Getting started with AWS: CloudFormation

Getting started with AWS: CloudFormation

 Learn how to add Amazon Cloudformation to your CI/CD pipeline and treat infrastructure changes the same way you would your code by creating a pull request, reviewing the changes and merging into the main branch to automatically deploy.

Github links:
- Complex Example: https://github.com/darko-mesaros/cfn-autoscaling-webapp
- Simple EC2 Template: https://gist.github.com/darko-mesaros/e7b557fb63b7a0e5f3e90189e209d61a

8db231d3fe08b46242f6e0e45c95eee1?s=128

Darko Mesaros

July 28, 2020
Tweet

Transcript

  1. Getting started with AWS: CloudFormation Darko Meszaros Developer Advocate -

    AWS @darkosubotica ln/darko-mesaros twitch.tv/ruptwelve youtu.be/ruptwelve
  2. © 2020, Amazon Web Services, Inc. or its Affiliates. Agenda

    for today • Infrastructure as Code • AWS CloudFormation • Demo/LiveCoding – the fun part • Best practices • Wrap up
  3. © 2020, Amazon Web Services, Inc. or its Affiliates. Where

    do we start?
  4. © 2020, Amazon Web Services, Inc. or its Affiliates. A

    DevOps engineer!
  5. © 2020, Amazon Web Services, Inc. or its Affiliates. Oliver

  6. © 2020, Amazon Web Services, Inc. or its Affiliates. Developer

    Sandbox Dev Pre-Prod Workloads Security Security AWS Organizations Shared Services Network Log Archive Prod Team Shared Services Network Path Sandbox Data Center Orgs: Account management Log Archive: Security logs Security: Security tools, AWS Config rules Shared services: Directory, limit monitoring Network: AWS Direct Connect Dev Sandbox: Experiments, Learning Dev: Development Pre-Prod: Staging Prod: Production Team SS: Team Shared Services, Data Lake Infrastructure Oliver
  7. © 2020, Amazon Web Services, Inc. or its Affiliates.

  8. © 2020, Amazon Web Services, Inc. or its Affiliates. The

    job is done, right?
  9. © 2020, Amazon Web Services, Inc. or its Affiliates. Now

    do that 500 times more!
  10. © 2020, Amazon Web Services, Inc. or its Affiliates.

  11. © 2020, Amazon Web Services, Inc. or its Affiliates. Oliver

  12. © 2020, Amazon Web Services, Inc. or its Affiliates. $(whoami)

    Darko Mesaroš / Darko Meszaros / Дарко Месарош ! → " → # → $ → % Berlin ! @darkosubotica ln/darko-mesaros twitch.tv/ruptwelve
  13. © 2020, Amazon Web Services, Inc. or its Affiliates. What

    is Infrastructure as Code?
  14. © 2020, Amazon Web Services, Inc. or its Affiliates.

  15. © 2020, Amazon Web Services, Inc. or its Affiliates.

  16. © 2020, Amazon Web Services, Inc. or its Affiliates. Infrastructure

    as code ✓ Make infrastructure changes repeatable and predictable ✓ Release infrastructure changes using the same tools as code changes ✓ Replicate production in a staging environment to enable continuous testing
  17. © 2020, Amazon Web Services, Inc. or its Affiliates. AWS

    CloudFormation
  18. © 2020, Amazon Web Services, Inc. or its Affiliates. AWS

    CloudFormation • Infrastructure as code (IaC) • Provides a common language for you to describe and provision all the infrastructure resources in your cloud environment • Build and rebuild your infrastructure and applications, without having to perform manual actions or write custom scripts https://aws.amazon.com/cloudformation/
  19. © 2020, Amazon Web Services, Inc. or its Affiliates. Sample

