SlideShare uma empresa Scribd logo
1 de 37
Baixar para ler offline
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Amjad Hussain
Senior Manager, Amazon EC2
Tim Nicholas
Lead Automation Architect, Xero
12/01/2016
How I learned to embrace DevOps and configure
infrastructure at scale
Amazon EC2 Systems Manager
What to Expect from the Session
• Introduction to EC2 Systems Manager
• Learn about Run Command, State Manager, and
Parameter Store
• How Xero uses Run Command
• Demo!
• FAQs and best-practices
What we heard from you
• Traditional IT tools not built for the
cloud
• Managing resources at scale is difficult
• Lack of visibility into configuration,
granular control
• Multiple vendors; complex licensing
Introducing EC2 Systems Manager
A set of capabilities that enable automated configuration and
ongoing management of systems at scale, across all your
Windows and Linux workloads, running in Amazon EC2 or
on-premises
Systems Manager Capabilities
Run Command Maintenance
Window
Inventory
State Manager Parameter Store
Patch Manager
Automation
Deploy, Configure,
and Administer
Track and
Update
Shared
Capabilities
Run Command
Run Command
• Execution of administrative tasks
• Improve security posture – no need to SSH or RDP
• Delegated access control
• Customizable and flexible
• Get notified on the status of your commands
• Control the rate at which you send commands for scale
Sending a command
aws ssm send-command
--document-name AWS-RunPowerShellScript
--instance-id i-1234567
--parameters commands=“mkdir C:Demo”
--service-role-arn <my-service-role>
-- notification-config NotificationArn=<my-topic-
arn>,NotificationEvents=“Success”,NotificationType=“Command”
Remotely create a directory on an instance and notify via
SNS when it completes
Run Command – Getting started
• Instance: Setup agent, AWS Identity & Access
Management (IAM) role on your instance
• Document: Author your intent
• Command and Command Invocation
• Plugins: In-guest actions that perform tasks
• Status and output: Granular results
Run Command – Scale
• Send a command based on a tag query
• Velocity control and error handling
aws ssm send-command --document-name <value> --targets
“Key=tag:ServerRole;Values=WebFrontEnd” […]
aws ssm send-command --max-concurrency 10 …
aws ssm send-command --max-errors 10 …
Setting up your instances
• Single light-weight agent, cross-platform
• SSM agent is open source, written in Go
• Health status via DescribeInstanceInformation
• On-demand agent update
• Hybrid support
Finding out which instances are heartbeating
D:Usersamjadhu>aws ssm describe-instance-information
{
"InstanceInformationList": [
{
"IsLatestVersion": false,
"PingStatus": "Online",
"InstanceId": "i-c6d69773",
"ResourceType": "EC2Instance",
"AgentVersion": "3.17.1032",
"PlatformVersion": "6.2.9200",
"PlatformName": "Windows Server 2012 Standard",
"PlatformType": "Windows",
"LastPingDateTime": 1477203028.78
},
Setting up the agent for on-premises
• One-time setup to register
on-premises servers
• Consistent experience
• Identified by mi-*
• One-time setup to register
on-premises servers
• Consistent experience
• Identified by mi-*
Customizing commands
• Documents: A common way of authoring across EC2
Systems Manager
• Parameters: Allows passing in run-time values
• JSON schema, allows editing and versioning
• Sharing with accounts
• Amazon published documents (begin with AWS-*)
Document content
{
"schemaVersion": "2.0",
"description": “Simple script execution",
"mainSteps": [
{
"action": "aws:runPowerShellScript",
"name": “runMyScript",
"inputs": {
"runCommand": “.myScript.ps1",
"workingDirectory": "C:Temp",
"timeoutSeconds": "10"
}
}
]
}
Sharing Documents
• Share with other accounts
• Cross-account scenarios
How Xero uses Run Command
Xero – Run Command
Beautiful cloud-
based
accounting software
Connecting people with the right numbers
anytime, anywhere, on any device
Beautiful accounting software
Xero – Run Command
1,500+
Staff globally
862k
Subscribers globally
$303m
sub revenue FY16
All figures shown are in NZD
2 years
AWS design and build
6 months
AWS service migration
Xero – Operational Challenges
• Host discovery
• Dynamic, disposable servers
• Increase in host count
• Integration with pipeline tools
• CI/CD tooling
• Chat bots
• Lambda
• Network isolation
• Production Servers vs Pipeline tools (git, CI/CD)
• Multiple AWS accounts
• Production Servers vs operations/development team workstations
prox
y
WAF
prox
y
WAF
internet
customer
s
admin
Prod TPZ
Services
TPZ
Prod App VPC Services App VPC
Xero – Network Separation
Xero – Run Command Use Cases
• Validation of .Net application configuration - From CI
• Reloading application pools - via CI
• Enabling services on a sample of machines in an
ASG via AWS Lambda
• PowerShell modules for interactive investigation
Xero – Demo!
PowerShell modules for interactive
investigation
State Manager
State Manager
• Maintain consistent state of instances
• Reapply to keep instances from drifting
• Easily view status of configuration changes
• Define schedule – ad hoc, periodic
• Track aggregate status for your fleet
State Manager – Getting started
• Document: Author your intent
• Target: Instances or tag queries
• Association: Binding between a document and a
target
• Schedule: When to apply your association
• Status: Check the state of your association at an
aggregate or instance level
Creating an Association
aws ssm create-association
--document-name WebServerDocument
--document-version $DEFAULT
--schedule-expression cron(0 */30 * * * ? *)
--targets “Key=tag:Name;Values=WebServer”
--output-location "{ "S3Location": { "OutputS3Region": “us-east-1",
"OutputS3BucketName": “MyBucket", "OutputS3KeyPrefix": “MyPrefix" } }“
Configures all instances that match the tag query and reapplies every
30 minutes
Parameter Store
Parameter Store
• Centrally store and find config data
• Repeatable, automatable management (e.g. SQL
connection strings)
• Granular access control – view, use and edit values
• Encrypt sensitive data using your own AWS KMS keys
Parameter Store – Getting started
• Parameter: Key-value pair
• Secure Strings: Encrypt sensitive parameters with your
own KMS or default account encryption key
• Reuse: In Documents and easily reference at runtime
across EC2 Systems Manager using {{ssm:parameter-
name}}
• Access Control: Create an IAM policy to control access
to specific parameter
Creating and using a parameter
aws ssm put-parameter
--name mycommand
--type string
--value “dir C:Users”
aws ssm send-command
--name AWS-RunPowerShellScript
--parameters commands=[“echo {{ssm:mycommand}}”]
--target Key=tag:Name,Values=WebServer
Demo!
Best-practices and FAQs
• What OS platforms are supported?
• Update your SSM agent today to get started!
• What ports or network access do my instances need?
• Is there anything different to set up on-premises servers?
• Use notifications, velocity control
• For disruptive actions, use Run Command with Maintenance
Window
• Fine-grained access control through IAM policies on resources (e.g.
documents)
• Customize configuration with idempotent scripts for State Manager
Your Feedback is Important!
• These services are available today
• Learn more at https://aws.amazon.com/ec2/run-
command/
• Technical documentation at
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/
run-command.html
• Please send your feedback, improvements, requests to
ec2-ssm-feedback@amazon.com
Thank you!
Remember to complete
your evaluations!
Related Sessions
WIN401 - How to Manage Inventory, Patching, and System
Images for Your Hybrid Cloud with AWS Management
Capabilities

Mais conteúdo relacionado

Mais procurados

Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...
Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...
Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...Amazon Web Services
 
ENT401 Deep Dive with Amazon EC2 Systems Manager
ENT401 Deep Dive with Amazon EC2 Systems ManagerENT401 Deep Dive with Amazon EC2 Systems Manager
ENT401 Deep Dive with Amazon EC2 Systems ManagerAmazon Web Services
 
AWS re:Invent 2016: Store and collaborate on content securely with Amazon Wor...
AWS re:Invent 2016: Store and collaborate on content securely with Amazon Wor...AWS re:Invent 2016: Store and collaborate on content securely with Amazon Wor...
AWS re:Invent 2016: Store and collaborate on content securely with Amazon Wor...Amazon Web Services
 
AWS re:Invent 2016: Dollars and Sense: Technical Tips for Continual Cost Opti...
AWS re:Invent 2016: Dollars and Sense: Technical Tips for Continual Cost Opti...AWS re:Invent 2016: Dollars and Sense: Technical Tips for Continual Cost Opti...
AWS re:Invent 2016: Dollars and Sense: Technical Tips for Continual Cost Opti...Amazon Web Services
 
WKS407 Wild Rydes Takes Off – The Dawn of a New Unicorn
WKS407 Wild Rydes Takes Off – The Dawn of a New UnicornWKS407 Wild Rydes Takes Off – The Dawn of a New Unicorn
WKS407 Wild Rydes Takes Off – The Dawn of a New UnicornAmazon Web Services
 
