IP Expo Manchester
April 2019
Terraform for Serverless.
Best Practices. Lessons Learned.
IP Expo Manchester
April 2019
DevOps Landscape. Daily Challenges.
IP Expo Manchester
April 2019
If That Was Not Enough…
Introducing Serverless Landscape
IP Expo Manchester
April 2019
Serverless Landscape. Daily Challenges.
IP Expo Manchester
April 2019
Raise your hand if...
this feels like
TOO MUCHto keep up with
IP Expo Manchester
April 2019
Eugene
ISTRATI
@eistrati
About Presenter
• CTO, Tech Partner @ Mitoc Group
• Ex-AWS, ex-Hearst, ex-GrubHub
• Certified AWS Solutions Architect
• 20 Years in IT; 10 Years in Cloud
Computing; 5 Years in Enterprise IT
• Focusing on: Automation, DevOps,
Serverless
IP Expo Manchester
April 2019
Agenda
Exponential increase
in services and tools
for cloud & serverless
Provide reusable and
cloud native solutions to
large organizationsThe Devil is in Details
IP Expo Manchester
April 2019
The Problem
Exponential Increase
in Services and Tools
for Cloud & Serverless
IP Expo Manchester
April 2019
The Opportunity
$49B customer
$33B customer
$11B customer
+ other customers
IP Expo Manchester
April 2019
Enterprise Customers Love Terraform
$49B customer
$33B customer
$11B customer
+ other customers
IP Expo Manchester
April 2019
IP Expo Manchester
April 2019
Prerequisites: Terraform For Serverless
1. Understand IT-as-a-Service Spectrum
1. Understand DevOps Spectrum
2. Understand Scope & Boundaries
IP Expo Manchester
April 2019
1. Understand IT-as-a-Service Spectrum
On-Prem
Data
Application
Databases
Operation System
Virtualization
Physical Servers
Network & Storage
Data Center
Colocation
Data
Application
Databases
Operation System
Virtualization
Physical Servers
Network & Storage
Data Center
Hosting
Data
Application
Databases
Operation System
Virtualization
Physical Servers
Network & Storage
Data Center
IaaS
Data
Application
Databases
Operation System
Virtualization
Physical Servers
Network & Storage
Data Center
PaaS
Data
Application
Databases
Operation System
Virtualization
Physical Servers
Network & Storage
Data Center
SaaS
Data
Application
Databases
Operation System
Virtualization
Physical Servers
Network & Storage
Data Center
Managed by Customer Managed by Provider
IP Expo Manchester
April 2019
What Is Serverless?
IP Expo Manchester
April 2019
Serverless in IT-as-a-Service Spectrum
On-Prem
Data
Application
Databases
Operation System
Virtualization
Physical Servers
Network & Storage
Data Center
Colocation
Data
Application
Databases
Operation System
Virtualization
Physical Servers
Network & Storage
Data Center
Hosting
Data
Application
Databases
Operation System
Virtualization
Physical Servers
Network & Storage
Data Center
IaaS
Data
Application
Databases
Operation System
Virtualization
Physical Servers
Network & Storage
Data Center
PaaS
Data
Application
Databases
Operation System
Virtualization
Physical Servers
Network & Storage
Data Center
SaaS
Data
Application
Databases
Operation System
Virtualization
Physical Servers
Network & Storage
Data Center
Managed by Customer Managed by Provider
Serverless Architecture
not in scope
IP Expo Manchester
April 2019
2. Understand DevOps Spectrum
IP Expo Manchester
April 2019
3. Understand Scope & Boundaries
A
B C
IP Expo Manchester
April 2019
Terraform For Serverless
A
B C
B == Terraform
A + B + C == Terraform
For Serverless
IP Expo Manchester
April 2019
Terraform For Serverless
Best Practices.
Lessons Learned.
IP Expo Manchester
April 2019
Best Practice #1 (of 8)
Adopt microservices architecture; aim for 1-to-1 relationship
between serverless resources and terraform configurations
IP Expo Manchester
April 2019
Best Practice #1 (of 8)
Adopt microservices architecture; aim for 1-to-1 relationship
between serverless resources and terraform configurations
IP Expo Manchester
April 2019
Best Practice #1 (of 8)
Adopt microservices architecture; aim for 1-to-1 relationship
between serverless resources and terraform configurations
IP Expo Manchester
April 2019
Best Practice #2 (of 8)
Pass variables between resources using terraform remote state
IP Expo Manchester
April 2019
Best Practice #2 (of 8)
Pass variables between resources using terraform remote state
IP Expo Manchester
April 2019
Best Practice #2 (of 8)
Pass variables between resources using terraform remote state
IP Expo Manchester
April 2019
Best Practice #3 (of 8)
Avoid code build using local provisioner or external data; instead
use hooks provided by terraform orchestration tools
IP Expo Manchester
April 2019
Best Practice #3 (of 8)
Avoid code build using local provisioner or external data; instead
use hooks provided by terraform orchestration tools
IP Expo Manchester
April 2019
Best Practice #3 (of 8)
Avoid code build using local provisioner or external data; instead
use hooks provided by terraform orchestration tools
IP Expo Manchester
April 2019
Best Practice #4 (of 8)
Execute in parallel your automated terraform workflows; don’t
ignore terraform configurations dependencies
IP Expo Manchester
April 2019
Best Practice #4 (of 8)
Execute in parallel your automated terraform workflows; don’t
ignore terraform configurations dependencies
$ terraform apply -parallelism=100var.account_id
Allowed AWS account ID, to prevent you
from mistakenly using an incorrect one
(and potentially end up destroying a live
environment)
