Dev Ops on AWS with PowerShell (PowerShell Conference Asia 2016)

PowerShell Conference Asia

DevOps on AWS with PowerShellGuillermo Musumeci@gmusumeci

#psconfasia

PowerShell Conference Singapore 2016

Who is this guy?• Started my career in Microsoft, 20 years ago.• Lived in Buenos Aires, Washington DC, Madrid, Paris and Singapore.• Solutions Architect @ AWS Singapore, Microsoft SME for ASEAN.• Cloud Evangelist. Expert in automating and deploying Microsoft workloads

in Amazon Web Services, Microsoft Azure & Google Cloud.• Love to create and build stuff. Developer. Entrepreneur. Curious. • Book author. Books lover. Husband & Dad. Foodie. • Startup Mentor. I ♥ Startups.


What we will cover• Tools setup• Launching EC2 instances• Tagging resources• Creating Security Groups• Finding resources using filters• Adding storage to instances• Bootstrapping instances with UserData• Configuring VPCs and Subnets


What we will cover (continued)• Configuring Internet Gateways and NAT Gateways• Launching RDP Gateway servers• Launching Active Directory Domain Controllers• Launching IIS Web Servers• Single-AZ Full Stack• Multi-AZ Full Stack• Elastic Load Balancer• Auto Scaling EC2 Instances


Before you get started• You need an AWS account

• PowerShell 2.0 or later installed.

• Basic knowledge of some AWS services:• EC2 instances• Security Groups• VPCs and subnets


Setting up the tool• Download and install AWS Tools for Windows PowerShell

from https://aws.amazon.com/powershell/

• The installer for the Tools for Windows PowerShell installs the most recent version of the AWS SDK for .NET and also the AWS Toolkit for Visual Studio.

• If you are using an AWS EC2 instance as bastion or management server, AWS Tools for Windows PowerShell is preinstalled on the Windows machine.

https://aws.amazon.com/powershell/

http://aws.amazon.com/sdk-for-net/

http://docs.aws.amazon.com/AWSToolkitVS/latest/UserGuide/welcome.html


Installing the AWS Tools for PowerShell Core• The AWS Tools for PowerShell Core can be installed on computers that are

running Microsoft PowerShell 5.1 or a later release of PowerShell, including:

• Ubuntu 14.04 LTS and later• CentOS Linux 7• Mac OS X• Windows 8.1 Enterprise• Windows Server 2012 R2• Windows 10 for Business

• Download the AWS Tools for PowerShell Core at https://www.powershellgallery.com/packages/AWSPowerShell.NetCore

https://www.powershellgallery.com/packages/AWSPowerShell.NetCore

Configuring Credentials


Configuring the AWS Command Line Interface• To add a new profile to the AWS SDK store, call Set-AWSCredentials as follows:

where• -AccessKey – The access key.• -SecretKey – The secret key.• -StoreAs – The profile name, which must be unique.

• To specify the default profile, set the profile name to default.


Configuring the AWS Command Line Interface• List profilesYou can check the current list of names as follows:

• Remove a profileTo remove a profile, use the following command:

• The -StoredCredentials parameter specifies the profile name.

14 Regions

38 Availability Zones

59 Edge Locations

Build it once, repeat it everywhere

• Independent for jurisdictional boundary requirements

• Private AWS fiber links interconnect all major regions


Configure the AWS region• Using the Get-AWSRegion command to list AWS regions available

Exploring the AWS PowerShell Module


Exploring AWS PowerShell Module• Use the Get-Command command to lists all commands in

the AWS module


Exploring AWS PowerShell Module• Using Get-Command with the –Noun parameter to filter

commands


Exploring AWS PowerShell Module• Using Get-Command cmdlet with –Noun and –Verb

parameters to filter commands


Exploring AWS PowerShell Module• Using Help cmdlet with –Examples parameter to display

examples


History of AWS cmdlets• The $AWS-History command enumerate AWS cmdlets that

are being used

Building an EC2 instance


Compute Services

20

Auto Scaling Elastic Load BalancingAutomated scaling

of EC2 capacityDynamic

traffic distribution

Amazon EC2Elastic virtual

serversin the cloud

EC2 EC2 EC2

EC2

EC2

EC2Actual

EC2


Building a Windows EC2 instance• Choosing the right AMI for your instance


Building a Windows EC2 instance• Select the EC2 instance type


Building a Windows EC2 instance• EC2 Instance Families


Building a Windows EC2 instance• Configure instance details


Building a Windows EC2 instance• Configures EC2 instance storage


Building a Windows EC2 instance• Using tags to identify your EC2 instances


Building a Windows EC2 instance• Configure Security Groups. A security group acts as a virtual

firewall that controls the traffic for one or more instances


Building a Windows EC2 instance• Final step: select existing or create a key pair

Building an EC2 instanceChoosing the Amazon Machine Instance

(AMI)


Building a Windows EC2 instance• The Get-EC2Image cmdlet retrieves a list of AMIs that you

can use.


Building a Windows EC2 instance• The Get-EC2ImageByName

cmdlet filter the list of AWS Windows AMIs based on the type of server configuration you are interested in.


Building a Windows EC2 instance• Getting the ImageId using the Get-EC2ImageByName

cmdlet


Building a Windows EC2 instance• Getting the ImageId using the Get-EC2ImageByName

cmdlet

Building an EC2 instanceLaunching an EC2 instance


Building a Windows EC2 instance• Creating an EC2 instance using New-EC2Instance cmdlet


Building a Windows EC2 instance• Creating an EC2 instance using New-EC2Instance cmdlet.• Using $instance_id to capture the result of the cmdlet.


