a tale of config tombola a tale of
- a tale of config
“tombola – a tale of config” Agenda • Introduction • Who is tombola? • A tall tale • The tech bit – the problem • The good bit - our solution • Q&A
Who am I? www. linkedin. com/in/philatkinson 1
Who is tombola?
Once upon a time…
We have a data centre!
The age of “automation”
Hello “cloud”
“the lift and shift”
What’s the problem?
What is Simple Systems Manager (SSM) parameter store? “AWS Systems Manager Parameter Store provides secure, hierarchical storage for configuration data management and secrets management. You can store data such as passwords, database strings, and license codes as parameter values. You can store values as plain text or encrypted data. You can then reference values by using the unique name that you specified when you created the parameter. Highly scalable, available, and durable, Parameter Store is backed by the AWS Cloud” https: //docs. aws. amazon. com/systems-manager/latest/userguide/systems-manager-paramstore. html
Why we choose SSM as the solution • One place to manage all secrets (easier for infosec) • One place to manage all application configuration • Simple Config changes won’t need a deployment • It’s a secure, scalable, hosted service • Control and audit access at granular levels (controlled by infosec) • Configure change notifications and trigger actions • Parameters can be tagged and secured (or secure by path) • Built into key AWS functions: EC 2, ECS, Lambda, Cloudformation, Code. Build, Code. Deploy… • Can also use AWS SDK for other deployment tools • It’s FREE! It’s AWS!
Demo Deployments OLD vs NEW Node. Js App OLD vs NEW C# Web Config OLD vs NEW
Demo – Deployments OLD Part 1
Demo – Deployments OLD Part 2
Demo – New Deployments
Demo – Node App OLD
Demo – Application SSM Settings
Demo – Node App NEW
Demo –. NET App OLD
Demo –. NET App NEW
Demo –. NET App NEW
Benefits?
Summary • Massively simplified our deployments • Built client libraries to share company wide (node. Js, c#, core) • Allowed infosec team to perform secret rotations • Optional auto application configuration refresh • Migrated applications (not quite all of them) • Hardened the packages for DR to avoid runtime errors • Built Tombola procedures (clarify ownership of secrets)
Questions?
#tombolalife linkedin. com/company/tombola @tombolalife ops. tombola. co. uk
- Slides: 26