AWS DevOps Simplified E-Book

AWS DevOps Simplified

Build a solid foundation in AWS to deliver enterprise-grade software solutions at scale

Akshay Kapoor

BIRMINGHAM—MUMBAI

AWS DevOps Simplified

Copyright © 2023 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

Associate Group Product Manager: Preet Ahuja

Publishing Product Manager: Vidhi Vashisth

Book Project Manager: Neil Dmello

Senior Editor: Divya Vijayan

Technical Editor: Yash Bhanushali

Copy Editor: Safis Editing

Proofreader: Safis Editing

Indexer: Rekha Nair

Production Designer: Shyam Sundar Korumilli

DevRel Marketing Coordinator: Rohan Dobhal

First published: September 2023

Production reference: 1080823

Published by Packt Publishing Ltd.

Grosvenor House

11 St Paul's Square

Birmingham

B3 1RB, UK.

ISBN 978-1-83763-446-0

www.packtpub.com

To my family that completes my world:

Rohini, my rock, whose love and encouragement light up every chapter of my life, motivating me to face challenges fearlessly and achieve greater heights.

Dr. Rajnish Kapoor and Mrs. Anita Kapoor, my guiding stars, whose blessings, encouragement, and sacrifices have shaped me into who I am today.

Manish and Shashi, my pillars of strength, whose presence brings joy and inspiration, motivating me in everything I do.

Himank, our little rockstar, whose infectious enthusiasm, curiosity, and laughter continue to brighten our lives. May this book inspire him to reach for the stars and embrace the joy of learning!

– Akshay Kapoor

Foreword

In the early stage of my career, I was part of a massive project to build a medical logistics software system. The team was big, and my role was multifaceted – application frameworks, security, messaging, you name it. But we were in a rut. Two years passed, and we still hadn’t delivered anything to our end users. Why? We were chasing some abstract ideal of “perfect” but had no alignment with our customers’ needs. The whole process was complicated – version control alone felt like solving a Rubik’s Cube without instructions.

The aha moment came during an on-site installation. Cutting out the middleman, we got direct user feedback. That was the eureka moment. Feedback wasn’t just something “nice to have”; it was the lifeblood of what we did. From that point on, my core principle has been to shorten the feedback loop between engineers and customers. The outcome was transformative; instead of a two-year feedback loop, I aimed to narrow it down to two months, two weeks, two days, two hours, and less – continually speeding up the process for better software.

Then came 2008 and my introduction to AWS. This was a paradigm shift wrapped in an API call. The exhilaration was palpable. So much so that I had to share it right then and there – I pulled a colleague into my cubicle, and we went from zero to a running Linux instance in five minutes flat. Compared to the old-world slog of six-week lead times and red-tape marathons, this was a seismic shift. AWS was not just another service; it was the cornerstone of a faster, more agile feedback loop.

Now, let’s talk about DevOps. It’s a term that gets thrown around a lot. What does it mean? Culture, process, tooling? It’s all these things. According to AWS, DevOps is a combination of philosophies, practices, and tools that accelerate software delivery. In other words, it speeds things up and fosters a culture of continuous feedback.

So, when I see Akshay orchestrating a foundation grounded in this “continuous feedback” ethos in AWS DevOps Simplified, it’s more than just gratifying. It’s vindicating. He doesn’t stop at DevOps principles; he dives into tactical execution, offering a treasure trove of hands-on examples and best practices that can be deployed, well, continuously.

Paul M. Duvall

Director at AWS and author of the Jolt Award-winning book Continuous Integration: Improving Software Quality and Reducing Risk

Contributors

About the author

Akshay Kapoor is a software engineer and cloud architect with over a decade of experience in delivering simple solutions for intricate business challenges. He’s a continuous learner and loves to share his knowledge. From start-ups to big companies, Akshay understands how tech teams work and how to boost their progress with the innovative use of DevOps and the cloud. At Amazon Web Services (AWS), he partners with enterprises as a trusted advisor, crafting inventive solutions using AWS services that connect technical strategies with business goals.

