SlideShare a Scribd company logo
Terraform, Ansible, or pure
CloudFormation?
Vladimir Dobriakov
AWS Tech Community Days
Cologne, September 27th and 28th
infrastructure coder
Infrastructure as Code
• put under source control:
diffable, traceable, reproducible
• aim for simplicity - orthogonal concepts
• unit tests, integration tests and CI
1
Task/Context
3
implementation
Hosting
- 400 VMs in OpenStack
public cloud
- moving to private cloud
- moved applications
to kubernetes
- some AWS
People
- 40 dev
(5 teams)
- 10 ops
24x7
4
our aws usage
AWS Use Case 1: Media
Assets
AWS Use Case 2: DB
Backup
Offsite DB backup for
SQL databases.
5
Terraform
terraform: nice syntax
resource "aws_iam_user" "deploy_user" {
name = "deploy-${var.topic}${var.suffix}"
}
resource "aws_iam_access_key" "deploy_user" {
user = "${aws_iam_user.deploy_user.name}"
}
resource "aws_s3_bucket" "the_bucket" {
bucket = "${data.template_file.bucket_name.rendered}"
policy = <<EOF
...
"Principal": {"AWS": "${aws_iam_user.deploy_user.arn}"}
}
output access_key_id {
value = "${aws_iam_access_key.deploy_user.id}"
}
7
terraform advantages
• nice, clean syntax
• examples very readable, takes fear from
starting infrastructure as code
• ”plan” feature
8
Terraform Challenges
terraform challenges: resources docs
Terraform is not an abstraction layer
across providers!
Need to dive into AWS docs anyway:
resource "aws_s3_bucket" "the_bucket" {
bucket = "${data.template_file.bucket_name.rendered}"
cors_rule {
expose_headers = ???
10
terraform challenges: resources docs
Terraform documentation
https://www.terraform.io/docs/providers/aws/r/s3 bucket.html
AWS documentation
11
terraform challenges: syntax break
Sometimes requires copy+paste from AWS
console:
resource "aws_s3_bucket" "the_bucket" {
bucket = "${data.template_file.bucket_name.rendered}"
acl = "private"
website {
index_document = "index.html"
}
policy = <<EOF
{
"Version": "2008-10-17",
"Statement": [
{
"Sid": "PublicReadForGetTestBucketObjects",
"Effect": "Allow",
"Principal": "*",
12
terraform challenges: endless updates due
diff problems
Terraform documentation
https://github.com/hashicorp/terraform/issues/7045 13
terraform challenges: tfstate
• Working with 9 people on same terraform
code base
• Terraform versions
• Refactoring: extract to module changes
resource names
• Refactoring: move objects with
tf state mv -state=terraform.tfstate.prod
module.publish media prod
module.publish media
14
Ansible
ansible cloud modules
16
set up backup bucket
tasks:
- name: Create backup aws user
iam:
iam_type: user
name: "{{ backup_user_name }}"
state: present
access_key_state: create
register: created_user # need this name for the template
- name: Create backup bucket
s3_bucket:
name: "{{ backup_bucket_name }}"
policy: "{{ lookup(’template’, ’bucket_policy.json.j2’) }}"
versioning: true # to enable trash bin
register: backup_bucket
- name: Set retention for backups
s3_lifecycle:
name: "{{ backup_bucket_name }}"
expiration_days: 30
17
CloudFormation
old json
"UserData" : { "Fn::Base64" : { "Fn::Join" : ["", [
"#!/bin/bash -xen",
"yum install -y aws-cfn-bootstrapn",
"/opt/aws/bin/cfn-init -v ",
" --stack ", { "Ref" : "AWS::StackName" },
" --resource LaunchConfig ",
" --region ", { "Ref" : "AWS::Region" }, "n",
"/opt/aws/bin/cfn-signal -e $? ",
" --stack ", { "Ref" : "AWS::StackName" },
" --resource WebServerGroup ",
" --region ", { "Ref" : "AWS::Region" }, "n"
]]}}
}
19
cloudformation yaml
UserData:
Fn::Base64: !Sub |
#!/bin/bash -xe
yum update -y aws-cfn-bootstrap
/opt/aws/bin/cfn-init -v --stack ${AWS::StackName} 
--resource LaunchConfig --region ${AWS::Region}
/opt/aws/bin/cfn-signal -e $? --stack ${AWS::StackName} 
--resource WebServerGroup --region ${AWS::Region}
20
Which one to choose?
learn aws!
Try to implement with CloudFormation first!
• learn access and identity management
(IAM) concepts
• refer to permissions list
http://amzn.to/2pPnT1p to implement
principle of least privelege
• use CloudFormation YAML format
22
orchestrate with ansible if needed
• for more sophisticated templating and
logic
• when using multiple clouds
• to store some state locally, e.g. generated
credentials
• to look up some state/parameters
elsewhere
23
Thank you!
24
contact
Vladimir Dobriakov
available for consulting
Twitter: @enterprise geek
github: geekQ
Blog
http://infrastructure-as-code.de
25

