Application Deployment

Application Deployment

Designing Cost-Optimized Compute

• Lambda
  • AWS compute service that runs code without servers (serverless compute)
    • These are servers but you don’t manage them
    • AWS manages those servers
  • Runs code only when needed
  • Scales automatically
    • Up to thousands of requests per second
  • Billed by compute time
  • Automated management on:
    • Server management
    • Operating system maintenance
    • Capacity scaling
    • Code monitoring
    • Logging
  • Language supported are:
    • Node.js
    • Java
    • C#
    • Go
    • Phyton
  • How Lambda process
    • Customer builds the code
    • Customer launches the code as Lambda function
    • AWS selects server
    • Customer calls Lambda function as needed from applications
    • It works with API Gateway
• API Gateway (more information click here)
  • It interacts with
    • AWS services
    • External web services
    • Datastore in AWS
• Kinesis
  • Processes streaming data
  • Makes it easy to collect, process, and analyze real-time, streaming data
  • It is real-time analytics – learning data as it comes in
  • Multi-tier enabler – allows you to separate analytics from your database
  • Very DevOps focused
  • Operating modes are:
    • Kinesis Data Streams – bringing data in and process
    • Kinesis Data Firehose – combine analytics and data stream before going to consumer
    • Kinesis Data Analytics – just focused on data analytics
    • Kinesis Video Streams (New) – it is a media service
  • Kinesis benefits
    • Architecture fully managed
    • No custom coding required
      • Configure producers – applications that send the data to Kinesis
      • Configure consumers – applications that get the data from Kinesis
      • Focus is on the analytics
• Kinesis Data Streams vs Kinesis Data Firehose

• Kinesis Data Analytics
  • Both data streams and firehose came into the analytics category
  • Only video streams is a different category
  • Analyzes real-time data streams
  • Based on standard SQL queries
  • Supports concurrent consumers
    • Redshift
    • S3
    • Elasticsearch
    • Lambda
    • Kinesis Data Streams
  • Process of Kinesis Data Analytics

• It’s all about midstream data analytics

Designing for Operational Excellence

• CloudFront
  • It uses a Content Delivery Network (CDN) which:
    • Distributes content to localized regions
    • Reduces latency
    • Provides high data transfer speeds
    • Especially helps if you want to launch a global website and allows them to use locally
  • Implementation consideration
    • Content source
      • S3 – allows to cache content closer to a consumer. Helps with a read operation not write
      • MediaPackage channel – package media for the target that you are trying to deliver. Packaging in the right format such as mobile, laptop, smart TV, etc
      • HTTP server – website caching (webpages or image files)
    • Content access
      • Public – everyone can view the content
      • Restrict – only specific people or groups can view (restriction based on IP addresses or geolocations)
    • Content constraints
      • HTTPS required – especially need for sensitive data such as banking, health, etc
      • Geo-restrictions – you may not want to show the content to a consumer if they are not in the write region (especially use in TV stations)
• Web Application Firewall (WAF)
  • Help your web application against web exploits that may affect the availability or compromise security
  • Controls access to HTTP and HTTPS servers
    • Based on requests
    • Based on source IPs
  • Works with CloudFront and/or Load Balancers
  • WAF behaviors are:
    • Allow all requests
      • Except for the ones that you specify
    • Block all requests
      • Except for the ones that you specify
    • Monitoring
      • Requests that match specified parameters
  • WAF operations
    • Error handling – someone tries to come in and WAF blocks it, it shows:
      • HTTP 403 error (forbidden)
    • Configurable default behavior
      • What happens when the request doesn’t match any rules?
      • There has to be something to do, either:
        • Allow
        • Deny
• AWS Shield
  • It’s a managed Distributed Denial of Services (DDoS) that protects applications running in AWS
  • Especially for a large organization
• Simple Queue Service (SQS)
  • It is a serverless messaging queuing service
  • Reliable communication between distributed software components and microservices at any scale
  • Used to decouple applications
    • Break application into separate processing tasks
    • Allow many small processes to form a complete solution
    • 1 million SQS requests for free each month (at the time of this blog writing)
• Simple Notification Service (SNS)
  • Send notifications from the cloud
    • For example, messaging about CloudWatch or Cost Explorer when your cost exceeds a certain amount
  • It uses a pub-sub model where the service publishers topics and subscribers receive them
  • It has several delivery options:
    • HTTP/HTTPS
    • Email
    • SMS
    • Lambda
    • SQS
  • Up to 256 KB of data
• Simple Workflow (SWF) (This will replace by Step Functions in the future. AWS recommends using Step Functions)
  • Defines the sequence of events required to achieve a workflow
    • Managing sequencing of events need to happen from start to finish in a computing process
  • Used in decoupled applications
    • We need to understand what different components does
  • It can be used in:
    • Media processing
    • Web application backend
    • Business process workflows
• Step Functions
  • It stores tasks and assigns them to workers when they are ready, tracks their progress, and maintains their state, including details on their completion
  • It uses state machines
    • It’s a collection of states, the relationship of those states, and their input and output

