Deployment & Instance Management Flashcards
1
Q
Elastic Beanstalk Billing
A
Free itself, pay for underlying instances
2
Q
Elastic Beanstalk Managed Services
A
- Instance/OS configuration (EC2, Elastic IP, RDS master)
- Configurable deployment strategy
3
Q
Elastic Beanstalk Architecture Models
A
- Single Instance - Dev
- LB + ASG + Standby RDS - Prod/Staging, multi AZ
- SQS + ASG - Prod, non-web, workers etc
4
Q
Elastic Beanstalk Worker Setup
A
- Long to complete, decoupling app into two tiers
- Can be called from web-app tier through SQS
- Can define periodic tasks into cron.yaml
5
Q
Elastic Beanstalk Blue/Green
A
- Using Route53 weighted routing
- Swap urls (DNS swap), when test v2 is done
6
Q
OpsWorks
A
- Chef & Puppet based on-prem, helps migrate to cloud
- Linux/Windows
- Open source, cross-cloud
- Cannot manage ASG
7
Q
OpsWorks Layers
A
Stack contains Layers
- ELB (ex ALB)
- Application Server (EC2) needs cookbook and app repository access
- Database (RDS)
8
Q
AWS CodeDeploy
A
- Managed Service Using CodeDeploy Agent: - EC2 - ASG - ECS - Lambda
9
Q
AWS CodeDeploy EC2
A
- appspec.yml + deployment strategy
- in place updates
- hooks for verification after each deploy phase
- Example -> half n half
10
Q
AWS CodeDeploy Lambda
A
- Traffic shifting feature
- Pre and Post traffic hooks (lambda functions) to validate deployment (before traffic shift starts and after it ends)
- Easy & automated rollback using CW Alarms
- SAM framework natively uses CodeDeploy
11
Q
AWS CodeDeploy ECS
A
- Facilitates Blue/Green in ECS
- Setup is within ECS service definition
- Creates new task set, traffic shifting
- If stable for x minutes, old task set terminated
12
Q
CloudFormation (IaC) & ASG
A
- CF manages ASG only, not underlying EC2
- Can define “success conditions”, for launch of EC2 via CreationPolicy
- Can define “update strategies” for update of EC2 via UpdatePolicy
13
Q
CloudFormation - Retaining Data on Deletes
A
- Attach DeletePolicy to resource to control CF del action
- Retain - preserve/backup (works on nested stack)
- Snapshot
- Delete - default for most except (RDS DB cluster which is Snapshot)
- To delete S3 bucket, remove contents first
14
Q
CloudFormation and IAM
A
- Uses IAM principal permissions
- Or can assign IAM role to the stack
- To create IAM resources, need to explicitly provide capability to CF, CAPABILITY_IAM or CAPABILITY_NAMED_IAM
15
Q
CloudFormation Custom Resources using Lambda
A
- Not yet supported in CF new aws service
- Empty content of S3 bucket
- On-prem resource
- Fetch AMI id, etc…
16
Q
CloudFormation Cross Stack
A
- Use Outputs Export and Fn::ImportValue
- example VPC id from CF stack needed to be referenced in other stacks, e.g. EC2
17
Q
CloudFormation Nested Stack
A
- Module, to be re-used by other parent stacks
18
Q
CloudFormation - CloudFormer
A
- Create CF template from existing AWS resources
19
Q
CloudFormation - ChangeSet
A
- Generate & Preview CF changes before the get applied
20
Q
CloudFormation - StackSet
A
- Deploy a CF stack across multiple accounts and region
21
Q
CloudFormation - Stack Policies
A
Prevent accidental deletes/updates to stack resources
22
Q
Service Catalog
A
- Controlled env where users can deploy pre-authorised (by admins) service catalog products
- Service Catalog is set of CF templates that users can use based on their IAM permissions
- CF templates ensure resources are standardized, consistent, compliant
- Teams are aligned with Product Portfolios for IAM permissions
- Integration with self-service portals, eg ServiceNow
23
Q
AWS SAM (Serverless Application Model)
A
- Framework for developing and deploying serverless applications
- Configuration is in YAML
- Lambda (AWS::Serverless::Function)
- DDB (AWS::Serverless::SimpleTable)
- API Gateway (AWS::Serverless:API)
- Cognito User Pools
24
Q
AWS SAM Features
A
- Can help run Lambda, API Gateway, DDB locally
- Uses CodeDeploy for Lambda (traffic shifting)
- Leverages CloudFormation in the backend
25
Deployment Options
- EC2 + User Data bootstrap
- Pre-built AMI + User Data
- ASG with launch template of pre-built AMI
- CodeDeploy - application deployments
- Elastic Beanstalk, great for migration from on-prem
- - In-place all at once
- - Rolling upgrades (with or without additional instances)
- - Immutable upgrades(new instances)
- - Blue/Green
- OpsWorks
- SAM - leverage CF + CodeDeploy
26
AWS SSM
- Helps manage EC2 fleet or On-premise systems
- Free
- Linux and Windows
- Easily detect problems or check inventory across fleets
- Patching automation for enhanced compliance
- Automation of Actions (Shut Down, create AMIs)
- Integrates with CW metrics/dashboard, AWS Config
27
AWS SSM How it works
- SSM Service + SSM agents on controlled systems
- SSM Agent installed by default on Linux AMIs & some Ubuntu AMIs
- Make sure EC2 has IAM role to allow SSM actions
28
AWS SSM Run Command
- Script or command
- Run across resource groups (bundled instances)
- Rate Control and Error Control
- Integrated with IAM and CT
- NO need for SSH
- Results in console
29
AWS SSM Patch Manager Patch Types
- Linux
- - AWS-{OS}DefaultPatchBaseline
- Windows
- - AWS-DefaultPatchBaseline: Critical & Security Updates
- - AWS-WindowsPredefinedPatchBaseline-OS
- - AWS-WindowsPredefinedPatchBaseline-Applications
- Custom
30
AWS SSM Patch Manager Steps
- Define Patch Baseline
- Define Patch Groups (dev, test ) using tag Patch Group
- Define Maintenance Window
- - Schedule, duration, patch groups and registered tasks
- - Add AWS-RunPatchBaseline Run Command as part of Maintenance Window registered tasks
- Rate Control
- Monitor Patch Compliance using SSM Inventory
