Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Shahbaz Alam – Manager, AWS Professional Service...
What to Expect from the Session
• Understand how AWS CloudFormation and AWS Service Catalog
can be leveraged to balance co...
AWS CloudFormation
AWS CloudFormation Concepts and Technology
JSON/YAML formatted file
Parameter definition
Resource creation
Configuration a...
AWS CloudFormation Benefits
• Version control/replicate/update the templates like
application code
• Integrates with devel...
Infrastructure as Code Workflow
Code
Version
Control
Code
Review
Integrate Deploy
Infrastructure as Code Workflow
Code
Version
Control
Code
Review
Integrate Deploy
Text Editor
Git/SVN/
Perforce
Review
Too...
Infrastructure as Code Workflow
Code
Version
Control
Code
Review
Integrate Deploy
“It’s all software”
Text Editor
Git/SVN/...
What do customers tell us about Asset
Management Deployment?
1. Define the resources and
landscapes where software
and app...
AWS Service Catalog
Built to manage approved templates and control access to them
AWS Service Catalog
AWS Service Catalog allows organizations to create and manage catalogs of
IT services. It enables user...
AWS Service Catalog – A Few Terms to Note
Product
Portfolio Stack
Constraint
an IT service that you
want to make available...
AWS Service Catalog Overview
Enable
• 11 User API methods
• 37 Admin API methods
• Share products across Portfolios and AW...
Creates portfolio and
assigns product portfolio
1
Administrator
Adds constraints, grant access
and add tags
4
2 Creates
pr...
Opportunities to Strengthen the Handshake
User generated
products to foster
innovation
Back-end micro-services
acting on t...
Browse
Products
5
4
3
2
1
Portfolio
Cloud
Consumers
Select version,
Provision
Product,
configure
parametersDeploy
Notifica...
AWS Service Catalog Benefits for Enterprises
• One-stop shop for end users
• Simple user access controls to the entire AWS...
Why AWS Service Catalog for Wiley?
Standardize
Enforce Consistency
Limit Access
Enforce Tagging, Security Groups
One-Stop ...
Wiley AWS Service Catalog
Implementation
Infrastructure Meets Application Needs
web app cache database
Application A
Web Tier App Tier Cache Tier DB Tier
web serve...
How Did We Approach the Environment?
- Design the Infrastructure to meet the Application
- Security and Separation at mult...
App Stack Deployment Model
Concrete
Application
Infrastructure
Environment Configuration
Application Deployment
AWS
Service Catalog
AWS
CloudFormatio...
Developer Experience
Developer Experience
- Single product launch
- Application stack launch
Developer
Find
Product
AWS
Service Catalog
Non-Prod Workflow
web
app
db
webAWS
CloudFormation
AWS Lambda
Launch Web
Server...
AWS
Service Catalog
AWS
CloudFormation
APPLICATION LOGIN PAGE
Application Deployment
Environmental Configuration
Developer...
Leverage the CLI to Provision a Product
]$ aws servicecatalog search-products
(list all products)
]$ aws servicecatalog de...
Launch a Product with the CLI
]$ aws servicecatalog provision-product --
product-id prod-XXXXX --provisioning-artifact-id
...
Production Rollout Experience
AWS
Service Catalog
AWS
CloudFormation
APPLICATION LOGIN PAGE
Non-Prod
Release
Management
Finalize
template
AWS
Service Ca...
10+ AWS Service Catalog Portfolios
50+ AWS Service Catalog Products
800+ product launches
in the past 3 months!
The Number...
Enabling DevOps
Consumers Creators Managers
Wiki
DevOps
Infrastructure
FAQs
Consumers Creators Managers
Function Consume Resources Create Artifacts
Automate Processes
Create Environment
& Manage Res...
Consumers Creators Managers
Function Consume Resources Create Artifacts
Automate Processes
Create Environment
& Manage Res...
Creates AD groups and AWS
IAM roles for application,
create IAM policies
Operations
Defines and creates Launch
constraints...
Creates portfolio and
assigns products to portfolio
1
Adds template constraints,
grant access and add tags
4
2 Creates
pro...
