SlideShare a Scribd company logo

CloudFormation Best Practices

Amazon Web Services
Amazon Web Services

This document provides an overview and best practices for using AWS CloudFormation. It discusses what CloudFormation is, why it is useful for implementing infrastructure as code, and the key components of CloudFormation templates like parameters, mappings, resources and outputs. It also covers best practices for planning templates, creating templates, and managing CloudFormation stacks.

1 of 46
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS CloudFormation Best Practices
Who is Jeff Levine? • Enterprise Solution Architect based in So. Cal. • With AWS since January 2016 • Work with customers in • Healthcare • Finance • Technology
Agenda • What is AWS CloudFormation? • Why AWS CloudFormation? • Template structure (high but not deep) • Best Practices
What is AWS CloudFormation? • AWS CloudFormation gives developers and systems administrators an easy way to use templates to create and manage a collection of related AWS resources, provisioning and updating them in an orderly and predictable fashion. • CloudFormation templates can be written in YAML or JSON.
Why AWS CloudFormation? • AWS CloudFormation enables you to implement Infrastructure as Code. • Similar to how we compile source code to get object code, we use AWS CloudFormation to process infrastructure templates and produce infrastructure. • Templates can be version-controlled like source code. • Can be incorporated into CI/CD pipelines. • Everything is software!
CloudFormation Anatomy
Template Anatomy --- AWSTemplateFormatVersion: "version date" Description: String Metadata: template metadata Parameters: set of parameters Mappings: set of mappings Conditions: set of conditions Transform: set of transforms Resources: set of resources Outputs: set of outputs
CloudFormation Parameters
Parameters • Allow you to solicit values from user at runtime • Options • Arbitrary string values • Data type (string, number, lists) • Pattern matching • Minimum and maximum lengths • Echo suppression • AWS Specific Parameters • Subnets, VPCs, KeyPairs, AZs, etc.
Parameters - Examples Parameters: DBPort: Default: 3306 Description: “Database TCP Port” Type: Number MinValue: 1150 MaxValue: 65535 myKeyPair: Description: “Amazon EC2 Key Pair” Type: "AWS::EC2::KeyPair::KeyName"
CloudFormation Mappings
Mappings – Create Key / Value Lookup Sets ImageId: !FindInMap [ RegionMap, !Ref 'AWS::Region', AmazonLinux] Mappings: RegionMap: ap-northeast-1: # Tokyo AmazonLinux: ami-bbf2f9dc ap-northeast-2: # Seoul AmazonLinux: ami-9bab74f5 ap-southeast-1: # Singapore AmazonLinux: ami-58d65b3b …
CloudFormation Resources
Resources – Create AWS Resources Examples of resources: • Subnets • VPCs • EC2 Instances • Route tables • Static routes • …. CloudFormation automatically provisions and deprovisions resources in the correct order…most of the time. (Sometimes a “DependsOn” key is needed.)
Resources – Example Resources: MyVPC: Type: AWS::EC2::VPC Properties: CidrBlock: 10.200.0.0/16 EnableDnsSupport: 'true' EnableDnsHostnames: 'true'
You may need more resources than you think! What resources do you need to create a VPC with an internet-facing web server? • Vpc • Subnet • InternetGateway • VpcGatewayAttachment • RouteTable • Route • InstanceRole • InstanceProfile • Security Group • EC2 Instance
CloudFormation Stack Resources Consider the following scenario: Suppose you want to create several web environments each of which Apache server that has a very complex, but identical configuration. You could create a CloudFormation template for each environment that includes all of the lines needed to create the Apache server. Or….
CloudFormation Nested Stack Resources You can use nested stacks! Resources: ApacheServer: Type: "AWS::CloudFormation::Stack" TemplateURL: "https://s3.amazonaws.com/Apache..." TimeoutInMinutes: 10
CloudFormation Nested Stack Resources • Nested stacks create an parent/child stack relationship. • Each time the parent template is invoked, a child stack is also created. • A child stack only has one parent. • Allows you to re-use templates. • You can create a library of templates that are used across your enterprise.
CloudFormation Outputs
Outputs Allow you to: • Declare values that can be displayed on the console or be retrieved through “describe stack” API calls. • Optionally export a value that can be imported by other CloudFormation Stacks as cross-stack references.
Cross-Stack References Stack 1 exports the value: Outputs: TSSG: Value: !Ref TroubleShootingSG Export: Name: AccountSG Stack 2 imports the value: EC2Instance: Type: AWS::EC2::Instance Properties: SecurityGroups: - !ImportValue AccountSG Cross-stack references allow for one resource to be shared across multiple stacks.
CloudFormation Best Practices Planning and Organizing
Organize Your Stacks by Lifecycle and Ownership • Many people start out with one stack. • As your stack grows in scale and broadens in scope, managing a single stack can be cumbersome and time consuming. • Grouping resources with common lifecycles and ownership lets owners can make changes to their set of resources by using their own process and schedule without affecting other resources. • Practice lends itself to service-oriented architectures.
Use Nested Stacks to Replicate Resources in Environments • After you have your stacks and resources set up, you can reuse your templates to replicate your infrastructure in multiple environments. For example, you may use a child template to create an Amazon Linux instance and then call that multiple times within a parent CloudFormation template that creates a VPC. • Use the parameters, mappings, and conditions sections so that you can customize your stacks when you create them. For example, for your development environments, you can specify a lower-cost instance type compared to your production environment.
Use Cross-Stack Resources to Export Shared Resources • When you organize your AWS resources based on lifecycle and ownership, you might want to build a stack that uses resources that are in another stack. • Use cross-stack references to export resources from a stack so that other stacks can use them. Stacks can use the exported resources by calling them using the Fn::ImportValue function.
Use IAM to Restrict CloudFormation’s Privileges • CloudFormation normally works with the IAM permissions of the user who invokes it. • You can create a service role for CloudFormation if you want it to run with a more limited set of capabilities.
Verify Resource Limits • Resources often have limits associated with them. • Limits are there to protect you! • CloudFormation will by default rollback an entire stack if it is unable to create a resource. • Use Trusted Advisor to monitor common limits. • Request limit increases from AWS Support as appropriate.
CloudFormation Best Practices Creating Templates
Do Not Embed Credentials in Templates • Do not embed sensitive information in your AWS CloudFormation templates. • Use input parameters to pass in information whenever you create or update a stack. • Use the NoEcho property to obfuscate the parameter value.
Use AWS-Specific Parameter Types • If your template requires inputs for existing AWS-specific values, such as existing Amazon Virtual Private Cloud IDs or an Amazon EC2 key pair name, use AWS-specific parameter types. • If you use the AWS CloudFormation console, AWS CloudFormation shows a drop-down list of valid values, so you don't have to look up or memorize the correct VPC IDs or key pair names.
Use Parameter Constraints • With constraints, you can describe allowed input values so that AWS CloudFormation catches any invalid values before creating a stack. • For example, you can set constraints on a database user name value so that it must be a minimum length of eight character and contain only alpha-numeric characters.
Use AWS::CloudFormation:Init to Configure EC2 Instances • When you launch stacks, you can install and configure software applications on Amazon EC2 instances by using the cfn-init helper script and the AWS::CloudFormation::Init resource. • By using AWS::CloudFormation::Init, you can describe the configurations that you want rather than having someone manual procedural steps.
Use the Latest Helper Scripts • The helper scripts are updated periodically. • Include the following command in the UserData property of your template before you call the helper scripts to ensure that your launched instances get the latest helper scripts (Amazon Linux version): yum install -y aws-cfn-bootstrap
Validate Templates Before Using Them • Before you use a template to create or update a stack, you can use AWS CloudFormation to validate it. Validating a template can help you catch syntax and some semantic errors, such as circular dependencies, before AWS CloudFormation creates any resources. • The AWS CloudFormation console, the console automatically validates the template after you specify input parameters. • For the AWS CLI or AWS CloudFormation API, use the aws cloudformation validate-template command or ValidateTemplate action.
CloudFormation Best Practices Managing Stacks
Manage All Stack Resources Through CloudFormation • After you launch a stack, use the AWS CloudFormation console, API, or AWS CLI to update resources in your stack. • Do not make changes to stack resources outside of AWS CloudFormation. Doing so can create a mismatch between your stack's template and the current state of your stack resources, which can cause errors if you update or delete the stack. • Follow principle of Immutable Architectures when possible. • Avoid configuration drift.
Create Change Sets Before Performing Updates • Change sets allow you to see how proposed changes to a stack might impact your running resources before you implement them. AWS CloudFormation doesn't make any changes to your stack until you execute the change set, allowing you to decide whether to proceed with your proposed changes or create another change set. • For example, if you change the name of an Amazon RDS database instance, AWS CloudFormation will create a new database and delete the old one. If you generate a change set, you will see that your change will replace your database.
Use Stack Policies • When you create a stack, all update actions are allowed on all resources. By default, anyone with stack update permissions can update all of the resources in the stack. • A stack policy is a JSON document that defines the update actions that can be performed on designated resources. • Use a stack policy only as a fail-safe mechanism to prevent accidental updates to specific stack resources. To control access to AWS resources or actions, use IAM.
Use CloudTrail to Log CloudFormation Calls • AWS CloudTrail tracks anyone making AWS CloudFormation API calls in your AWS account. API calls are logged whenever anyone uses the AWS CloudFormation API, the AWS CloudFormation console, a back- end console, or AWS CloudFormation AWS CLI commands. • You can then audit who made what AWS CloudFormation call in your account.
Perform Code Review of CloudFormation Templates • Your stack templates describe the configuration of your AWS resources, such as their property values. To review changes and to keep an accurate history of your resources, use code reviews and revision controls. • Treat your CloudFormation templates as source code! • Infrastructure as Code!
Regularly Update EC2 Images Post Creation • On all your Amazon EC2 Linux instances and Amazon EC2 Linux instances created with AWS CloudFormation, regularly run the command: yum update • This ensures that you get the latest fixes and security updates.
Helpful Resources AWS CloudFormation Documentation https://aws.amazon.com/documentation/cloudformation/ AWS CloudFormation Sample Templates https://aws.amazon.com/cloudformation/aws-cloudformation-templates/
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Demo!
Demo – Nested Stacks and Cross-Stack References CFDemoVPC.yaml Exported: VpcId AzName SubnetId SecurityGroup Id CFDemoEC2.yaml AmazonLinux01 (nested) CFDemoEC2.yaml AmazonLinux02 (nested) CFDemoMain.yaml Import
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Thank you!

