stups by zalando @ aws berlin user group meetup may 2015

STUPSSTUPS To Unleash Penguin SwarmsAWS Berlin Meetup 2015-05-21henning.jacobs@zalando.de @try_except_

15 countries14+ million active customers2.2 billion € revenue 2014640+ million visits in Q1/2 2014

One of Europe's largest online fashion retailers

What is STUPS?

The STUPS platform is a set of tools and components to provide a convenient and audit-compliant Platform-as-a-Service (PaaS) for multiple autonomous teams on top of Amazon Web Services (AWS).

One AWS account per Team

● Every team gets own,

isolated AWS Account

● Every team gets own team domain

*.<teamid>.example.org

Public Internet

Isolated AWS Accounts

*.foo.example.org *.bar.example.org

Team “Foo” Team “Bar”ELB ELB

EC2Instance

EC2InstanceEC2

InstanceEC2Instance

EC2InstanceEC2

Instance

Isolated AWS Accounts..

● All cross-team traffic via public Internet● All cross-team APIs as REST● Endpoints need to be secured

via SSL and OAuth● No firewall/network “magic” needed

Autonomy

Teams..● can choose technologies

as they think fit● own their AWS Account● are end-to-end responsible

for their applications

Autonomy and Compliance

STUPS offers maximum freedom for developers while enabling near-real-time audit compliance for every single application.

STUPS Policy TL;DR

● Use the Taupage base AMI⇒ Docker

● Register all applicationsin the Kio application registry

● Use REST+OAuthto expose services to other teams

Application Deployment

● Build your application

● Create a Docker image

● Deploy a new immutable stack with Senza

● Route traffic to the new stack

Try out for yourself: http://docs.stups.io/en/latest/user-guide/standalone-deployment.html

Immutable Stacks

What is Senza?

● Command line tool

● Generator of Cloud Formation templates

● Management tool for CF stacks

● Convenience high-level CF “components”

Senza Definition YAML

Senza: Bootstrap CF Stack

Senza: List Stacks

Application Logs

SSH Access to EC2 Instance

OAuth Infrastructure

● Central IAM Provider

(ForgeRock Open Identity Stack)

● Registered Apps get OAuth

credentials automatically

● Credential Distribution via S3 Buckets

Your Turn: Manage Apps & OAuth

LinksSTUPS Frontpagehttp://stups.io

STUPS Documentationhttp://docs.stups.io

GitHub Repositorieshttps://github.com/zalando-stups

Trying out Senza and Taupagehttp://docs.stups.io/en/latest/user-guide/standalone-deployment.html