Slide 1

Slide 1 text

Infrastructure Code Testing in CI/CD Pipelines Chuck Meyer, Sr. Dev Advocate AWS CloudFormation 1 / 15

Slide 2

Slide 2 text

Agenda 1. Who I am 2. Infrastructure as code 3. Automating infrastructure 4. Layering in testing 5. Putting it all together 2 / 15

Slide 3

Slide 3 text

Who I am Chuck Meyer [email protected] Sr Developer Advocate, AWS CloudFormation 5 years at AWS Infrastructure as Code and DevOps Security Automation / DevSecOps 20+ Years in Technology Recent Ohio boomerang @chuckm 3 / 15

Slide 4

Slide 4 text

Infrastructure as Code Declarative or imperative statements describing hardware, software and services and their relationships. 4 / 15

Slide 5

Slide 5 text

Infrastructure as Code Declarative or imperative statements describing hardware, software and services and their relationships. Resource: MyWebServer Class: Server Type: ExtraBig Ports: - 443 4 / 15

Slide 6

Slide 6 text

Infrastructure as Code Declarative or imperative statements describing hardware, software and services and their relationships. Resource: MyWebServer Class: Server Type: ExtraBig Ports: - 443 (or maybe) server_names = [ 'Red', 'Blue', 'Green'] for name in server_names: launch_server(name, 'web') 4 / 15

Slide 7

Slide 7 text

Infrastructure as Code Flavors Declarative Chef/Puppet/Ansible/Salt Terraform CloudFormation (AWS) Azure Resource Manager (ARM) Cloud Deployment Manager (GCP) Imperative Pulumi Cloud Development Kit (AWS) 5 / 15

Slide 8

Slide 8 text

Infrastructure as Code Flavors Declarative Chef/Puppet/Ansible/Salt Terraform CloudFormation (AWS) Azure Resource Manager (ARM) Cloud Deployment Manager (GCP) Imperative Pulumi Cloud Development Kit (AWS) (we can probably fight about this) 5 / 15

Slide 9

Slide 9 text

Automating Infrastructure Infrastructure is code, so deploy it like code Source control Orchestration Permissioning Deployment and Promotion 6 / 15

Slide 10

Slide 10 text

Automating Infrastructure Infrastructure is code, so deploy it like code Source control Orchestration Permissioning Deployment and Promotion (So basically, CI/CD) 6 / 15

Slide 11

Slide 11 text

Layering in Testing Infrastructure is code, so test it like code Validation/Linting Unit Tests Integration Tests 7 / 15

Slide 12

Slide 12 text

Validation Is my code syntactically viable? Built in validators terraform validate aws cloudformation validate-template Linters FoodCritic (Chef) cfn­lint (CloudFormation) terraform­validator 8 / 15

Slide 13

Slide 13 text

Unit Testing Validate the behavior of individual components But you can't mock infrastructure... 9 / 15

Slide 14

Slide 14 text

Well, you can... 10 / 15

Slide 15

Slide 15 text

Well, you can... ... but it's not nice. 10 / 15

Slide 16

Slide 16 text

Unit Testing Validate the behavior of individual components But you can't mock infrastructure... Decompose into multiple files and test either statically or in a live account. ChefSpec (static) cfn_nag (static) Terratest (live) 11 / 15

Slide 17

Slide 17 text

Integration Testing Validate the behavior of the complete infrastructure Deploy the full infrastructure and test it end­to­end. (Preferably in a controlled test account) TestKitchen (Chef) TaskCat (CloudFormation) Kitchen­Terraform 12 / 15

Slide 18

Slide 18 text

What to test? Resource misconfiguration (Will it deploy?) Software defined network (Unexpected ingress or egress?) Permissions (Too many wildcards) Encryption Dependencies (Is everything else there?) Lifecycle (Are you going to delete my database?) 13 / 15

Slide 19

Slide 19 text

Infrastructure CI/CD – DIY Tools 14 / 15

Slide 20

Slide 20 text

@chuckm | [email protected] 15 / 15