AWS DevOps Simplified: Build a solid foundation in AWS to deliver enterprise-grade software solutions at scale [Team-IRA]

Cover
Title page
Copyright and Credits
Foreword
Contributors
Table of Contents
Preface
Part 1: Driving Transformation through AWS and DevOps
Chapter 1: Accelerating Your DevOps Journey with AWS
	AWS and DevOps – a perfect match
		Production-like environments
		Scaling with the cloud
		DevOps methodologies to accelerate software delivery
	Key AWS DevOps services
		CI
		CD and continuous deployment
		IaC
	Summary
	Further reading
Chapter 2: Choosing the Right Cloud Service
	The three tiers of cloud offerings
		Infrastructure as a Service (IaaS)
		Platform as a Service (PaaS)
		Software as a Service (SaaS)
	What to choose when
		Simplicity versus control
		Cloud skills and resources
		Business requirements
		Security considerations
	Understanding your organization’s cloud operating model
		Focusing on sustaining workloads with the traditional approach
		Focusing on optimizing workloads
		Focusing on growth in the cloud
	Key AWS services
		Abstracting the infrastructure
		Accelerating software delivery with platform services
		Fully managed software services
	Summary
	Further reading
Chapter 3: Leveraging Immutable Infrastructure in the Cloud
	Technical requirements
	Pets versus cattle
	Mutable and immutable infrastructure
		Mutable infrastructure
		Immutable infrastructure
	Getting started with AWS
		Creating a new AWS account
		Securing your root user credentials
		Creating additional users
		Setting up an AWS Cloud9 IDE in your AWS account
		Navigating your Cloud9 environment
	Working with the test application
		Test application
	Building an AMI with Packer
	Deploying our test instance
		Securing incoming traffic with security groups
		Creating the test EC2 instance
		Terminating the test EC2 instance
	Summary
	Further reading
Part 2: Faster Software Delivery with  Consistent and Reproducible Environments
Chapter 4: Managing Infrastructure as Code with AWS CloudFormation
	Technical requirements
	What is AWS CloudFormation?
		Key concepts in AWS CloudFormation
	How CloudFormation works
		Permissions delegation for resource management
		API call logging with CloudTrail
		How requests flow over the network
	Best practices for using CloudFormation to define enterprise-grade architectures
		Keep templates small and reusable
		Leverage inputs and outputs for cross-stack dependencies
		Leverage other service integrations
		Leverage StackSets for organization-wide stack rollouts
		Avoid hardcoding parameter values
		Life cycle policies to protect critical resources
		Reusable resource configurations
	Deciding between Terraform and CloudFormation
		Third-party provider ecosystem
		Mapping a resource definition with a deployment
		Support for programming constructs
		State management for deployed resources
		Better integrations offered by cloud-native services
		Modules for code reusability
	Hands-on deployment with CloudFormation
		Network architecture design to support multi-AZ deployments
		Hosting a sample web application with an application load balancer and Auto Scaling groups
	Summary
	Further reading
Chapter 5: Rolling Out a CI/CD Pipeline
	What is CI/CD?
		How does CI/CD enable faster software delivery?
		Why is continuous deployment hard to implement?
		An effective branching strategy is key
		Working with feature toggles
		Identifying what works best for you
	How to choose the best CI/CD solution for your needs
		Integration with existing tools
		On-premises hosting considerations
		Open source or commercial offerings?
	Enabling continuous integration with CodeCommit and CodeBuild
		Key features offered by CodeCommit
		Automating builds and tests with CodeBuild
	Using CodeDeploy to orchestrate deployment workflows in compute environments
		Key components in CodeDeploy
		Key features offered by CodeDeploy
	Implementing end-to-end software delivery with CodePipeline
		Key constructs used by CodePipeline
		Triggering actions in other regions
	Rolling out a fully automated CI/CD pipeline in your AWS account
		Creating a base AMI for the application instances
		Deploying infrastructure and application stacks
	Summary
	Further reading
Chapter 6: Programmatic Approach to IaC with AWS CDK
	Different approaches to managing infrastructure in AWS
		Manual infrastructure management
		Automating infrastructure rollouts with scripts
		Adopting a declarative approach
		Using infrastructure definition generators
		Using frameworks that offer high-level abstractions
	What is AWS CDK?