Set Constraints with CLI
]$ aws servicecatalog create-constraint --portfolio-id
port-ZZZZZZ --product-id prod-XXXXXX --par...
Alignment Consistency Reusability
Agility &
Flexibility
Time to
Market
Built-In
Governance
Automation
Thank you!
Remember to complete
your evaluations!
AWS re:Invent 2016: Enabling DevOps for an Enterprise with AWS Service Catalog: The John Wiley & Sons Journey with AWS Pro...
AWS re:Invent 2016: Enabling DevOps for an Enterprise with AWS Service Catalog: The John Wiley & Sons Journey with AWS Pro...
AWS re:Invent 2016: Enabling DevOps for an Enterprise with AWS Service Catalog: The John Wiley & Sons Journey with AWS Pro...
AWS re:Invent 2016: Enabling DevOps for an Enterprise with AWS Service Catalog: The John Wiley & Sons Journey with AWS Pro...
AWS re:Invent 2016: Enabling DevOps for an Enterprise with AWS Service Catalog: The John Wiley & Sons Journey with AWS Pro...
AWS re:Invent 2016: Enabling DevOps for an Enterprise with AWS Service Catalog: The John Wiley & Sons Journey with AWS Pro...
AWS re:Invent 2016: Enabling DevOps for an Enterprise with AWS Service Catalog: The John Wiley & Sons Journey with AWS Pro...
AWS re:Invent 2016: Enabling DevOps for an Enterprise with AWS Service Catalog: The John Wiley & Sons Journey with AWS Pro...
AWS re:Invent 2016: Enabling DevOps for an Enterprise with AWS Service Catalog: The John Wiley & Sons Journey with AWS Pro...
AWS re:Invent 2016: Enabling DevOps for an Enterprise with AWS Service Catalog: The John Wiley & Sons Journey with AWS Pro...
AWS re:Invent 2016: Enabling DevOps for an Enterprise with AWS Service Catalog: The John Wiley & Sons Journey with AWS Pro...
AWS re:Invent 2016: Enabling DevOps for an Enterprise with AWS Service Catalog: The John Wiley & Sons Journey with AWS Pro...
AWS re:Invent 2016: Enabling DevOps for an Enterprise with AWS Service Catalog: The John Wiley & Sons Journey with AWS Pro...
AWS re:Invent 2016: Enabling DevOps for an Enterprise with AWS Service Catalog: The John Wiley & Sons Journey with AWS Pro...
AWS re:Invent 2016: Enabling DevOps for an Enterprise with AWS Service Catalog: The John Wiley & Sons Journey with AWS Pro...
AWS re:Invent 2016: Enabling DevOps for an Enterprise with AWS Service Catalog: The John Wiley & Sons Journey with AWS Pro...
AWS re:Invent 2016: Enabling DevOps for an Enterprise with AWS Service Catalog: The John Wiley & Sons Journey with AWS Pro...
AWS re:Invent 2016: Enabling DevOps for an Enterprise with AWS Service Catalog: The John Wiley & Sons Journey with AWS Pro...
AWS re:Invent 2016: Enabling DevOps for an Enterprise with AWS Service Catalog: The John Wiley & Sons Journey with AWS Pro...
AWS re:Invent 2016: Enabling DevOps for an Enterprise with AWS Service Catalog: The John Wiley & Sons Journey with AWS Pro...
AWS re:Invent 2016: Enabling DevOps for an Enterprise with AWS Service Catalog: The John Wiley & Sons Journey with AWS Pro...
AWS re:Invent 2016: Enabling DevOps for an Enterprise with AWS Service Catalog: The John Wiley & Sons Journey with AWS Pro...
AWS re:Invent 2016: Enabling DevOps for an Enterprise with AWS Service Catalog: The John Wiley & Sons Journey with AWS Pro...
AWS re:Invent 2016: Enabling DevOps for an Enterprise with AWS Service Catalog: The John Wiley & Sons Journey with AWS Pro...
AWS re:Invent 2016: Enabling DevOps for an Enterprise with AWS Service Catalog: The John Wiley & Sons Journey with AWS Pro...
AWS re:Invent 2016: Enabling DevOps for an Enterprise with AWS Service Catalog: The John Wiley & Sons Journey with AWS Pro...
