STUPS by Zalando @ AWS Berlin User Group Meetup May 2015
-
Upload
henning-jacobs -
Category
Technology
-
view
2.123 -
download
2
Transcript of STUPS by Zalando @ AWS Berlin User Group Meetup May 2015
STUPSSTUPS To Unleash Penguin SwarmsAWS Berlin Meetup [email protected] @try_except_
15 countries14+ million active customers2.2 billion € revenue 2014640+ million visits in Q1/2 2014
One of Europe's largest online fashion retailers
What is STUPS?
The STUPS platform is a set of tools and components to provide a convenient and audit-compliant Platform-as-a-Service (PaaS) for multiple autonomous teams on top of Amazon Web Services (AWS).
One AWS account per Team
● Every team gets own,
isolated AWS Account
● Every team gets own team domain
*.<teamid>.example.org
Public Internet
Isolated AWS Accounts
*.foo.example.org *.bar.example.org
Team “Foo” Team “Bar”ELB ELB
EC2Instance
EC2InstanceEC2
InstanceEC2Instance
EC2InstanceEC2
Instance
Isolated AWS Accounts..
● All cross-team traffic via public Internet● All cross-team APIs as REST● Endpoints need to be secured
via SSL and OAuth● No firewall/network “magic” needed
Autonomy
Teams..● can choose technologies
as they think fit● own their AWS Account● are end-to-end responsible
for their applications
Autonomy and Compliance
STUPS offers maximum freedom for developers while enabling near-real-time audit compliance for every single application.
STUPS Policy TL;DR
● Use the Taupage base AMI⇒ Docker
● Register all applicationsin the Kio application registry
● Use REST+OAuthto expose services to other teams
Application Deployment
● Build your application
● Create a Docker image
● Deploy a new immutable stack with Senza
● Route traffic to the new stack
Try out for yourself: http://docs.stups.io/en/latest/user-guide/standalone-deployment.html
Immutable Stacks
What is Senza?
● Command line tool
● Generator of Cloud Formation templates
● Management tool for CF stacks
● Convenience high-level CF “components”
Senza Definition YAML
Senza: Bootstrap CF Stack
Senza: List Stacks
Application Logs
SSH Access to EC2 Instance
OAuth Infrastructure
● Central IAM Provider
(ForgeRock Open Identity Stack)
● Registered Apps get OAuth
credentials automatically
● Credential Distribution via S3 Buckets
Your Turn: Manage Apps & OAuth
LinksSTUPS Frontpagehttp://stups.io
STUPS Documentationhttp://docs.stups.io
GitHub Repositorieshttps://github.com/zalando-stups
Trying out Senza and Taupagehttp://docs.stups.io/en/latest/user-guide/standalone-deployment.html