Getting started with AWS: CloudFormation

Transcript

1. Getting started with AWS:
   CloudFormation
   Darko Meszaros
   Developer Advocate - AWS
   @darkosubotica
   ln/darko-mesaros
   twitch.tv/ruptwelve
   youtu.be/ruptwelve
   

   View Slide

2. © 2020, Amazon Web Services, Inc. or its Affiliates.
   Agenda for today
   • Infrastructure as Code
   • AWS CloudFormation
   • Demo/LiveCoding – the fun part
   • Best practices
   • Wrap up
   

   View Slide

3. © 2020, Amazon Web Services, Inc. or its Affiliates.
   Where do we start?
   
   

   View Slide

4. © 2020, Amazon Web Services, Inc. or its Affiliates.
   A DevOps engineer!
   

   View Slide

5. © 2020, Amazon Web Services, Inc. or its Affiliates.
   Oliver
   

   View Slide

6. © 2020, Amazon Web Services, Inc. or its Affiliates.
   Developer
   Sandbox
   Dev Pre-Prod
   Workloads
   Security
   Security
   AWS Organizations
   Shared
   Services
   Network
   Log Archive Prod
   Team Shared
   Services
   Network Path
   Sandbox Data Center
   Orgs: Account management
   Log Archive: Security logs
   Security: Security tools, AWS Config rules
   Shared services: Directory, limit monitoring
   Network: AWS Direct Connect
   Dev Sandbox: Experiments, Learning
   Dev: Development
   Pre-Prod: Staging
   Prod: Production
   Team SS: Team Shared Services, Data Lake
   Infrastructure
   Oliver
   
   

   View Slide

7. © 2020, Amazon Web Services, Inc. or its Affiliates.
   

   View Slide

8. © 2020, Amazon Web Services, Inc. or its Affiliates.
   The job is done, right?
   
   

   View Slide

9. © 2020, Amazon Web Services, Inc. or its Affiliates.
   Now do that 500 times
   more!
   

   View Slide

10. © 2020, Amazon Web Services, Inc. or its Affiliates.
    
    

    View Slide

11. © 2020, Amazon Web Services, Inc. or its Affiliates.
    Oliver
    
    

    View Slide

12. © 2020, Amazon Web Services, Inc. or its Affiliates.
    $(whoami) Darko Mesaroš / Darko Meszaros /
    Дарко Месарош
    ! → " → # → $ → %
    Berlin !
    @darkosubotica
    ln/darko-mesaros
    twitch.tv/ruptwelve
    

    View Slide

13. © 2020, Amazon Web Services, Inc. or its Affiliates.
    What is Infrastructure as Code?
    

    View Slide

14. © 2020, Amazon Web Services, Inc. or its Affiliates.
    

    View Slide

15. © 2020, Amazon Web Services, Inc. or its Affiliates.
    

    View Slide

16. © 2020, Amazon Web Services, Inc. or its Affiliates.
    Infrastructure as code
    ✓
    Make infrastructure
    changes repeatable and
    predictable
    ✓
    Release infrastructure
    changes using the same
    tools as code changes
    ✓
    Replicate production in
    a staging environment
    to enable continuous
    testing
    

    View Slide

17. © 2020, Amazon Web Services, Inc. or its Affiliates.
    AWS CloudFormation
    

    View Slide

18. © 2020, Amazon Web Services, Inc. or its Affiliates.
    AWS CloudFormation
    • Infrastructure as code (IaC)
    • Provides a common language for you to
    describe and provision all the infrastructure
    resources in your cloud environment
    • Build and rebuild your infrastructure and
    applications, without having to perform
    manual actions or write custom scripts
    https://aws.amazon.com/cloudformation/
    

    View Slide

19. © 2020, Amazon Web Services, Inc. or its Affiliates.
    Sample AWS CloudFormation code
    • Code is written in files
    called templates
    • A stack is generated from
    a template
    • Templates primarily define
    resources for an application
    • AWS CloudFormation can create
    over 490 types of resources
    • Each resource is configured
    based on its available properties
    • Dependencies can be explicitly
    declared or implicitly discovered
    AWSTemplateFormatVersion: "2010-09-09"
    Description: A CodeCommit Repo and Cloud9 Environment
    Resources:
    MyRepo:
    Type: "AWS::CodeCommit::Repository"
    Properties:
    RepositoryName: MyRepo
    RepositoryDescription: Sample Repository for Demo
    MyC9Environment:
    Type: "AWS::Cloud9::EnvironmentEC2"
    Properties:
    Repositories:
    - PathComponent: /cfn
    RepositoryUrl: !GetAtt MyRepo.CloneUrlHttp
    InstanceType: t2.micro
    