Recommended

K8s on AWS: Introducing Amazon EKS
K8s on AWS: Introducing Amazon EKSK8s on AWS: Introducing Amazon EKS
K8s on AWS: Introducing Amazon EKS
Amazon Web Services
 
AWS CloudFormation Masterclass
AWS CloudFormation MasterclassAWS CloudFormation Masterclass
AWS CloudFormation Masterclass
Amazon Web Services
 
HSBC and AWS Day - AWS foundations
HSBC and AWS Day - AWS foundationsHSBC and AWS Day - AWS foundations
HSBC and AWS Day - AWS foundations
Amazon Web Services
 
AWS와 함께하는 클라우드 컴퓨팅 (강철 AWS 매니저) :: AWS 기초 교육 온라인 세미나
AWS와 함께하는 클라우드 컴퓨팅 (강철 AWS 매니저) :: AWS 기초 교육 온라인 세미나AWS와 함께하는 클라우드 컴퓨팅 (강철 AWS 매니저) :: AWS 기초 교육 온라인 세미나
AWS와 함께하는 클라우드 컴퓨팅 (강철 AWS 매니저) :: AWS 기초 교육 온라인 세미나
Amazon Web Services Korea
 
Deep dive ECS & Fargate Deep Dive
Deep dive ECS & Fargate Deep DiveDeep dive ECS & Fargate Deep Dive
Deep dive ECS & Fargate Deep Dive
Amazon Web Services
 
Amazon Web Service EC2 & S3
Amazon Web Service EC2 & S3Amazon Web Service EC2 & S3
Amazon Web Service EC2 & S3
Pravin Vaja
 
Aws organizations
Aws organizationsAws organizations
Aws organizations
Olaf Conijn
 
대규모 인프라 환경 전환을 위한 AWS CloudEndure 실시간 클라우드 전환 기술 - 이창익:: AWS | AWS 클라우드 마이그레이...
대규모 인프라 환경 전환을 위한 AWS CloudEndure 실시간 클라우드 전환 기술 - 이창익:: AWS | AWS 클라우드 마이그레이...대규모 인프라 환경 전환을 위한 AWS CloudEndure 실시간 클라우드 전환 기술 - 이창익:: AWS | AWS 클라우드 마이그레이...
대규모 인프라 환경 전환을 위한 AWS CloudEndure 실시간 클라우드 전환 기술 - 이창익:: AWS | AWS 클라우드 마이그레이...
Amazon Web Services Korea
 

Recommended

K8s on AWS: Introducing Amazon EKS
K8s on AWS: Introducing Amazon EKSK8s on AWS: Introducing Amazon EKS
K8s on AWS: Introducing Amazon EKS
Amazon Web Services
 
AWS CloudFormation Masterclass
AWS CloudFormation MasterclassAWS CloudFormation Masterclass
AWS CloudFormation Masterclass
Amazon Web Services
 
HSBC and AWS Day - AWS foundations
HSBC and AWS Day - AWS foundationsHSBC and AWS Day - AWS foundations
HSBC and AWS Day - AWS foundations
Amazon Web Services
 
AWS와 함께하는 클라우드 컴퓨팅 (강철 AWS 매니저) :: AWS 기초 교육 온라인 세미나
AWS와 함께하는 클라우드 컴퓨팅 (강철 AWS 매니저) :: AWS 기초 교육 온라인 세미나AWS와 함께하는 클라우드 컴퓨팅 (강철 AWS 매니저) :: AWS 기초 교육 온라인 세미나
AWS와 함께하는 클라우드 컴퓨팅 (강철 AWS 매니저) :: AWS 기초 교육 온라인 세미나
Amazon Web Services Korea
 
