Transcription
Using AmazonWeb ServiceswithColdFusion 11Brian KlaasJohns Hopkins Bloomberg School of Public Healthbklaas@jhu.edu@brian klaas
verything
Stefan Tell@Flickr
AppsServicesStorageServersNetwork
Using AmazonWeb ServiceswithColdFusion 11Brian KlaasJohns Hopkins Bloomberg School of Public Healthbklaas@jhu.edu@brian klaas
How does AWS fit with CF ?How do I run CF in AWS?
1Hello AWS2Simple, Cheap Storage with S33Plugging Other AWS Services into CF4Running ColdFusion [11] on AWS5Lessons Learned Running with AWS
Hello AWS
Hello AWS1AWS Utility Computing
3IAMVPCCloudHSM(Payment)OpsWorksDirectConnect
Hello AWS1AWS isHTTP–based development
Hello AWS1PUT /photos/puppy.jpg HTTP/1.1Content-Type: image/jpegContent-Length: 94328Host: mybucket.s3.amazonaws.comDate: Tue, 27 Mar 2013 21:15:45 0000!Authorization: AWS AKIAIOSFODNN7EXAMPLE:MyyxeRY7whkBe bq8fHCL/2kKUg
Hello AWS1AWS SDKs for: Java*PHPRubyNode.jsJavaScript*ColdFusion Python .NET Android iOS
Hello AWS1CF: Making Stuff Easy
Simple, Cheap Storagewith S3
Storage with S32S3Simple Storage Service
Storage with S32Store all the things.
Storage with S32You can't delete anything.EVER
Storage with S321 byte5 terabytes
Storage with S32Regions US Standard (NoVA) Asia Pacific (Singapore) US West (Oregon) Asia Pacific (Sydney) US West (NorCal) Asia Pacific (Tokyo) US GovCloud Asia Pacific (Beijing)* EU (Ireland) South America (São Paulo)
Storage with S3299.999999999% durability*99.99% availability*Stuff rarely gets lost.
Storage with S32 0.03 per GB stored 0.004 per 10,000 GET 0.005 per 1,000 PUT 0.12 per GB out after 1GB
Storage with S32Bucketmyfiles.s3.amazonaws.com
Storage with S32BucketObject
Storage with S32Everything is an object
Storage with S32Objects have metadata
Storage with S32Everything in S3 isprivate by default.
Storage with S32
Storage with ng
Storage with S32C:/s3://
Storage with S32Basic ColdFusion Integration cffile action “read”file “s3://somebucket/somefile.txt”variable “fileData” / ! cffile action “write”file “s3://somebucket/somefile.txt”output “#someStuff#” / ! cffile action “delete”file “s3://somebucket/somefile.txt” /
Storage with S32Basic ColdFusion Integration cfdirectory action “create”directory “s3://somebucket/someDirectory” / ! cfdirectory action “list”directory “s3://somebucket/someDirectory” /
Storage with S32ColdFusion Example cfif not ) cfset perms [{group "all", permission "read"},{id "canonicalIDofYourAWSAccount", permission "full control"}] cfdirectory action "create" directory "s3://somebucket.s3.amazonaws.com" storeacl "#perms#" /cfif ! cfset .txt","#someOutput#") ! cfset files directoryList("s3://somebucket.s3.amazonaws.com")
Storage with S32Tags and Functions Which Support S3 cffile* fileExists cfdirectory fileisEOF directoryDelete cfdocument fileMove directoryExists cfftp fileWrite directoryList cffeed fileRead imageNew cfimage fileReadBinary imageRead cfloop† fileReadLine imageWrite fileOpen fileSetLastModified imageWriteBase64 fileClose getFileInfo isImageFile fileCopy getDirectoryFromPath isPDFFile fileDelete directoryCreate*Except rename† Looping over directory information
Storage with S32SDK for Other LanguagesJavaScript:var bucket new AWS.S3({params: {Bucket: ‘myBucket'}});var params {Key: file.name, ContentType: file.type, Body:file};bucket.putObject(params, function (err, data) {results.innerHTML err ? 'ERROR!' : 'UPLOADED.';});!!Ruby:s3 AWS::S3.newkey File.basename(file name)s3.buckets[bucket name].objects[key].write(:file file name)puts "Uploading file #{file name} to bucket #{bucket name}."
Storage with S32Um, don’t you need credentials?
Storage with S32A Brief Detourinto AWS Security Basics
Storage with S32IAM AccountKey PairMaster AWS AccountAccess KeySecret KeyKey Pair IDPublic KeyPrivate Key
Storage with S32Master AWS AccountGroupsAuthenticated UsersAll UsersLog Delivery{Custom}ACLPolicies
Storage with S32Sample "Add Read Permissions","Effect":"Allow","Principal": {"AWS": s:s3:::bucket/*"]}]}
Storage with S32Requests from a Specific Domain Policy{"Version":"2008-10-17","Id":"http referrer policy example","Statement":[{"Sid":"Allow get requests referred by www.mysite.comand "]}}}]}
Storage with S32S3 requestsrequire IAM credentials.
