SlideShare a Scribd company logo

Terraform, Ansible or pure CloudFormation

G
geekQ

OK, you are convinced, that infrastructure-as-code (managing computing resources, networks, configuring services through machine-readable definition files, rather than interactive configuration tools) is the way to go! But do not know, which technology to use for it? Should I learn Terraform, do I need to buy Atlas, is Ansible really enough to implement everything? Will my code stay maintainable in 3 or 5 years? We will have a look at a small, but real world task, consider implementations with all the mentioned tools and we will also discuss, which tools give you advantages in which specific situations

Software
1 of 26
Download to read offline
Terraform, Ansible, or pure CloudFormation? Vladimir Dobriakov AWS Tech Community Days Cologne, September 27th and 28th
infrastructure coder Infrastructure as Code • put under source control: diffable, traceable, reproducible • aim for simplicity - orthogonal concepts • unit tests, integration tests and CI 1
Task/Context
3
implementation Hosting - 400 VMs in OpenStack public cloud - moving to private cloud - moved applications to kubernetes - some AWS People - 40 dev (5 teams) - 10 ops 24x7 4
our aws usage AWS Use Case 1: Media Assets AWS Use Case 2: DB Backup Offsite DB backup for SQL databases. 5
Terraform
terraform: nice syntax resource "aws_iam_user" "deploy_user" { name = "deploy-${var.topic}${var.suffix}" } resource "aws_iam_access_key" "deploy_user" { user = "${aws_iam_user.deploy_user.name}" } resource "aws_s3_bucket" "the_bucket" { bucket = "${data.template_file.bucket_name.rendered}" policy = <<EOF ... "Principal": {"AWS": "${aws_iam_user.deploy_user.arn}"} } output access_key_id { value = "${aws_iam_access_key.deploy_user.id}" } 7
terraform advantages • nice, clean syntax • examples very readable, takes fear from starting infrastructure as code • ”plan” feature 8
Terraform Challenges
terraform challenges: resources docs Terraform is not an abstraction layer across providers! Need to dive into AWS docs anyway: resource "aws_s3_bucket" "the_bucket" { bucket = "${data.template_file.bucket_name.rendered}" cors_rule { expose_headers = ??? 10
terraform challenges: resources docs Terraform documentation https://www.terraform.io/docs/providers/aws/r/s3 bucket.html AWS documentation 11
terraform challenges: syntax break Sometimes requires copy+paste from AWS console: resource "aws_s3_bucket" "the_bucket" { bucket = "${data.template_file.bucket_name.rendered}" acl = "private" website { index_document = "index.html" } policy = <<EOF { "Version": "2008-10-17", "Statement": [ { "Sid": "PublicReadForGetTestBucketObjects", "Effect": "Allow", "Principal": "*", 12
terraform challenges: endless updates due diff problems Terraform documentation https://github.com/hashicorp/terraform/issues/7045 13
terraform challenges: tfstate • Working with 9 people on same terraform code base • Terraform versions • Refactoring: extract to module changes resource names • Refactoring: move objects with tf state mv -state=terraform.tfstate.prod module.publish media prod module.publish media 14
Ansible
ansible cloud modules 16
set up backup bucket tasks: - name: Create backup aws user iam: iam_type: user name: "{{ backup_user_name }}" state: present access_key_state: create register: created_user # need this name for the template - name: Create backup bucket s3_bucket: name: "{{ backup_bucket_name }}" policy: "{{ lookup(’template’, ’bucket_policy.json.j2’) }}" versioning: true # to enable trash bin register: backup_bucket - name: Set retention for backups s3_lifecycle: name: "{{ backup_bucket_name }}" expiration_days: 30 17
CloudFormation
old json "UserData" : { "Fn::Base64" : { "Fn::Join" : ["", [ "#!/bin/bash -xen", "yum install -y aws-cfn-bootstrapn", "/opt/aws/bin/cfn-init -v ", " --stack ", { "Ref" : "AWS::StackName" }, " --resource LaunchConfig ", " --region ", { "Ref" : "AWS::Region" }, "n", "/opt/aws/bin/cfn-signal -e $? ", " --stack ", { "Ref" : "AWS::StackName" }, " --resource WebServerGroup ", " --region ", { "Ref" : "AWS::Region" }, "n" ]]}} } 19
cloudformation yaml UserData: Fn::Base64: !Sub | #!/bin/bash -xe yum update -y aws-cfn-bootstrap /opt/aws/bin/cfn-init -v --stack ${AWS::StackName} --resource LaunchConfig --region ${AWS::Region} /opt/aws/bin/cfn-signal -e $? --stack ${AWS::StackName} --resource WebServerGroup --region ${AWS::Region} 20
Which one to choose?
learn aws! Try to implement with CloudFormation first! • learn access and identity management (IAM) concepts • refer to permissions list http://amzn.to/2pPnT1p to implement principle of least privelege • use CloudFormation YAML format 22
orchestrate with ansible if needed • for more sophisticated templating and logic • when using multiple clouds • to store some state locally, e.g. generated credentials • to look up some state/parameters elsewhere 23
Thank you! 24
contact Vladimir Dobriakov available for consulting Twitter: @enterprise geek github: geekQ Blog http://infrastructure-as-code.de 25