He is based in Munich, Germany, and holds a master’s degree in computer applications from Thapar University, India. Akshay can be reached on LinkedIn at https://www.linkedin.com/in/akskap/.

I want to thank my wife, Rohini, for her unwavering support throughout the lengthy process of authoring this book; my parents, for instilling in me the values and strength that have shaped this journey; and Manish and Shashi, for their constant motivation and guidance in all endeavors.


Thanks to the entire team at Packt for their help and support throughout the process, and the reviewers for their valuable suggestions and feedback.

About the reviewers

Alexander (Melnyk) Schüren, as a senior solutions architect at AWS, works with customers across all sectors and sizes to modernize and build new applications on AWS. With deep knowledge and expertise in distributed systems, cloud computing, and software development practices, he enables customers to get the best out of the cloud, gain new perspectives, and understand the architectural trade-offs in day-to-day IT.

Sri Laguduva is an AWS fanatic and experienced DevOps engineer with a background in business administration and project management. He focuses on automating DevOps with testing, security, and business alignment, resulting in robust solutions for start-ups. He believes in the power of automation for developers and implements the shift-left concept for testing, security, and DevOps. He possesses quick learning skills and the ability to adapt to new tech early, and recently added AI and ML to his DevOps portfolio. Sri is a serial entrepreneur with a start-up connecting customers and service providers in niche sectors, such as the religious and spiritual space. Using Flutter, he has built apps such as SuitApp and Next on Plate and has a constant drive to innovate and explore new horizons in the realm of technology.

I would like to express my heartfelt gratitude to all those who have contributed to the creation of AWS DevOps Simplified. Special thanks to the author and the dedicated team of editors and reviewers who have put their expertise and effort into making this book a valuable resource. Additionally, I would like to acknowledge the support of my family as I was reviewing this book. I wish all the very best to the author and hope this book is a great success.

Table of Contents

Preface

Part 1: Driving Transformation through AWS and DevOps

1

Accelerating Your DevOps Journey with AWS

AWS and DevOps – a perfect match

Production-like environments

Scaling with the cloud

DevOps methodologies to accelerate software delivery

Key AWS DevOps services

CI

CD and continuous deployment

IaC

Summary

Further reading

2

Choosing the Right Cloud Service

The three tiers of cloud offerings

Infrastructure as a Service (IaaS)

Platform as a Service (PaaS)

Software as a Service (SaaS)

What to choose when

Simplicity versus control

Cloud skills and resources

Business requirements

Security considerations

Understanding your organization’s cloud operating model

Focusing on sustaining workloads with the traditional approach

Focusing on optimizing workloads

Focusing on growth in the cloud

Key AWS services

Abstracting the infrastructure

Accelerating software delivery with platform services

Fully managed software services

Summary

Further reading

3

Leveraging Immutable Infrastructure in the Cloud

Technical requirements

Pets versus cattle

Mutable and immutable infrastructure

Mutable infrastructure

Immutable infrastructure

Getting started with AWS

Creating a new AWS account

Securing your root user credentials

Creating additional users

Setting up an AWS Cloud9 IDE in your AWS account

Navigating your Cloud9 environment

Working with the test application

Test application

Building an AMI with Packer

Deploying our test instance

Securing incoming traffic with security groups

Creating the test EC2 instance

Terminating the test EC2 instance

Summary

Further reading

Part 2: Faster Software Delivery with Consistent and Reproducible Environments

4

Managing Infrastructure as Code with AWS CloudFormation

Technical requirements

What is AWS CloudFormation?

Key concepts in AWS CloudFormation

How CloudFormation works

Permissions delegation for resource management

API call logging with CloudTrail

How requests flow over the network

Best practices for using CloudFormation to define enterprise-grade architectures

Keep templates small and reusable

Leverage inputs and outputs for cross-stack dependencies

Leverage other service integrations

Leverage StackSets for organization-wide stack rollouts

Avoid hardcoding parameter values

Life cycle policies to protect critical resources

Reusable resource configurations

Deciding between Terraform and CloudFormation

Third-party provider ecosystem

Mapping a resource definition with a deployment

Support for programming constructs

State management for deployed resources

Better integrations offered by cloud-native services

Modules for code reusability

Hands-on deployment with CloudFormation

Network architecture design to support multi-AZ deployments

Hosting a sample web application with an application load balancer and Auto Scaling groups

Summary

Further reading

5

Rolling Out a CI/CD Pipeline

What is CI/CD?

