Managing Content
CloudFormation¶
- Description
-
- Allows to deploy/modify/update resources, applying version control to AWS infrastructure
- Use Cases
- Quickly launch new test environments
- Realiably replicate configuration between environments
- Launch apps in new AWS regions
Components
Component | Description |
---|---|
TEMPLATE | Define resources and properties (JSON) |
STACK |
|
STACKSETS |
|
Elastic Beanstalk¶
- Description
-
- Developers can upload their application code, and the service automatically handles
- Resource provisioning
- Load balancing
- Autoscaling
- Monitoring
- Does retain full control over AWS resources
- EC2 instance type
- DB & storage options
- Enable login access to EC2
- Enable HTTPS on the load balancer
- App server settings
- Autoscaling settings
- Developers can upload their application code, and the service automatically handles
Components
Component | Description |
---|---|
APPLICATION | Logical collection of Beanstalk components (~folders): envs, versions, configs |
APP VERSION | Specific, labeled iteration of deployable code, which points to an S3 bucket containing deployable code |
ENVIRONMENT |
|
ENVIRONMENT CONFIGURATION | Collection of parameters |
Supported
Languages | Java, PHP, Ruby, NodeJS, Python, Go |
Web Containers | Tomcat, Passenger, Puma, Docker |
Service Catalog¶
Create and manage catalogs of IT services that are approved for use on AWS
- Components
-
- Portfolio: collection of catalogs
- Catalogs: collection of products
- Product: CloudFormation template
- Characteristics
-
- Portfolios can be shared across accounts
- Access
- Admin access control is via IAM
- User access control is initially via IAM (
ServiceCatalogEndUserAccess
needed to use Service Catalog) - It doesn't support resource-level permissions nor resource-based policies
- Portfolio access is managed within Service Catalog by associating IAM users/groups/roles with a Portfolio
- Launch role: a role that is used to run the templates, instead of the user having the necessary permissions
CodeArtifact¶
- General Info
-
- Artifact management service for software development
- Securely store and share the software packages used in their development, build, and deployment processes
- Supported: Maven and Gradle (for Java), npm and yarn (for Javascript), and pip and twine (for Python)
Systems Manager (SSM)¶
- General Info
-
- Group resources of different types together based on a query (e.g. an application)
- Inventory: applications, files, network configurations, Windows services, registries, etc.
- Many features require the Agent installed
- EC2 instances need an instance profile for a role that has the necessary permissions to allow the agent to interact with SSM
Characteristics
Run Command |
|
Session Manager |
|
Patch Manager | |
State Manager | Specify OS configuration, rollout schedule, compliance reporting |
Parameter Store |
|
Secrets Manager¶
- Service which securely stores, encrypt and rotates DB credentials and other secrets
-
- Encryption in transit and at rest using KMS
- Automatically rotates credentials
- Apply fine grained access control using IAM policies
- Apps can make API calls to Secrets Manager to retrieve secrets programmatically
Secrets Manager | Parameter Store |
---|---|
Database credentials, API/SSH keys | Password, DB strings, license codes, parameter values, config data |
Built-in integration with RDS (MySQL, PostgreSQL, Aurora) | User defined parameters |
Built-in rotation of RDS secrets, support for non-RDS using Lambda | Values may be clear text or encrypted |
Charged: $0.40 secret/pcm + $0.05 per 10,000 API calls | No additional charge |
Integrated with Secrets Manager |