Recommended

Infraestrutura Imutável na AWS usando Packer, Ansible, CloudFormation e Kuber...
Infraestrutura Imutável na AWS usando Packer, Ansible, CloudFormation e Kuber...Infraestrutura Imutável na AWS usando Packer, Ansible, CloudFormation e Kuber...
Infraestrutura Imutável na AWS usando Packer, Ansible, CloudFormation e Kuber...
Rodrigo Fior Kuntzer
 
Infrastructure as code with Puppet and Apache CloudStack
Infrastructure as code with Puppet and Apache CloudStackInfrastructure as code with Puppet and Apache CloudStack
Infrastructure as code with Puppet and Apache CloudStack
ke4qqq
 
Building Windows Images with Packer
Building Windows Images with PackerBuilding Windows Images with Packer
Building Windows Images with Packer
Matt Wrock
 
Introduction To Terraform
Introduction To TerraformIntroduction To Terraform
Introduction To Terraform
Sasitha Iresh
 
Environment for training models
Environment for training modelsEnvironment for training models
Environment for training models
FlyElephant
 
Puppet and CloudStack
Puppet and CloudStackPuppet and CloudStack
Puppet and CloudStack
ke4qqq
 
Terraforming the Kubernetes Land
Terraforming the Kubernetes LandTerraforming the Kubernetes Land
Terraforming the Kubernetes Land
Radek Simko
 
AWS Meetup - Sydney - March
AWS Meetup - Sydney - MarchAWS Meetup - Sydney - March
AWS Meetup - Sydney - March
markghiasy
 

Recommended

Infraestrutura Imutável na AWS usando Packer, Ansible, CloudFormation e Kuber...
Infraestrutura Imutável na AWS usando Packer, Ansible, CloudFormation e Kuber...Infraestrutura Imutável na AWS usando Packer, Ansible, CloudFormation e Kuber...
Infraestrutura Imutável na AWS usando Packer, Ansible, CloudFormation e Kuber...
Rodrigo Fior Kuntzer
 
Infrastructure as code with Puppet and Apache CloudStack
Infrastructure as code with Puppet and Apache CloudStackInfrastructure as code with Puppet and Apache CloudStack
Infrastructure as code with Puppet and Apache CloudStack
ke4qqq
 
Building Windows Images with Packer
Building Windows Images with PackerBuilding Windows Images with Packer
Building Windows Images with Packer
Matt Wrock
 
Introduction To Terraform
Introduction To TerraformIntroduction To Terraform
Introduction To Terraform
Sasitha Iresh
 
Environment for training models
Environment for training modelsEnvironment for training models
Environment for training models
FlyElephant
 
Puppet and CloudStack
Puppet and CloudStackPuppet and CloudStack
Puppet and CloudStack
ke4qqq
 
Terraforming the Kubernetes Land
Terraforming the Kubernetes LandTerraforming the Kubernetes Land
Terraforming the Kubernetes Land
Radek Simko
 
AWS Meetup - Sydney - March
AWS Meetup - Sydney - MarchAWS Meetup - Sydney - March
AWS Meetup - Sydney - March
markghiasy
 
Guava
GuavaGuava
Guava
fbenault
 
Guava Overview Part 2 Bucharest JUG #2
Guava Overview Part 2 Bucharest JUG #2 Guava Overview Part 2 Bucharest JUG #2
Guava Overview Part 2 Bucharest JUG #2
Andrei Savu
 
Redis for .NET Developers
Redis for .NET DevelopersRedis for .NET Developers
Redis for .NET Developers
Yuriy Guts
 
Hadoop enhancements using next gen IA technologies
Hadoop enhancements using next gen IA technologiesHadoop enhancements using next gen IA technologies
Hadoop enhancements using next gen IA technologies
Bigdata Meetup Kochi
 
Ufo Ship for AWS ECS
Ufo Ship for AWS ECSUfo Ship for AWS ECS
Ufo Ship for AWS ECS
Tung Nguyen
 
