Upload
amazon-web-services
View
452
Download
2
Embed Size (px)
Citation preview
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Shahbaz Alam – Manager, AWS Professional Services
Peter Marney – SVP, Chief Product Technology Officer, John Wiley & Sons
Mahdi Sajjadpour – Senior Consultant, AWS Professional Services
December 1, 2016
DEV321
Enabling DevOps for an Enterprise
with AWS Service CatalogThe John Wiley & Sons Journey with AWS ProServe
What to Expect from the Session
• Understand how AWS CloudFormation and AWS Service Catalog
can be leveraged to balance control and agility.
• AWS Service Catalog Best Practices.
• Understand how to replicate the pattern used by John Wiley & Sons
to help transform your company.
AWS CloudFormation
AWS CloudFormation Concepts and Technology
JSON/YAML formatted file
Parameter definition
Resource creation
Configuration actions
Framework
Stack creation
Stack updates
Error detection and rollback
Configured AWS resources
Comprehensive service support
Service event aware
Customizable
Template CloudFormation Stack
AWS CloudFormation Benefits
• Version control/replicate/update the templates like
application code
• Integrates with development, CI/CD, management tools
• No additional charge to use
Infrastructure as Code Workflow
CodeVersion Control
Code Review
Integrate Deploy
Infrastructure as Code Workflow
CodeVersion Control
Code Review
Integrate Deploy
Text EditorGit/SVN/
Perforce
Review Tools
Syntax Validation
Tools
AWS Services
Infrastructure as Code Workflow
CodeVersion Control
Code Review
Integrate Deploy
“It’s all software”
Text EditorGit/SVN/
Perforce
Review Tools
Syntax Validation
Tools
AWS Services
What do customers tell us about Asset
Management Deployment? 1. Define the resources and
landscapes where software
and application are
deployed
2. ‘Approve once and deploy
many’
3. Enable self service deploy
with confidence
4. Automate deployments
AWS Service CatalogBuilt to manage approved templates and control access to them
AWS Service Catalog
AWS Service Catalog allows organizations to create and manage catalogs of
IT services. It enables users to quickly deploy approved IT services they need
in a self-service manner.
Administrator Users
Control
Standardization
Governance
Agility
Self-service
Time to market
AWS Service Catalog – A Few Terms to Note
Product
Portfolio Stack
Constraint
an IT service that you
want to make available
for deployment on AWS.
a collection of products,
together with configuration
information.
restrict the ways that specific
AWS resources can be
deployed for a product
every AWS Service Catalog
product is launched as an AWS
CloudFormation stack
AWS Service Catalog Overview
Enable
• 11 User API methods
• 37 Admin API methods
• Share products across Portfolios and AWS Accounts
Orchestrate
• Version Products
• Limit console access
• Provide various levels of user access
Automate
• Launch constraints
• Template constraints
Creates portfolio and
assigns product portfolio
1
Administrator
Adds constraints, grant access
and add tags
4
2 Creates
product
Authors
template
Administrator Interaction
ProductX
Versions
Portfolio BPortfolio A
• Users and Roles
• Constraints
• Tags
Service Catalog
3
DevOps
Automation
Opportunities to Strengthen the Handshake
User generated
products to foster
innovation
Back-end micro-services
acting on the stacks
Administrator
Products
Browse
Products
5
43
2
1
Portfolio
Cloud
Consumers
Select version,
Provision
Product,
configure
parametersDeploy
Notifications
and outputs
Notifications and outputs
4Scheduled
functions
Administrator
Cloud Consumer Interaction
AWS Service Catalog Benefits for Enterprises
• One-stop shop for end users
• Simple user access controls to the entire AWS platform
• Built-in governance
• Granular controls on CloudFormation templates
• Version control on products
Access and Governance:
• Reusability of Products across AWS Accounts
• API/CLI and console access
• Tagging enforcement
Reusability and Automation
Why AWS Service Catalog for Wiley?
Standardize
Enforce Consistency
Limit Access
Enforce Tagging, Security Groups
One-Stop Shop
Automate Deployments
Agile Governance
Wiley AWS Service Catalog
Implementation
Infrastructure Meets Application Needs
web app cache database
Application A
Web Tier App Tier Cache Tier DB Tier
web server app server cache cluster database
Portfolio
Tier AlignmentAccess Alignment
How Did We Approach the Environment?