    AWS CloudFormation code • Code is written in files called templates • A stack is generated from a template • Templates primarily define resources for an application • AWS CloudFormation can create over 490 types of resources • Each resource is configured based on its available properties • Dependencies can be explicitly declared or implicitly discovered AWSTemplateFormatVersion: "2010-09-09" Description: A CodeCommit Repo and Cloud9 Environment Resources: MyRepo: Type: "AWS::CodeCommit::Repository" Properties: RepositoryName: MyRepo RepositoryDescription: Sample Repository for Demo MyC9Environment: Type: "AWS::Cloud9::EnvironmentEC2" Properties: Repositories: - PathComponent: /cfn RepositoryUrl: !GetAtt MyRepo.CloneUrlHttp InstanceType: t2.micro
  20. © 2020, Amazon Web Services, Inc. or its Affiliates. Anatomy

    of an AWS CloudFormation template • Resources • Parameters and Mappings • Conditions • Outputs
  21. © 2020, Amazon Web Services, Inc. or its Affiliates. Testing

    via pipelines • As you would with other application code, templates should be version controlled and tested via CI/CD pipelines • The linter can be run in an AWS CodeBuild step to ensure that teams comply with rules and standards • Additional tools, like taskcat (available on GitHub), allow tests across regions Git push Templates AWS CodeCommit AWS CodePipeline AWS CodeBuild AWS CloudFormation Region AWS CodeDeploy
  22. © 2020, Amazon Web Services, Inc. or its Affiliates. But

    I use resources outside of AWS!
  23. © 2020, Amazon Web Services, Inc. or its Affiliates. CloudFormation

    registry Open CLI Open providers Introducing the AWS CloudFormation registry An open approach to managing external resources
  24. © 2020, Amazon Web Services, Inc. or its Affiliates. AWS

    CloudFormation registry and CLI • Allows AWS CloudFormation to support native and non-AWS resources while inheriting many core benefits like rollbacks • Use the AWS CloudFormation CLI tool to create resource providers using JSON schema-driven development, generating many of the code assets for you • Use third-party resource providers as you would use native AWS resource types
  25. © 2020, Amazon Web Services, Inc. or its Affiliates. I

    was told there would be demos.
  26. © 2020, Amazon Web Services, Inc. or its Affiliates.

  27. © 2020, Amazon Web Services, Inc. or its Affiliates. Best

    practices (1/3) • Layer your application to reduce blast radius when updating resources • Use multiple, isolated environments for testing, production, development, staging, etc. • Smaller files are easier to write, test, and troubleshoot Instances, Auto Scaling groups API endpoints, functions Alarms, dashboards VPCs, NAT gateways, VPNs, subnets IAM users, groups, roles, policies Front-end resources Backend services Stateful resources Base network Identity & security Monitoring resources Databases and clusters, queues
  28. © 2020, Amazon Web Services, Inc. or its Affiliates. Best

    practices (2/3) • Resource import for stack refactoring • Drift detection to prevent issues that may cause stack update operations to fail • Use resource import to fix drift
  29. © 2020, Amazon Web Services, Inc. or its Affiliates. Best

    practices (3/3) • Parameters and Mappings • Secrets Manager and SSM Parameter store • Do not hardcode sensitive information Resources: MyRDSDB: Type: "AWS::RDS::DBInstance" Properties: DBInstanceClass: db.t2.medium AllocatedStorage: ’20’ Engine: mariadb EngineVersion: ’10.2’ MasterUsername: appadmin MasterUserPassword: ‘{{resolve:ssm-secure:ssbRDSmEcntl:1}}'
  30. © 2020, Amazon Web Services, Inc. or its affiliates. All

    rights reserved.
  31. © 2020, Amazon Web Services, Inc. or its Affiliates. Takeaways!

    • CloudFormation is an AWS native service for writing infrastructure as code! • Test your CFN code via pipelines – so many tools out there! • Do not write everything at once and all in the same place!
  32. Thank you! © 2020, Amazon Web Services, Inc. or its

    affiliates. All rights reserved. Darko Meszaros Developer Advocate - AWS @darkosubotica ln/darko-mesaros twitch.tv/ruptwelve youtu.be/ruptwelve