SlideShare uma empresa Scribd logo

Masterless Puppet Using AWS S3 Buckets and IAM Roles

M
Malcolm Duncanson, CISSP

Sydney based cloud consultancy Cloudten's Richard Tomkinson shows how masterless Puppet can be used in concert with AWS's services including Lambda to automate server builds and manage code deployments

Dados e análise
1 de 28
Baixar para ler offline
©opyright   2015   Cloudten   Industries
©opyright   2015   Cloudten   Industries Copyright statement: This document contains a presentation given to the Puppet User Group by Cloudten Industries in January 2016. It has been made available freely for educational purposes. No part of this document may be reproduced or modified without the express written consent of the author.
Copyright 2015   Cloudten   Industries • Project Overview • Technology Stack • Puppet builds and deployments • Security • Issues • Q&A
Copyright 2015   Cloudten   Industries Project  Overview • Client was a startup with VC backing. • They wanted to build a mobile social media app: • Dynamically scalable up to 100,000 hits per second • Cross site active/active with real time DR • Multiple test environments to be stood up/down at will • End to end security with encryption at rest • Engaged separate mobile and web app developers
Copyright 2015   Cloudten   Industries Multiple  Development  Teams Company  A: Mobile   development  team  in   Melbourne Company  B: Web  App   development  team  in   Perth/India
Copyright 2015   Cloudten   Industries Multiple  Development  Teams • Using  Xamarin  Studio  to  create   Apple  and  Android  front  ends • Require  access  to  code  base  to   publish  WSDLs  under  web  app • Require  access  to  app  logs • Using  a  JDK  to  create  a  J2EE   app  running  in  Tomcat • Require  access  to  entire  web   app  code  base • Require  access  to  more  logs
Copyright 2015   Cloudten   Industries What  Did  We  Need  to  Solve  ? • Client didn’t have (or want) any full time IT staff. • Client did want: – Hands off builds and app deployments – Self managed consistent server fleet – No outage deployments – No direct access to infrastructure from developers
Copyright 2015   Cloudten   Industries Hosting  in  AWS • AWS provide on-demand scalable resources • Facility to implement “Infrastructure as Code” • Secure and durable object storage for code drops • Fine grained security controls to create server roles and limit developer access. • Additional services to co-ordinate deployments (Lambda, SNS, SQS)
Copyright 2015   Cloudten   Industries AWS  Autoscaling AWS can automatically add (and remove) servers to a load balancer pool based on a given metric ( eg. CPU or number of connections) Scaling  trigger  hit Scale  out  to  share  the  load
Copyright 2015   Cloudten   Industries How  does  it  work  ? • Launches and builds identical virtual machines • Destroys them with reckless abandon. • Essential to get all logs into a central store • Any generated content must be shared (i.e. can’t be stored on a local machine) • The instance launch can trigger a build process (e.g. Puppet )
Copyright 2015   Cloudten   Industries Automated  Server  Builds Start  with  base  Amazon Linux  Image Invoke  bootstrap  script Install  Puppet  RPM S3  sync  config and Puppet  manifests Puppet  Apply
Copyright 2015   Cloudten   Industries Puppet  Build  Tasks • Linux security patching and kernel hardening • Define custom package repositories • AWS tagging using facter – Querying metadata to set instance specific tags – Set tags for environment variables to be used later • Package installation, config and version enforcement – NGINX, WAF, Tomcat, monit, sumo agents etc • Configuration management – functional users, public keys, cron jobs, log rotations, system health checks
Copyright 2015   Cloudten   Industries EC2  Tagging  with  Facter # Sets hostname class common::hostname { require aws file { '/etc/hostname': ensure => 'present', owner => 'root', group => 'root', mode => '0644', content => template('common/hostname.erb'), notify => [ Exec['Set Hostname'], Exec['Set EC2 Name-tag'] ], } ... exec { 'Set Hostname': command => "/bin/hostname -F /etc/hostname", unless => "/usr/bin/test `hostname` = `/bin/cat /etc/hostname`", refreshonly => 'true', } exec { 'Set EC2 Name-tag': command => '/usr/local/bin/setec2nametag', unless => '/usr/bin/test `/usr/local/bin/facter ec2_tag_Name` = `/bin/cat /etc/hostname`', } }
Copyright 2015   Cloudten   Industries Kernel  Tuning # sysctl class class common::sysctl { file { '/etc/sysctl.conf': source => 'puppet:///modules/common/sysctl.conf', owner => 'root', group => 'root', mode => '0644', notify => Exec['Refresh sysctl'], } exec { 'Refresh sysctl': command => '/sbin/sysctl -q -p', refreshonly => 'true', } }
Copyright 2015   Cloudten   Industries Developer  Code  Drops MySQL App
Copyright 2015   Cloudten   Industries Event  Based  Triggers cron 1 2 334 4 5 5 cron control script 6 7 Complete  deployment  and   set  a  marker  file  as  a  trigger Check  for  marker. If  present  put  message   on  SQS  queue CS  checks  for  message on  queue Get   message  from  queue S3  sync  of  changes to  staging  area Puppet  applies  changes   and  restarts  services
Copyright 2015   Cloudten   Industries How  Does  that  Queue  Work  ? • Lambda creates the queue once it detects trigger file (if it doesn’t exist already) • Lambda queries the auto-scaling group and creates a message on the SQS queue for each member. It then deletes trigger file • Each message has a 30 minute expiry ( deployments usually take <5 minutes) • SQS queue has multiple consumers ( app servers) • App server checks for its own message, retrieves then deletes it once deployment is successful. • Lambda periodically checks for messages about to expire and the dead letter queue. Triggers an email alert if there is an issue.
Copyright 2015   Cloudten   Industries Puppet  Deployment  Tasks Check for changes in staging content area Sync content Check for configuration file changes in staging areas Apply changes Restart/reload relevant services Random sleep
Copyright 2015   Cloudten   Industries Puppet  Deployment  Tasks # Conf dir file { '/etc/nginx/conf': ensure => ‘directory’, source => 'puppet:///modules/nginx/conf', recurse => true notify => Service[’nginx'], require => Package[’nginx'], } # WAF rules file { '/etc/nginx/waf/modsec_waf.rules': source => 'puppet:///modules/nginx/waf/modsec_waf.rules', ... notify => Service[’waf'], require => Service[‘nginx’]. require => Package[’nginx'], }
Copyright 2015   Cloudten   Industries AWS  IAM  Users/Groups/Roles • IAM (Identity & Access Management) allows fine grained user, group and role definitions • S3 Bucket policies add a further level of security to restrict access to resources stored in S3 • Web developer bucket policy allows full access for web dev group • Mobile developer bucket policy allows full access for mobile dev group and read only access for web dev group
Copyright 2015   Cloudten   Industries IAM  Users
Copyright 2015   Cloudten   Industries IAM  Users { … { "Sid":  "AllowS3ListAccessToBucket", "Effect":  "Allow", "Principal":   { "AWS":  "arn:aws:iam::123456789101:group/webdevs" }, "Action":  "s3:ListBucket", "Resource":  "arn:aws:s3:::fdsr-­‐webcontent-­‐puppet-­‐prod" }, { "Sid":  "AllowS3AccessToModules", "Effect":  "Allow", "Principal":   { "AWS":  [ "arn:aws:iam::123456789101:group/webdevs", "arn:aws:iam::123456789101:role/iam-­‐ec2-­‐webrole", ] }, "Action":  [ "s3:AbortMultipartUpload", "s3:GetObjectAcl", "s3:DeleteObject", "s3:GetObject", "s3:PutObjectAcl", "s3:PutObject" ], "Resource":  "arn:aws:s3:::fdsr-­‐webcontent-­‐puppet-­‐prod/modules/webapp/files*" } ] }
Copyright 2015   Cloudten   Industries IAM  Users/Groups/Roles App Server
Copyright 2015   Cloudten   Industries IAM  Users/Groups/Roles IAM roles allow dynamically launched virtual servers to securely access credentials by querying locally accessible metadata at the special use IP address 169.254.169.254 $ curl http://169.254.169.254/latest/meta-data/iam/security-credentials/s3read-only { "Code" : "Success", "LastUpdated" : "2015-04-26T16:39:16Z", "Type" : "AWS-HMAC", "AccessKeyId" : "AKIAIOSFODNN7EXAMPLE", "SecretAccessKey" : "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY", "Token" : "token", "Expiration" : "2015-04-27T22:39:16Z" }
Copyright 2015   Cloudten   Industries Why  Masterless Puppet • Less instances to manage ( no IT staff to manage it ) • No access for developers to internal infrastructure • Not Enterprise Puppet • No need to manage Puppet certificates ( AWS API calls are all encrypted and IAM enforces authentication)
Copyright 2015   Cloudten   Industries What  Issues  Did  We  Have  ? • Enforced versions being removed from repos • Auto-scaling and healthcheck tuning • S3 sync not handling zero byte files properly • Event trigger mechanism needed tweeking • Developers storing files on local instances • S3FS. Don’t use it ! EVER !
Copyright 2015   Cloudten   Industries Who  Are  Cloudten ? • Advanced AWS Consulting Partner • Specialise in the design, delivery and support of cloud based infrastructure projects • Focus on cloud security and hybrid integration • We are a Puppet shop !
©opyright   2015   Cloudten   Industries