Deep dive ECS & Fargate Deep Dive
Deep dive ECS & Fargate Deep DiveDeep dive ECS & Fargate Deep Dive
Deep dive ECS & Fargate Deep Dive
Amazon Web Services
 
Amazon Web Service EC2 & S3
Amazon Web Service EC2 & S3Amazon Web Service EC2 & S3
Amazon Web Service EC2 & S3
Pravin Vaja
 
Aws organizations
Aws organizationsAws organizations
Aws organizations
Olaf Conijn
 
대규모 인프라 환경 전환을 위한 AWS CloudEndure 실시간 클라우드 전환 기술 - 이창익:: AWS | AWS 클라우드 마이그레이...
대규모 인프라 환경 전환을 위한 AWS CloudEndure 실시간 클라우드 전환 기술 - 이창익:: AWS | AWS 클라우드 마이그레이...대규모 인프라 환경 전환을 위한 AWS CloudEndure 실시간 클라우드 전환 기술 - 이창익:: AWS | AWS 클라우드 마이그레이...
대규모 인프라 환경 전환을 위한 AWS CloudEndure 실시간 클라우드 전환 기술 - 이창익:: AWS | AWS 클라우드 마이그레이...
Amazon Web Services Korea
 
AWS 클라우드 핵심 서비스로 클라우드 기반 아키텍처 빠르게 구성하기 - 문종민 솔루션즈 아키텍트, AWS :: AWS Summit Seo...
AWS 클라우드 핵심 서비스로 클라우드 기반 아키텍처 빠르게 구성하기 - 문종민 솔루션즈 아키텍트, AWS :: AWS Summit Seo...AWS 클라우드 핵심 서비스로 클라우드 기반 아키텍처 빠르게 구성하기 - 문종민 솔루션즈 아키텍트, AWS :: AWS Summit Seo...
AWS 클라우드 핵심 서비스로 클라우드 기반 아키텍처 빠르게 구성하기 - 문종민 솔루션즈 아키텍트, AWS :: AWS Summit Seo...
Amazon Web Services Korea
 
AWS EC2 Fundametals
AWS EC2 FundametalsAWS EC2 Fundametals
AWS EC2 Fundametals
Piyush Agrawal
 
Introduction to AWS Organizations
Introduction to AWS OrganizationsIntroduction to AWS Organizations
Introduction to AWS Organizations
Amazon Web Services
 
AWSome Day 2016 - Module 1: AWS Introduction and History
AWSome Day 2016 - Module 1: AWS Introduction and HistoryAWSome Day 2016 - Module 1: AWS Introduction and History
AWSome Day 2016 - Module 1: AWS Introduction and History
Amazon Web Services
 
Auto Scaling on AWS
Auto Scaling on AWSAuto Scaling on AWS
Auto Scaling on AWS
AustinWebArch
 
AWS IoT로 예지정비 실현하기 - 이종화 솔루션즈 아키텍트, AWS
AWS IoT로 예지정비 실현하기 - 이종화 솔루션즈 아키텍트, AWSAWS IoT로 예지정비 실현하기 - 이종화 솔루션즈 아키텍트, AWS
AWS IoT로 예지정비 실현하기 - 이종화 솔루션즈 아키텍트, AWS
Amazon Web Services Korea
 
Amazon Lightsail
Amazon LightsailAmazon Lightsail
Amazon Lightsail
Amazon Web Services
 
High Performance Computing (HPC) on AWS 101
High Performance Computing (HPC) on AWS 101High Performance Computing (HPC) on AWS 101
High Performance Computing (HPC) on AWS 101
Amazon Web Services
 
AWS Compute Evolved Week: High Performance Computing on AWS
AWS Compute Evolved Week: High Performance Computing on AWSAWS Compute Evolved Week: High Performance Computing on AWS
AWS Compute Evolved Week: High Performance Computing on AWS
Amazon Web Services
 
Deploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerDeploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control Tower
Amazon Web Services
 
Amazon EKS - Elastic Container Service for Kubernetes
Amazon EKS - Elastic Container Service for KubernetesAmazon EKS - Elastic Container Service for Kubernetes
Amazon EKS - Elastic Container Service for Kubernetes
Amazon Web Services
 
Designing security & governance via AWS Control Tower & Organizations - SEC30...
Designing security & governance via AWS Control Tower & Organizations - SEC30...Designing security & governance via AWS Control Tower & Organizations - SEC30...
Designing security & governance via AWS Control Tower & Organizations - SEC30...
Amazon Web Services
 
AWS basics
AWS basicsAWS basics
AWS basics
mbaric
 
AWS Builders Online Series | EC2와 Lambda로 AWS 시작하기 - 조용진, AWS 솔루션즈 아키텍트
AWS Builders Online Series | EC2와 Lambda로 AWS 시작하기 - 조용진, AWS 솔루션즈 아키텍트AWS Builders Online Series | EC2와 Lambda로 AWS 시작하기 - 조용진, AWS 솔루션즈 아키텍트
AWS Builders Online Series | EC2와 Lambda로 AWS 시작하기 - 조용진, AWS 솔루션즈 아키텍트
Amazon Web Services Korea
 
AWS 기반 클라우드 아키텍처 모범사례 - 삼성전자 개발자 포털/개발자 워크스페이스 - 정영준 솔루션즈 아키텍트, AWS / 유현성 수석,...
AWS 기반 클라우드 아키텍처 모범사례 - 삼성전자 개발자 포털/개발자 워크스페이스 - 정영준 솔루션즈 아키텍트, AWS / 유현성 수석,...AWS 기반 클라우드 아키텍처 모범사례 - 삼성전자 개발자 포털/개발자 워크스페이스 - 정영준 솔루션즈 아키텍트, AWS / 유현성 수석,...
AWS 기반 클라우드 아키텍처 모범사례 - 삼성전자 개발자 포털/개발자 워크스페이스 - 정영준 솔루션즈 아키텍트, AWS / 유현성 수석,...
Amazon Web Services Korea
 
Kubernetes on AWS with Amazon EKS - MAD301 - New York AWS Summit
Kubernetes on AWS with Amazon EKS - MAD301 - New York AWS SummitKubernetes on AWS with Amazon EKS - MAD301 - New York AWS Summit
Kubernetes on AWS with Amazon EKS - MAD301 - New York AWS Summit
Amazon Web Services
 
AWS Well Architected Framework - Walk Through
AWS Well Architected Framework - Walk ThroughAWS Well Architected Framework - Walk Through
AWS Well Architected Framework - Walk Through
Kaushik Mohanraj
 
AWS Interview Questions Part - 2 | AWS Interview Questions And Answers Part -...
AWS Interview Questions Part - 2 | AWS Interview Questions And Answers Part -...AWS Interview Questions Part - 2 | AWS Interview Questions And Answers Part -...
AWS Interview Questions Part - 2 | AWS Interview Questions And Answers Part -...
Simplilearn
 