More Related Content

What's hot

Guava Overview Part 2 Bucharest JUG #2
Guava Overview Part 2 Bucharest JUG #2 Guava Overview Part 2 Bucharest JUG #2
Guava Overview Part 2 Bucharest JUG #2
Andrei Savu
 
Redis for .NET Developers
Redis for .NET DevelopersRedis for .NET Developers
Redis for .NET Developers
Yuriy Guts
 
Hadoop enhancements using next gen IA technologies
Hadoop enhancements using next gen IA technologiesHadoop enhancements using next gen IA technologies
Hadoop enhancements using next gen IA technologies
Bigdata Meetup Kochi
 
Ufo Ship for AWS ECS
Ufo Ship for AWS ECSUfo Ship for AWS ECS
Ufo Ship for AWS ECS
Tung Nguyen
 
HaaS: HPCC Systems as a Service – BYOD to the Cloud Party
HaaS: HPCC Systems as a Service – BYOD to the Cloud PartyHaaS: HPCC Systems as a Service – BYOD to the Cloud Party
HaaS: HPCC Systems as a Service – BYOD to the Cloud Party
HPCC Systems
 
Dev ops meetup
Dev ops meetupDev ops meetup
Dev ops meetup
Bigdata Meetup Kochi
 
Etcd terraform by Alex Somesan
Etcd terraform by Alex SomesanEtcd terraform by Alex Somesan
Etcd terraform by Alex Somesan
Maarten van der Hoef
 
Declarative & workflow based infrastructure with Terraform
Declarative & workflow based infrastructure with TerraformDeclarative & workflow based infrastructure with Terraform
Declarative & workflow based infrastructure with Terraform
Radek Simko
 
PhpTour Lyon 2014 - Transparent caching & context aware http cache
PhpTour Lyon 2014 - Transparent caching & context aware http cachePhpTour Lyon 2014 - Transparent caching & context aware http cache
PhpTour Lyon 2014 - Transparent caching & context aware http cache
André Rømcke
 
Hybrid Cloud PHPUK2012
Hybrid Cloud PHPUK2012Hybrid Cloud PHPUK2012
Hybrid Cloud PHPUK2012
Combell NV
 
Hashidays London 2017 - Evolving your Infrastructure with Terraform By Nicki ...
Hashidays London 2017 - Evolving your Infrastructure with Terraform By Nicki ...Hashidays London 2017 - Evolving your Infrastructure with Terraform By Nicki ...
Hashidays London 2017 - Evolving your Infrastructure with Terraform By Nicki ...
OpenCredo
 
Google App Engine Developer - Day4
Google App Engine Developer - Day4Google App Engine Developer - Day4
Google App Engine Developer - Day4
Simon Su
 
Presto Overfview
Presto OverfviewPresto Overfview
Presto Overfview
Miguel Ping
 
Philipp Krenn "Elasticsearch (R)Evolution — You Know, for Search…"
Philipp Krenn "Elasticsearch (R)Evolution — You Know, for Search…"Philipp Krenn "Elasticsearch (R)Evolution — You Know, for Search…"
Philipp Krenn "Elasticsearch (R)Evolution — You Know, for Search…"
Fwdays
 
Elastic search integration with hadoop leveragebigdata
Elastic search integration with hadoop   leveragebigdataElastic search integration with hadoop   leveragebigdata
Elastic search integration with hadoop leveragebigdata
Pooja Gupta
 