HaaS: HPCC Systems as a Service – BYOD to the Cloud Party
HaaS: HPCC Systems as a Service – BYOD to the Cloud PartyHaaS: HPCC Systems as a Service – BYOD to the Cloud Party
HaaS: HPCC Systems as a Service – BYOD to the Cloud Party
HPCC Systems
 
Dev ops meetup
Dev ops meetupDev ops meetup
Dev ops meetup
Bigdata Meetup Kochi
 
Etcd terraform by Alex Somesan
Etcd terraform by Alex SomesanEtcd terraform by Alex Somesan
Etcd terraform by Alex Somesan
Maarten van der Hoef
 
Declarative & workflow based infrastructure with Terraform
Declarative & workflow based infrastructure with TerraformDeclarative & workflow based infrastructure with Terraform
Declarative & workflow based infrastructure with Terraform
Radek Simko
 
PhpTour Lyon 2014 - Transparent caching & context aware http cache
PhpTour Lyon 2014 - Transparent caching & context aware http cachePhpTour Lyon 2014 - Transparent caching & context aware http cache
PhpTour Lyon 2014 - Transparent caching & context aware http cache
André Rømcke
 
Hybrid Cloud PHPUK2012
Hybrid Cloud PHPUK2012Hybrid Cloud PHPUK2012
Hybrid Cloud PHPUK2012
Combell NV
 
Hashidays London 2017 - Evolving your Infrastructure with Terraform By Nicki ...
Hashidays London 2017 - Evolving your Infrastructure with Terraform By Nicki ...Hashidays London 2017 - Evolving your Infrastructure with Terraform By Nicki ...
Hashidays London 2017 - Evolving your Infrastructure with Terraform By Nicki ...
OpenCredo
 
Google App Engine Developer - Day4
Google App Engine Developer - Day4Google App Engine Developer - Day4
Google App Engine Developer - Day4
Simon Su
 
Presto Overfview
Presto OverfviewPresto Overfview
Presto Overfview
Miguel Ping
 
Philipp Krenn "Elasticsearch (R)Evolution — You Know, for Search…"
Philipp Krenn "Elasticsearch (R)Evolution — You Know, for Search…"Philipp Krenn "Elasticsearch (R)Evolution — You Know, for Search…"
Philipp Krenn "Elasticsearch (R)Evolution — You Know, for Search…"
Fwdays
 
Elastic search integration with hadoop leveragebigdata
Elastic search integration with hadoop leveragebigdataElastic search integration with hadoop leveragebigdata
Elastic search integration with hadoop leveragebigdata
Pooja Gupta
 
Automated Hadoop Cluster Construction on EC2
Automated Hadoop Cluster Construction on EC2Automated Hadoop Cluster Construction on EC2
Automated Hadoop Cluster Construction on EC2
Mark Kerzner
 
Third Party Auth in WebObjects
Third Party Auth in WebObjectsThird Party Auth in WebObjects
Third Party Auth in WebObjects
WO Community
 
(APP306) Using AWS CloudFormation for Deployment and Management at Scale | AW...
(APP306) Using AWS CloudFormation for Deployment and Management at Scale | AW...(APP306) Using AWS CloudFormation for Deployment and Management at Scale | AW...
(APP306) Using AWS CloudFormation for Deployment and Management at Scale | AW...
Amazon Web Services
 
Terraform at Scale
Terraform at ScaleTerraform at Scale
Terraform at Scale
Calvin French-Owen
 
Terraform, Ansible, or pure CloudFormation?
Terraform, Ansible, or pure CloudFormation?Terraform, Ansible, or pure CloudFormation?
Terraform, Ansible, or pure CloudFormation?
geekQ
 
(APP313) NEW LAUNCH: Amazon EC2 Container Service in Action | AWS re:Invent 2014
(APP313) NEW LAUNCH: Amazon EC2 Container Service in Action | AWS re:Invent 2014(APP313) NEW LAUNCH: Amazon EC2 Container Service in Action | AWS re:Invent 2014
(APP313) NEW LAUNCH: Amazon EC2 Container Service in Action | AWS re:Invent 2014
Amazon Web Services
 

More Related Content

What's hot

HaaS: HPCC Systems as a Service – BYOD to the Cloud Party
HaaS: HPCC Systems as a Service – BYOD to the Cloud PartyHaaS: HPCC Systems as a Service – BYOD to the Cloud Party
HaaS: HPCC Systems as a Service – BYOD to the Cloud Party
HPCC Systems
 