Automated Compliance and Governance with AWS Config and AWS CloudTrail - June...
Automated Compliance and Governance with AWS Config and AWS CloudTrail - June...Automated Compliance and Governance with AWS Config and AWS CloudTrail - June...
Automated Compliance and Governance with AWS Config and AWS CloudTrail - June...Amazon Web Services
 
AWS re:Invent 2016: How Harvard University Improves Scalable Cloud Network Se...
AWS re:Invent 2016: How Harvard University Improves Scalable Cloud Network Se...AWS re:Invent 2016: How Harvard University Improves Scalable Cloud Network Se...
AWS re:Invent 2016: How Harvard University Improves Scalable Cloud Network Se...Amazon Web Services
 
WKS401 Deploy a Deep Learning Framework on Amazon ECS and EC2 Spot Instances
WKS401 Deploy a Deep Learning Framework on Amazon ECS and EC2 Spot InstancesWKS401 Deploy a Deep Learning Framework on Amazon ECS and EC2 Spot Instances
WKS401 Deploy a Deep Learning Framework on Amazon ECS and EC2 Spot InstancesAmazon Web Services
 
Migrate from Oracle to Amazon Aurora using AWS Schema Conversion Tool & AWS D...
Migrate from Oracle to Amazon Aurora using AWS Schema Conversion Tool & AWS D...Migrate from Oracle to Amazon Aurora using AWS Schema Conversion Tool & AWS D...
Migrate from Oracle to Amazon Aurora using AWS Schema Conversion Tool & AWS D...Amazon Web Services
 
Being Well Architected in the Cloud (Updated)
Being Well Architected in the Cloud (Updated)Being Well Architected in the Cloud (Updated)
Being Well Architected in the Cloud (Updated)Adrian Hornsby
 
NEW LAUNCH! Intro to Amazon Athena. Easily analyze data in S3, using SQL.
NEW LAUNCH! Intro to Amazon Athena. Easily analyze data in S3, using SQL.NEW LAUNCH! Intro to Amazon Athena. Easily analyze data in S3, using SQL.
NEW LAUNCH! Intro to Amazon Athena. Easily analyze data in S3, using SQL.Amazon Web Services
 
Hands On Lab: Introduction to Microsoft SQL Server in AWS - May 2017 AWS Onli...
Hands On Lab: Introduction to Microsoft SQL Server in AWS - May 2017 AWS Onli...Hands On Lab: Introduction to Microsoft SQL Server in AWS - May 2017 AWS Onli...
Hands On Lab: Introduction to Microsoft SQL Server in AWS - May 2017 AWS Onli...Amazon Web Services
 
SRV422 Deep Dive on AWS Database Migration Service
SRV422 Deep Dive on AWS Database Migration ServiceSRV422 Deep Dive on AWS Database Migration Service
SRV422 Deep Dive on AWS Database Migration ServiceAmazon Web Services
 
NEW LAUNCH! Introducing AWS Batch: Easy and efficient batch computing on Amaz...
NEW LAUNCH! Introducing AWS Batch: Easy and efficient batch computing on Amaz...NEW LAUNCH! Introducing AWS Batch: Easy and efficient batch computing on Amaz...
NEW LAUNCH! Introducing AWS Batch: Easy and efficient batch computing on Amaz...Amazon Web Services
 
Getting Started with Managed Database Services on AWS - September 2016 Webina...
Getting Started with Managed Database Services on AWS - September 2016 Webina...Getting Started with Managed Database Services on AWS - September 2016 Webina...
Getting Started with Managed Database Services on AWS - September 2016 Webina...Amazon Web Services
 
S/4HANA on AWS-SAPPHIRE NOW 2016
S/4HANA on AWS-SAPPHIRE NOW 2016S/4HANA on AWS-SAPPHIRE NOW 2016
S/4HANA on AWS-SAPPHIRE NOW 2016Amazon Web Services
 
Running Relational Databases on AWS
Running Relational Databases on AWS  Running Relational Databases on AWS
Running Relational Databases on AWS Amazon Web Services
 

Mais procurados (20)

Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...
Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...
Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...
 
ENT401 Deep Dive with Amazon EC2 Systems Manager
ENT401 Deep Dive with Amazon EC2 Systems ManagerENT401 Deep Dive with Amazon EC2 Systems Manager
ENT401 Deep Dive with Amazon EC2 Systems Manager
 
AWS re:Invent 2016: Store and collaborate on content securely with Amazon Wor...
AWS re:Invent 2016: Store and collaborate on content securely with Amazon Wor...AWS re:Invent 2016: Store and collaborate on content securely with Amazon Wor...
AWS re:Invent 2016: Store and collaborate on content securely with Amazon Wor...
 