Automated Hadoop Cluster Construction on EC2
Automated Hadoop Cluster Construction on EC2Automated Hadoop Cluster Construction on EC2
Automated Hadoop Cluster Construction on EC2
Mark Kerzner
 
Third Party Auth in WebObjects
Third Party Auth in WebObjectsThird Party Auth in WebObjects
Third Party Auth in WebObjectsWO Community
 
(APP306) Using AWS CloudFormation for Deployment and Management at Scale | AW...
(APP306) Using AWS CloudFormation for Deployment and Management at Scale | AW...(APP306) Using AWS CloudFormation for Deployment and Management at Scale | AW...
(APP306) Using AWS CloudFormation for Deployment and Management at Scale | AW...
Amazon Web Services
 
Terraform at Scale
Terraform at ScaleTerraform at Scale
Terraform at Scale
Calvin French-Owen
 

What's hot (20)

Guava
GuavaGuava
Guava
 
Guava Overview Part 2 Bucharest JUG #2
Guava Overview Part 2 Bucharest JUG #2 Guava Overview Part 2 Bucharest JUG #2
Guava Overview Part 2 Bucharest JUG #2
 
Redis for .NET Developers
Redis for .NET DevelopersRedis for .NET Developers
Redis for .NET Developers
 
Hadoop enhancements using next gen IA technologies
Hadoop enhancements using next gen IA technologiesHadoop enhancements using next gen IA technologies
Hadoop enhancements using next gen IA technologies
 
Ufo Ship for AWS ECS
Ufo Ship for AWS ECSUfo Ship for AWS ECS
Ufo Ship for AWS ECS
 
HaaS: HPCC Systems as a Service – BYOD to the Cloud Party
HaaS: HPCC Systems as a Service – BYOD to the Cloud PartyHaaS: HPCC Systems as a Service – BYOD to the Cloud Party
HaaS: HPCC Systems as a Service – BYOD to the Cloud Party
 
Dev ops meetup
Dev ops meetupDev ops meetup
Dev ops meetup
 
Etcd terraform by Alex Somesan
Etcd terraform by Alex SomesanEtcd terraform by Alex Somesan
Etcd terraform by Alex Somesan
 
Declarative & workflow based infrastructure with Terraform
Declarative & workflow based infrastructure with TerraformDeclarative & workflow based infrastructure with Terraform
Declarative & workflow based infrastructure with Terraform
 
PhpTour Lyon 2014 - Transparent caching & context aware http cache
PhpTour Lyon 2014 - Transparent caching & context aware http cachePhpTour Lyon 2014 - Transparent caching & context aware http cache
PhpTour Lyon 2014 - Transparent caching & context aware http cache
 
Hybrid Cloud PHPUK2012
Hybrid Cloud PHPUK2012Hybrid Cloud PHPUK2012
Hybrid Cloud PHPUK2012
 
Hashidays London 2017 - Evolving your Infrastructure with Terraform By Nicki ...
Hashidays London 2017 - Evolving your Infrastructure with Terraform By Nicki ...Hashidays London 2017 - Evolving your Infrastructure with Terraform By Nicki ...
Hashidays London 2017 - Evolving your Infrastructure with Terraform By Nicki ...
 
Google App Engine Developer - Day4
Google App Engine Developer - Day4Google App Engine Developer - Day4
Google App Engine Developer - Day4
 
Presto Overfview
Presto OverfviewPresto Overfview
Presto Overfview
 
Philipp Krenn "Elasticsearch (R)Evolution — You Know, for Search…"
Philipp Krenn "Elasticsearch (R)Evolution — You Know, for Search…"Philipp Krenn "Elasticsearch (R)Evolution — You Know, for Search…"
Philipp Krenn "Elasticsearch (R)Evolution — You Know, for Search…"
 
Elastic search integration with hadoop leveragebigdata
Elastic search integration with hadoop   leveragebigdataElastic search integration with hadoop   leveragebigdata
Elastic search integration with hadoop leveragebigdata
 
Automated Hadoop Cluster Construction on EC2
Automated Hadoop Cluster Construction on EC2Automated Hadoop Cluster Construction on EC2
Automated Hadoop Cluster Construction on EC2
 
Third Party Auth in WebObjects
Third Party Auth in WebObjectsThird Party Auth in WebObjects
Third Party Auth in WebObjects
 
(APP306) Using AWS CloudFormation for Deployment and Management at Scale | AW...
(APP306) Using AWS CloudFormation for Deployment and Management at Scale | AW...(APP306) Using AWS CloudFormation for Deployment and Management at Scale | AW...
(APP306) Using AWS CloudFormation for Deployment and Management at Scale | AW...
 