Philipp Krenn "Elasticsearch (R)Evolution — You Know, for Search…"
Philipp Krenn "Elasticsearch (R)Evolution — You Know, for Search…"Philipp Krenn "Elasticsearch (R)Evolution — You Know, for Search…"
Philipp Krenn "Elasticsearch (R)Evolution — You Know, for Search…"
Fwdays
 
Elastic search integration with hadoop leveragebigdata
Elastic search integration with hadoop leveragebigdataElastic search integration with hadoop leveragebigdata
Elastic search integration with hadoop leveragebigdata
Pooja Gupta
 
Third Party Auth in WebObjects
Third Party Auth in WebObjectsThird Party Auth in WebObjects
Third Party Auth in WebObjects
WO Community
 
(APP306) Using AWS CloudFormation for Deployment and Management at Scale | AW...
(APP306) Using AWS CloudFormation for Deployment and Management at Scale | AW...(APP306) Using AWS CloudFormation for Deployment and Management at Scale | AW...
(APP306) Using AWS CloudFormation for Deployment and Management at Scale | AW...
Amazon Web Services
 
Terraform at Scale
Terraform at ScaleTerraform at Scale
Terraform at Scale
Calvin French-Owen
 

What's hot (20)

Guava
GuavaGuava
Guava
 
Guava Overview Part 2 Bucharest JUG #2
Guava Overview Part 2 Bucharest JUG #2 Guava Overview Part 2 Bucharest JUG #2
Guava Overview Part 2 Bucharest JUG #2
 
Redis for .NET Developers
Redis for .NET DevelopersRedis for .NET Developers
Redis for .NET Developers
 
Hadoop enhancements using next gen IA technologies
Hadoop enhancements using next gen IA technologiesHadoop enhancements using next gen IA technologies
Hadoop enhancements using next gen IA technologies
 
Ufo Ship for AWS ECS
Ufo Ship for AWS ECSUfo Ship for AWS ECS
Ufo Ship for AWS ECS
 
HaaS: HPCC Systems as a Service – BYOD to the Cloud Party
HaaS: HPCC Systems as a Service – BYOD to the Cloud PartyHaaS: HPCC Systems as a Service – BYOD to the Cloud Party
HaaS: HPCC Systems as a Service – BYOD to the Cloud Party
 
Dev ops meetup
Dev ops meetupDev ops meetup
Dev ops meetup
 
Etcd terraform by Alex Somesan
Etcd terraform by Alex SomesanEtcd terraform by Alex Somesan
Etcd terraform by Alex Somesan
 
Declarative & workflow based infrastructure with Terraform
Declarative & workflow based infrastructure with TerraformDeclarative & workflow based infrastructure with Terraform
Declarative & workflow based infrastructure with Terraform
 
PhpTour Lyon 2014 - Transparent caching & context aware http cache
PhpTour Lyon 2014 - Transparent caching & context aware http cachePhpTour Lyon 2014 - Transparent caching & context aware http cache
PhpTour Lyon 2014 - Transparent caching & context aware http cache
 
Hybrid Cloud PHPUK2012
Hybrid Cloud PHPUK2012Hybrid Cloud PHPUK2012
Hybrid Cloud PHPUK2012
 
Hashidays London 2017 - Evolving your Infrastructure with Terraform By Nicki ...
Hashidays London 2017 - Evolving your Infrastructure with Terraform By Nicki ...Hashidays London 2017 - Evolving your Infrastructure with Terraform By Nicki ...
Hashidays London 2017 - Evolving your Infrastructure with Terraform By Nicki ...
 
Google App Engine Developer - Day4
Google App Engine Developer - Day4Google App Engine Developer - Day4
Google App Engine Developer - Day4
 
Presto Overfview
Presto OverfviewPresto Overfview
Presto Overfview
 
Philipp Krenn "Elasticsearch (R)Evolution — You Know, for Search…"
Philipp Krenn "Elasticsearch (R)Evolution — You Know, for Search…"Philipp Krenn "Elasticsearch (R)Evolution — You Know, for Search…"
Philipp Krenn "Elasticsearch (R)Evolution — You Know, for Search…"
 
Elastic search integration with hadoop leveragebigdata
Elastic search integration with hadoop leveragebigdataElastic search integration with hadoop leveragebigdata
Elastic search integration with hadoop leveragebigdata
 
Automated Hadoop Cluster Construction on EC2
Automated Hadoop Cluster Construction on EC2Automated Hadoop Cluster Construction on EC2
Automated Hadoop Cluster Construction on EC2
 
Third Party Auth in WebObjects
Third Party Auth in WebObjectsThird Party Auth in WebObjects
Third Party Auth in WebObjects
 
(APP306) Using AWS CloudFormation for Deployment and Management at Scale | AW...
(APP306) Using AWS CloudFormation for Deployment and Management at Scale | AW...(APP306) Using AWS CloudFormation for Deployment and Management at Scale | AW...
(APP306) Using AWS CloudFormation for Deployment and Management at Scale | AW...
 
