AWS Certified Solutions Architect Pro – Study Notes Domain 3

Domain 3.0: Deployment Management (10% of exam)

3.1 Ability to manage the lifecycle of an application on AWS

3.2 Demonstrate ability to implement the right architecture for development, testing, and staging

environments

3.3 Position and select most appropriate AWS deployment mechanism based on scenario

• CloudFormation https://aws.amazon.com/cloudformation/faqs/
  
  
  • Services supported
    http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/cfn-supported-resources.html#d0e194974 :
    
    • API Gateway
      
    • Auto scaling
      
    • CloudFront
      
    • CloudTrail
      
    • CloudWatch
      
    • CodeCommit
      
    • CodeDeploy
      
    • CodePipeline
      
    • Data Pipeline
      
    • DynamoDB
      
    • EC2
      
    • ECS
      
    • ElastiCache
      
    • Elasticsearch
      
    • Elastic Beanstalk
      
    • Elastic Load Balancer (ELB)
      
    • Elastic Map Reduce (EMR)
      
    • GameLift
      
    • Kinesis
      
    • Lambda
      
    • IAM (create roles, policies)
      
    • IoT
      
    • OpsWorks
      
    • RDS
      
    • Redshift
      
    • Route53
      
    • S3
      
    • SimpleDB
      
    • SNS
      
    • SQS
      
    • VPC
      
    • Workspaces
      
  • Templates & Stacks:
    
    • Templates:
      
      • Architectural designs
        
      • Can create, update & delete templates
        
      • Written in JSON or YAML
        
      • Don’t need to figure out order/dependencies for provisioning AWS services. CF takes care of that for you.
        
      • AWS CloudFormation Design allows you to visualize your templates as diagrams & edit them using drag & drop interface.
        
    • Stacks:
      
      • Deployed resources based on templates
        
      • Can create, update & delete stacks using templates
        
      • Can be deployed using AWS mgmt. console, CLI or APIs
        
  • CloudFormation Template (CFT)
    
    • The blueprints for the house (in JSON or YAML format)
      
    • The CloudFormation Stack is the actual house J
      
    • Allows you to effectively apply version control to your AWS resources/infra
      
    • Elements of the Template
      
      • File format & version number (mandatory)
        
      • List of AWS resources and associated config values (mandatory)
        
      • Template parameters (optional)
        
        • Input values that are supplied @ stack creation time
          
        • Limit of 60
          
      • Output values (optional)
        
        • Output values required once a stack has finished building (public IP, ELB address, URL of completed web app, etc…)
          
        • Limit 60
          
      • List of data tables (optional)
        
        • Static config values (e.g. AMI names, Instance sizes, etc…)
          
    • Intrinsic Function Reference (Outputting Data) http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference.html :
      
      • Fn::Base64
      • Condition Functions
      • Fn::FindInMap
      • Fn::GetAtt ß most likely to be on exam
        
      • Fn::GetAZs
      • Fn::ImportValue
      • Fn::Join
      • Fn::Select
      • Fn::Sub
      • Ref
  • Supports Chef & Puppet Integration:
    
    • Deploy & configure down to the application layer
      
    • Bootstrap scripts are supported:
      
      • Install packages, files, & services by describing them in the CFT
        
  • Stack creation errors
    
    • By default, “automatic rollback on error” is enabled.
      
    • You will be charged for resources that are provisioned, even if there is an error
      
    • CF itself is free
      
  • Stacks can wait for applications:
    
    • Provides a WaitCondition resource that acts as a gate, blocking creation of other resources until a condition is satisfied.
      
  • You can specify deletion policies:
    
    • Can specify that snaps be created of EBS vols or RDS DBs prior to deletion
      
    • Can specify that a resource be preserved and not deleted when it’s stack is deleted (e.g. S3 bucket)
      
  • You can update a stack after it’s created
    
  • Can be used to create Roles in IAM:
    
    • Then used to grant EC2 instances access to those roles
      
  • Creation & Customization of VPCs
    
    • Can specify IP address ranges (CIDR as well as individual IP addresses for specific instances)
      
    • Can specify pre-existing EIPs
      
  • VPC Peering:
    
    • Can create multiple VPCs inside a single template
    • Can enable VPC peering, but only within the same AWS account
      
  • Route53:
    
    • CF can create new hosted zones or update existing ones , A Records, Aliases, C Names, etc…
      
• Elastic Beanstalk https://aws.amazon.com/elasticbeanstalk/faqs/ :
  
  • Overview:
    
    • Integrates with VPC
      
    • Integrates with IAM
      
    • Can provision RDS instances
      
    • Full control of resources
      
    • Code is stored in S3
      
    • Multiple environments are supported (for versioning)
      
    • Changes from Git repositories are replicated
      
    • Linux & Windows Server 2012 R2 supported
      
  • Ideal for Devs with no AWS experience that need to deploy quickly. They load their code up to Elastic Beanstalk and it takes care of the rest.
    