Terraform at Scale
Terraform at ScaleTerraform at Scale
Terraform at Scale
 

Similar to Terraform, Ansible or pure CloudFormation

Terraform, Ansible, or pure CloudFormation?
Terraform, Ansible, or pure CloudFormation?Terraform, Ansible, or pure CloudFormation?
Terraform, Ansible, or pure CloudFormation?
geekQ
 
(APP313) NEW LAUNCH: Amazon EC2 Container Service in Action | AWS re:Invent 2014
(APP313) NEW LAUNCH: Amazon EC2 Container Service in Action | AWS re:Invent 2014(APP313) NEW LAUNCH: Amazon EC2 Container Service in Action | AWS re:Invent 2014
(APP313) NEW LAUNCH: Amazon EC2 Container Service in Action | AWS re:Invent 2014
Amazon Web Services
 
Just one-shade-of-openstack
Just one-shade-of-openstackJust one-shade-of-openstack
Just one-shade-of-openstack
Roberto Polli
 
Amazon ECS Deep Dive
Amazon ECS Deep DiveAmazon ECS Deep Dive
Amazon ECS Deep Dive
Amazon Web Services
 
Deep Dive into Kubernetes - Part 2
Deep Dive into Kubernetes - Part 2Deep Dive into Kubernetes - Part 2
Deep Dive into Kubernetes - Part 2
Imesh Gunaratne
 
Data manipulation for configuration management using Ansible
Data manipulation for configuration management using AnsibleData manipulation for configuration management using Ansible
Data manipulation for configuration management using Ansible
Joel W. King
 
Immutable Deployments with AWS CloudFormation and AWS Lambda
Immutable Deployments with AWS CloudFormation and AWS LambdaImmutable Deployments with AWS CloudFormation and AWS Lambda
Immutable Deployments with AWS CloudFormation and AWS Lambda
AOE
 
DevOps for the Enterprise: Virtual Office Hours
DevOps for the Enterprise: Virtual Office HoursDevOps for the Enterprise: Virtual Office Hours
DevOps for the Enterprise: Virtual Office Hours
Amazon Web Services
 
Who is afraid of privileged containers ?
Who is afraid of privileged containers ?Who is afraid of privileged containers ?
Who is afraid of privileged containers ?
Marko Bevc
 
Automating your Infrastructure Deployment with AWS CloudFormation and AWS Ops...
Automating your Infrastructure Deployment with AWS CloudFormation and AWS Ops...Automating your Infrastructure Deployment with AWS CloudFormation and AWS Ops...
Automating your Infrastructure Deployment with AWS CloudFormation and AWS Ops...
Amazon Web Services
 
Security best practices for kubernetes deployment
Security best practices for kubernetes deploymentSecurity best practices for kubernetes deployment
Security best practices for kubernetes deployment
Michael Cherny
 
Security best practices for kubernetes deployment
Security best practices for kubernetes deployment  Security best practices for kubernetes deployment
Security best practices for kubernetes deployment
Aqua Security
 
Dev & Test on AWS Webinar October 2017 - IL Webinar
Dev & Test on AWS Webinar October 2017 - IL WebinarDev & Test on AWS Webinar October 2017 - IL Webinar
Dev & Test on AWS Webinar October 2017 - IL Webinar
Amazon Web Services
 
My First Big Data Application
My First Big Data ApplicationMy First Big Data Application
My First Big Data Application
Amazon Web Services
 
