The STUPS platform is a set of tools and components to provide a convenient and audit-compliant Platform-as-a-Service (PaaS) for multiple autonomous teams on top of Amazon Web Services (AWS). More information: http://stups.io

1. STUPS
STUPS To Unleash Penguin Swarms
AWS Berlin Meetup 2015-05-21
henning.jacobs@zalando.de @try_except_

2. 15 countries
14+ million active customers
2.2 billion € revenue 2014
640+ million visits in Q1/2 2014
One of Europe's largest
online fashion retailers

3. What is STUPS?
The STUPS platform is
a set of tools and components
to provide a convenient and audit-compliant
Platform-as-a-Service (PaaS)
for multiple autonomous teams
on top of Amazon Web Services (AWS).

4. One AWS account per Team
● Every team gets own,
isolated AWS Account
● Every team gets own team domain
*.<teamid>.example.org

5. Public Internet
Isolated AWS Accounts
*.foo.example.org *.bar.example.org
Team “Foo” Team “Bar”ELB ELB
EC2
Instance
EC2
InstanceEC2
InstanceEC2
Instance
EC2
InstanceEC2
Instance

6. Isolated AWS Accounts..
● All cross-team traffic via public Internet
● All cross-team APIs as REST
● Endpoints need to be secured
via SSL and OAuth
● No firewall/network “magic” needed

7. Autonomy
Teams..
● can choose technologies
as they think fit
● own their AWS Account
● are end-to-end responsible
for their applications

8. Autonomy and Compliance
STUPS offers
maximum freedom for developers
while enabling
near-real-time audit compliance
for every single application.

9. STUPS Policy TL;DR
● Use the Taupage base AMI
⇒ Docker
● Register all applications
in the Kio application registry
● Use REST+OAuth
to expose services to other teams

10. Application Deployment
● Build your application
● Create a Docker image
● Deploy a new immutable stack with Senza
● Route traffic to the new stack
Try out for yourself: http://docs.stups.io/en/latest/user-guide/standalone-deployment.html

11. Immutable Stacks

12. What is Senza?
● Command line tool
● Generator of Cloud Formation templates
● Management tool for CF stacks
● Convenience high-level CF “components”

13. Senza Definition YAML

14. Senza: Bootstrap CF Stack

15. Senza: List Stacks

16. Application Logs

17. SSH Access to EC2 Instance

18. OAuth Infrastructure
● Central IAM Provider
(ForgeRock Open Identity Stack)
● Registered Apps get OAuth
credentials automatically
● Credential Distribution via S3 Buckets

19. Your Turn: Manage Apps & OAuth

20. Links
STUPS Frontpage
http://stups.io
STUPS Documentation
http://docs.stups.io
GitHub Repositories
https://github.com/zalando-stups
Trying out Senza and Taupage
http://docs.stups.io/en/latest/user-guide/standalone-deployment.html