AWS re:Invent Slides (2022)
DevOps Amazon’s approach to high-availability deployment Continuous-delivery failures can lead to reduced service availability and bad customer experiences. To maximize the rate of successful deployments, Amazon’s development teams implement guardrails in the end-to-end release process to minimize deployment errors, with a goal of achieving zero deployment failures. In this session, learn the continuous-delivery practices that we invented that help raise the bar and prevent costly deployment failures. Automating cross-account CI/CD pipelines When building a deployment strategy for your applications, using a multi-account approach is a recommended best practice. This limits the area of impact for changes made and results in better modularity, security, and governance. In this session, dive deep into an example multi-account deployment using infrastructure-as-code (IaC) services such as the AWS CDK, AWS CodePipeline, and AWS CloudFormation. Also explore a real-world customer use case that is deploying at scale across hundreds of AWS accounts. Continuous improvement of code quality with Amazon CodeGuru Software development teams are using modern tools that help automate developer workflows in order to improve speed and code quality. Amazon CodeGuru is powered by machine learning to provide intelligent recommendations and help you identify your application’s most expensive lines of code. CodeGuru enables developers to mitigate potential defects and optimize performance early in the development cycle. In this session, you walk through how to onboard CodeGuru, review architectural diagrams, and witness CodeGuru in a pipeline, providing continuous feedback to the developer to iterate through code improvements. Continuous security and compliance for your CI/CD pipeline This workshop dives deep into the importance of and mechanisms for meeting security and compliance requirements for your organization. Learn ways that you can enforce pre- and post-deployment standards, shift-left testing, and use of services like Amazon CodeGuru Reviewer, AWS CloudFormation Guard, and AWS Config for security static analysis and runtime compliance checks. Deep dive into AWS Cloud Development Kit The AWS Cloud Development Kit (AWS CDK) is a multi-language, open-source framework that enables developers to harness the full power of familiar programming languages to define reusable cloud components and provision applications built from those components using AWS CloudFormation. In this session, you develop an AWS CDK application and learn how to quickly assemble AWS infrastructure. We explore the AWS Construct Library and show you how easy it is to configure your cloud resources, manage permissions, connect event sources, and build and publish your own constructs. Implementing DevSecOps pipelines with compliance in mind Review a DevSecOps CI/CD pipeline that includes software composition analysis, static application security testing, and dynamic application security testing. Also learn about best practices for incorporating security checkpoints across various pipeline stages and aggregating vulnerability findings into a single pane of glass. Finally, hear about processes and tools that can increase an organization’s ability to deliver applications and services in a secure manner. Multi-account and multi-Region deployments at scale Many AWS customers are implementing multi-account strategies in order to more easily manage their cloud infrastructure and improve their security and compliance posture. In this chalk talk, learn about various options for deploying resources into multiple accounts and AWS Regions including across partitions (as in AWS GovCloud [US]). The talk also covers how these options can align to your organizational units in AWS Control Tower. Kubernetes (EKS) Amazon EKS SaaS: Building a working multi-tenant environment Amazon EKS provides SaaS developers with a rich collection of constructs that can be used to create a SaaS solution. In this workshop, learn how to build a complete multi-tenant SaaS environment that highlights the different strategies and considerations that come with building, securing, and deploying SaaS applications in an Amazon EKS model. Work through labs that demonstrate the implementation of core multi-tenant concepts, including onboarding, tenant isolation, tiering, cost attribution, and data partitioning. Get hands-on experience with the moving parts of an Amazon EKS SaaS solution while discovering the nuances of the Amazon EKS SaaS model. Best practices for using Amazon EKS add-ons Kubernetes add-on software extends the functionality of Kubernetes and is typically built and maintained by the Kubernetes community, AWS, and other third-party vendors. Amazon EKS add-ons allow you to configure, deploy, and update the operational software or add-ons that provide key functionality to support your Kubernetes applications, including cluster networking, operational software for observability, management, scaling, and security. In this chalk talk, walk through best practices for using add-ons to consistently maintain the security and stability of your Amazon EKS clusters. Best practices platform teams can use to streamline Kubernetes operations Kubernetes accelerates the digital transformation of cloud-native applications. As organizations expand, the number of Kubernetes clusters and applications can lead to significant operational challenges. A popular choice for managed Kubernetes is Amazon EKS. It’s no wonder that platform teams are on a quest to better manage, scale, and secure