Deployment and Management on AWS:
 A Deep Dive on Options and Tools
Deployment and Management on AWS:
 A Deep Dive on Options and ToolsDeployment and Management on AWS:
 A Deep Dive on Options and Tools
Deployment and Management on AWS:
 A Deep Dive on Options and Tools
Danilo Poccia
 
Deep Dive - Infrastructure as Code
Deep Dive - Infrastructure as CodeDeep Dive - Infrastructure as Code
Deep Dive - Infrastructure as Code
Amazon Web Services
 
Amazon Web Services and Docker: from developing to production
Amazon Web Services and Docker: from developing to productionAmazon Web Services and Docker: from developing to production
Amazon Web Services and Docker: from developing to production
Paolo latella
 
What Is AWS Elastic Kubernetes Service
 What Is AWS Elastic Kubernetes Service What Is AWS Elastic Kubernetes Service
What Is AWS Elastic Kubernetes Service
AMELIAOLIVIA2
 
대용량 데이타 쉽고 빠르게 분석하기 :: 김일호 솔루션즈 아키텍트 :: Gaming on AWS 2016
대용량 데이타 쉽고 빠르게 분석하기 :: 김일호 솔루션즈 아키텍트 :: Gaming on AWS 2016대용량 데이타 쉽고 빠르게 분석하기 :: 김일호 솔루션즈 아키텍트 :: Gaming on AWS 2016
대용량 데이타 쉽고 빠르게 분석하기 :: 김일호 솔루션즈 아키텍트 :: Gaming on AWS 2016
Amazon Web Services Korea
 
Introduction To Apache Mesos
Introduction To Apache MesosIntroduction To Apache Mesos
Introduction To Apache Mesos
Joe Stein
 

Similar to Terraform, Ansible or pure CloudFormation (20)

Terraform, Ansible, or pure CloudFormation?
Terraform, Ansible, or pure CloudFormation?Terraform, Ansible, or pure CloudFormation?
Terraform, Ansible, or pure CloudFormation?
 
(APP313) NEW LAUNCH: Amazon EC2 Container Service in Action | AWS re:Invent 2014
(APP313) NEW LAUNCH: Amazon EC2 Container Service in Action | AWS re:Invent 2014(APP313) NEW LAUNCH: Amazon EC2 Container Service in Action | AWS re:Invent 2014
(APP313) NEW LAUNCH: Amazon EC2 Container Service in Action | AWS re:Invent 2014
 
Just one-shade-of-openstack
Just one-shade-of-openstackJust one-shade-of-openstack
Just one-shade-of-openstack
 
Amazon ECS Deep Dive
Amazon ECS Deep DiveAmazon ECS Deep Dive
Amazon ECS Deep Dive
 
Deep Dive into Kubernetes - Part 2
Deep Dive into Kubernetes - Part 2Deep Dive into Kubernetes - Part 2
Deep Dive into Kubernetes - Part 2
 
Data manipulation for configuration management using Ansible
Data manipulation for configuration management using AnsibleData manipulation for configuration management using Ansible
Data manipulation for configuration management using Ansible
 
Immutable Deployments with AWS CloudFormation and AWS Lambda
Immutable Deployments with AWS CloudFormation and AWS LambdaImmutable Deployments with AWS CloudFormation and AWS Lambda
Immutable Deployments with AWS CloudFormation and AWS Lambda
 
DevOps for the Enterprise: Virtual Office Hours
DevOps for the Enterprise: Virtual Office HoursDevOps for the Enterprise: Virtual Office Hours
DevOps for the Enterprise: Virtual Office Hours
 
Who is afraid of privileged containers ?
Who is afraid of privileged containers ?Who is afraid of privileged containers ?
Who is afraid of privileged containers ?
 
Automating your Infrastructure Deployment with AWS CloudFormation and AWS Ops...
Automating your Infrastructure Deployment with AWS CloudFormation and AWS Ops...Automating your Infrastructure Deployment with AWS CloudFormation and AWS Ops...
Automating your Infrastructure Deployment with AWS CloudFormation and AWS Ops...
 
