aws innovate: infrastructure automation on aws - seungdo yang
TRANSCRIPT
인프라 자동화와 유용한 7가지 Tips
양승도, Solutions Architect, Amazon Web Services
Sample Architecture
퍼블릭 서브넷
퍼블릭 서브넷
AWS ap-northeast-2
Virtual Private Cloud
NAT 인스턴스
인터넷게이트웨이
프라이빗 서브넷
프라이빗 서브넷
가용 영역 A
가용 영역 B
ELB
ELB
웹 인스턴스
웹 인스턴스
RDS DB 인스턴스Master
RDS DB 인스턴스Standby (Multi-AZ)
ElastiCache
Amazon CloudWatch
AWS CloudFormation
Amazon S3
AWS OpsWorks
AmazonSNS
AmazonSQS
EC2 API
NAT 인스턴스Secondary
AWS LambdaLeap/Bastion인스턴스
어떻게구축하시겠습니까?
필요할때수동으로… AWS Management Console AWS CLI(Command Line Interface)
조금더생산적인방법으로… Scripting language 사용 : AWS CLI 포함 Boto library 를사용하여 Python application 개발
자동화된방법은없을까? AWS CloudFormation AWS OpsWorks AWS Elastic Beanstalk
Sample Architecture (Single Stack)
퍼블릭 서브넷
퍼블릭 서브넷
AWS ap-northeast-2
Virtual Private Cloud
NAT 인스턴스
인터넷게이트웨이
프라이빗 서브넷
프라이빗 서브넷
가용 영역 A
가용 영역 B
ELB
ELB
웹 인스턴스
웹 인스턴스
RDS DB 인스턴스Master
RDS DB 인스턴스Standby (Multi-AZ)
ElastiCache
Amazon CloudWatch
AWS CloudFormation
Amazon S3
AWS OpsWorks
AmazonSNS
AmazonSQS
EC2 API
NAT 인스턴스Secondary
AWS LambdaLeap/Bastion인스턴스
Sample Architecture (Stack #1 : VPC)
퍼블릭 서브넷
퍼블릭 서브넷
AWS ap-northeast-2
Virtual Private Cloud
인터넷게이트웨이
가용 영역 A
가용 영역 B
Amazon CloudWatch
AWS CloudFormation
Amazon S3
프라이빗 서브넷
프라이빗 서브넷
Sample Architecture (Stack #2 : NAT instance)
퍼블릭 서브넷
퍼블릭 서브넷
AWS ap-northeast-2
Virtual Private Cloud
인터넷게이트웨이
가용 영역 A
가용 영역 B
Amazon CloudWatch
AWS CloudFormation
Amazon S3
NAT 인스턴스
프라이빗 서브넷
프라이빗 서브넷
Sample Architecture (Stack #3 : Bastion instance)
퍼블릭 서브넷
퍼블릭 서브넷
AWS ap-northeast-2
Virtual Private Cloud
인터넷게이트웨이
가용 영역 A
가용 영역 B
Amazon CloudWatch
AWS CloudFormation
Amazon S3
NAT 인스턴스
Leap/Bastion인스턴스
프라이빗 서브넷
프라이빗 서브넷
Sample Architecture (Stack #1 update : ELB)
퍼블릭 서브넷
퍼블릭 서브넷
AWS ap-northeast-2
Virtual Private Cloud
인터넷게이트웨이
가용 영역 A
가용 영역 B
Amazon CloudWatch
AWS CloudFormation
Amazon S3
NAT 인스턴스
Leap/Bastion인스턴스
ELB
ELB
프라이빗 서브넷
프라이빗 서브넷
Sample Architecture (Stack #4 : Multi-AZ RDS)
퍼블릭 서브넷
퍼블릭 서브넷
AWS ap-northeast-2
Virtual Private Cloud
인터넷게이트웨이
가용 영역 A
가용 영역 B
Amazon CloudWatch
AWS CloudFormation
Amazon S3
NAT 인스턴스
Leap/Bastion인스턴스
ELB
ELB
프라이빗 서브넷
프라이빗 서브넷
RDS DB 인스턴스Master
RDS DB 인스턴스Standby (Multi-AZ)
Sample Architecture (Add web server fleet)
퍼블릭 서브넷
퍼블릭 서브넷
AWS ap-northeast-2
Virtual Private Cloud
인터넷게이트웨이
가용 영역 A
가용 영역 B
Amazon CloudWatch
AWS CloudFormation
Amazon S3
NAT 인스턴스
Leap/Bastion인스턴스
ELB
ELB
프라이빗 서브넷
프라이빗 서브넷
RDS DB 인스턴스Master
RDS DB 인스턴스Standby (Multi-AZ)
웹 인스턴스
웹 인스턴스
AWS OpsWorks
Sample Architecture
…...
