Download to read offline
Uploaded byCobus Bernard
AWS SSA Webinar 28 - Getting Started with AWS - Infrastructure as Code
This document discusses Infrastructure as Code (IaC), highlighting tools such as AWS CloudFormation, AWS Serverless Application Model (SAM), and AWS Cloud Development Kit (CDK). It emphasizes the benefits of making infrastructure changes predictable and repeatable through automation and version control. Additionally, it provides best practices for implementing these tools and tips for managing infrastructure effectively.
More Related Content
![[AWS Builders] Effective AWS Glue](https://cdn.slidesharecdn.com/ss_thumbnails/awsbuildersaws301effectiveawsgluetaehyunkim-190306061037-thumbnail.jpg?width=640&height=640&fit=bounds)
![IVS CTO Night And Day 2018 Winter - [re:Cap] Containers & Microservices](https://cdn.slidesharecdn.com/ss_thumbnails/20181218recap-containersctonightday2018w-190115185357-thumbnail.jpg?width=640&height=640&fit=bounds)
Similar to AWS SSA Webinar 28 - Getting Started with AWS - Infrastructure as Code
More from Cobus Bernard
AWS SSA Webinar 28 - Getting Started with AWS - Infrastructure as Code
- 1. Cobus Bernard Sr DeveloperAdvocate Amazon Web Services GettingStartedAWS: Infrastructure asCode @cobusbernard cobusbernard cobusbernard CobusCloud
- 2. © 2020, AmazonWeb Services, Inc. or its Affiliates.© 2020, Amazon Web Services, Inc. or its Affiliates. Agenda What is Infrastructure as Code AWS CloudFormation AWS Serverless Application Model (SAM) AWS CDK HashiCorp Terraform Q & A
- 3. © 2020, AmazonWeb Services, Inc. or its Affiliates. Agenda for today • What is Infrastructure as Code • AWS CloudFormation • AWS Serverless Application Model (SAM) • AWS Cloud Development Kit (CDK) • OtherTools out there • Some Best Practices • Wrap up
- 4. © 2020, AmazonWeb Services, Inc. or its Affiliates. What is Infrastructure as Code?
- 5. © 2020, AmazonWeb Services, Inc. or its Affiliates.
- 6. © 2020, AmazonWeb Services, Inc. or its Affiliates.
- 7. © 2020, AmazonWeb Services, Inc. or its Affiliates. Infrastructure as code ✓ Make infrastructure changes repeatable and predictable ✓ Release infrastructure changes using the same tools as code changes ✓ Replicate production in a staging environment to enable continuous testing
- 8. © 2020, AmazonWeb Services, Inc. or its Affiliates. Infrastructure as code Declarative I tell you what I need I tell you what to do Imperative
- 9. © 2020, AmazonWeb Services, Inc. or its Affiliates. AWS CloudFormation
- 10. © 2020, AmazonWeb Services, Inc. or its Affiliates. AWS CloudFormation • Infrastructure as code (IaC) • Provides a common language for you to describe and provision all the infrastructure resources in your cloud environment • Build and rebuild your infrastructure and applications, without having to perform manual actions or write custom scripts https://aws.amazon.com/cloudformation/
- 11. © 2020, AmazonWeb Services, Inc. or its Affiliates. SampleAWSCloudFormationcode • Code is written in files called templates • A stack is generated from a template • Templates primarily define resources for an application • AWS CloudFormation can create over 490 types of resources • Each resource is configured based on its available properties • Dependencies can be explicitly declared or implicitly discovered AWSTemplateFormatVersion: "2010-09-09" Description: A CodeCommit Repo and Cloud9 Environment Resources: MyRepo: Type: "AWS::CodeCommit::Repository" Properties: RepositoryName: MyRepo RepositoryDescription: Sample Repository for Demo MyC9Environment: Type: "AWS::Cloud9::EnvironmentEC2" Properties: Repositories: - PathComponent: /cfn RepositoryUrl: !GetAtt MyRepo.CloneUrlHttp InstanceType: t2.micro
- 12. © 2020, AmazonWeb Services, Inc. or its Affiliates. AnatomyofanAWSCloudFormationtemplate • Resources • Parameters and Mappings • Conditions • Outputs
- 13. © 2020, AmazonWeb Services, Inc. or its Affiliates. Testingviapipelines • As you would with other application code, templates should be version controlled and tested via CI/CD pipelines • The linter can be run in an AWS CodeBuild step to ensure that teams comply with rules and standards • Additional tools, like taskcat (available on GitHub), allow tests across regions Git push Templates AWS CodeCommit AWS CodePipeline AWS CodeBuild AWS CloudFormation Region AWS CodeDeploy
- 14. © 2020, AmazonWeb Services, Inc. or its Affiliates. What about other infrastructure?
