Beanstalk
Three architecture modelss:
- Single instance + EIP for dev env
- LB + ASG for production or pre-production web applications
- ASG only, for non-web apps in production (workers, etc...)
CodeDeploy
- Traffic shifting with Lambda Alias
- There are pre-traffic and post-traffic hook to validate deployment
- Rolback is easy using CloudWatch Alaram
Idea would be monitor the request number of the DynamoDB instance is stable. If not, CloudWatch alarm triggered to rollback the deployment.
Then we can make sure, the application is working instead of fully shifted, then found application doesn't work any more
CloudFormation
- If you want to update EC2 update ASG, create a new launch configuration + use UpdatePolicy for CloudFormation
- CloudFormation need IAM to create resources
- If you want CloudFormation to create IAM resouce, need to use CAPABILITY_IAM and CAPABILITY_NAMED_IAM
- Cross stack is mainly Ouputs export and Fn::ImportValue
- Nested stack, all about re-use
- Users can launch authorized products by admins
- Admin defined CloudFromation templates
- Save to Portfolio
- Using IAM permission to control access
- User can authorized by IAM to launch product