Storage with S32Setting AWS IAM credentials1. In the individual S3 call2. In application.cfc
Storage with S32Setting AWS IAM credentials cffile action “read”file .txt” variable “fileData” /
Storage with S32Setting AWS IAM credentialsIn application.cfc:!this.s3.accessKeyId "accessKey";this.s3.awsSecretKey "secretKey";
Storage with S32ColdFusion Example cfif not ) cfset perms [{group "all", permission "read"},{id "canonicalIDofYourAWSAccount", permission "full control"}] cfdirectory action "create" directory "s3://somebucket.s3.amazonaws.com" storeacl "#perms#" /cfif ! cfset .txt","#someOutput#") ! cfset files directoryList("s3://somebucket.s3.amazonaws.com")
Storage with S32Everything in S3 isprivate by default.
Storage with S32ColdFusion Example cfif not ) cfset perms [{group "all", permission "read"},{id "canonicalIDofYourAWSAccount", permission "full control"}] cfdirectory action "create" directory "s3://somebucket.s3.amazonaws.com" storeacl "#perms#" /cfif ! cfset .txt","#someOutput#") ! cfset files directoryList("s3://somebucket.s3.amazonaws.com")
Storage with S32Get/set file ACL withstoreGetACL()storeSetACL()
Storage with S32Setting permissions with ACLs cfset permissions storeGetACL(fileOnS3) / cfset arrayAppend(permissions,{group "all",permission "read"}) / cfset storeSetACL(fileOnS3, "#permissions#") /
Storage with S32Get/set object metadata withstoreGetMetadata()storeSetMetadata()
Storage with S32Setting content type cfset metadataStruct.content type "video/webm" / cfset storeSetMetadata(s3File,"#metadataStruct#") /
Storage with S32More cool stuffExpire er-requestbasisqeRUpload to S3 from the browser
Storage with S32S3RequestSigningUtils on GitHubgithub.com/brianklaas/ctlS3Utils*Requires CF10
Storage with S32Some issues to consider:
Storage with S32What happenswhen an upload fails?
Storage with S32S3 is storage, not a file systemCan get basic file info with cfhttp url "http://bucket.s3.amazonaws.com/filename" method "head"
Storage with S32What happenswhen S3 goes down?
Plugging Other AWSServices into CF
Other AWS Services CF3DynamoDBNoSQL database serviceElasticacheDistributed memcached or RedisCloudFrontCheap global content delivery networkSESBulk email service – Can be your cfmail mail serverSQSHigh–performance message queue service
Other AWS Services CF3Relational Database ServiceRDS
Other AWS Services CF3IOPS
Other AWS Services CF3RDS Costs Database license IOPS Data transfer in/out You can’t alter the server setup.
Other AWS Services CF3AWS isHTTP–based development
Running CF11 in AWSOr, exploring the official ColdFusion 11 AMI
Running CF11 on AWS4EC2
Running CF11 on AWS4EC2 Instance Types
Running CF11 on AWS3Pick the EC2 instance type thathas the right network, RAM andCPU for your tasks.
Running CF11 on AWS3Use M3 instances
Running CF11 on AWS4AMI on EC2
Running CF11 on AWS4The Official Adobe CF11 AMI Windows Server 2012 Standard x64 m3.medium - 0.24/hr 173/month m3.large - 0.49/hr 352/monthUbuntu 14.04 m3.medium - 0.18/hr 129/month m3.large - 0.36/hr 259/month Includes EC2 charges Includes Adobe Support20% less ifpurchased on anannual basis
Running CF11 on AWS4Medium vs. Large Instances m3.medium 3.5GB RAM 3 ECUs (1 cores x 3 units) 4GB SSD storage Moderate IO performance (500 Mbps)m3.large 7.5GB RAM 6.5 ECUs (2 cores x 3.25 units) 32GB SSD storage Moderate IO performance (500 Mbps)ECU 1–1.2 Ghzprocessor
Running CF11 on AWS4AMI Setup CF11 Enterprise JRE 1.7.0 55 (64–bit) Windows: IIS 8.0.92 Linux: Apache 2.4.7 Both: MySQL 5.6.17
Running CF11 on AWS4Launching the CF11 AMI
Running CF11 on AWS4Stuff You Need Before You Start Custom Security Group (preferred) Key pair RDP (Windows) or SSH client (Linux)
Running CF11 on AWS4Security GroupsFound in the AWS Console underEC2 Security Groups
Running CF11 on AWS4Key Pair Public/private key Tied to a specific region Only one opportunity to download!Found in the AWS Console underEC2 Key Pairs
Running CF11 on AWS4Purchase the AMI Select region and instance type EC2 Classic or VPC Use preconfigured security group or one of your own Select a key pair
Running CF11 on AWS4
Running CF11 on AWS4Once you launchan instance, youstart paying for it.
