balancer

Using microservices and serverless

Summary

Questions

Further reading

Running Containers in AWS

Technical requirements

Dockerizing our Hello World application

Getting started with Docker

Docker fundamentals

Docker in action

Creating our Dockerfile

Using the EC2 container service

Creating an ECR repository to manage our Docker image

Creating an ECS cluster

Creating an ALB

Creating our ECS hello world service

Creating a CI/CD pipeline to deploy to ECS

Creating our production ECS cluster

Automating the creation of containers with CodeBuild

Creating our deployment pipeline with CodePipeline

Adding the CloudFormation template to our code base

Creating a CloudFormation template for CodePipeline

Starting and configuring our CloudFormation stack

Summary

Questions

Further reading

Hardening the Security of Your AWS Environment

Technical requirements

IAM security

Root account

Root account password

Delete your root access keys

Setting up a password policy for IAM users

Creating an administrator group and a personal IAM user

AmazonEC2FullAccess policy

Final security status

CloudTrail

VPC Flow Logs

Creating the flow log for one subnet

Verifying the flow logs

VPC Flow Log consideration

VPC subnets

Routing and subnet types

Accessing private subnets

What to place in which subnet?

Identifying subnets from the web console

Endpoint routing

AWS WAF

Web application playground

Allow a sub-URL to be accessible only from an IP

Testing with the command line

Identifying the WAF from the web console

Blocking DoS/DDoS attacks

Creating AWS WAF with Terraform

DDoS attach consideration

WAF for SQL Injection (SQLi)

Summary

Questions

Further reading

Assessment

Chapter 1: The Cloud and DevOps Revolution

Chapter 2: Deploying Your First Web Application

Chapter 3: Treating Your Infrastructure as Code

Chapter 4: Infrastructure as Code with Terraform

Chapter 5: Adding Continuous Integration and Continuous Deployment

Chapter 6: Scaling Your Infrastructure

Chapter 7: Running Containers in AWS

Chapter 8: Hardening the Security of Your AWS Environment

Other Books You May Enjoy