Recomendados

SASE Future Proof sdwan 20 Sep2020 v2.1 BA
SASE Future Proof sdwan 20 Sep2020 v2.1 BASASE Future Proof sdwan 20 Sep2020 v2.1 BA
SASE Future Proof sdwan 20 Sep2020 v2.1 BA
bourhan88100
 
A Roadmap to Cloud Center of Excellence Adoption
A Roadmap to Cloud Center of Excellence AdoptionA Roadmap to Cloud Center of Excellence Adoption
A Roadmap to Cloud Center of Excellence Adoption
Amazon Web Services
 
Following Well Architected Frameworks - Lunch and Learn.pdf
Following Well Architected Frameworks - Lunch and Learn.pdfFollowing Well Architected Frameworks - Lunch and Learn.pdf
Following Well Architected Frameworks - Lunch and Learn.pdf
Amazon Web Services
 
Are you Well-Architected?
Are you Well-Architected?Are you Well-Architected?
Are you Well-Architected?
Amazon Web Services
 
데이터 분석플랫폼을 위한 데이터 전처리부터 시각화까지 한번에 보기 - 노인철 AWS 솔루션즈 아키텍트 :: AWS Summit Seoul ...
데이터 분석플랫폼을 위한 데이터 전처리부터 시각화까지 한번에 보기 - 노인철 AWS 솔루션즈 아키텍트 :: AWS Summit Seoul ...데이터 분석플랫폼을 위한 데이터 전처리부터 시각화까지 한번에 보기 - 노인철 AWS 솔루션즈 아키텍트 :: AWS Summit Seoul ...
데이터 분석플랫폼을 위한 데이터 전처리부터 시각화까지 한번에 보기 - 노인철 AWS 솔루션즈 아키텍트 :: AWS Summit Seoul ...
Amazon Web Services Korea
 
AWS Cloud Center Excellence Quick Start Prescriptive Guidance
AWS Cloud Center Excellence Quick Start Prescriptive GuidanceAWS Cloud Center Excellence Quick Start Prescriptive Guidance
AWS Cloud Center Excellence Quick Start Prescriptive Guidance
Tom Laszewski
 
Living the AWS Well Architected Framework
Living the AWS Well Architected FrameworkLiving the AWS Well Architected Framework
Living the AWS Well Architected Framework
Adam Dillman
 
금융 서비스 패러다임의 전환 가속화 시대, 신한금융투자의 Cloud First 전략 - 신중훈 AWS 솔루션즈 아키텍트 / 최성봉 클라우...
금융 서비스 패러다임의 전환 가속화 시대, 신한금융투자의 Cloud First 전략 - 신중훈 AWS 솔루션즈 아키텍트 / 최성봉 클라우...금융 서비스 패러다임의 전환 가속화 시대, 신한금융투자의 Cloud First 전략 - 신중훈 AWS 솔루션즈 아키텍트 / 최성봉 클라우...
금융 서비스 패러다임의 전환 가속화 시대, 신한금융투자의 Cloud First 전략 - 신중훈 AWS 솔루션즈 아키텍트 / 최성봉 클라우...
Amazon Web Services Korea
 

Recomendados

SASE Future Proof sdwan 20 Sep2020 v2.1 BA
SASE Future Proof sdwan 20 Sep2020 v2.1 BASASE Future Proof sdwan 20 Sep2020 v2.1 BA
SASE Future Proof sdwan 20 Sep2020 v2.1 BA
bourhan88100
 
A Roadmap to Cloud Center of Excellence Adoption
A Roadmap to Cloud Center of Excellence AdoptionA Roadmap to Cloud Center of Excellence Adoption
A Roadmap to Cloud Center of Excellence Adoption
Amazon Web Services
 
Following Well Architected Frameworks - Lunch and Learn.pdf
Following Well Architected Frameworks - Lunch and Learn.pdfFollowing Well Architected Frameworks - Lunch and Learn.pdf
Following Well Architected Frameworks - Lunch and Learn.pdf
Amazon Web Services
 
Are you Well-Architected?
Are you Well-Architected?Are you Well-Architected?
Are you Well-Architected?
Amazon Web Services
 
데이터 분석플랫폼을 위한 데이터 전처리부터 시각화까지 한번에 보기 - 노인철 AWS 솔루션즈 아키텍트 :: AWS Summit Seoul ...
데이터 분석플랫폼을 위한 데이터 전처리부터 시각화까지 한번에 보기 - 노인철 AWS 솔루션즈 아키텍트 :: AWS Summit Seoul ...데이터 분석플랫폼을 위한 데이터 전처리부터 시각화까지 한번에 보기 - 노인철 AWS 솔루션즈 아키텍트 :: AWS Summit Seoul ...
데이터 분석플랫폼을 위한 데이터 전처리부터 시각화까지 한번에 보기 - 노인철 AWS 솔루션즈 아키텍트 :: AWS Summit Seoul ...
Amazon Web Services Korea
 
AWS Cloud Center Excellence Quick Start Prescriptive Guidance
AWS Cloud Center Excellence Quick Start Prescriptive GuidanceAWS Cloud Center Excellence Quick Start Prescriptive Guidance
AWS Cloud Center Excellence Quick Start Prescriptive Guidance
Tom Laszewski
 
Living the AWS Well Architected Framework
Living the AWS Well Architected FrameworkLiving the AWS Well Architected Framework
Living the AWS Well Architected Framework
Adam Dillman
 
금융 서비스 패러다임의 전환 가속화 시대, 신한금융투자의 Cloud First 전략 - 신중훈 AWS 솔루션즈 아키텍트 / 최성봉 클라우...
금융 서비스 패러다임의 전환 가속화 시대, 신한금융투자의 Cloud First 전략 - 신중훈 AWS 솔루션즈 아키텍트 / 최성봉 클라우...금융 서비스 패러다임의 전환 가속화 시대, 신한금융투자의 Cloud First 전략 - 신중훈 AWS 솔루션즈 아키텍트 / 최성봉 클라우...
금융 서비스 패러다임의 전환 가속화 시대, 신한금융투자의 Cloud First 전략 - 신중훈 AWS 솔루션즈 아키텍트 / 최성봉 클라우...
Amazon Web Services Korea
 
