Slide 1

Slide 1 text

Getting started with AWS: CloudFormation Darko Meszaros Developer Advocate - AWS @darkosubotica ln/darko-mesaros twitch.tv/ruptwelve youtu.be/ruptwelve

Slide 2

Slide 2 text

© 2020, Amazon Web Services, Inc. or its Affiliates. Agenda for today • Infrastructure as Code • AWS CloudFormation • Demo/LiveCoding – the fun part • Best practices • Wrap up

Slide 3

Slide 3 text

© 2020, Amazon Web Services, Inc. or its Affiliates. Where do we start?

Slide 4

Slide 4 text

© 2020, Amazon Web Services, Inc. or its Affiliates. A DevOps engineer!

Slide 5

Slide 5 text

© 2020, Amazon Web Services, Inc. or its Affiliates. Oliver

Slide 6

Slide 6 text

© 2020, Amazon Web Services, Inc. or its Affiliates. Developer Sandbox Dev Pre-Prod Workloads Security Security AWS Organizations Shared Services Network Log Archive Prod Team Shared Services Network Path Sandbox Data Center Orgs: Account management Log Archive: Security logs Security: Security tools, AWS Config rules Shared services: Directory, limit monitoring Network: AWS Direct Connect Dev Sandbox: Experiments, Learning Dev: Development Pre-Prod: Staging Prod: Production Team SS: Team Shared Services, Data Lake Infrastructure Oliver

Slide 7

Slide 7 text

© 2020, Amazon Web Services, Inc. or its Affiliates.

Slide 8

Slide 8 text

© 2020, Amazon Web Services, Inc. or its Affiliates. The job is done, right?

Slide 9

Slide 9 text

© 2020, Amazon Web Services, Inc. or its Affiliates. Now do that 500 times more!

Slide 10

Slide 10 text

© 2020, Amazon Web Services, Inc. or its Affiliates.

Slide 11

Slide 11 text

© 2020, Amazon Web Services, Inc. or its Affiliates. Oliver

Slide 12

Slide 12 text

© 2020, Amazon Web Services, Inc. or its Affiliates. $(whoami) Darko Mesaroš / Darko Meszaros / Дарко Месарош ! → " → # → $ → % Berlin ! @darkosubotica ln/darko-mesaros twitch.tv/ruptwelve

Slide 13

Slide 13 text

© 2020, Amazon Web Services, Inc. or its Affiliates. What is Infrastructure as Code?

Slide 14

Slide 14 text

© 2020, Amazon Web Services, Inc. or its Affiliates.

Slide 15

Slide 15 text

© 2020, Amazon Web Services, Inc. or its Affiliates.

Slide 16

Slide 16 text

© 2020, Amazon Web Services, Inc. or its Affiliates. Infrastructure as code ✓ Make infrastructure changes repeatable and predictable ✓ Release infrastructure changes using the same tools as code changes ✓ Replicate production in a staging environment to enable continuous testing

Slide 17

Slide 17 text

© 2020, Amazon Web Services, Inc. or its Affiliates. AWS CloudFormation

Slide 18

Slide 18 text

© 2020, Amazon Web Services, Inc. or its Affiliates. AWS CloudFormation • Infrastructure as code (IaC) • Provides a common language for you to describe and provision all the infrastructure resources in your cloud environment • Build and rebuild your infrastructure and applications, without having to perform manual actions or write custom scripts https://aws.amazon.com/cloudformation/

Slide 19

Slide 19 text

© 2020, Amazon Web Services, Inc. or its Affiliates. Sample AWS CloudFormation code • Code is written in files called templates • A stack is generated from a template • Templates primarily define resources for an application • AWS CloudFormation can create over 490 types of resources • Each resource is configured based on its available properties • Dependencies can be explicitly declared or implicitly discovered AWSTemplateFormatVersion: "2010-09-09" Description: A CodeCommit Repo and Cloud9 Environment Resources: MyRepo: Type: "AWS::CodeCommit::Repository" Properties: RepositoryName: MyRepo RepositoryDescription: Sample Repository for Demo MyC9Environment: Type: "AWS::Cloud9::EnvironmentEC2" Properties: Repositories: - PathComponent: /cfn RepositoryUrl: !GetAtt MyRepo.CloneUrlHttp InstanceType: t2.micro