		Key concepts in CDK
		Development workflow
		Pros and cons of working with CDK
	Deploying a test application with AWS CDK
		Understanding the different components of the image recognition application
		Bootstrapping a new CDK project
		Bootstrapping the AWS account to enable CDK deployments
		Defining CDK constructs for application components
		Defining Lambda code for orchestrating the application workflow
		Synthesizing the template
		Deploying the CDK stack into an AWS account
		Testing the image analysis workflow
	Summary
	Further reading
Part 3: Security and Observability of Containerized Workloads
Chapter 7: Running Containers in AWS
	A quick introduction to the container ecosystem
		What are containers and why do we need them?
		Docker as a container platform
		Scaling containerized deployments beyond simple use cases
		Key responsibilities of container platforms
	AWS services that support running containers in the cloud
		AWS Elastic Compute Cloud (EC2)
		AWS Elastic Kubernetes Service (EKS)
		AWS Elastic Container Service (ECS)
	ECS constructs and security features
		Important constructs used by ECS
		Ensuring a good security posture with ECS
	Deploying a test application on ECS
		Understanding the test application architecture
		Defining the CDK stack constructs
		Preparing the web application code
		Preparing the static HTML template
		Bundling all application dependencies together for deployment on ECS
		Deploying our CDK stack in an AWS account
	Summary
	Further reading
Chapter 8: Enabling the Observability of Your Workloads
	What is observability?
		Benefits of observability
	Key AWS offerings for monitoring and observability
		Amazon CloudWatch
	Best practices for a solid observability strategy
		Build a hierarchy of dashboards
		Use consistent time zones across all systems
		Propagate trace identifiers
		Ensure that all components of your system emit events
	Defining your observability strategy for workloads hosted in AWS
		Deploying an observability stack for a test application hosted in ECS
		Extending the code base for better observability
		Deploying the stack in an AWS account
		Observing data to understand application behavior
	Summary
	Further reading
Chapter 9: Implementing DevSecOps with AWS
	Trade-offs and challenges of security
		Lack of ownership
		Last step in software delivery
		The rapid evolution of application architectures
		Outdated security tools
	What is DevSecOps?
		How is it different from DevOps?
		Key benefits of DevSecOps
		What it means for security professionals
		What it means for developers
		What it means for the operations team
	Securing your workloads in AWS
		Security challenges for operating workloads in the cloud
		Test strategies for your AWS workloads
		Important tools for security assessments
	Rolling out a test CI/CD workflow for DevSecOps
		Understanding the target architecture of the DevSecOps pipeline
		Understanding the code base
		Deploying the CDK stack in an AWS account
		Checking the result of security assessments
	Summary
	Further reading
Part 4: Taking the Next Steps
Chapter 10: Setting Up Teams for Success
	Building a collaborative team setup and culture
		Enable your teams to create more value
		Establishing a culture of collaboration and learning
		Measuring the DevOps maturity of your teams
		De-silo Dev and Ops
		Blameless post-mortems and RCAs
	Technology best practices and considerations for success
		Right-size the teams based on the technology cognitive load they can handle
		Invest in building abstractions that promote best practices
		Making injection of failure scenarios a routine practice
		Aligning technology decisions with business expectations
	Resources for continuous learning and enablement
	Driving change from the bottom up
		Structure your ideas well
		Demonstrate commitment
		Find collaborators and share good practices
	Summary
	Further reading
Chapter 11: Ensuring a Strong AWS Foundation for Multi-Account and Multi-Region Environments
	What is a Landing Zone?
	Key considerations in a Landing Zone
		Defining a structure for organizational units and accounts
		Focus on cross-account and hybrid networking needs
		Securing the Landing Zone with IAM and security services
		DevOps and config management
		Operations
	Best practices for managing multi-account architectures
		Limiting access to the management account
		Adopting solutions that offer the right balance of ease and control
		Invest in building an Account Vending Machine
		Maintain a separate AWS Organizations organization for platform development
		Avoid provisioning any IAM users
		Prefer no-code or low-code solutions
	Building a Landing Zone with Control Tower and CfCT
		Deploying resources with CfCT
	Summary
	Further reading
Chapter 12: Adhering to AWS Well-Architected Principles
	Understanding different components of AWS Well-Architected
		The AWS Well-Architected Framework
		AWS Well-Architected lenses
		The AWS Well-Architected Tool
	Aligning your architecture with the six focus pillars of the framework
		Operating your workloads with confidence
		Enhancing the security posture of infrastructure and workloads
		Building resilient and highly available systems
		Improving the performance efficiency of your workloads
		Minimizing cloud costs while maximizing business value creation
		Building sustainable workloads in the cloud
	Summary
	Further reading
Index
Other Books You May Enjoy