SABSA Implementation(Part I)_ver1-0
SABSA Implementation(Part I)_ver1-0SABSA Implementation(Part I)_ver1-0
SABSA Implementation(Part I)_ver1-0
Maganathin Veeraragaloo
 
AWS Summit Seoul 2023 | 다중 계정 및 하이브리드 환경에서 안전한 IAM 체계 만들기
AWS Summit Seoul 2023 | 다중 계정 및 하이브리드 환경에서 안전한 IAM 체계 만들기AWS Summit Seoul 2023 | 다중 계정 및 하이브리드 환경에서 안전한 IAM 체계 만들기
AWS Summit Seoul 2023 | 다중 계정 및 하이브리드 환경에서 안전한 IAM 체계 만들기
Amazon Web Services Korea
 
AWS Security & Compliance
AWS Security & ComplianceAWS Security & Compliance
AWS Security & Compliance
Amazon Web Services
 
Cloud Security Strategy
Cloud Security StrategyCloud Security Strategy
Cloud Security Strategy
Capgemini
 
AWS Web Application Firewall and AWS Shield - Webinar
AWS Web Application Firewall and AWS Shield - Webinar AWS Web Application Firewall and AWS Shield - Webinar
AWS Web Application Firewall and AWS Shield - Webinar
Amazon Web Services
 
AWS Summit Seoul 2023 | 클라우드 정책의 현재와 미래: 전문가 대담
AWS Summit Seoul 2023 | 클라우드 정책의 현재와 미래: 전문가 대담AWS Summit Seoul 2023 | 클라우드 정책의 현재와 미래: 전문가 대담
AWS Summit Seoul 2023 | 클라우드 정책의 현재와 미래: 전문가 대담
Amazon Web Services Korea
 
AWS Summit Seoul 2023 | 클라우드를 통한 온/오프라인 비즈니스의 통합, GS리테일의 현대화
AWS Summit Seoul 2023 | 클라우드를 통한 온/오프라인 비즈니스의 통합, GS리테일의 현대화AWS Summit Seoul 2023 | 클라우드를 통한 온/오프라인 비즈니스의 통합, GS리테일의 현대화
AWS Summit Seoul 2023 | 클라우드를 통한 온/오프라인 비즈니스의 통합, GS리테일의 현대화
Amazon Web Services Korea
 
Cloud Auditing
Cloud AuditingCloud Auditing
Cloud Auditing
Jonathan Sinclair
 
SABSA overview
SABSA overviewSABSA overview
SABSA overview
SABSAcourses
 
AWS January 2016 Webinar Series - Managing your Infrastructure as Code
AWS January 2016 Webinar Series - Managing your Infrastructure as CodeAWS January 2016 Webinar Series - Managing your Infrastructure as Code
AWS January 2016 Webinar Series - Managing your Infrastructure as Code
Amazon Web Services
 
Succeeding with Secure Access Service Edge (SASE)
Succeeding with Secure Access Service Edge (SASE)Succeeding with Secure Access Service Edge (SASE)
Succeeding with Secure Access Service Edge (SASE)
Cloudflare
 
Cloud Center of Excellence
Cloud Center of ExcellenceCloud Center of Excellence
Cloud Center of Excellence
Jeremy Canale
 
CJ프레시웨이 All-in 클라우드 전환 사례를 통해서 알아보는 Modernization성공 사례-오동규, 메가존 인프라 모더나이제이션 그...
CJ프레시웨이 All-in 클라우드 전환 사례를 통해서 알아보는 Modernization성공 사례-오동규, 메가존 인프라 모더나이제이션 그...CJ프레시웨이 All-in 클라우드 전환 사례를 통해서 알아보는 Modernization성공 사례-오동규, 메가존 인프라 모더나이제이션 그...
CJ프레시웨이 All-in 클라우드 전환 사례를 통해서 알아보는 Modernization성공 사례-오동규, 메가존 인프라 모더나이제이션 그...
Amazon Web Services Korea
 
Advanced Architectures with AWS Transit Gateway
Advanced Architectures with AWS Transit GatewayAdvanced Architectures with AWS Transit Gateway
Advanced Architectures with AWS Transit Gateway
Amazon Web Services
 
클라우드 네이티브로 가는길 - AWS 컨테이너 서비스 파헤치기 - 최진영 AWS 테크니컬 트레이너 / 배주혁 소프트웨어 엔지니어, 삼성전자...
클라우드 네이티브로 가는길 - AWS 컨테이너 서비스 파헤치기 - 최진영 AWS 테크니컬 트레이너 / 배주혁 소프트웨어 엔지니어, 삼성전자...클라우드 네이티브로 가는길 - AWS 컨테이너 서비스 파헤치기 - 최진영 AWS 테크니컬 트레이너 / 배주혁 소프트웨어 엔지니어, 삼성전자...
클라우드 네이티브로 가는길 - AWS 컨테이너 서비스 파헤치기 - 최진영 AWS 테크니컬 트레이너 / 배주혁 소프트웨어 엔지니어, 삼성전자...
Amazon Web Services Korea
 
Landing Zones - Creating a Foundation for Your AWS Migrations
Landing Zones - Creating a Foundation for Your AWS MigrationsLanding Zones - Creating a Foundation for Your AWS Migrations
Landing Zones - Creating a Foundation for Your AWS Migrations
Amazon Web Services
 
AWS Summit Seoul 2023 | 모두를 위한 BI, QuickSight
AWS Summit Seoul 2023 | 모두를 위한 BI, QuickSightAWS Summit Seoul 2023 | 모두를 위한 BI, QuickSight
AWS Summit Seoul 2023 | 모두를 위한 BI, QuickSight
Amazon Web Services Korea
 
SABSA vs. TOGAF in a RMF NIST 800-30 context
SABSA vs. TOGAF in a RMF NIST 800-30 contextSABSA vs. TOGAF in a RMF NIST 800-30 context
SABSA vs. TOGAF in a RMF NIST 800-30 context
David Sweigert
 
A Roadmap to Cloud Center of Excellence Adoption
A Roadmap to Cloud Center of Excellence AdoptionA Roadmap to Cloud Center of Excellence Adoption
A Roadmap to Cloud Center of Excellence Adoption
Amazon Web Services
 
Azure Sentinel.pptx
Azure Sentinel.pptxAzure Sentinel.pptx
Azure Sentinel.pptx
Mohit Chhabra
 
AWS + Puppet = Dynamic Scale
AWS + Puppet = Dynamic ScaleAWS + Puppet = Dynamic Scale
AWS + Puppet = Dynamic Scale
Shiva Narayanaswamy
 
Introduction to Packer and Suitcase: A Packer-based OS Image Build System
Introduction to Packer and Suitcase: A Packer-based OS Image Build SystemIntroduction to Packer and Suitcase: A Packer-based OS Image Build System
Introduction to Packer and Suitcase: A Packer-based OS Image Build System
HubSpot Product Team
 

Mais conteúdo relacionado

Mais procurados

AWS Summit Seoul 2023 | 클라우드를 통한 온/오프라인 비즈니스의 통합, GS리테일의 현대화
AWS Summit Seoul 2023 | 클라우드를 통한 온/오프라인 비즈니스의 통합, GS리테일의 현대화AWS Summit Seoul 2023 | 클라우드를 통한 온/오프라인 비즈니스의 통합, GS리테일의 현대화
AWS Summit Seoul 2023 | 클라우드를 통한 온/오프라인 비즈니스의 통합, GS리테일의 현대화
Amazon Web Services Korea
 
AWS January 2016 Webinar Series - Managing your Infrastructure as Code
AWS January 2016 Webinar Series - Managing your Infrastructure as CodeAWS January 2016 Webinar Series - Managing your Infrastructure as Code
AWS January 2016 Webinar Series - Managing your Infrastructure as Code
Amazon Web Services
 
