Scaling DevOps for Amazon EBS — Series#1
Cloud computing offers the benefit of flexible infrastructure. While provisioning infrastructure is simple, it has the potential to quickly expand into a massive estate of unreliable servers. One of the most basic requirements for a business attempting to implement DevOps concepts is that application developers should have consistent infrastructure. This can be accomplished by using a platform model approach, which abstracts the underlying cloud infrastructure and delivers it to developers along with standardized technologies and processes. This also addresses the issue of insufficient skills among development and infrastructure teams migrating to the Cloud platform. It’s not a good idea to expose them to the Cloud platform’s control plane.
According to Puppet’s State of DevOps Report 2020, there is a significant correlation between DevOps evolution and the utilization of internal platforms. The report says, “Highly advanced enterprises are nearly twice as likely as midlevel organizations to indicate high usage of internal platforms”.
Self-service APIs for CI/CD processes, public cloud infrastructure, monitoring, alerting, and observability, as well as development environments, are all offered on these platforms. They’re swiftly establishing themselves as the
de facto universe of the modern developer, where a variety of services may be thrown together to solve a problem.
This article highlights the strategic activities that an organization should take when building a self-service platform in the public cloud.
Blueprint of a Self-service platform
Organizations should produce a blueprint that addresses the essential strategic decisions and planning before building a self-service platform in AWS Cloud. To build this platform, three AWS Cloud roles are required, but not limited to: AWS Solution Architect, AWS Security Engineer, and AWS DevOps Engineer. The figure below depicts the major activities in which these positions would be involved in the creation of the self-service platform.
Decide AWS services
To successfully use the cloud, an organization must first establish which cloud services it will use. Typically, Enterprise Architects will describe where cloud services fit in best when building out a cloud strategy aligned with the intended business purpose, and AWS Solution Architects will decide which of those should be used to fulfil the business outcomes. On the one hand, offering engineers liberty and independence is a fantastic way to empower them. If an organization wants a centralized and regulated model, AWS services will be thoroughly examined before being used. Those are the two extremes; most businesses are somewhere in the middle.
Define Policies
Each organization must conform to a range of security, infrastructure management, and software development policies. While allowing developers to self-serve the cloud services they require to build their own applications and services, it is important to ensure that the organization follows the principles of least privileges. AWS Security engineers should define the right IAM policies for provisioning the resources and also the security best practices needed to adopt the cloud services based on the security controls set by a standardization body like the CIS (Center of Internet Security).
Automate Guidelines
Automation that converts the above policies into code greatly aids an organization’s scalability and innovation. Security should be implemented as code by DevOps engineers, such that security best practices are injected into the infrastructure via preset automated guidelines. Infrastructure as code should be a part of every DevOps engineer’s daily routine; they should use scripts to automate the process of building infrastructure for development and production environments, reducing human error and marking the environment as compliant.
Monitoring the service catalog
As users start adopting the cloud services and products delivered through the self-service platform, DevOps teams need to monitor the consumption, periodically check for unnecessary access to products by users, introduction of any security threats, alert thresholds and cost usage. Metrices around the number of products that are in launched state, tracking the top widely launched products would help DevOps teams measure the success of the self-service platform.
Continuous Optimization
The teams building the self-service platform should continuously collect feedback from users to optimize the policies and infrastructure code. Continuous DevOps’ success philosophy is continuous improvement based on constant input. It’s the secret to gaining an advantage in the market and ensuring business continuity.
The next article of this series talks on how one can build a self-service platform in AWS cloud to scale devops for Amazon EBS.
