Forem: Katoria H.

Part 2: Pipeline fun with AWS

Katoria H. — Thu, 17 Aug 2023 21:35:53 +0000

STEP 3

Welcome back techies to Part 2 of Pipelines Galore! We are going to be diving into the creation of our code pipeline, retrieving our region ID & IAM creds, along with taking it up a notch with additional validation testing. If you have not reviewed Part 1 of this tutorial, please take the time to do so now so that you’re able to follow along as we wrap things up!

So we’ve verified that we have successfully created our Secret via Secrets Manager, as well as generated a net-new KMS Customer-managed key. To ensure we have the correct region ID and IAM role (these will be needed for the pipeline), let’s run the following commands:

aws configure get region
aws iam get-role --role-name <rolename>

Please note that my role also includes a policy that has permissions for Elastic Beanstalk, CloudWatch, SQS, and X-Ray

(1) We will now begin with the creation of our Pipeline, which will ONLY include a Source & Deploy phase, though production pipelines will normally have a Build and Test phase included as well. There are two ways that you can create your pipeline: Use a json file with the specific parameters and run the aws codepipeline create-pipeline --cli-input-json file://pipeline.json command once done with your file, OR via the Console, as shown below:

In the Console, Navigate to CodePipeline and select “Create Pipeline”
Give your pipeline a name and select an existing role or create a new role
For the Source stage, select your specific provider
SKIP the Build stage
For the Deploy stage, add your Elastic Beanstalk details
Click “Create Pipeline”, which should take a few minutes to generate

If you'd like to test this out using the CLI instead, feel free to use this JSON sample to serve as a guide for your pipeline:

{
    "pipeline": {
      "name": "yourpipelinename",
      "roleArn": "arn:aws:iam::1234567890:role/youriamrole",
      "artifactStore": {
        "type": "S3",
        "location": "yourbucketlocation"
      },
      "stages": [
        {
          "name": "Source",
          "actions": [
            {
              "name": "SourceAction",
              "actionTypeId": {
                "category": "Source",
                "owner": "AWS",
                "provider": "yourprovider",
                "version": "1"
              },
              "configuration": {
                "RepositoryName": "yourrepo",
                "BranchName": "master"
              },
              "outputArtifacts": [
                {
                  "name": "yourinput"
                }
              ],
              "runOrder": 1
            }
          ]
        },
        {
          "name": "Deploy",
          "actions": [
            {
              "name": "Deploy",
              "actionTypeId": {
                "category": "Deploy",
                "owner": "AWS",
                "provider": "Elastic Beanstalk",
                "version": "1"
              },
              "configuration": {
                "ApplicationName": "yourinput",
                "EnvironmentName": "yourinput"
              },
              "inputArtifacts": [
                {
                  "name": "yourinput"
                }
              ],
              "runOrder": 1
            }
          ]
        }
      ]
    }
  }

(2) We can verify that our pipeline and deployment were successful by visiting CodePipeline & our Elastic Beanstalk domain, as seen below:

(3) Now, we can take this up a notch by modifying one of the files created earlier, committing a new change, and then verifying that we can reach our previous Elastic Beanstalk domain, in which we should see the newly created changes. We’ll now push our newly updated files to the repo by using the following git commands as before:

git add .
git commit -m "Commit message"
git push origin master

(4) If you check the screenshots below, you'll notice that our changes to the index.html file were successful, and we also have some neat metrics that are shown with CloudWatch as well:

And that just about wraps it up for this two-part tutorial! I hope you have enjoyed creating your very first pipeline if you're net-new to AWS CodePipeline. Remember, there are multiple ways that you can create a pipeline, and this tutorial just walked through one approach. Stay tuned for more tutorials that are coming your way! Follow me on LinkedIn to be on the lookout for new blogs.

Part 1: Pipeline fun with AWS

Katoria H. — Thu, 17 Aug 2023 21:35:27 +0000

Hello techies and future techies! We are back with a new tutorial leveraging AWS DevTools. As the name suggests, DevTools, or Developer Tools, are tools that are most commonly used by individuals operating in the DevOps space. There are so many tools that you can choose from if you’re looking to simplify your overall development life cycle, automate CI/CD pipelines, and of course, enhance and improve developer productivity. For this tutorial, we will be leveraging AWS CodeCommit, Elastic Beanstalk, Secrets Manager, KMS, IAM, and CodePipeline. Let’s dive into some of these services and explain their use cases!