How does CI/CD enable faster software delivery?

Why is continuous deployment hard to implement?

An effective branching strategy is key

Working with feature toggles

Identifying what works best for you

How to choose the best CI/CD solution for your needs

Integration with existing tools

On-premises hosting considerations

Open source or commercial offerings?

Enabling continuous integration with CodeCommit and CodeBuild

Key features offered by CodeCommit

Automating builds and tests with CodeBuild

Using CodeDeploy to orchestrate deployment workflows in compute environments

Key components in CodeDeploy

Key features offered by CodeDeploy

Implementing end-to-end software delivery with CodePipeline

Key constructs used by CodePipeline

Triggering actions in other regions

Rolling out a fully automated CI/CD pipeline in your AWS account

Creating a base AMI for the application instances

Deploying infrastructure and application stacks

Summary

Further reading

6

Programmatic Approach to IaC with AWS CDK

Different approaches to managing infrastructure in AWS

Manual infrastructure management

Automating infrastructure rollouts with scripts

Adopting a declarative approach

Using infrastructure definition generators

Using frameworks that offer high-level abstractions

What is AWS CDK?

Key concepts in CDK

Development workflow

Pros and cons of working with CDK

Deploying a test application with AWS CDK

Understanding the different components of the image recognition application

Bootstrapping a new CDK project

Bootstrapping the AWS account to enable CDK deployments

Defining CDK constructs for application components

Defining Lambda code for orchestrating the application workflow

Synthesizing the template

Deploying the CDK stack into an AWS account

Testing the image analysis workflow

Summary

Further reading

Part 3: Security and Observability of Containerized Workloads

7

Running Containers in AWS

A quick introduction to the container ecosystem

What are containers and why do we need them?

Docker as a container platform

Scaling containerized deployments beyond simple use cases

Key responsibilities of container platforms

AWS services that support running containers in the cloud

AWS Elastic Compute Cloud (EC2)

AWS Elastic Kubernetes Service (EKS)

AWS Elastic Container Service (ECS)

ECS constructs and security features

Important constructs used by ECS

Ensuring a good security posture with ECS

Deploying a test application on ECS

Understanding the test application architecture

Defining the CDK stack constructs

Preparing the web application code

Preparing the static HTML template

Bundling all application dependencies together for deployment on ECS

Deploying our CDK stack in an AWS account

Summary

Further reading

8

Enabling the Observability of Your Workloads

What is observability?

Benefits of observability

Key AWS offerings for monitoring and observability

Amazon CloudWatch

Best practices for a solid observability strategy

Build a hierarchy of dashboards

Use consistent time zones across all systems

Propagate trace identifiers

Ensure that all components of your system emit events

Defining your observability strategy for workloads hosted in AWS

Deploying an observability stack for a test application hosted in ECS

Extending the code base for better observability

Deploying the stack in an AWS account

Observing data to understand application behavior

Summary

Further reading

9

Implementing DevSecOps with AWS

Trade-offs and challenges of security

Lack of ownership

Last step in software delivery

The rapid evolution of application architectures

Outdated security tools

What is DevSecOps?

How is it different from DevOps?