Best Practices for Database Migration to the Cloud: Improve Application Perfo...
Best Practices for Database Migration to the Cloud: Improve Application Perfo...Best Practices for Database Migration to the Cloud: Improve Application Perfo...
Best Practices for Database Migration to the Cloud: Improve Application Perfo...
Amazon Web Services
 
AWS CloudFormation: Infrastructure as Code | AWS Public Sector Summit 2016
AWS CloudFormation: Infrastructure as Code | AWS Public Sector Summit 2016AWS CloudFormation: Infrastructure as Code | AWS Public Sector Summit 2016
AWS CloudFormation: Infrastructure as Code | AWS Public Sector Summit 2016
Amazon Web Services
 
An introduction to AWS CloudFormation - Pop-up Loft Tel Aviv
An introduction to AWS CloudFormation - Pop-up Loft Tel AvivAn introduction to AWS CloudFormation - Pop-up Loft Tel Aviv
An introduction to AWS CloudFormation - Pop-up Loft Tel Aviv
Amazon Web Services
 
AWS CloudFormation (February 2016)
AWS CloudFormation (February 2016)AWS CloudFormation (February 2016)
AWS CloudFormation (February 2016)
Julien SIMON
 

More Related Content

What's hot

AWS 클라우드 핵심 서비스로 클라우드 기반 아키텍처 빠르게 구성하기 - 문종민 솔루션즈 아키텍트, AWS :: AWS Summit Seo...
AWS 클라우드 핵심 서비스로 클라우드 기반 아키텍처 빠르게 구성하기 - 문종민 솔루션즈 아키텍트, AWS :: AWS Summit Seo...AWS 클라우드 핵심 서비스로 클라우드 기반 아키텍처 빠르게 구성하기 - 문종민 솔루션즈 아키텍트, AWS :: AWS Summit Seo...
AWS 클라우드 핵심 서비스로 클라우드 기반 아키텍처 빠르게 구성하기 - 문종민 솔루션즈 아키텍트, AWS :: AWS Summit Seo...
Amazon Web Services Korea
 
AWS EC2 Fundametals
AWS EC2 FundametalsAWS EC2 Fundametals
AWS EC2 Fundametals
Piyush Agrawal
 
Introduction to AWS Organizations
Introduction to AWS OrganizationsIntroduction to AWS Organizations
Introduction to AWS Organizations
Amazon Web Services
 
AWSome Day 2016 - Module 1: AWS Introduction and History
AWSome Day 2016 - Module 1: AWS Introduction and HistoryAWSome Day 2016 - Module 1: AWS Introduction and History
AWSome Day 2016 - Module 1: AWS Introduction and History
Amazon Web Services
 
Auto Scaling on AWS
Auto Scaling on AWSAuto Scaling on AWS
Auto Scaling on AWS
AustinWebArch
 
AWS IoT로 예지정비 실현하기 - 이종화 솔루션즈 아키텍트, AWS
AWS IoT로 예지정비 실현하기 - 이종화 솔루션즈 아키텍트, AWSAWS IoT로 예지정비 실현하기 - 이종화 솔루션즈 아키텍트, AWS
AWS IoT로 예지정비 실현하기 - 이종화 솔루션즈 아키텍트, AWS
Amazon Web Services Korea
 
Amazon Lightsail
Amazon LightsailAmazon Lightsail
Amazon Lightsail
Amazon Web Services
 
High Performance Computing (HPC) on AWS 101
High Performance Computing (HPC) on AWS 101High Performance Computing (HPC) on AWS 101
High Performance Computing (HPC) on AWS 101
Amazon Web Services
 
AWS Compute Evolved Week: High Performance Computing on AWS
AWS Compute Evolved Week: High Performance Computing on AWSAWS Compute Evolved Week: High Performance Computing on AWS
AWS Compute Evolved Week: High Performance Computing on AWS
Amazon Web Services
 
Deploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerDeploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control Tower
Amazon Web Services
 
Amazon EKS - Elastic Container Service for Kubernetes
Amazon EKS - Elastic Container Service for KubernetesAmazon EKS - Elastic Container Service for Kubernetes
Amazon EKS - Elastic Container Service for Kubernetes
Amazon Web Services
 
Designing security & governance via AWS Control Tower & Organizations - SEC30...
Designing security & governance via AWS Control Tower & Organizations - SEC30...Designing security & governance via AWS Control Tower & Organizations - SEC30...
Designing security & governance via AWS Control Tower & Organizations - SEC30...
Amazon Web Services
 
AWS basics
AWS basicsAWS basics
AWS basics
mbaric
 
AWS Builders Online Series | EC2와 Lambda로 AWS 시작하기 - 조용진, AWS 솔루션즈 아키텍트
AWS Builders Online Series | EC2와 Lambda로 AWS 시작하기 - 조용진, AWS 솔루션즈 아키텍트AWS Builders Online Series | EC2와 Lambda로 AWS 시작하기 - 조용진, AWS 솔루션즈 아키텍트
AWS Builders Online Series | EC2와 Lambda로 AWS 시작하기 - 조용진, AWS 솔루션즈 아키텍트
Amazon Web Services Korea
 
AWS 기반 클라우드 아키텍처 모범사례 - 삼성전자 개발자 포털/개발자 워크스페이스 - 정영준 솔루션즈 아키텍트, AWS / 유현성 수석,...
AWS 기반 클라우드 아키텍처 모범사례 - 삼성전자 개발자 포털/개발자 워크스페이스 - 정영준 솔루션즈 아키텍트, AWS / 유현성 수석,...AWS 기반 클라우드 아키텍처 모범사례 - 삼성전자 개발자 포털/개발자 워크스페이스 - 정영준 솔루션즈 아키텍트, AWS / 유현성 수석,...
AWS 기반 클라우드 아키텍처 모범사례 - 삼성전자 개발자 포털/개발자 워크스페이스 - 정영준 솔루션즈 아키텍트, AWS / 유현성 수석,...
Amazon Web Services Korea
 
Kubernetes on AWS with Amazon EKS - MAD301 - New York AWS Summit
Kubernetes on AWS with Amazon EKS - MAD301 - New York AWS SummitKubernetes on AWS with Amazon EKS - MAD301 - New York AWS Summit
Kubernetes on AWS with Amazon EKS - MAD301 - New York AWS Summit
Amazon Web Services
 
AWS Well Architected Framework - Walk Through
AWS Well Architected Framework - Walk ThroughAWS Well Architected Framework - Walk Through
AWS Well Architected Framework - Walk Through
Kaushik Mohanraj
 
AWS Interview Questions Part - 2 | AWS Interview Questions And Answers Part -...
AWS Interview Questions Part - 2 | AWS Interview Questions And Answers Part -...AWS Interview Questions Part - 2 | AWS Interview Questions And Answers Part -...
AWS Interview Questions Part - 2 | AWS Interview Questions And Answers Part -...
Simplilearn
 
