Practice Exams:
Home Blog Amazon AWS DevOps Engineer Professional – Incident and Event Response (Domain 5) & HA, Fault T… part 6

Amazon AWS DevOps Engineer Professional – Incident and Event Response (Domain 5) & HA, Fault T… part 6

  1. ASG – CloudFormation UpdatePolicy

Okay so now let’s go back into our auto scaling group. So say this is great, this is looking good and these have been launched using this launch configuration right here and say we want to update that auto scaling group, right? So why don’t we go ahead and have a try at it. So I’ve created this one, one ASG update policy and so as you can see this is the exact same template as before. Okay? This is the exact same thing for my auto scaling group but the launch configuration is a little, a little bit different. I’ve updated the launch configuration such as now it says Hello World before doing the yam update and then doing the signal.

So I’m going to try to update my auto scaling group with this and see what happens. So if I go into confirmation and I click on update I’m going to replace the current template and I’m going to upload a file and I’ll choose the first one and I’m going to click on Next next. And so what this will do is that this will create a new launch configuration. Let’s verify that. So yes there is a new launch configuration and my auto scaling group is going to be modified to have that launch configuration as well. So I’ll click on update stack and the update is now in progress. So let me wait for it to happen. And now the update is complete. So let’s get back into our auto scaling group. I’m going to refresh this page.

So yes this launch configuration has been updated. It. Start with one J, nine G. Okay. And if I go to my instances and I look at them well these instances are not using the latest launch configuration so somehow these instances have not been updated. My auto scaling group itself has been updated using this launch configuration but my instances in this auto scaling group have not been updated and as such 1 may wonder well how can I make sure that my auto scaling group does update my instances whenever I change my launch configurations? Because that may be something you desire. And for this we’re going to use the update policy attributes.

And so the update policy is applied to an auto scaling group a lambda alias or elastic cache replication group. But for this lecture we’ll just consider the auto scaling group and so we’ll specify an update policy and with this update policy we can specify three things. We can specify whether what we want replacing updates so auto scaling, replacing updates and auto scaling rolling updates and finally some attribute called auto scaling schedule action. So you need to remember this going to the exam there are three things you can specify for your update policy replacing update, rolling updates and the auto scaling schedule actions.

So let’s go and have a deep dive into one of those to get started. So we’ll first look at the rolling one. So if you look at this template it’s the same as before. The parameters are the same, the auto scaling group is the same, except that now we have added an update policy to it and this update policy is specifying an auto scaling rolling update. So this rolling update is saying that the minimum instances in service must be one and the max batch size to update this auto scaling group is two. So because we have three instances, that means that two will be taken down for rolling updates, one will be in service and maximum two at a time. So this is how fast we want this update to happen.

Then we specify a pass time which is how much pause we want to give for the new instances to come up and give us a signal. So 1 minute and if we don’t receive a signal in 1 minute then we have to roll back. And do we want to wait on resource signals? True yes, we want to wait for a signal for this update policy. And additionally we set up an auto scaling schedule action to prevent the fact that schedule actions should modify the Min max and desired for confirmation in the ASG. So that means that for example, if you have conflicting schedule actions while you’re doing an update in confirmation, this may lead to bite behavior.

So to resolve against this you specify this block of auto scaling schedule action and ignore unmodified group size properties. True, but I think what really matters going into the exam is knowing that the auto scaling rolling update exists. And as the name indicates, it will do a rolling update from within the same auto scaling group. So why don’t we test this one? And by the way, the launch configuration again has changed. We now say hello world two so that we trigger some kind of updates. So let’s go back into confirmation. I’m going to update this one and I’ll replace the current template. I’ll upload a file and this file will be number two update rolling policy. And so click on Next, click on Next and then finally click on Update Stack.

So this will create a new launch configuration again but this time it will update the launch configuration on our isg. It will also make sure that the instances in here get replaced because of this update policy we have specified. So for it to happen, here we go. We can look at it now. So this auto scaling group, let me show you. Here we go. So the launch company has been updated. So we have a new one. And here the auto scaling group is saying okay, the rolling update has been initiated. We’ll terminate three obsolete instances in batches of two while keeping at least one instance in service and we’ll wait on resource signals with a timeout of 1 minute when the new instances are added to the autoscaling group.

So this is quite a nice way to show us what we need to have based on the code that we have specified right here. Okay, so now let’s look at the next status. It says, okay, temporarily setting the auto scaling group min size and desired capacity to three. So it has changed that. So if we refresh this, the mid size is now three. Then we go again in here, sorry, in confirmation then it says, okay, terminating two instances and replacing with two new instances. As you can see it did have to terminate instances first and then creating new instances. I’ll refresh this to see the signals. So okay, here we are. Then it says successfully terminated instances. So that’s 67% progress for this rolling update.