Key benefits of DevSecOps

What it means for security professionals

What it means for developers

What it means for the operations team

Securing your workloads in AWS

Security challenges for operating workloads in the cloud

Test strategies for your AWS workloads

Important tools for security assessments

Rolling out a test CI/CD workflow for DevSecOps

Understanding the target architecture of the DevSecOps pipeline

Understanding the code base

Deploying the CDK stack in an AWS account

Checking the result of security assessments

Summary

Further reading

Part 4: Taking the Next Steps

10

Setting Up Teams for Success

Building a collaborative team setup and culture

Enable your teams to create more value

Establishing a culture of collaboration and learning

Measuring the DevOps maturity of your teams

De-silo Dev and Ops

Blameless post-mortems and RCAs

Technology best practices and considerations for success

Right-size the teams based on the technology cognitive load they can handle

Invest in building abstractions that promote best practices

Making injection of failure scenarios a routine practice

Aligning technology decisions with business expectations

Resources for continuous learning and enablement

Driving change from the bottom up

Structure your ideas well

Demonstrate commitment

Find collaborators and share good practices

Summary

Further reading

11

Ensuring a Strong AWS Foundation for Multi-Account and Multi-Region Environments

What is a Landing Zone?

Key considerations in a Landing Zone

Defining a structure for organizational units and accounts

Focus on cross-account and hybrid networking needs

Securing the Landing Zone with IAM and security services

DevOps and config management

Operations

Best practices for managing multi-account architectures

Limiting access to the management account

Adopting solutions that offer the right balance of ease and control

Invest in building an Account Vending Machine

Maintain a separate AWS Organizations organization for platform development

Avoid provisioning any IAM users

Prefer no-code or low-code solutions

Building a Landing Zone with Control Tower and CfCT

Deploying resources with CfCT

Summary

Further reading

12

Adhering to AWS Well-Architected Principles

Understanding different components of AWS Well-Architected

The AWS Well-Architected Framework

AWS Well-Architected lenses

The AWS Well-Architected Tool

Aligning your architecture with the six focus pillars of the framework

Operating your workloads with confidence

Enhancing the security posture of infrastructure and workloads

Building resilient and highly available systems

Improving the performance efficiency of your workloads

Minimizing cloud costs while maximizing business value creation

Building sustainable workloads in the cloud

Summary

Further reading

Index

Other Books You May Enjoy

Part 1 Driving Transformation through AWS and DevOps

This part underscores the essence of digital transformation and the pivotal roles played by DevOps and AWS. Through real-life examples, you will grasp the significance of customer-centricity and the success linked to focusing on business outcomes over technology. You will also learn about the different service tiers of AWS and how the cloud provider helps realize the benefits of infrastructure immutability. Finally, we’ll guide you through setting up your AWS Cloud9 IDE, which enables the deployment of all hands-on exercises covered in this book, in your AWS account.

This part has the following chapters:

1

Accelerating Your DevOps Journey with AWS

Digital transformation is key to the success of any modern business that wants to deliver great products and delight its customers. It involves the integration of digital technologies and solutions across all areas of the organization. To be successful in this journey, the majority of organizations leverage software automation. This helps them stay ahead of their competition, innovate faster, and reduce the lead time to produce something valuable for the end user. However, just moving fast is not sufficient. Moving fast, and executing well, every single time is where the real magic happens.

Amazon Web Services (AWS) and DevOps are two such enablers that spearhead organizations with fast and controlled growth. They are representative of high-performing teams and agile cultures. Both are often misunderstood in different ways.

DevOps is a human-centered approach that aims at improving communication between people, while software and automation contribute to this goal. It aims at removing silos that block organizations from delivering software faster, and with increased quality. Adopting DevOps requires a change in culture and mindset. The core idea is to remove barriers between development and operations – the two traditionally siloed groups. By frequently communicating with each other, these take complete ownership of their deliverables, often going beyond the scope of their job titles. In some organizations, there might not be any difference between development and operations; they are just seen as one product team that owns the complete life cycle of the software – they build it, they run it.

AWS, on the other hand, is a public cloud provider that helps users get rid of undifferentiated heavy lifting. It provides managed services that help you focus on what you do best while it takes care of everything else. However, it is important to understand that the benefit you reap from these services will largely depend on how you use them and the level of AWS expertise within your organization. Some customers end up increasing their costs while others are able to reduce them. Some might make their application architectures more resilient than before, and others may not. In addition, people mostly view the cloud as a replacement for their on-premises IT landscape, but its real value can also be seen during seamless integration with your existing or future platforms. Sometimes, it just sits there, alongside your data centers, providing you with core differentiating capabilities.