Terraform at Scale
Terraform at ScaleTerraform at Scale
Terraform at Scale
 

Similar to Terraform, Ansible or pure CloudFormation

(APP313) NEW LAUNCH: Amazon EC2 Container Service in Action | AWS re:Invent 2014
(APP313) NEW LAUNCH: Amazon EC2 Container Service in Action | AWS re:Invent 2014(APP313) NEW LAUNCH: Amazon EC2 Container Service in Action | AWS re:Invent 2014
(APP313) NEW LAUNCH: Amazon EC2 Container Service in Action | AWS re:Invent 2014
Amazon Web Services
 
Amazon ECS Deep Dive
Amazon ECS Deep DiveAmazon ECS Deep Dive
Amazon ECS Deep Dive
Amazon Web Services
 
Automating your Infrastructure Deployment with AWS CloudFormation and AWS Ops...
Automating your Infrastructure Deployment with AWS CloudFormation and AWS Ops...Automating your Infrastructure Deployment with AWS CloudFormation and AWS Ops...
Automating your Infrastructure Deployment with AWS CloudFormation and AWS Ops...
Amazon Web Services
 
대용량 데이타 쉽고 빠르게 분석하기 :: 김일호 솔루션즈 아키텍트 :: Gaming on AWS 2016
대용량 데이타 쉽고 빠르게 분석하기 :: 김일호 솔루션즈 아키텍트 :: Gaming on AWS 2016대용량 데이타 쉽고 빠르게 분석하기 :: 김일호 솔루션즈 아키텍트 :: Gaming on AWS 2016
대용량 데이타 쉽고 빠르게 분석하기 :: 김일호 솔루션즈 아키텍트 :: Gaming on AWS 2016
Amazon Web Services Korea
 

Similar to Terraform, Ansible or pure CloudFormation (20)

Terraform, Ansible, or pure CloudFormation?
Terraform, Ansible, or pure CloudFormation?Terraform, Ansible, or pure CloudFormation?
Terraform, Ansible, or pure CloudFormation?
 
(APP313) NEW LAUNCH: Amazon EC2 Container Service in Action | AWS re:Invent 2014
(APP313) NEW LAUNCH: Amazon EC2 Container Service in Action | AWS re:Invent 2014(APP313) NEW LAUNCH: Amazon EC2 Container Service in Action | AWS re:Invent 2014
(APP313) NEW LAUNCH: Amazon EC2 Container Service in Action | AWS re:Invent 2014
 
Just one-shade-of-openstack
Just one-shade-of-openstackJust one-shade-of-openstack
Just one-shade-of-openstack
 
Amazon ECS Deep Dive
Amazon ECS Deep DiveAmazon ECS Deep Dive
Amazon ECS Deep Dive
 
Deep Dive into Kubernetes - Part 2
Deep Dive into Kubernetes - Part 2Deep Dive into Kubernetes - Part 2
Deep Dive into Kubernetes - Part 2
 
Data manipulation for configuration management using Ansible
Data manipulation for configuration management using AnsibleData manipulation for configuration management using Ansible
Data manipulation for configuration management using Ansible
 
Immutable Deployments with AWS CloudFormation and AWS Lambda
Immutable Deployments with AWS CloudFormation and AWS LambdaImmutable Deployments with AWS CloudFormation and AWS Lambda
Immutable Deployments with AWS CloudFormation and AWS Lambda
 
DevOps for the Enterprise: Virtual Office Hours
DevOps for the Enterprise: Virtual Office HoursDevOps for the Enterprise: Virtual Office Hours
DevOps for the Enterprise: Virtual Office Hours
 
Who is afraid of privileged containers ?
Who is afraid of privileged containers ?Who is afraid of privileged containers ?
Who is afraid of privileged containers ?
 
Automating your Infrastructure Deployment with AWS CloudFormation and AWS Ops...
Automating your Infrastructure Deployment with AWS CloudFormation and AWS Ops...Automating your Infrastructure Deployment with AWS CloudFormation and AWS Ops...
Automating your Infrastructure Deployment with AWS CloudFormation and AWS Ops...
 