    • Capacity provisioning
      
    • Load balancing
      
    • Auto-scaling
      
    • Application health monitoring
      
  • Supported languages:
    
    • Java
      
    • .NET
      
    • PHP
      
    • Node.js
      
    • Python
      
    • Ruby
      
    • Go
      
    • Docker Web apps
      
  • CloudFormation supports Elastic Beanstalk, but Elastic Beanstalk will not provision CFTs
    
  • With it you can:
    
    • Select the operating system that matches your application requirements (e.g., Amazon Linux or Windows Server 2012 R2)
    • Choose from several available database and storage options
    • Enable login access to Amazon EC2 instances for immediate and direct troubleshooting
    • Quickly improve application reliability by running in more than one Availability Zone
    • Enhance application security by enabling HTTPS protocol on the load balancer
    • Access built-in Amazon CloudWatch monitoring and getting notifications on application health and other important events
    • Adjust application server settings (e.g., JVM settings) and pass environment variables
    • Run other application components, such as a memory caching service, side-by-side in Amazon EC2
    • Access log files without logging in to the application servers
  • Ways you can provision to Elastic Beanstalk:
    • Upload deployable code
    • Push Git repository
    • AWS Toolkit for Visual Studio & Eclipse allows you to do it straight from IDE
  • Updating – you can push updates from Git and only the deltas are transmitted
    
  • Application files and (optionally) server log files are stored in S3.
    
  • Elastic Beanstalk can automatically provision an Amazon RDS DB instance. The information about connectivity to the DB instance is exposed to your application by environment variables.
  • Multiple environments are allowed to support version control
    • Designed to support multiple running environments, such as one for integration testing, one for pre-production, and one for production. Each environment is independently configured and runs on its own separate AWS resources. Elastic Beanstalk also stores and tracks application versions over time, so an existing environment can be easily rolled back to a prior version or a new environment can be launched using an older version to try and reproduce a customer problem.
  • FT = multi-AZ but not multi-region
  • Supports VPC
    
  • Security:
    • By default, app is publicly available
      
    • Can use a VPC to provision a private, isolated section of your app in a virtual network. This virtual network can be made private through specific security group rules, NACLs, and custom route tables.
    • Supports IAM
      
• Opsworks https://aws.amazon.com/opsworks/faqs/
  
  
  • A config mgmt solution with automation tools that enable you to model/control your apps and their supporting infra. AWS OpsWorks makes it easy to manage the complete application lifecycle, including resource provisioning, config mgmt, app deployment, software updates, monitoring, and access control using Chef.
  • What is Chef?
    • Automation platform that turns your infra into code
    • Automates how apps are configured, deployed & managed
    • Chef server stores your recipes & other config data
      • Chef client (node) is installed on each server, VM, Container or networking device
      • Client periodically polls Chef servers latest policy & state of network
      • If anything is out of date, client remediates
  • Designed for IT admins and ops-minded devs who want a way to manage apps of nearly any scale and complexity without sacrificing control.
  • Create a logical arch, provision resources based on that arch, deploy your apps and all supporting software and packages in your chosen configuration, and then operate and maintain the app through lifecycle stages such as auto-scaling events and software updates.
  • Turns infra into code – infra becomes versionable, testable, and repeatable
  • A GUI to deploy & config your infra quickly
  • Consists of 2 elements, stacks & layers:
    • Stack = group of resources
    • Layer = a layer within the stack (i.e. load balancer layer, application layer, db layer, etc…)
      • 1 or more layers in a stack
      • An instance must be assigned at least 1 layer
      • Which chef layers run are determined by the layer the instance belongs to
      • Preconfigured layers:
        • App
        • DB
        • LB
        • Caching