Engineer and Site Reliability Engineer 💪 Specializing in cloud-based technologies, Cybersecurity 🔭 interested in DevOps, SRE, Cloud Native, software design and architecture.
5 stage x 9 region New Service Dev Team need to build CI/CD pipeline to fit CloudOne requirement New Account Provisioning issue Isolation by separate AWS account High Provisioning cost New Region Need support by every dev team 3 Basic CI/CD pipeline in CloudOne
provisioning issue deployment complexity: n service x 5 stage x 9 region 2 SPF on deployment machine Deployment machine in every AWS account Single point of failure EC2 security issue 3 Risk control Deploy multi-region service to Global 4 No standard for CI/CD pipeline Familiarity issue for SRE
CodePipeline control which region/account need to deploy In every deploy stage, CodePipeline will assume role to target account and trigger cloudoformation update
A developer creates a new branch in the git repo and pushes some code. 1. GitHub sends a webhook push event to Jenkins. 2. Jenkins starts a new job execution to build, compile, and static testing the branch code. 3. The Jenkins job creates a new AWS CodePipeline for the branch and triggers a new CodePipeline execution. 4. The CodePipeline deploys the service CloudFormation template. 5. improvement Streamlined Environment Management Using deploy platform, the team was able to reduce manual effort and improve efficiency. Increased Reliability Deployments became more reliable PR/Branch build Early find IaC issue in dev stage
issue deployment complexity: n service x 5 stage x 9 region 2 SPF on deployment machine Deployment machine in every account Single point of failure EC2 security issue 3 Risk control Deploy multi-region service to Global 4 No standard for CI/CD pipeline Familiarity issue for SRE
deployment platform and AWS account orchestration 2 CodePipeline x Cloudformation Flexible deployment pipeline Support 5 stage and 9 Region 3 Ring Deployment To minimize deployment risk with multi-region service
CloudOne service Scalability/Reliability ⬆️ Early find out the IaC issue in PR/branch build Cons Slow (due to several static testing for compliance) (8~15mins) Testing need also execute in AWS Only supported Serverless framework Resource cost up (due to PR/branch build)
let more reliable 2 Ring deployment minimize deployment risk with multi-region service 3 Operation readiness review Some issue can be found before go to production