Getting started with AWS: CloudFormation

Transcript

1. Getting started with AWS: CloudFormation Darko Meszaros Developer Advocate -

   AWS @darkosubotica ln/darko-mesaros twitch.tv/ruptwelve youtu.be/ruptwelve

2. © 2020, Amazon Web Services, Inc. or its Affiliates. Agenda

   for today • Infrastructure as Code • AWS CloudFormation • Demo/LiveCoding – the fun part • Best practices • Wrap up

3. © 2020, Amazon Web Services, Inc. or its Affiliates. Where

   do we start?

4. © 2020, Amazon Web Services, Inc. or its Affiliates. A

   DevOps engineer!

5. © 2020, Amazon Web Services, Inc. or its Affiliates. Oliver

6. © 2020, Amazon Web Services, Inc. or its Affiliates. Developer

   Sandbox Dev Pre-Prod Workloads Security Security AWS Organizations Shared Services Network Log Archive Prod Team Shared Services Network Path Sandbox Data Center Orgs: Account management Log Archive: Security logs Security: Security tools, AWS Config rules Shared services: Directory, limit monitoring Network: AWS Direct Connect Dev Sandbox: Experiments, Learning Dev: Development Pre-Prod: Staging Prod: Production Team SS: Team Shared Services, Data Lake Infrastructure Oliver

7. © 2020, Amazon Web Services, Inc. or its Affiliates.

8. © 2020, Amazon Web Services, Inc. or its Affiliates. The

   job is done, right?

9. © 2020, Amazon Web Services, Inc. or its Affiliates. Now

   do that 500 times more!

10. © 2020, Amazon Web Services, Inc. or its Affiliates.

11. © 2020, Amazon Web Services, Inc. or its Affiliates. Oliver

12. © 2020, Amazon Web Services, Inc. or its Affiliates. $(whoami)

    Darko Mesaroš / Darko Meszaros / Дарко Месарош ! → " → # → $ → % Berlin ! @darkosubotica ln/darko-mesaros twitch.tv/ruptwelve

13. © 2020, Amazon Web Services, Inc. or its Affiliates. What

    is Infrastructure as Code?

14. © 2020, Amazon Web Services, Inc. or its Affiliates.

15. © 2020, Amazon Web Services, Inc. or its Affiliates.

16. © 2020, Amazon Web Services, Inc. or its Affiliates. Infrastructure

    as code ✓ Make infrastructure changes repeatable and predictable ✓ Release infrastructure changes using the same tools as code changes ✓ Replicate production in a staging environment to enable continuous testing

17. © 2020, Amazon Web Services, Inc. or its Affiliates. AWS

    CloudFormation

18. © 2020, Amazon Web Services, Inc. or its Affiliates. AWS

    CloudFormation • Infrastructure as code (IaC) • Provides a common language for you to describe and provision all the infrastructure resources in your cloud environment • Build and rebuild your infrastructure and applications, without having to perform manual actions or write custom scripts https://aws.amazon.com/cloudformation/

19. © 2020, Amazon Web Services, Inc. or its Affiliates. Sample

    AWS CloudFormation code • Code is written in files called templates • A stack is generated from a template • Templates primarily define resources for an application • AWS CloudFormation can create over 490 types of resources • Each resource is configured based on its available properties • Dependencies can be explicitly declared or implicitly discovered AWSTemplateFormatVersion: "2010-09-09" Description: A CodeCommit Repo and Cloud9 Environment Resources: MyRepo: Type: "AWS::CodeCommit::Repository" Properties: RepositoryName: MyRepo RepositoryDescription: Sample Repository for Demo MyC9Environment: Type: "AWS::Cloud9::EnvironmentEC2" Properties: Repositories: - PathComponent: /cfn RepositoryUrl: !GetAtt MyRepo.CloneUrlHttp InstanceType: t2.micro

20. © 2020, Amazon Web Services, Inc. or its Affiliates. Anatomy

    of an AWS CloudFormation template • Resources • Parameters and Mappings • Conditions • Outputs

21. © 2020, Amazon Web Services, Inc. or its Affiliates. Testing

    via pipelines • As you would with other application code, templates should be version controlled and tested via CI/CD pipelines • The linter can be run in an AWS CodeBuild step to ensure that teams comply with rules and standards • Additional tools, like taskcat (available on GitHub), allow tests across regions Git push Templates AWS CodeCommit AWS CodePipeline AWS CodeBuild AWS CloudFormation Region AWS CodeDeploy

22. © 2020, Amazon Web Services, Inc. or its Affiliates. But

    I use resources outside of AWS!

23. © 2020, Amazon Web Services, Inc. or its Affiliates. CloudFormation

    registry Open CLI Open providers Introducing the AWS CloudFormation registry An open approach to managing external resources

24. © 2020, Amazon Web Services, Inc. or its Affiliates. AWS

    CloudFormation registry and CLI • Allows AWS CloudFormation to support native and non-AWS resources while inheriting many core benefits like rollbacks • Use the AWS CloudFormation CLI tool to create resource providers using JSON schema-driven development, generating many of the code assets for you • Use third-party resource providers as you would use native AWS resource types

25. © 2020, Amazon Web Services, Inc. or its Affiliates. I

    was told there would be demos.

26. © 2020, Amazon Web Services, Inc. or its Affiliates.

27. © 2020, Amazon Web Services, Inc. or its Affiliates. Best

    practices (1/3) • Layer your application to reduce blast radius when updating resources • Use multiple, isolated environments for testing, production, development, staging, etc. • Smaller files are easier to write, test, and troubleshoot Instances, Auto Scaling groups API endpoints, functions Alarms, dashboards VPCs, NAT gateways, VPNs, subnets IAM users, groups, roles, policies Front-end resources Backend services Stateful resources Base network Identity & security Monitoring resources Databases and clusters, queues

28. © 2020, Amazon Web Services, Inc. or its Affiliates. Best

    practices (2/3) • Resource import for stack refactoring • Drift detection to prevent issues that may cause stack update operations to fail • Use resource import to fix drift

29. © 2020, Amazon Web Services, Inc. or its Affiliates. Best

    practices (3/3) • Parameters and Mappings • Secrets Manager and SSM Parameter store • Do not hardcode sensitive information Resources: MyRDSDB: Type: "AWS::RDS::DBInstance" Properties: DBInstanceClass: db.t2.medium AllocatedStorage: ’20’ Engine: mariadb EngineVersion: ’10.2’ MasterUsername: appadmin MasterUserPassword: ‘{{resolve:ssm-secure:ssbRDSmEcntl:1}}'

30. © 2020, Amazon Web Services, Inc. or its affiliates. All

    rights reserved.

31. © 2020, Amazon Web Services, Inc. or its Affiliates. Takeaways!

    • CloudFormation is an AWS native service for writing infrastructure as code! • Test your CFN code via pipelines – so many tools out there! • Do not write everything at once and all in the same place!

32. Thank you! © 2020, Amazon Web Services, Inc. or its

    affiliates. All rights reserved. Darko Meszaros Developer Advocate - AWS @darkosubotica ln/darko-mesaros twitch.tv/ruptwelve youtu.be/ruptwelve