Shulou(Shulou.com)06/03 Report--

Infrastructure is code overview the challenges of manual configuration: human errors may lead to a lack of reliability, the environment cannot be fully reproduced, and additional documentation infrastructure, the code, is required. It is the technology, practice, and tool used in software development to create a reusable, maintainable, scalable, and testable infrastructure, without reducing the definition of infrastructure as components bundled with hardware. Infrastructure is the benefits of code: reliability reproducibility-repeatability, reusability, maintainability, consistency, parallelization and documentation

Environmental automation should automatically preset, terminate, and configure resources whenever possible, by eliminating manual processes to improve system stability and consistency, as well as organizational efficiency using releasable resources to take advantage of the dynamic configuration features of cloud computing Treat servers and other components as temporary resources automatically deploy new resources with the same configuration terminate unused resources automatically switch to new IP addresses to test updates of new resources, and then replace old resources with updated resources

The AWS Lambda overview can run code without configuring and managing any servers and applications. Just upload the code, and Lambda will run and scale out automatically as needed. Lambda is a fully managed computing service. PythonJavaNode.js (JavaScript) C#GoLambda, a code language supported by Lambda in response to events or running stateless code at event intervals, can support: server capacity requirements deployment expansion and fault-tolerant operating system and language update metrics and logging Lambda can be achieved by using its own code or even native libraries to run code in parallel to create a back-end, Event handlers and data processing systems always do not have to pay for idle resources to use Lambda to extend events to trigger Lambda Use the Lambda function to automatically initiate API calls to other AWS services to extend container-based instances, such as Docker, ECS, etc. to achieve more intelligent extensions through functions, such as analyzing performance data to find, not just events, because Lambda can be automatically extended, you can use the Lambda function to replace some EC2

Using AWS Lambda decoupling infrastructure Lambda is an ideal solution for data processing because of its high availability and limited footprint cost. Lambda can use simple micro-services to replace traditional servers, and further decouple infrastructure simple functions and applications that can be handled by instances without worrying about high availability and scalability. It is recommended to use Lambda to trigger Lambda

Lambda uses the method to upload the code in .zip format, to specify the running frequency with the plan function, to specify the event source to specify the required computing resources-23 levels, from the lowest CPU of 128m to the highest CPU of 1.5GB, you can adjust the calculation level to specify the timeout period to specify the VPC startup function (100ms-5min run time, the longest is 15min) to access the resources. The Lambda code is stored in S3. And static encryption Lambda only supports stateless functions. Each Lambda function receives 500MB's non-permanent disk space in its / tmp directory. Lambda support code version control free package includes 1 million free requests per month and calculation time of 40w memory GB- seconds. You can use CodePipeline and CodeDeploy to automatically execute the release process of non-service applications, or you can use CloudFormation to load Lambda@Edge in response to CloudFront requests. AWS Lambda functions that are called synchronously when running codes around the world that exceed the default concurrency limit will return a limit error message. The Lambda function called asynchronously can withstand a burst of traffic within a certain range of about 15 to 30 minutes, and subsequent events will be rejected on the grounds of restrictions. If the Lambda function is called in response to the Amazon S3 event, the event rejected by AWS Lambda may be retained by S3 for 24 hours and retry the Lambda application scenario using Lambda as the Web server during that time

Lambda can be used to perform polling / listening, queuing, processing, automatic extension, redundancy and load balancing to replace the traditional complex data processing scheme.

Other cases

AWS CloudFormation outlines automatic modeling and setting up AWS resources, reduces management from cost support to quickly start a new test environment, reliable replication environment convenient preconfiguration mechanism, suitable for many AWS resources. It supports the infrastructure requirements of many different types of applications, three component templates-using JSON/YAML format files to describe the created resources, saving them as source code and managing the engine-using AWS components to interpret templates as AWS resource stack stacks-AWS CloudFormation creates a collection of resources that can track and review each account in the AWS Management console. An extensible template template is a template in which the code completely defines the application stack (all the resources the application needs) and defines the parameters of the template runtime (EC2 size, The editing method of the key peer) template directly uses JSON/YAML text to edit the third party VisualOps.io template editor AWS CloudFormation Designer generates JSON templates by dragging resources and editing attributes CloudFormation templates organization templates can be reused in different regions to achieve deployment consistency should resources be allocated to different CloudFormation templates based on ownership and application lifecycle it is not recommended to build all the environments of the application in one template At least separate network resources, security resources and application resources into different templates, even for the same type of resources, we should avoid different applications sharing the same template, some specific environment parts still do not work, and need to be defined with variables such as input parameters, such as EC2 key pair, security group name, subnet ID,EBS snapshot ID, etc.

