INACTIVE - http://mzl.la/ghe-archive - Notes from the Hashiconf talk by @jdotp and @phrawzty
Перейти к файлу
JP Schneider 53e3624dd3 Update README.md 2015-09-28 14:37:11 -07:00
README.md Update README.md 2015-09-28 14:37:11 -07:00

README.md

Good reads and tools we use

Code Examples We Use

Some of our example public dashboards / metrics

Packer Hint

  • Packer can create an AMI for any region, and even create an AMI for multiple regions. Super useful for deployment!

S3 Specific Hints

  • US Standard is simply (US-East-1 and US-West-1) in failover mode. This is why things in US Standard are 'eventual consistency' for reads after writes.
  • If you need immediate, reliable consistency, choose a specific region when creating the bucket.
  • US-Standard does not cost extra compared to single-region non-redundant S3 regions.
  • Cloudfront costs the same per request as S3.
  • You do get SSL with S3, but not on http endpoints. ( Here, have this page explain it to you...it's a little weird. http://docs.aws.amazon.com/general/latest/gr/rande.html )
  • Otherwise, use SSL in cloudfront. Use the old IAM tools to upload it...

Other AWS Hints

iam-servercertupload -b ./mysite.crt -k ./mysite.key -c ./intermediatechain.crt -p /cloudfront/ -s mysite-2015-09-25

  • Always use autoscaling groups for everything, even things that never need to scale. You always want 1 of some server up...autoscaling groups make it so if that one dies, a new one automatically replaces it.
  • You can have multiple autoscaling groups scale into a single ELB.
  • You can have a single autoscaling group add/remove servers from multiple ELBs.
  • These concepts are useful if you want to balance out the # of instance store vs. EBS backed EC2 instances...EBS is usually the culprit on AWS @#$@storm days
  • Go multi-region early rather than later...it doesn't get easier the longer you wait!
  • When load testing or expecting heavy traffic, it's a great idea to call AWS support and have them "prewarm" your ELB. ELBs are basically just EC2 instances running load balancing software, and 'prewarming' them is scaling them up.
  • To get great ratings for SSL security, check out Mozilla's SSL cipher tool (credit to Gene!) https://mozilla.github.io/server-side-tls/ssl-config-generator/
  • If you have to have multiple AZ's in staging but only have one node up, enable cross zone balancing.
  • CNAME everything! Let's say you have a database server: webappdatabase.rdsaddress.2342342342.aws.com... If you cname that to webapp-db.internaldomain.com instead, if you ever have to switch databases or regions you have a super easy way to switch over!
  • Health check based routing is awesome, as is geo-ip routing.
  • Decide on a tagging strategy early on....Mozilla Tools and Services team uses: environment, role, project. These tags play a major role in monitoring, metrics, and even permissions.
  • Always, immediately, first thing...enable Cloudtrail in AWS.

Alerting Hint

  • Setup an IFTTT recipe which will monitor the status RSS feeds for AWS, and SMS/email/alert you and your team when those RSS feeds get updated.
  • Be sure you have multiple sources watching your apps!

Load Testing Hint

  • Easy 'pound one address' tool: bees with machineguns (it's awesome to make an endpoint that exercises the entire app/funnel/workflow that you can then pound on with bees...and the logs are so fun to read)

Ways to Not Spend All of Your Organizations Money

  • Setup detailed billing and a bucket to store it im
  • Try out Netflix ICE cost analysis software
  • When you know you need an instance for at least a year, setup reserved instances

Team Hint

A hint from @rhelmer

ABCD: ALWAYS BE CHECKING DATADOG