Sample Architecture
퍼블릭 서브넷
퍼블릭 서브넷
AWS ap-northeast-2
Virtual Private Cloud
NAT 인스턴스
인터넷게이트웨이
프라이빗 서브넷
프라이빗 서브넷
가용 영역 A
가용 영역 B
ELB
ELB
웹 인스턴스
웹 인스턴스
RDS DB 인스턴스Master
RDS DB 인스턴스Standby (Multi-AZ)
ElastiCache
Amazon CloudWatch
AWS CloudFormation
Amazon S3
AWS OpsWorks
AmazonSNS
AmazonSQS
EC2 API
NAT 인스턴스Secondary
AWS LambdaLeap/Bastion인스턴스
Deployment and Management
AWS OpsWorks AWS CloudFormationAWS Elastic Beanstalk
애플리케이션라이프사이클관리및자동화를위한
DevOps 프레임워크
템플릿기반으로인프라를코드로
정의하고디플로이 &업데이트
자동화된리소스관리 – 웹
애플리케이션을쉽게운영
DIY / On Demand
DIY, on demand resources: EC2, S3, custom AMI’s, etc.
편리함 제어권
AWS CloudFormation
• 코드로 정의하는 인프라
• 버전 관리와 통합
• JSON 포맷
• 템플릿(Templates)
• 스택(Stacks)
• 거의 모든 AWS 리소스를 지원
AWSCloudFormation
http://docs.aws.amazon.com/ko_kr/AWSCloudFormation/latest/UserGuide/cfn-sample-templates.html
AWSCloudFormation
AWS CloudFormation – 컴포넌트 & 기술
템플릿 CloudFormation 스택
JSON 포맷파일
Parameter definition
Resource creation
Configuration actions
설정된 AWS 서비스집합
Comprehensive service support
Service event aware
Customizable
프레임워크
Stack creation
Stack updates
Error detection and rollback
AWS CloudFormation Designer
1 캔버스 창
컨테이너 리소스
사각형 객체
크기 조정 가능
크기 조절 불가
2
리소스유형 창
3 JSON 편집기 창4 오류 창
AWS CloudFormation
AWS CloudFormation은 개발자와 시스템관리자가 관련 AWS 리소스 모음을 쉽게 생성및 관리하고, 이를 순서에 따라 예측 가능한방식으로 프로비저닝하고 업데이트할 수 있는간편한 방법을 제공합니다.
2010년 첫 출시
AWS CloudFormation
애플리케이션 실행에 필요한 AWS 리소스는물론 기타 관련 종속성 또는 런타임파라미터에 대해설명하는 템플릿
AWS CloudFormation
일반적으로 사용자는 AWS 서비스를프로비저닝해야 하는 순서나 종속성을
기억할 필요가 없습니다.
AWS CloudFormation
일단 배포한 다음에는 예측 가능한 방식으로AWS 리소스를 수정하거나 업데이트할 수있습니다. 즉, 소프트웨어의 버전 관리와
동일한 방식으로 AWS 인프라의 버전 관리가가능합니다.
AWS CloudFormation
CloudFormation이대신 처리합니다.
AWS CloudFormation
AWS CloudFormation에는 추가 요금이없으며 애플리케이션 실행에 필요한
AWS 리소스에 대해서만 요금을지불하면 됩니다
AWS CloudFormation
AWS 리소스를 설명하는 템플릿
통제되며 예측 가능한 방식으로 AWS 리소스수정 및 업데이트
AWS 인프라 버전 관리
AWS CloudFormation
AWS 리소스를 설명하는 템플릿
통제되며 예측 가능한 방식으로 AWS 리소스수정 및 업데이트
AWS 인프라 버전 관리
{"AWSTemplateFormatVersion" : "2010-09-09",
"Description" : "AWS CloudFormation Sample Template EC2InstanceSample: Create an Amazon EC2 instance running the Amazon Linux AMI. The AMI is chosen based on the region in which the stack is run. This example uses the default security group, so to SSH to the new instance using the KeyPair you enter, you will need to have port 22 open in your default security group. **WARNING** This template an Amazon EC2 instances. You will be billed for the AWS resources used if you create a stack from this template.",
"Parameters" : {"KeyName" : {"Description" : "Name of an existing EC2 KeyPair to enable SSH access to the instance","Type" : "String"
}},
"Mappings" : {"RegionMap" : {"us-east-1" : { "AMI" : "ami-7f418316" },"us-west-1" : { "AMI" : "ami-951945d0" },"us-west-2" : { "AMI" : "ami-16fd7026" },"eu-west-1" : { "AMI" : "ami-24506250" },"sa-east-1" : { "AMI" : "ami-3e3be423" },"ap-southeast-1" : { "AMI" : "ami-74dda626" },”ap-northeast-1" : { "AMI" : "ami-4dae82ce" },"ap-northeast-2" : { "AMI" : "ami-dcfa4edd" }