To keep it short, DevOps is not just about automation and tools; DevOps is not just about the cloud. There’s a lot more to it. But if you are a software professional, using AWS anyway, and want to accelerate your DevOps adoption, this book is for you. We want you to be successful in accelerating your software delivery by using AWS. The intent is not to have answers to all the problems you will ever face, but rather to ensure a strong foundational understanding and strategy that you can apply to a variety of problems on AWS, now and in the future.

In this chapter, we will go through some practical solution implementations and DevOps methodologies and will discuss how AWS fits into the overall picture.

The main topics in this chapter are the following:

AWS and DevOps – a perfect match

Gartner’s Cloud Infrastructure and Platform Services (CIPS) Magic Quadrant report (https://www.gartner.com/doc/reprints?id=1-2AOZQAQL&ct=220728) positioned AWS as a leader in both their metrics – Ability to Execute and Completeness of Vision. This speaks volumes about the reliability of the platform in hosting your mission-critical workloads that can adapt to changing customer demands. DevOps methodologies complement this with time-tested ways of working that have a positive impact on the overall IT service delivery.

However, let’s not sugar coat this – efficiently operating your enterprise-grade software environments on AWS can be challenging. The cloud provider has been expanding the list of services offered from the beginning. Your usage, implementation, and solid future strategy will be key.

Even before we dive into anything regarding AWS or DevOps, let’s first go through some real-life examples, covering aspects that are relevant to any software professional. The idea here is to discuss a few approaches that have helped me over many years of maintaining or writing software. I hope these topics are useful for you as well.

Production-like environments

While working as a DevOps specialist a few years ago, I was tasked with helping developers in my team to ship features faster. Upon understanding the challenges they faced in the huge monolithic LAMP stack (Linux, Apache, MySQL, and PHP) application, MySQL surfaced as a common pain point across the board. The continuously increasing size of these on-premises production databases (1 TB+) meant that the developers were frequently unaware of the challenges the application would face in the live environment when the production load kicked in. The application (warehouse management system) was used across several countries in Europe, with each country having its own dedicated MySQL instance and read replicas. Every minute of downtime or system degradation directly impacted shipping, packaging, and order invoicing. During that time, the developers were using local MySQL instances to develop and test new features and would later ship them off to staging, followed by production rollout.

With the problem statement clear, a promising next step was to enable them to develop and test in production-like environments. This would allow them to see how their systems were reacting to evolving customer usage, and to have a better understanding of the production issues at an earlier stage.

With a strong understanding of Bash scripting (…or at least I thought so) and basic MySQL administration skills, I decided to build shell scripts that could prepare these testbed environments, and refresh them with the most recent production data, on a daily basis. A request for a similar number of new MySQL servers was raised with the on-premises infrastructure team. They provisioned them in a week, set up the operating system, and required libraries for MySQL, before handing over to me my newly acquired liability. Moving forward, all maintenance and upkeep of these servers were my responsibility. I later scheduled cronjobs on all these servers to run the scripts created previously. They would perform the following steps at a pre-configured time of the day:

You can see how the different entities communicated in the following figure:

Figure 1.1: Bash scripts to manage database operations

The following day, the developers had recent production replicas available at their disposal, anonymized for development and testing. This was a huge step forward and the developers were excited about this as they were now developing and testing against environments that matched production-level scale and complexity. The excitement, however, was soon overshadowed by new issues. What happens if a particular cronjob execution does not terminate successfully? What if database import takes forever? What if fileservers are not responding? What if the local storage disk is full?

How about a parent orchestrator script that manages all these edge cases? Brilliant idea! I spent the next few days building an orchestrator layer that coordinated the execution of all these scripts. It was not too long before I had a new set of Bash scripting problems to solve: tracking child process executions, exception handling, graceful cleanups, handling kernel signals…the list goes on. Doing all this in Bash was a Herculean task. What started as a simple set of scripts now evolved into a framework that required a lot of investment in time and effort.