AWS re:Invent 2016: Enabling DevOps for an Enterprise with AWS Service Catalog: The John Wiley & Sons Journey with AWS Pro...
AWS re:Invent 2016: Enabling DevOps for an Enterprise with AWS Service Catalog: The John Wiley & Sons Journey with AWS Pro...
AWS re:Invent 2016: Enabling DevOps for an Enterprise with AWS Service Catalog: The John Wiley & Sons Journey with AWS Pro...
AWS re:Invent 2016: Enabling DevOps for an Enterprise with AWS Service Catalog: The John Wiley & Sons Journey with AWS Pro...
AWS re:Invent 2016: Enabling DevOps for an Enterprise with AWS Service Catalog: The John Wiley & Sons Journey with AWS Pro...
AWS re:Invent 2016: Enabling DevOps for an Enterprise with AWS Service Catalog: The John Wiley & Sons Journey with AWS Pro...
AWS re:Invent 2016: Enabling DevOps for an Enterprise with AWS Service Catalog: The John Wiley & Sons Journey with AWS Pro...
AWS re:Invent 2016: Enabling DevOps for an Enterprise with AWS Service Catalog: The John Wiley & Sons Journey with AWS Pro...
AWS re:Invent 2016: Enabling DevOps for an Enterprise with AWS Service Catalog: The John Wiley & Sons Journey with AWS Pro...
Upcoming SlideShare
Loading in …5
×

AWS re:Invent 2016: Enabling DevOps for an Enterprise with AWS Service Catalog: The John Wiley & Sons Journey with AWS Professional Services (DEV321)

2,130 views

Published on

As incumbent enterprises move to the cloud, questions arise how transform the legacy IT culture to maximize the agility and flexibility AWS provides. Speed and dexterity must be implemented in a consistent manner, minimizing the impact to the organizational structure, but taking into account the existing skill sets and knowledge base. With AWS Service Catalog, you can manage commonly deployed AWS CloudFormation template versions, enable controlled self-provisioning, and leverage those same products in your automated deployment pipelines to AWS. In this session, developers, operations leads, architects, and IT managers learn how to leverage AWS Service Catalog and AWS CloudFormation to transform IT culture to maximize the agility, flexibility, and value that the AWS platform provides. Additionally, John Wiley & Sons, a 200-year-old enterprise, demonstrates how AWS Professional Services helped them balance the velocity achieved by moving to AWS with a structured governance model to deploy their cloud infrastructure and application code.

Published in: Technology

AWS re:Invent 2016: Enabling DevOps for an Enterprise with AWS Service Catalog: The John Wiley & Sons Journey with AWS Professional Services (DEV321)

  1. 1. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Shahbaz Alam – Manager, AWS Professional Services Peter Marney – SVP, Chief Product Technology Officer, John Wiley & Sons Mahdi Sajjadpour – Senior Consultant, AWS Professional Services December 1, 2016 DEV321 Enabling DevOps for an Enterprise with AWS Service Catalog The John Wiley & Sons Journey with AWS ProServe
  2. 2. What to Expect from the Session • Understand how AWS CloudFormation and AWS Service Catalog can be leveraged to balance control and agility. • AWS Service Catalog Best Practices. • Understand how to replicate the pattern used by John Wiley & Sons to help transform your company.