their Amazon EKS clusters across disparate internal application teams while working with multiple AWS accounts in multiple AWS Regions. AWS Partner Rafay Systems helps hundreds of enterprises reduce the complexity of Kubernetes. In this lightning talk, learn best practices on streamlining Kubernetes from self-service cluster provisioning through to centralized policy management. Bootstrapping “batteries-included” Amazon EKS clusters In this builders’ session, learn about using Amazon EKS Blueprints for Terraform to configure and deploy “batteries-included” Amazon EKS clusters. Dive deep into EKS Blueprints code and learn to deploy security-compliant EKS clusters with managed node groups and AWS Fargate profiles. Learn how to build EKS clusters that support workloads from multiple teams with EKS Blueprint’s teams functionality. Lastly, learn how to easily deploy AWS managed add-ons (like VPC CNI, CoreDNS, and kube-proxy) in addition to popular open-source add-ons, including Metrics Server, cluster autoscaler, Prometheus, Karpenter, AWS Load Balancer Controller, Fluent Bit, and Argo CD. Build Kubernetes at scale using AWS file services Learn how you can launch and use Amazon FSx fully managed file services to power your Amazon EKS Kubernetes container workloads. Deploy a container-based workload with persistent storage from Amazon FSx to better understand the benefits and key features for container-based workloads. The workshop also touches on dimensions such as performance, scale, high availability, and how to create clones of your DevOps data in seconds, or replicate and access your data seamlessly across AWS Regions, to further power at-scale container-based workloads. Data analysis with Amazon EKS and AWS Batch Gain an understanding of the recently added AWS Batch support for managing and scheduling large-scale data analysis using Amazon EKS. Learn AWS Batch fundamental concepts and how AWS Batch works together with your other AWS services running within Amazon EKS. Deploy an Amazon EKS cluster, leverage AWS Batch to manage pods, and train a simple machine learning model. Disaster recovery, high availability, and resiliency on Amazon EKS Kubernetes application development and operations teams need to build resilient systems that embrace failure as a natural occurrence. Learn about patterns and strategies for running resilient Kubernetes clusters on AWS. Use chaos engineering tools to simulate failures and disaster scenarios for Kubernetes clusters on AWS and learn how to recover from them within given recovery time and recovery point objectives. Getting started with Amazon Elastic Kubernetes Service (Amazon EKS) Introduction to Kubernetes using the AWS managed Kubernetes service Amazon EKS. Previous experience with Kubernetes or container workflows is useful but not required. During this workshop you deploy everything needed to have a set of microservices running with additional useful day-2 functionality in place. The workshop includes deploying a set of microservices, configuring a load balancer in front of your service, configuring centralized logging, and enabling automatic scaling of your pods and worker nodes. How to monitor and reduce your compute costs As organizations adopt Amazon EKS to securely and reliably run their mission-critical workloads in the AWS cloud and on premises, it is essential that they have tools to monitor and optimize what they spend to run their Kubernetes applications. This builders’ session demonstrates cost-reduction steps in a sample architecture and then shows ways you can identify and reduce compute costs in your environment using OpenCost, Kubecost, Karpenter, and AWS Graviton. Join Adobe and AWS to learn how they are collaborating with Kubecost and the OpenCost community to standardize cost tracking, allocation, methodologies, and measurements and help teams using Kubernetes more easily understand their infrastructure costs. Running efficient Kubernetes clusters on Amazon EC2 with Karpenter Learn how to provision, manage, and maintain your Kubernetes clusters with Amazon EKS at virtually any scale using Karpenter. Karpenter is a node lifecycle management solution used to scale your Kubernetes cluster. It observes incoming pods and launches the right instances for the situation. Instance selection decisions are intent-based and driven by the specification of incoming pods, including resource requests and scheduling constraints. Simplifying Kubernetes application management with cdk8s The CDK for Kubernetes (cdk8s) is a new open-source software development framework that lets you define Kubernetes applications and resources using familiar programming languages. In this session, learn how to use the construct programing model and the cdk8s+ library to define your Kubernetes applications and share common definitions as reusable components with your team, organization, and Community Heroes (AWS). Come learn the fundamentals you need to use cdk8s to accelerate application development on any Kubernetes cluster running anywhere. Spot invaders: A fault-tolerant chaos engineering game In this session, experience your favorite arcade game with an AWS twist. Spot Invaders is a retro game where your goal is to earn points by defeating wave after wave of invaders to destroy pods and nodes on an Amazon EKS cluster and so make the underlying microservices exposed by the cluster unavailable. By applying Amazon EC2 Spot best practices on an Amazon EKS system and utilizing chaos engineering using AWS Fault Injector Simulator, learn how to build fault-tolerant and cost-optimized container systems.