AWS devops professional

[changtimwu]

devops professional certification

https://aws.amazon.com/certification/certified-devops-engineer-professional/

white papers

• https://d1.awsstatic.com/whitepapers/managing-multi-tiered-web-applications-with-opsworks.pdf
• https://aws-quickstart.s3.amazonaws.com/quickstart-codepipeline-bluegreen-deployment/doc/blue-green-deployments-to-aws-elastic-beanstalk-on-the-aws-cloud.pdf

advices

• sample questions and answers
• advice 1 -- take at least whizlab if having no time
• advice 2
• advice 3 -- data pipeline is featured several times.

[changtimwu]

https://aws.amazon.com/datapipeline/

• There are 5 EIPs limt for a region. If you create 3 VPCs and each one has two EIP. It would fail.

[changtimwu]

elasticbeanstalk

https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/using-features.deploy-existing-version.html https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/using-features.rolling-version-deploy.html https://www.quora.com/Whats-the-difference-between-immutable-and-blue-green-deployments-on-AWS-Elastic-Beanstalk https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/create_deploy_docker_ecs.html https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/using-features.CNAMESwap.html

cloudformation

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-validate-template.html https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/template-custom-resources.html https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/create-reusable-transform-function-snippets-and-add-to-your-template-with-aws-include-transform.html http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/updating.stacks.walkthrough.html https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/best-practices.html https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/template-custom-resources.html

ELB & autoscaling

https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-cloudwatch-metrics.html https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-healthchecks.html https://medium.com/qbits/autoscaling-using-custom-metrics-5f977903bc45 https://docs.aws.amazon.com/autoscaling/ec2/userguide/LaunchConfiguration.html http://docs.aws.amazon.com/autoscaling/latest/userguide/as-enter-exit-standby.html https://docs.aws.amazon.com/autoscaling/ec2/userguide/Cooldown.html https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-suspend-resume-processes.html#as-suspend-resume https://docs.aws.amazon.com/autoscaling/ec2/userguide/AutoScalingGroupLifecycle.html

monitoring

https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/WhatIsCloudWatchLogs.html https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-log-file-validation-intro.html https://aws.amazon.com/about-aws/whats-new/2016/03/cloudwatch-events-now-supports-amazon-sqs-queue-targets/ https://docs.aws.amazon.com/appsync/latest/devguide/monitoring.html

OPSWORKS

https://aws.amazon.com/opsworks/stacks/ https://aws.amazon.com/blogs/aws/using-aws-elasticache-for-redis-with-aws-opsworks/

CI/CD

https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover-determining-health-of-endpoints.html https://docs.aws.amazon.com/codedeploy/latest/userguide/deployment-steps.html https://aws.amazon.com/premiumsupport/knowledge-center/auto-scaling-group-rolling-updates/

IAM

https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html

MISC

• data pipeline: https://docs.aws.amazon.com/datapipeline/latest/DeveloperGuide/dp-viewing-logs.html
• RDS read replicas: https://aws.amazon.com/rds/details/read-replicas/
• DynamoDB Streams: https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Streams.html
• EBS: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/creating-an-ami-ebs.html
• EMR to S3: https://aws.amazon.com/about-aws/whats-new/2016/11/amazon-emr-now-supports-using-amazon-s3-as-a-data-store-for-apache-hbase/

minor

https://docs.aws.amazon.com/directoryservice/latest/admin-guide/directory_ad_connector.html https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html

[changtimwu]

rolling update

• update a batch a time, 假設有100台, 可以設定一個 batch 是10台, 那一次就只更新10台.
• time based
• health check based 若 rolling update 到某一個 batch 失敗了(via health check), 就會進行 rollback, 把前面成功的 batch 都改回舊版.

immutable update

* always create new instances

一個 eb application 可以有多個 env, 想像就是用同一份 application source, 建立出每不同的 deploy 參數,
instance & URL 都會不一樣.

所以 blue-green deploy, 就是用上面這招, 現有在跑的是 blue env, 把新版用green env deploy 出去, 然後進行互換

Rolling Updates versus Rolling Deployments

• Rolling updates: 改的 config 牽涉到重啟 instance, 拿一 batch, terminate,
• Rolling deployments: code 升級, 但是不用重啟 instance, autoscaling 會進行拿出一batch

[changtimwu]

cloudformation

basics

basic form of a CF entry

NameOfStuff:
  Type: AWS::tellFormatOfStuff
  Properties:
     stuffContent1:
     stuffContent2:
     ....