Succeeding with Secure Access Service Edge (SASE)
Succeeding with Secure Access Service Edge (SASE)Succeeding with Secure Access Service Edge (SASE)
Succeeding with Secure Access Service Edge (SASE)
Cloudflare
 
클라우드 네이티브로 가는길 - AWS 컨테이너 서비스 파헤치기 - 최진영 AWS 테크니컬 트레이너 / 배주혁 소프트웨어 엔지니어, 삼성전자...
클라우드 네이티브로 가는길 - AWS 컨테이너 서비스 파헤치기 - 최진영 AWS 테크니컬 트레이너 / 배주혁 소프트웨어 엔지니어, 삼성전자...클라우드 네이티브로 가는길 - AWS 컨테이너 서비스 파헤치기 - 최진영 AWS 테크니컬 트레이너 / 배주혁 소프트웨어 엔지니어, 삼성전자...
클라우드 네이티브로 가는길 - AWS 컨테이너 서비스 파헤치기 - 최진영 AWS 테크니컬 트레이너 / 배주혁 소프트웨어 엔지니어, 삼성전자...
Amazon Web Services Korea
 
A Roadmap to Cloud Center of Excellence Adoption
A Roadmap to Cloud Center of Excellence AdoptionA Roadmap to Cloud Center of Excellence Adoption
A Roadmap to Cloud Center of Excellence Adoption
Amazon Web Services
 

Mais procurados (20)

SABSA Implementation(Part I)_ver1-0
SABSA Implementation(Part I)_ver1-0SABSA Implementation(Part I)_ver1-0
SABSA Implementation(Part I)_ver1-0
 
AWS Summit Seoul 2023 | 다중 계정 및 하이브리드 환경에서 안전한 IAM 체계 만들기
AWS Summit Seoul 2023 | 다중 계정 및 하이브리드 환경에서 안전한 IAM 체계 만들기AWS Summit Seoul 2023 | 다중 계정 및 하이브리드 환경에서 안전한 IAM 체계 만들기
AWS Summit Seoul 2023 | 다중 계정 및 하이브리드 환경에서 안전한 IAM 체계 만들기
 
AWS Security & Compliance
AWS Security & ComplianceAWS Security & Compliance
AWS Security & Compliance
 
Cloud Security Strategy
Cloud Security StrategyCloud Security Strategy
Cloud Security Strategy
 
AWS Web Application Firewall and AWS Shield - Webinar
AWS Web Application Firewall and AWS Shield - Webinar AWS Web Application Firewall and AWS Shield - Webinar
AWS Web Application Firewall and AWS Shield - Webinar
 
AWS Summit Seoul 2023 | 클라우드 정책의 현재와 미래: 전문가 대담
AWS Summit Seoul 2023 | 클라우드 정책의 현재와 미래: 전문가 대담AWS Summit Seoul 2023 | 클라우드 정책의 현재와 미래: 전문가 대담
AWS Summit Seoul 2023 | 클라우드 정책의 현재와 미래: 전문가 대담
 
AWS Summit Seoul 2023 | 클라우드를 통한 온/오프라인 비즈니스의 통합, GS리테일의 현대화
AWS Summit Seoul 2023 | 클라우드를 통한 온/오프라인 비즈니스의 통합, GS리테일의 현대화AWS Summit Seoul 2023 | 클라우드를 통한 온/오프라인 비즈니스의 통합, GS리테일의 현대화
AWS Summit Seoul 2023 | 클라우드를 통한 온/오프라인 비즈니스의 통합, GS리테일의 현대화
 
Cloud Auditing
Cloud AuditingCloud Auditing
Cloud Auditing
 
SABSA overview
SABSA overviewSABSA overview
SABSA overview
 
AWS January 2016 Webinar Series - Managing your Infrastructure as Code
AWS January 2016 Webinar Series - Managing your Infrastructure as CodeAWS January 2016 Webinar Series - Managing your Infrastructure as Code
AWS January 2016 Webinar Series - Managing your Infrastructure as Code
 
Succeeding with Secure Access Service Edge (SASE)
Succeeding with Secure Access Service Edge (SASE)Succeeding with Secure Access Service Edge (SASE)
Succeeding with Secure Access Service Edge (SASE)
 
Cloud Center of Excellence
Cloud Center of ExcellenceCloud Center of Excellence
Cloud Center of Excellence
 
CJ프레시웨이 All-in 클라우드 전환 사례를 통해서 알아보는 Modernization성공 사례-오동규, 메가존 인프라 모더나이제이션 그...
CJ프레시웨이 All-in 클라우드 전환 사례를 통해서 알아보는 Modernization성공 사례-오동규, 메가존 인프라 모더나이제이션 그...CJ프레시웨이 All-in 클라우드 전환 사례를 통해서 알아보는 Modernization성공 사례-오동규, 메가존 인프라 모더나이제이션 그...
CJ프레시웨이 All-in 클라우드 전환 사례를 통해서 알아보는 Modernization성공 사례-오동규, 메가존 인프라 모더나이제이션 그...
 
Advanced Architectures with AWS Transit Gateway
Advanced Architectures with AWS Transit GatewayAdvanced Architectures with AWS Transit Gateway
Advanced Architectures with AWS Transit Gateway
 
클라우드 네이티브로 가는길 - AWS 컨테이너 서비스 파헤치기 - 최진영 AWS 테크니컬 트레이너 / 배주혁 소프트웨어 엔지니어, 삼성전자...
클라우드 네이티브로 가는길 - AWS 컨테이너 서비스 파헤치기 - 최진영 AWS 테크니컬 트레이너 / 배주혁 소프트웨어 엔지니어, 삼성전자...클라우드 네이티브로 가는길 - AWS 컨테이너 서비스 파헤치기 - 최진영 AWS 테크니컬 트레이너 / 배주혁 소프트웨어 엔지니어, 삼성전자...
클라우드 네이티브로 가는길 - AWS 컨테이너 서비스 파헤치기 - 최진영 AWS 테크니컬 트레이너 / 배주혁 소프트웨어 엔지니어, 삼성전자...
 
Landing Zones - Creating a Foundation for Your AWS Migrations
Landing Zones - Creating a Foundation for Your AWS MigrationsLanding Zones - Creating a Foundation for Your AWS Migrations
Landing Zones - Creating a Foundation for Your AWS Migrations
 
AWS Summit Seoul 2023 | 모두를 위한 BI, QuickSight
AWS Summit Seoul 2023 | 모두를 위한 BI, QuickSightAWS Summit Seoul 2023 | 모두를 위한 BI, QuickSight
AWS Summit Seoul 2023 | 모두를 위한 BI, QuickSight
 
SABSA vs. TOGAF in a RMF NIST 800-30 context
SABSA vs. TOGAF in a RMF NIST 800-30 contextSABSA vs. TOGAF in a RMF NIST 800-30 context
SABSA vs. TOGAF in a RMF NIST 800-30 context
 
A Roadmap to Cloud Center of Excellence Adoption
A Roadmap to Cloud Center of Excellence AdoptionA Roadmap to Cloud Center of Excellence Adoption
A Roadmap to Cloud Center of Excellence Adoption
 
Azure Sentinel.pptx
Azure Sentinel.pptxAzure Sentinel.pptx
Azure Sentinel.pptx
 

Destaque

Building the enterprise data architecture
Building the enterprise data architectureBuilding the enterprise data architecture
Building the enterprise data architecture
Costa Pissaris
 

Destaque (20)

AWS + Puppet = Dynamic Scale
AWS + Puppet = Dynamic ScaleAWS + Puppet = Dynamic Scale
AWS + Puppet = Dynamic Scale
 