$ terrahub apply --auto-approve[api_gateway_rest_api] terraform apply -auto-approve
[cognito_identity_pool_es] terraform apply -auto-approve
[cloudtrail] terraform apply -auto-approve
[codebuild] terraform apply -auto-approve
[codepipeline] terraform apply -auto-approve
[cognito_user_pool_client] terraform apply -auto-approve
[cognito_user_pool] terraform apply -auto-approve
[db_subnet_group] terraform apply -auto-approve
IP Expo Manchester
April 2019
Best Practice #4 (of 8)
Execute in parallel your automated terraform workflows; don’t
ignore terraform configurations dependencies
$ terraform apply -parallelism=100var.account_id
Allowed AWS account ID, to prevent you
from mistakenly using an incorrect one
(and potentially end up destroying a live
environment)
$ terrahub apply --auto-approve[api_gateway_rest_api] terraform apply -auto-approve
[cognito_identity_pool_es] terraform apply -auto-approve
[cloudtrail] terraform apply -auto-approve
[codebuild] terraform apply -auto-approve
[codepipeline] terraform apply -auto-approve
[cognito_user_pool_client] terraform apply -auto-approve
[cognito_user_pool] terraform apply -auto-approve
[db_subnet_group] terraform apply -auto-approve
IP Expo Manchester
April 2019
Best Practice #5 (of 8)
Optimize automated terraform workflows with git diff
IP Expo Manchester
April 2019
Best Practice #5 (of 8)
Optimize automated terraform workflows with git diff
$ terrahub run --dry-runProject: Security_Terraform
├─ IamIdp
├─ IamRoleForADadmins
├─ IamRoleForADcompliance
├─ IamRoleForADdevelopers
├─ IamRoleForADdevops
├─ IamRoleForADguests
├─ IamRoleForApiGateway
├─ IamRoleForGlue
├─ IamRoleForLambda
└─ IamCrossAccountRoleForTerrahub
$ terrahub run --dry-run --git-diff master...devProject: Security_Terraform
├─ IamRoleForApiGateway
└─ IamRoleForLambda
IP Expo Manchester
April 2019
Best Practice #5 (of 8)
Optimize automated terraform workflows with git diff
$ terrahub run --dry-runProject: Security_Terraform
├─ IamIdp
├─ IamRoleForADadmins
├─ IamRoleForADcompliance
├─ IamRoleForADdevelopers
├─ IamRoleForADdevops
├─ IamRoleForADguests
├─ IamRoleForApiGateway
├─ IamRoleForGlue
├─ IamRoleForLambda
└─ IamCrossAccountRoleForTerrahub
$ terrahub run --dry-run --git-diff master...devProject: Security_Terraform
├─ IamRoleForApiGateway
└─ IamRoleForLambda
IP Expo Manchester
April 2019
Best Practice #6 (of 8)
Logically separate environments using terraform workspace
IP Expo Manchester
April 2019
Best Practice #6 (of 8)
Logically separate environments using terraform workspace
dev == default
IP Expo Manchester
April 2019
Best Practice #6 (of 8)
Logically separate environments using terraform workspace
dev == default
IP Expo Manchester
April 2019
Best Practice #7 (of 8)
Overwrite environment specific values using variables precedence
IP Expo Manchester
April 2019
Best Practice #7 (of 8)
Overwrite environment specific values using variables precedence
https://www.terraform.io/docs/configuration/variabl
es.html#variable-precedence
IP Expo Manchester
April 2019
Best Practice #7 (of 8)
Overwrite environment specific values using variables precedence
https://www.terraform.io/docs/configuration/variabl
es.html#variable-precedence
IP Expo Manchester
April 2019
Best Practice #8 (of 8)
Get comfortable with lots of terraform code; or use terrahub cli
IP Expo Manchester
April 2019
Best Practice #8 (of 8)
Get comfortable with lots of terraform code; or use terrahub cli
$ find . -name ‘*.tf*’ | xargs wc -l | grep total
33998 total
$ find . -name ‘.terrahub*.yml’ | xargs wc -l | grep total
22118 total
IP Expo Manchester
April 2019
Best Practice #8 (of 8)
Get comfortable with lots of terraform code; or use terrahub cli
$ find . -name ‘*.tf*’ | xargs wc -l | grep total
33998 total
$ find . -name ‘.terrahub*.yml’ | xargs wc -l | grep total
22118 total
IP Expo Manchester
April 2019
Best Practices Summary
1. Adopt microservices architecture; aim for 1-to-1 relationship
1. Pass variables between resources using terraform remote state
1. Avoid code build using local provisioner or external data
1. Execute in parallel your automated terraform workflows; don’t ignore
terraform configurations dependencies
1. Optimize automated terraform workflows with git diff
1. Logically separate environments using terraform workspace
1. Overwrite environment specific values using variables precedence
1. Get comfortable with lots of terraform code; or use terrahub cli
IP Expo Manchester
April 2019
Lessons Learned Summary
1. Adopt microservices architecture; aim for 1-to-1 relationship
1. Pass variables between resources using terraform remote state
1. Avoid code build using local provisioner or external data
1. Execute in parallel your automated terraform workflows; don’t ignore
terraform configurations dependencies
1. Optimize automated terraform workflows with git diff
1. Logically separate environments using terraform workspace
1. Overwrite environment specific values using variables precedence
1. Get comfortable with lots of terraform code; or use terrahub cli
https://github.com/
TerraHubCorp/terrahub
IP Expo Manchester
April 2019
Terraform For Serverless
DEMO
https://github.com/TerraHubCorp/
demo-terraform-automation-aws
IP Expo Manchester
April 2019
IP Expo Manchester
April 2019
Terraform for Serverless.
Best Practices. Lessons Learned.
Eugene Istrati @eistrati
Thank You!