Welcome to Day 8 of the "How to AWS" series: Automation
In this blog post we will be discussing how to automate your environment in AWS. If you missed the introduction and drivers behind this series, check it out here.
Today we’ll address automating the deployment of your workload and the key concepts you'll need to consider, all whilst leveraging the easily accessible and reliable AWS-native tools.
For the purposes of this blog, I’m going to assume you know why you need automation, but in short, automation drives efficiency, repeatability, standardisation, and enables agility within your business. Gone are the days where manual configuration was the only option and automation was a pipe dream; only achievable by those with the luxury of time. In today’s technical landscape there are very few excuses for not deploying something via automation!! By leveraging the utilities and toolsets available to modern Cloud Engineers, technical implementation of most automation activities can be achieved in a rapid manner all whilst delivering higher degrees of certainty for your business. There are many ways to automate, so pick your path based on your needs and skill set. In this blog post, we’ll use low cost tools that are natively available within your AWS account.
Planning is key
Before you start building and automating your way to glory, make sure you’ve planned out your approach. If nothing else it’ll help guide you down the track and it's great documentation. You'll need to consider many elements here. Are you looking to achieve a simple automated deployment of static files? Do you need to build artifacts? How complex or simple do you need this to be? I'd suggest starting with simple and building from there! Here are a few items you need to consider in your planning:
- What resources can you deploy with Infrastructure as Code?
- How will you manage the storage and protection of application secrets? (Hint: Secrets Manager)
- Will you build everything into an Amazon Machine Image?
- Will you use a configuration management tool like Chef, Puppet or Ansible?
- How will you deploy your applications?
- What security needs to be in place?
- How will you perform code, integration, end user or load testing?
- Do you need automatic or manual approval gates (eg deployment authorisation)
- What will trigger a build/deployment?
- If things go wrong, what is your rollback approach?
Now that we’ve discussed what you need to consider, it’s time to start planning. Once you’ve got a good roadmap, let’s start building some automation!
Start with your code
Your application source code is a key resource and perhaps even your competitive advantage against your competition. This code needs to live within a secure source code repository (e.g. git) and (for our purposes) must be accessible by your automation tools. AWS CodeCommit is the go-to service for storing your source code within the AWS ecosystem, although many of the AWS automation services have integration capabilities with third-party providers such as GitHub. Select the provider that makes sense for your business and provides the capabilities you need. Your automation scripts, infrastructure as code (e.g. AWS CloudFormation) also need to be version controlled. You should commit them to a repo now if you haven’t. This blog can wait. Next, we need to coordinate our automation tasks which will leverage your code.
Design your Pipeline
Any number of automated tasks are just that - automated tasks. As you automate your processes you need to coordinate, chain and monitor the success or failure of these steps. For this coordination, in AWS you should leverage AWS CodePipeline. AWS CodePipeline is an AWS-native, serverless, and super cost-effective service which provides the coordination of different stages in your build and deployment pipeline. It enables the monitoring of your source code repositories and automated triggering based upon your defined events (e.g. code commits). From your source code repository, CodePipeline can initiate a number of build steps (as required) before triggering the automated deployment of resources and applications within your environments. CodePipeline provides the capability to add manual approval actions to your pipelines. As a starting point, consider implementing one before you deploy into your production environment. This can form the basis of your application change control, whereby an approved stakeholder should provide approval prior to implementation.
Automate your builds
Depending upon your workload or application, you may need a build phase. This is where you can compile your application, download and bundle any upstream dependencies and generally get your application built and ready for deployment. We leverage AWS CodeBuild for this capability which enables you to create highly customisable, ephemeral (temporary) build environments. Each build project is run within a customisable docker container, you can either leverage the number of AWS-provided images or bring your own custom container. The flexibility here is huge. You’re only charged for the resources consumed while a build is running, so for the vast majority of environments, this is a supremely cost effective build solution. Take a moment to check out the features and consider if and how you can use this in your deployment pipeline! Once your application is built and you’ve got your application artifact, it’s time to move onto automating deployments.
Automate your deployments
Depending upon your automation tooling of choice, there are many methods you can select to invoke from your CodePipeline when automating deployments. From deploying, updating and maintaining AWS CloudFormation templates through to deploying your application onto instances using AWS CodeDeploy. AWS CodeDeploy provides a serverless and AWS-native approach for managing the deployment of applications within your environment. CodeDeploy provides a rich application lifecycle management and customisation opportunities, whilst also managing your deployment. Do you need a blue/green deployment? Perhaps a rolling update? Or for your development environments do you just want it done immediately? AWS CodeDeploy handles each of these deployment approaches and lets you focus on delivering your applications! As with every change, how you’ll approach rollback in the event of a failure is an important consideration. This is doubly so within automation as business processes inevitably become reliant upon automation and not having a rollback plan can lead to disaster. Thankfully, AWS have taken care of much of this heavy lifting by providing inbuilt rollback functionality into both AWS CloudFormation and AWS CodeDeploy.
In this blog post we've discussed the key topics around planning and implementing automation for your workload. AWS provides many native, building block solutions to enable you to quickly and cost-effectively automate your environments. The next blog post in this series will focus on deploying your workload and supporting infrastructure.