2009 - John Allspaw and Paul Hammond discuss what later becomes known as the DevOps culture as well as the best practices like one-step deploy, feature switches, dark launches, shared metrics, etc. in their groundbreaking talk “10+ Deploys Per Day: Dev and Ops Cooperation at Flickr” at Velocity 2009 O’Reilly Conference: https://youtu.be/LdOe18KhtT4?t=205
2009 - Patrick Debois kicks off first Devopsdays conference in Ghent, Belgium: https://www.devopsdays.org
Mark Schwartz, the head of Citizenship and Immigration Services with the US Department of Homeland Security discusses how CIS initially fit DevOps inside of a strict waterfall model mandated by DHS regulations:: https://www.youtube.com/watch?v=QwHVlJtqhaI
TaskCat - An open-source tool that tests AWS CloudFormation templates. It creates stacks in multiple AWS Regions simultaneously and generates a report with a pass/fail grade for each region:
API throttling is the process of limiting the number of API requests a user can make in a certain period. The HTTP 429 Too Many Requests response status code indicates the user has sent too many requests in a given amount of time.
The Twelve-Factor App methodology can be applied to apps written in any programming language, and which use any combination of backing services (database, queue, memory cache, etc): https://12factor.net/
Often when running a web service, you’ll have your instances behind a load balancer. But when deploying new code to these instances, you don’t want the load balancer to continue sending customer traffic to an instance while the deployment is in progress. The lifecycle event scripts give you the ability to integrate your AWS CodeDeploy deployments with instances that are behind an Elastic Load Balancer or in an Auto Scaling group. Simply set the name (or names) of the Elastic Load Balancer your instances are a part of, set the scripts in the appropriate lifecycle events, and the scripts will take care of deregistering the instance, waiting for connection draining, and re-registering after the deployment finishes: https://github.com/awslabs/aws-codedeploy-samples/tree/master/load-balancing/elb
AWS Lambda integrates with 47 AWS services. No other cloud provider integrates with more than 20.
After a Lambda function is executed, AWS Lambda maintains the execution context for some time in anticipation of another Lambda function invocation.
Each Lambda function receives 500MB of non-persistent disk space in its own /tmp directory.
Lambda Deployment package size limits: 50 MB (zipped, for direct upload), 250 MB (unzipped, including layers), 3 MB (console editor).
Lambda restrictions: Inbound network connections are blocked by AWS Lambda, and for outbound connections only TCP/IP and UDP/IP sockets are supported, and ptrace (debugging) system calls are blocked. TCP port 25 traffic is also blocked as an anti-spam measure.
Lambda concurrency is subject to a Regional quota that is shared by all functions in a Region.
Default quota of concurrent executions is 1,000 and it can be increased to the tens of thousands.
Types of Lambda concurrency:
Reserved concurrency – an optional value set per function that both reserves a subset of the Regional quota for the function and also establishes the maximum concurrent instances allowed for the function. Comes at no charge.
Provisioned concurrency - initializes a requested number of execution environments so that they are prepared to respond to your function’s invocations. Incurs charges.
Burst concurrency - for an initial burst of traffic, your functions’ cumulative concurrency in a Region can reach an initial level of between 500 and 3000 (varies per Region). After that, your functions’ concurrency can scale by an additional 500 instances each minute. This continues until there are enough instances to serve all requests, or until a concurrency limit is reached.
Wild Rydes Serverless Workshops | This repository contains a collection of workshops and other hands on content that will guide you through building various serverless applications using AWS Lambda, Amazon API Gateway, Amazon DynamoDB, AWS Step Functions, Amazon Kinesis, and other AWS services: https://github.com/aws-samples/aws-serverless-workshops
AWS Alien Attack Workshop | The purpose of AWS Alien Attack is to create a fun environment where you can test and think about different aspects of serverless architectures for (near) real-time ingesting and processing of data at AWS: https://alienattack.workshop.aws/
With Step Functions AWS SDK Service Integrations, developers can integrate their state machines directly to AWS service that has AWS SDK support:
Number of supported AWS services: 200+
AWS API Actions: 9,000+
Standard Workflows:
Use for long-running, durable, and auditable workflows where repeating workflow steps is expensive (e.g., restarting a long-running media transcode) or harmful (e.g., charging a credit card twice)
Guarantee exactly once execution of each workflow step
Maximum duration - 1 year
Track and store detailed step-by-step information about each workflow that you may inspect during and after the workflow execution
Support all service integrations, activities, and design patterns
Express Workflows:
Use for workloads with high event rates and short durations
Event rates of more than 100,000 per second
Guarantee “at least once” execution of each workflow step
Maximum duration - 5 min
Failed workflows must be re-run from the beginning
Support all service integrations
Do not support activities, Job-run (.sync), and Callback patterns
With Amazon Simple Workflow Service (Amazon SWF), instead of writing state machines in declarative JSON, you write a decider program to separate activity steps from decision steps. This provides you complete control over your orchestration logic, but increases the complexity of developing applications. You may write decider programs in the programming language of your choice, or you may use the Flow framework to use programming constructs that structure asynchronous interactions for you: https://aws.amazon.com/swf/
LocalStack provides an easy-to-use test/mocking framework for developing Cloud applications. It spins up a testing environment on your local machine that provides the same functionality and APIs as the real AWS cloud environment: https://localstack.cloud/
AWS re:Invent 2017 | Performing Chaos at Netflix Scale: Chaos Engineering is described as “the discipline of experimenting on a distributed system in order to build confidence in the system’s capability to withstand turbulent conditions in production.” With unit tests and integration tests we test a known to increase confidence in software. With chaos we experiment with the unknown: https://www.youtube.com/watch?v=LaKGx0dAUlo
Chaos Monkey randomly terminates virtual machine instances and containers that run inside of your production environment. Exposing engineers to failures more frequently incentivizes them to build resilient services: https://github.com/netflix/chaosmonkey
WireMock - a simulator (mock server) for HTTP-based APIs. It supports testing of edge cases and failure modes that the real API won’t reliably produce.
