Contact us anytime to know more β Amit A., Founder & COO CISIN
Two AWS clients, Iponweb and BigHat Biosciences, share their experiences with Continuous Integration/Continuous Deployment (CI/CD) in two posts.
We conclude the series with an example reference architecture that shows all of AWS' advantages regardless of whether managed AWS tools or open-source AWS tools are chosen; when building your platform for Continuous Deployment, it is vitally important that informed decisions are made regarding selecting tools aimed at meeting both functional and non-functional requirements to maximize value creation. This article reviews this criteria with an article discussing its selection criteria in depth so as not to misinform any prospective developers when selecting each tool when building platforms CI/CD platforms;
What is CI/CD, and Why?
Product development investments only reap returns once products reach customers, which means making valuable changes more quickly will reap more of a return from customer purchases.
This advantage in today's highly competitive environment is acknowledged through AWS Well-Architected Framework's Operational Excellence pillar, precisely two sections dedicated to Continuous Integration/Continuous Deployment capabilities.
CI/CD concepts come from software engineering but can apply to all content development, delivery, and deployment forms.
It provides support for development, integration testing, delivery, and deployment. It allows you to modify an app, update an ML model, or modify multimedia assets as part of an AWS Well-Architected Framework process.
By adopting CI/CD techniques, errors in manual processes can be significantly reduced while freeing your team members to focus on meeting customer demands, differentiating your organization, and speeding up the implementation of significant changes into production.
What Are The Advantages of CI/CD?
- Continuous delivery (CI/CD) allows developers to increase the quality and security of software while decreasing the time-to-market of new features, resulting in happier customers and reduced stress on developers.
- Companies benefit greatly from CI/CD thanks to its rapid speed enhancement capabilities and team members being freed up to focus on what they excel in, leading to higher-quality end products and improved competitive advantage.
- Successful Continuous Integration/Continuous Deployment pipelines can help organizations attract top talent.
- Engineers and developers no longer get bogged down with repetitive tasks that depend on other tasks to complete them successfully.
Open Source and AWS: Choosing the Right CI/CD Approach
Your First Decision: Source Code Management
Your source code could be your most prized possession. To safeguard it and make sure they're available when required by your organization at all times, tools for managing it must meet high requirements: high performance, durability, and availability (HA), as well as throughput capacities that match.
Furthermore, their security must also allow access by role.
Source code management software features many specialized functions. One such example would be its capacity for offering collaborative code reviews in its user interface (UI).
Other parts include flexible merge policies with automated/manual gates and out-of-the-box integrations with various other tools that enable monitoring, continuous integration, chats, and agile project planning.
Shared source code management software allows teams to collaborate across groups while remaining within one context and user interface during all aspects of the DevOps lifecycle.
Such solutions enable teams to share themselves while remaining under one single context throughout the DevOps cycle lifecycle, making source code management software an essential starting point for creating their DevOps platform.
Make an informed choice between AWS CodeCommit and an AWS Managed solution like Gerrit, Gitlab, Gogs, or Phabricator, as open-source alternatives offer similar capabilities.
Your decision will depend upon how Open Source benefits your team regarding flexibility, support, and cost factors - in other words, infrastructure costs and management fees should also be factored in when making this choice.
Engineer teams capable of customizing plug-ins for their CI/CD platform or contributing directly to open-source projects usually prefer open-source solutions due to their added flexibility.
This is particularly crucial if your team has experience building and maintaining its cloud infrastructure; AWS-managed solutions may offer more significant benefits due to taking care of infrastructure management for you.
Source Code Management System
The next step for teams should be deciding how to deploy their solution via one or multiple instances, with durability, scalability, and high availability (HA) considerations in mind.
Here is an HA guide: Installing Gitlab in Amazon Web Services to reduce infrastructure strain using Amazon RDS or ElastiCache services as examples of AWS offerings that might reduce infrastructure overhead burden.
Your Second Decision: Continuous Integration Engine
GitLab provides both source code control and continuous integration capabilities through GitLab CI; Gitlab Runners run ongoing integration jobs defined in YML files stored with product code within Gitlab's repository; for best security and performance, these should ideally run separately from GitLab itself.
