REL08-BP05 Deploy changes with automation
Deployments and patching are automated to eliminate negative impact.
Making changes to production systems is one of the largest risk areas for many organizations. We consider deployments a first-class problem to be solved alongside the business problems that the software addresses. Today, this means the use of automation wherever practical in operations, including testing and deploying changes, adding or removing capacity, and migrating data.
Desired outcome: You build automated deployment safety into the release process with extensive pre-production testing, automatic rollbacks, and staggered production deployments. This automation minimizes the potential impact on production caused by failed deployments, and developers no longer need to actively watch deployments to production.
Common anti-patterns:
-
You perform manual changes.
-
You skip steps in your automation through manual emergency workflows.
-
You don't follow your established plans and processes in favor of accelerated timelines.
-
You perform rapid follow-on deployments without allowing for bake time.
Benefits of establishing this best practice: When you use automation to deploy all changes, you remove the potential for introduction of human error and provide the ability to test before you change production. Performing this process prior to production push verifies that your plans are complete. Additionally, automatic rollback into your release process can identify production issues and return your workload to its previously-working operational state.
Level of risk exposed if this best practice is not established: Medium
Implementation guidance
Automate your deployment pipeline. Deployment pipelines allow you
to invoke automated testing and detection of anomalies, and either
halt the pipeline at a certain step before production deployment,
or automatically roll back a change. An integral part of this is
the adoption of the culture
of continuous
integration and continuous delivery/deployment
Although conventional wisdom suggests that you keep people in the loop for the most difficult operational procedures, we suggest that you automate the most difficult procedures for that very reason.
Implementation steps
You can automate deployments to remove manual operations by following these steps:
-
Set up a code repository to store your code securely: Use AWS CodeCommit, to create a secure Git-based repository.
-
Configure a continuous integration service to compile your source code, run tests, and create deployment artifacts: To set up a build project for this purpose, see Getting started with AWS CodeBuild using the console.
-
Set up a deployment service that automates application deployments and handles the complexity of application updates without reliance on error-prone manual deployments: AWS CodeDeploy
automates software deployments to a variety of compute services, such as Amazon EC2, AWS Fargate , AWS Lambda , and your on-premise servers. To configure these steps, see Getting started with CodeDeploy. -
Set up a continuous delivery service that automates your release pipelines for quicker and more reliable application and infrastructure updates: Consider using AWS CodePipeline to help you automate your release pipelines. For more detail, see CodePipeline tutorials.
Resources
Related best practices:
Related documents:
-
Continuous Delivery of Nested AWS CloudFormation Stacks Using AWS CodePipeline
-
Complete CI/CD with AWS CodeCommit, AWS CodeBuild, AWS CodeDeploy, and AWS CodePipeline
-
APN Partner: partners that can help you create automated deployment solutions
-
AWS Marketplace: products that can be used to automate your deployments
-
The Amazon Builders' Library: Ensuring rollback safety during deployments
-
The Amazon Builders' Library: Going faster with continuous delivery
Related videos: