Berlin AWS User Group Meetup

by Henning Jacobs - 11 Dec 2014

We had the chance to present our recent efforts on AWS account management and Docker application deployment at the December Berlin AWS User Group Meetup.

Our main presentation topic was the AWS Minion command line tool which allows managing immutable stacks of Docker applications.

After getting strengthened by beer and big slices of tasty pizza (thanks to the host Onefootball), we listened to two interesting talks (news from AWS re:Invent and a new tool to increase S3 efficiency):

  • As soon as AWS Config becomes available, we will definitely check it out to get a better view across all our AWS resources
  • Sadly most of the announced AWS services are either in preview or not available at all (yet).

Our presentation about AWS Minion went last and briefly described our AWS setup and the reasoning behind it:

  • We have about 40 different development teams
  • We want every team to be autonomous in their decisions (e.g. technology selection)
  • Every team should
    • be able to use any AWS service (RDS, ElastiCache or any other newly announced products such as AWS CodePipeline)
    • have an isolated sandbox, e.g. team A should not be able to shut down EC2 instances of team B
    • be able to access services of other teams
    • have separate billing & accounting, i.e. it needs to be clear which team generates which costs

As we hit some AWS limitations such as VPC limits or incomplete IAM support for some AWS products, we went for the "one AWS account per team" solution to fulfill our above requirements:

../images/2014-12-09-aws-account-team-vpc-setup.png

The AWS account setup is supported by our AWS Overlord tool which setups the different subnets, NAT instances and more.

Our AWS Minion complements the account setup by providing a tool to deploy Docker applications on EC2 including ELB and DNS setup:

  • The team registers a new application using the minion command line tool (CLI)
  • The new application is build and pushed as a Docker image to a private Docker registry
  • A new application version is created with the minion CLI
    • This creates an auto scaling group and associated ELB
    • The application version is automatically deployed with Docker and made available under a HTTPS URL (e.g. https://myapp-1-0.example.org)
  • As soon as the application version is ready for production, traffic can be routed to it using the CLI

More details about the Minion workflow is described in the AWS Minion documentation.

You can find both Overlord and Minion on GitHub:

You can find the slides of the AWS UG Dec Meetup online as PDF.

Similar blog posts