Title Page Copyright Effective DevOps with AWS Credits About the Author About the Reviewer www.PacktPub.com Why subscribe? Customer Feedback Preface What this book covers What you need for this book Who this book is for Conventions Reader feedback Customer support Downloading the example code Downloading the color images of this book Errata Piracy Questions The Cloud and the DevOps Revolution Thinking in terms of the cloud and not infrastructure Deploying your own hardware versus in the cloud Cost analysis Just-in-time infrastructure The different layers of building a cloud Adopting a DevOps culture The origin of DevOps The developers versus operations dilemma Too much code changing at once Differences in the production environment Communication Key characteristics of a DevOps culture Source control everything Automate testing Automate infrastructure provisioning and configuration Automate deployment Measure everything Deploying in AWS How best to take advantage of the AWS ecosystem How AWS synergizes with a DevOps culture Summary Deploying Your First Web Application Creating and configuring your account Signing up Enabling multi-factor authentication on the root account Creating a new user in IAM Installing and configuring the command-line interface (CLI) Installing Windows Subsystem for Linux (Windows only) Installing the AWS CLI package Configuring the AWS CLI Creating our first web server AMI Instance type Security group Generating your ssh keys Launching an EC2 instance Connecting to the EC2 instance using ssh Creating a simple Hello World web application Installing node.js Running a node.js Hello World. Turning our simple code into a service using Upstart Terminating our EC2 instance Summary Treating Your Infrastructure As Code Managing your infrastructure with CloudFormation Getting started with CloudFormation AWS CloudFormation Designer CloudFormer Recreating our Hello World example with CloudFormation Using troposphere to create a Python script for our template Creating the stack in the CloudFormation console Adding our template to a source control system Updating our CloudFormation stack Updating our Python script Updating our stack Change sets Deleting our CloudFormation stack Adding a configuration management system Getting started with Ansible Installing Ansible on your computer Creating our Ansible playground Creating our Ansible repository Executing modules Running arbitrary commands Ansible playbooks Creating a playbook Creating roles to deploy and start our web application Creating the playbook file Executing a playbook Canary-testing changes Running Ansible in pull mode Installing Git and Ansible on our EC2 instance Configuring Ansible to run on localhost Adding a cronjob to our EC2 instance Integrating Ansible with CloudFormation Monitoring Summary Adding Continuous Integration and Continuous Deployment Building a continuous integration pipeline Creating a Jenkins server using Ansible and CloudFormation Creating the Ansible playbook for Jenkins Creating the CloudFormation template Launching the stack and configuring Jenkins Preparing our CI environment Creating a new GitHub repository Creating a GitHub personal access token Adding the access token to the credentials in Jenkins Creating the Jenkins job to automatically run the builds Implementing the Hello World application using our CI environment Initializing the project Creating a functional test using mocha Developing the remaining of the application Creating the CI pipeline in Jenkins Productionizing the CI pipeline Building a continuous deployment pipeline Creating new web servers for continuous deployment Importing a custom library to Ansible for AWS CodeDeploy Creating a CodeDeploy Ansible role Creating the web server CloudFormation template Launching our web server Integrating our Hello World application with CodeDeploy Creating the IAM service role for CodeDeploy Creating the CodeDeploy application Adding the CodeDeploy configuration and scripts to our repository Building our deployment pipeline with AWS CodePipeline Creating a continuous deployment pipeline for staging Integrating Jenkins to our CodePipeline pipeline Updating the IAM profile through CloudFormation Installing and using the CodePipeline Jenkins plugin Adding a test stage to our pipeline Building a continuous delivery pipeline for production Creating the new CloudFormation stack for production Creating a CodeDeploy group to deploy to production Adding a continuous delivery step to our pipeline Strategies to practice continuous deployments in production Fail fast Canary Deployment Feature flags Summary Scaling Your Infrastructure Scaling a monolithic application Using Auto Scaling groups to scale web servers Updating our CloudFormation template Removing the instance creation Adding an ELB to our stack Adding an Auto Scaling capability Launching our new stack Updating CodeDeploy Basics of scaling a traditional database Improving performance and cost saving ElastiCache CloudFront Architecting your application to handle massive amounts of traffic Load balancers Elastic Load Balancer Application Load Balancer Offline processing with SQS and Kinesis Serverless architecture AWS Lambda API Gateway Data stores at scale Multi-region applications Summary Running Containers in AWS Dockerizing our helloworld application Getting started with Docker Docker fundamentals Docker in action Creating our Dockerfile Using the EC2 container service Creating an ECR repository to manage our Docker image Creating an ECS cluster Creating an ALB Creating our ECS hello world service Creating a CI/CD pipeline to deploy to ECS Creating our production ECS cluster Automating the creation of containers with CodeBuild Creating our deployment pipeline with CodePipeline Adding the CloudFormation template to our code base Creating a CloudFormation template for CodePipeline Starting and configuring our CloudFormation stack Summary Monitoring and Alerting Instrumenting our application for monitoring AWS CloudWatch Metrics Logs Events Using CloudWatch to monitor our helloworld application Adding logs to our application Creating a custom logger for our application Making changes to provide the version and saving the console log Making changes to CodeDeploy to better handle logging Adding metrics and events to our application Sending logs, events, and metrics to CloudWatch from EC2 Creating an Ansible role for CloudWatch logs Updating our CloudFormation template Handling logs, events, and metrics in ECS Advanced logging infrastructure with ElasticSearch, Kibana, and Firehose Creating and launching an ElasticSearch cluster Creating and launching a Kinesis Firehose stream Updating our application to send logs to the Firehose endpoint Adding permissions to EC2 to communicate with Firehose Changing the logging transport to send logs to Firehose Using Kibana to visualize logs Monitoring our infrastructure Monitoring EC2 Providing custom metrics to CloudWatch Updating our CloudFormation template Creating a CloudWatch role in Ansible Monitoring ECS clusters Monitoring ECS hosts Monitoring the ECS service Monitoring your containers Monitoring ALB and ELB instances Creating alarms using CloudWatch and SNS AWS Simple Notification Service (SNS) Creating an alert of an elevated error rate in our application Using CloudWatch events and Lambda to create alerts on custom metrics Monitoring and alerting with AWS health Summary Hardening the Security of Your AWS Environment Understanding where to focus your effort The shared responsibility model Auditing the security in your cloud AWS trusted advisor AWS Inspector Scout2 AWS CloudTrail Enabling CloudTrail using CloudFormation Validating CloudTrail logs integrity Using CloudTrail logs Sending CloudTrail logs to ElasticSearch using Lambda Creating a Kibana Dashboard for our CloudTrail logs Improving the security of the IAM layer Managing users in AWS Configuring a user password policy Creating groups for users and operators Creating proper IAM policies to empower users to do their work securely Empowering users to manage their accounts Enforcing the use of MFA devices Using a script to create an MFA session Managing service permissions in AWS Strengthening the security at the network level Creating a VPC with public and private subnets Recreating our helloworld stack using our new VPC Recreating our application to take advantage of private subnets Creating our helloworld application in the new VPC Creating a VPN connection to our VPC Deploying a VPN server to AWS Configuring your computer to use this VPN Protecting against targeted attacks Protecting against DoS and DDoS attacks Protecting against ransomware Summary