Your options for resource management include managing them yourself or taking advantage of AWS services to deploy and manage runners.
By opting for AWS' on-demand services instead, you can minimize costs related to managing and implementing features without differentiation while simultaneously optimizing costs and operational excellence; our service team will work our underpinning service while only charging what you consume.
Continuous Integration Engine Solution
Gitlab Runners can be deployed as containers on Amazon EKS in this example, enabling teams to focus more quickly on development without worrying about implementation details and managing on-demand resources efficiently.
EKS nodes may also benefit from using Amazon ECS Spot Instances to lower costs. The runtime for continuous integration tasks tends to be short and compute-intensive, making restarting runner jobs on another resource without impact easily possible.
Also, their resilience makes Spot Instances very desirable - Gitlab supports Amazon EKS Spot Instances out-of-the-box, so no integration or integration steps need to occur before deployment or configuration. Helm charts serve to store and update runners before deployment. In contrast, Terraform templates hold all the necessary details regarding an automated CI/CD system in an automated CI/CD environment.
Your Third Choice: Container Registry
Runner deployment requires images of containers to operate, making Amazon ECR an attractive solution for producing companies who depend on Docker containers to deploy runners quickly and reliably.
Other requirements of production container registries might include high availability, durability, and transparency as primary requirements of your registry for production purposes; you may only require primary user interface (UI) and API support as functional requirements of container registrars (such as Amazon ECR's OCI compliance and Helm Chart support) may suffice as applicable requirements of container registrars (registrar). Amazon ECR offers managed solutions with OCI compliance and Helm Chart support - ideal registrar options.
Container Registry System
Open source software does not meet this particular set of needs, with implementation and management costs rising due to self-supporting security and high availability features implemented independently from AWS managed solutions; AWS managed solution has no overhead and offers cost savings as shown by Blog Post 1 Diagram 1 [Blog Post 1 Diagram 1].
A managed AWS container registry solution such as ECR would make more sense than using Harbor, which also hosts open-source solutions from AWS; Amazon ECR provides customers who prefer open-source registry options the option they require.
Other Considerations
Now, let us look at a few additional considerations. It is crucial that your infrastructure and applications can be monitored effectively; additionally, ensure backup policies and tools are correctly in place.
All security considerations must be fulfilled as part of this effort.
Security groups are one of the many methods available for strengthening security. IAM allows administrators to regulate permissions at a granular level while Policies limit your exposure and manage traffic flow; policies also help stop assets from leaving your CI environment inappropriately while AWS Key Management Service reduces operational burden in supporting these activities; DevSecOps allows organizations to quickly implement compliant and secure application changes while automating operations processes.
Amazon S3 was designed with durability, safety, and availability - qualities many customers find attractive when choosing EBS-level backup storage.
Amazon S3 meets all functional backup storage requirements while class hierarchies and versioning are supported, making its cost-effectiveness highly efficient.
Amazon CloudWatch can monitor infrastructure, while open-source monitoring tools like Prometheus may extend monitoring capabilities further.
Amazon Managed Service Prometheus makes the best of both worlds available - open-source Prometheus as a monitoring option on AWS, while customers often turn to Grafana as an interactive metrics visualization solution. Amazon Managed Service For Grafana can offer just this solution for customers interested.
Want More Information About Our Services? Talk to Our Consultants!
A mature company
Our second fictional organization is an established market segment business focusing on CI/CD for iOS providing consistent quality experiences to their customers to keep them as loyal customers.
Our development and service teams carefully document requests for easy understanding. At the same time, all interfaces between groups and between systems are noted for transparency.
As our requirements changed over the years, the systems we implemented to meet those changes still need to be documented.
Our existing toolchain contains open-source and supported versions and some scripting created in-house - meaning there are limited opportunities to expand to new clients.
As conditions change, we strive to implement new features quickly and efficiently in response. Achieving differentiation through service offerings may enable us to win customers away from competitors while evolving processes to optimize integration, efficiency, and cost reduction can increase profitability significantly.
- Set ourselves apart in the market with novel features & integrations.
- Address risks associated with poorly supported software/systems/platforms
- Evolve Performance: Our focus will be CI/CD.