Security best practices for kubernetes deployment
Security best practices for kubernetes deployment Security best practices for kubernetes deployment
Security best practices for kubernetes deployment
 
Security best practices for kubernetes deployment
Security best practices for kubernetes deploymentSecurity best practices for kubernetes deployment
Security best practices for kubernetes deployment
 
Dev & Test on AWS Webinar October 2017 - IL Webinar
Dev & Test on AWS Webinar October 2017 - IL WebinarDev & Test on AWS Webinar October 2017 - IL Webinar
Dev & Test on AWS Webinar October 2017 - IL Webinar
 
My First Big Data Application
My First Big Data ApplicationMy First Big Data Application
My First Big Data Application
 
Deployment and Management on AWS:
 A Deep Dive on Options and Tools
Deployment and Management on AWS:
 A Deep Dive on Options and ToolsDeployment and Management on AWS:
 A Deep Dive on Options and Tools
Deployment and Management on AWS:
 A Deep Dive on Options and Tools
 
Deep Dive - Infrastructure as Code
Deep Dive - Infrastructure as CodeDeep Dive - Infrastructure as Code
Deep Dive - Infrastructure as Code
 
Amazon Web Services and Docker: from developing to production
Amazon Web Services and Docker: from developing to productionAmazon Web Services and Docker: from developing to production
Amazon Web Services and Docker: from developing to production
 
What Is AWS Elastic Kubernetes Service
What Is AWS Elastic Kubernetes Service What Is AWS Elastic Kubernetes Service
What Is AWS Elastic Kubernetes Service
 
대용량 데이타 쉽고 빠르게 분석하기 :: 김일호 솔루션즈 아키텍트 :: Gaming on AWS 2016
대용량 데이타 쉽고 빠르게 분석하기 :: 김일호 솔루션즈 아키텍트 :: Gaming on AWS 2016대용량 데이타 쉽고 빠르게 분석하기 :: 김일호 솔루션즈 아키텍트 :: Gaming on AWS 2016
대용량 데이타 쉽고 빠르게 분석하기 :: 김일호 솔루션즈 아키텍트 :: Gaming on AWS 2016
 
Introduction To Apache Mesos
Introduction To Apache MesosIntroduction To Apache Mesos
Introduction To Apache Mesos
 

Recently uploaded

Odoo vs Shopify: Why Odoo is Best for Ecommerce Website Builder in 2024
Odoo vs Shopify: Why Odoo is Best for Ecommerce Website Builder in 2024Odoo vs Shopify: Why Odoo is Best for Ecommerce Website Builder in 2024
Odoo vs Shopify: Why Odoo is Best for Ecommerce Website Builder in 2024
Primacy Infotech
 
Microsoft 365 Copilot; An AI tool changing the world of work _PDF.pdf
Microsoft 365 Copilot; An AI tool changing the world of work _PDF.pdfMicrosoft 365 Copilot; An AI tool changing the world of work _PDF.pdf
Microsoft 365 Copilot; An AI tool changing the world of work _PDF.pdf
Q-Advise
 
Jax, FL Admin Community Group 05.14.2024 Combined Deck
Jax, FL Admin Community Group 05.14.2024 Combined DeckJax, FL Admin Community Group 05.14.2024 Combined Deck
Jax, FL Admin Community Group 05.14.2024 Combined Deck
Marc Lester
 
Community is Just as Important as Code by Andrea Goulet
Community is Just as Important as Code by Andrea GouletCommunity is Just as Important as Code by Andrea Goulet
Community is Just as Important as Code by Andrea Goulet
Andrea Goulet
 

Recently uploaded (20)

Implementing KPIs and Right Metrics for Agile Delivery Teams.pdf
Implementing KPIs and Right Metrics for Agile Delivery Teams.pdfImplementing KPIs and Right Metrics for Agile Delivery Teams.pdf
Implementing KPIs and Right Metrics for Agile Delivery Teams.pdf
 
Modern binary build systems - PyCon 2024
Modern binary build systems - PyCon 2024Modern binary build systems - PyCon 2024
Modern binary build systems - PyCon 2024
 
how-to-download-files-safely-from-the-internet.pdf
how-to-download-files-safely-from-the-internet.pdfhow-to-download-files-safely-from-the-internet.pdf
how-to-download-files-safely-from-the-internet.pdf
 
COMPUTER AND ITS COMPONENTS PPT.by naitik sharma Class 9th A mittal internati...
COMPUTER AND ITS COMPONENTS PPT.by naitik sharma Class 9th A mittal internati...COMPUTER AND ITS COMPONENTS PPT.by naitik sharma Class 9th A mittal internati...
COMPUTER AND ITS COMPONENTS PPT.by naitik sharma Class 9th A mittal internati...
 