Days and weeks passed, and the framework kept evolving. Bugs were identified. New feature requests from the developers were implemented. The framework now had a fancy new name: Bicycle – end-to-end life cycle management for Bash scripts. Finally, after two months, a YAML config-driven Bash framework came into being that sent error notifications on Slack, executed report attachments via email, orchestrated and measured the entire flow of operations, and was generic enough to be adopted by other teams easily. This was not solely for managing database operations, but rather any collection of Bash scripts put together to accomplish a task, as you can see in Figure 1.2:

Figure 1.2: Bicycle framework – managing the life cycle of Bash scripts

The framework served the team well for two to three weeks and then the next wave of challenges became evident:

As you might have noticed already, the framework had matured considerably, but it was as good as the availability, scalability, and reliability of the underlying infrastructure. With underpowered machines, disk capacity issues, and frequent network timeouts, there was only so much the framework could do.

What started as an initiative to increase development velocity soon transitioned into a technology-focused framework. Were there some technical learnings from this exercise? A lot. In fact, there were so many that I wrote a Best Practices for Bash Scripts blog afterward, which can be found at https://medium.com/p/17229889774d. Did it resolve all the problems the developers were facing? Probably not. Before embarking on these lengthy development cycles and going down the rabbit hole of solving technical problems, it would have been better to build a little, test a little, and always challenge myself with the question, Is this what my customers really need?

Knowing your customers (and their future needs)

It’s of paramount importance to know the end beneficiary of your work. You will always have a customer – internal, external, or both. If you are not clear about it, I would strongly recommend discussing this with your manager or colleagues to understand for whom the solution is being built. It’s essential to put yourself in your customer’s shoes and approach the problems and solutions from their perspective. Always ask yourself whether what you are doing will address your customers’ issues and delight them. It took me at least two or three months to bring the Bash framework up to the desired level of performance and utility. However, a Bash script orchestrator was not something my customers (developers) required. They needed a simple, scalable, and reliable mechanism to reproduce production-like databases. In fact, operating this framework was an additional overhead for them. It was not helping them with what they did best – writing code and delivering business outcomes.

Focusing on iterative development and failing fast

Another prerequisite for delivering impactful customer solutions is to establish an iterative working model: deliver work into manageable pieces, monitor the success metrics, and establish a feedback mechanism to validate progress. Applying this to the aforementioned situation would have meant that developers had complete visibility of the implementation from the beginning. Collaborating together, we could have defined the success criteria (time to provision production database replicas) at the very start of the process.

This is very similar to the trunk-based development approach used by high-performing software teams. They frequently merge small segments of working code in the main branch of the repository, which greatly improves visibility and highlights problems more quickly.

Prioritizing business outcomes over technology

As an IT professional, it is very easy to have tunnel vision, whereby the entire focus is on technical implementations. Establishing feedback mechanisms to ensure that the business outcomes are met will avoid such situations and will help with effective team communications while accelerating delivery. This is what DevOps is all about.

Offering solutions as a service

It is important to take the cognitive load off of your customers and offer them services that are operationally light, are easy to consume, and require little to no intervention. This enables them to focus on their core job, without worrying about any add-on responsibilities.

Offering well-documented and easy-to-consume interfaces (or APIs) would have been far easier for the developers in my team rather than onboarding them to learn how to use the custom-built Bash framework. What they really needed was an easy method to provision production-like databases. Exposing them to underlying infrastructure scalability issues and Bash internals was an unnecessary cognitive load that ideally should have been avoided.

Similarly, the on-premises infrastructure team’s focus on their customer (myself) could have eased my job of requesting new infrastructure resources, without having to go through all the logistics and endure a long wait until something tangible was ready for use.

This is an area AWS excels in. It reduces the cognitive load for the end user and enables them to deliver business outcomes, instead of focusing on the underlying technology. The customer consumes the services and has less to worry about when it comes to the availability, scalability, and reliability of the service, as well as the underlying infrastructure. It offers these services in the form of APIs with which the developers can interact, using the tools of their choice.