- Design the Infrastructure to meet the Application
- Security and Separation at multiple levels:
- Application Level
- Application Tier Level
- Functional/Access Level
- Security/Network alignment with Application Design
App Stack Deployment Model
Concrete
Application
Infrastructure
Environment Configuration
Application Deployment
AWS
Service Catalog
AWS
CloudFormation
AWS
CloudFormation
De
ve
lop
ment Te
am
Op
era
tio
ns T
ea
m
Au
tom
ation/R
ele
ase M
gm
t. T
ea
m
Developer Experience
Developer Experience
- Single product launch
- Application stack launch
Developer
Find
Product
AWS
Service Catalog
Non-Prod Workflow
web
app
dbwebAWS
CloudFormation
AWS Lambda
Launch Web
Server
Launch a Server
Amazon Route
53 hosted
zone
Amazon
CloudWatch
Events
Amazon
SNS
ITSM
Processes
Amazon
CloudWatch
Review
Metrics
AWS
Service Catalog
AWS
CloudFormation
APPLICATION LOGIN PAGE
Application Deployment
Environmental Configuration
Developer
Launch an App Stack
Infrastructure Deployment
AWS Service Catalog CLI
Leverage the CLI to Provision a Product
]$ aws servicecatalog search-products(list all products)
]$ aws servicecatalog describe-product --id prod-XXXXXX(this gets the provisioning artifact ID)
]$ aws servicecatalog list-launch-paths --product-id prod-XXXXXX (this gets the path ID)
]$ aws servicecatalog describe-provisioning-parameters --product-id prod-XXXXX --provisioning-artifact-id checkUpdateVersion-12345678900 --path-id lp-YYYYYY (this uses the provisioning artifact ID and path ID, and gets the parameters)
Launch a Product with the CLI
]$ aws servicecatalog provision-product --product-id prod-XXXXX --provisioning-artifact-id checkUpdateVersion-123456789000 --path-id lp-YYYYYY --provisioning-parameters Key=KeyName,Value=MyKeyPair3 Key=InstanceType,Value=m4.medium --provisioned-product-name reInvent-CLI-example --provision-token exampletoken
(launch product with parameters listed, you can also supply a
JSON file)
Production Rollout Experience
AWS
Service CatalogAWS
CloudFormation
APPLICATION LOGIN PAGENon-Prod
Release
Management
Finalize
template
AWS
Service Catalog
Non-Prod
Prod
Share or
Import
template
Automate
Deployments
Operations
Create
Product
Production Workflow
Trigger Infrastructure and Application
builds via Jenkins
AWS Service Catalog CLI
10+ AWS Service Catalog Portfolios
50+ AWS Service Catalog Products
800+ product launches
in the past 3 months!
The Numbers…
Enabling DevOps
Consumers Creators Managers
Wiki
DevOps
Infrastructure
FAQs
Consumers Creators Managers
Function Consume Resources Create Artifacts
Automate Processes
Create Environment
& Manage Resources
Typical Job Role Developers Automation/Release Mgmt Operations & InfoSec
AWS Access Launch Resources Create Artifacts Manage Environment
Governance
Responsibility
Meet Cost Requirements Artifacts that meet Standards Environment &
Compliance
Logging and
Monitoring
Read-Only Create Alarms & Dashboards Monitor & Audit
Service Catalog
Alignment
EndUserFullAccess AdminFullAccess AdminFullAccess + Full
IAM access
Consumers Creators Managers
Function Consume Resources Create Artifacts
Automate Processes
Create Environment
& Manage Resources
AD Group Publishing-Platform-Developers Publishing-Platform-DevOps AWS-admins
IAM role Publishing-Platform-Developers Publishing-Platform-DevOps AWS-admins
Policies attached
to Roles
ServiceCatalogEndUserFullAccess
ReadOnlyAccess
AWSSupportAccess
CloudWatchCreateDashboard
ServiceCatalogAdminFullAccess
ReadOnlyAccess
AWSSupportAccess
CloudFrontFullAccess
PublishingSQSAccess
AdministratorAccess
Service Catalog
Portfolio Access
Publishing-Platform Publishing-Platform
All of Service Catalog
All of Service Catalog
Example
Creates AD groups and AWS
IAM roles for application,
create IAM policiesOperations
Defines and creates Launch
constraints
2
Operations/Infrastructure InteractionManaging Environment
Web
Server
Versions
Application BApplication A
• Users
• Constraints
• Tags
Service Catalog1
Defines template constraints
AMI, security group, subnet,
instance types, tags
3
Creates portfolio and
assigns products to portfolio
1
Adds template constraints,
grant access and add tags
4
2 Creates
product
Authors
template
Automation/Release Mgmt InteractionManaging & Creating Products
Web
Server
Versions
Application BApplication A
• Users
• Constraints
• Tags
Service Catalog
3
Release
Mgmt
Set Constraints with CLI
]$ aws servicecatalog create-constraint --portfolio-id port-ZZZZZZ --product-id prod-XXXXXX --parameters "{\"Rules\": {\"Rule1\": {\"Assertions\": [{\"Assert\": {\"Fn::Contains\": [[\"EXAMPLE-AMI-ID-1\",\"EXAMPLE-AMI-ID-2\"],{\"Ref\": \"ami-id\"}]},\"AssertDescription\": \"AMI ID should be either EXAMPLE-AMI-ID-1 or EXAMPLE-AMI-ID-2\"}]}}}" --type TEMPLATE –idempotency-token exampletoken
New marketplace AMI
Custom AMI
AMI
Template
Constraint
Alignment Consistency ReusabilityAgility & Flexibility
Time to Market
Built-In Governance
Automation
Thank you!
Remember to complete
your evaluations!