Odoo vs Shopify: Why Odoo is Best for Ecommerce Website Builder in 2024
Odoo vs Shopify: Why Odoo is Best for Ecommerce Website Builder in 2024Odoo vs Shopify: Why Odoo is Best for Ecommerce Website Builder in 2024
Odoo vs Shopify: Why Odoo is Best for Ecommerce Website Builder in 2024
 
Wired_2.0_CREATE YOUR ULTIMATE LEARNING ENVIRONMENT_JCON_16052024
Wired_2.0_CREATE YOUR ULTIMATE LEARNING ENVIRONMENT_JCON_16052024Wired_2.0_CREATE YOUR ULTIMATE LEARNING ENVIRONMENT_JCON_16052024
Wired_2.0_CREATE YOUR ULTIMATE LEARNING ENVIRONMENT_JCON_16052024
 
Microsoft 365 Copilot; An AI tool changing the world of work _PDF.pdf
Microsoft 365 Copilot; An AI tool changing the world of work _PDF.pdfMicrosoft 365 Copilot; An AI tool changing the world of work _PDF.pdf
Microsoft 365 Copilot; An AI tool changing the world of work _PDF.pdf
 
Jax, FL Admin Community Group 05.14.2024 Combined Deck
Jax, FL Admin Community Group 05.14.2024 Combined DeckJax, FL Admin Community Group 05.14.2024 Combined Deck
Jax, FL Admin Community Group 05.14.2024 Combined Deck
 
Secure Software Ecosystem Teqnation 2024
Secure Software Ecosystem Teqnation 2024Secure Software Ecosystem Teqnation 2024
Secure Software Ecosystem Teqnation 2024
 
Anypoint Code Builder - Munich MuleSoft Meetup - 16th May 2024
Anypoint Code Builder - Munich MuleSoft Meetup - 16th May 2024Anypoint Code Builder - Munich MuleSoft Meetup - 16th May 2024
Anypoint Code Builder - Munich MuleSoft Meetup - 16th May 2024
 
Crafting the Perfect Measurement Sheet with PLM Integration
Crafting the Perfect Measurement Sheet with PLM IntegrationCrafting the Perfect Measurement Sheet with PLM Integration
Crafting the Perfect Measurement Sheet with PLM Integration
 
Weeding your micro service landscape.pdf
Weeding your micro service landscape.pdfWeeding your micro service landscape.pdf
Weeding your micro service landscape.pdf
 
5 Reasons Driving Warehouse Management Systems Demand
5 Reasons Driving Warehouse Management Systems Demand5 Reasons Driving Warehouse Management Systems Demand
5 Reasons Driving Warehouse Management Systems Demand
 
GraphSummit Stockholm - Neo4j - Knowledge Graphs and Product Updates
GraphSummit Stockholm - Neo4j - Knowledge Graphs and Product UpdatesGraphSummit Stockholm - Neo4j - Knowledge Graphs and Product Updates
GraphSummit Stockholm - Neo4j - Knowledge Graphs and Product Updates
 
What need to be mastered as AI-Powered Java Developers
What need to be mastered as AI-Powered Java DevelopersWhat need to be mastered as AI-Powered Java Developers
What need to be mastered as AI-Powered Java Developers
 
Workshop: Enabling GenAI Breakthroughs with Knowledge Graphs - GraphSummit Milan
Workshop: Enabling GenAI Breakthroughs with Knowledge Graphs - GraphSummit MilanWorkshop: Enabling GenAI Breakthroughs with Knowledge Graphs - GraphSummit Milan
Workshop: Enabling GenAI Breakthroughs with Knowledge Graphs - GraphSummit Milan
 
Reinforcement Learning – a Rewards Based Approach to Machine Learning - Marko...
Reinforcement Learning – a Rewards Based Approach to Machine Learning - Marko...Reinforcement Learning – a Rewards Based Approach to Machine Learning - Marko...
Reinforcement Learning – a Rewards Based Approach to Machine Learning - Marko...
 
A Deep Dive into Secure Product Development Frameworks.pdf
A Deep Dive into Secure Product Development Frameworks.pdfA Deep Dive into Secure Product Development Frameworks.pdf
A Deep Dive into Secure Product Development Frameworks.pdf
 
Food Delivery Business App Development Guide 2024
Food Delivery Business App Development Guide 2024Food Delivery Business App Development Guide 2024
Food Delivery Business App Development Guide 2024
 
Community is Just as Important as Code by Andrea Goulet
Community is Just as Important as Code by Andrea GouletCommunity is Just as Important as Code by Andrea Goulet
Community is Just as Important as Code by Andrea Goulet
 

