Getting started with AWS: CloudFormation

Slide 1

Slide 1 text

Getting started with AWS: CloudFormation Darko Meszaros Developer Advocate - AWS @darkosubotica ln/darko-mesaros twitch.tv/ruptwelve youtu.be/ruptwelve

Slide 2

Slide 2 text

Slide 3

Slide 3 text

Slide 4

Slide 4 text

Slide 5

Slide 5 text

Slide 6

Slide 6 text

© 2020, Amazon Web Services, Inc. or its Affiliates. Developer Sandbox Dev Pre-Prod Workloads Security Security AWS Organizations Shared Services Network Log Archive Prod Team Shared Services Network Path Sandbox Data Center Orgs: Account management Log Archive: Security logs Security: Security tools, AWS Config rules Shared services: Directory, limit monitoring Network: AWS Direct Connect Dev Sandbox: Experiments, Learning Dev: Development Pre-Prod: Staging Prod: Production Team SS: Team Shared Services, Data Lake Infrastructure Oliver

Slide 7

Slide 7 text

Slide 8

Slide 8 text

Slide 9

Slide 9 text

Slide 10

Slide 10 text

Slide 11

Slide 11 text

Slide 12

Slide 12 text

Slide 13

Slide 13 text

Slide 14

Slide 14 text

Slide 15

Slide 15 text

Slide 16

Slide 16 text

© 2020, Amazon Web Services, Inc. or its Affiliates. Infrastructure as code ✓ Make infrastructure changes repeatable and predictable ✓ Release infrastructure changes using the same tools as code changes ✓ Replicate production in a staging environment to enable continuous testing

Slide 17

Slide 17 text

Slide 18

Slide 18 text

© 2020, Amazon Web Services, Inc. or its Affiliates. AWS CloudFormation • Infrastructure as code (IaC) • Provides a common language for you to describe and provision all the infrastructure resources in your cloud environment • Build and rebuild your infrastructure and applications, without having to perform manual actions or write custom scripts https://aws.amazon.com/cloudformation/

Slide 19

Slide 19 text

© 2020, Amazon Web Services, Inc. or its Affiliates. Sample AWS CloudFormation code • Code is written in files called templates • A stack is generated from a template • Templates primarily define resources for an application • AWS CloudFormation can create over 490 types of resources • Each resource is configured based on its available properties • Dependencies can be explicitly declared or implicitly discovered AWSTemplateFormatVersion: "2010-09-09" Description: A CodeCommit Repo and Cloud9 Environment Resources: MyRepo: Type: "AWS::CodeCommit::Repository" Properties: RepositoryName: MyRepo RepositoryDescription: Sample Repository for Demo MyC9Environment: Type: "AWS::Cloud9::EnvironmentEC2" Properties: Repositories: - PathComponent: /cfn RepositoryUrl: !GetAtt MyRepo.CloneUrlHttp InstanceType: t2.micro

Slide 20

Slide 20 text

Slide 21

Slide 21 text

© 2020, Amazon Web Services, Inc. or its Affiliates. Testing via pipelines • As you would with other application code, templates should be version controlled and tested via CI/CD pipelines • The linter can be run in an AWS CodeBuild step to ensure that teams comply with rules and standards • Additional tools, like taskcat (available on GitHub), allow tests across regions Git push Templates AWS CodeCommit AWS CodePipeline AWS CodeBuild AWS CloudFormation Region AWS CodeDeploy

Slide 22

Slide 22 text

Slide 23

Slide 23 text

Slide 24

Slide 24 text

© 2020, Amazon Web Services, Inc. or its Affiliates. AWS CloudFormation registry and CLI • Allows AWS CloudFormation to support native and non-AWS resources while inheriting many core benefits like rollbacks • Use the AWS CloudFormation CLI tool to create resource providers using JSON schema-driven development, generating many of the code assets for you • Use third-party resource providers as you would use native AWS resource types

Slide 25

Slide 25 text

Slide 26

Slide 26 text

Slide 27

Slide 27 text

© 2020, Amazon Web Services, Inc. or its Affiliates. Best practices (1/3) • Layer your application to reduce blast radius when updating resources • Use multiple, isolated environments for testing, production, development, staging, etc. • Smaller files are easier to write, test, and troubleshoot Instances, Auto Scaling groups API endpoints, functions Alarms, dashboards VPCs, NAT gateways, VPNs, subnets IAM users, groups, roles, policies Front-end resources Backend services Stateful resources Base network Identity & security Monitoring resources Databases and clusters, queues

Slide 28

Slide 28 text

© 2020, Amazon Web Services, Inc. or its Affiliates. Best practices (2/3) • Resource import for stack refactoring • Drift detection to prevent issues that may cause stack update operations to fail • Use resource import to fix drift

Slide 29

Slide 29 text

© 2020, Amazon Web Services, Inc. or its Affiliates. Best practices (3/3) • Parameters and Mappings • Secrets Manager and SSM Parameter store • Do not hardcode sensitive information Resources: MyRDSDB: Type: "AWS::RDS::DBInstance" Properties: DBInstanceClass: db.t2.medium AllocatedStorage: ’20’ Engine: mariadb EngineVersion: ’10.2’ MasterUsername: appadmin MasterUserPassword: ‘{{resolve:ssm-secure:ssbRDSmEcntl:1}}'

Slide 30

Slide 30 text

Slide 31

Slide 31 text

© 2020, Amazon Web Services, Inc. or its Affiliates. Takeaways! • CloudFormation is an AWS native service for writing infrastructure as code! • Test your CFN code via pipelines – so many tools out there! • Do not write everything at once and all in the same place!

Slide 32

Slide 32 text