To make sure that the best practices are followed for deploying secure, scalable, and highly available infrastructure on AWS we make use of a checklist. It covers a wide range of areas like security, networking, monitoring, Continuous Integration and Continuous Delivery (CI/CD) and other aspects that entails modern DevOps and cloud practices. Following is the checklist that we follow before any project goes live:
• Verify and Review Code: We need to verify that all the code updates and changes are tested and merged properly. We also need to ensure that all the altercations are approved by the responsible teams.
• Verify and Review Dependencies: Verify that all the dependencies required by the code are defined (up to version level) and up-to-date and ensure that dependencies along with the code are formed as deployable artifact or a container.
• Verify the version: We verify the version of the artifact or the container in different environments, we ensure that the same version is used in testing environment, in staging environment and in the production environment.
• Testing Environment: During User Acceptance Testing (UAT) we ensure that the testing environment is as close as possible to the production environment. This helps in evaluating the application’s performance post live deployment.
• Ensure Automated Testing: We ensure that code testing is automated. We use tools like AWS CodeBuild, AWS CodePipeline to make sure that whenever changes to the code are made, respective tests are carried out to look for any bugs, errors or vulnerabilities.
• Final testing: We ensure that a final round of testing is carried out in the staging environment to ensure that the application works as intended.
• Ensure credentials: We verify that the code does not have any credentials in plain text. This done with the help AWS CodeGuru Reviewer, which is a machine-learning based tool that checks the code for any credentials. Alternatively, we can use Amazon Secrets Manager to store the details like database passwords, login credentials, API keys, etc.
• Verify database schema: For databases that uses schema, i.e. relational databases, it is verified that the schema of the database is up-to-date and compatible with the latest version of the application.
• Verify backups: We ensure that the artifact or container has appropriate back up in case anything goes wrong, then you have a backup of the known good state that you can revert to and deploy it in order to avoid downtimes or hindered customer experience.
• Aim for Zero Downtime: We ensure that installing changes to application can be done without having any downtimes. This can be ensured by using techniques like rolling updates, and Blue-Green deployment.
• Ensure Automated Deployment: We verify that the deployment of the application is automated, to avoid having to manually configure the underlying resources and managing them to account of variable traffic and load on to the application.
• Perform Post Deployment check: The most important step is to verify if the deployment was successful, and the application works as intended. Only after carrying out the involved tests, relevant stakeholders are notified about the deployment.
• Tracking metrics and Monitoring: All the metrics are tracked, and alarms and dashboards are set up to so that in depth monitoring of all the underlying services can be carried out, and any issues can be detected and resolved as soon as possible. This is done using AWS CloudWatch coupled with AWS SNS to receive real time notifications of the same. We also make sure that the logs are also maintained as they can help in troubleshooting if somethings do go wrong.