• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Zero to Sixty: AWS CloudFormation (DMG201) | AWS re:Invent 2013
 

Zero to Sixty: AWS CloudFormation (DMG201) | AWS re:Invent 2013

on

  • 2,428 views

"AWS CloudFormation gives developers and systems administrators an easy way to create and manage a collection of related AWS resources, provisioning and updating them in an orderly and predictable ...

"AWS CloudFormation gives developers and systems administrators an easy way to create and manage a collection of related AWS resources, provisioning and updating them in an orderly and predictable fashion. In this Zero to Sixty session, learn about CloudFormation's latest features along with best practices for using them, including maintaining complex environments with CloudFormation, template management and re-use, and controlling stack updates. Demos and code samples are available to all session attendees.
Are you new to AWS CloudFormation? Get up to speed for this session by first completing the 60-minute Fundamentals of CloudFormation lab in the Self Paced Lab Lounge."

Statistics

Views

Total Views
2,428
Views on SlideShare
2,428
Embed Views
0

Actions

Likes
5
Downloads
66
Comments
1

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel

11 of 1 previous next

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
  • For new features / completions, as per release documentation at http://aws.amazon.com/releasenotes/4113373093933882
    Includes (*) Conditional declaration (*) Update resources defeasibility (*) Name type for certain resources (*) Custom resource (*) Account ID (*) Stack action controls
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Zero to Sixty: AWS CloudFormation (DMG201) | AWS re:Invent 2013 Zero to Sixty: AWS CloudFormation (DMG201) | AWS re:Invent 2013 Presentation Transcript