Then the new instances are added to the auto scanning group and it’s waiting for the two resource signals with a timeout of pt 1 minute and has received one signal. So it’s probably going to receive the second one very, very soon. Yeah, it has received the second one. So now two instances have successfully been updated. So this one and this one are updated and it’s going to do the last batch in my thing. So it’s going to terminate this instance and replace it with a new one. So here we go. A new one is pending already and so again if I refresh this it has terminated the instance and it will wait for a success signal from that instance. And when the instance has given us a success signal then everything will be working.

So let’s wait for it to happen. And now it says that the last instance was successfully terminated and it was waiting 1 minute to receive a success signal and then it received the signal. So it says, okay, update complete and we have just performed our first rolling upgrade of our auto scaling group. So that’s one way of doing things. And you have to remember this going into the exam, you can perform a rolling update for your auto scaling using an update policy. But the last thing I want to show you as part of this lecture is that you can have a replacement policy. So instead of doing a rolling update, we’re going to do a replacing update. So remember this is the second kind of update you can do and we’ll say will replace True.

And this replacing update, what it does is that it will say, okay, create an entirely new auto scaling group and then when that auto scaling group has successfully passed the creation policy, this one then terminate the old auto scaling group. So let’s try this out here. We’re going to create a new auto scaling group. So this is more of like an immutable type of update. So I’m going to update this, replace the current template, upload a file and I will choose the number three. So this should create a new auto scaling group altogether. So let’s have a look and see if that works. I’m going to update my stack. Here we go. So now the update is in progress.

Okay. And there’s new resources to be needing to be created. So the resource creation have been initiated. And if we go back to the auto scaling group ui and I refresh this, now we can see that we have a third auto scaling group, I mean a second one as part of this confirmation template, but a third in my ui. So this new auto scaling group has been created. It has the same settings as the other one and it wants three instances. But this one has the new launch configuration while this one has the old launch configuration. So now we’re waiting for three instances to be started so they’re pending states. And because this is a new auto scaling group and we have three new instances, then again the creation policy we have specified will take place.

So if I refresh this, it should start talking about my creation policy. Or maybe if it doesn’t, at least it’s taken into accounts. Trust me. So let me wait for everything to happen and let’s see what the ui says us. So here we go. We have received one, two and three success signal from these three instances that were created in this new auto scaling group. And now what will happen is that the update is incomplete and now there’s a clean up happening and it’s going to delete my old auto scaling group. So if I refresh this and refresh this page right here, we can see that, yes, this old auto scaling group right now is terminating all the instances.

And then when it has terminated all the instances, then we’ll only have the new auto scaling group in place. And as such, we’ll have performed a replaced type of update, which is an immutable type of update. Okay? So this is really important to see, and I think quite good to see the different update policies. So if you don’t specify anything, it will just update the launch configuration but won’t do anything to the instances. If you specify a rolling update for your update policy, then that means that instances will be created and terminated within the same otto scanning group. And if you specify a replace update, it will create a new auto scaling group altogether and place instances in them.

So finally, there’s one document that you need to make sure to read is how can I make sure that my auto scaling group is updated the right way during a confirmation stack update and they describe a few issues that you can have and the resolution. So I do encourage you to read that document because I think it’s quite an interesting one to really understand how the update policy do work in the real world. I don’t think it’s something you have to know by heart for the exam. But if you read through this document and understand it, that means that you have understood how the update policy work. And that means that my job is complete and that you’ll be ready for the exam on that topic. Okay, so that’s it for this lecture. I will see you in the next lecture.

  1. ASG – CodeDeploy Integration

Okay, so in this lecture we’re going to see how we can use Code deploy with cloudformation and ASG to perform deployments onto your auto scaling group and see the behavior that we have when using Code deploy. So for this I have created a very quick template and it’s called ASG Code Deploy. yaml. So we have an ami linux ID in here we have an im role that we have to pass in that will be the im role. For your EC Two instances we have the vpc ID that will be able to create the security groups in. Then we have an auto scaling group that we create and we want the desired capacity to be one and the mid sized one and the max size four.

The creation policy that we’ve seen from before has a count of one and we’ll wait 15 minutes. The launch config itself is quite interesting. So we create image ID from the parameters. The im instance profile is as well coming from the parameters and the security groups is a reference to the security group defined below. And that’s going to allow us to use Http on our instance. Then for the user data, we pass in a base 64 script and it’s a bit more complicated than before. So we install the confirmation bootstrap scripts, we install the Code deploy agent and we’ve seen this summer before how we can do it. So we install ruby and webcat, then we get this installed script, then we execute the install script and the Code deploy agent will be started.

