12. GitHub
Source Code Check in
Jenkins
Build Tools
S3
Artifact Repository
Code
Pipeline
Deployment Tools
Code
Deploy
Production
Environment
EC2
CICD Pipeline is awesome
13. GitHub
Source Code Check in
Jenkins
Build Tools
S3
Artifact Repository
Code
Pipeline
Deployment Tools
Code
Deploy
Production
Environment
EC2
Code change is introduced
14. GitHub
Source Code Check in
Jenkins
Build Tools
S3
Artifact Repository
Code
Pipeline
Deployment Tools
Code
Deploy
Production
Environment
EC2
Build starts, and passes!
15. GitHub
Source Code Check in
Jenkins
Build Tools
S3
Artifact Repository
Code
Pipeline
Deployment Tools
Code
Deploy
Production
Environment
EC2
Artifact is dropped into repository
16. GitHub
Source Code Check in
Jenkins
Build Tools
S3
Artifact Repository
Code
Pipeline
Deployment Tools
Code
Deploy
Production
Environment
EC2
CD Tool picks up new artifact for testing
17. GitHub
Source Code Check in
Jenkins
Build Tools
S3
Artifact Repository
Code
Pipeline
Deployment Tools
Code
Deploy
Production
Environment
EC2
CD Tool uses new artifact to deploy
18. GitHub
Source Code Check in
Jenkins
Build Tools
S3
Artifact Repository
Code
Pipeline
Deployment Tools
Code
Deploy
Production
Environment
EC2
New/latest code is deployed on an instance!
19.
20. GitHub
Source Code Check in
Jenkins
Build Tools
S3
Artifact Repository
Code
Pipeline
Deployment Tools
Code
Deploy
Production
Environment
EC2
Shoot, I need to revert the previous code change!
The whole CICD process repeats...
21. GitHub
Source Code Check in
Jenkins
Build Tools
S3
Artifact Repository
Code
Pipeline
Deployment Tools
Code
Deploy
Production
Environment
EC2
Code change is introduced
23. GitHub
Source Code Check in
Jenkins
Build Tools
S3
Artifact Repository
Code
Pipeline
Deployment Tools
Code
Deploy
Production
Environment
EC2
Artifact is dropped into repository
24. GitHub
Source Code Check in
Jenkins
Build Tools
S3
Artifact Repository
Code
Pipeline
Deployment Tools
Code
Deploy
Production
Environment
EC2
CD Tool picks up new artifact for testing
25. GitHub
Source Code Check in
Jenkins
Build Tools
S3
Artifact Repository
Code
Pipeline
Deployment Tools
Code
Deploy
Production
Environment
EC2
CD Tool uses new artifact to deploy
26. GitHub
Source Code Check in
Jenkins
Build Tools
S3
Artifact Repository
Code
Pipeline
Deployment Tools
Code
Deploy
Production
Environment
EC2
Changes in code is deployed on the same instance
27. Downsides
● Downtime (SLA)
● Previous State of
Deployment is overwritten
● Resistance to
Infrastructure Changes
● Relatively Sequential
(Traffic Jam Scenario)
30. GitHub
Source Code
Check in
Jenkins
Continuous Integration
S3
Artifact
Repository
Code
Pipeline
Continuous Deployment
Code
Deploy
Production
Environment
Code
Pipeline Code
Deploy
EC2
EC2
Red outline indicates current CICD workflow
Blue-green to the rescue!
(LIVE)
31. GitHub
Source Code
Check in
Jenkins
Continuous Integration
S3
Artifact
Repository
Code
Pipeline
Continuous Deployment
Code
Deploy
Production
Environment
Code
Pipeline Code
Deploy
EC2
EC2
Red outline indicates current CICD workflow
Code change is introduced
(LIVE)
32. GitHub
Source Code
Check in
Jenkins
Continuous Integration
S3
Artifact
Repository
Code
Pipeline
Continuous Deployment
Code
Deploy
Production
Environment
Code
Pipeline Code
Deploy
EC2
EC2
Red outline indicates current CICD workflow
Build starts, and passes!