    • Zero to Sixty: AWS CloudFormation Chetan Dandekar, Senior Product Manager – AWS CloudFormation Capen Brinkley, Software Developer – Intuit November 13, 2013 © 2013 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified, or distributed in whole or in part without the express consent of Amazon.com, Inc.
    • AWS CloudFormation Model Click Done Provisioning Instruction Script(s) Instruction Instruction Manual Manual Manual creation order? how long do I pause? what errors can I recover from? what environment config and utilities does my script depend on? can my script be faster? will this script work again?
    • AWS CloudFormation Version Control Replicate Dev Regions Test Demos Staging Prod Standardization Service Catalog
    • AWS CloudFormation Template Snippets API Code Config API CloudFormation Build Pipeline Automate SNS Monitor Progress
    • Intuit’s CloudFormation Story
    • Key Takeaways • How we use CloudFormation to manage large scale applications • Methodologies and tools you can use to follow a similar path
    • Infrastructure Design Template Management Stack Management Bootstrapping
    • Live Community Traffic April 15 Feb. 1
    • Amazon EC2 Amazon RDS Amazon S3 Elastic Load Balancing
    • Infrastructure as Code
    • Web App Server Web App Server Auto Scaling Group App Tier
    • Service Oriented Architecture Amazon SQS Amazon RDS Amazon CloudFront Amazon Route 53 Amazon S3 Amazon ElastiCache Amazon CloudWatch AWS CloudFormation AWS IAM Amazon SES Amazon EC2 Amazon SNS
    • Multiple Templates, Loosely Coupled Web App Server SQS Queue Web App Server Auto Scaling Group App Tier
    • Multiple Templates, Loosely Coupled Easy To Reason About Reusable
    • Stack Management
    • Simple Deploy https://github.com/intuit/simple_deploy
    • Simple Deploy Commands attributes clone create deploy destroy environments events execute instances list outputs parameters protect resources status template update
    • elb-1 Blue Green app-1 (v1.0.0) app-2 (v1.1.0) Auto Scaling Group Auto Scaling Group
    • $ simple_deploy environments Default lc_preprod_us_west_1 lc_preprod_us_west_2 lc_preprod_us_east_1 PROD_lc_prod_us_west_1_PROD PROD_lc_prod_us_west_2_PROD PROD_lc_prod_us_east_1_PROD
    • $ simple_deploy list –-environment lc_preprod_us_west_1 lc-dev-elb-1 lc-dev-app-1 lc-dev-db-master-1 lc-dev-db-parameter-group
    • simple_deploy create –-environment lc_preprod_us_west_1 –-name lc-dev-app-2 –-template app.json –-input-stack lc-dev-elb-1 –-input-stack lc-dev-db-master-1 –-attribute chef_repo=3f57f9f –-attribute app=bcb68de
    • simple_deploy clone --environment lc_preprod_us_west_1 --source-stack lc-dev-1-app-1 --name lc-dev-1-app-2 --attribute app=afdac509b --attribute chef_repo=a4531e5ff6
    • simple_deploy destroy --environment lc_preprod_us_west_1 --name lc-dev-1-app-1
    • Chef CloudFormation::Init Bootstrapping Userdata Autoscaling CloudFormation Simple Deploy Code / CI / Artifact
    • "UserData": { "Fn::Base64": { "Fn::Join": ["", [ "#!/bin/bashn", "yum update -y aws-cfn-bootstrapn", "/opt/aws/bin/cfn-init --stack “, { "Ref": "AWS::StackName" }, " --verbose" " --resource InstanceLaunchConfig", " --region=", { "Ref": "AWS::Region" }, " -configsets bootstrap", "n” CloudFormation > GET http://169.254.169.254/latest/user-data #!/bin/bash yum update -y aws-cfn-bootstrap /opt/aws/bin/cfn-init –-stack lc-app-stack -–verbose --resource InstanceLaunchConfig --region=us-west-2 –-configsets bootstrap Instance User Data
    • CloudFormation::Init Resources Configsets Commands Files Groups Packages Services Sources Users
    • "configSets”: { "bootstrap”: [ "create_files", "install_packages", "run_chef", "clean_up” ] }
    • "create_files": { "files": { "/etc/chef/ohai/hints/ec2.json": { "content": "{}", "mode": "000400", "owner": "root", "group": "root" } } }
    • "install_packages": { "packages": { "yum”: { "chef”: [ "11.6.2-1" ] } } }
    • "run_chef": { "commands": { "1_download_chef_repo": "2_decrypt_chef_repo": "3_extract_chef_repo": "4_run_chef": } } { { { { ... ... ... ... }, }, }, }
    • "run_chef": { "commands": { "run_chef": { "command": "/usr/bin/chef-solo –c /var/chef/config/solo.rb –o ", { "Ref", "Role" } } } }
    • "clean_up" : { "commands": { "1_cleanup_files" : { "command": "rm –rf /var/tmp/chef_repo.tar.gz /var/tmp/chef_repo.tar.gz.gpg" } } }
    • The Climb
    • What’s New in AWS CloudFormation
    • Let’s take an example Scalable Reliable Highly Available
    • Two Types of Tasks Develop Operate Parallel stack processing Fail-safe stack management Updates without downtime Richer template language Federation and IAM roles
    • Parallel Stack Processing
    • Parallel Stack Processing
    • Richer Template Language
    • Conditions Dev Prod