And then we signal the success of this whole installation of the cold deploy agent back into the creation policy right here. So again, a good example of how it works in the real world. And then finally the instant security group allows us to get incoming port port 80. So let’s go ahead and play with this template. So I’m going to confirmation, I’m going to create a stack and I’m going to upload a file and that file is going to be number four Code Deploy. I’ll click on Next and I’ll call it demo ASG code deploy. And then I need to enter the role ARN for this. So I’m going to go into iam. oops, I am. And in I am, I’m going to look for my Code deploy role.

So you can quickly search iam and type in Code Deploy. And if you did the tour with me, we did create something before called EC Two role for Code Deploy. That’s a role we created from before, otherwise you can create it. It has the Amazon S Three readonly access policy which allows it to get files from s three. Okay, excellent. So we’ll copy the role ARN in here and paste this into this parameter. And then finally for the vpc ID, I’m going to use this one. That is my default vpc. I’ll click on Next and click on Next and then finally all is good. We have three parameters in here and I will click on Create Stack.

So this should go ahead and create my ASG and signal. Once the Code Deploy Agent has been installed, back to my ASG and say success. So let’s wait a little bit. And it seems like I got an error. So it says that it was an invalid iam instance profile. And this is correct because I specified the role ARN, not the instance profile ARN. This is what I should have specified. So I’m going to just delete the stack and recreate it and that should be pretty easy. So the template is ready. I’m going to import it again. It’s good to get errors once in a while to just learn from your mistakes. So I’m going to do a demo ASG Code deploy Two and then the instance role ARN is the one instance profile ARN.

I need this one. So I’m going to paste this and the Vpciid is this one. Click on next. Next and this one. This time it should work. So let’s wait. Okay, so everything has worked and we have received a success signal. And this is because the Code Deploy Agent has been installed on our EC Two instance. So we are good to go. So now why don’t we go into Code Deploy and start playing around a little bit. So we are in Code Deploy and I’m going to create a new application. So I’ll call this application Demo ASG and the compute platform is going to be easy to on premise. I’ll create this application and now I have to go ahead and create a first deployment group. So this time we’ll use Deployment group and I’ll call it Myasg.

And the service role is something we have already created. So we’ll use Code Deploy role and we’ll choose in place deployment. For now we’ll use an Amazon EC Two auto scaling group for this and we’ll choose the demo ISG Code Deploy to group. And this is perfect. This is something we haven’t done before. So that means that all the instances within that group will be deployed to it. And right now we have one unique matched instance. So this is perfect. We will disable load balancing and for the advanced options, we’re not going to set up any triggers, alarms or rollbacks. But we could set this up as well if you want to do. But we’ve seen this in the Code deploy section. So I’ve created my deployment group and now you should know how to do it.

We create a deployment and so we say okay, for this application on this deployment group, you need to get an application stored in S three and the url is going to be coming from this tutorial. So step two, you scroll down and then in here you will find a list of all the revisions. So I’m going to choose the one I need from EU Ireland region. I’m going to copy this and paste that into this url. So it’s a zip file and I’m not going to have a description. You can have an application lifecycle event failure if you wanted to and you can have content options so you can file the deployment in case everything has wrong with the deployment settings, in case there is a file rename that needs to happen and so on.

But we are going to set things as default for now and we’re just going to go ahead and create that deployment. So what this will do is that it will deploy the simple linux application onto our one easy to instance that comes from the auto scaling group that is right here. So onto that instance. So let’s go to that instance first. Let’s wait for the deployment to happen. So the application is being installed right now and one out of one application is being updated and we have a success. So now if we go into this application and go to the public dns we should see congratulations. This application was deployed using aws code deployed. So everything so far we’ve known.

So you may be asking yourself why is Defense showing us this? Well let’s try something new. Let’s take this ASG and instead of one instance now I want two instances. So let me edit this configuration and I’m going to say that the desired capacity now is two and I’ll click on Save. So now we have one more instance that is being created and so what will happen is that this instance will come up and it will do all the EC to user data script according to this. So it’s going to install the cfn bootstrap, it’s going to do all the installation of the code deploy agent and then signal success to cloud formation even though that doesn’t do anything in that case.

Okay? And so when the code deploy agent is installed, what we should be seeing is that from within code deploy, the code will be deployed as well to this new instance. So let’s wait for the instance group to come up. So right now it’s in pending state so that instance is now in service. And so if I go back to my instances and I’m going to look for that tag for my auto scaling group demo too. So maybe if I enter the tag here, is it going to work? Let’s see yes, it works. So we have two instances and this one is the new one. So if we go to the public dns of this one and press Enter we can see congratulations as well. So what happened is that even though we have a new instance code deploy, if I refresh this has actually done an in place update for my ASG.

