AWS Tech Summit EMEA

Transcript

1. Modern Infrastructure Lifecycle Management Sr. Developer Advocate Kerim Satirli

2. AWS Community Builder (Y3) Security & Identity he / him

   @ksatirli Kerim Satirli

3. 01 01 Overview

4. Security Lifecycle Infrastructure Lifecycle Tools for identity-based security, and identity-based

   user access, and service-based networking. Tools to build and manage images, provision infrastructure as code, provide internal developer platforms, and run any kind of workload. Portfolio

5. Infrastructure Lifecycle Security Lifecycle Portfolio

6. Infrastructure WORKFLOW AUTOMATION SYSTEM OF RECORD LIFECYCLE MANAGEMENT Infrastructure as

   code to build, deploy and manage the lifecycle of infrastructure and applications.

7. Build Author infrastructure and images as code Create and share

   reusable code Collaborate safely via version control

8. Deploy Enforce security and compliance Standardize provisioning workflows Enable self-service

   patterns

9. Manage Gain organization-wide visibility Monitor infrastructure health and drift Auto-destroy

   temporary resources

10. Security Infrastructure Compose Collaborate Publish and discover Enforce policy Enable

    self-service Observe and respond Manage all secrets Enforce policy Ensure continuity Automate and observe Remediate Encrypt seamlessly Stage 1: Adopting Stage 2: Standardizing Stage 3: Scaling Blueprint for customer success

11. 02 HashiCorp Terraform

12. provider "aws" { region = "eu-central-1" profile = "AWSTechSummitEMEA" default_tags

    { Environment = "workshops" } } Provider Terraform uses plugins called "Providers" to interact with APIs. Providers add support for AWS services and related SaaS tools. module "eks_blueprints_addon" { source = "aws-ia/eks-blueprints-addon" version = "1.1.1" chart = "vault" chart_version = "1.16.0" description = "Vault for EKS" } Module Encapsulates Terraform files and docs in a ready-to-use format. Can be used to create best-practice building blocks for your customers. Terraform Concepts Terraform CLI that provides access to all Terraform operations. Works locally, and remote via HCP Terraform (SaaS offering) >_ terraform version Terraform v1.10.0 on darwin_amd64

13. data "aws_ami" "main" { most_recent = true filter { name

    = "owner-alias" values = ["amazon"] } } Data Sources Used by Terraform to consume infrastructure that is not managed by Terraform. Only read operations are supported. { "version": 3, "serial": 2, "terraform_version": "1.10.0", "backend": { "type": "cloud" } } State Maps real world resources and their metadata to your Terraform configuration. Can be stored in HCP Terraform to enable team-wide collaboration. Terraform Concepts Resources Used by Terraform to manage the full lifecycle of an infrastructure item. Create, read, update, and delete operations are supported. resource "aws_instance" "main" { ami = data.aws_ami.main.id instance_type = "t3.micro" tags = { Event = "AWSTechSummitEMEA" } }

14. Terraform Ecosystem Registry Primary interface for all published providers, modules,

    run tasks and more. Houses extensive documentation on resources and data sources. Developer Zone Extensive documentation for all HashiCorp products, including SaaS and Enterprise editions. Includes best-practices guides and solutions-oriented tutorials. Certifications Easily communicate product- specific knowledge and proficiency with verifiable results and badges. Exams test conceptual and real- world experience of products.

15. HashiCorp Terraform on AWS 03

16. How many Regions does AWS support?

17. AWS Regions data "aws_regions" "main" {}

18. Multi-Region Deployment aws_regions = toset([ "af-south-1", "ap-east-1", "ap-northeast-1", "ap-northeast-2", "ap-northeast-3",

    "ap-south-1", "ap-southeast-1", "ap-southeast-2", "ap-southeast-3", "ca-central-1", "eu-central-1", "eu-north-1", "eu-south-1", "eu-south-2", "eu-west-1", "eu-west-2", "eu-west-3", "me-south-1", "sa-east-1", "us-east-1", AWS Regions

19. Multi-Regional Workspaces module "regional_aws_workspaces" { for_each = toset(data.aws_regions.main.names) source =

    "ksatirli/regional-workspace/tfe" version = "1.2.0" }

20. Multi-Regional Workspaces module "regional_aws_workspaces" { for_each = toset(data.aws_regions.main.names) source =

    "ksatirli/regional-workspace/tfe" version = "1.2.0" region = { category = "terraform" identifier = each.key prefix = "aws" variable = "aws_region" } vcs_repo = { identifier = "workloads/regional-aws-deployment" branch = "main" } }

21. Multi-Regional Deployments app.terraform.io/app/workloads/workspaces Errored Errored Errored Errored

22. Multi-Regional Failures

23. Single-region Service Quotas console.aws.amazon.com/support

24. Multi-Region Deployment # look up Service Code for EC2 instances

    data "aws_servicequotas_service" "ec2" { provider = "aws.us-east-1" service_name = "Amazon Elastic Compute Cloud (Amazon EC2)" } # update Service Quota for M5 EC2 instances resource "aws_servicequotas_service_quota" "ec2" { provider = "aws.us-east-1" # allow up to 100 M5 instances quota_code = "L-8B7BF662" service_code = data.aws_servicequotas_service.ec2.service_code value = 100 }

25. ✉ from AWS Support mail.hashicorp.com Mail

26. Multi-Regional Deployments app.terraform.io/app/workloads/workspaces

27. Multi-Region Deployment

28. Terraform Provider for AWS registry.terraform.io/providers/hashicorp/aws

29. Terraform Provider for AWS Cloud Control registry.terraform.io/providers/hashicorp/awscc

30. 04 Next Steps

31. HCP Terraform app.terraform.io Welly Siauw WW DevOps Principal PSA [email protected]

    [email protected]

32. HashiCorp wiki page w.amazon.com/bin/view/HashiCorp/AWS/Home

33. Technical Field Community Wiki w.amazon.com/bin/view/AWS/Teams/TFC/ISV/Home/

34. Technical Field Community Wiki youtu.be/YjeJogghKnQ

35. Q & A

36. Does Terraform support multi-cloud deployments?

37. Multi-Cloud Deployments provider "aws" { region = " default_tags {

    Environment = "workshops" } } eu-central-1"

38. Multi-Cloud Deployments provider "aws" { region = " default_tags {

    Environment = "workshops" } } cn-north-1"

39. Multi-Cloud Deployments provider "aws" { region = " default_tags {

    Environment = "workshops" } } us-gov-east-1"

40. ©2024 HASHICORP

41. Thank you speakerdeck.com/ksatirli/aws-tech-summit-emea