AWS CloudFormation Guard - an open-source, policy-as-code evaluation tool that provides developers with a simple-to-use, yet powerful language (DSL) to define policies used to validate JSON- or YAML- formatted templates.
awslabs/git-secrets - scans commits, commit messages, and –no-ff merges to prevent adding secrets into your git repositories.
Amazon CodeGuru - Amazon CodeGuru is a machine learning service for automated code reviews and application performance recommendations. When you associate your AWS CodeCommit repository with Amazon CodeGuru Reviewer, you will receive recommendations to help improve Java code in all pull requests.
Bandit - an open-source tool designed to find common security issues in Python code.
Clair - an open source project for the static analysis of vulnerabilities in appc and docker containers.
Contrast CE (Contrast Security) - a free and full-strength application security platform that provides “always on” IAST, RASP, and SCA for Java applications and APIs (other languages coming soon). Contrast isn’t a scanner or firewall, instead it works from inside the running application.
Checkmarx – application security testing and static code analysis software.
OWASP Dependency-Check - an open source Software Composition Analysis (SCA) tool that attempts to detect publicly disclosed vulnerabilities contained within a project’s dependencies.
NPM Audit - a command tool that performs a moment-in-time security review of a Node.js project’s dependency tree.
Qualys - an automated full spectrum auditing, compliance and protection of IT systems and web applications.
Retire.js - a web app scanner for use of vulnerable JavaScript libraries. The goal of retire.js is to help you detect use of version with known vulnerabilities.
Trufflehog - an open source tool that searches through git repositories for secrets, digging deep into commit history and branches. This is effective at finding secrets accidentally committed.
Visual Code Grepper - an open source automated code security review tool that handles C/C++, Java, C#, VB and PL/SQL.
Veracode Platform - a solution that can provide visibility into application status across all testing types, including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Source Code Analysis (SCA), and manual penetration testing, in one centralized view.
Infrastructure scanners
Amazon Inspector - an automated security assessment service that helps improve the security and compliance of applications deployed on AWS. Amazon Inspector automatically assesses applications for exposure, vulnerabilities, and deviations from best practices. After performing an assessment, Amazon Inspector produces a detailed list of security findings prioritized by level of severity. These findings can be reviewed directly or as part of detailed assessment reports which are available via the Amazon Inspector console or API.
Nikto - an open source web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Scan items and plugins are frequently updated and can be automatically updated.
Nessus (Tenable) - vulnerability analysis, patch confirmation, configuration assessment, and sensitive data identification for EC2 environments and instances.
Nmap - short for Network Mapper, is an open-source tool for vulnerability scanning and network discovery. Network administrators use Nmap to identify what devices are running on their systems, discovering hosts that are available and the services they offer, finding open ports and detecting security risks.
Snyk - finds vulnerabilities in your repos and remediate risks with automated updates and patches. Block vulnerable libraries in CI/CD and monitor PaaS/Serverless apps for dependency flaws.
Web UI test automation tools
Selenium - automates browsers. That’s it! What you do with that power is entirely up to you. Primarily, it is for automating web applications for testing purposes, but is certainly not limited to just that.
Ghost Inspector - provides a test recorder tool for both Chrome and Firefox that allows you to record operations and assertions right in your web browser. If you’re familiar with Selenium IDE, this is similar but much more streamlined.
Cypress Fast, easy and reliable testing for anything that runs in a browser.
Web application vulnerability scanners
Arachni Scanner - a free/public-source Web application security scanner aimed towards helping users evaluate the security of web applications.
AppSpider (Rapid7) - a dynamic application security testing solution that allows scanning web and mobile applications for vulnerabilities.
Burp Suite (PortSwigger) - a graphical tool written in Java for testing Web application security.
OpenVAS - a full-featured open source vulnerability scanner. Its capabilities include unauthenticated testing, authenticated testing, various high level and low level Internet and industrial protocols, performance tuning for large-scale scans and a powerful internal programming language to implement any type of vulnerability test.
Apache JMeter is designed to load test functional behavior and measure performance. It was originally designed for testing Web Applications but has since expanded to other test functions.
Bees with Machine Guns - an open source utility for arming (creating) many bees (micro EC2 instances) to attack (load test) targets (web applications).
The Rule Development Kit is designed to support a “Compliance-as-Code” workflow that is intuitive and productive. It abstracts away much of the undifferentiated heavy lifting associated with deploying AWS Config rules backed by custom lambda functions, and provides a streamlined develop-deploy-monitor iterative process: https://github.com/awslabs/aws-config-rdk
HashiCorp Packer | Automates the creation of any type of machine image: https://www.packer.io/
Observability
Important facts
The minimum metric resolution supported by CloudWatch is 1-second data points, which is a high-resolution metric. If you do not specify that a metric is high resolution, then by default CloudWatch will aggregate and store the metrics at 1-minute resolution.
Custom CloudWatch metrics follow the same retention schedule and resolution options as AWS-managed metrics.
The CloudWatch Logs Agent will send log data every five seconds by default and is configurable by the user.
Beginning on Thursday, January 28, 2021 the AWS Dev Hour: Building Modern Applications series will offer developers a hands-on approach to deepen their AWS knowledge in a fun, live, and interactive environment: https://pages.awscloud.com/traincert-twitch-dev-hour.html
AWS Stash, searchable historical database of the videos released by AWS at public events: https://awsstash.com/