    • Conditions "Parameters" : { "Environment" : { "Description" : "Specifies if this a Dev QA or Prod Environment", "Type" : "String", "Default" : "Dev", "AllowedValues" : [ "Dev", "QA", "Prod"] }, }, ... "Conditions" : { "ProdEnvironment" : { "Fn::Equals" : [ { "Ref" : "Environment" }, "Prod" ]} },
    • Conditions "DBInstance" : { "Type": "AWS::RDS::DBInstance", "Properties": { "DBName" : { "Ref" : "DBName" }, "Engine" : "MySQL", "MultiAZ" : { "Fn::If" : [ "ProdEnvironment", "true", "false" ] }, "DBSnapshotIdentifier" : { "Fn::If" : [ "ProdEnvironment", { "Ref" : "DBName" }, { "Ref" : "AWS::NoValue" } ] }, ... } },
    • Conditions "DBStorageAlarm" : { "Condition" : "ProdEnvironment", "Type" : "AWS::CloudWatch::Alarm", "Properties" : { "AlarmDescription" : "Alarm if db size grows beyond a threshold", "Namespace" : "AWS/RDS", "MetricName" : "FreeStorageSpace", ... }, }
    • Conditions • • • • • Fn::If Fn::Equals Fn::Not Fn::And Fn::Or "Conditions" : { ... "ProdOrLoadTestingEnv" : { "Fn::Or" : [ { "Condition" : "ProdEnvironment"}, { "Fn::Equals" : [ ... ]} ] } } "Fn::If": [{condition}, {value_if_true}, {value_if_false}]
    • User-Defined Resource Names By default, In addition, • AWS CloudFormation generates unique resource names • Flexibility to use custom • “prodstack20131113DBStorageAlarm19BL0MOXL0TPI” names and still keep them unique • “SalesDataStorageAlarm”
    • Develop Operate Parallel stack processing Fail-safe stack management Updates without downtime Richer template language Federation and IAM roles
    • Fail-Safe Stack Management
    • Stack Protection { } "Effect" : "Allow", "Action" : [ "cloudformation:*" ], "Resource" : "arn:aws:cloudformation:us-west2:123456789012:stack/Dev*" { } "Effect" : "Allow", "Action" : [ "cloudformation:*" ], "Resource" : "*" Dev1 Dev2 Dev3 Prod CloudFormation
    • Stack Protection { "Effect" : "Deny", "Action" : [ "cloudformation:DeleteStack", "cloudformation:UpdateStack" ], "Resource" : "arn:aws:cloudformation:us-west2:123456789012:stack/productionstack/*" }
    • Stack Protection "Resources" : { "StackProtectionPolicy" : { "Type" : "AWS::IAM::Policy", "Properties" : { "PolicyName" : "StackProtectionPolicy", "Groups" : [ { "Ref" : "DenyGrp" } ], "PolicyDocument" : { "Statement" : [ { "Effect" : "Deny", "Action" : [ "cloudformation:DeleteStack", "cloudformation:UpdateStack" ], "Resource" : { "Ref" : “AWS::StackId" } }
    • Resource Protection { "Effect" : "Deny", "Action" : [ "ec2:TerminateInstances" ], "Condition": { "Null": { "ec2:ResourceTag/*cloudformation*" : "true" } }, "Resource" : "*" }
    • Preventing Updates { } Stack Policy Document "Statement" : [ { "Effect" : "Deny", "Action" : "Update:*", "Principal" : "*", "Resource" : "ResourceType/AWS::RDS::DBInstance" }, { "Effect" : "Allow", "Action" : "Update:*", "Principal" : "*", "Resource" : "*" } ]
    • Preventing Updates { Fine Grained Stack Policy "Statement" : [ { "Effect" : "Deny", "Action" : "Update:Replace", "Principal" : "*", "Resource" : "LogicalResourceId/MyInstance" }, { "Effect" : "Allow", "Action" : "Update:*", "Principal" : "*", "Resource" : "*" ... Setting Stack Policy > aws cloudformation create-stack -–template-url ... --stack-policy-url ...
    • Update without Downtime "WebServerGroup" : { "Type" : "AWS::AutoScaling::AutoScalingGroup", "Properties" : { "LaunchConfigurationName" : { "Ref" : "LaunchConfig" }, ... }, "UpdatePolicy" : { "AutoScalingRollingUpdate" : { "MinInstancesInService" : “2", "MaxBatchSize" : “3", "PauseTime" : "PT20M" } } },
    • Using AWS CloudFormation with Federated Identities 4 Network Architects User accesses broker 1 DB Admins User accesses APIs CloudFormation API and other AWS APIs 4 User redirected to console Identity broker User authenticated 2 Temporary security credentials obtained 3 AWS Management Console Application Developers Corporate identity store AWS Security Token Service
    • Calling AWS CloudFormation using IAM Roles EC2 Instance 1. The IAM role has permissions to call AWS CloudFormation and provision underlying resources 2. User or script on the EC2 instance calls CloudFormation to provision a stack IAM Role AWS CloudFormation CloudFormation Stack 3. AWS CloudFormation provisions the stack using a template hosted in an S3 bucket inside the VPC
    • Related Resources • http://aws.amazon.com/cloudformation/ • "Fundamentals of CloudFormation" lab in the Self Paced Lab Lounge • DMG303 - AWS CloudFormation under the Hood • ARC203 - How Adobe Deploys: Refreshing the Entire Stack Every Time • DMG209 - Enterprise Management for the AWS Cloud • Multiple other sessions are presenting CloudFormation samples
    • Please give us your feedback on this presentation DMG201 As a thank you, we will select prize winners daily for completed surveys!