Programming Infrastructure with AWS CDK

Transcript

1. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential
   Programming Infrastructure with
   AWS CDK
   Donnie Prakoso
   Senior Technical Evangelist, ASEAN
   Amazon Web Services
   @donnieprakoso
   donnieprakoso
   https://donnie.id
   

   View Slide

2. > hello, world
   Donnie Prakoso, MSc
   Senior Technical Evangelist, ASEAN
   @donnieprakoso
   • 15+ years in software development and system operations
   • Banking industry, telco to startups
   • From software developer to R&D manager to CTO
   • I talk a lot about microservices and machine learning
   • Self-proclaimed Barista and Café Racer enthusiasts
   donnieprakoso
   

   View Slide

3. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
   © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark
   Introduction to infrastructure
   as code
   

   View Slide

4. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
   Level 0: Creating infrastructure by hand
   Your organization’s
   infrastructure
   

   View Slide

5. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
   Manual
   Easy to get started
   Not reproducible
   Error prone
   Time consuming Manual
   High
   level
   Low
   level
   

   View Slide

6. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
   Level 1: Imperative infrastructure as code
   Your organization’s
   infrastructure
   deploy.script
   AWS SDK
   

   View Slide

7. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
   Level 1: Imperative infrastructure as code
   • Lots of boilerplate
   • What if something fails
   and we need to retry?
   • What if two people try to
   run the script at once?
   • Race conditions?
   resource = getResource(xyz)
   if (resource == desiredResource) {
   return
   } else if (!resource) {
   createResource(desiredResource)
   } else {
   updateResource(desiredResource)
   }
   deploy.script
   

   View Slide

8. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
   Scripted
   What happens if an API call fails?
   How do I make updates?
   How do I know a resource is ready?
   How do I roll back?
   Scripted
   Manual
   High
   level
   Low
   level
   

   View Slide

9. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
   Level 2: Declarative infrastructure as code
   Your organization’s
   infrastructure
   infrastructure.txt
   AWS CloudFormation
   HashiCorp
   Terraform
   AWS SDK
   

   View Slide

10. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    Level 2: Declarative infrastructure as code
    infrastructure.txt
    • Just a list of each resource
    to create and its
    properties, in this case
    YAML format
    • Some minor helper
    functions may be built in
    to aid in fetching values
    dynamically
    Resources:
    # VPC in which containers will be networked.
    # It has two public subnets
    # We distribute the subnets across the first two available subnets
    # for the region, for high availability.
    VPC:
    Type: AWS::EC2::VPC
    Properties:
    EnableDnsSupport: true
    EnableDnsHostnames: true
    CidrBlock: !FindInMap ['SubnetConfig', 'VPC', 'CIDR']
    # Two public subnets, where containers can have public IP addresses
    PublicSubnetOne:
    Type: AWS::EC2::Subnet
    Properties:
    AvailabilityZone:
    Fn::Select:
    - 0
    - Fn::GetAZs: {Ref: 'AWS::Region'}
    VpcId: !Ref 'VPC'
    CidrBlock: !FindInMap ['SubnetConfig', 'PublicOne', 'CIDR']
    MapPublicIpOnLaunch: true
    PublicSubnetTwo:
    Type: AWS::EC2::Subnet
    Properties:
    AvailabilityZone:
    Fn::Select:
    - 1
    - Fn::GetAZs: {Ref: 'AWS::Region'}
    VpcId: !Ref 'VPC'
    CidrBlock: !FindInMap ['SubnetConfig', 'PublicTwo', 'CIDR']
    MapPublicIpOnLaunch: true
    

    View Slide

11. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    Resource provisioning engines
    AWS CloudFormation
    template
    (JSON/YAML)
    HashiCorp Configuration
    Language (HCL)
    Desired state configuration
    Declarative
    Scripted
    Manual
    High
    level
    Low
    level
    Easy to automate
    Reproducible
    Configuration syntax
    No abstraction, lots of details
    

    View Slide

12. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    Document Object Models (DOMs)
    Troposphere Python
    SparkleFormation Ruby
    GoFormation Go
    …
    if statements, for loops, IDE benefits
    Ex: 218 lines of Troposphere for a VPC
    AWS
    CloudFormatio
    n Template
    Real code ♥
    Desired state
    Abstraction is not built-in
    DOMs
    Declarative
    Scripted
    Manual
    High
    level
    Low
    level
    

    View Slide

13. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    Level 3: AWS Cloud Development Kit (AWS CDK)
    Your organization’s
    infrastructure
    app.js
    AWS CloudFormation AWS SDK
    AWS CDK
    

    View Slide

14. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    Developer preview
    AWS
    CloudFormation
    template
    AWS CDK application
    Stack(s)
    Construct Construct
    AWS CDK
    Componentized
    DOMs
    Declarative
    Scripted
    Manual
    High
    level
    Low
    level
    Resources
    

    View Slide

15. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    Level 3: AWS CDK
    • Write in a familiar
    programming language
    • Create many underlying
    AWS resources at once
    with a single construct
    • Each stack is made up of
    “constructs,” which are
    simple classes in the code
    • Still declarative, no need
    to handle create vs update
    app.js
    app.py
    class MyService extends cdk.Stack {
    constructor(scope: cdk.App, id: string) {
    super(scope, id);
    // Network for all the resources
    const vpc = new ec2.Vpc(this, 'MyVpc', { maxAzs: 2 });
    // Cluster to hold all the containers
    const cluster = new ecs.Cluster(this, 'Cluster', { vpc: vpc });
    // Load balancer for the service
    const LB = new elbv2.ApplicationLoadBalancer(this, 'LB', {
    vpc: vpc,
    internetFacing: true
    });
    }
    }
    

    View Slide

16. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    VPC
    Public Subnet in
    Availability Zone
    Public Subnet in
    Availability Zone 2
    Private Subnet in
    Availability Zone
    Private Subnet in
    Availability Zone 2
    Internet
    gateway
    NAT
    gateway
    NAT
    gateway
    One CDK construct expands to many underlying
    resources
    cdk deploy
    // Network for all the resources
    const vpc = new ec2.Vpc(stack, 'MyVpc', { maxAzs: 2 });
    

    View Slide

17. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    One CDK construct expands to many underlying
    resources
    270 lines of AWS
    CloudFormation YAML
    I don’t have to write!
    cdk synth
    // Network for all the resources
    const vpc = new ec2.Vpc(stack, 'MyVpc', { maxAzs: 2 });
    

    View Slide

18. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    

    View Slide

19. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
    © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark
    Go Build!
    @donnieprakoso
    donnieprakoso
    https://donnie.id
    

    View Slide