When you hear of AWS CodeCommit, I’m pretty sure that you may immediately think of Github, which is very similar in nature. CodeCommit is a fully managed source code control service that enables you to host secure and scalable Git repositories. A fully managed AWS service is one that AWS manages end-to-end, such as the infrastructure and resources required to deliver the service. CodeCommit provides version control for your application code, allowing teams to collaborate on software development projects efficiently. Some of the key features includes the following:

Git-based: CodeCommit supports the popular Git version control system, making it easy to integrate with existing Git workflows and tools.
Private Repositories: CodeCommit allows you to create private repositories to protect sensitive code from unauthorized access.
Integration: It seamlessly integrates with other AWS services, including CodeBuild, CodeDeploy, and CodePipeline, facilitating a streamlined development and deployment process.

Like many, I automatically think of a service like “Vault” whenever I hear of “Secrets Manager”.. AWS Secrets Manager is a fully managed service for securely storing, retrieving, and managing sensitive information such as passwords, API keys, and database credentials. It helps centralize and rotate secrets, ensuring secure access to resources. Some of the key features includes the following:

Secret Storage: Secrets Manager stores secrets securely in the AWS Cloud, encrypting them at rest and in transit.
Automated Rotation: It offers automatic rotation of secrets, reducing the risk of exposure and simplifying the management of credentials. **You should ALWAYS consider key rotation when operating in a Production environment.
Integration: Secrets Manager can be easily integrated with other AWS services and applications, ensuring secure access to resources without exposing sensitive information.

Elastic Beanstalk is pretty cool as it abstracts the underlying infrastructure, allowing you to focus on your application. It handles provisioning, scaling, and load balancing, making deployment and management easier. Some of the key features include the following:

Easy Rollbacks: If a deployment doesn't go as planned, Elastic Beanstalk allows you to quickly roll back to the previous version
Custom Domains & SSL: You can easily map custom domain names to your Elastic Beanstalk environment and configure SSL certificates for secure communication.
2 Environment Types: Elastic Beanstalk offers two environment types: Web Server and Worker. Web Server environments are optimized for web applications, while Worker environments are suitable for background tasks or processing jobs.

And finally, we have AWS CodePipeline, which is also a fully managed continuous integration and continuous delivery (CI/CD) service that automates the end-to-end software release process. It allows you to define, model, and visualize the different stages of your release pipeline.Key Features of CodePipeline can be found below:

Pipeline Automation: CodePipeline automates the build, test, and deployment stages of your application, enabling continuous integration and delivery of software changes.
Flexibility: It supports a wide range of integration options with third-party tools and services, enabling you to customize your CI/CD workflow.
Visual Workflow: CodePipeline provides a graphical interface to visualize and monitor the stages of your release process, making it easy to identify bottlenecks and issues.

The following prerequisites are highly recommended for this tutorial:

An AWS Account
AWS CLI Configured
Github Account
Familiarity with GitHub commands
Familiarity with JSON

Let’s jump into creating a DevSecOps pipeline on AWS using AWS CLI. Please note that this tutorial may slightly differ from the steps taken in a production environment setup.

STEP 1

(1) The very first step that we want to initiate is to create a net-new application via the Console for Elastic Beanstalk (this can also be done via the CLI if you prefer). Navigate to Elastic Beanstalk, and do the following:

Create Application
Select ‘Web Server Environment’ under environment Tier
Name your App
Select the PHP Platform
Leave the Application Code as ‘Sample Code’
Select ‘Single Instance’ under Configuration Presets
Select Next

Configure your service access, networking, instance scaling, monitoring and logging to your preferences

(2) Secondly, we’re going to create a repository for AWS CodeCommit, by running the following command:

aws codecommit create-repository --repository-name <yourreponame>

(3) Next, we need to clone the repo created above, and push our newly created files to the repo, using the following commands:

git clone <repoURL>

Be sure to change into the repo directory once cloned

(4) To add our app files, we’re going to be locally cloning the repo found here. Now, it’s totally up to you if you’d like to modify those files on your end. Once done, you should see multiple files, such as what I have shown here:

Before pushing your newly created file to the repo created above, be sure that you have confirmed that you have the correct IAM CodeCommit & Git permissions attached to your particular user role. Without these credentials, you will not be able to proceed to the next steps of pushing your content to the repo.