So whenever a new instance in an auto scaling group comes up could deploy because it’s integrated with that auto scaling group as a deployment group will automatically deploy a new application revision to it. So this is quite awesome. That means that any new instance part of our ASG will have a deployment done to it so could deploy. And the ASG are really tightly integrated. So next let’s play a little bit. And so let’s go back to our application and the demo ASG. And in here I’m going to click on this deployment group and I’m going to edit it. And so now instead of using the in place I’m going to use the Bluegreen.

And with Bluegreen what’s going to happen is that we can automatically copy the Amazon EC two auto scaling group configuration and it will provision a new auto scaling group and new instances. And so that will effectively do a Bluegreen deployment. So we have some deployment settings whether or not we want to reroute traffic immediately or whether we will choose it after how many hours, days and so on. Whether we want to terminate the original instances or you want to keep them for a lot of time and so on. So you can definitely have some settings in here. And then again, how fast do we want to deploy to the new auto scaling group? Well, all at once sounds like the best.

Because we want to deploy everything at once, we can enable load balancing and it has to be a load balancer. So actually this is not something yes, we can show it to you. So we still have the demo target group. So we have to have a load balancer when we use an auto scaling group bluegreen type of deployment. Because this is used with a load balancer obviously. So it’s bluegreen. Okay, so let’s take these changes. This should work. And so the deployment group has been updated and now I can just create a deployment. And for this I’m going to use the same url as before. So I’ll find the url here and okay, here it is actually. And then I will just say create deployments.

So what this will do is now it will do a Bluegreen type of deployment and it should deploy some new auto scaling groups. So as you can see here, it’s going to provision replacement instances, then install the application on the replacement instances, reroute the traffic to replacement instances and finally terminate those. And we can monitor the traffic shifting progress from the original two to the replacement two. So back into here if I refresh this page. Now we have four auto scaling groups. One has been created by code deploy and therefore it has the code deploy underscore mysg underscore whatever type of name. And as of this we have two new instances coming up that depend on the same launch configuration as before.

So when these instances do come up, what will happen is it should have a deployment. So let’s go back to code deploy and wait a little bit. Okay, so the instances have been provisioned and now the application is being installed on these new instances because they have the Code deploy agents installing those. So we need to wait for this to happen. Okay, so now the application has been installed on my replacement instances. So if I go into my Code Deploy sg and take one of these instance for example, and then click on it on the public dns, then I should see the Code Deploy code so yes, it has been deployed. So this is true.

And now we need to wait for the rerouting of the traffic to the replacement instance so that’s using the load balancer. I’m actually not sure if this is going to work because I’m not sure if the load balancer is going to look for a health check and so on because of the target group. So that may be a problem. Very quickly I’m going to do something quite dirty, but I’m going to go to the target group and probably edit the health check just in case something goes on. So I’m going to edit this. Yes, it says unhealthy, which is not good. So I’m going to edit the health check and just say slash and save. This is going to hopefully make these instances healthy.

This is quite a dirty hack right now, but I hope this works. And then once the traffic has been rerouted, what we should be seeing is the original instances to be terminated. Okay, so my instances are now healthy so hopefully they will do it. So back into my Auto Scaling group encode Deploy so these instances are healthy as well. And let’s go back in here. So hopefully this will work. So it seems we’re now halfway through and so yes, everything has worked. So the rerouting is done to the traffic, the new instances and now we are terminating the original instances. And so that means that the Auto Scaling group that was created from before is being deleted.

There will be a problem with cloud formation when we delete the cloud formation stack, obviously, but this is fine. We have done a blue green deployment with code deploy. I’m really happy about it that it worked. And now actually our ASG, sorry, our load balancer should now redirect to our newly created application. So if I go to my alb and use this dns name and then open a new tab I should be seeing, it says it’s not private. It’s fine for now because we need to use the App Stefanitu. com, so app Stefandevops. com. And here we go. We have congratulations, the application was deployed using aws Code Deploy and this is great.

So everything is working right now and this is still showing some words, some messages from the old instances while they’re being terminated. So this is why if you refresh this page right now, I see these things, but overall really happy about the status of this. We have done a Code Deploy Bluegreen deployment, a Code deploy in place deployments. Again, you need to remember that beta on the deployment configuration when you do in place, you can have one at a time, half at a time or all at once and you can also specify your own custom deployments. But this is great, this works. And in the next lecture I’ll show you one last thing about code deploy in ASG. And so I will see you in the next lecture.

Related Posts