}},
"Resources" : {"Ec2Instance" : {"Type" : "AWS::EC2::Instance","Properties" : {
"KeyName" : { "Ref" : "KeyName" },"ImageId" : { "Fn::FindInMap" : [ "RegionMap", { "Ref" : "AWS::Region" }, "AMI" ]},"UserData" : { "Fn::Base64" : "80" }
}}
},
"Outputs" : {"InstanceId" : {"Description" : "InstanceId of the newly created EC2 instance","Value" : { "Ref" : "Ec2Instance" }
},"AZ" : {"Description" : "Availability Zone of the newly created EC2 instance","Value" : { "Fn::GetAtt" : [ "Ec2Instance", "AvailabilityZone" ] }
},"PublicDNS" : {
"Description" : "Public DNSName of the newly created EC2 instance","Value" : { "Fn::GetAtt" : [ "Ec2Instance", "PublicDnsName" ] }
}}
}
{"AWSTemplateFormatVersion" : "2010-09-09",
"Description" : "AWS CloudFormation Sample Template EC2InstanceSample: Create an Amazon EC2 instance running the Amazon Linux AMI. The AMI is chosen based on the region in which the stack is run. This example uses the default security group, so to SSH to the new instance using the KeyPair you enter, you will need to have port 22 open in your default security group. **WARNING** This template an Amazon EC2 instances. You will be billed for the AWS resources used if you create a stack from this template.",
"Parameters" : {"KeyName" : {"Description" : "Name of an existing EC2 KeyPair to enable SSH access to the instance","Type" : "String"
}},
"Mappings" : {"RegionMap" : {"us-east-1" : { "AMI" : "ami-7f418316" },"us-west-1" : { "AMI" : "ami-951945d0" },"us-west-2" : { "AMI" : "ami-16fd7026" },"eu-west-1" : { "AMI" : "ami-24506250" },"sa-east-1" : { "AMI" : "ami-3e3be423" },"ap-southeast-1" : { "AMI" : "ami-74dda626" },”ap-northeast-1" : { "AMI" : "ami-4dae82ce" },"ap-northeast-2" : { "AMI" : "ami-dcfa4edd" }
}},
"Resources" : {"Ec2Instance" : {"Type" : "AWS::EC2::Instance","Properties" : {
"KeyName" : { "Ref" : "KeyName" },"ImageId" : { "Fn::FindInMap" : [ "RegionMap", { "Ref" : "AWS::Region" }, "AMI" ]},"UserData" : { "Fn::Base64" : "80" }
}}
},
"Outputs" : {"InstanceId" : {"Description" : "InstanceId of the newly created EC2 instance","Value" : { "Ref" : "Ec2Instance" }
},"AZ" : {"Description" : "Availability Zone of the newly created EC2 instance","Value" : { "Fn::GetAtt" : [ "Ec2Instance", "AvailabilityZone" ] }
},"PublicDNS" : {
"Description" : "Public DNSName of the newly created EC2 instance","Value" : { "Fn::GetAtt" : [ "Ec2Instance", "PublicDnsName" ] }
}}
}
명세파라미터
매핑
리소스
출력
포맷 버전
AWSCloudFormation
AWS OpsWorks
• 애플리케이션/인프라 관리
• Linux/Windows and Chef
• 주요 컴포넌트:
• 스택(Stacks)
• 레이어(Layers)
• 인스턴스(Instances)
• 앱(Apps)
AWSOpsWorks
AWSOpsWorks
AWS Elastic Beanstalk
• 애플리케이션을 위한 자동화된
인프라 관리 & 코드 디플로이
• 포함:
• 로드 밸런서
• 헬스 모니터링
• 오토 스케일링
• 애플리케이션 플랫폼 관리
• 코드 디플로이
• RDS 와 통합
AWSElastic Beanstalk
AWSElastic Beanstalk
7가지 Tips
#1 : 서버의빠른복구
#2 : 인프라변화에대한빠른감지
#3 : VPC Peering 활용
#4 : 방화벽로그(VPC Flow Logs) 시각화
#5 : EBS 최적화를통한비용절감
#6 : S3 Object 에대한 Metadata 관리
#7 : ??