It's obvious that a CF parser basically a program travels a tree and process keys named Type. reference

transform

to include a CF clip in S3

Transform:
  Name: 'AWS::Include'
  Parameters:
    Location: 's3://MyAmazonS3BucketName/MyFileName.yaml'

the AWS::Serverless Transform extends resource types

  MyServerlessFunctionLogicalID:
    Type: AWS::Serverless::Function
    Properties:
      Handler: index.handler
      Runtime: nodejs4.3
      CodeUri: 's3://testBucket/mySourceCode.zi

[changtimwu]

lambda blue/green deployment

https://docs.aws.amazon.com/codestar/latest/userguide/how-to-modify-serverless-project.html something like rolling deployment for lambda

簡單的說 lambda function 更新了以後, traffic 仍然只導到舊的 lambda function, 慢慢根據底下策略的不同, 把 traffic 移到慢慢移到新的新的 lambda function codedeploy 上面有選項

用 codestar gen 出來的 lambda project, template.yml 會有下列, 想要 blue-green deploy, 就把 comment 拿掉, 讓它生效

Globals:
  Function:
    AutoPublishAlias: live
    DeploymentPreference:
      Enabled: true
      Type: Canary10Percent5Minutes

[changtimwu]

codestar

其實 codestar 就是大 setup wizard + dashboard, 包含 codepipeline 的 wizard.

EC2 based App

• 要選 EC2 key
• deploy action provider: CodeDeploy
• project resource: CloudFormation, CodeBuild, CodeDeploy, CodePipeline, IAM, EC2, S3
• pipeline stages: Source->Build -> Application

beanstalk based App

• 要開好 VPC, 要選 EC2 key
• deploy action provider: ElasticBeanstalk
• project resource: ElasticBeanstalk, CloudFormation, CodeBuild, CodePipeline, IAM, S3,EC2
• pipeline stages: Source->Build -> Application

lambda based app

• deploy action provider 用 CF, 不用 codedeploy
• project resource: APIGateway, CloudFormation, CodeBuild, CodePipeline, IAM, S3
• pipeline stages: Source->Build -> Deploy

Insights

• CodeStar sample lambda project 裡都只有 CloudFormation, 不像 sample EC2 project 會去用 CodeDeploy
• 想看 CodeDeploy 如何 deploy lambda, 參考Gradual Code Deployment
• resource 一定都會有 cloudformation, 因為都是靠 cloudformation 下去開 resource

[changtimwu]

codestar 很方便, 但要搞清楚 local git push 後發生哪些事

codepipeline

basics

• codepipeline 可以訂stage
• 可以有多條 pipeline, 每個 pipeline 有
  • 多個 stage, 每個 stage 可以再有
  • 多個 action

stage

• stages in a typical pipeline: source -> build -> deploy
• another way is source -> build -> integration(deploy to test) -> production
• complex example

action

• action 可以串成 parallel action 或是 serial action
• action 都是 AWS 規劃好的, 你基本上就是填選項的組成
• action 內部一般有 input & output, 可以串 action, 但I/O data若是 artifacts 實際存哪不知道
• source action: provider 可以選 codecommit or github, 這種action 只有 output 沒有 input
• build action: provider 是 codebuild 時, 會順便在 codebuild 開 project, 在 codebuild 的project內 有有一欄 Initiator 會 reference codepipline 裡的 pipeline id

deploy stage

• 比較複雜

• 以 lambda app 來說, deploy stage 會有兩個 deploy action, provider 都是 CF

  • 1st deploy action: generate a CF change set
  • 2nd deploy action: execute the change set

  CLI

  codepipeline get-pipeline --name nodeci-Pipeline | json2yaml

[changtimwu]

CLI common options

• --query

  cloudformation describe-stacks --query 'Stacks[*].StackId' 

[changtimwu]

AWS ML

summarized in https://aws.amazon.com/tw/machine-learning/

NLP

• Polly
• Transcribe
• Lex
• Translate
• Comprehend

Image & Video

• Rekognition
• SageMaker

Data Analysis

• RedShift
• QuickInsign
• Athena