Analysis of CloudFormation template

Description: text strings describing templates cannot use parameters or functions Metadata to provide other details about the template JSON object CloudFormation some functions that need to be retrieved settings or configuration information can be specified at the template or resource level, such as AWS::CloudFormation::Init-define configuration tasks for cfn-init helper scripts-when displaying input parameters in the console Defined parameter grouping and sorting AWS::CloudFormation::Desinger-describes how resources are laid out in CloudFormation Designer Resource services to be started in the stack and their settings must be declared separately for each resource to specify multiple resources of the same type However, the resource declaration needs to be separated by a comma, and the resource attribute DependsOn needs to be included in the resource declaration. Specify that a specific resource, such as AutoScaling,EC2,ELB, elastic IP, etc., can be created only after another resource is created. When a public IP address is associated and is in a VPC, it depends on the VPC gateway connection wait condition AWS::CloudFormation::WaitCondition to pause stack creation and wait until the signal is received before continuing to create policies. CreationPolicy sets execution policies for different operations. Parameters, such as waiting for a specific time or a specific number of signals, can customize the stack when running a variable value that is incoming to the template, and can specify an allowable value and a default value for each parameter, up to 60 parameters per template, Mapping, which specifies the key of the conditional parameter value and its associated value based on specific conditions. Condition controls whether a specific resource is created or updated during stack creation or update. A specific attribute assignment value is defined by defining a resource or a statement defined by an attribute Compare whether the two values are the same and so on the premise of conditional creation of resources such as using the same template to complete different Size for test and production environments when deploying Outputs to view the properties of the stack, the value returned declares the output value to be viewed from the CloudFormation console, or the output value returned in response to the call up to 60 custom resource management per template to handle resources and functions that are not directly supported by CloudFormation When you create a stack, you can add your own logical support WaitCondition to ensure that external resources such as the application or management system receive the completion signal, and prevent the creation of other resources, such as configuring third-party subscriptions, returning the authentication key to the required EC2 instance, using Lambda to establish a peer-to-peer relationship between the new VPC and other VPC, using templates to create the stack, if any resource creation fails. So resources that have been created can be rolled back and deleted. You can create a change set to update the stack and resources by submitting a modified version of the original template. By default, deleting the stack deletes all resources, but you can set a deletion policy to retain some resources. When any resource deletion fails, the remaining undeleted resources will be temporarily retained. Until the entire stack AWS Elastic Beanstalk overview is successfully removed, an automatic deployment and extension service for Web applications and Worker process environments is the fastest and easiest way for developers to upload applications. Elastic Beanstalk will automatically handle the deployment details of capacity preconfiguration, load balancing, Auto Scaling and application health monitoring. Docker supports multiple languages. Including PHP, Java, Python, Ruby, Node.js, .net, Go, etc. Direct upload runs on Apache, Nginx, Passenger and IIS servers to deploy Beanstalk to create an environment that is independent Beanstalk is a logical combination of environment, version and environment configuration Conceptually, similar to folders, most existing application containers or platform-as-a-service solutions, such as load balancing, health monitoring, automatic extension, application platform management, code deployment, and so on, can greatly reduce the flexibility and control of developers while reducing the amount of programming required. With AWS Elastic Beanstalk, developers can retain full control over the AWS resources that support their applications. If the developer decides to manage some (or all) elements of the infrastructure, they can use the management capabilities of Elastic Beanstalk to operate seamlessly. You can easily create a separate running environment for each version of the application. Since it is run at once, the completion will be automatically deleted. You can run Docker environment features and built-in CloudWatch monitoring metrics to monitor and manage the infrastructure. And through SNS publishing notification developers can fully control the AWS resources that support their applications, choose the most appropriate EC2 instance type, choose the right storage and database to enable login access to EC2 instances through ELB enable HTTPS to enhance security adjust application server settings and pass variables to adjust Auto Scaling settings by default the application is public, and you can configure VPC, set security groups, and set nACL to be private. The underlying platform recommends that you set a maintenance period of two hours a week for the release and update of the new platform version. The usage scenario is very suitable for blue-green deployment. When switching between full-scale production and minimum-scale pre-production, using two ELB to keep warm-up state can be quickly rolled back. In fact, CloudFormation can also implement blue-green deployment AWS OpsWorks overview of configuration management services implemented by Chef and Puppt. Applications that help configure and operate applications of various forms and sizes can define the overall architecture and specification of the application Including software package installation, software configuration, resources, etc. The use of OpsWorks lifecycle tools can simplify application management, reduce the number of deployment cycles, support the management of Linux and Windows servers, support DevOps continuous integration management organized modeling and visualization of stacks, tiers and applications AWS will include what the application needs, including EC2,EBS Resource groups such as ELB called stack OpsWorks provide a simple and flexible way to create, configure, manage, and monitor stacks and applications AWS can use OpsWorks and IAM to manage user rights, and the two do not exclude the ability to work together. Layer Layer can divide the entire application into multiple layers to define stack elements, each layer serves a specific purpose, each layer processes tasks through the Chef task list, users can modify the default configuration or add tasks to customize or expand layer users can have complete control over which software packages are installed, which applications are deployed, and how to configure them. The application OpsWorks can run lifecycle events, and each application can automatically run a specified set of tasks at the appropriate event