#1 : 서버의빠른복구
Auto Recovery for Amazon EC2 CloudWatch의 StatusCheckFailed_System 매트릭에알람생성
-> Recover this instance 액션선택
#1 : 서버의빠른복구
#1 : 서버의빠른복구
#2 : 인프라변화에대한빠른감지
AWS API Activity Lookup in CloudTrail CloudTrail Configuration : S3 + CloudWatch Logs
#2 : 인프라변화에대한빠른감지
AWS API Activity Lookup in CloudTrail CloudTrail Configuration : S3 + CloudWatch Logs
#2 : 인프라변화에대한빠른감지
AWS API Activity Lookup in CloudTrail CloudTrail Configuration : S3 + CloudWatch Logs
#2 : 인프라변화에대한빠른감지
AWS API Activity Lookup in CloudTrail CloudTrail Configuration : S3 + CloudWatch Logs
https://aws.amazon.com/ko/cloudtrail/partners/
#2 : 인프라변화에대한빠른감지
AWS API Activity Lookup in CloudTrail CloudTrail Configuration : S3 + CloudWatch Logs
#2 : 인프라변화에대한빠른감지
AWS API Activity Lookup in CloudTrail CloudTrail Configuration : S3 + CloudWatch Logs + Bonus
#2 : 인프라변화에대한빠른감지
AWS API Activity Lookup in CloudTrail CloudTrail Configuration : S3 + CloudWatch Logs + Bonus
#2 : 인프라변화에대한빠른감지
AWS API Activity Lookup in CloudTrail CloudTrail Configuration : S3 + CloudWatch Logs + Bonus
#3 : VPC Peering 활용
VPC Peering within a region One-to-one networking connection between two VPCs
#3 : VPC Peering 활용 VPC Peering within a region
One-to-one networking connection between two VPCs through private IP addresses
App #1
App #2
공통기능인증, 결재등등
다른 AWS accounts사이에도가능
AWS VPC Peering
#3 : VPC Peering 활용 VPC Peering within a region
One-to-one networking connection between two VPCs through private IP addresses
App #1
App #2
Log Analytics
공통기능인증, 결재등등
다른 AWS accounts사이에도가능
AWS VPC Peering
#4 : 방화벽로그(VPC Flow Logs) 시각화
CloudWatch Logs + Elasticsearch + Kibana Dashboards CloudWatch Logs Subscription Consumer
#4 : 방화벽로그(VPC Flow Logs) 시각화
CloudWatch Logs + Elasticsearch + Kibana Dashboards CloudWatch Logs Subscription Consumer
#4 : 방화벽로그(VPC Flow Logs) 시각화
CloudWatch Logs + Elasticsearch + Kibana Dashboards CloudWatch Logs Subscription Consumer
#4 : 방화벽로그(VPC Flow Logs) 시각화
CloudWatch Logs + Elasticsearch + Kibana Dashboards CloudWatch Logs Subscription Consumer
#4 : 방화벽로그(VPC Flow Logs) 시각화
CloudWatch Logs + Elasticsearch + Kibana Dashboards CloudWatch Logs Subscription Consumer
Discover sectionwith VPC Flow Logs
Dashboard sectionwith VPC Flow Logs
#5 : EBS 최적화를통한비용절감
다수의 GP2(General Purpose SSD) 볼륨
• Cost Optimization
• 1TB PIOPS volume with 4K IOPS • $399.08* per month per volume
__________________________________
• GP2 1TB volume with 3000 IOPS• $114.00*
• GP2 2 x 500GB volumes at 3K, burst to 6K• $114.00*
~70% Cost Savings. 50% more peak I/O with
General Purpose (SSD)
• Management Optimization• Leverage tags to add metadata to snapshots
• Application stack
• Instance Id
• Volume Id
• Version
• Type (daily, weekly)
*Pricing for AWS Seoul region : ap-northeast-2
Use together with new AMI creation date
#6 : S3 Object 에대한 Metadata 관리
S3 LIST Operation의효율성을위한 Secondary Lists
S3 ObjectCreatedNotification
SQS Workers
DynamoDB
RDS
CloudSearch
EC2
#6 : S3 Object 에대한 Metadata 관리
S3 LIST Operation의효율성을위한 Secondary Lists
S3 ObjectCreatedNotification
Lambda
DynamoDB
RDS
CloudSearch
EC2
#7 : ??
여러분들의 Tip 은무엇입니까?
많은분들과공유해주십시오.
Online Labs & Training
Gain confidence and hands-on experience with AWS.
Watch free Instructional Videos and explore Self-Paced Labs
Instructor Led Classes
Learn how to design, deploy and operate highly available, cost-
effective and secure applications on AWS in courses led by qualified
AWS instructors
Validate your technical expertise with AWS and use practice exams to help you
prepare for AWS Certification
AWS Certification
More info at http://aws.amazon.com/training
Thank You for Attending AWS Innovate
We hope you found it interesting! Do provide us with your feedback for the session and complete the feedback form.
Let us know your thoughts of today’s event and how we can improve the event experience for you in the future.