- Rich features/integrations over non-functional capabilities will take precedence as this becomes our main area of innovation.
AWS Open Source Tools vs. AWS Services
Open-source software and Amazon Web Services don't have to be mutually exclusive solutions; choose a combination that offers maximum value.
Open sources can provide specific advantages; however, their costs and burden often outweigh their benefits. AWS services such as Elastic Compute Cloud host such tools, while CodeBuild allows AWS usage without incurring extra expenses or obligations.
Features Set
At both fictional companies, our fictional organizations aim to streamline the way beneficial changes are introduced into production faster, so they evaluate Continuous Integration/Continuous Deployment options as part of this goal.
A startup company wants a solution with basic capabilities like author/code/build/deploy. At the same time, mature businesses desire total leverage from every advantage offered: feature-rich sets with customized options, built-in features, and finely-grained controls are chosen by mature enterprises.
Open Source Tools
Open-source software often exceeds functional needs; developers can quickly implement or integrate desired new capabilities onto an open-source project themselves and submit their code back into it for review by others.
As its community expands, more users and features join it; developers use such tools to implement features into projects.
Feature sets may initially go unsupported but later come under consideration; developing non-functional requirements takes longer and isn't as appealing since they do not add immediate value; therefore, the feature set could prove more essential than non-functional requirements.
Take a look at this:
- Open-source tools offer more functionality and may already integrate with other applications. Feature sets can often arrive quickly depending on user demand and input from active community members.
- Your company can choose which features it needs from an open-source project, although no long-term support guarantee applies.
- Open-source software may be utilized across cloud services or premises, and you will ultimately be responsible for maintaining its implementation if a project becomes obsolete.
AWS Services
AWS Services are tailored to customer requirements, with support provided for services and features by dedicated teams dedicated to satisfying them.
Security remains top of mind with these customer-driven teams as their goal is enabling customers to achieve desired outcomes with the minimum effort required.
Take a look at what follows.
- Consistent delivery schedules of feature sets driven by customer needs and requests.
- AWS Service Team is committed to supporting AWS services, including Cloud services as well as Outposts are offered.
Cost optimization
Why don't we discuss cost after features? Security and reliability take precedence over cost considerations; thus, the leadership naturally follows best practices of operational excellence when making tradeoff evaluations.
After considering the benefits of feature sets, the question arises, "How much will this cost?" The leadership then sets priorities and allocates resources (capital time effort) accordingly to meet needs; then, cost optimization reviews occur to compare CI/CD investments against alternative investments.
Both organizations share the same cost-conscious approach. Our startup company faces limited capital and time available; however, a mature firm can budget and plan over time for capital spending needs.
If our startup proves itself successful, early investment in an advanced CI/CD system could prove crucial to long-term growth; otherwise, it will go to waste. For mature firms, investing in an adequate toolchain will eventually show its worth over time.
Open Source Tools
Although open-source software may seem accessible, its adoption does incur costs. To implement and administer open-source programs successfully and complete maintenance and management activities efficiently will require specific skill sets and expertise.
These skills may be gained through team training, self-study by individual team members, or hiring people with these capabilities. How many qualified open-source tool practitioners there will depend on how popular and long they've been used. Losing highly skilled team members can result in losing institutional knowledge and familiarity with implementation.
Tools often change, and team members come and go; therefore, skills must remain current. Experienced members must devote enough time and resources towards management and maintenance for maximum benefit; however, third-party support may cost more if commercial services are desired.
Time-to-value analysis for Open-Source Implementations covers time spent configuring software and resources and adding integrations or capabilities, with existing integrations/capabilities supported by the community reducing the effort needed for these efforts.
Take a look at this:
- Software is available freely; however, open-source may have less generally skilled practitioners. Therefore, the costs (financial and time spent developing skill sets) for acquiring, creating, or maintaining these sets could be higher than traditional commercial options.
- Ongoing costs associated with open-source software support by teams are significant and costly, both financially and timewise. Trained team members spend substantial amounts of time managing and maintaining open source projects, which incur ongoing maintenance expenses; any commercial support accompanying this software also incurs extra costs.
- Implementation and configuration of open-source resources and software are part of Time to Value.
- Additional community integration may also be included.