(5) We’ll now push our newly created file to the repo by using the following git commands:

git add .
git commit -m "Initial commit"
git push origin master

You can verify that the newly created files have been successfully pushed to the repo by visiting AWS CodeCommit in the Console. You should also see a newly created S3 bucket, EC2 instance, CloudWatch Metrics, Auto Scaling Group, and so forth.

STEP 2

(1) Because we will be storing artifacts as well for the build, we will need to generate a new Secrets Manager Secret, followed by our KMS Key:

aws secretsmanager create-secret \
  --name <name> \
  --description "Database credentials for my application" \
  --secret-string '{"username": "username", "password": "password"}' \
  --query 'ARN' --output text

(2) Now that we have successfully created our secret, let’s execute the code below to generate a net-new customer-managed KMS key. Please note that an aws-managed key is provided by default when using CodePipeline, along with an S3 Bucket. If generated correctly, the output should be over 30 characters:

aws kms create-key \ 
--description "<description>” \
--query 'KeyMetadata.KeyId' --output text

(3) And finally, we need to assign the KMS key to the secret from Secrets Manager, using the commands below:

aws secretsmanager update-secret \
  --secret-id <yourinfo> \
  --kms-key-id $kmsKeyId

(4) Be sure that you've added server-side encryption to your S3 bucket generated by Elastic Beanstalk using the KMS key that you created above:

Okay…before I get too winded here, stay tuned for Part 2 of this tutorial in which we dive into retrieving the region ID, IAM creds, and start building out our pipeline! See ya there!

AWS Certified SAA Study Guide: Services & DevTools To Know

Katoria H. — Sat, 08 Jul 2023 01:25:36 +0000

Hey there AWS Enthusiasts! This blog is long overdue, but as promised, I wanted to walk you all through some very helpful tips if you’re preparing for the AWS Certified Solutions Architect - Associate Exam. This comprehensive study guide will provide helpful tips on areas such as High Availability, Fault Tolerance, Encryption, Resilience, and Security, as well as Compute, Networking, Storage, Database AWS services, and AWS deployment and management services.

Whether you have prior AWS experience or you're new to the platform, following this guide and dedicating time to studying and practicing will greatly enhance your chances of success. Remember to supplement your studies with official AWS documentation, whitepapers, and practical hands-on experience. Good luck with your exam preparation!

I’ll start off by being 100% honest here and mention that I did not study for the FULL four (4) weeks that I originally allotted, which is NOT what you should do! Instead, I studied for roughly 2 weeks, and this is primarily because of my experience with AWS and having the confidence to just for it, and it worked in my favor - this time! However, I wanted to give you all a thorough breakdown of what my original study plan resembled, in hopes that this may help for those that are struggling as to where to start! Soooo….here we go!

BEFORE you do anything, be sure to download the AWS SAA OFFICIAL Exam Guide found here!!!

For starters, my general rule when studying for certifications is to ONLY use a total of three (3) resources (whitepapers are considered a stand-alone doc to me, and so the several that I read were not included in my total count) as to not overwhelm myself with a ton of info. The resources that I leveraged are as follows:

Adrian Cantrill’s SAA Course (as a refresher)
Tutorials Dojo Practice Exams (Review Mode & Section-Based Quizzes x2)
Neal Davis’s AWS SAA Cheat Sheet ONLY

Part 1 - For the Newbies

Now, if you’re totally a newbie to AWS and you’re stuck as to where to start, check out this comprehensive guide below, which is broken down for 10-12 weeks of studying time. If you intend to also leverage practice exams, I would recommend that you take at least 6-8 practice exams (2x). The Tutorials Dojo exams will challenge you for sure, but they are absolutely WORTH it!

Week 1-2:

AWS Fundamentals: Start by learning the basics of AWS services, including EC2, S3, IAM, VPC, and RDS. Understand the core concepts and get hands-on experience through AWS Well-Architected Labs. As a general note, labs that are categorized as ‘100’ are introductory, and highly recommended if you lack practical hands-on experience.

Week 3-4: Optional, but recommended

AWS Certified Cloud Practitioner: Prepare for and pass the AWS Certified Cloud Practitioner exam. This certification will provide a super solid foundation for further AWS knowledge, and will cover the basis for what you will be diving into starting in Week 5 of your learning path. If you already have the certification or choose not to attempt the cert, you should definitely try to focus on completing more labs and continuing with practice exams in review mode.