Introduction to Packer and Suitcase: A Packer-based OS Image Build System
Introduction to Packer and Suitcase: A Packer-based OS Image Build SystemIntroduction to Packer and Suitcase: A Packer-based OS Image Build System
Introduction to Packer and Suitcase: A Packer-based OS Image Build System
 
Amazon Aurora: The New Relational Database Engine from Amazon
Amazon Aurora: The New Relational Database Engine from AmazonAmazon Aurora: The New Relational Database Engine from Amazon
Amazon Aurora: The New Relational Database Engine from Amazon
 
Self Service Agile Infrastructure for Product Teams - Pop-up Loft Tel Aviv
Self Service Agile Infrastructure for Product Teams - Pop-up Loft Tel AvivSelf Service Agile Infrastructure for Product Teams - Pop-up Loft Tel Aviv
Self Service Agile Infrastructure for Product Teams - Pop-up Loft Tel Aviv
 
Deep Dive: Amazon Elastic MapReduce
Deep Dive: Amazon Elastic MapReduceDeep Dive: Amazon Elastic MapReduce
Deep Dive: Amazon Elastic MapReduce
 
OAuth 2.0 refresher Talk
OAuth 2.0 refresher TalkOAuth 2.0 refresher Talk
OAuth 2.0 refresher Talk
 
Using cobbler in a not so small environment 1.77
Using cobbler in a not so small environment 1.77Using cobbler in a not so small environment 1.77
Using cobbler in a not so small environment 1.77
 
ILM - Pipeline in the cloud
ILM - Pipeline in the cloudILM - Pipeline in the cloud
ILM - Pipeline in the cloud
 
Application Delivery Patterns
Application Delivery PatternsApplication Delivery Patterns
Application Delivery Patterns
 
Nginx lua
Nginx luaNginx lua
Nginx lua
 
Beyond Shuffling - Effective Tips and Tricks for Scaling Spark (Vancouver Sp...
Beyond Shuffling - Effective Tips and Tricks for Scaling Spark (Vancouver Sp...Beyond Shuffling - Effective Tips and Tricks for Scaling Spark (Vancouver Sp...
Beyond Shuffling - Effective Tips and Tricks for Scaling Spark (Vancouver Sp...
 
Architecting for Greater Security on AWS
Architecting for Greater Security on AWSArchitecting for Greater Security on AWS
Architecting for Greater Security on AWS
 
Py.test
Py.testPy.test
Py.test
 
Survival Analysis of Web Users
Survival Analysis of Web UsersSurvival Analysis of Web Users
Survival Analysis of Web Users
 
Using Puppet and Cobbler to Automate Your Infrastructure
Using Puppet and Cobbler to Automate Your InfrastructureUsing Puppet and Cobbler to Automate Your Infrastructure
Using Puppet and Cobbler to Automate Your Infrastructure
 
(CMP407) Lambda as Cron: Scheduling Invocations in AWS Lambda
(CMP407) Lambda as Cron: Scheduling Invocations in AWS Lambda(CMP407) Lambda as Cron: Scheduling Invocations in AWS Lambda
(CMP407) Lambda as Cron: Scheduling Invocations in AWS Lambda
 
Deep Dive - Amazon Elastic MapReduce (EMR)
Deep Dive - Amazon Elastic MapReduce (EMR)Deep Dive - Amazon Elastic MapReduce (EMR)
Deep Dive - Amazon Elastic MapReduce (EMR)
 
Building the enterprise data architecture
Building the enterprise data architectureBuilding the enterprise data architecture
Building the enterprise data architecture
 
Enterprise Master Data Architecture
Enterprise Master Data ArchitectureEnterprise Master Data Architecture
Enterprise Master Data Architecture
 
IOCs for modern threat landscape-slideshare
IOCs for modern threat landscape-slideshareIOCs for modern threat landscape-slideshare
IOCs for modern threat landscape-slideshare
 

Semelhante a Masterless Puppet Using AWS S3 Buckets and IAM Roles

week 4_watermark.pdfffffffffffffffffffff
week 4_watermark.pdfffffffffffffffffffffweek 4_watermark.pdfffffffffffffffffffff
week 4_watermark.pdfffffffffffffffffffff
anushka2002ece
 
Cloud-native .NET-Microservices mit Kubernetes @BASTAcon
Cloud-native .NET-Microservices mit Kubernetes @BASTAconCloud-native .NET-Microservices mit Kubernetes @BASTAcon
Cloud-native .NET-Microservices mit Kubernetes @BASTAcon
Mario-Leander Reimer
 
Security and Advanced Automation in the Enterprise
Security and Advanced Automation in the EnterpriseSecurity and Advanced Automation in the Enterprise
Security and Advanced Automation in the Enterprise
Amazon Web Services
 
DevOps, Continuous Integration and Deployment on AWS: Putting Money Back into...
DevOps, Continuous Integration and Deployment on AWS: Putting Money Back into...DevOps, Continuous Integration and Deployment on AWS: Putting Money Back into...
DevOps, Continuous Integration and Deployment on AWS: Putting Money Back into...
Amazon Web Services
 
OpenStack Technology Overview
OpenStack Technology OverviewOpenStack Technology Overview
OpenStack Technology Overview
Open Stack
 
Mythical Mysfits: Monolith to Microservices with Docker and Fargate - MAD305 ...
Mythical Mysfits: Monolith to Microservices with Docker and Fargate - MAD305 ...Mythical Mysfits: Monolith to Microservices with Docker and Fargate - MAD305 ...
Mythical Mysfits: Monolith to Microservices with Docker and Fargate - MAD305 ...
Amazon Web Services
 
Oscon 2017: Build your own container-based system with the Moby project
Oscon 2017: Build your own container-based system with the Moby projectOscon 2017: Build your own container-based system with the Moby project
Oscon 2017: Build your own container-based system with the Moby project
Patrick Chanezon
 
Tear It Down, Build It Back Up: Empowering Developers with Amazon CloudFormation
Tear It Down, Build It Back Up: Empowering Developers with Amazon CloudFormationTear It Down, Build It Back Up: Empowering Developers with Amazon CloudFormation
Tear It Down, Build It Back Up: Empowering Developers with Amazon CloudFormation
James Andrew Vaughn
 

Semelhante a Masterless Puppet Using AWS S3 Buckets and IAM Roles (20)

week 4_watermark.pdfffffffffffffffffffff
week 4_watermark.pdfffffffffffffffffffffweek 4_watermark.pdfffffffffffffffffffff
week 4_watermark.pdfffffffffffffffffffff
 
Week 4 lecture material cc (1)
Week 4 lecture material cc (1)Week 4 lecture material cc (1)
Week 4 lecture material cc (1)
 
Cloud-native .NET-Microservices mit Kubernetes @BASTAcon
Cloud-native .NET-Microservices mit Kubernetes @BASTAconCloud-native .NET-Microservices mit Kubernetes @BASTAcon
Cloud-native .NET-Microservices mit Kubernetes @BASTAcon
 
04_Azure Kubernetes Service: Basic Practices for Developers_GAB2019
04_Azure Kubernetes Service: Basic Practices for Developers_GAB201904_Azure Kubernetes Service: Basic Practices for Developers_GAB2019
04_Azure Kubernetes Service: Basic Practices for Developers_GAB2019
 
Fiware cloud developers week brussels
Fiware cloud developers week brusselsFiware cloud developers week brussels
Fiware cloud developers week brussels
 
Security and Advanced Automation in the Enterprise
Security and Advanced Automation in the EnterpriseSecurity and Advanced Automation in the Enterprise
Security and Advanced Automation in the Enterprise
 
citus™ iot ecosystem
citus™ iot ecosystemcitus™ iot ecosystem
citus™ iot ecosystem
 
Workshop - Openstack, Cloud Computing, Virtualization
Workshop - Openstack, Cloud Computing, VirtualizationWorkshop - Openstack, Cloud Computing, Virtualization
Workshop - Openstack, Cloud Computing, Virtualization
 
Openstack workshop @ Kalasalingam
Openstack workshop @ KalasalingamOpenstack workshop @ Kalasalingam
Openstack workshop @ Kalasalingam
 
DevOps, Continuous Integration and Deployment on AWS: Putting Money Back into...
DevOps, Continuous Integration and Deployment on AWS: Putting Money Back into...DevOps, Continuous Integration and Deployment on AWS: Putting Money Back into...
DevOps, Continuous Integration and Deployment on AWS: Putting Money Back into...
 