AWS Services
AWS is a pay-as-you-go service, and there are no upfront costs involved. By August 2023, there will be over 400,000 active AWS certification holders -- this number has increased 85% between AWS provides an impressive time-to-value, which only takes minutes or seconds to configure or instantiate its services.
Time invested in configuring and implementing integrations may add value. As part of AWS's service roadmap, predefined integrations may already exist, reducing work effort requirements significantly.
Take a look at these figures:
- AWS Services are offered free of cost.
- Furthermore, AWS skill sets can be easily found, so the costs associated with acquiring, creating, and maintaining these could be reduced significantly.
- Service teams manage AWS Services.
- The time it takes to configure or instantiate services determines their value; predefined integrations could have less effect than expected.
AWS Open Source Tools
Cost considerations do not change with using open-source software on AWS; migration from either solution does not vary, and any integrations or customizations you wish to retain must be replaced manually.
The Security of Your Own Home
Both companies care deeply about maintaining good relations with their customers. They are dedicated to keeping information systems protected for confidentiality and integrity purposes.
Both also take security seriously - for our startup company, this means ensuring all vulnerabilities in its service provider contracts will be promptly addressed by them; in terms of maturity levels for mature organizations, there are dedicated security resources that practice defense-in-depth across organizational structure boundaries.
At startup and established firms, executives and employees want to feel confident their choices are safe and secure before validating them.
Both will need to know about their responsibilities and any applicable model for shared responsibility.
Open Source Tools
Open-source tools may have flaws. All community members have access to code for testing and validation; many eyes evaluate security; however, an individual or company can perform its validation.
There may also be limited information about configuring a secure system; the implementation team could help reduce risks through peer pressure.
Take a look at these:
- Open-source software is your responsibility.
- Enabling you to control data security with this form of technology.
- Validate its security code so it will function according to plan.
AWS Services
AWS teams prioritize security as one of their highest priorities and can respond promptly when vulnerabilities are discovered.
AWS provides extensive documentation that assists service providers with configuring services securely.
Have a look at this:
- AWS is responsible for safeguarding its cloud services and their supporting infrastructure and for your security and configuration of AWS services.
- Their team must verify any code that contains security vulnerabilities.
AWS Open Source Tools
These considerations are combined into open-source software on AWS. Customers are accountable both for the implementation and configuration of AWS services.
At the same time, AWS takes responsibility for security in its Cloud environment, managing AWS Services as required.
Reliability
Every business desires reliability; each has different tolerance levels when it comes to risk and non-availability issues.
Startups emphasize rapid iterations through available systems, while mature firms might face some reliability concerns with open-source tools or custom scripts they rely on internally.
Both startups and established businesses require knowing the expected reliability of the choice they make - this means understanding its uptime expectations in percentage terms, whether or not it's designed for high availability, and whether any part of its systems might go down unexpectedly or experience errors, as well as knowing its data reliability status and the most efficient means of backup for it.
These companies must establish acceptable outage duration (also referred to as Recovery Time Objectives or RTO) and how many transactions lost (including changes made) can occur before they meet the Recovery Point Objectives or RPO goals.
Each option considered must help meet these RTO and RPO targets set for them by both businesses.
Open Source Tools
Open-source reliability depends on its implementation by companies, the resources supporting that implementation, and the quality of its software.
Open source tools may be highly available; downtime for maintenance activities or management tasks may occur during performance. RPO depends on teams within companies supporting RTO/RPO mechanisms and implementation teams that support the systems of their businesses.
Take a look at these:
- Your responsibility in implementing an open-source app in a manner that meets the high reliability and availability requirements for its implementation is yours alone. However, specific open-source software may need downtime for maintenance or management activities.
- Your responsibility as the manager lies in defining, implementing, and testing backup mechanisms and procedures in case of systemic failures.
- Additionally, you are accountable for meeting RTO/RPO expectations in such an instance.
AWS Services
AWS Services are developed to meet customer availability needs, with service teams responsible for managed services being charged with maintaining its health.
View these examples:
- AWS services are managed and maintained by service teams overseeing their health. AWS Services are created and implemented with customer reliability in mind:
- AWS CodeCommit offers high availability, while AWS CodeBuild provides 99.9% uptime.