Week 5-6:
Focus on understanding core services and their features, and ways that they would be used in a production environment. If necessary, revisit the level 100 labs that may have been challenging for you. At this point, you should be starting the section-based quizzes if leveraging Tutorials Dojo.

Week 7-8:

AWS Security: I would highly recommend that you take it up a notch with the labs and focus on levels '200-300', which are intermediate. At this point in your learning journey, you should be diving into IAM, AWS Organizations, AWS Key Management Service (KMS), AWS Web Application Firewall (WAF), AWS Shield, AWS Secrets Manager, etc. You need to thoroughly understand best practices for securing AWS resources and when to use certain technologies within your environment when designing for resilience. As a side note, definitely understand what it means for an architecture to be “loosely” coupled. You should also know the key differences between monolithic architectures vs microservices - You’ll thank me later 😀! The exam will absolutely test your knowledge on this!

Breaking Down Resilient Architectures Even Further:
Let’s side-track here and talk about the importance of designing for high availability, scalability, and resilience, all whilst ensuring your workloads are secure. Take a look at this 3-Tier Architecture that I created for AWS for one of my previous tutorials. What could I have done differently? What might I be missing? How would you design the same or similar architecture as a Solutions Architect? These are thoughts that should be flowing through your brain as you’re studying for the cert, and so you MUST be familiar and comfortable with architectural design:

Week 9-10:

Compute Services: Take a deeper dive on Amazon EC2, AWS Lambda, and AWS Batch. Understand instance types, scaling options, serverless computing, and containerization with AWS. I’ll repeat this once more - UNDERSTAND SCALING OPTIONS! Regarding containerization, you should definitely understand AWS ECS & ECR, and use cases for leveraging AWS Fargate. While you’re at it, take a look at understanding the basics of what a container is, and dive into a super-simple Docker tutorial as it will HELP in understanding containerization concepts!

Networking Services: Some of the services to keep in mind for networking are Amazon VPC (think about subnetting, elastic IPs, security group rules, etc), AWS Direct Connect, Amazon Route 53, and AWS Global Accelerator. Understand networking concepts, traffic routing, and hybrid connectivity. I can’t emphasize this enough in that you absolutely need to understand networking and the OSI model in general. If you have a general understanding of each layer of the OSI model, it will be much easier for you to apply cloud networking concepts to your studying.

Week 11-12:

Storage and Database Services: I can tell you all right now that understanding S3 is a game changer! You need to understand encryption techniques, storage options, access control, and so forth. You CANNOT skip the basics of S3. You have to learn this service in detail! You should also keep in mind other services such as Amazon EBS, Amazon DynamoDB, & Amazon RDS (take a deep dive on when an organization should leverage RDS and consider cost optimization as well as other tradeoffs). Understand data durability, backups, and replication. Let me repeat that last line…UNDERSTAND backups and replication - This means, you need to understand the basis of Disaster Recovery, failovers, which AWS services provide the best optimization for data restoration, etc. A VERY helpful resource can be found here.

AWS Management Services: You should be practicing with AWS CloudFormation, AWS CloudWatch, AWS Systems Manager, and AWS Trusted Advisor at a minimum at this point during your studies. Understand infrastructure as code, monitoring, and management tools. You should also continue working on the labs. Challenge yourself to work on the level 400 (Advanced) labs only during these few weeks. Trust me, they will be worth it to get deeper hands-on experience with development tools!

Review and Practice: Recap all the topics covered in the previous weeks and take multiple practice exams. Challenge yourself to sit in a timed, 2-hour setting when taking the practice exams. You should start timing yourself around Week 8 during your learning journey to mentally prepare for the actual exam setting!

Part 2 - For those with AWS hands-on experience

Now, if you’re someone that has some AWS experience and/or extensive AWS experience, I would recommend that you take a look at this 4-6 week condensed guide below, as this may work best you:

Week 1:

AWS Well-Architected Framework: Review the six pillars of the Well-Architected Framework in-depth. You should have a thorough understanding of each pillar at this point.

AWS Global Infrastructure: Take a deeper dive on AWS Regions, Availability Zones (AZs), and edge locations. Understand the concepts of fault tolerance, high availability, and data durability. You should also be practicing daily with the exams and Well-Architected labs, level 400 (Advanced). Dive deeper into performance efficiency and reliability from the Well-Architected Framework.