Devops continuousintegration and deployment onaws puttingmoneybackintoyourmis...
Devops continuousintegration and deployment onaws puttingmoneybackintoyourmis...Devops continuousintegration and deployment onaws puttingmoneybackintoyourmis...
Devops continuousintegration and deployment onaws puttingmoneybackintoyourmis...
 
Continuous Deployment @ AWS Re:Invent
Continuous Deployment @ AWS Re:InventContinuous Deployment @ AWS Re:Invent
Continuous Deployment @ AWS Re:Invent
 
Continuous Integration and Deployment Best Practices on AWS (ARC307) | AWS re...
Continuous Integration and Deployment Best Practices on AWS (ARC307) | AWS re...Continuous Integration and Deployment Best Practices on AWS (ARC307) | AWS re...
Continuous Integration and Deployment Best Practices on AWS (ARC307) | AWS re...
 
OpenStack Technology Overview
OpenStack Technology OverviewOpenStack Technology Overview
OpenStack Technology Overview
 
Mythical Mysfits: Monolith to Microservices with Docker and Fargate - MAD305 ...
Mythical Mysfits: Monolith to Microservices with Docker and Fargate - MAD305 ...Mythical Mysfits: Monolith to Microservices with Docker and Fargate - MAD305 ...
Mythical Mysfits: Monolith to Microservices with Docker and Fargate - MAD305 ...
 
How (and why) to roll your own Docker SaaS
How (and why) to roll your own Docker SaaSHow (and why) to roll your own Docker SaaS
How (and why) to roll your own Docker SaaS
 
Oscon 2017: Build your own container-based system with the Moby project
Oscon 2017: Build your own container-based system with the Moby projectOscon 2017: Build your own container-based system with the Moby project
Oscon 2017: Build your own container-based system with the Moby project
 
Top 3 reasons why you should run your Enterprise workloads on GKE
Top 3 reasons why you should run your Enterprise workloads on GKETop 3 reasons why you should run your Enterprise workloads on GKE
Top 3 reasons why you should run your Enterprise workloads on GKE
 
Dockerization of Azure Platform
Dockerization of Azure PlatformDockerization of Azure Platform
Dockerization of Azure Platform
 
Tear It Down, Build It Back Up: Empowering Developers with Amazon CloudFormation
Tear It Down, Build It Back Up: Empowering Developers with Amazon CloudFormationTear It Down, Build It Back Up: Empowering Developers with Amazon CloudFormation
Tear It Down, Build It Back Up: Empowering Developers with Amazon CloudFormation
 

Último

Top profile Call Girls In Purnia [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Purnia [ 7014168258 ] Call Me For Genuine Models We...Top profile Call Girls In Purnia [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Purnia [ 7014168258 ] Call Me For Genuine Models We...
nirzagarg
 
Jual Cytotec Asli Obat Aborsi No. 1 Paling Manjur
Jual Cytotec Asli Obat Aborsi No. 1 Paling ManjurJual Cytotec Asli Obat Aborsi No. 1 Paling Manjur
Jual Cytotec Asli Obat Aborsi No. 1 Paling Manjur
ptikerjasaptiker
 
怎样办理伦敦大学城市学院毕业证(CITY毕业证书)成绩单学校原版复制
怎样办理伦敦大学城市学院毕业证(CITY毕业证书)成绩单学校原版复制怎样办理伦敦大学城市学院毕业证(CITY毕业证书)成绩单学校原版复制
怎样办理伦敦大学城市学院毕业证(CITY毕业证书)成绩单学校原版复制
vexqp
 
Sequential and reinforcement learning for demand side management by Margaux B...
Sequential and reinforcement learning for demand side management by Margaux B...Sequential and reinforcement learning for demand side management by Margaux B...
Sequential and reinforcement learning for demand side management by Margaux B...
Paris Women in Machine Learning and Data Science
 
Jual Obat Aborsi Surabaya ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Surabaya ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Surabaya ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Surabaya ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
ZurliaSoop
 
Top profile Call Girls In Bihar Sharif [ 7014168258 ] Call Me For Genuine Mod...
Top profile Call Girls In Bihar Sharif [ 7014168258 ] Call Me For Genuine Mod...Top profile Call Girls In Bihar Sharif [ 7014168258 ] Call Me For Genuine Mod...
Top profile Call Girls In Bihar Sharif [ 7014168258 ] Call Me For Genuine Mod...
nirzagarg
 
Top profile Call Girls In dimapur [ 7014168258 ] Call Me For Genuine Models W...
Top profile Call Girls In dimapur [ 7014168258 ] Call Me For Genuine Models W...Top profile Call Girls In dimapur [ 7014168258 ] Call Me For Genuine Models W...
Top profile Call Girls In dimapur [ 7014168258 ] Call Me For Genuine Models W...
gajnagarg
 
怎样办理伦敦大学毕业证(UoL毕业证书)成绩单学校原版复制
怎样办理伦敦大学毕业证(UoL毕业证书)成绩单学校原版复制怎样办理伦敦大学毕业证(UoL毕业证书)成绩单学校原版复制
怎样办理伦敦大学毕业证(UoL毕业证书)成绩单学校原版复制
vexqp
 
Top profile Call Girls In Begusarai [ 7014168258 ] Call Me For Genuine Models...
Top profile Call Girls In Begusarai [ 7014168258 ] Call Me For Genuine Models...Top profile Call Girls In Begusarai [ 7014168258 ] Call Me For Genuine Models...
Top profile Call Girls In Begusarai [ 7014168258 ] Call Me For Genuine Models...
nirzagarg
 
Abortion pills in Doha Qatar (+966572737505 ! Get Cytotec
Abortion pills in Doha Qatar (+966572737505 ! Get CytotecAbortion pills in Doha Qatar (+966572737505 ! Get Cytotec
Abortion pills in Doha Qatar (+966572737505 ! Get Cytotec
Abortion pills in Riyadh +966572737505 get cytotec
 
+97470301568>>weed for sale in qatar ,weed for sale in dubai,weed for sale in...
+97470301568>>weed for sale in qatar ,weed for sale in dubai,weed for sale in...+97470301568>>weed for sale in qatar ,weed for sale in dubai,weed for sale in...
+97470301568>>weed for sale in qatar ,weed for sale in dubai,weed for sale in...
Health
 
PLE-statistics document for primary schs
PLE-statistics document for primary schsPLE-statistics document for primary schs
PLE-statistics document for primary schs
cnajjemba
 
Top profile Call Girls In Chandrapur [ 7014168258 ] Call Me For Genuine Model...
Top profile Call Girls In Chandrapur [ 7014168258 ] Call Me For Genuine Model...Top profile Call Girls In Chandrapur [ 7014168258 ] Call Me For Genuine Model...
Top profile Call Girls In Chandrapur [ 7014168258 ] Call Me For Genuine Model...
gajnagarg
 
一比一原版(曼大毕业证书)曼尼托巴大学毕业证成绩单留信学历认证一手价格
一比一原版(曼大毕业证书)曼尼托巴大学毕业证成绩单留信学历认证一手价格一比一原版(曼大毕业证书)曼尼托巴大学毕业证成绩单留信学历认证一手价格
一比一原版(曼大毕业证书)曼尼托巴大学毕业证成绩单留信学历认证一手价格
q6pzkpark
 

Último (20)

Top profile Call Girls In Purnia [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Purnia [ 7014168258 ] Call Me For Genuine Models We...Top profile Call Girls In Purnia [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Purnia [ 7014168258 ] Call Me For Genuine Models We...
 