- 15. © 2020, AmazonWeb Services, Inc. or its Affiliates. CloudFormation registry Open CLI Open providers AWS CloudFormation registry An open approach to managing external resources
- 16. © 2020, AmazonWeb Services, Inc. or its Affiliates. AWSCloudFormationregistryandCLI • Allows AWS CloudFormation to support native and non-AWS resources while inheriting many core benefits like rollbacks • Use the AWS CloudFormation CLI tool to create resource providers using JSON schema-driven development, generating many of the code assets for you • Use third-party resource providers as you would use native AWS resource types
- 17. © 2020, AmazonWeb Services, Inc. or its Affiliates. AWS Serverless Application Model (SAM)
- 18. © 2020, AmazonWeb Services, Inc. or its Affiliates. Model function environments with AWS Serverless Application Model (SAM) • Open source framework for building serverless applications on AWS • Shorthand syntax to express functions, APIs, databases, and event source mappings • Transforms and expands SAM syntax into AWS CloudFormation syntax on deployment • Supports all AWS CloudFormation resource types https://aws.amazon.com/serverless/sam/
- 19. © 2020, AmazonWeb Services, Inc. or its Affiliates. SAM template AWSTemplateFormatVersion: '2010-09-09’ Transform: AWS::Serverless-2016-10-31 Resources: MySimpleTableFunction: Type: AWS::Serverless::Function Properties: Handler: mySimpleTableFunction.handler Runtime: nodejs12.x CodeUri: ./functions Policies: - DynamoDBReadPolicy: TableName: !Ref MySimpleTable Events: MySimpleFunctionApi: Type: Api Properties: Path: /simpleTable Method: GET MySimpleTable: Type: AWS::Serverless::SimpleTable Just 20 lines to create: • Lambda function • IAM role • API Gateway
- 20. © 2020, AmazonWeb Services, Inc. or its Affiliates. AWS SAM CLI • Create, build, test, and deploy AWS SAM applications • Step-through debugging and IDE support • Open source! • https://github.com/awslabs/aws- sam-cli
- 21. © 2020, AmazonWeb Services, Inc. or its Affiliates. Use SAM CLI to package and deploy SAM templates pip install --user aws-sam-cli # Or even better use native installers sam init --name my-app --runtime python cd my-app/ sam local ... # generate-event/invoke/start-api/start-lambda sam validate # The SAM template sam build # Depending on the runtime sam package --s3-bucket my-packages-bucket --output-template-file packaged.yaml sam deploy --template-file packaged.yaml --stack-name my-stack-prod sam logs -n MyFunction --stack-name my-stack-prod -t # Tail sam publish # To the Serverless Application Repository CodePipeline Use CloudFormation deployment actions with any SAM application Jenkins Use SAM CLI plugin
- 22. © 2020, AmazonWeb Services, Inc. or its Affiliates. AWS Cloud Development Kit (CDK)
- 23. © 2020, AmazonWeb Services, Inc. or its Affiliates. AWSCloudDevelopmentKit(AWSCDK) A multi-language development framework for modeling infrastructure as reusable components
- 24. © 2020, AmazonWeb Services, Inc. or its Affiliates. Fromconstructstothecloud
- 25. © 2020, AmazonWeb Services, Inc. or its Affiliates. AWS CDK Constructs
- 26. © 2020, AmazonWeb Services, Inc. or its Affiliates. HashiCorpTerraform
- 27. © 2020, AmazonWeb Services, Inc. or its Affiliates. HashiCorp Configuration Language (HCL) provider "aws" { region = "eu-west-1" } resource "aws_instance" "web" { ami = data.aws_ami.ubuntu.id instance_type = "t2.micro" tags = { Name = "🚀 Terraforming AWS 🚀" } }
- 28. © 2020, AmazonWeb Services, Inc. or its Affiliates. Terraform Statefile { "version": 3, "serial": 1, "lineage": "f0548872-7819-974d-5df7-34653dacd3a1", "backend": { "type": "s3", "config": { "access_key": null, "acl": null, "assume_role_policy": null,
- 29. © 2020, AmazonWeb Services, Inc. or its Affiliates. Terraform Modules # Using the module from https://github.com/terraform- aws-modules/terraform-aws-vpc module "vpc" { source = "terraform-aws-modules/vpc/aws" name = "AWS SSA Webinar" cidr = var.vpc_cidr azs = var.azs private_subnets = var.private_subnets public_subnets = var.public_subnets }
- 30. © 2020, AmazonWeb Services, Inc. or its Affiliates. Takeaways! • Start with something small, but try to start as early as possible • Treat it like your code: PRs, CI/CD,Version controlled • Try more than one tool to find the one that fits your need / style • Split your infrastructure into smaller blocks to reduce blast radius
- 31. © 2020, AmazonWeb Services, Inc. or its Affiliates.