AWS re:Invent 2016: Dollars and Sense: Technical Tips for Continual Cost Opti...
AWS re:Invent 2016: Dollars and Sense: Technical Tips for Continual Cost Opti...AWS re:Invent 2016: Dollars and Sense: Technical Tips for Continual Cost Opti...
AWS re:Invent 2016: Dollars and Sense: Technical Tips for Continual Cost Opti...
 
WKS407 Wild Rydes Takes Off – The Dawn of a New Unicorn
WKS407 Wild Rydes Takes Off – The Dawn of a New UnicornWKS407 Wild Rydes Takes Off – The Dawn of a New Unicorn
WKS407 Wild Rydes Takes Off – The Dawn of a New Unicorn
 
Automated Compliance and Governance with AWS Config and AWS CloudTrail - June...
Automated Compliance and Governance with AWS Config and AWS CloudTrail - June...Automated Compliance and Governance with AWS Config and AWS CloudTrail - June...
Automated Compliance and Governance with AWS Config and AWS CloudTrail - June...
 
AWS re:Invent 2016: How Harvard University Improves Scalable Cloud Network Se...
AWS re:Invent 2016: How Harvard University Improves Scalable Cloud Network Se...AWS re:Invent 2016: How Harvard University Improves Scalable Cloud Network Se...
AWS re:Invent 2016: How Harvard University Improves Scalable Cloud Network Se...
 
WKS401 Deploy a Deep Learning Framework on Amazon ECS and EC2 Spot Instances
WKS401 Deploy a Deep Learning Framework on Amazon ECS and EC2 Spot InstancesWKS401 Deploy a Deep Learning Framework on Amazon ECS and EC2 Spot Instances
WKS401 Deploy a Deep Learning Framework on Amazon ECS and EC2 Spot Instances
 
Migrate from Oracle to Amazon Aurora using AWS Schema Conversion Tool & AWS D...
Migrate from Oracle to Amazon Aurora using AWS Schema Conversion Tool & AWS D...Migrate from Oracle to Amazon Aurora using AWS Schema Conversion Tool & AWS D...
Migrate from Oracle to Amazon Aurora using AWS Schema Conversion Tool & AWS D...
 
Being Well Architected in the Cloud (Updated)
Being Well Architected in the Cloud (Updated)Being Well Architected in the Cloud (Updated)
Being Well Architected in the Cloud (Updated)
 
SEC301 Security @ (Cloud) Scale
SEC301 Security @ (Cloud) ScaleSEC301 Security @ (Cloud) Scale
SEC301 Security @ (Cloud) Scale
 
Agile BI - Pop-up Loft Tel Aviv
Agile BI - Pop-up Loft Tel AvivAgile BI - Pop-up Loft Tel Aviv
Agile BI - Pop-up Loft Tel Aviv
 
NEW LAUNCH! Intro to Amazon Athena. Easily analyze data in S3, using SQL.
NEW LAUNCH! Intro to Amazon Athena. Easily analyze data in S3, using SQL.NEW LAUNCH! Intro to Amazon Athena. Easily analyze data in S3, using SQL.
NEW LAUNCH! Intro to Amazon Athena. Easily analyze data in S3, using SQL.
 
Hands On Lab: Introduction to Microsoft SQL Server in AWS - May 2017 AWS Onli...
Hands On Lab: Introduction to Microsoft SQL Server in AWS - May 2017 AWS Onli...Hands On Lab: Introduction to Microsoft SQL Server in AWS - May 2017 AWS Onli...
Hands On Lab: Introduction to Microsoft SQL Server in AWS - May 2017 AWS Onli...
 
SRV422 Deep Dive on AWS Database Migration Service
SRV422 Deep Dive on AWS Database Migration ServiceSRV422 Deep Dive on AWS Database Migration Service
SRV422 Deep Dive on AWS Database Migration Service
 
NEW LAUNCH! Introducing AWS Batch: Easy and efficient batch computing on Amaz...
NEW LAUNCH! Introducing AWS Batch: Easy and efficient batch computing on Amaz...NEW LAUNCH! Introducing AWS Batch: Easy and efficient batch computing on Amaz...
NEW LAUNCH! Introducing AWS Batch: Easy and efficient batch computing on Amaz...
 
Getting Started with Managed Database Services on AWS - September 2016 Webina...
Getting Started with Managed Database Services on AWS - September 2016 Webina...Getting Started with Managed Database Services on AWS - September 2016 Webina...
Getting Started with Managed Database Services on AWS - September 2016 Webina...
 