Jual Cytotec Asli Obat Aborsi No. 1 Paling Manjur
Jual Cytotec Asli Obat Aborsi No. 1 Paling ManjurJual Cytotec Asli Obat Aborsi No. 1 Paling Manjur
Jual Cytotec Asli Obat Aborsi No. 1 Paling Manjur
 
怎样办理伦敦大学城市学院毕业证(CITY毕业证书)成绩单学校原版复制
怎样办理伦敦大学城市学院毕业证(CITY毕业证书)成绩单学校原版复制怎样办理伦敦大学城市学院毕业证(CITY毕业证书)成绩单学校原版复制
怎样办理伦敦大学城市学院毕业证(CITY毕业证书)成绩单学校原版复制
 
Sequential and reinforcement learning for demand side management by Margaux B...
Sequential and reinforcement learning for demand side management by Margaux B...Sequential and reinforcement learning for demand side management by Margaux B...
Sequential and reinforcement learning for demand side management by Margaux B...
 
Jual Obat Aborsi Surabaya ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Surabaya ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Surabaya ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Surabaya ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
 
Top profile Call Girls In Bihar Sharif [ 7014168258 ] Call Me For Genuine Mod...
Top profile Call Girls In Bihar Sharif [ 7014168258 ] Call Me For Genuine Mod...Top profile Call Girls In Bihar Sharif [ 7014168258 ] Call Me For Genuine Mod...
Top profile Call Girls In Bihar Sharif [ 7014168258 ] Call Me For Genuine Mod...
 
Top profile Call Girls In dimapur [ 7014168258 ] Call Me For Genuine Models W...
Top profile Call Girls In dimapur [ 7014168258 ] Call Me For Genuine Models W...Top profile Call Girls In dimapur [ 7014168258 ] Call Me For Genuine Models W...
Top profile Call Girls In dimapur [ 7014168258 ] Call Me For Genuine Models W...
 
Discover Why Less is More in B2B Research
Discover Why Less is More in B2B ResearchDiscover Why Less is More in B2B Research
Discover Why Less is More in B2B Research
 
怎样办理伦敦大学毕业证(UoL毕业证书)成绩单学校原版复制
怎样办理伦敦大学毕业证(UoL毕业证书)成绩单学校原版复制怎样办理伦敦大学毕业证(UoL毕业证书)成绩单学校原版复制
怎样办理伦敦大学毕业证(UoL毕业证书)成绩单学校原版复制
 
Top profile Call Girls In Begusarai [ 7014168258 ] Call Me For Genuine Models...
Top profile Call Girls In Begusarai [ 7014168258 ] Call Me For Genuine Models...Top profile Call Girls In Begusarai [ 7014168258 ] Call Me For Genuine Models...
Top profile Call Girls In Begusarai [ 7014168258 ] Call Me For Genuine Models...
 
SR-101-01012024-EN.docx Federal Constitution of the Swiss Confederation
SR-101-01012024-EN.docx Federal Constitution of the Swiss ConfederationSR-101-01012024-EN.docx Federal Constitution of the Swiss Confederation
SR-101-01012024-EN.docx Federal Constitution of the Swiss Confederation
 
Abortion pills in Doha Qatar (+966572737505 ! Get Cytotec
Abortion pills in Doha Qatar (+966572737505 ! Get CytotecAbortion pills in Doha Qatar (+966572737505 ! Get Cytotec
Abortion pills in Doha Qatar (+966572737505 ! Get Cytotec
 
+97470301568>>weed for sale in qatar ,weed for sale in dubai,weed for sale in...
+97470301568>>weed for sale in qatar ,weed for sale in dubai,weed for sale in...+97470301568>>weed for sale in qatar ,weed for sale in dubai,weed for sale in...
+97470301568>>weed for sale in qatar ,weed for sale in dubai,weed for sale in...
 
PLE-statistics document for primary schs
PLE-statistics document for primary schsPLE-statistics document for primary schs
PLE-statistics document for primary schs
 
Top profile Call Girls In Chandrapur [ 7014168258 ] Call Me For Genuine Model...
Top profile Call Girls In Chandrapur [ 7014168258 ] Call Me For Genuine Model...Top profile Call Girls In Chandrapur [ 7014168258 ] Call Me For Genuine Model...
Top profile Call Girls In Chandrapur [ 7014168258 ] Call Me For Genuine Model...
 
一比一原版(曼大毕业证书)曼尼托巴大学毕业证成绩单留信学历认证一手价格
一比一原版(曼大毕业证书)曼尼托巴大学毕业证成绩单留信学历认证一手价格一比一原版(曼大毕业证书)曼尼托巴大学毕业证成绩单留信学历认证一手价格
一比一原版(曼大毕业证书)曼尼托巴大学毕业证成绩单留信学历认证一手价格
 
Data Analyst Tasks to do the internship.pdf
Data Analyst Tasks to do the internship.pdfData Analyst Tasks to do the internship.pdf
Data Analyst Tasks to do the internship.pdf
 
Digital Transformation Playbook by Graham Ware
Digital Transformation Playbook by Graham WareDigital Transformation Playbook by Graham Ware
Digital Transformation Playbook by Graham Ware
 
7. Epi of Chronic respiratory diseases.ppt
7. Epi of Chronic respiratory diseases.ppt7. Epi of Chronic respiratory diseases.ppt
7. Epi of Chronic respiratory diseases.ppt
 
Digital Advertising Lecture for Advanced Digital & Social Media Strategy at U...
Digital Advertising Lecture for Advanced Digital & Social Media Strategy at U...Digital Advertising Lecture for Advanced Digital & Social Media Strategy at U...
Digital Advertising Lecture for Advanced Digital & Social Media Strategy at U...
 