Best Practices for Database Migration to the Cloud: Improve Application Perfo...
Best Practices for Database Migration to the Cloud: Improve Application Perfo...Best Practices for Database Migration to the Cloud: Improve Application Perfo...
Best Practices for Database Migration to the Cloud: Improve Application Perfo...
Amazon Web Services
 
AWS CloudFormation: Infrastructure as Code | AWS Public Sector Summit 2016
AWS CloudFormation: Infrastructure as Code | AWS Public Sector Summit 2016AWS CloudFormation: Infrastructure as Code | AWS Public Sector Summit 2016
AWS CloudFormation: Infrastructure as Code | AWS Public Sector Summit 2016
Amazon Web Services
 

What's hot (20)

AWS 클라우드 핵심 서비스로 클라우드 기반 아키텍처 빠르게 구성하기 - 문종민 솔루션즈 아키텍트, AWS :: AWS Summit Seo...
AWS 클라우드 핵심 서비스로 클라우드 기반 아키텍처 빠르게 구성하기 - 문종민 솔루션즈 아키텍트, AWS :: AWS Summit Seo...AWS 클라우드 핵심 서비스로 클라우드 기반 아키텍처 빠르게 구성하기 - 문종민 솔루션즈 아키텍트, AWS :: AWS Summit Seo...
AWS 클라우드 핵심 서비스로 클라우드 기반 아키텍처 빠르게 구성하기 - 문종민 솔루션즈 아키텍트, AWS :: AWS Summit Seo...
 
AWS EC2 Fundametals
AWS EC2 FundametalsAWS EC2 Fundametals
AWS EC2 Fundametals
 
Introduction to AWS Organizations
Introduction to AWS OrganizationsIntroduction to AWS Organizations
Introduction to AWS Organizations
 
AWSome Day 2016 - Module 1: AWS Introduction and History
AWSome Day 2016 - Module 1: AWS Introduction and HistoryAWSome Day 2016 - Module 1: AWS Introduction and History
AWSome Day 2016 - Module 1: AWS Introduction and History
 
Auto Scaling on AWS
Auto Scaling on AWSAuto Scaling on AWS
Auto Scaling on AWS
 
AWS IoT로 예지정비 실현하기 - 이종화 솔루션즈 아키텍트, AWS
AWS IoT로 예지정비 실현하기 - 이종화 솔루션즈 아키텍트, AWSAWS IoT로 예지정비 실현하기 - 이종화 솔루션즈 아키텍트, AWS
AWS IoT로 예지정비 실현하기 - 이종화 솔루션즈 아키텍트, AWS
 
Amazon Lightsail
Amazon LightsailAmazon Lightsail
Amazon Lightsail
 
High Performance Computing (HPC) on AWS 101
High Performance Computing (HPC) on AWS 101High Performance Computing (HPC) on AWS 101
High Performance Computing (HPC) on AWS 101
 
AWS Compute Evolved Week: High Performance Computing on AWS
AWS Compute Evolved Week: High Performance Computing on AWSAWS Compute Evolved Week: High Performance Computing on AWS
AWS Compute Evolved Week: High Performance Computing on AWS
 
Deploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerDeploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control Tower
 
Amazon EKS - Elastic Container Service for Kubernetes
Amazon EKS - Elastic Container Service for KubernetesAmazon EKS - Elastic Container Service for Kubernetes
Amazon EKS - Elastic Container Service for Kubernetes
 
Designing security & governance via AWS Control Tower & Organizations - SEC30...
Designing security & governance via AWS Control Tower & Organizations - SEC30...Designing security & governance via AWS Control Tower & Organizations - SEC30...
Designing security & governance via AWS Control Tower & Organizations - SEC30...
 
AWS basics
AWS basicsAWS basics
AWS basics
 
AWS Builders Online Series | EC2와 Lambda로 AWS 시작하기 - 조용진, AWS 솔루션즈 아키텍트
AWS Builders Online Series | EC2와 Lambda로 AWS 시작하기 - 조용진, AWS 솔루션즈 아키텍트AWS Builders Online Series | EC2와 Lambda로 AWS 시작하기 - 조용진, AWS 솔루션즈 아키텍트
AWS Builders Online Series | EC2와 Lambda로 AWS 시작하기 - 조용진, AWS 솔루션즈 아키텍트
 
AWS 기반 클라우드 아키텍처 모범사례 - 삼성전자 개발자 포털/개발자 워크스페이스 - 정영준 솔루션즈 아키텍트, AWS / 유현성 수석,...
AWS 기반 클라우드 아키텍처 모범사례 - 삼성전자 개발자 포털/개발자 워크스페이스 - 정영준 솔루션즈 아키텍트, AWS / 유현성 수석,...AWS 기반 클라우드 아키텍처 모범사례 - 삼성전자 개발자 포털/개발자 워크스페이스 - 정영준 솔루션즈 아키텍트, AWS / 유현성 수석,...
AWS 기반 클라우드 아키텍처 모범사례 - 삼성전자 개발자 포털/개발자 워크스페이스 - 정영준 솔루션즈 아키텍트, AWS / 유현성 수석,...
 
Kubernetes on AWS with Amazon EKS - MAD301 - New York AWS Summit
Kubernetes on AWS with Amazon EKS - MAD301 - New York AWS SummitKubernetes on AWS with Amazon EKS - MAD301 - New York AWS Summit
Kubernetes on AWS with Amazon EKS - MAD301 - New York AWS Summit
 
AWS Well Architected Framework - Walk Through
AWS Well Architected Framework - Walk ThroughAWS Well Architected Framework - Walk Through
AWS Well Architected Framework - Walk Through
 
AWS Interview Questions Part - 2 | AWS Interview Questions And Answers Part -...
AWS Interview Questions Part - 2 | AWS Interview Questions And Answers Part -...AWS Interview Questions Part - 2 | AWS Interview Questions And Answers Part -...
AWS Interview Questions Part - 2 | AWS Interview Questions And Answers Part -...
 
Best Practices for Database Migration to the Cloud: Improve Application Perfo...
Best Practices for Database Migration to the Cloud: Improve Application Perfo...Best Practices for Database Migration to the Cloud: Improve Application Perfo...
Best Practices for Database Migration to the Cloud: Improve Application Perfo...
 
