Dev Ops on AWS with PowerShell (PowerShell Conference Asia 2016)

PowerShell Conference Asia

DevOps on AWS with PowerShellGuillermo Musumeci@gmusumeci

#psconfasia

PowerShell Conference Singapore 2016

Who is this guy?• Started my career in Microsoft, 20 years ago.• Lived in Buenos Aires, Washington DC, Madrid, Paris and Singapore.• Solutions Architect @ AWS Singapore, Microsoft SME for ASEAN.• Cloud Evangelist. Expert in automating and deploying Microsoft workloads

in Amazon Web Services, Microsoft Azure & Google Cloud.• Love to create and build stuff. Developer. Entrepreneur. Curious. • Book author. Books lover. Husband & Dad. Foodie. • Startup Mentor. I ♥ Startups.

What we will cover• Tools setup• Launching EC2 instances• Tagging resources• Creating Security Groups• Finding resources using filters• Adding storage to instances• Bootstrapping instances with UserData• Configuring VPCs and Subnets

What we will cover (continued)• Configuring Internet Gateways and NAT Gateways• Launching RDP Gateway servers• Launching Active Directory Domain Controllers• Launching IIS Web Servers• Single-AZ Full Stack• Multi-AZ Full Stack• Elastic Load Balancer• Auto Scaling EC2 Instances

Before you get started• You need an AWS account

• PowerShell 2.0 or later installed.

• Basic knowledge of some AWS services:• EC2 instances• Security Groups• VPCs and subnets

Setting up the tool• Download and install AWS Tools for Windows PowerShell

from https://aws.amazon.com/powershell/

• The installer for the Tools for Windows PowerShell installs the most recent version of the AWS SDK for .NET and also the AWS Toolkit for Visual Studio.

• If you are using an AWS EC2 instance as bastion or management server, AWS Tools for Windows PowerShell is preinstalled on the Windows machine.

Installing the AWS Tools for PowerShell Core• The AWS Tools for PowerShell Core can be installed on computers that are

running Microsoft PowerShell 5.1 or a later release of PowerShell, including:

• Ubuntu 14.04 LTS and later• CentOS Linux 7• Mac OS X• Windows 8.1 Enterprise• Windows Server 2012 R2• Windows 10 for Business

• Download the AWS Tools for PowerShell Core at https://www.powershellgallery.com/packages/AWSPowerShell.NetCore

Configuring Credentials

Configuring the AWS Command Line Interface• To add a new profile to the AWS SDK store, call Set-AWSCredentials as follows:

where• -AccessKey – The access key.• -SecretKey – The secret key.• -StoreAs – The profile name, which must be unique.

• To specify the default profile, set the profile name to default.

Configuring the AWS Command Line Interface• List profilesYou can check the current list of names as follows:

• Remove a profileTo remove a profile, use the following command:

• The -StoredCredentials parameter specifies the profile name.

14 Regions

38 Availability Zones

59 Edge Locations

Build it once, repeat it everywhere

• Independent for jurisdictional boundary requirements

• Private AWS fiber links interconnect all major regions

Configure the AWS region• Using the Get-AWSRegion command to list AWS regions available

Exploring the AWS PowerShell Module

Exploring AWS PowerShell Module• Use the Get-Command command to lists all commands in

the AWS module

Exploring AWS PowerShell Module• Using Get-Command with the –Noun parameter to filter

commands

Exploring AWS PowerShell Module• Using Get-Command cmdlet with –Noun and –Verb

parameters to filter commands

Exploring AWS PowerShell Module• Using Help cmdlet with –Examples parameter to display

examples

History of AWS cmdlets• The $AWS-History command enumerate AWS cmdlets that

are being used

Building an EC2 instance

Compute Services

Auto Scaling Elastic Load BalancingAutomated scaling

of EC2 capacityDynamic

traffic distribution

Amazon EC2Elastic virtual

serversin the cloud

EC2 EC2 EC2

EC2Actual

Building a Windows EC2 instance• Choosing the right AMI for your instance

Building a Windows EC2 instance• Select the EC2 instance type

Building a Windows EC2 instance• EC2 Instance Families

Building a Windows EC2 instance• Configure instance details

Building a Windows EC2 instance• Configures EC2 instance storage

Building a Windows EC2 instance• Using tags to identify your EC2 instances

Building a Windows EC2 instance• Configure Security Groups. A security group acts as a virtual

firewall that controls the traffic for one or more instances

Building a Windows EC2 instance• Final step: select existing or create a key pair

Building an EC2 instanceChoosing the Amazon Machine Instance

Building a Windows EC2 instance• The Get-EC2Image cmdlet retrieves a list of AMIs that you

can use.

Building a Windows EC2 instance• The Get-EC2ImageByName

cmdlet filter the list of AWS Windows AMIs based on the type of server configuration you are interested in.

Building a Windows EC2 instance• Getting the ImageId using the Get-EC2ImageByName

cmdlet

Building a Windows EC2 instance• Getting the ImageId using the Get-EC2ImageByName

cmdlet

Building an EC2 instanceLaunching an EC2 instance

Building a Windows EC2 instance• Creating an EC2 instance using New-EC2Instance cmdlet

Building a Windows EC2 instance• Creating an EC2 instance using New-EC2Instance cmdlet.• Using $instance_id to capture the result of the cmdlet.

Building a Windows EC2 instance• Using $instance_id

to capture the result of the cmdlet.

• Getting details of EC2 instance with .Instances parameter.