Designing for Elasticity and Scalability

• OpsWorks
  • Configuration management service
    • Configure through (code-based), you can use for:
      • Instant deployment
      • Service deployment
      • Application deployment
    • Operations through OpsWorks
      • Application updates
      • Infrastructure updates
  • It is an automated deployment
  • It has three offerings
    • OpsWorks Stacks
      • It is the initial mode
        • It’s a collection of layers
          • Any AWS service
          • Any runtime environment
    • OpsWorks Chef Automate
      • It’s a Cookbooks which contain recipes
      • Recipes equivalent to layers
        • They have defined configuration settings. They may be:
          • Admin defined
          • AWS defined
          • Third-party defined
    • OpsWorks Puppet
      • Master servers
        • It is pre-configured modules
        • Modules equivalent to layers
  • Use cases
    • In the cloud:
      • Chef
      • Puppet
    • On-premises
      • Stacks
• Cognito
  • Data synchronization service
    • It supports public identity providers (Google and Facebook)
    • Using SAML, private identity providers can be used
  • It’s a Single Sign-On (SSO) solution is AWS
• Elastic MapReduce (EMR) (it has nothing to do with mapping like Google map)
  • When you need to process massive amounts of data
  • Distributes processing across clusters
  • Pulls data from S3 buckets
  • Uses EC2 instances
  • Users define the number of needed clusters
  • EMR cluster nodes
    • Master
      • Coordinates job distribution across core and task nodes
    • Core
      • Runs tasks assigned by the master node
      • Stores data in the cluster
    • Task
      • Runs only tasks that do not store data
• CloudFormation
  • Why use it?
    • Rapid deployment
    • Mirror existing internal architectures
    • Take advantage of templates created by others
• CloudWatch
  • Monitors the cloud and on-premise systems
  • Examples of monitor systems are:
    • Billing dashboard
    • Performance dashboard
    • Security monitoring dashboard
  • It is based on logs
  • It can also trigger notifications based on events
  • Why use it?
    • Monitor critical systems
    • Receive notifications related to performance and security
    • Push on-premises logs into the cloud
    • Take automatic actions based on alarms
• Trusted Advisor
  • It provides recommendations that help you follow AWS best practices to increase:
    • Cost optimization
    • Performance
    • Security
    • Fault tolerance
  • Security improvements are included in the free tier
• Organizations https://aws.amazon.com/organizations/
  • It helps to manage the users, groups, and roles together in multiple AWS accounts
  • Collection of AWS accounts
  • Centralized
    • One management interface
    • Billing
    • Account management
  • No additional charge for use
  • Organizational Units (OUs)
    • Hierarchical account management
    • Nest OUs up to five levels deep
    • Then policies attached for permissions