Infrastructure as code with
AWS CloudFormation
PyMunich 2016
Justyna Janczyszyn (JJ)
@JJanczyszyn
software engineer at 10Clouds
CHALLENGES
4 PyMunich 2016@JJanczyszyn
https://github.com/tramwaj29/infrastructure-as-code
5 PyMunich 2016@JJanczyszyn
https://github.com/tramwaj29/infrastructure-as-code
6 PyMunich 2016@JJanczyszyn
https://github.com/tramwaj29/infrastructure-as-code
7 PyMunich 2016@JJanczyszyn
https://github.com/tramwaj29/infrastructure-as-code
8 PyMunich 2016@JJanczyszyn
https://github.com/tramwaj29/infrastructure-as-code
9 PyMunich 2016@JJanczyszyn
https://github.com/tramwaj29/infrastructure-as-code
Image taken from: Infrastructure as Code by Kief Morris
10 PyMunich 2016@JJanczyszyn
https://github.com/tramwaj29/infrastructure-as-code
11 PyMunich 2016@JJanczyszyn
https://github.com/tramwaj29/infrastructure-as-code
Infrastructure as code principles and practices to the rescue!
12 PyMunich 2016@JJanczyszyn
https://github.com/tramwaj29/infrastructure-as-code
Any element of infrastructure should be easily reproducible
13 PyMunich 2016@JJanczyszyn
https://github.com/tramwaj29/infrastructure-as-code
Infrastructure as Code by Kief Morris
Systems should be consistent
14 PyMunich 2016@JJanczyszyn
https://github.com/tramwaj29/infrastructure-as-code
Infrastructure as Code by Kief Morris
Processes should be repeatable
15 PyMunich 2016@JJanczyszyn
https://github.com/tramwaj29/infrastructure-as-code
Infrastructure as Code by Kief Morris
Design is always changing
16 PyMunich 2016@JJanczyszyn
https://github.com/tramwaj29/infrastructure-as-code
Infrastructure as Code by Kief Morris
Practices
17 PyMunich 2016@JJanczyszyn
https://github.com/tramwaj29/infrastructure-as-code
• Use Definition files • Self-documented systems and processes • Version all the things • Continuously test the systems and processes • Small changes rather than batches • Services available continuously
Infrastructure as Code by Kief Morris
CloudFormation
18 PyMunich 2016@JJanczyszyn
https://github.com/tramwaj29/infrastructure-as-code
19 PyMunich 2016@JJanczyszyn
https://github.com/tramwaj29/infrastructure-as-code
20 PyMunich 2016@JJanczyszyn
https://github.com/tramwaj29/infrastructure-as-code
Image taken from http://fbrnc.net/blog/2016/05/green-blue-deployments-with-aws-lambda-and-cloudformation
Creating a stack
21 PyMunich 2016@JJanczyszyn
https://github.com/tramwaj29/infrastructure-as-code
aws cloudformation create-stack --stack-name demo-iac
--template-body file://Template.yaml --parameters file://Params.json
--capabilities CAPABILITY_NAMED_IAM --region eu-west-1;
23 PyMunich 2016@JJanczyszyn
https://github.com/tramwaj29/infrastructure-as-code
24 PyMunich 2016@JJanczyszyn
https://github.com/tramwaj29/infrastructure-as-code
25 PyMunich 2016@JJanczyszyn
https://github.com/tramwaj29/infrastructure-as-code
26 PyMunich 2016@JJanczyszyn
https://github.com/tramwaj29/infrastructure-as-code
aws cloudformation describe-stacks --stack-name demo-iac
Describe a stack
Delete a stack
28 PyMunich 2016@JJanczyszyn
https://github.com/tramwaj29/infrastructure-as-code
aws cloudformation delete-stack —stack-name demo-iac
Change Sets
29 PyMunich 2016@JJanczyszyn
https://github.com/tramwaj29/infrastructure-as-code
https://aws.amazon.com/blogs/aws/new-change-sets-for-aws-cloudformation/
https://aws.amazon.com/blogs/aws/new-change-sets-for-aws-cloudformation/
aws cloudformation estimate-template-cost --template-body file://Template.yaml
--parameters file://Params.json;
31 PyMunich 2016@JJanczyszyn
https://github.com/tramwaj29/infrastructure-as-code
Cost estimation
32 PyMunich 2016@JJanczyszyn
https://github.com/tramwaj29/infrastructure-as-code
33 PyMunich 2016@JJanczyszyn
https://github.com/tramwaj29/infrastructure-as-code
Best Practices
34 PyMunich 2016@JJanczyszyn
https://github.com/tramwaj29/infrastructure-as-code
Planning and organizing
• organize stacks by lifecycle and ownership • reuse templetes for various environments • use nested stacks
35 PyMunich 2016@JJanczyszyn
https://github.com/tramwaj29/infrastructure-as-code
Creating templates• don’t embed credentials in templates • validate templates before using them • use parameter constraints
36 PyMunich 2016@JJanczyszyn
https://github.com/tramwaj29/infrastructure-as-code
Managing stacks
• use stack policies • use change sets • manage all stack resources through cloudformation • use code reviews and revision for your templates
Ready to use templates
37 PyMunich 2016@JJanczyszyn
https://github.com/tramwaj29/infrastructure-as-code
• https://github.com/awslabs/aws-cloudformation-templates
• https://github.com/widdix/aws-cf-templates
Library to create AWS CloudFormation descriptions
38 PyMunich 2016@JJanczyszyn
https://github.com/tramwaj29/infrastructure-as-code
• https://github.com/cloudtools/troposphere
Other resources
39 PyMunich 2016@JJanczyszyn
https://github.com/tramwaj29/infrastructure-as-code
• Infrastructure as Code by Kief Morris
http://infrastructure-as-code.com/
• Martin Fowler’s Infrastructure as Code at YOW! 2016:
https://www.youtube.com/watch?v=ueAef9tNUck
http://martinfowler.com/bliki/InfrastructureAsCode.html
• Great blog on AWS:
https://cloudonaut.io/
Step by step automate all
40 PyMunich 2016@JJanczyszyn
https://github.com/tramwaj29/infrastructure-as-code