Deployment + Instance Management

Elastic Beanstalk

good solution for on-prem to cloud migration, developer centric view of deploying an application on AWS, with full control over each configuration of components. Free service but pay for underlying infrastructure. Great for re-platforming applications from on-prem to cloud.

Elastic Beanstalk Managed Service

instance and OS config is handled by beanstalk, deployment strategy is configurable but performed by Beanstalk. Code is the responsibility of the developer

Single Instance Architecture

good for development only when deployed with elastic beanstalk

Load Balancer + Auto Scaling Group in Beanstalk

good for pre-production and production web applications, for high availability

ASG Only in Beanstalk

good for non-web apps in production (workers)

Worker

performs tasks that are long to complete, decoupling applications to two tiers.

Blue/Green Deployment

not a native beanstalk feature, but will create a new stage environment and deploy the new application version there, new environment is validated independently and rolled back in case of issues. Using a weighted routing policy in Route 53, redirect traffic to stage environments, perform a DNS swap in Beanstalk to fully shift to new environment.

CodeDeploy

handle deployments to non-beanstalk managed instances (EC2, ASG, lambda, ECS).

EC2 Deployment Strategy in CodeDeploy

using the appspec.yaml file and deployment strategy file, perform in-place updates on a fleet of EC2 instances, define hooks to verify deployment is working after each phase (e.g. update half at a time)

ASG Deployment Strategy in CodeDeploy

perform in-place updates to existing EC2 instances in the ASG, instances newly created will also get automated deployments, or can use Blue/Green deployments if there is an Load Balancer

Lambda Deployment Strategy in CodeDeploy

traffic shifting feature, with pre-and-post traffic hooks to validate before and after traffic is shifted. Automatically rollback with CloudWatch alarms, and using the Lambda Alias

ECS Deployment Strategy in CodeDeploy

support for blue/green in ECS and with Fargate, setup is done within ECS service definition, and a new task set Is created, and traffic is re-routed to new task set. Support for Canary deployments.

CloudFormation

Infrastructure as Code (IaC) platform in AWS, can move stacks across multiple accounts and regions.

CloudFormation Retained Deletes

in the delete policy can choose to retain (keep), snapshot (backup) or delete (default) resources that are removed via the template. If S3 bucket is deleted but is not empty, the delete will fail.

CloudFormation + Custom Resources

Lambda function that is created to do something (e.g. AWS Resources that are not yet supported, an on-prem application, emptying an S3 bucket before deleting, fetch an AMI ID).

Stack Sets

create, update, or delete stacks across multiple accounts and regions in one operation. Admin account creates stack sets, and trusted accounts can use the stack sets and setup automatic deployments.

CloudFormation Drift

protection against manual configuration changes of resources from template. Evaluates all resources and sees the underlying template, and provides a comparison

CloudFormation Resource import

importing resources into new stacks, should not delete and re-create resources as part of a stack, use the unique identifier of the resources and reference that in the template.

Service Catalogue

self-service portal that launch authorized products in AWS (CloudFormation templates that are put into a portfolio, created by a system admin). Integrations with self-service portals (e.g. ServiceNow)

Serverless Application Model (SAM)

framework for developing and deploying serverless applications, with YAML configurations that can be run locally, leveraging code deploy to deploy to Lambda functions.

CICD + SAM

using CodePipeline for Orchestration, CodeCommit/GitHub for code, CodeBuild for building, CloudFormation to create resources, and CodeDeploy for deployments (performing the traffic shifting).

Cloud Development Kit (CDK)

define cloud infrastructure in a familiar programming language (e.g. JS/Python), code is compiled into a CloudFormation template and can be deployed with application runtime code.

AWS Systems Manager (SSM)

manage EC2 instance and on-prem servers at scale, operational insights of state of infrastructure, easily detect problems, and patching automation. Works only for Windows and Linux for free.

SSM Installation

install the SSM agent on systems that are controlled (or already by default on Linux), and that the SSM agent has the permissions, and run a command across multiple instances (using resource groups). No need to SSH, agent will perform API call to SSM that will run command.

SSM + Lifecycle Hook

perform an action before ASG terminates the EC2 instance, once the hook is triggered and instance is stuck, monitor in Event Bridge and trigger an SSM automation to perform the actions on the instance before termination.

SSM Patch Manager

define patch baselines (which patches) and groups of instances to run in a defined maintenance window (duration, targets, patch groups and tasks), add the run patch baseline command as part of the tasks in the maintenance windows. Monitor patch compliance using SSM inventory.

Session Manager

start a secure shell on EC2 / On-Prem servers, that accesses through the AWS console, CLI, or SDK that does not need SSH access or keys, as long as it has the correct permissions. Support for Linux, Mac, and Windows.

OpsCenter

resolve operational issues related to AWS resources, aggregates information to resolve issues on each item like AWS config changes, CW trails, CW alarms, CloudFormation stack drift. Provides automation webhooks to resolve issues.

CloudMap

fully managed resource delivery service, creates a map of backend services that applications depend on, and easily change out dependencies without having to perform code changes on dependent resources (e.g. EC2 instance connected to Frontend, if instance is changed, frontend will automatically be able to change to new EC2 instance).