Monitoring OpsWorks can send metrics for all resources to CloudWatch for visualization and setting alerts to support various custom metrics AWS EC2 Run Command overview provides a simple way to automate common management tasks Include Linux ShellWindows PowerShell installation software or patches that can execute commands across multiple instances to make the results visible. AWS also supports other third-party automation solutions, including Chef, Puppt, Ansible, and Salt. Amazon API Gateway Overview can create an API on AWS Interfaces that access data, business logic, or functions as back-end services are fully hosted and accept all tasks involved in handling up to tens of thousands of concurrent API calls can handle the following workloads Lambda calls EC2,ECS using AWS Step Function state machines, Beanstalk, Web applications can be integrated with other AWS services, such as Kinesis support for creating HTTP/REST API and WebSocket APIHTTP/REST API as a set of resources and methods, or terminal nodes. HTTP/REST API can be deployed to different stages and can be cloned to a new version. WebSocket API can maintain a permanent connection between interconnected clients to enable real-time message communication. You can host and use different versions and stages of API to create API keys and assign them to developers using signature v4 to grant API access restrictions and monitor requests to protect back-end systems that are highly integrated with AWS Lambda if JavaScript/AJAX is used to access resources across domains The CORS function must be enabled on API Gateway. It has been determined that you can call non-local resource benefit measurement and restrict access to API by third-party open personnel. Program security supports multiple authorized access tools to protect the system from DDOS*** flexibility. The system provides managed cache by default to store API responses to reduce latency through Amazon CloudFront. A low-cost, no-service scenario that can automatically auto-scale operation monitoring through the indicator monitoring panel Monitoring service invocation including number of calls, delay data and error rate collection error log, access log and debug log life cycle management designed for developers to support OpenAPI specification (Swagger) real-time two-way communication to maintain a permanent connection between users, API management desk configuration resource is a typed object designed for developers to support OpenAPI specification (Swagger) real-time two-way communication. Belongs to the domain of your API. Each resource may be associated with a data model, or related to other resources, and can respond to different methods. You can also define resources as variables to intercept requests for multiple child resources. A resource policy is an JSON policy document that you can attach to an API to control whether a specified principal (usually an IAM user or role) can call the API. You can use a resource policy to give users from other AWS accounts secure access to your API, or only allow calls to the API resource policy from a specified source IP address range or CIDR block can be used with REST API in Amazon API Gateway. Each resource in the method REST API can support one or more standard HTTP methods. You will define the verbs (GET, POST, PUT, PATCH, DELETE, HEAD, and OPTIONS) that should be supported by each resource and their implementation. The phase phase is similar to the label, defining the deployment access path. For example, you can define a development phase, and you can set a custom domain name that points directly to the phase so that you don't have to use other path parameters. With the help of Amazon API Gateway in the lifecycle, each REST API can have multiple phases. Phases are used to divide the development lifecycle of API, for example, after you have built API and deployed it to the development phase, or when you are ready for production, you can deploy it to the production phase. Phase variables can define key / value pairs of configuration values associated with a phase. These values are similar to environment variables and can be used to configure your API. Using a plan usage plan can help you declare plans for third-party developers to restrict access to specific API, define restrictions, and request quota restrictions, and associate these restrictions with API keys. You can also extract usage data based on each API key to analyze API usage and generate billing documents. Choose the right solution

In fact, there is a balance between convenience and control.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.