Mapping the solution components to the AWS services

One exercise that will often help you when working with AWS is designing your solution, identifying key components, and then evaluating whether some of these un-differentiated tasks can be offloaded to AWS services. It’s good practice to compare these choices and to conduct a cost-benefit analysis before adopting the services immediately. Let’s dive quickly into the main components of the database replicas’ example discussed in the Production-like environments section previously, and consider whether AWS services could have been an option to avoid reinventing the wheel:

Figure 1.3: Mapping Bash framework components to AWS services

From a timeline perspective, building the entire stack from scratch, as seen in Figure 1.3, took around three months, but you can provision similar services in your AWS account in less than three hours. That’s the level of impact AWS can have in your DevOps journey. In addition, it’s important to understand that you need not go all-in on AWS. If Amazon S3 (data storage and retrieval service) is all that was needed, then retaining the other components on-premises and using AWS as an extension of the solution could also be considered as an approach for solving the problems at hand.

To summarize, understand your needs, evaluate the benefits provided by AWS services, and adopt only what helps you in the long run.

Now, let’s discuss another instance in which I helped the same developers scale their continuous integration activities with GitLab Continuous Integration and Continuous Deliver, but this time, with AWS. If you have not been exposed to these terms before, continuous integration is a practice that automates the integration of code changes from multiple developers into a single project, and GitLab is a software development platform that helps with the adoption of DevOps practices.

Scaling with the cloud

The GitLab Continuous Integration and Continuous Delivery suite helps software teams to collaborate better and frequently deploy small manageable chunks of code into production environments. My company at that time was using a self-hosted, on-premises version of GitLab Continuous Integration and Continuous Delivery.

There are three main architectural components of GitLab Continuous Integration and Continuous Delivery that are especially relevant to this discussion:

At that time, I was supporting five to six software projects for the developers of my team. Having started with the shared pool of GitLab runners hosted on-premises, we were able to leverage the compute resources for our needs, for roughly 80-120 builds per day. However, with increasing adoption throughout the company, the resources on these runners would frequently become exhausted, leading to several pipeline processes waiting for execution. Additionally, occasional VM failures meant that all software delivery processes dependent on these shared resources across the company would come to a halt. This was certainly not a good situation to be in. The central ops team added more resources to this shared pool, but this was still a static server farm, whereby my team’s build jobs were dependent on how others used these resources.

Having learned from the issues relating to unscalable on-premises infrastructure during the database setup, as discussed previously, I decided to leverage AWS cloud capabilities this time. Discussions with the developers (customers) led to the definition of the following requirements, which were all fulfilled with AWS services out of the box:

Across the entire solution design, the only effort required from my side was the code to register/de-register these runners with the control plane when the compute instances were started or stopped.

The final design (see Figure 1.4) leveraged auto-scaling groups in AWS, which is a mechanism to dynamically scale up or trim down the compute resources depending on the usage patterns:

Figure 1.4: GitLab Continuous Integration and Continuous Delivery with runners hosted in AWS

As soon as the new servers were started, they registered themselves with the GitLab control plane.

Extending your on-premises IT landscape with AWS

AWS cloud adoption need not always translate into shutting down data centers and migrating applications through a lift-and-shift approach. The real value lies in starting small, measuring impact, and utilizing cloud offerings as a natural extension to your on-premises IT landscape.

As seen in the previous scenario, the GitLab control plane still continued to remain in the on-premises data center, while the runners leveraged the elasticity of the cloud. This gave the developers immediate benefits in terms of compute selection, scalability, reliability, and elasticity of the cloud. Amazon EC2 is the Elastic Compute Cloud offering, which offers scalable computing capacity for virtual servers, security, networking, and storage. Combining this with the EC2 Auto Scaling service, I configured capacity thresholds that allowed us to maintain a default set of runners and scale, with the demand driven by real usage.

Infrastructure management in data centers usually lacks this level of flexibility unless there are interfaces or resource orchestrators made available to the end user for provisioning resources in an automated way.

Collecting metrics for understanding resource usage

Requirements relating to measuring usage and alerting on thresholds were further simplified with the use of Amazon CloudWatch. CloudWatch is a metrics repository in which different AWS services and external applications publish usage data. EC2, like other services, makes data points such as CPU, memory, and storage consumption available, which helps to identify threshold breaches, resulting in the automation of scaling decisions.