Terraform, Ansible or pure CloudFormation

  • 1. Terraform, Ansible, or pure CloudFormation? Vladimir Dobriakov AWS Tech Community Days Cologne, September 27th and 28th
  • 2. infrastructure coder Infrastructure as Code • put under source control: diffable, traceable, reproducible • aim for simplicity - orthogonal concepts • unit tests, integration tests and CI 1
  • 4. 3
  • 5. implementation Hosting - 400 VMs in OpenStack public cloud - moving to private cloud - moved applications to kubernetes - some AWS People - 40 dev (5 teams) - 10 ops 24x7 4
  • 6. our aws usage AWS Use Case 1: Media Assets AWS Use Case 2: DB Backup Offsite DB backup for SQL databases. 5
  • 8. terraform: nice syntax resource "aws_iam_user" "deploy_user" { name = "deploy-${var.topic}${var.suffix}" } resource "aws_iam_access_key" "deploy_user" { user = "${aws_iam_user.deploy_user.name}" } resource "aws_s3_bucket" "the_bucket" { bucket = "${data.template_file.bucket_name.rendered}" policy = <<EOF ... "Principal": {"AWS": "${aws_iam_user.deploy_user.arn}"} } output access_key_id { value = "${aws_iam_access_key.deploy_user.id}" } 7
  • 9. terraform advantages • nice, clean syntax • examples very readable, takes fear from starting infrastructure as code • ”plan” feature 8
  • 11. terraform challenges: resources docs Terraform is not an abstraction layer across providers! Need to dive into AWS docs anyway: resource "aws_s3_bucket" "the_bucket" { bucket = "${data.template_file.bucket_name.rendered}" cors_rule { expose_headers = ??? 10
  • 12. terraform challenges: resources docs Terraform documentation https://www.terraform.io/docs/providers/aws/r/s3 bucket.html AWS documentation 11
  • 13. terraform challenges: syntax break Sometimes requires copy+paste from AWS console: resource "aws_s3_bucket" "the_bucket" { bucket = "${data.template_file.bucket_name.rendered}" acl = "private" website { index_document = "index.html" } policy = <<EOF { "Version": "2008-10-17", "Statement": [ { "Sid": "PublicReadForGetTestBucketObjects", "Effect": "Allow", "Principal": "*", 12
  • 14. terraform challenges: endless updates due diff problems Terraform documentation https://github.com/hashicorp/terraform/issues/7045 13
  • 15. terraform challenges: tfstate • Working with 9 people on same terraform code base • Terraform versions • Refactoring: extract to module changes resource names • Refactoring: move objects with tf state mv -state=terraform.tfstate.prod module.publish media prod module.publish media 14
  • 18. set up backup bucket tasks: - name: Create backup aws user iam: iam_type: user name: "{{ backup_user_name }}" state: present access_key_state: create register: created_user # need this name for the template - name: Create backup bucket s3_bucket: name: "{{ backup_bucket_name }}" policy: "{{ lookup(’template’, ’bucket_policy.json.j2’) }}" versioning: true # to enable trash bin register: backup_bucket - name: Set retention for backups s3_lifecycle: name: "{{ backup_bucket_name }}" expiration_days: 30 17
  • 20. old json "UserData" : { "Fn::Base64" : { "Fn::Join" : ["", [ "#!/bin/bash -xen", "yum install -y aws-cfn-bootstrapn", "/opt/aws/bin/cfn-init -v ", " --stack ", { "Ref" : "AWS::StackName" }, " --resource LaunchConfig ", " --region ", { "Ref" : "AWS::Region" }, "n", "/opt/aws/bin/cfn-signal -e $? ", " --stack ", { "Ref" : "AWS::StackName" }, " --resource WebServerGroup ", " --region ", { "Ref" : "AWS::Region" }, "n" ]]}} } 19
  • 21. cloudformation yaml UserData: Fn::Base64: !Sub | #!/bin/bash -xe yum update -y aws-cfn-bootstrap /opt/aws/bin/cfn-init -v --stack ${AWS::StackName} --resource LaunchConfig --region ${AWS::Region} /opt/aws/bin/cfn-signal -e $? --stack ${AWS::StackName} --resource WebServerGroup --region ${AWS::Region} 20
  • 22. Which one to choose?
  • 23. learn aws! Try to implement with CloudFormation first! • learn access and identity management (IAM) concepts • refer to permissions list http://amzn.to/2pPnT1p to implement principle of least privelege • use CloudFormation YAML format 22
  • 24. orchestrate with ansible if needed • for more sophisticated templating and logic • when using multiple clouds • to store some state locally, e.g. generated credentials • to look up some state/parameters elsewhere 23
  • 26. contact Vladimir Dobriakov available for consulting Twitter: @enterprise geek github: geekQ Blog http://infrastructure-as-code.de 25