AWS CloudFormation: Infrastructure as Code | AWS Public Sector Summit 2016
AWS CloudFormation: Infrastructure as Code | AWS Public Sector Summit 2016AWS CloudFormation: Infrastructure as Code | AWS Public Sector Summit 2016
AWS CloudFormation: Infrastructure as Code | AWS Public Sector Summit 2016
 

Similar to CloudFormation Best Practices

An introduction to AWS CloudFormation - Pop-up Loft Tel Aviv
An introduction to AWS CloudFormation - Pop-up Loft Tel AvivAn introduction to AWS CloudFormation - Pop-up Loft Tel Aviv
An introduction to AWS CloudFormation - Pop-up Loft Tel Aviv
Amazon Web Services
 
AWS CloudFormation (February 2016)
AWS CloudFormation (February 2016)AWS CloudFormation (February 2016)
AWS CloudFormation (February 2016)
Julien SIMON
 
Cloud Formation
Cloud FormationCloud Formation
Cloud Formation
TO THE NEW | Technology
 
Axis Collage Kanpur: AWS Cloud Formation Presentation DevOps Feb_08_2022
Axis Collage Kanpur: AWS Cloud Formation Presentation DevOps Feb_08_2022Axis Collage Kanpur: AWS Cloud Formation Presentation DevOps Feb_08_2022
Axis Collage Kanpur: AWS Cloud Formation Presentation DevOps Feb_08_2022
Varun Manik
 
AWS Management Tools Deep Dive - DevDay Los Angeles 2017
AWS Management Tools Deep Dive - DevDay Los Angeles 2017AWS Management Tools Deep Dive - DevDay Los Angeles 2017
AWS Management Tools Deep Dive - DevDay Los Angeles 2017
Amazon Web Services
 
오토스케일링 제대로 활용하기 (김일호) - AWS 웨비나 시리즈 2015
오토스케일링 제대로 활용하기 (김일호) - AWS 웨비나 시리즈 2015오토스케일링 제대로 활용하기 (김일호) - AWS 웨비나 시리즈 2015
오토스케일링 제대로 활용하기 (김일호) - AWS 웨비나 시리즈 2015
Amazon Web Services Korea
 
Dev & Test on AWS - Hebrew Webinar
Dev & Test on AWS - Hebrew WebinarDev & Test on AWS - Hebrew Webinar
Dev & Test on AWS - Hebrew Webinar
Boaz Ziniman
 
Infrastructure Continuous Delivery Using AWS CloudFormation
Infrastructure Continuous Delivery Using AWS CloudFormationInfrastructure Continuous Delivery Using AWS CloudFormation
Infrastructure Continuous Delivery Using AWS CloudFormation
Amazon Web Services
 
saa3_wk5.pdf
saa3_wk5.pdfsaa3_wk5.pdf
saa3_wk5.pdf
Michgo1
 
AWS re:Invent 2016: Chalk Talk: Succeeding at Infrastructure-as-Code (GPSCT312)
AWS re:Invent 2016: Chalk Talk: Succeeding at Infrastructure-as-Code (GPSCT312)AWS re:Invent 2016: Chalk Talk: Succeeding at Infrastructure-as-Code (GPSCT312)
AWS re:Invent 2016: Chalk Talk: Succeeding at Infrastructure-as-Code (GPSCT312)
Amazon Web Services
 
Cloudformation101
Cloudformation101Cloudformation101
Cloudformation101
Dave Pigliavento
 
Cloudformation & VPC, EC2, RDS
Cloudformation & VPC, EC2, RDSCloudformation & VPC, EC2, RDS
Cloudformation & VPC, EC2, RDS
Can Abacıgil
 
AWS SSA Webinar 28 - Getting Started with AWS - Infrastructure as Code
AWS SSA Webinar 28 - Getting Started with AWS - Infrastructure as CodeAWS SSA Webinar 28 - Getting Started with AWS - Infrastructure as Code
AWS SSA Webinar 28 - Getting Started with AWS - Infrastructure as Code
Cobus Bernard
 
Infrastructure Continuous Delivery Using AWS CloudFormation
Infrastructure Continuous Delivery Using AWS CloudFormationInfrastructure Continuous Delivery Using AWS CloudFormation
Infrastructure Continuous Delivery Using AWS CloudFormation
Amazon Web Services
 
DRILETT_AWS_VPC_Presentation_2MB
DRILETT_AWS_VPC_Presentation_2MBDRILETT_AWS_VPC_Presentation_2MB
DRILETT_AWS_VPC_Presentation_2MBDavid Rilett
 
Day 5 - AWS Autoscaling Master Class - The New Capacity Plan
Day 5 - AWS Autoscaling Master Class - The New Capacity PlanDay 5 - AWS Autoscaling Master Class - The New Capacity Plan
Day 5 - AWS Autoscaling Master Class - The New Capacity Plan
Amazon Web Services
 
Assembling an AWS CloudFormation Authoring Tool Chain (DEV368-R2) - AWS re:In...
Assembling an AWS CloudFormation Authoring Tool Chain (DEV368-R2) - AWS re:In...Assembling an AWS CloudFormation Authoring Tool Chain (DEV368-R2) - AWS re:In...
Assembling an AWS CloudFormation Authoring Tool Chain (DEV368-R2) - AWS re:In...
Amazon Web Services
 
Dev & Test on AWS Webinar October 2017 - IL Webinar
Dev & Test on AWS Webinar October 2017 - IL WebinarDev & Test on AWS Webinar October 2017 - IL Webinar
Dev & Test on AWS Webinar October 2017 - IL Webinar
Amazon Web Services
 
Apponix Academy - AWS Essentials-Solutions
Apponix Academy - AWS Essentials-SolutionsApponix Academy - AWS Essentials-Solutions
Apponix Academy - AWS Essentials-Solutions
nitinsrivastava1051
 
IaC on AWS Cloud
IaC on AWS CloudIaC on AWS Cloud
IaC on AWS Cloud
Bhuvaneswari Subramani
 

Similar to CloudFormation Best Practices (20)

An introduction to AWS CloudFormation - Pop-up Loft Tel Aviv
An introduction to AWS CloudFormation - Pop-up Loft Tel AvivAn introduction to AWS CloudFormation - Pop-up Loft Tel Aviv
An introduction to AWS CloudFormation - Pop-up Loft Tel Aviv
 
AWS CloudFormation (February 2016)
AWS CloudFormation (February 2016)AWS CloudFormation (February 2016)
AWS CloudFormation (February 2016)
 
Cloud Formation
Cloud FormationCloud Formation
Cloud Formation
 
Axis Collage Kanpur: AWS Cloud Formation Presentation DevOps Feb_08_2022
Axis Collage Kanpur: AWS Cloud Formation Presentation DevOps Feb_08_2022Axis Collage Kanpur: AWS Cloud Formation Presentation DevOps Feb_08_2022
Axis Collage Kanpur: AWS Cloud Formation Presentation DevOps Feb_08_2022
 
AWS Management Tools Deep Dive - DevDay Los Angeles 2017
AWS Management Tools Deep Dive - DevDay Los Angeles 2017AWS Management Tools Deep Dive - DevDay Los Angeles 2017
AWS Management Tools Deep Dive - DevDay Los Angeles 2017
 
오토스케일링 제대로 활용하기 (김일호) - AWS 웨비나 시리즈 2015
오토스케일링 제대로 활용하기 (김일호) - AWS 웨비나 시리즈 2015오토스케일링 제대로 활용하기 (김일호) - AWS 웨비나 시리즈 2015
오토스케일링 제대로 활용하기 (김일호) - AWS 웨비나 시리즈 2015
 
