The Logicworks team recommends the optimal number of unique compute roles to balance performance versus maintainability. In the Hybrid methodology, most if not all installations and configurations can be pre-baked into the role-specific AMI. Whereas, “backend appservers” might only allow inbound traffic on port 443 and “worker” might not allow inbound traffic on any port. Each of these roles has unique configuration requirements and therefore benefits from starting from a role-specific AMI.įor example, “frontend webservers” may have the nginx webserver component pre-installed and be configured to allow inbound traffic on ports 80 and 443. An application typically has different roles like “frontend webserver”, “backend appserver”, and “worker”. In the Hybrid methodology, the IaC defines a separate golden AMIs per compute role. The desire for faster Auto Scaling EC2 instance launch times drives Logicworks to recommend a Hybrid AMI IaC and CI/CD pipeline methodology. For example, the installation & configuration of the nginx webserver delays the introduction of newly launching “frontend webserver” instances into an overloaded load-balanced resource pool.
O/S configurations needed given instance’s compute roleĪ benefit of the Single Golden AMI methodology is the simplicity of only baking and validating only 1 AMI.Ī downside can be the time and complexity of the various on-launch configurations given the instance’s compute role. Initialization of anti-malware and intrusion detection agents. ( on launch of new EC2 instance) Logicworks Configuration Management. Logicworks Configuration Management and AWS CodeDeploy agents. Anti-malware and intrusion detection agents. Hardening to achieve security standards set by the Center for Internet Security. ( periodically) Logicworks Image Factory creates 1 golden AMI for entire application. “frontend webserver”), then the system can start distributing workload to the new instance.ĭistinct steps in the Single Golden AMI methodology: Once the launched instance is configured according to its intended compute role (e.g. Then, as the instances launch, the CI/CD and bootstrap processes dynamically configure the instances’ operating systems and installed applications. In the Single Golden AMI pipeline methodology, the IaC defines a single golden AMI that is the foundation for all the application’s EC2 instances. The Logicworks team offers opinionated expert advice to help our customers select the optimal pipeline methodology given technical, commercial, and compliancy requirements. These methodologies differ in how much of the application and configuration is pre-baked into the AMI versus applied during the EC2 instance launch. Immutable Infrastructure: Pre-baked AMIs with zero post-launch configurationĪll these pipeline methodologies can make use of Logicworks Image Factory to create secure AMIs with the current O/S patches. 
Hybrid (most common): Separate AMI for each application role. Single Golden AMI: 1 base AMI for all EC2 instances. Logicworks’ customers commonly use 3 different IaC and CI/CD pipeline methodologies to reliably and repeatedly build, test, and deploy their EC2-hosted applications whenever application or O/S changes occur: The pipeline process should execute whenever any O/S or application changes occur. O/S patching) might affect the executing application. 
Let’s consider these benefits within the context of your application’s IaC & CI/CD pipeline.Īs discussed in Part 1, your cloud native application’s CI/CD pipeline process creates both the application and its needed cloud infrastructure.Īs discussed in Part 2, your CI/CD pipeline must consider that any changes to EC2 instances’ complete operating systems (e.g. If your application requires EC2 hosting, Logicworks offers services that provide similar benefits as container technologies, but for applications not architected for containers.
Read the first part here and the second part here.īy Daniel Pohl, Director of Product Management
PORT IN PART LOGICWORKS SERIES
This is the third part in a four part series on building infrastructure-as-code and CI/CD pipelines.
0 kommentar(er)