Slide 20

Slide 20 text

© 2020, Amazon Web Services, Inc. or its Affiliates. Anatomy of an AWS CloudFormation template • Resources • Parameters and Mappings • Conditions • Outputs

Slide 21

Slide 21 text

© 2020, Amazon Web Services, Inc. or its Affiliates. Testing via pipelines • As you would with other application code, templates should be version controlled and tested via CI/CD pipelines • The linter can be run in an AWS CodeBuild step to ensure that teams comply with rules and standards • Additional tools, like taskcat (available on GitHub), allow tests across regions Git push Templates AWS CodeCommit AWS CodePipeline AWS CodeBuild AWS CloudFormation Region AWS CodeDeploy

Slide 22

Slide 22 text

© 2020, Amazon Web Services, Inc. or its Affiliates. But I use resources outside of AWS!

Slide 23

Slide 23 text

© 2020, Amazon Web Services, Inc. or its Affiliates. CloudFormation registry Open CLI Open providers Introducing the AWS CloudFormation registry An open approach to managing external resources

Slide 24

Slide 24 text

© 2020, Amazon Web Services, Inc. or its Affiliates. AWS CloudFormation registry and CLI • Allows AWS CloudFormation to support native and non-AWS resources while inheriting many core benefits like rollbacks • Use the AWS CloudFormation CLI tool to create resource providers using JSON schema-driven development, generating many of the code assets for you • Use third-party resource providers as you would use native AWS resource types

Slide 25

Slide 25 text

© 2020, Amazon Web Services, Inc. or its Affiliates. I was told there would be demos.

Slide 26

Slide 26 text

© 2020, Amazon Web Services, Inc. or its Affiliates.

Slide 27

Slide 27 text

© 2020, Amazon Web Services, Inc. or its Affiliates. Best practices (1/3) • Layer your application to reduce blast radius when updating resources • Use multiple, isolated environments for testing, production, development, staging, etc. • Smaller files are easier to write, test, and troubleshoot Instances, Auto Scaling groups API endpoints, functions Alarms, dashboards VPCs, NAT gateways, VPNs, subnets IAM users, groups, roles, policies Front-end resources Backend services Stateful resources Base network Identity & security Monitoring resources Databases and clusters, queues

Slide 28

Slide 28 text

© 2020, Amazon Web Services, Inc. or its Affiliates. Best practices (2/3) • Resource import for stack refactoring • Drift detection to prevent issues that may cause stack update operations to fail • Use resource import to fix drift

Slide 29

Slide 29 text

© 2020, Amazon Web Services, Inc. or its Affiliates. Best practices (3/3) • Parameters and Mappings • Secrets Manager and SSM Parameter store • Do not hardcode sensitive information Resources: MyRDSDB: Type: "AWS::RDS::DBInstance" Properties: DBInstanceClass: db.t2.medium AllocatedStorage: ’20’ Engine: mariadb EngineVersion: ’10.2’ MasterUsername: appadmin MasterUserPassword: ‘{{resolve:ssm-secure:ssbRDSmEcntl:1}}'

Slide 30

Slide 30 text

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Slide 31

Slide 31 text

© 2020, Amazon Web Services, Inc. or its Affiliates. Takeaways! • CloudFormation is an AWS native service for writing infrastructure as code! • Test your CFN code via pipelines – so many tools out there! • Do not write everything at once and all in the same place!

Slide 32

Slide 32 text

Thank you! © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Darko Meszaros Developer Advocate - AWS @darkosubotica ln/darko-mesaros twitch.tv/ruptwelve youtu.be/ruptwelve