Dev & Test on AWS - Hebrew Webinar
Dev & Test on AWS - Hebrew WebinarDev & Test on AWS - Hebrew Webinar
Dev & Test on AWS - Hebrew Webinar
 
Infrastructure Continuous Delivery Using AWS CloudFormation
Infrastructure Continuous Delivery Using AWS CloudFormationInfrastructure Continuous Delivery Using AWS CloudFormation
Infrastructure Continuous Delivery Using AWS CloudFormation
 
saa3_wk5.pdf
saa3_wk5.pdfsaa3_wk5.pdf
saa3_wk5.pdf
 
AWS re:Invent 2016: Chalk Talk: Succeeding at Infrastructure-as-Code (GPSCT312)
AWS re:Invent 2016: Chalk Talk: Succeeding at Infrastructure-as-Code (GPSCT312)AWS re:Invent 2016: Chalk Talk: Succeeding at Infrastructure-as-Code (GPSCT312)
AWS re:Invent 2016: Chalk Talk: Succeeding at Infrastructure-as-Code (GPSCT312)
 
Cloudformation101
Cloudformation101Cloudformation101
Cloudformation101
 
Cloudformation & VPC, EC2, RDS
Cloudformation & VPC, EC2, RDSCloudformation & VPC, EC2, RDS
Cloudformation & VPC, EC2, RDS
 
AWS SSA Webinar 28 - Getting Started with AWS - Infrastructure as Code
AWS SSA Webinar 28 - Getting Started with AWS - Infrastructure as CodeAWS SSA Webinar 28 - Getting Started with AWS - Infrastructure as Code
AWS SSA Webinar 28 - Getting Started with AWS - Infrastructure as Code
 
Infrastructure Continuous Delivery Using AWS CloudFormation
Infrastructure Continuous Delivery Using AWS CloudFormationInfrastructure Continuous Delivery Using AWS CloudFormation
Infrastructure Continuous Delivery Using AWS CloudFormation
 
DRILETT_AWS_VPC_Presentation_2MB
DRILETT_AWS_VPC_Presentation_2MBDRILETT_AWS_VPC_Presentation_2MB
DRILETT_AWS_VPC_Presentation_2MB
 
Day 5 - AWS Autoscaling Master Class - The New Capacity Plan
Day 5 - AWS Autoscaling Master Class - The New Capacity PlanDay 5 - AWS Autoscaling Master Class - The New Capacity Plan
Day 5 - AWS Autoscaling Master Class - The New Capacity Plan
 
Assembling an AWS CloudFormation Authoring Tool Chain (DEV368-R2) - AWS re:In...
Assembling an AWS CloudFormation Authoring Tool Chain (DEV368-R2) - AWS re:In...Assembling an AWS CloudFormation Authoring Tool Chain (DEV368-R2) - AWS re:In...
Assembling an AWS CloudFormation Authoring Tool Chain (DEV368-R2) - AWS re:In...
 
Dev & Test on AWS Webinar October 2017 - IL Webinar
Dev & Test on AWS Webinar October 2017 - IL WebinarDev & Test on AWS Webinar October 2017 - IL Webinar
Dev & Test on AWS Webinar October 2017 - IL Webinar
 
Apponix Academy - AWS Essentials-Solutions
Apponix Academy - AWS Essentials-SolutionsApponix Academy - AWS Essentials-Solutions
Apponix Academy - AWS Essentials-Solutions
 
IaC on AWS Cloud
IaC on AWS CloudIaC on AWS Cloud
IaC on AWS Cloud
 

More from Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
Amazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
Amazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
Amazon Web Services
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Amazon Web Services
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
Amazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
Amazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Amazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
Amazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Amazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
Amazon Web Services
 