S/4HANA on AWS-SAPPHIRE NOW 2016
S/4HANA on AWS-SAPPHIRE NOW 2016S/4HANA on AWS-SAPPHIRE NOW 2016
S/4HANA on AWS-SAPPHIRE NOW 2016
 
Running Relational Databases on AWS
Running Relational Databases on AWS  Running Relational Databases on AWS
Running Relational Databases on AWS
 
Cost Optimization at Scale
Cost Optimization at ScaleCost Optimization at Scale
Cost Optimization at Scale
 

Destaque

Cloudsolutionday 2016: DevOps workflow with Docker on AWS
Cloudsolutionday 2016: DevOps workflow with Docker on AWSCloudsolutionday 2016: DevOps workflow with Docker on AWS
Cloudsolutionday 2016: DevOps workflow with Docker on AWSAWS Vietnam Community
 
AWS re:Invent 2016: Taking DevOps to the AWS Edge (CTD302)
AWS re:Invent 2016: Taking DevOps to the AWS Edge (CTD302)AWS re:Invent 2016: Taking DevOps to the AWS Edge (CTD302)
AWS re:Invent 2016: Taking DevOps to the AWS Edge (CTD302)Amazon Web Services
 
AWS re:Invent 2016: Automated DevOps and Continuous Delivery (DEV211)
AWS re:Invent 2016: Automated DevOps and Continuous Delivery (DEV211)AWS re:Invent 2016: Automated DevOps and Continuous Delivery (DEV211)
AWS re:Invent 2016: Automated DevOps and Continuous Delivery (DEV211)Amazon Web Services
 
Getting Started With Continuous Delivery on AWS - AWS April 2016 Webinar Series
Getting Started With Continuous Delivery on AWS - AWS April 2016 Webinar SeriesGetting Started With Continuous Delivery on AWS - AWS April 2016 Webinar Series
Getting Started With Continuous Delivery on AWS - AWS April 2016 Webinar SeriesAmazon Web Services
 
Jenkins and AWS DevOps Tools
Jenkins and AWS DevOps ToolsJenkins and AWS DevOps Tools
Jenkins and AWS DevOps ToolsJimmy Ray
 
DevOps with Amazon Web Services
DevOps with Amazon Web ServicesDevOps with Amazon Web Services
DevOps with Amazon Web ServicesJulien SIMON
 
Introduction to DevSecOps on AWS
Introduction to DevSecOps on AWSIntroduction to DevSecOps on AWS
Introduction to DevSecOps on AWSAmazon Web Services
 
Pipelining DevOps with Jenkins and AWS
Pipelining DevOps with Jenkins and AWSPipelining DevOps with Jenkins and AWS
Pipelining DevOps with Jenkins and AWSJimmy Ray
 
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer ToolsDevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer ToolsAmazon Web Services
 
DevOps on AWS: Accelerating Software Delivery with AWS Developer Tools | AWS ...
DevOps on AWS: Accelerating Software Delivery with AWS Developer Tools | AWS ...DevOps on AWS: Accelerating Software Delivery with AWS Developer Tools | AWS ...
DevOps on AWS: Accelerating Software Delivery with AWS Developer Tools | AWS ...Amazon Web Services
 
AWS Summit Paris 2017 : DevOps in a container world
AWS Summit Paris 2017 : DevOps in a container worldAWS Summit Paris 2017 : DevOps in a container world
AWS Summit Paris 2017 : DevOps in a container worldDevoteam Revolve
 
AWS re:Invent 2016: Building the Future of DevOps with Amazon Web Services (D...
AWS re:Invent 2016: Building the Future of DevOps with Amazon Web Services (D...AWS re:Invent 2016: Building the Future of DevOps with Amazon Web Services (D...
AWS re:Invent 2016: Building the Future of DevOps with Amazon Web Services (D...Amazon Web Services
 
Delivering DevOps on AWS: Accelerating Software Delivery with AWS Developer T...
Delivering DevOps on AWS: Accelerating Software Delivery with AWS Developer T...Delivering DevOps on AWS: Accelerating Software Delivery with AWS Developer T...
Delivering DevOps on AWS: Accelerating Software Delivery with AWS Developer T...Amazon Web Services
 
DevOps as a Pathway to AWS | AWS Public Sector Summit 2016
DevOps as a Pathway to AWS | AWS Public Sector Summit 2016DevOps as a Pathway to AWS | AWS Public Sector Summit 2016
DevOps as a Pathway to AWS | AWS Public Sector Summit 2016Amazon Web Services
 