Running CF11 on AWS4Connecting to the Instance Retrieve the Windows admin password Connect via RDP as “Administrator” Go through the Jumpstart Tool
Running CF11 on AWS4
Running CF11 on AWS4
Running CF11 on AWS4
Running CF11 on AWS4
Running CF11 on AWS4
Running CF11 on AWS4
Running CF11 on AWS4
Running CF11 on AWS4The Jumpstart Tool
Running CF11 on AWS4
Running CF11 on AWS4Jumpstart Steps Agree to the license Select services to enable/disable CF Administrator credentials Secure profile is turned on by default Specify the IP addresses that can connect tothe CF Administrator
Running CF11 on AWS4
Running CF11 on AWS4
Running CF11 on AWS4You are now responsible.
Running CF11 on AWS4You are responsible forsecurity.
Running CF11 on AWS4You are responsible forsoftware updates.
Running CF11 on AWS4You are responsible foreverything.
Running CF11 on AWS4First Steps Post–Jumpstart Install the latest CF 11 Update Update the JRE Change the JVM allocation Shut off MySQL Follow the CF Lockdown Guide
Running CF11 on AWS4
Running CF11 on AWS4Create your own AMI.
Running CF11 on AWS4
Running CF11 on AWS4
Running CF11 on AWS4
Running CF11 on AWS4Create your own AMIfrom scratch.
Running CF11 on AWS4CF11 Licensing for the Cloud 8 cores, 16GHz per license for VM use 13 ECUs per CF11 Enterprise license m3.medium instance 3 ECUs m3.large instance 6.5 ECUs One license 4 m3.medium instances One license 2 m3.large obe/en/legal/licenses-terms/pdf/Adobe ColdFusion-Multi-20140214 1311.pdf
Running CF11 on AWS4Zero to Your Own CF AMI Create a Windows or Linux instanceusing a pre–existing AMI, VMwareinstance or using EC2 tools. Configure the OS, Web Server, etc. Install CF11 Update CF, configure as needed Create an AMI
Running CF11 on AWS4It’s not hard.*Remember: you’re the sysadmin.
Lessons LearnedRunning with AWS
Lessons Learned about AWS5Everything fails.
Lessons Learned about AWS5You are responsible forredundancy.
Lessons Learned about AWS5CF IISStaticAsset 1StaticAsset 2Load BalancerLoad BalancerCF IISCF IISDatabaseMasterDatabaseSlaveFileShare 1ScheduledTask ServerFileShare 2
Lessons Learned about AWS5ELBEBSEC2 AMIStatic AssetS3EBSEBSEBSEC2 AMIDB MasterEC2 AMIEC2 AMIEBSDB SlaveEC2 AMIEBSEBSTaskEC2 AMIUser ContentS3EBS
Lessons Learned about AWS5ELBEBSEC2 AMIStatic AssetS3EBSEC2 AMIEBSEC2 AMIUser ContentS3RDSTaskEC2 AMIEBS
Lessons Learned about AWS5ELBEC2 AMIStatic AssetS3EC2 AMIEC2 AMIUser ContentS3RDSTaskEC2 AMI
Lessons Learned about AWS5Legal and Regulatory IssuesEU data storage law ! US data storage law
Lessons Learned about AWS5Every service incurs a ml
Lessons Learned about AWS5You get what you pay for.
Go Do
Session EvaluationOn the CFSummit mobile app!
Thank you!Brian KlaasJohns Hopkins Bloomberg School of Public Healthbklaas@jhu.edu@brian klaaswww.iterateme.com
Resources Amazon AWSaws.amazon.com Ben Nadel’s excellent example of uploading to S3 directly from tm The CF11 AMI on AQ/ VODI4A/ (Windows)
Resources Tutorial on Deploying a CF WAR to Elastic Beanstalkquetwo.com/tag/elastic-beanstalk/ Setting up the Adobe CF10 AMI s/coldfusion-cloud-aws.html Ports needed by CF10 for cloud coldfusion-10-cloud.html How to select the right instances for databases on -sql-server-aws/
Resources Amazon’s complete walkthrough of setting up instances and then aload–balanced cluster in EC2Windows – asics/web-app-hosting-intro.htmlLinux – asicslinux/web-app-hosting-intro.html Setting Up EC2 Security using-networksecurity.html
Resources Wharton’s Chef recipes for installing CF10github.com/wharton/chef-coldfusion10 EC2 Instance and Pricing Comparatorwww.ec2instances.info
Or, exploring the official ColdFusion 11 AMI. EC2 4 Running CF11 on AWS. EC2 Instance Types 4 Running CF11 on AWS. 3 Running CF11 on AWS Pick the EC2 instance type that has the right network, RAM and CPU for your tasks. 3 . Only one opp