Deployment and Management Tools

Now that you've learned how to design robust AWS architectures and integrate various services, it's time to explore how to efficiently deploy and manage these solutions at scale. In this lesson, we'll dive into AWS deployment and management tools that help automate infrastructure provisioning, application deployment, and operational management.

Learning Goals:

Understand Infrastructure as Code (IaC) concepts with AWS CloudFormation
Deploy applications using AWS Elastic Beanstalk
Manage containerized applications with Amazon ECS
Automate deployments with AWS CodeDeploy
Use AWS Systems Manager for operational management

Infrastructure as Code with AWS CloudFormation

AWS CloudFormation allows you to model and provision AWS resources using templates. Instead of manually creating resources through the console, you define your infrastructure in code.

CloudFormation Template Structure

Here's a basic CloudFormation template that creates an S3 bucket:

basic-bucket.yml
AWSTemplateFormatVersion: '2010-09-09'
Description: 'Simple S3 bucket template'

Parameters:
  BucketName:
    Type: String
    Description: Name for the S3 bucket
    MinLength: 3
    MaxLength: 63

Resources:
  MyS3Bucket:
    Type: AWS::S3::Bucket
    Properties:
      BucketName: !Ref BucketName
      VersioningConfiguration:
        Status: Enabled
    DeletionPolicy: Retain

Outputs:
  BucketARN:
    Description: ARN of the created bucket
    Value: !GetAtt MyS3Bucket.Arn
    Export:
      Name: !Sub '${AWS::StackName}-BucketARN'

tip

Always use DeletionPolicy: Retain for production resources containing important data to prevent accidental deletion when deleting CloudFormation stacks.

Deploying with CloudFormation

You can deploy this template using the AWS CLI:

deploy-stack.sh
aws cloudformation create-stack \
  --stack-name my-s3-bucket-stack \
  --template-body file://basic-bucket.yml \
  --parameters ParameterKey=BucketName,ParameterValue=my-unique-bucket-name-12345 \
  --capabilities CAPABILITY_IAM

Application Deployment with AWS Elastic Beanstalk

AWS Elastic Beanstalk provides a platform-as-a-service (PaaS) environment for deploying web applications without managing the underlying infrastructure.

Deploying a Node.js Application

Create an package.json for your application:

package.json
{
  "name": "my-elasticbeanstalk-app",
  "version": "1.0.0",
  "description": "Sample Node.js application for Elastic Beanstalk",
  "main": "app.js",
  "scripts": {
    "start": "node app.js"
  },
  "dependencies": {
    "express": "^4.18.0"
  }
}

And the application code:

app.js
const express = require('express');
const app = express();
const port = process.env.PORT || 3000;

app.get('/', (req, res) => {
  res.json({
    message: 'Hello from Elastic Beanstalk!',
    timestamp: new Date().toISOString(),
    environment: process.env.NODE_ENV || 'development'
  });
});

app.listen(port, () => {
  console.log(`Server running on port ${port}`);
});

Package your application and deploy using the EB CLI:

deploy-eb.sh
# Initialize Elastic Beanstalk application
eb init my-nodejs-app --region us-east-1 --platform node.js

# Create environment and deploy
eb create production-env

Container Management with Amazon ECS

Amazon Elastic Container Service (ECS) helps you run Docker containers at scale.

ECS Task Definition

Define your container configuration in a task definition:

task-definition.json
{
  "family": "web-app",
  "networkMode": "awsvpc",
  "requiresCompatibilities": ["FARGATE"],
  "cpu": "256",
  "memory": "512",
  "containerDefinitions": [
    {
      "name": "web-container",
      "image": "nginx:alpine",
      "portMappings": [
        {
          "containerPort": 80,
          "protocol": "tcp"
        }
      ],
      "essential": true,
      "logConfiguration": {
        "logDriver": "awslogs",
        "options": {
          "awslogs-group": "/ecs/web-app",
          "awslogs-region": "us-east-1",
          "awslogs-stream-prefix": "ecs"
        }
      }
    }
  ]
}

Deploying with ECS

deploy-ecs.sh
# Register task definition
aws ecs register-task-definition --cli-input-json file://task-definition.json

# Create ECS service
aws ecs create-service \
  --cluster my-cluster \
  --service-name web-service \
  --task-definition web-app:1 \
  --desired-count 2 \
  --launch-type FARGATE \
  --network-configuration "awsvpcConfiguration={subnets=[subnet-12345],securityGroups=[sg-12345],assignPublicIp=ENABLED}"

Automated Deployments with AWS CodeDeploy

AWS CodeDeploy automates application deployments to various compute services.

AppSpec File for EC2/On-Premises

appspec.yml
version: 0.0
os: linux
files:
  - source: /index.html
    destination: /var/www/html/
hooks:
  BeforeInstall:
    - location: scripts/install_dependencies.sh
      timeout: 300
  AfterInstall:
    - location: scripts/change_permissions.sh
      timeout: 300
  ApplicationStart:
    - location: scripts/start_server.sh
      timeout: 300
  ApplicationStop:
    - location: scripts/stop_server.sh
      timeout: 300

Deployment Script Example

scripts/start_server.sh
#!/bin/bash
# Start the web server
systemctl start nginx
echo "Application started successfully"

warning

Always test your deployment scripts in a staging environment before production. Failed deployments can cause application downtime.

Operational Management with AWS Systems Manager

AWS Systems Manager provides unified operational insights and automation across your AWS resources.

Run Command Examples

Execute commands across multiple EC2 instances:

ssm-command.sh
# Run a shell command on all instances with a specific tag
aws ssm send-command \
  --document-name "AWS-RunShellScript" \
  --targets "Key=tag:Environment,Values=production" \
  --parameters 'commands=["yum update -y", "systemctl restart nginx"]' \
  --comment "Security updates and service restart"

Session Manager for Secure Access

Access instances without SSH keys or bastion hosts:

start-session.sh
# Start a session with an instance
aws ssm start-session --target i-1234567890abcdef0

Common Pitfalls

Drift Detection: CloudFormation stack drift occurs when resources are modified outside of CloudFormation. Regularly use drift detection to identify configuration inconsistencies.
Rollback Failures: CodeDeploy deployments can fail during rollback if cleanup scripts have errors. Always test rollback scenarios.
Resource Limits: Be aware of service quotas - ECS tasks, Elastic Beanstalk environments, and CloudFormation stacks all have limits that may require quota increases.
IAM Permissions: Most deployment failures are due to insufficient IAM permissions. Ensure your deployment roles have the necessary policies.
Cost Monitoring: Automated scaling and deployments can lead to unexpected costs. Set up billing alarms and monitor resource usage.

Summary

In this lesson, you've learned how to leverage AWS deployment and management tools to automate and streamline your operations. CloudFormation provides infrastructure as code capabilities, Elastic Beanstalk simplifies application deployment, ECS manages containerized workloads, CodeDeploy automates deployment processes, and Systems Manager offers comprehensive operational management. These tools work together to create efficient, repeatable, and scalable deployment pipelines.

Quiz

AWS Deployment & Automation Fundamentals

What is the primary purpose of AWS CloudFormation's `DeletionPolicy` attribute?

Question 1/5

Infrastructure as Code with AWS CloudFormation​

CloudFormation Template Structure​

Deploying with CloudFormation​

Application Deployment with AWS Elastic Beanstalk​

Deploying a Node.js Application​

Container Management with Amazon ECS​

ECS Task Definition​

Deploying with ECS​

Automated Deployments with AWS CodeDeploy​

AppSpec File for EC2/On-Premises​

Deployment Script Example​

Operational Management with AWS Systems Manager​

Run Command Examples​

Session Manager for Secure Access​

Common Pitfalls​

Summary​

Quiz​