Building a Windows EC2 instance• Using Remove-EC2Instance cmdlet to stop and terminate

the EC2 Instance stored in the $ec2 variable

• Use the Select –ExpandProperty to simplify your life

Building an EC2 instanceConfiguring Security Groups

Building a Windows EC2 instance• Using Get-EC2SecurityGroup cmdlet to list security groups

Building a Windows EC2 instance• Filter Security Groups and then list rules

Building a Windows EC2 instance• Add a new rule to existing security group

Building a Windows EC2 instance• Adding the new inbound rule to the Security Group

• Using the .IpPermission parameterto verify new rule was added successfullyto the Security Group

Building a Windows EC2 instance• Creating a new Security Group

Building an EC2 instanceTagging EC2 Instances

Building a Windows EC2 instance• Creating a new tag

• Filter the Get-EC2Instance cmdlet results using tags

Building a Windows EC2 instance• Using the Get-ECTag cmdlet to filter instances

Building an EC2 instanceManaging storage

Building a Windows EC2 instance• Create a new EBS Block Device

• Then a Block Device Mapping

Building a Windows EC2 instance• Add an extra EBS drive to EC2 instance when launched

• Use Get-EC2Volume cmdlet to list volumes attached to EC2 instances

Building a Windows EC2 instance• Creating a new EBS volume

• Attaching EBS volume to existing EC2 Instance

Managing EC2 InstancePassword

Managing EC2 Instance Password• Using the Get-EC2PasswordData cmdlet to decrypt the

administrator password for EC2 instances launched using a key pair

• If you keep all key pair files in the same folder also you can type:

Bootstrapping an EC2 Instance

Bootstrapping an EC2 Instance• Configuring Instances with User Data

• Note: User data is limited to 16 KB in raw form, not base64-encoded form. User data is executed only at launch.

Accessing localEC2 Instance Metadata

Accessing local EC2 instance Metadata• Instance metadata is

data about your instance that you can use to configure or manage the running instance.

• You can only access instance metadata and user data from within the instance itself.

Accessing local EC2 instance Metadata• Retrieving the metadata information from the local machine

Creating VPCsand Subnets

Amazon Virtual Private Cloud (VPC)• Provision a logically isolated section of the AWS cloud

• Control your virtual networking environment• Subnets• Route Tables• Security Groups• Network ACLs

• Connect to your on-premises network via hardware VPN

• Control if and how your instances access the Internet

Create a VPC with Public and Private Subnets

Creating the VPC• Using the New-EC2Vpc cmdlet to create a new VPC and New-EC2Tag to tag it

Creating subnets• Using the New-EC2Subnet cmdlet to create public and

private subnets and New-EC2Tag to tag them

Creating the Internet Gateway• The Internet Gateway connects the VPC to the Internet and

to other AWS services

• We using the New-EC2InternetGateway cmdlet to create a new IG and Add-EC2InternetGateway cmdlet to attach the IG to the VPC

Creating the NAT Gateway• The NAT gateway uses Elastic IP address. This enables

instances in the private subnet to send requests to the Internet

• We are using the New-EC2Address cmdlet to get an Elastic IP address

and then New-EC2NatGateway cmdlet to create the NAT Gateway

Creating Security Groups for External Access• Create rules and security groups to allow RDP and SSH from

internet

Creating Security Groups for Internal Access• Create rules and security groups to allow RDP from DMZ and

unrestricted access inside private subnet

Creating Routes• Create public route table rules

• Create private route table rules

Creating RDP Gateway servers

Building a RDP Gateway• Using User Data script to create the Remote Desktop

Gateway

• Launching the RDP Gateway on the public subnet

Creating AD Domain Controllers

Building a AD Domain Controller• Using User Data script to create an Active Directory domain

controller

Building a AD Domain Controller• Using the New-EC2Instance cmdlet and user data to

automate the launch of an Active Directory domain controller on the private subnet

CreatingWeb Servers

Building a IIS Web Servers• Using User Data script to configure the IIS Web Server

• Launching the IIS Web Server on the private subnet

Multi-AZ Deployments

Example 3-tier Web App architecture

Configuring ELB (Elastic Load Balancer)

Creating an ELB• Creating a Security Group for the ELB

• Creating the ELB Listener

Creating an ELB (continues)• Using the New-ELBLoadBalancer cmdlet to launch the ELB

• Configuring ELB health check settings with the Set-ELBHealthCheck cmdlet

Configuring EC2 Auto Scaling

Creating an Auto Scaling group• Creating a Security Group for the Auto Scaling Group

• User Data to bootstrap the web server

Creating an Auto Scaling group (continues)• Using the New-ASLaunchConfiguration cmdlet to

configure the EC2 instance configuration

• Finally, using the New-ASAutoScalingGroup cmdlet to create and launch the Auto Scaling Group

Sample code available athttps://github.com/guillermo-musumeci/PowerShell

Thank you!Guillermo Musumeci

@gmusumeci

Dev Ops on AWS with PowerShell (PowerShell Conference Asia 2016)

Technology

Dev ops ljc 2010

PowerShell mtl-dev 2015

Succeeding with dev ops

Dev Ops Day (1)

Dev ops for dummies

Ops Dev Learning Pack

Dev ops@kelkoo

бурцев Dev ops agile

Sps paris2016 dev-ops avec powershell pour office 365 et sharepoint online exploitez enfin le potentiel de votre tenant

Dev ops bootstrap

Dev(/)ops ?

Dev ops with Data

Dev Ops 101

What is dev ops

Careerdays dev ops

Cwin16 - Paris - dev ops

Mtug dev ops

STC-2017 Dev-Ops based continuous Regression Testingqaistc.com/.../2017/...dev-ops-based-continuous-regression-testing.pdf · An Automated approach towards Dev-Ops based continuous

Journey into dev ops

Node.js dev ops