    View Slide

20. © 2020, Amazon Web Services, Inc. or its Affiliates.
    Anatomy of an AWS CloudFormation template
    • Resources
    • Parameters and Mappings
    • Conditions
    • Outputs
    

    View Slide

21. © 2020, Amazon Web Services, Inc. or its Affiliates.
    Testing via pipelines
    • As you would with other application code, templates should be version
    controlled and tested via CI/CD pipelines
    • The linter can be run in an AWS CodeBuild step to ensure that teams comply
    with rules and standards
    • Additional tools, like taskcat (available on GitHub), allow tests across regions
    Git push
    Templates
    AWS
    CodeCommit
    AWS
    CodePipeline
    AWS
    CodeBuild
    AWS
    CloudFormation
    Region
    AWS
    CodeDeploy
    

    View Slide

22. © 2020, Amazon Web Services, Inc. or its Affiliates.
    But I use resources outside of AWS!
    

    View Slide

23. © 2020, Amazon Web Services, Inc. or its Affiliates.
    CloudFormation
    registry
    Open
    CLI
    Open
    providers
    Introducing the AWS CloudFormation registry
    An open approach to managing external resources
    

    View Slide

24. © 2020, Amazon Web Services, Inc. or its Affiliates.
    AWS CloudFormation registry and CLI
    • Allows AWS CloudFormation to
    support native and
    non-AWS resources while inheriting
    many core benefits like rollbacks
    • Use the AWS CloudFormation CLI
    tool to create resource providers
    using JSON schema-driven
    development, generating many of
    the code assets for you
    • Use third-party resource providers
    as you would use native AWS
    resource types
    

    View Slide

25. © 2020, Amazon Web Services, Inc. or its Affiliates.
    I was told there would be
    demos.
    

    View Slide

26. © 2020, Amazon Web Services, Inc. or its Affiliates.
    

    View Slide

27. © 2020, Amazon Web Services, Inc. or its Affiliates.
    Best practices (1/3)
    • Layer your application to
    reduce blast radius when
    updating resources
    • Use multiple, isolated
    environments for testing,
    production, development,
    staging, etc.
    • Smaller files are easier to
    write, test, and troubleshoot
    Instances, Auto Scaling groups
    API endpoints, functions
    Alarms, dashboards
    VPCs, NAT gateways, VPNs, subnets
    IAM users, groups, roles, policies
    Front-end
    resources
    Backend
    services
    Stateful
    resources
    Base
    network
    Identity &
    security
    Monitoring
    resources
    Databases and clusters, queues
    

    View Slide

28. © 2020, Amazon Web Services, Inc. or its Affiliates.
    Best practices (2/3)
    • Resource import for stack refactoring
    • Drift detection to prevent issues that may cause stack update operations to fail
    • Use resource import to fix drift
    

    View Slide

29. © 2020, Amazon Web Services, Inc. or its Affiliates.
    Best practices (3/3)
    • Parameters and Mappings
    • Secrets Manager and SSM
    Parameter store
    • Do not hardcode sensitive
    information
    Resources:
    MyRDSDB:
    Type: "AWS::RDS::DBInstance"
    Properties:
    DBInstanceClass: db.t2.medium
    AllocatedStorage: ’20’
    Engine: mariadb
    EngineVersion: ’10.2’
    MasterUsername: appadmin
    MasterUserPassword: ‘{{resolve:ssm-secure:ssbRDSmEcntl:1}}'
    

    View Slide

30. © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    

    View Slide

31. © 2020, Amazon Web Services, Inc. or its Affiliates.
    Takeaways!
    • CloudFormation is an AWS native service for writing infrastructure as code!
    • Test your CFN code via pipelines – so many tools out there!
    • Do not write everything at once and all in the same place!
    

    View Slide

32. Thank you!
    © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    Darko Meszaros
    Developer Advocate - AWS
    @darkosubotica
    ln/darko-mesaros
    twitch.tv/ruptwelve
    youtu.be/ruptwelve
    

    View Slide