Security best practices for kubernetes deployment
Security best practices for kubernetes deploymentSecurity best practices for kubernetes deployment
Security best practices for kubernetes deployment
 
Security best practices for kubernetes deployment
Security best practices for kubernetes deployment  Security best practices for kubernetes deployment
Security best practices for kubernetes deployment
 
Dev & Test on AWS Webinar October 2017 - IL Webinar
Dev & Test on AWS Webinar October 2017 - IL WebinarDev & Test on AWS Webinar October 2017 - IL Webinar
Dev & Test on AWS Webinar October 2017 - IL Webinar
 
My First Big Data Application
My First Big Data ApplicationMy First Big Data Application
My First Big Data Application
 
Deployment and Management on AWS:
 A Deep Dive on Options and Tools
Deployment and Management on AWS:
 A Deep Dive on Options and ToolsDeployment and Management on AWS:
 A Deep Dive on Options and Tools
Deployment and Management on AWS:
 A Deep Dive on Options and Tools
 
Deep Dive - Infrastructure as Code
Deep Dive - Infrastructure as CodeDeep Dive - Infrastructure as Code
Deep Dive - Infrastructure as Code
 
Amazon Web Services and Docker: from developing to production
Amazon Web Services and Docker: from developing to productionAmazon Web Services and Docker: from developing to production
Amazon Web Services and Docker: from developing to production
 
What Is AWS Elastic Kubernetes Service
 What Is AWS Elastic Kubernetes Service What Is AWS Elastic Kubernetes Service
What Is AWS Elastic Kubernetes Service
 
대용량 데이타 쉽고 빠르게 분석하기 :: 김일호 솔루션즈 아키텍트 :: Gaming on AWS 2016
대용량 데이타 쉽고 빠르게 분석하기 :: 김일호 솔루션즈 아키텍트 :: Gaming on AWS 2016대용량 데이타 쉽고 빠르게 분석하기 :: 김일호 솔루션즈 아키텍트 :: Gaming on AWS 2016
대용량 데이타 쉽고 빠르게 분석하기 :: 김일호 솔루션즈 아키텍트 :: Gaming on AWS 2016
 
Introduction To Apache Mesos
Introduction To Apache MesosIntroduction To Apache Mesos
Introduction To Apache Mesos
 

Recently uploaded

Preparing Non - Technical Founders for Engaging a Tech Agency
Preparing Non - Technical Founders for Engaging  a  Tech AgencyPreparing Non - Technical Founders for Engaging  a  Tech Agency
Preparing Non - Technical Founders for Engaging a Tech Agency
ISH Technologies
 
Quarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden ExtensionsQuarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden Extensions
Max Andersen
 
Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Need for Speed: Removing speed bumps from your Symfony projects ⚡️Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Łukasz Chruściel
 
socradar-q1-2024-aviation-industry-report.pdf
socradar-q1-2024-aviation-industry-report.pdfsocradar-q1-2024-aviation-industry-report.pdf
socradar-q1-2024-aviation-industry-report.pdf
SOCRadar
 
Neo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
Neo4j - Product Vision and Knowledge Graphs - GraphSummit ParisNeo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
Neo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
Neo4j
 
Fundamentals of Programming and Language Processors
Fundamentals of Programming and Language ProcessorsFundamentals of Programming and Language Processors
Fundamentals of Programming and Language Processors
Rakesh Kumar R
 
Orion Context Broker introduction 20240604
Orion Context Broker introduction 20240604Orion Context Broker introduction 20240604
Orion Context Broker introduction 20240604
Fermin Galan
 
Why Mobile App Regression Testing is Critical for Sustained Success_ A Detail...
Why Mobile App Regression Testing is Critical for Sustained Success_ A Detail...Why Mobile App Regression Testing is Critical for Sustained Success_ A Detail...
Why Mobile App Regression Testing is Critical for Sustained Success_ A Detail...
kalichargn70th171
 
Vitthal Shirke Java Microservices Resume.pdf
Vitthal Shirke Java Microservices Resume.pdfVitthal Shirke Java Microservices Resume.pdf
Vitthal Shirke Java Microservices Resume.pdf
Vitthal Shirke
 
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdf
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdfAutomated software refactoring with OpenRewrite and Generative AI.pptx.pdf
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdf
timtebeek1
 
GraphSummit Paris - The art of the possible with Graph Technology
GraphSummit Paris - The art of the possible with Graph TechnologyGraphSummit Paris - The art of the possible with Graph Technology
GraphSummit Paris - The art of the possible with Graph Technology
Neo4j
 