Building a Windows EC2 instance• Using $instance_id

to capture the result of the cmdlet.

• Getting details of EC2 instance with .Instances parameter.


Building a Windows EC2 instance• Using Remove-EC2Instance cmdlet to stop and terminate

the EC2 Instance stored in the $ec2 variable

• Use the Select –ExpandProperty to simplify your life

Building an EC2 instanceConfiguring Security Groups


Building a Windows EC2 instance• Using Get-EC2SecurityGroup cmdlet to list security groups


Building a Windows EC2 instance• Filter Security Groups and then list rules


Building a Windows EC2 instance• Add a new rule to existing security group


Building a Windows EC2 instance• Adding the new inbound rule to the Security Group

• Using the .IpPermission parameterto verify new rule was added successfullyto the Security Group


Building a Windows EC2 instance• Creating a new Security Group

Building an EC2 instanceTagging EC2 Instances


Building a Windows EC2 instance• Creating a new tag

• Filter the Get-EC2Instance cmdlet results using tags


Building a Windows EC2 instance• Using the Get-ECTag cmdlet to filter instances

Building an EC2 instanceManaging storage


Building a Windows EC2 instance• Create a new EBS Block Device

• Then a Block Device Mapping


Building a Windows EC2 instance• Add an extra EBS drive to EC2 instance when launched

• Use Get-EC2Volume cmdlet to list volumes attached to EC2 instances


Building a Windows EC2 instance• Creating a new EBS volume

• Attaching EBS volume to existing EC2 Instance

Managing EC2 InstancePassword


Managing EC2 Instance Password• Using the Get-EC2PasswordData cmdlet to decrypt the

administrator password for EC2 instances launched using a key pair

• If you keep all key pair files in the same folder also you can type:

Bootstrapping an EC2 Instance


Bootstrapping an EC2 Instance• Configuring Instances with User Data

• Note: User data is limited to 16 KB in raw form, not base64-encoded form. User data is executed only at launch.

Accessing localEC2 Instance Metadata


Accessing local EC2 instance Metadata• Instance metadata is

data about your instance that you can use to configure or manage the running instance.

• You can only access instance metadata and user data from within the instance itself.


Accessing local EC2 instance Metadata• Retrieving the metadata information from the local machine

Creating VPCsand Subnets


Amazon Virtual Private Cloud (VPC)• Provision a logically isolated section of the AWS cloud

• Control your virtual networking environment• Subnets• Route Tables• Security Groups• Network ACLs

• Connect to your on-premises network via hardware VPN

• Control if and how your instances access the Internet


Create a VPC with Public and Private Subnets


Creating the VPC• Using the New-EC2Vpc cmdlet to create a new VPC and New-EC2Tag to tag it


Creating subnets• Using the New-EC2Subnet cmdlet to create public and

private subnets and New-EC2Tag to tag them


Creating the Internet Gateway• The Internet Gateway connects the VPC to the Internet and

to other AWS services

• We using the New-EC2InternetGateway cmdlet to create a new IG and Add-EC2InternetGateway cmdlet to attach the IG to the VPC


Creating the NAT Gateway• The NAT gateway uses Elastic IP address. This enables

instances in the private subnet to send requests to the Internet

• We are using the New-EC2Address cmdlet to get an Elastic IP address

and then New-EC2NatGateway cmdlet to create the NAT Gateway


Creating Security Groups for External Access• Create rules and security groups to allow RDP and SSH from

internet


Creating Security Groups for Internal Access• Create rules and security groups to allow RDP from DMZ and

unrestricted access inside private subnet


Creating Routes• Create public route table rules

• Create private route table rules

Creating RDP Gateway servers


Building a RDP Gateway• Using User Data script to create the Remote Desktop

Gateway

• Launching the RDP Gateway on the public subnet

Creating AD Domain Controllers


Building a AD Domain Controller• Using User Data script to create an Active Directory domain

controller


Building a AD Domain Controller• Using the New-EC2Instance cmdlet and user data to

automate the launch of an Active Directory domain controller on the private subnet

CreatingWeb Servers


Building a IIS Web Servers• Using User Data script to configure the IIS Web Server

• Launching the IIS Web Server on the private subnet

Multi-AZ Deployments


Example 3-tier Web App architecture

Configuring ELB (Elastic Load Balancer)


Creating an ELB• Creating a Security Group for the ELB

• Creating the ELB Listener


Creating an ELB (continues)• Using the New-ELBLoadBalancer cmdlet to launch the ELB

• Configuring ELB health check settings with the Set-ELBHealthCheck cmdlet

Configuring EC2 Auto Scaling


Creating an Auto Scaling group• Creating a Security Group for the Auto Scaling Group

• User Data to bootstrap the web server


Creating an Auto Scaling group (continues)• Using the New-ASLaunchConfiguration cmdlet to

configure the EC2 instance configuration

• Finally, using the New-ASAutoScalingGroup cmdlet to create and launch the Auto Scaling Group


Sample code available athttps://github.com/guillermo-musumeci/PowerShell

Thank you!Guillermo Musumeci

@gmusumeci

https://github.com/guillermo-musumeci/PowerShell

https://github.com/guillermo-musumeci/PowerShell

Technology

Dev Ops on AWS with PowerShell (PowerShell Conference Asia 2016)