class: center, middle, title count: false
# Model and Tools for Multi-team AWS Service Development --- class: center, middle, me # Pasi Niemi ## Principal Cloud Architect --- # Nitor ## DIGITAL ENGINEERING​ Nitor is an independent software company. We create systems that are critical for the business and success of our clients. This may sound boring, but once the performance of our work is measured in terms of money, our customers generally start to view us as a fun partner indeed. ## ALL-IN-AGILE SOLUTIONS AND TRAINING Our mission is to help our customers succeed. We train our clients to large-scale deployment of agile methods and we implement organization-wide agile changes. Agility is our everyday life: when we are expected to deliver plans, we prefer offering a functional prototype. --- # Dev workloads have the most value
Move them first
Let the teams select the tools
Model will mandate use of CI/CD, VCS and IaC
??? * Determines capability to respond to change * Give your teams the tools and set them free * Good teams will soar! * Think about how much it makes sense to invest in rapidly changing tools --- # Background * Large customers taking a similar model into use * Lessons learned * Other customers stuck in a less flexible model * Drawbacks are obvious ??? ## Drawbacks * Fuzzy boundaries for * Auditing / security * Billing / costs * Hard to limit blast radius of mistakes * Modern systems highly automated, problems often human error --- # Model * An account, preferably two per team * Dev and production * Possible shared production account * Hybrid models also work well * Centralized access control via a management account * Enfoce MFA * System team with shared resources account *
Nitor Deploy Tools
can help here ---
??? * AWS Organizations * Billing account super admin creates all accounts * All accounts trust management account for user management * Prod accounts trust dev accounts for deployment * Roles and accounts can be tracked with CloudFormation * Possibility for further automation * Log management --- # Variations * Microservices teams push small projects to shared prod * Prod in legacy datacenter * Segregation of duties for dev and prod --- # Collaboration
??? * Virtual DevOps Evangelist team around system team * Interrested devs contribute tools, templates and practices --- # Tools ## Infrastructure as Code * Serverless Framework * CloudFormation *
Nitor Deploy Tools
for branching workflow * Terraform * Can import existing infrastructure * Ansible * Sensible workflows also around CloudFormation ??? * Go serverless - stop making servers, damn it! * Terraform and ansible more of a server focus --- # Tools ## Information sharing * Chat (Slack, Flowdock, Hipchat...) * Really helps specially inter-team communication * Confluence * Issues (Github, Trello, Jira) --- # Tools ## CI * Jenkins * Travis * GoCD * CodeDeploy * Hosting your own will improve optimization options * When managed by team, migration costs will stay reasonable --- # Tools ## Version control * Github * Gitlab * CodeCommit * Self hosting Possible * Can offer OAuth integration with e.g. CI