AWS Identity and Access Management (IAM): You most likely have a strong understanding of IAM, including users, groups, roles, policies, and permissions. Take it up a notch and think about IAM concepts being applied at the Organizational level or for users that require least privilege. It should be much easier for you to practice creating IAM users and managing access control. You should also try to do this via the CLI and not just within the AWS Management Console, such as the example below:

aws iam create-group --group-name Admins

Week 2:

AWS Elastic Compute Cloud (EC2): Dive deeper into EC2 and understand best practices for storage options and pricing models. Cost Optimization should be reviewed heavily during this week, along with comparisons for S3 vs EFS, vs FSx (at a minimum). Understand how to configure EC2 instances for high availability and fault tolerance via the CLI.

Amazon Virtual Private Cloud (VPC): Review VPC components, such as subnets, route tables, security groups, and network ACLs. Learn how to design secure and scalable VPC architectures. You should be heavily focused on Operational Excellence, Security, & Reliability from the AWS Well Architected Framework.

Amazon Simple Storage Service (S3): Explore S3 features, including bucket policies, versioning, encryption, and cross-region replication. Understand S3 security and data consistency models. Check out the AWS CLI example below of what it looks like to specify SSE (Server Side Encryption) when uploading objects for an S3 bucket:

aws s3api put-object --bucket DOC-EXAMPLE-BUCKET1 --key object-key-name --server-side-encryption AES256  --body file path

Week 3:

AWS Auto Scaling: Familiarize yourself with Auto Scaling concepts and learn how to create and configure Auto Scaling groups. You should have deep knowledge of auto scaling plans, launch configurations, instance sizing/capacity thresholds, and a general understanding of how Auto Scaling enhances availability and scalability.

Elastic Load Balancing (ELB): Study the different types of ELBs, including Classic Load Balancer, Application Load Balancer, and Network Load Balancer. NOTE: You absolutely need to understand the AWS LoadBalancer Algorithm. If you do not understand application security, scalability, availability, and performance, you will have a tough time with deciphering which load balancer option may be best when reviewing the exam questions. You need to thoroughly understand how to configure and optimize load balancing.

AWS Relational Database Service (RDS): Become more familiar with RDS database engines, Multi-AZ deployments, backup and restore options, and read replicas. Learn about encryption at rest and in transit. As a refresher, take a look at this level 200 Well Architected Lab related to bi-directional cross-region replication. Regarding encryption, think deeply about when and what to encrypt. Think about encryption responsibilities. Think about encryption do’s and don'ts. I would highly recommend that you review how to encrypt an RDS instance, and that you understand the purpose of KMS keys (think about customer managed vs AWS managed keys for RDS).

Week 4:

AWS Route 53: The fundamentals of Route 53 should be top of mind if you have experience with creating websites that use customized endpoints, etc. You must understand DNS management, routing policies, health checks, and domain registration at a minimum. Think about various scenarios for designing resilient and highly available architectures using Route 53.

AWS Lambda: Study serverless computing and Lambda functions. Learn how to create and configure Lambda functions, and understand their integration with other AWS services. I would also add in the purpose of APIs when working with Lambda functions. Practicing with Lambda functions, SNS, & SQS will be 100% beneficial when it comes time for the exam!

AWS CloudFormation: Dive deeper into infrastructure as code and learn how to use CloudFormation templates to automate resource provisioning and management. You shouldn’t just focus on the speed that CloudFormation provides when provisioning resources. You should also understand the management and governance aspects of using it - How does it help with lowering costs? Does it help with innovation? How does it contribute to operational excellence?

**You should also be taking at least 1-2 practice exams per day (at a minimum) in EXAM Mode. Because you have general or extensive AWS experience, you should be challenging yourself for the full 4-6 weeks when taking the practice exams. No shortcuts!

I genuinely hope that this guide has been helpful for those that are looking to take the AWS Certified Solutions Architect - Associate exam. Remember, experience triumphs everything, so if you’re not actually practicing in the labs as suggested or maybe writing blogs about your learning journey, the exam WILL NOT be a cake walk. Practice, then practice some more, and oh yes, don’t forget to practice!! You got this 🎉!

Resources:
Official AWS SAA Exam Guide
Adrian Cantrill’s SAA Course
Tutorials Dojo AWS SAA Practice Exams
Neal Davis’s AWS SAA Cheat Sheet
AWS Well-Architected Labs
What is a Container? by F5 Dev Central
Docker 101 Tutorial by Docker
Well Architected Lab: Bi-Directional and Cross Regional Replication