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

CloudFormation Best Practices

  • 1. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS CloudFormation Best Practices
  • 2. Who is Jeff Levine? • Enterprise Solution Architect based in So. Cal. • With AWS since January 2016 • Work with customers in • Healthcare • Finance • Technology
  • 3. Agenda • What is AWS CloudFormation? • Why AWS CloudFormation? • Template structure (high but not deep) • Best Practices
  • 4. What is AWS CloudFormation? • AWS CloudFormation gives developers and systems administrators an easy way to use templates to create and manage a collection of related AWS resources, provisioning and updating them in an orderly and predictable fashion. • CloudFormation templates can be written in YAML or JSON.
  • 5. Why AWS CloudFormation? • AWS CloudFormation enables you to implement Infrastructure as Code. • Similar to how we compile source code to get object code, we use AWS CloudFormation to process infrastructure templates and produce infrastructure. • Templates can be version-controlled like source code. • Can be incorporated into CI/CD pipelines. • Everything is software!
  • 7. Template Anatomy --- AWSTemplateFormatVersion: "version date" Description: String Metadata: template metadata Parameters: set of parameters Mappings: set of mappings Conditions: set of conditions Transform: set of transforms Resources: set of resources Outputs: set of outputs
  • 9. Parameters • Allow you to solicit values from user at runtime • Options • Arbitrary string values • Data type (string, number, lists) • Pattern matching • Minimum and maximum lengths • Echo suppression • AWS Specific Parameters • Subnets, VPCs, KeyPairs, AZs, etc.
  • 10. Parameters - Examples Parameters: DBPort: Default: 3306 Description: “Database TCP Port” Type: Number MinValue: 1150 MaxValue: 65535 myKeyPair: Description: “Amazon EC2 Key Pair” Type: "AWS::EC2::KeyPair::KeyName"
  • 12. Mappings – Create Key / Value Lookup Sets ImageId: !FindInMap [ RegionMap, !Ref 'AWS::Region', AmazonLinux] Mappings: RegionMap: ap-northeast-1: # Tokyo AmazonLinux: ami-bbf2f9dc ap-northeast-2: # Seoul AmazonLinux: ami-9bab74f5 ap-southeast-1: # Singapore AmazonLinux: ami-58d65b3b …
  • 14. Resources – Create AWS Resources Examples of resources: • Subnets • VPCs • EC2 Instances • Route tables • Static routes • …. CloudFormation automatically provisions and deprovisions resources in the correct order…most of the time. (Sometimes a “DependsOn” key is needed.)
  • 15. Resources – Example Resources: MyVPC: Type: AWS::EC2::VPC Properties: CidrBlock: 10.200.0.0/16 EnableDnsSupport: 'true' EnableDnsHostnames: 'true'
  • 16. You may need more resources than you think! What resources do you need to create a VPC with an internet-facing web server? • Vpc • Subnet • InternetGateway • VpcGatewayAttachment • RouteTable • Route • InstanceRole • InstanceProfile • Security Group • EC2 Instance
  • 17. CloudFormation Stack Resources Consider the following scenario: Suppose you want to create several web environments each of which Apache server that has a very complex, but identical configuration. You could create a CloudFormation template for each environment that includes all of the lines needed to create the Apache server. Or….
  • 18. CloudFormation Nested Stack Resources You can use nested stacks! Resources: ApacheServer: Type: "AWS::CloudFormation::Stack" TemplateURL: "https://s3.amazonaws.com/Apache..." TimeoutInMinutes: 10
  • 19. CloudFormation Nested Stack Resources • Nested stacks create an parent/child stack relationship. • Each time the parent template is invoked, a child stack is also created. • A child stack only has one parent. • Allows you to re-use templates. • You can create a library of templates that are used across your enterprise.
  • 21. Outputs Allow you to: • Declare values that can be displayed on the console or be retrieved through “describe stack” API calls. • Optionally export a value that can be imported by other CloudFormation Stacks as cross-stack references.
  • 22. Cross-Stack References Stack 1 exports the value: Outputs: TSSG: Value: !Ref TroubleShootingSG Export: Name: AccountSG Stack 2 imports the value: EC2Instance: Type: AWS::EC2::Instance Properties: SecurityGroups: - !ImportValue AccountSG Cross-stack references allow for one resource to be shared across multiple stacks.
  • 24. Organize Your Stacks by Lifecycle and Ownership • Many people start out with one stack. • As your stack grows in scale and broadens in scope, managing a single stack can be cumbersome and time consuming. • Grouping resources with common lifecycles and ownership lets owners can make changes to their set of resources by using their own process and schedule without affecting other resources. • Practice lends itself to service-oriented architectures.
  • 25. Use Nested Stacks to Replicate Resources in Environments • After you have your stacks and resources set up, you can reuse your templates to replicate your infrastructure in multiple environments. For example, you may use a child template to create an Amazon Linux instance and then call that multiple times within a parent CloudFormation template that creates a VPC. • Use the parameters, mappings, and conditions sections so that you can customize your stacks when you create them. For example, for your development environments, you can specify a lower-cost instance type compared to your production environment.
  • 26. Use Cross-Stack Resources to Export Shared Resources • When you organize your AWS resources based on lifecycle and ownership, you might want to build a stack that uses resources that are in another stack. • Use cross-stack references to export resources from a stack so that other stacks can use them. Stacks can use the exported resources by calling them using the Fn::ImportValue function.
  • 27. Use IAM to Restrict CloudFormation’s Privileges • CloudFormation normally works with the IAM permissions of the user who invokes it. • You can create a service role for CloudFormation if you want it to run with a more limited set of capabilities.
  • 28. Verify Resource Limits • Resources often have limits associated with them. • Limits are there to protect you! • CloudFormation will by default rollback an entire stack if it is unable to create a resource. • Use Trusted Advisor to monitor common limits. • Request limit increases from AWS Support as appropriate.
  • 30. Do Not Embed Credentials in Templates • Do not embed sensitive information in your AWS CloudFormation templates. • Use input parameters to pass in information whenever you create or update a stack. • Use the NoEcho property to obfuscate the parameter value.
  • 31. Use AWS-Specific Parameter Types • If your template requires inputs for existing AWS-specific values, such as existing Amazon Virtual Private Cloud IDs or an Amazon EC2 key pair name, use AWS-specific parameter types. • If you use the AWS CloudFormation console, AWS CloudFormation shows a drop-down list of valid values, so you don't have to look up or memorize the correct VPC IDs or key pair names.
  • 32. Use Parameter Constraints • With constraints, you can describe allowed input values so that AWS CloudFormation catches any invalid values before creating a stack. • For example, you can set constraints on a database user name value so that it must be a minimum length of eight character and contain only alpha-numeric characters.
  • 33. Use AWS::CloudFormation:Init to Configure EC2 Instances • When you launch stacks, you can install and configure software applications on Amazon EC2 instances by using the cfn-init helper script and the AWS::CloudFormation::Init resource. • By using AWS::CloudFormation::Init, you can describe the configurations that you want rather than having someone manual procedural steps.
  • 34. Use the Latest Helper Scripts • The helper scripts are updated periodically. • Include the following command in the UserData property of your template before you call the helper scripts to ensure that your launched instances get the latest helper scripts (Amazon Linux version): yum install -y aws-cfn-bootstrap
  • 35. Validate Templates Before Using Them • Before you use a template to create or update a stack, you can use AWS CloudFormation to validate it. Validating a template can help you catch syntax and some semantic errors, such as circular dependencies, before AWS CloudFormation creates any resources. • The AWS CloudFormation console, the console automatically validates the template after you specify input parameters. • For the AWS CLI or AWS CloudFormation API, use the aws cloudformation validate-template command or ValidateTemplate action.
  • 37. Manage All Stack Resources Through CloudFormation • After you launch a stack, use the AWS CloudFormation console, API, or AWS CLI to update resources in your stack. • Do not make changes to stack resources outside of AWS CloudFormation. Doing so can create a mismatch between your stack's template and the current state of your stack resources, which can cause errors if you update or delete the stack. • Follow principle of Immutable Architectures when possible. • Avoid configuration drift.
  • 38. Create Change Sets Before Performing Updates • Change sets allow you to see how proposed changes to a stack might impact your running resources before you implement them. AWS CloudFormation doesn't make any changes to your stack until you execute the change set, allowing you to decide whether to proceed with your proposed changes or create another change set. • For example, if you change the name of an Amazon RDS database instance, AWS CloudFormation will create a new database and delete the old one. If you generate a change set, you will see that your change will replace your database.
  • 39. Use Stack Policies • When you create a stack, all update actions are allowed on all resources. By default, anyone with stack update permissions can update all of the resources in the stack. • A stack policy is a JSON document that defines the update actions that can be performed on designated resources. • Use a stack policy only as a fail-safe mechanism to prevent accidental updates to specific stack resources. To control access to AWS resources or actions, use IAM.
  • 40. Use CloudTrail to Log CloudFormation Calls • AWS CloudTrail tracks anyone making AWS CloudFormation API calls in your AWS account. API calls are logged whenever anyone uses the AWS CloudFormation API, the AWS CloudFormation console, a back- end console, or AWS CloudFormation AWS CLI commands. • You can then audit who made what AWS CloudFormation call in your account.
  • 41. Perform Code Review of CloudFormation Templates • Your stack templates describe the configuration of your AWS resources, such as their property values. To review changes and to keep an accurate history of your resources, use code reviews and revision controls. • Treat your CloudFormation templates as source code! • Infrastructure as Code!
  • 42. Regularly Update EC2 Images Post Creation • On all your Amazon EC2 Linux instances and Amazon EC2 Linux instances created with AWS CloudFormation, regularly run the command: yum update • This ensures that you get the latest fixes and security updates.
  • 43. Helpful Resources AWS CloudFormation Documentation https://aws.amazon.com/documentation/cloudformation/ AWS CloudFormation Sample Templates https://aws.amazon.com/cloudformation/aws-cloudformation-templates/
  • 44. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Demo!
  • 45. Demo – Nested Stacks and Cross-Stack References CFDemoVPC.yaml Exported: VpcId AzName SubnetId SecurityGroup Id CFDemoEC2.yaml AmazonLinux01 (nested) CFDemoEC2.yaml AmazonLinux02 (nested) CFDemoMain.yaml Import
  • 46. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Thank you!