  3. 3. AWS CloudFormation
  4. 4. AWS CloudFormation Concepts and Technology JSON/YAML formatted file Parameter definition Resource creation Configuration actions Framework Stack creation Stack updates Error detection and rollback Configured AWS resources Comprehensive service support Service event aware Customizable Template CloudFormation Stack
  5. 5. AWS CloudFormation Benefits • Version control/replicate/update the templates like application code • Integrates with development, CI/CD, management tools • No additional charge to use
  6. 6. Infrastructure as Code Workflow Code Version Control Code Review Integrate Deploy
  7. 7. Infrastructure as Code Workflow Code Version Control Code Review Integrate Deploy Text Editor Git/SVN/ Perforce Review Tools Syntax Validation Tools AWS Services
  8. 8. Infrastructure as Code Workflow Code Version Control Code Review Integrate Deploy “It’s all software” Text Editor Git/SVN/ Perforce Review Tools Syntax Validation Tools AWS Services
  9. 9. What do customers tell us about Asset Management Deployment? 1. Define the resources and landscapes where software and application are deployed 2. ‘Approve once and deploy many’ 3. Enable self service deploy with confidence 4. Automate deployments
  10. 10. AWS Service Catalog Built to manage approved templates and control access to them
  11. 11. AWS Service Catalog AWS Service Catalog allows organizations to create and manage catalogs of IT services. It enables users to quickly deploy approved IT services they need in a self-service manner. Administrator Users Control Standardization Governance Agility Self-service Time to market
  12. 12. AWS Service Catalog – A Few Terms to Note Product Portfolio Stack Constraint an IT service that you want to make available for deployment on AWS. a collection of products, together with configuration information. restrict the ways that specific AWS resources can be deployed for a product every AWS Service Catalog product is launched as an AWS CloudFormation stack
  13. 13. AWS Service Catalog Overview Enable • 11 User API methods • 37 Admin API methods • Share products across Portfolios and AWS Accounts Orchestrate • Version Products • Limit console access • Provide various levels of user access Automate • Launch constraints • Template constraints
  14. 14. Creates portfolio and assigns product portfolio 1 Administrator Adds constraints, grant access and add tags 4 2 Creates product Authors template Administrator Interaction ProductX Versions Portfolio BPortfolio A • Users and Roles • Constraints • Tags Service Catalog 3 DevOps Automation
  15. 15. Opportunities to Strengthen the Handshake User generated products to foster innovation Back-end micro-services acting on the stacks Administrator Products
  16. 16. Browse Products 5 4 3 2 1 Portfolio Cloud Consumers Select version, Provision Product, configure parametersDeploy Notifications and outputs Notifications and outputs 4 Scheduled functions Administrator Cloud Consumer Interaction
  17. 17. AWS Service Catalog Benefits for Enterprises • One-stop shop for end users • Simple user access controls to the entire AWS platform • Built-in governance • Granular controls on CloudFormation templates • Version control on products Access and Governance: • Reusability of Products across AWS Accounts • API/CLI and console access • Tagging enforcement Reusability and Automation
  18. 18. Why AWS Service Catalog for Wiley? Standardize Enforce Consistency Limit Access Enforce Tagging, Security Groups One-Stop Shop Automate Deployments Agile Governance
  19. 19. Wiley AWS Service Catalog Implementation
  20. 20. Infrastructure Meets Application Needs web app cache database Application A Web Tier App Tier Cache Tier DB Tier web server app server cache cluster database Portfolio Tier AlignmentAccess Alignment
  21. 21. How Did We Approach the Environment? - Design the Infrastructure to meet the Application - Security and Separation at multiple levels: - Application Level - Application Tier Level - Functional/Access Level - Security/Network alignment with Application Design
  22. 22. App Stack Deployment Model
  23. 23. Concrete Application Infrastructure Environment Configuration Application Deployment AWS Service Catalog AWS CloudFormation AWS CloudFormation DevelopmentTeamOperationsTeam Automation/ReleaseMgmt.Team
  24. 24. Developer Experience
  25. 25. Developer Experience - Single product launch - Application stack launch