Masterless Puppet Using AWS S3 Buckets and IAM Roles

  • 1. ©opyright   2015   Cloudten   Industries
  • 2. ©opyright   2015   Cloudten   Industries Copyright statement: This document contains a presentation given to the Puppet User Group by Cloudten Industries in January 2016. It has been made available freely for educational purposes. No part of this document may be reproduced or modified without the express written consent of the author.
  • 3. Copyright 2015   Cloudten   Industries • Project Overview • Technology Stack • Puppet builds and deployments • Security • Issues • Q&A
  • 4. Copyright 2015   Cloudten   Industries Project  Overview • Client was a startup with VC backing. • They wanted to build a mobile social media app: • Dynamically scalable up to 100,000 hits per second • Cross site active/active with real time DR • Multiple test environments to be stood up/down at will • End to end security with encryption at rest • Engaged separate mobile and web app developers
  • 5. Copyright 2015   Cloudten   Industries Multiple  Development  Teams Company  A: Mobile   development  team  in   Melbourne Company  B: Web  App   development  team  in   Perth/India
  • 6. Copyright 2015   Cloudten   Industries Multiple  Development  Teams • Using  Xamarin  Studio  to  create   Apple  and  Android  front  ends • Require  access  to  code  base  to   publish  WSDLs  under  web  app • Require  access  to  app  logs • Using  a  JDK  to  create  a  J2EE   app  running  in  Tomcat • Require  access  to  entire  web   app  code  base • Require  access  to  more  logs
  • 7. Copyright 2015   Cloudten   Industries What  Did  We  Need  to  Solve  ? • Client didn’t have (or want) any full time IT staff. • Client did want: – Hands off builds and app deployments – Self managed consistent server fleet – No outage deployments – No direct access to infrastructure from developers
  • 8. Copyright 2015   Cloudten   Industries Hosting  in  AWS • AWS provide on-demand scalable resources • Facility to implement “Infrastructure as Code” • Secure and durable object storage for code drops • Fine grained security controls to create server roles and limit developer access. • Additional services to co-ordinate deployments (Lambda, SNS, SQS)
  • 9. Copyright 2015   Cloudten   Industries AWS  Autoscaling AWS can automatically add (and remove) servers to a load balancer pool based on a given metric ( eg. CPU or number of connections) Scaling  trigger  hit Scale  out  to  share  the  load
  • 10. Copyright 2015   Cloudten   Industries How  does  it  work  ? • Launches and builds identical virtual machines • Destroys them with reckless abandon. • Essential to get all logs into a central store • Any generated content must be shared (i.e. can’t be stored on a local machine) • The instance launch can trigger a build process (e.g. Puppet )
  • 11. Copyright 2015   Cloudten   Industries Automated  Server  Builds Start  with  base  Amazon Linux  Image Invoke  bootstrap  script Install  Puppet  RPM S3  sync  config and Puppet  manifests Puppet  Apply
  • 12. Copyright 2015   Cloudten   Industries Puppet  Build  Tasks • Linux security patching and kernel hardening • Define custom package repositories • AWS tagging using facter – Querying metadata to set instance specific tags – Set tags for environment variables to be used later • Package installation, config and version enforcement – NGINX, WAF, Tomcat, monit, sumo agents etc • Configuration management – functional users, public keys, cron jobs, log rotations, system health checks
  • 13. Copyright 2015   Cloudten   Industries EC2  Tagging  with  Facter # Sets hostname class common::hostname { require aws file { '/etc/hostname': ensure => 'present', owner => 'root', group => 'root', mode => '0644', content => template('common/hostname.erb'), notify => [ Exec['Set Hostname'], Exec['Set EC2 Name-tag'] ], } ... exec { 'Set Hostname': command => "/bin/hostname -F /etc/hostname", unless => "/usr/bin/test `hostname` = `/bin/cat /etc/hostname`", refreshonly => 'true', } exec { 'Set EC2 Name-tag': command => '/usr/local/bin/setec2nametag', unless => '/usr/bin/test `/usr/local/bin/facter ec2_tag_Name` = `/bin/cat /etc/hostname`', } }
  • 14. Copyright 2015   Cloudten   Industries Kernel  Tuning # sysctl class class common::sysctl { file { '/etc/sysctl.conf': source => 'puppet:///modules/common/sysctl.conf', owner => 'root', group => 'root', mode => '0644', notify => Exec['Refresh sysctl'], } exec { 'Refresh sysctl': command => '/sbin/sysctl -q -p', refreshonly => 'true', } }
  • 15. Copyright 2015   Cloudten   Industries Developer  Code  Drops MySQL App
  • 16. Copyright 2015   Cloudten   Industries Event  Based  Triggers cron 1 2 334 4 5 5 cron control script 6 7 Complete  deployment  and   set  a  marker  file  as  a  trigger Check  for  marker. If  present  put  message   on  SQS  queue CS  checks  for  message on  queue Get   message  from  queue S3  sync  of  changes to  staging  area Puppet  applies  changes   and  restarts  services
  • 17. Copyright 2015   Cloudten   Industries How  Does  that  Queue  Work  ? • Lambda creates the queue once it detects trigger file (if it doesn’t exist already) • Lambda queries the auto-scaling group and creates a message on the SQS queue for each member. It then deletes trigger file • Each message has a 30 minute expiry ( deployments usually take <5 minutes) • SQS queue has multiple consumers ( app servers) • App server checks for its own message, retrieves then deletes it once deployment is successful. • Lambda periodically checks for messages about to expire and the dead letter queue. Triggers an email alert if there is an issue.
  • 18. Copyright 2015   Cloudten   Industries Puppet  Deployment  Tasks Check for changes in staging content area Sync content Check for configuration file changes in staging areas Apply changes Restart/reload relevant services Random sleep
  • 19. Copyright 2015   Cloudten   Industries Puppet  Deployment  Tasks # Conf dir file { '/etc/nginx/conf': ensure => ‘directory’, source => 'puppet:///modules/nginx/conf', recurse => true notify => Service[’nginx'], require => Package[’nginx'], } # WAF rules file { '/etc/nginx/waf/modsec_waf.rules': source => 'puppet:///modules/nginx/waf/modsec_waf.rules', ... notify => Service[’waf'], require => Service[‘nginx’]. require => Package[’nginx'], }
  • 20. Copyright 2015   Cloudten   Industries AWS  IAM  Users/Groups/Roles • IAM (Identity & Access Management) allows fine grained user, group and role definitions • S3 Bucket policies add a further level of security to restrict access to resources stored in S3 • Web developer bucket policy allows full access for web dev group • Mobile developer bucket policy allows full access for mobile dev group and read only access for web dev group
  • 21. Copyright 2015   Cloudten   Industries IAM  Users
  • 22. Copyright 2015   Cloudten   Industries IAM  Users { … { "Sid":  "AllowS3ListAccessToBucket", "Effect":  "Allow", "Principal":   { "AWS":  "arn:aws:iam::123456789101:group/webdevs" }, "Action":  "s3:ListBucket", "Resource":  "arn:aws:s3:::fdsr-­‐webcontent-­‐puppet-­‐prod" }, { "Sid":  "AllowS3AccessToModules", "Effect":  "Allow", "Principal":   { "AWS":  [ "arn:aws:iam::123456789101:group/webdevs", "arn:aws:iam::123456789101:role/iam-­‐ec2-­‐webrole", ] }, "Action":  [ "s3:AbortMultipartUpload", "s3:GetObjectAcl", "s3:DeleteObject", "s3:GetObject", "s3:PutObjectAcl", "s3:PutObject" ], "Resource":  "arn:aws:s3:::fdsr-­‐webcontent-­‐puppet-­‐prod/modules/webapp/files*" } ] }
  • 23. Copyright 2015   Cloudten   Industries IAM  Users/Groups/Roles App Server
  • 24. Copyright 2015   Cloudten   Industries IAM  Users/Groups/Roles IAM roles allow dynamically launched virtual servers to securely access credentials by querying locally accessible metadata at the special use IP address 169.254.169.254 $ curl http://169.254.169.254/latest/meta-data/iam/security-credentials/s3read-only { "Code" : "Success", "LastUpdated" : "2015-04-26T16:39:16Z", "Type" : "AWS-HMAC", "AccessKeyId" : "AKIAIOSFODNN7EXAMPLE", "SecretAccessKey" : "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY", "Token" : "token", "Expiration" : "2015-04-27T22:39:16Z" }
  • 25. Copyright 2015   Cloudten   Industries Why  Masterless Puppet • Less instances to manage ( no IT staff to manage it ) • No access for developers to internal infrastructure • Not Enterprise Puppet • No need to manage Puppet certificates ( AWS API calls are all encrypted and IAM enforces authentication)
  • 26. Copyright 2015   Cloudten   Industries What  Issues  Did  We  Have  ? • Enforced versions being removed from repos • Auto-scaling and healthcheck tuning • S3 sync not handling zero byte files properly • Event trigger mechanism needed tweeking • Developers storing files on local instances • S3FS. Don’t use it ! EVER !
  • 27. Copyright 2015   Cloudten   Industries Who  Are  Cloudten ? • Advanced AWS Consulting Partner • Specialise in the design, delivery and support of cloud based infrastructure projects • Focus on cloud security and hybrid integration • We are a Puppet shop !
  • 28. ©opyright   2015   Cloudten   Industries