(LIVE)
33. GitHub
Source Code
Check in
Jenkins
Continuous Integration
S3
Artifact
Repository
Code
Pipeline
Continuous Deployment
Code
Deploy
Production
Environment
Code
Pipeline Code
Deploy
EC2
EC2
Red outline indicates current CICD workflow
Artifact is dropped into repository
(LIVE)
34. GitHub
Source Code
Check in
Jenkins
Continuous Integration
S3
Artifact
Repository
Code
Pipeline
Continuous Deployment
Code
Deploy
Production
Environment
Code
Pipeline Code
Deploy
EC2
EC2
Red outline indicates current CICD workflow
CD Tool picks up new artifact for testing
(LIVE)
35. GitHub
Source Code
Check in
Jenkins
Continuous Integration
S3
Artifact
Repository
Code
Pipeline
Continuous Deployment
Code
Deploy
Production
Environment
Code
Pipeline Code
Deploy
EC2
EC2
Red outline indicates current CICD workflow
CD Tool picks up new artifact for deployment
(LIVE)
36. GitHub
Source Code
Check in
Jenkins
Continuous Integration
S3
Artifact
Repository
Code
Pipeline
Continuous Deployment
Code
Deploy
Production
Environment
Code
Pipeline Code
Deploy
EC2
EC2
Red outline indicates current CICD workflow
Changes in code is deployed on green, going live
(LIVE)(LIVE)
37. GitHub
Source Code
Check in
Jenkins
Continuous Integration
S3
Artifact
Repository
Code
Pipeline
Continuous Deployment
Code
Deploy
Production
Environment
Code
Pipeline Code
Deploy
EC2
EC2
Red outline indicates current CICD workflow
Completely switch over to green, decommission blue
(LIVE)
38.
39.
40. GitHub
Source Code
Check in
Jenkins
Continuous Integration
S3
Artifact
Repository
Code
Pipeline
Continuous Deployment
Code
Deploy
Production
Environment
Code
Pipeline Code
Deploy
EC2
EC2
Red outline indicates current CICD workflow
Known good code / state is preserved on blue
(LIVE)
41. GitHub
Source Code
Check in
Jenkins
Continuous Integration
S3
Artifact
Repository
Code
Pipeline
Continuous Deployment
Code
Deploy
Production
Environment
Code
Pipeline Code
Deploy
EC2
EC2
Red outline indicates current CICD workflow
Completely switch over to blue, decommission green
(LIVE)
45. Preserved Last
Known
Deployment
● Rollback enabled
● Debugging
● Forensics
○ Take it offline and
isolate
○ Selfie* anyone?
*https://alldaydevops2016.sched.org/event/8614/taking-a-selfie
-just-try-to-resist-doing-forensics-the-devsecops-way
46. ● Resilient to Security Testing
and Fire Drills
● Restore to known good
state
○ “Refresh” stack
Robust
Infrastructure
47. Robust
Infrastructure
● Vulnerability Management
○ Quick to patch zero days
- app to infra layers
○ One New Zero-Day
Vulnerability Discovered
on Average Every
Week*
*https://www.symantec.com/en/aa/about/newsroom/press-releases/2016/s
ymantec_0413_01
48. Parallel
Pipelines
● Why stop at blue-green?
● Go RAINBOW!
● Scale
○ Restore to multiple
states on multiple
instances
53. Crawl?
● Virtualization
● Infrastructure and
Security as Code
● Build a CICD process
● Plan for Security
Testing
● Identify where
Blue-Green is relevant*
*https://d0.awsstatic.com/whitepapers/AWS_Blue_Green_Deployments.pdf
Walk
Run
54. Walk.
● Automate Existing
CICD Process
● Incorporate Security
Testing
● Manually implement
Blue-Green where
relevant
Crawl
Run