- 32. Thank you! © 2020,Amazon Web Services, Inc. or its affiliates. All rights reserved. Cobus Bernard Sr Developer Advocate Amazon Web Services @cobusbernard cobusbernard cobusbernard CobusCloud
Editor's Notes
- #4 Here is a few things we will be talking about today – I promise to make it more interesting than this slide!
- #5 So, the first question of today is - well what is Infrastructure as Code? Why Should you use it? Should you use it at all? Hmm … let’s just step back in time a bit … click
- #6 Long gone are the times of racking and stacking – with the move towards the cloud, our speed and agility has increased. And the way to keep up with it to change our approach to provisioning infrastructure. (Story about provisioning from the past)
- #7 And this is how it all looks now – wow – lot less cables and a lot less racking and stacking.
- #8 You can use the same tools and processes as for software development: versioning & version control, reusability, automation, CI/CD, code reviews and automated testing.
- #9 You can use the same tools and processes as for software development: versioning & version control, reusability, automation, CI/CD, code reviews and automated testing.
- #10 So, the first question of today is - well what is Infrastructure as Code? Why Should you use it? Should you use it at all? Hmm … let’s just step back in time a bit … click
- #11 Launched in 2011
- #12 Here is how a CloudFormation code snipped looks like – and you have seen this before in one of my slides. In essence we write code into templates – it can be JSON (if you are a robot) or YAML if you like tab-spacing. Once that code is ”executed” we create these things called stacks – and it said stacks we have our resources. Those resources (of which cloudformation supports over 490) can be configured with a predefined set of properties (eg. An instance size for an EC2 instance), and CloudFormation takes care of dependancies for us – but we can also declare some for ourselves.
- #13 The Resources section is the only mandatory section required in a template file Parameters and Mappings can help make a template reusable across environments, regions, and other use cases Conditions, as in other programs, can change the behavior of an operation from, for example, development to production environments Outputs can aid users to quickly access managed resources
- #16 Last week, we announced and released Cloud Formation registry, a new open extensibility model for Cloud Formation. With the AWS CloudFormation Registry, you can develop and submit, discover, and manage custom or external resource providers. Once a resource provider is published in the AWS CloudFormation Registry, it can be used to manage third party resources in the same way as native AWS resource providers. It differentiates between Private and Public Resources. This new functionality will also work out of the box with services such as AWS Control Tower and AWS Service Catalog to help you with governance and resource compliance, and AWS CloudFormation StackSets for cross-account and cross-region management. You can develop your own resource providers using the AWS CloudFormation CLI, a new open source developer tool, ( documentation & CLI in GitHub as of November 14th ), and publish them to the Registry. The new CLI includes code generation and local testing capabilities to streamline your development process. To help you get started, you can also use the open sourced AWS Simple Email Service and CloudWatch Logs examples. But think about what technology partners can do with an open extensible model. This is the really exciting news here..
- #18 So, the first question of today is - well what is Infrastructure as Code? Why Should you use it? Should you use it at all? Hmm … let’s just step back in time a bit … click
- #19 So lets walk through a couple of different tools for iac, that are specific to serverless. One is the serverless application model for developers of serverless applications. This is a open source framework for build serverless applications on aws. You can think of this as a short hand syntax to express functions, apis, the databases that your functions are using and the event source mappings. So what happens when you deploy this sam template, it that it all gets expanded out into CloudFormation syntax. Because it is based on CloudFormation, it supports all the resource types out of the box automatically.
- #20 This is an example of a sam template. It is a short hand syntax for your serverless application. I m expressing a serverless function and I am expressing the api that will trigger the function, the api gateway. But notice that I don’t need to specify that api gateway. And lower down you can see serverless simple table. These are less than 20 lines of yml that actually expand into a lambda function, all the necessary iam roles and policies, an api gateway that trigger the lambda and a table.
- #23 So, the first question of today is - well what is Infrastructure as Code? Why Should you use it? Should you use it at all? Hmm … let’s just step back in time a bit … click
- #24 So in essence CDK is a Multi language framework that allows you to model your infrastructure as … well … code ! We can use common languages to define our Infrastructure: JS/TS, Python Java C# Before going anywhere further – I need to talk about one of our customers on this topic!
- #25 How it works is you write constructs – Apps, Stacks and resources – that gets synthesized by CDK CLI turned into CloudFormation anll the required Assets (like Lambda functions to S3) and the by usingCloudFormaton it gets deployed to the cloud.s
- #26 CFN resource constructs – all resources in specification AWS Serbice constructs – higher-level abstractions with sensible defaults Design Patterns constructs – opinionated reference architectures and design patterns using multiple AWS services
- #27 So, the first question of today is - well what is Infrastructure as Code? Why Should you use it? Should you use it at all? Hmm … let’s just step back in time a bit … click
- #31 But … lets get to the main queston here … click
- #32 Hmmm …