STUPS by Zalando @ AWS Berlin User Group Meetup May 2015

20
STUPS STUPS To Unleash Penguin Swarms AWS Berlin Meetup 2015-05-21 [email protected] @try_except_

Transcript of STUPS by Zalando @ AWS Berlin User Group Meetup May 2015

Page 1: STUPS by Zalando @ AWS Berlin User Group Meetup May 2015

STUPSSTUPS To Unleash Penguin SwarmsAWS Berlin Meetup [email protected] @try_except_

Page 2: STUPS by Zalando @ AWS Berlin User Group Meetup May 2015

15 countries14+ million active customers2.2 billion € revenue 2014640+ million visits in Q1/2 2014

One of Europe's largest online fashion retailers

Page 3: STUPS by Zalando @ AWS Berlin User Group Meetup May 2015

What is STUPS?

The STUPS platform is a set of tools and components to provide a convenient and audit-compliant Platform-as-a-Service (PaaS) for multiple autonomous teams on top of Amazon Web Services (AWS).

Page 4: STUPS by Zalando @ AWS Berlin User Group Meetup May 2015

One AWS account per Team

● Every team gets own,

isolated AWS Account

● Every team gets own team domain

*.<teamid>.example.org

Page 5: STUPS by Zalando @ AWS Berlin User Group Meetup May 2015

Public Internet

Isolated AWS Accounts

*.foo.example.org *.bar.example.org

Team “Foo” Team “Bar”ELB ELB

EC2Instance

EC2InstanceEC2

InstanceEC2Instance

EC2InstanceEC2

Instance

Page 6: STUPS by Zalando @ AWS Berlin User Group Meetup May 2015

Isolated AWS Accounts..

● All cross-team traffic via public Internet● All cross-team APIs as REST● Endpoints need to be secured

via SSL and OAuth● No firewall/network “magic” needed

Page 7: STUPS by Zalando @ AWS Berlin User Group Meetup May 2015

Autonomy

Teams..● can choose technologies

as they think fit● own their AWS Account● are end-to-end responsible

for their applications

Page 8: STUPS by Zalando @ AWS Berlin User Group Meetup May 2015

Autonomy and Compliance

STUPS offers maximum freedom for developers while enabling near-real-time audit compliance for every single application.

Page 9: STUPS by Zalando @ AWS Berlin User Group Meetup May 2015

STUPS Policy TL;DR

● Use the Taupage base AMI⇒ Docker

● Register all applicationsin the Kio application registry

● Use REST+OAuthto expose services to other teams

Page 10: STUPS by Zalando @ AWS Berlin User Group Meetup May 2015

Application Deployment

● Build your application

● Create a Docker image

● Deploy a new immutable stack with Senza

● Route traffic to the new stack

Try out for yourself: http://docs.stups.io/en/latest/user-guide/standalone-deployment.html

Page 11: STUPS by Zalando @ AWS Berlin User Group Meetup May 2015

Immutable Stacks

Page 12: STUPS by Zalando @ AWS Berlin User Group Meetup May 2015

What is Senza?

● Command line tool

● Generator of Cloud Formation templates

● Management tool for CF stacks

● Convenience high-level CF “components”

Page 13: STUPS by Zalando @ AWS Berlin User Group Meetup May 2015

Senza Definition YAML

Page 14: STUPS by Zalando @ AWS Berlin User Group Meetup May 2015

Senza: Bootstrap CF Stack

Page 15: STUPS by Zalando @ AWS Berlin User Group Meetup May 2015

Senza: List Stacks

Page 16: STUPS by Zalando @ AWS Berlin User Group Meetup May 2015

Application Logs

Page 17: STUPS by Zalando @ AWS Berlin User Group Meetup May 2015

SSH Access to EC2 Instance

Page 18: STUPS by Zalando @ AWS Berlin User Group Meetup May 2015

OAuth Infrastructure

● Central IAM Provider

(ForgeRock Open Identity Stack)

● Registered Apps get OAuth

credentials automatically

● Credential Distribution via S3 Buckets

Page 19: STUPS by Zalando @ AWS Berlin User Group Meetup May 2015

Your Turn: Manage Apps & OAuth

Page 20: STUPS by Zalando @ AWS Berlin User Group Meetup May 2015

LinksSTUPS Frontpagehttp://stups.io

STUPS Documentationhttp://docs.stups.io

GitHub Repositorieshttps://github.com/zalando-stups

Trying out Senza and Taupagehttp://docs.stups.io/en/latest/user-guide/standalone-deployment.html