Having access to these metrics out of the box is a considerable automation accelerator for two reasons. You need not invest any effort in capturing this data with third-party agents and the close-to-real-time nature of this data helps with dynamic decision-making. Furthermore, AWS also offers native integrations around alarms and service triggers with CloudWatch. So, extending these to usual notification mechanisms, such as email, SMS, or an external API, is generally a low-effort implementation.

Paying for what you use

AWS offers a pay-as-you-go pricing model. In contrast to this, on-premises resources come with a fixed-priced costing model and require a lot of time and operational effort. Combining this with metrics from CloudWatch, it was possible to automatically scale down the EC2 compute resources during periods of low usage (after work hours and weekends). This further reduced AWS costs by ~20-30%.

Generally speaking, on-premises infrastructure resources are mostly over-provisioned. This is done to maintain an additional buffer of resources, should ad-hoc demand require it. AWS, on the other side, offers the capability to right-size all your resources based on your exact needs at the moment. This is a big win for agile teams to respond to changing customer demands and usage patterns.

Simplifying service delivery through cloud abstractions

Software technology these days is all about abstractions. This is a topic that we will explore in more depth in Chapter 2, Choosing the Right Cloud Service. All AWS services abstract the complexity from the end users around operational aspects. As a result, end users are empowered to focus on the differentiating features and business outcomes. Earlier, we discussed the need to take the cognitive load off the developers. AWS makes this a reality, and you can develop proofs of concept, demos, and production-grade applications in hours or days, which previously took months.

Leveraging the infrastructure elasticity of the cloud

AWS cloud benefits are not limited to procuring more resources when needed but are also about contracting when possible. Of course, this needs to align with the type of workload you plan to run in the cloud. Sometimes, there are known events that would require more resources to handle the increased load, such as festive sales and marketing initiatives. In other cases, when the usage spikes cannot be determined in advance, you can leverage AWS’ auto-scaling capabilities, as we did for GitLab runners.

So far, we have discussed two solution implementations and how adopting cloud services gives a big boost to reliability and scalability, leading to better customer outcomes. Next, let’s learn about some DevOps methodologies that help accelerate the software delivery process. We will later map these key areas to certain AWS services.

DevOps methodologies to accelerate software delivery

As we discussed at the beginning of the chapter, successful organizations use software automation to catapult their digital transformation journey.

As highlighted in the 2022 State of DevOps Report by DORA (https://cloud.google.com/devops/state-of-devops), DevOps methodologies positively influence your team culture and foster engineering best practices to help you be able to ship software with increased velocity and better reliability. In software engineering, the following principles have been well established and are known to optimize the way teams work and collaborate.

Continuous integration

Continuous Integration (CI) is a software engineering best practice that advocates the frequent merging of code from all software developers in a team to one central repository. This increases the confidence in and visibility of new features being released to the customers. At the same time, automated tests make releasing code multiple times a day seamless and easy. Developers also get quick feedback regarding any bugs that might have been introduced into the system as a result of implementing features in isolation.

Continuous delivery

Continuous Delivery (CD) is the practice of producing code in short cycles that can be released to production at any time. Automatically deploying to a production-like environment is key here. Fast-moving software teams leverage CD to confidently roll out features or patches, on demand, with lightweight release processes.

Continuous deployment

Continuous deployment enables teams to automatically release the code to production. This is indicative of high DevOps maturity and rock-solid automation practices. Using continuous deployment, code is automatically deployed to the production environments.

This requires deep integration into how the software stack functions. All ongoing operations and customer requests are automatically taken care of, and the release process is hardly noticeable to the end user.

In later chapters, we will go through some hands-on examples around CI/CD processes and use native AWS services to see things in action.

Infrastructure as Code (IaC)

Managing AWS infrastructure components with code, using SDKs, APIs, and so on, makes it very convenient to reliably manage environments at scale. Unlike static provisioning methods used on-premises, these practices enable the creation of complete infrastructure stacks with the use of programmable workflows.