Anazon Web Services

IAM

• Policies specify specific permissions
• Roles are a collection of policies that services are assigned in
• To groups can be assigned policies as well

Security

User pools

Directories that provide signup and sign-in options for you app users.

Anonymous Access

Anonymous Access creates Identity pools for you.

Identity Pools with Cognito

Identity pools provide AWS credentials to grant your users access to other AWS services.

Roles

Roles are collections of policies to which services are assigned.

IAM

In IAM, which areas need to be considered with restrictions and access? Computing, Storage, Database, and App services

Development

DynamoDb

Schema-Less database that only requires a table name and primary key

Lambda

AWS Lambda is a computing service that lets you run code without provisioning or managing servers.

DynamoDB

Can you use Oracle RDBMS with DynamoDB? No; DynamoDB is for non-relational databases, and Oracle is a relational database.

Messaging and Event Driven

Message => step functions => event/lambda => SNS => SQS => Lambda

States Machines

State machines are made up of states, their relationships, and the input and output defined by the Amazon States Language.

SNS

SNS pushes its messages out to its subscribers.

SQS

SQS stores the messages until someone reads them and processes them off the queue. SQS is useful for sending and receiving messages between apps.

Deployment, Scalability and Monitoring

Elastic Bean Stalk

Deploy and scale web apps and services

CloudFormation Stacks

Configure and Maintain system

CloudFormation

Provisions and management stacks of aws resources based on the template you created to model your infrastructure

Elasticache

Service to launch and scale and manage a distributed in memory cache Caching is great to performance and efficiency

Cluster

• Redis
• Memcache

CloudFront

Global Content Delivery Network CloudFront is secure and quickly delivers data, video, applications, and APIs. This means it has shorter distances to deliver and higher performance.

Cloud Watch

You can create high-resolution alarms and automated actions. These alarms can monitor costs for your budget, metrics, events, and logs. CloudWatch alarms are part of Elastic Beanstalk, and there are two of them. What are the two alarms? CloudWatch has two alarms to monitor loads, and they trigger when the alarms are too high or too low for the auto scaling group.

AWS: Deploying Your Application to the cloud

Code Commit

Git compatible, secure and scalable source control. Can be trigger by AWS Tools It is recommanded to use IAM user. IAM has a specific section for CodeCommit credentials. Recommanded: Use MasterBranch as a trigger for deployments

• Access: CodeCommitFullAccess

How can you move files from one source control management tool to CodeCommit ? Create an empty repo. Clone your empty codecommit repo. Manually copy and commit the files into it. Then push them to the repo.

Commands

• > aws Configure
• > git --version
• > git config --global username

Code Build

Archive or War file

buildspec.yml

• phases : install : commands
• phases : install : finally

Have to install Java sdk & maven We can have more than one BuildSpec file

• How can you pass values to control my codebuild scripts? Use Environment Variables.
• Where can you find your build logs?
  • CloudWatch logs
  • CodeBuild console

Create Build Project

• Choose manage image
• We are allow to create a role
• Timeout is very important
• Specify a VPC if we need to access to other servers or services during buiild, but it isn't very common
• Choose s3 and a bucket to store the artifacts
• Standard format is zip

Code Deploy

• appspec.yml : tells codedeploy what to do with our generated binaries and any additional files we may need
• Genrally: takes the web archive and copy it to the webapps folder of a tomcat web server where it will be deployed automatically by apache tomcat
  • Files: source / destination

Deployment

Deployement groups

a way to identify the servers we are deploying to

• Name
• Role of EC2 to code deploy
• Choose to uncheck the Load Balencer
• triggers, alarms, rollbacks

Create deploymenet

Now we have an Application and a Deployment group we can create a deployment

• Wich files to deploy
• where to deploy them

s3 URL

s3://bucketname/file

• Ruby is required by our code deployment agent
• Download an install file:
  • > wget https://aws-codedeploy-us-west-1.s3.amazonaws.com/latest/install
  • > chmod +x ./install
  • > sudo .install auto
  • > sudo service codedeploy-agent status

Important to check: EC2 Console > right clic server > settins > IAM Role > S3Admin

• Code deploy through the code-agent will reach out to s3 to our bucket with the deployment binary

KeyPoints

What's needed to create a revision .ZIP file? An AppSpec and the code binaries

Code Pipeline

Source > Build binary > Test > Production

Create a pipeline

1. Create a role: this role will allow code pipeline to access this particular pipeline wich will be created in our pipeline
   1. even AWS itself not have access to resources within our account unless we provide privileges
2. Specify a branch
3. CHoose detection option : code pipeline vs cloud watch

Configure the build stage

1. Choose a build provider: codeBuild
2. Configure: Operating system, runtime, runtime version = can be upgraded in buildspec. yml file

Deploy Stage

1. Select Application and Deployment group\

Go

As soon as the pipeline is created, it is running so make sure it is what you want

Key Points

• Continuous integration and deployment pipeline
• various tools
• Passe the output to the next stage
• Jenkins like: difference it is a service
• simple to complex workflows
• Support approvals

When is it a good practice to add a CodePipeline approval step? during deployment to servers that are being used regularly Disrupting QA Testers by taking down their server unannounced is a bad practice. You should consider an approval for this, just like production deployment approvals.

• It is possible to generate more than one artifact on one build

Elastic BeanStalk

What is beanstalk doing ?

• HighAvailability
• Backups
• Health Checks
• Alarms
• Track Metrics
• Code deploy agents
• database: constant patching, updates, backups, monitoring

Create

what will we do

• Create a server
• give it a domain name
• install all the required softwares
• handle the deployment
• handle execution

Environment

In beanstalk, an application is a container for environments the environment is the application architecture it is made up of

• application servers
• web servers
• load balencers
• auto scalling group
• database
• ....

By default: Web Base Application the "ugly" domain name can be modified with a C-Name but if we want to change it, the environment has to be deleted.

Finally: It will trigger a cloud formation build

Use it with code pipeline

• send directly the compiles java class to beanstalk
  • create a secondary buildspec.yml files that is going to create an artefact

HOW TO : Pipeline > edit > Edit Stage > Add Action > Create Project > Configure > Specify the name of the new buildspec.yml file > Give a name to the multiple Output artefacts