Summary of Domain 3 Deployment Provisioning and Automation

Welcome back, students!

In this lesson, we delve into Domain 3, focusing on essential concepts in deployment, provisioning, and automation. This guide covers provisioning tools, infrastructure as code, configuration management, CI/CD pipelines, and various deployment strategies.

Provisioning Tools and Configuration Management

Provisioning tools enable you to manage infrastructure at scale. Key components include:

Infrastructure as Code (IaC)
Configuration Management tools (e.g., AWS Systems Manager)
CI/CD platforms

Note that AWS OpsWorks has been retired. For certification exams, expect to work primarily with AWS CloudFormation and the AWS Cloud Development Kit (CDK), rather than third-party solutions like Terraform, Pulumi, Ansible, Chef, or Puppet.

Automation in Cloud Environments

Automation in cloud environments covers a wide range of activities such as:

Infrastructure as Code (IaC)
Continuous Integration and Continuous Delivery (CI/CD)
Image building processes
Operational management and fleet maintenance
Security and compliance monitoring

The image is a diagram showing different types of automation in cloud environments, categorized into IaC, CI/CD, Image Builder, Operational Management, and Security Compliance, with specific tools listed under each category.

Image Creation (AMIs)

Creating Amazon Machine Images (AMIs) is a critical step in deploying EC2 instances. There are several methods:

Using an existing EC2 instance to build and operationalize an image.
Creating an image from an EBS snapshot.
Utilizing EC2 Image Builder, which streamlines the creation of both AMIs and container images based on your specific requirements.

The image illustrates the AMI lifecycle and creation process, showing steps to create an image using an EC2 instance, EBS snapshot, and EC2 Image Builder. It includes diagrams of the workflow for each method.

Historically, HashiCorp's Packer was used for this purpose; however, AWS now offers EC2 Image Builder as its native solution for crafting immutable infrastructure images—whether operating system images or container images.

The image is a diagram illustrating the process of building container images using EC2 Image Builder, showing components, image recipes, distribution, and output images.

AWS CloudFormation

AWS CloudFormation allows you to define and provision AWS infrastructure using JSON or YAML templates. It supports nested stacks, which help manage complex deployments by breaking them into modular components.

Below is an example CloudFormation template that demonstrates defining an EC2 instance:

AWSTemplateFormatVersion: '2010-09-09'
Description: A sample template
Resources:
  MyEC2Instance:
    Type: 'AWS::EC2::Instance'
    Properties:
      ImageId: ami-0ff8a91507f77f867
      InstanceType: t2.micro
      KeyName: testkey
      BlockDeviceMappings:
        - DeviceName: /dev/sdm
          Ebs:
            VolumeType: io1

This template illustrates resource definitions and highlights how CloudFormation can integrate with CI/CD pipelines. In these pipelines, code repositories (such as GitHub) or source assets on S3 are used, especially as CodeCommit is expected to be phased out by 2025.

The image is an overview of AWS CloudFormation, illustrating the process stages: Code, Commit, Execute, and Deploy, with brief descriptions for each step.

The image illustrates a CI/CD pipeline using AWS services, including CodeCommit, CodeBuild, CodePipeline, and CloudFormation, deploying resources like S3, EC2, VPC, and RDS.

Regional Deployment and StackSets

For organizations operating in multiple geographic regions, designing templates that support regional deployment is crucial. AWS CloudFormation StackSets enable you to deploy approved stacks across various accounts and regions efficiently.

The image outlines three regional deployment strategies: Availability, Proximity to Users, and Compliance Requirements, each with a brief description and icon.

The image illustrates how AWS CloudFormation StackSets work, showing the relationship between a management account and member accounts, and the processes of creating, updating, and deleting stack instances.

AWS Resource Access Manager (RAM)

AWS Resource Access Manager (RAM) facilitates resource sharing across AWS accounts. It allows you to create resource shares, specify which resources are included, and manage access permissions. When sharing resources across accounts, ensure that recipients accept the invitation to gain access.

The guide below provides a visual step-by-step process for using AWS RAM:

The image is a step-by-step guide on how to use AWS RAM, detailing five steps: creating a resource share, selecting resources, choosing principals, accepting requests, and monitoring the share.

Deployment Strategies

Implementing effective deployment strategies is vital for minimizing risk during application updates. The two primary strategies highlighted include:

Canary Deployment: Initially route a small percentage of traffic to the new deployment. Traffic is gradually increased as confidence in the release builds.
Blue-Green Deployment: Maintain two separate environments (blue for the current version and green for the new version), switching traffic only once the green environment is fully verified.

For Amazon ECS deployments, you have several strategies available:

All-at-Once: Replace the current version instantly.
Linear: Deploy incrementally at fixed intervals (e.g., 10% every 10 minutes).
Canary: Gradually increase the traffic based on stability confirmation.

The image compares two deployment strategies: Canary and Blue/Green. It illustrates the gradual release strategy for Canary and the separate environment approach for Blue/Green deployments.

The image shows three AWS CodeDeploy deployment strategies for ECS: All-at-Once, Linear, and Canary, each with options for traffic rerouting and deployment configuration.

Addressing Deployment Issues

A common challenge during deployments is configuration drift, where the deployed state deviates from the defined template. To mitigate this, employ monitoring and observability tools such as:

AWS CloudWatch
Managed Prometheus
Container Insights

These tools help detect and correct drift, ensuring consistency between your deployments and infrastructure templates.

The image shows a CloudFormation interface indicating a configuration drift issue, with one resource in sync and another modified.

Note

Regular monitoring is essential to detect configuration drift early and maintain service reliability.

Conclusion

This article has provided a comprehensive overview of Domain 3, covering key aspects of deployment, provisioning, and automation. Mastering these concepts will enhance your ability to manage AWS infrastructure efficiently and prepare you for AWS certification exams.

Thank you for reading, and stay tuned for the next lesson on Domain 4.

Explore further resources:

Watch Video

Watch video content