AWS re:Invent 2016: DevOps on AWS: Accelerating Software Delivery with the AW...
AWS re:Invent 2016: DevOps on AWS: Accelerating Software Delivery with the AW...AWS re:Invent 2016: DevOps on AWS: Accelerating Software Delivery with the AW...
AWS re:Invent 2016: DevOps on AWS: Accelerating Software Delivery with the AW...Amazon Web Services
 
Devops with Amazon Web Services (January 2017)
Devops with Amazon Web Services (January 2017)Devops with Amazon Web Services (January 2017)
Devops with Amazon Web Services (January 2017)Julien SIMON
 
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer ToolsDevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer ToolsAmazon Web Services
 
AWS re:Invent 2016: DevOps on AWS: Advanced Continuous Delivery Techniques (D...
AWS re:Invent 2016: DevOps on AWS: Advanced Continuous Delivery Techniques (D...AWS re:Invent 2016: DevOps on AWS: Advanced Continuous Delivery Techniques (D...
AWS re:Invent 2016: DevOps on AWS: Advanced Continuous Delivery Techniques (D...Amazon Web Services
 

Destaque (20)

Cloudsolutionday 2016: DevOps workflow with Docker on AWS
Cloudsolutionday 2016: DevOps workflow with Docker on AWSCloudsolutionday 2016: DevOps workflow with Docker on AWS
Cloudsolutionday 2016: DevOps workflow with Docker on AWS
 
AWS re:Invent 2016: Taking DevOps to the AWS Edge (CTD302)
AWS re:Invent 2016: Taking DevOps to the AWS Edge (CTD302)AWS re:Invent 2016: Taking DevOps to the AWS Edge (CTD302)
AWS re:Invent 2016: Taking DevOps to the AWS Edge (CTD302)
 
AWS re:Invent 2016: Automated DevOps and Continuous Delivery (DEV211)
AWS re:Invent 2016: Automated DevOps and Continuous Delivery (DEV211)AWS re:Invent 2016: Automated DevOps and Continuous Delivery (DEV211)
AWS re:Invent 2016: Automated DevOps and Continuous Delivery (DEV211)
 
Getting Started With Continuous Delivery on AWS - AWS April 2016 Webinar Series
Getting Started With Continuous Delivery on AWS - AWS April 2016 Webinar SeriesGetting Started With Continuous Delivery on AWS - AWS April 2016 Webinar Series
Getting Started With Continuous Delivery on AWS - AWS April 2016 Webinar Series
 
Jenkins and AWS DevOps Tools
Jenkins and AWS DevOps ToolsJenkins and AWS DevOps Tools
Jenkins and AWS DevOps Tools
 
Introduction to DevSecOps
Introduction to DevSecOpsIntroduction to DevSecOps
Introduction to DevSecOps
 
DevOps in Amazon.com
DevOps in Amazon.com DevOps in Amazon.com
DevOps in Amazon.com
 
DevOps with Amazon Web Services
DevOps with Amazon Web ServicesDevOps with Amazon Web Services
DevOps with Amazon Web Services
 
Introduction to DevSecOps on AWS
Introduction to DevSecOps on AWSIntroduction to DevSecOps on AWS
Introduction to DevSecOps on AWS
 
Pipelining DevOps with Jenkins and AWS
Pipelining DevOps with Jenkins and AWSPipelining DevOps with Jenkins and AWS
Pipelining DevOps with Jenkins and AWS
 
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer ToolsDevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
 
DevOps on AWS: Accelerating Software Delivery with AWS Developer Tools | AWS ...
DevOps on AWS: Accelerating Software Delivery with AWS Developer Tools | AWS ...DevOps on AWS: Accelerating Software Delivery with AWS Developer Tools | AWS ...
DevOps on AWS: Accelerating Software Delivery with AWS Developer Tools | AWS ...
 
AWS Summit Paris 2017 : DevOps in a container world
AWS Summit Paris 2017 : DevOps in a container worldAWS Summit Paris 2017 : DevOps in a container world
AWS Summit Paris 2017 : DevOps in a container world
 
AWS re:Invent 2016: Building the Future of DevOps with Amazon Web Services (D...
AWS re:Invent 2016: Building the Future of DevOps with Amazon Web Services (D...AWS re:Invent 2016: Building the Future of DevOps with Amazon Web Services (D...
AWS re:Invent 2016: Building the Future of DevOps with Amazon Web Services (D...
 
