Lab complete!
Now that you have completed this lab, make sure to update your Well-Architected review if you have implemented these changes in your workload.
Click here to access the Well-Architected Tool
In this section, you will prepare a sample application. The application is an API hosted inside a docker container, using Amazon Elastic Compute Service (ECS).. The container is accessed via an Application Load Balancer.
The API is a private microservice within your Amazon Virtual Private Cloud (VPC). Communication to the API can only be done privately through routes within the VPC subnet. In our lab example, the business owner has agreed to run the API over HTTP protocol to simplify the implementation.
The API has two actions available which encrypt and decrypt information. This is triggered by doing a REST POST call to the /encrypt / /decrypt methods as appropriate.
Both actions will make a write and read call to the application database hosted in Amazon Relation Database Service (RDS), where the encrypted messages are stored.
The following step-by-step instructions will provision the application that you will use with your runbooks and playbooks .
Explore the contents of the CloudFormation script to learn more about the environment and application.
You will use this sample application as a sandbox to simulate an application performance issue, start your runbooks and playbooks to autonomously investigate and remediate.
In this first step you will provision a CloudFormation stack that builds a Cloud9 workspace along with the VPC for the sample application. This Cloud9 workspace will be used to run the provisioning script of the sample application. You can choose the to deploy stack in one of the regions below.
Click on the link below to deploy the stack. This will take you to the CloudFormation console in your account. Use walab-ops-base-resources
as the stack name, and take the default values for all options.
Once the template is deployed, wait until the CloudFormation Stack reaches the CREATE_COMPLETE state.
Next, run the build script to build and deploy you application environment from the Cloud9 workspace as follows:
From the main console, access the Cloud9 service.
Click Your environments section on the left menu, and locate an environment named WellArchitectedOps-walab-ops-base-resources
as below, then click Open IDE.
Your environment will bootstrap the lab repository. You should see a terminal output showing the following output:
When the bootstrap script finishes you will see a folder called aws-well-architected-labs
.
In the IDE terminal console, change directory to the working folder where the build script is located:
cd ~/environment/aws-well-architected-labs/static/Operations/200_Automating_operations_with_playbooks_and_runbooks/Code/scripts/
Copy and paste the command below, replacing sysops@domain.com
and owner@domain.com
with the email address you would like the application to notify you with. Replace the sysops@domain.com
value with email representing system operators team and owner@domain.com
with email address representing business owner.
bash build_application.sh walab-ops-base-resources sysops@domain.com owner@domain.com
The build_application.sh
script will build and deploy your sample application, along with the architecture that hosts it.
The application architecture will have capabilities to notify systems operators and owners, leveraging Amazon Simple Notification Service.
You can use the same email address for sysops@domain.com
and owner@domain.com
if you need to, but ensure that you have both values specified.
If you have deployed Amazon ECS before in your account, you may encounter InvalidInput error with message “AWSServiceRoleForECS has been taken” while running the build_application.sh script. You can safely ignore this message, as the script will continue despite the error.
The above command runs the build and provisioning of the application stack. The script should take about 20 mins to finish.
The build_application.sh
will deploy the application docker image and push it to Amazon ECR. This is used by Amazon ECS. Once the build script completes, another CloudFormation stack containing the application resources (ECS, RDS, ALB, and others) will be deployed.
In the CloudFormation console, you should see a new stack being deployed called walab-ops-sample-application
. Wait until the stack reaches CREATE_COMPLETE state and proceed to the next step.
Once the application is successfully deployed, go to your CloudFormation console and locate the stack named walab-ops-sample-application
.
Confirm that the stack is in a ‘CREATE_COMPLETE’ state.
Record the following output details as it will be required later:
Take note of the DNS value specified under OutputApplicationEndpoint of the Outputs.
The screenshot below shows the output from the CloudFormation stack:
Check for an email sent to the system operator and owner addresses you’ve specified in the build_application.sh script. This email should also be visible in the CloudFormation parameter under in the SystemOpsNotificationEmail and SystemOwnerNotificationEmail.
Click confirm subscription
on the email links to subscribe.
There will be 2 emails sent to your address, please ensure to subscribe to both of them.
In this section, you will be testing the encrypt API action from the deployed application.
The application will take a JSON payload with Name
as the identifier and Text
key as the value of the secret message.
The application will encrypt the value under Text
key with a designated KMS key and store the encrypted text in the RDS database with Name
as the primary key.
Note: For simplicity purposes the sample application will re-use the same KMS keys for each record generated.
In the Cloud9 terminal, run the command below, replacing the ApplicationEndpoint
with the OutputApplicationEndpoint from previous step. This command will run curl to send a POST request with the secret message payload {"Name":"Bob","Text":"Run your operations as code"}
to the API.
ALBEndpoint="ApplicationEndpoint"
curl --header "Content-Type: application/json" --request POST --data '{"Name":"Bob","Text":"Run your operations as code"}' $ALBEndpoint/encrypt
Once you run this command, you should see output as follows:
{"Message":"Data encrypted and stored, keep your key save","Key":"EncryptKey"}
Take note of the encrypt key value under Key .
Run the command below, pasting the encrypt key you took note of previously under the Key section to test the decrypt API.
curl --header "Content-Type: application/json" --request GET --data '{"Name":"Bob","Key":"EncryptKey"}' $ALBEndpoint/decrypt
Once you run the command you should see the following output:
{"Text":"Run your operations as code"}
You have now completed the first section of the Lab.
You should have a sample application API which we will use for the remainder of the lab.
Click on Next Step to continue to the next section.
Now that you have completed this lab, make sure to update your Well-Architected review if you have implemented these changes in your workload.
Click here to access the Well-Architected Tool