6. Key reasons for organizations to adopt
CI/CD principles
• Accelerate the delivery of new, high-quality services
• Reduce the impact of changes
• Gain insight across resources and applications
• Protect customers and the business
9. Microservice development lifecycle
Developers Services Delivery pipelines
MonitorBuild Test Release
MonitorBuild Test Release
MonitorBuild Test Release
MonitorBuild Test Release
MonitorBuild Test Release
MonitorBuild Test Release
10. CI/CD for modern software delivery
AWS CodeBuild
+ third party
AWS
CodeCommit
AWS
CodeBuild
AWS
CodeDeploy
AWS
X-Ray
AWS CodePipeline
MonitorDeployTestBuildSourceAuthor
AWS Cloud9
AWS IDE toolkits
Amazon
CloudWatch
AWS
CloudFormation
AWS
SAM
AWS Cloud
Development Kit
Model
Amazon CodeGuru
11. Effects of CI/CD
Source: 2018 State of DevOps Report, DORA
Deployment frequency Weekly–monthly Hourly–daily
Change lead time 1–6 months 1–7 days
Change failure rate 46%–60% 0%–15%
48% of
software
teams
12. Continuous integration goals
Continuous integration
Source Build Test Production
1. Automatically kick off a new build when new code is checked in
2. Build and test code in a consistent, repeatable environment
3. Continually have an artifact ready for deployment
4. Continually close feedback loop when build fails
13. Continuous deployment goals
Continuous deployment
Source Build Test Production
1. Automatically deploy new changes to staging environments for testing
2. Deploy to production safely without impacting customers
3. Deliver to customers faster: Increase deployment frequency and reduce
change lead time and change failure rate
15. AWS CodePipeline
• Continuous delivery service for fast and reliable
application updates
• Model and visualize your software release process
• Builds, tests, and deploys your code every time
there is a code change
• Integrates with third-party tools and AWS
16. AWS CodePipeline: Supported sources
Automatically kick off release and pull latest source code
Pick object or folder
Amazon Simple
Storage Service
(Amazon S3)
Pick Docker tag
Amazon Elastic
Container
Registry
(Amazon ECR)
Pick branch
AWS CodeCommit
GitHub
22. Infrastructure as code goals
Infrastructure as code
1. Make infrastructure changes repeatable and predictable
2. Release infrastructure changes using the same tools as code changes
3. Replicate production environment in a staging environment to enable
continuous testing
23. Continuous testing with infrastructure as code
Validate an artifact
(build stage)
• Unit tests
• Static analysis
• Mocked dependencies
and environments
• Vulnerability image scans
Validate an environment
(test stages)
• Integration tests against
real dependencies and
real environments
• Load testing
• Penetration testing
• Monitoring to test impact of
deployments on environment
24. Release infrastructure as code
“Master”
branch
Prepare template Create and execute
change set
Create and execute
change set
25. AWS Cloud Development Kit (AWS CDK)
CDK Application
AWS
CloudFormation
Template
Stack(s)
Construct Construct
Resources
AWS
CloudFormation
Amazon
Simple Queue
Service
AWS
Lambda
Amazon
S3 bucket
Amazon
DynamoDB
Define cloud infrastructure using
familiar programming languages
Higher-level components to
preconfigure cloud resources
NEW
26. CI/CD with the AWS CDK
Stack Stack
Region
Region
Region
Region
Region
Region
Region
Region
Git users
Git push
AWS Cloud
CDK Application
Stack
Construct Construct
Amazon Simple
Queue Service
AWS Lambda
AWS Fargate
Amazon
DynamoDB
Assets
AWS
CodePipeline
Stack Stack
Stack Stack
Stack Stack
Stack Stack
Under comment at CDK GitHub repo!
28. More innovation, greater agility, with control
Don’t choose between
agility or control
Customers want both Governance
Enable
Provision
Operate
Agility
Experiment
Be productive
Empower distributed
team
29. Your service management framework
Cloud center
of excellence
Monitoring
and logging
Developer
portal
Security&IAM
AWS resourcesManagement and governance
Compute Database Storage
Amazon
CloudWatch
AWS
CloudTrail
AWS
Config
AWS
Systems Manager
AWS
CloudFormation
AWS
Service Catalog
AWS
Organizations
AWS
Marketplace
AWS
Control Tower
30. Provision
Operate
AWS management and governance services
Enable
BUSINESS AGILITY + GOVERNANCE CONTROLAgility and control
AWS
Control Tower
AWS
Organizations
AWS
Budgets
AWS
License Manager
AWS Well-
Architected Tool
AWS
OpsWorks
AWS
CloudFormation
AWS
Service Catalog
AWS
Marketplace
AWS
Cost Explorer
Amazon
CloudWatch
AWS Cost and
Usage Reports
AWS
CloudTrail
AWS Systems
Manager
AWS
Config
31. AWS Chatbot (beta) can now run commands
• Receive notifications
• Run commands for diagnostic
information
• Predefined IAM policy templates
• Support for Slack and Chime
Interactive agent for ChatOps on AWS
New!
32. Send notifications from an AWS Code* service
Subscribe AWS Code* services to Amazon SNS topics
integrated with AWS Chatbot
New!
33. Amazon CodeGuru
Using machine learning (ML) to build and run high-performing applications
Built-in code reviews
with intelligent
recommendations
Detect and optimize
the expensive lines of
code pre-production
Easily identify
application inefficiencies
in production environment
New!