Delivering DevOps on AWS: Accelerating Software Delivery with AWS Developer T...
Delivering DevOps on AWS: Accelerating Software Delivery with AWS Developer T...Delivering DevOps on AWS: Accelerating Software Delivery with AWS Developer T...
Delivering DevOps on AWS: Accelerating Software Delivery with AWS Developer T...
 
DevOps as a Pathway to AWS | AWS Public Sector Summit 2016
DevOps as a Pathway to AWS | AWS Public Sector Summit 2016DevOps as a Pathway to AWS | AWS Public Sector Summit 2016
DevOps as a Pathway to AWS | AWS Public Sector Summit 2016
 
AWS re:Invent 2016: DevOps on AWS: Accelerating Software Delivery with the AW...
AWS re:Invent 2016: DevOps on AWS: Accelerating Software Delivery with the AW...AWS re:Invent 2016: DevOps on AWS: Accelerating Software Delivery with the AW...
AWS re:Invent 2016: DevOps on AWS: Accelerating Software Delivery with the AW...
 
Devops with Amazon Web Services (January 2017)
Devops with Amazon Web Services (January 2017)Devops with Amazon Web Services (January 2017)
Devops with Amazon Web Services (January 2017)
 
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer ToolsDevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
 
AWS re:Invent 2016: DevOps on AWS: Advanced Continuous Delivery Techniques (D...
AWS re:Invent 2016: DevOps on AWS: Advanced Continuous Delivery Techniques (D...AWS re:Invent 2016: DevOps on AWS: Advanced Continuous Delivery Techniques (D...
AWS re:Invent 2016: DevOps on AWS: Advanced Continuous Delivery Techniques (D...
 

Mais de Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

Mais de Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

AWS re:Invent 2016: How I learned to embrace DevOps and Configure Infrastructure at Scale (WIN402)

