The information on this page gives an explanation of how drie works. If you want to get started straight away you might want the following steps show you how to get an app up and running on the drie platform for the first time:
If you just want to jump straight in, try the quickstart:
drie is service that development teams can use to make it easy to run software using Amazon Web Services (AWS). Our tooling provisions infrastructure for each of your applications in line with AWS best practices and makes deploying changes to your software simple and reliable.
The drie architecture is built around AWS security best practices to provide you with an isolated environment to run your application in.
When you create an application on the drie platform using the
drie app create CLI command we create the following application environment:
- For each application we define a security group based firewall. This firewall allows traffic to access your application on specific ports only and segregates you from other customers on the drie platform. We provision EC2 instances to run your application on: each instance of your application is run on its own virtual machine giving effective resource allocation and kernel level isolation from other applications.
2: Each application gets it's own Elastic Load Balancer (ELB) to route web traffic.
- All web apps get HTTPS termination on the ELB by default. drie manages the re-encryption of connections back to each of your instances using unique certificates generated when the app is created.
- All internet facing certificates are created and managed using AWS's certificate management service so you never have to worry about who has access to the certificate, how to revoke it or when it might expire again.
- drie creates a per customer key management setup using the AWS key management service (KMS). We use this to encrypt any configuration data that you use to run your application as well as the artefacts that drie builds and deploys from your source code repository.
- drie manages the creation, setup and ongoing changes in each environment with an IAM (Identity and Access Management) role defined specifically for each of your apps.
Each application that you deploy gets it's own copy of this environment -- it's own load balancer, security group, certificates and KMS contexts. This allows for complete segregation of concerns between applications and clear auditability of interactions with that application.
Database can be added to your app using the
drie database add command. These databases are associated with a specific app; security groups are used to firewall this database cluster from being accessed from the internet or any other apps. As a result, access to the database is restricted to the application that is linked to that database.
drie provisions AWS Aurora databases. These databases are MySQL compatible but have a number of performance and availability benefits. By default drie will provision a single node but this can be scaled up to clusters of 15 nodes for additional performance or to speed up disaster recovery. Please see Amazon's documentation for more details.
When we provision your database we also:
- provide your application with the necessary connection details and certificates so that you can create a secure TLS connection to your database. These are loaded as environment variables for convenience.
- create a database user with a unique strong password and provide that information.
- provide a connection URI that allows you to connect to whichever node in a cluster is the active read/write node. A script is provided which can be used to refresh the connection details in the case of database fail over. This script is used to periodically update a file on disk for convenience.
This means that your connection to the database is protected at three layers: the database user, the security group and the transport between the two.
drie builds your application from your git based source control system. We integrate seamlessly with providers like github, bitbucket and gitlab. Public and private repositories are supported, as are many onsite solutions.
When a user runs the
drie app create command from a local copy of a git based repository, drie looks up the remote location of that repo and uses that as the location to build from. This can also be specified via the command line.
drie always builds from the remote repository. Any changes you wish to make to your application have to be commited to the remote.
When you run
drie app deploy, drie builds your application from the source code at the remote. The drie build system looks for a
.buildpack file with a link to a buildpack in order to determine how to build your software. A buildpack is a language specific set of instructions for building an application. You can write your own buildpack or use one of the many open source ones available.
Once we have built your software you can run the
drie app scale command to deploy a number of instances of your application. We take the built artefact and deploy it to the environment that we set up as part of the
drie app create. Each instance of your application gets deployed to a separate virtual machine.
drie can be easily integrated into your existing Continuous Integration (CI) or Continuous Delivery (CD) pipelines. All of our CLI commands can be fully scripted; indeed we use CircleCI to drive platform integration tests using the CLI.
We are continuing to build out out APIs, which although subject to change during the beta period, are another potential integration point for your existing tooling.
Your app can be configured using the
drie app config command to set and unset environment variables and restart your application. As with all application changes, these are applied as a rolling update across your instances to maintain availability.
This configuration can be used to configure changes between the app in your "development" and "production" environments. It can also be used to control feature flags to quickly test and reset features in production.