34. Learn to build modern applications on AWS
Enable rapid innovation by developing your skills in designing,
building, and managing modern applications
Resources created by the experts at AWS to help you build and validate developer skills
Validate expertise with the AWS Certified DevOps –
Professional or AWS Certified Developer – Associate exams
Learn to modernize your applications with free digital training and
classroom offerings, including Architecting on AWS, Developing on
AWS, and DevOps Engineering on AWS
Visit the developer learning path at aws.amazon.com/training/path-developing
V1 of the AWS Cloud Development Kit was released on July 11th with TypeScript, Javascript and Python as the primary supported Languages. The Java and C# support was in Preview but is now released.
AWS CDK allows developers to write CloudFormation in a language they’re already using every day in their work.
24:00
敏捷: 實驗 富有成效 授權各團隊使自主
治理:
啟用 - AWS Control Tower / Organizations / Budgets / License Manager / WA Reviews
規定 - CloudFormation / Service Catalog / OpsWorks / Marketplace
操作 - CloudWatch / CloudTrail / Config / System Manager / Cost and Usage Report / Cost Explorer
AWS offers a set of Management and Governance services to help our customers improve business agility AND maintain governance control.
When IT deploys Management and Governance services on AWS, they can support innovation, unclog provisioning bottlenecks, improve their security and compliance posture, enhance operational efficiency, and reduce costs.
客戶正在組裝自己的工具鏈 這些工具鏈涉及AWS服務,組合是服務管理框架 各個客戶的作品各不相同,但如今大多數客戶正在構建這些作品
我們還了解到,在先前的行業中,每個客戶都將自己的工具鏈與我們的服務結合到一個命名的框架中。工具和服務的這種集合稱為服務管理框架。
我們使用該術語,因為它是一個鬆散的框架,由不同的客戶定義不同,並且可以滿足不同的需求。但是,作為我們作為整個框架基礎的雲服務的提供者,
我們承認並觀察到客戶如何將來自其他合作夥伴的其他工具集成到我們的管理和治理框架中。而且,我們僅列出了人們經常添加的一些工具。
對我們的。雲卓越中心團隊經常執行此選擇。
Customers are assembling their own tool chains
These tool chains involve AWS services, the combo is a service management framework
Pieces vary customer by customer but a majority of customers are building these today
What we’ve also learned is that every customer , in the prior set of industries, assembles their own tool chain, in combination with our Services, into some named framework. This collection of tools and services is called the service management framework. We use that term, because it is a loose framework, defined differently by different customers, and it solves for different needs. But in our being the provider of the cloud services, underlying your overall framework, we acknowledge and observe how customers integrate other tools, from other partners, into our management and governance framework..
And we list just some of the tools people often add on to ours. The cloud center of excellence teams often perform this selection.
CloudFormation / service Catalog / OpsWorks / Marketplace
CloudWatch / CloudTrail / Config / System Manager / Cost and Usage Report / Cost Explorer
AWS supports service mgt frameworks with a set of 17 services in the mgt and governance space
Broken down into three buckets – enable, provision, operate
Last year, we retitled the console group just before reinvent 2019, as “ Management and Governance” – a conscious console naming decision to describe a collection of services. There are over 17 associated services, across our console, that we think about enabling, provisioning and operating resources, at scale, in an organization.
1/ Enable your builders for speed with built-in governance
AWS Control Tower to set-up an AWS environment with governance built-in from the start across accounts
AWS Organizations to provide on-going governance of your AWS environment through Service control and resource policies.
AWS Budgets: Depending on how you budget for resources, and how you track license compliance, for things like windows server, we are also building out AWS Budgets and License Manager..
2/ Provision applications and resources that meet your policies
AWS CloudFormation is our core scripting language tool for describing and provisioning resources – it covers over 100 AWS Services
AWS Service Catalog simplifies resource definition to a defined product level, under an API, to simplify yet scale the distribution and publication of pre-approved catalog of applications, resources, or services for builder/user teams to consume in a self-service manner with less learning and faster deployment.
AWS Marketplace enables the provisioning of third party products, many pre-wrapped in CFN JSON, which makes it easy to find, BYOL, buy, deploy, and then govern those 3rd party applications.
3/ Operate your environment with speed and governance
Amazon CloudWatch makes it easy to monitor AWS resources, applications and services, helping ensure your applications are running smoothly.
AWS CloudTrail helps improve compliance auditing and security analysis, by making it easy to record and track user & application activity against those resources .
AWS Config is designed to to automate ,evaluate and monitor your AWS resource configurations, set policies for your configurations, and quickly remediate configurations that fall out of compliance.
AWS Systems Manager, the central operational control point for operators to manage applications and resources in AWS, and seamlessly extend across to your existing on-premises or hybrid cloud environments.
And for IT Finance / and Operations teams to collaborate, our ongoing Cost and Usage Reports, and Cost Explorer, are designed to present data on cost of operations, for ongoing governance and alerting about spend. Most large organizations treat IT Finance as part of their governance team.
And of course, on the left, we have a whole set of Security and Identity Controls, where the CISO has oversight on access controls to resources. We can’t also dig into that this morning. There are a separate set of sessions on that, but let’s be clear, that integration of Security into DevOps, is ongoing, and leading to more of a DevSecOps model.
This framework of our Management and Governance services, is a good view on the tools we are building out from customer feedback, to optimize your agility, your control, and to increase automation at scale. (TOO LONG 1:45 )
If you’re ready to continue learning: Live instructor-led courses offer accredited AWS instructors who teach using a mix of presentations, discussion, and hands-on labs
Learn to modernize your applications with courses like Architecting on AWS, Developing on AWS, Advanced Developing on AWS, and DevOps Engineering on AWS
Visit the learning path tailored specifically for the developer role