  26. 26. Developer Find Product AWS Service Catalog Non-Prod Workflow web app db webAWS CloudFormation AWS Lambda Launch Web Server Launch a Server Amazon Route 53 hosted zone Amazon CloudWatch Events Amazon SNS ITSM Processes Amazon CloudWatch Review Metrics
  27. 27. AWS Service Catalog AWS CloudFormation APPLICATION LOGIN PAGE Application Deployment Environmental Configuration Developer Launch an App Stack Infrastructure Deployment AWS Service Catalog CLI
  28. 28. Leverage the CLI to Provision a Product ]$ aws servicecatalog search-products (list all products) ]$ aws servicecatalog describe-product --id prod-XXXXXX (this gets the provisioning artifact ID) ]$ aws servicecatalog list-launch-paths --product-id prod- XXXXXX (this gets the path ID) ]$ aws servicecatalog describe-provisioning-parameters -- product-id prod-XXXXX --provisioning-artifact-id checkUpdateVersion-12345678900 --path-id lp-YYYYYY (this uses the provisioning artifact ID and path ID, and gets the parameters)
  29. 29. Launch a Product with the CLI ]$ aws servicecatalog provision-product -- product-id prod-XXXXX --provisioning-artifact-id checkUpdateVersion-123456789000 --path-id lp- YYYYYY --provisioning-parameters Key=KeyName,Value=MyKeyPair3 Key=InstanceType,Value=m4.medium --provisioned- product-name reInvent-CLI-example --provision- token exampletoken (launch product with parameters listed, you can also supply a JSON file)
  30. 30. Production Rollout Experience
  31. 31. AWS Service Catalog AWS CloudFormation APPLICATION LOGIN PAGE Non-Prod Release Management Finalize template AWS Service Catalog Non-Prod Prod Share or Import template Automate Deployments Operations Create Product Production Workflow Trigger Infrastructure and Application builds via Jenkins AWS Service Catalog CLI
  32. 32. 10+ AWS Service Catalog Portfolios 50+ AWS Service Catalog Products 800+ product launches in the past 3 months! The Numbers…
  33. 33. Enabling DevOps
  34. 34. Consumers Creators Managers Wiki DevOps Infrastructure FAQs
  35. 35. Consumers Creators Managers Function Consume Resources Create Artifacts Automate Processes Create Environment & Manage Resources Typical Job Role Developers Automation/Release Mgmt Operations & InfoSec AWS Access Launch Resources Create Artifacts Manage Environment Governance Responsibility Meet Cost Requirements Artifacts that meet Standards Environment & Compliance Logging and Monitoring Read-Only Create Alarms & Dashboards Monitor & Audit Service Catalog Alignment EndUserFullAccess AdminFullAccess AdminFullAccess + Full IAM access
  36. 36. Consumers Creators Managers Function Consume Resources Create Artifacts Automate Processes Create Environment & Manage Resources AD Group Publishing-Platform-Developers Publishing-Platform-DevOps AWS-admins IAM role Publishing-Platform-Developers Publishing-Platform-DevOps AWS-admins Policies attached to Roles ServiceCatalogEndUserFullAccess ReadOnlyAccess AWSSupportAccess CloudWatchCreateDashboard ServiceCatalogAdminFullAccess ReadOnlyAccess AWSSupportAccess CloudFrontFullAccess PublishingSQSAccess AdministratorAccess Service Catalog Portfolio Access Publishing-Platform Publishing-Platform All of Service Catalog All of Service Catalog Example
  37. 37. Creates AD groups and AWS IAM roles for application, create IAM policies Operations Defines and creates Launch constraints 2 Operations/Infrastructure Interaction Managing Environment Web Server Versions Application BApplication A • Users • Constraints • Tags Service Catalog 1 Defines template constraints AMI, security group, subnet, instance types, tags 3
  38. 38. Creates portfolio and assigns products to portfolio 1 Adds template constraints, grant access and add tags 4 2 Creates product Authors template Automation/Release Mgmt Interaction Managing & Creating Products Web Server Versions Application BApplication A • Users • Constraints • Tags Service Catalog 3 Release Mgmt
  39. 39. Set Constraints with CLI ]$ aws servicecatalog create-constraint --portfolio-id port-ZZZZZZ --product-id prod-XXXXXX --parameters "{"Rules": {"Rule1": {"Assertions": [{"Assert": {"Fn::Contains": [["EXAMPLE-AMI-ID- 1","EXAMPLE-AMI-ID-2"],{"Ref": "ami- id"}]},"AssertDescription": "AMI ID should be either EXAMPLE-AMI-ID-1 or EXAMPLE-AMI-ID-2"}]}}}" -- type TEMPLATE –idempotency-token exampletoken New marketplace AMI Custom AMI AMI Template Constraint
  40. 40. Alignment Consistency Reusability Agility & Flexibility Time to Market Built-In Governance Automation
  41. 41. Thank you!
  42. 42. Remember to complete your evaluations!

×