- CodeCommit, CodeBuild, Pipeline, and Deploy all utilize Amazon S3 or DynamoDB as data archival servers across different facilities to guarantee customer data is kept consistent and accessible at all times.
AWS Open Source Tools
These considerations are combined in open-source software running on AWS. Customers are responsible for implementing these tools (including data durability, backup, and recovery) and configuring and using AWS; AWS maintains its Cloud platform, including managed services.
The Performance
Two companies each have distinct definitions of timely and efficient value delivery, yet both seek results quickly; iterations follow quickly on each previous iteration, with our startup engineers CI/CD Implementation having limited time left over before waiting on actionable outcomes.
Our mature company may have numerous improvements or changes on its change pipeline that need implementing while waiting.
Open Source Tools
Open-source software performance depends mainly on its installation resources. When resources become constrained, open-source tools with scaling-out capabilities may improve dynamically, while scaling up may still help if resources remain an issue despite scaling out being attempted.
Performance may be hindered due to implementation or libraries used; code can be improved through community contributions to overcome such limitations.
Check out these examples:
- At your discretion, you must manage the performance of open-source software.
- Open-source solutions may experience performance limitations due to system resources, configuration settings, code libraries, or implementation environments affecting performance.
AWS Services
AWS services are built for maximum scalability; CodeBuild and CodeCommit can scale dynamically depending on build volumes.
CodePipeline lets you execute multiple actions simultaneously to expedite workflow processes.
Please take a look at these images:
- AWS services are managed and monitored by service teams overseeing their performance and scalability, automatically scaling as necessary to meet demand.
- Your configuration choices may affect service performance and how fast AWS responds.
- AWS services quotas exist to prevent unexpected costs from being incurred.
- They can be altered as necessary to change prices and performance accordingly.
AWS Open Source Tools
These considerations are combined in open-source software on AWS Services. Customers are accountable for selecting and configuring AWS Cloud Resources and services on AWS; AWS takes full responsibility for the performance of the cloud itself as well as managed AWS Services.
As our startup expands, the operations burden must be kept to an absolute minimum to focus on innovation and development.
Both businesses offer robust operations capabilities, performing all necessary management and maintenance duties to fulfill clients' requirements.
Open Source Tools
Volunteer communities typically support open-source software without obligations or commitments from users. Both companies that adopt it must manage and maintain it themselves.
In contrast, third-party companies may provide additional commercial support at an extra fee if willing to commit and support its implementation.
Take a look at this:
- Your responsibility is to support the implementation of your plan.
- While open-source communities may provide volunteer support to software projects, their support does not guarantee the continued upkeep of any given application; additionally, open-source software often features less documentation or best practices than commercial packages.
- Early open-source software releases, such as development builds or beta releases, may reveal unexpected issues and edge cases that might otherwise go undetected.
- Supporting open-source software may become increasingly challenging if its integration and implementation are complex, leading to a longer time to identify contributing factors and pinpoint issues.
- One effective strategy can be employing highly knowledgeable individuals who understand its implementation process as part of your team.
- Third parties may provide commercial support.
AWS Services
AWS Services is committed to offering long-term customer support.
Here is what to keep an eye out for:
- AWS maintains an ongoing commitment to supporting its services, with current documentation as part of a managed service contract and additional service levels supplied through partners or third parties.
AWS Open Source Tools
Considerations such as these are combined in open-source tools running on AWS, with the maintenance of open-source software being the responsibility of AWS (for instance, updating, patching, or responding to faults).
AWS itself operates the Cloud infrastructure as well as managed AWS Services.
Want More Information About Our Services? Talk to Our Consultants!
The Conclusion Of The Article Is:
This post details how to choose between open-source software on AWS, managed services from Amazon Web Services (AWS), or combined options.
Before making this choice, assess your business and risks/benefits.
As discussed before, making informed decisions is critical to take full advantage of CI/CD Continuous Integration Continuous Deployment AWS-managed services like Amazon EKS and ECR and open-source AWS solutions like Gitlab.
For optimal results, find the optimal combination between open-source software and AWS that fulfills both functional and non-functional requirements while increasing resource value and optimizing synergies and value for both sides.