  • 1. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amjad Hussain Senior Manager, Amazon EC2 Tim Nicholas Lead Automation Architect, Xero 12/01/2016 How I learned to embrace DevOps and configure infrastructure at scale Amazon EC2 Systems Manager
  • 2. What to Expect from the Session • Introduction to EC2 Systems Manager • Learn about Run Command, State Manager, and Parameter Store • How Xero uses Run Command • Demo! • FAQs and best-practices
  • 3. What we heard from you • Traditional IT tools not built for the cloud • Managing resources at scale is difficult • Lack of visibility into configuration, granular control • Multiple vendors; complex licensing
  • 4. Introducing EC2 Systems Manager A set of capabilities that enable automated configuration and ongoing management of systems at scale, across all your Windows and Linux workloads, running in Amazon EC2 or on-premises
  • 5. Systems Manager Capabilities Run Command Maintenance Window Inventory State Manager Parameter Store Patch Manager Automation Deploy, Configure, and Administer Track and Update Shared Capabilities
  • 7. Run Command • Execution of administrative tasks • Improve security posture – no need to SSH or RDP • Delegated access control • Customizable and flexible • Get notified on the status of your commands • Control the rate at which you send commands for scale
  • 8. Sending a command aws ssm send-command --document-name AWS-RunPowerShellScript --instance-id i-1234567 --parameters commands=“mkdir C:Demo” --service-role-arn <my-service-role> -- notification-config NotificationArn=<my-topic- arn>,NotificationEvents=“Success”,NotificationType=“Command” Remotely create a directory on an instance and notify via SNS when it completes
  • 9. Run Command – Getting started • Instance: Setup agent, AWS Identity & Access Management (IAM) role on your instance • Document: Author your intent • Command and Command Invocation • Plugins: In-guest actions that perform tasks • Status and output: Granular results
  • 10. Run Command – Scale • Send a command based on a tag query • Velocity control and error handling aws ssm send-command --document-name <value> --targets “Key=tag:ServerRole;Values=WebFrontEnd” […] aws ssm send-command --max-concurrency 10 … aws ssm send-command --max-errors 10 …
  • 11. Setting up your instances • Single light-weight agent, cross-platform • SSM agent is open source, written in Go • Health status via DescribeInstanceInformation • On-demand agent update • Hybrid support
  • 12. Finding out which instances are heartbeating D:Usersamjadhu>aws ssm describe-instance-information { "InstanceInformationList": [ { "IsLatestVersion": false, "PingStatus": "Online", "InstanceId": "i-c6d69773", "ResourceType": "EC2Instance", "AgentVersion": "3.17.1032", "PlatformVersion": "6.2.9200", "PlatformName": "Windows Server 2012 Standard", "PlatformType": "Windows", "LastPingDateTime": 1477203028.78 },
  • 13. Setting up the agent for on-premises • One-time setup to register on-premises servers • Consistent experience • Identified by mi-* • One-time setup to register on-premises servers • Consistent experience • Identified by mi-*
  • 14. Customizing commands • Documents: A common way of authoring across EC2 Systems Manager • Parameters: Allows passing in run-time values • JSON schema, allows editing and versioning • Sharing with accounts • Amazon published documents (begin with AWS-*)
  • 15. Document content { "schemaVersion": "2.0", "description": “Simple script execution", "mainSteps": [ { "action": "aws:runPowerShellScript", "name": “runMyScript", "inputs": { "runCommand": “.myScript.ps1", "workingDirectory": "C:Temp", "timeoutSeconds": "10" } } ] }
  • 16. Sharing Documents • Share with other accounts • Cross-account scenarios
  • 17. How Xero uses Run Command
  • 18. Xero – Run Command Beautiful cloud- based accounting software Connecting people with the right numbers anytime, anywhere, on any device Beautiful accounting software
  • 19. Xero – Run Command 1,500+ Staff globally 862k Subscribers globally $303m sub revenue FY16 All figures shown are in NZD 2 years AWS design and build 6 months AWS service migration
  • 20. Xero – Operational Challenges • Host discovery • Dynamic, disposable servers • Increase in host count • Integration with pipeline tools • CI/CD tooling • Chat bots • Lambda • Network isolation • Production Servers vs Pipeline tools (git, CI/CD) • Multiple AWS accounts • Production Servers vs operations/development team workstations
  • 21. prox y WAF prox y WAF internet customer s admin Prod TPZ Services TPZ Prod App VPC Services App VPC Xero – Network Separation
  • 22. Xero – Run Command Use Cases • Validation of .Net application configuration - From CI • Reloading application pools - via CI • Enabling services on a sample of machines in an ASG via AWS Lambda • PowerShell modules for interactive investigation
  • 23. Xero – Demo! PowerShell modules for interactive investigation
  • 25. State Manager • Maintain consistent state of instances • Reapply to keep instances from drifting • Easily view status of configuration changes • Define schedule – ad hoc, periodic • Track aggregate status for your fleet
  • 26. State Manager – Getting started • Document: Author your intent • Target: Instances or tag queries • Association: Binding between a document and a target • Schedule: When to apply your association • Status: Check the state of your association at an aggregate or instance level
  • 27. Creating an Association aws ssm create-association --document-name WebServerDocument --document-version $DEFAULT --schedule-expression cron(0 */30 * * * ? *) --targets “Key=tag:Name;Values=WebServer” --output-location "{ "S3Location": { "OutputS3Region": “us-east-1", "OutputS3BucketName": “MyBucket", "OutputS3KeyPrefix": “MyPrefix" } }“ Configures all instances that match the tag query and reapplies every 30 minutes
  • 29. Parameter Store • Centrally store and find config data • Repeatable, automatable management (e.g. SQL connection strings) • Granular access control – view, use and edit values • Encrypt sensitive data using your own AWS KMS keys
  • 30. Parameter Store – Getting started • Parameter: Key-value pair • Secure Strings: Encrypt sensitive parameters with your own KMS or default account encryption key • Reuse: In Documents and easily reference at runtime across EC2 Systems Manager using {{ssm:parameter- name}} • Access Control: Create an IAM policy to control access to specific parameter
  • 31. Creating and using a parameter aws ssm put-parameter --name mycommand --type string --value “dir C:Users” aws ssm send-command --name AWS-RunPowerShellScript --parameters commands=[“echo {{ssm:mycommand}}”] --target Key=tag:Name,Values=WebServer
  • 32. Demo!
  • 33. Best-practices and FAQs • What OS platforms are supported? • Update your SSM agent today to get started! • What ports or network access do my instances need? • Is there anything different to set up on-premises servers? • Use notifications, velocity control • For disruptive actions, use Run Command with Maintenance Window • Fine-grained access control through IAM policies on resources (e.g. documents) • Customize configuration with idempotent scripts for State Manager
  • 34. Your Feedback is Important! • These services are available today • Learn more at https://aws.amazon.com/ec2/run- command/ • Technical documentation at http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ run-command.html • Please send your feedback, improvements, requests to ec2-ssm-feedback@amazon.com
  • 37. Related Sessions WIN401 - How to Manage Inventory, Patching, and System Images for Your Hybrid Cloud with AWS Management Capabilities