The STUPS platform is a set of tools and components to provide a convenient and audit-compliant Platform-as-a-Service (PaaS) for multiple autonomous teams on top of Amazon Web Services (AWS).
More information: http://stups.io
STUPS by Zalando @ AWS Berlin User Group Meetup May 2015
1. STUPS
STUPS To Unleash Penguin Swarms
AWS Berlin Meetup 2015-05-21
henning.jacobs@zalando.de @try_except_
2. 15 countries
14+ million active customers
2.2 billion € revenue 2014
640+ million visits in Q1/2 2014
One of Europe's largest
online fashion retailers
3. What is STUPS?
The STUPS platform is
a set of tools and components
to provide a convenient and audit-compliant
Platform-as-a-Service (PaaS)
for multiple autonomous teams
on top of Amazon Web Services (AWS).
4. One AWS account per Team
● Every team gets own,
isolated AWS Account
● Every team gets own team domain
*.<teamid>.example.org
5. Public Internet
Isolated AWS Accounts
*.foo.example.org *.bar.example.org
Team “Foo” Team “Bar”ELB ELB
EC2
Instance
EC2
InstanceEC2
InstanceEC2
Instance
EC2
InstanceEC2
Instance
6. Isolated AWS Accounts..
● All cross-team traffic via public Internet
● All cross-team APIs as REST
● Endpoints need to be secured
via SSL and OAuth
● No firewall/network “magic” needed
7. Autonomy
Teams..
● can choose technologies
as they think fit
● own their AWS Account
● are end-to-end responsible
for their applications
8. Autonomy and Compliance
STUPS offers
maximum freedom for developers
while enabling
near-real-time audit compliance
for every single application.
9. STUPS Policy TL;DR
● Use the Taupage base AMI
⇒ Docker
● Register all applications
in the Kio application registry
● Use REST+OAuth
to expose services to other teams
10. Application Deployment
● Build your application
● Create a Docker image
● Deploy a new immutable stack with Senza
● Route traffic to the new stack
Try out for yourself: http://docs.stups.io/en/latest/user-guide/standalone-deployment.html
12. What is Senza?
● Command line tool
● Generator of Cloud Formation templates
● Management tool for CF stacks
● Convenience high-level CF “components”
18. OAuth Infrastructure
● Central IAM Provider
(ForgeRock Open Identity Stack)
● Registered Apps get OAuth
credentials automatically
● Credential Distribution via S3 Buckets