Empowering Growth with Best Software Development Company in Noida - Deuglo
Empowering Growth with Best Software  Development Company in Noida - DeugloEmpowering Growth with Best Software  Development Company in Noida - Deuglo
Empowering Growth with Best Software Development Company in Noida - Deuglo
Deuglo Infosystem Pvt Ltd
 
Mobile App Development Company In Noida | Drona Infotech
Mobile App Development Company In Noida | Drona InfotechMobile App Development Company In Noida | Drona Infotech
Mobile App Development Company In Noida | Drona Infotech
Drona Infotech
 
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
Crescat
 
2024 eCommerceDays Toulouse - Sylius 2.0.pdf
2024 eCommerceDays Toulouse - Sylius 2.0.pdf2024 eCommerceDays Toulouse - Sylius 2.0.pdf
2024 eCommerceDays Toulouse - Sylius 2.0.pdf
Łukasz Chruściel
 
Atelier - Innover avec l’IA Générative et les graphes de connaissances
Atelier - Innover avec l’IA Générative et les graphes de connaissancesAtelier - Innover avec l’IA Générative et les graphes de connaissances
Atelier - Innover avec l’IA Générative et les graphes de connaissances
Neo4j
 
SWEBOK and Education at FUSE Okinawa 2024
SWEBOK and Education at FUSE Okinawa 2024SWEBOK and Education at FUSE Okinawa 2024
SWEBOK and Education at FUSE Okinawa 2024
Hironori Washizaki
 
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptx
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptxTop Features to Include in Your Winzo Clone App for Business Growth (4).pptx
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptx
rickgrimesss22
 
ALGIT - Assembly Line for Green IT - Numbers, Data, Facts
ALGIT - Assembly Line for Green IT - Numbers, Data, FactsALGIT - Assembly Line for Green IT - Numbers, Data, Facts
ALGIT - Assembly Line for Green IT - Numbers, Data, Facts
Green Software Development
 
Neo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
Neo4j - Product Vision and Knowledge Graphs - GraphSummit ParisNeo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
Neo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
Neo4j
 

Recently uploaded (20)

Preparing Non - Technical Founders for Engaging a Tech Agency
Preparing Non - Technical Founders for Engaging  a  Tech AgencyPreparing Non - Technical Founders for Engaging  a  Tech Agency
Preparing Non - Technical Founders for Engaging a Tech Agency
 
Quarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden ExtensionsQuarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden Extensions
 
Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Need for Speed: Removing speed bumps from your Symfony projects ⚡️Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Need for Speed: Removing speed bumps from your Symfony projects ⚡️
 
socradar-q1-2024-aviation-industry-report.pdf
socradar-q1-2024-aviation-industry-report.pdfsocradar-q1-2024-aviation-industry-report.pdf
socradar-q1-2024-aviation-industry-report.pdf
 
Neo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
Neo4j - Product Vision and Knowledge Graphs - GraphSummit ParisNeo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
Neo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
 
Fundamentals of Programming and Language Processors
Fundamentals of Programming and Language ProcessorsFundamentals of Programming and Language Processors
Fundamentals of Programming and Language Processors
 
Orion Context Broker introduction 20240604
Orion Context Broker introduction 20240604Orion Context Broker introduction 20240604
Orion Context Broker introduction 20240604
 
Why Mobile App Regression Testing is Critical for Sustained Success_ A Detail...
Why Mobile App Regression Testing is Critical for Sustained Success_ A Detail...Why Mobile App Regression Testing is Critical for Sustained Success_ A Detail...
Why Mobile App Regression Testing is Critical for Sustained Success_ A Detail...
 
Vitthal Shirke Java Microservices Resume.pdf
Vitthal Shirke Java Microservices Resume.pdfVitthal Shirke Java Microservices Resume.pdf
Vitthal Shirke Java Microservices Resume.pdf
 
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdf
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdfAutomated software refactoring with OpenRewrite and Generative AI.pptx.pdf
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdf
 
GraphSummit Paris - The art of the possible with Graph Technology
GraphSummit Paris - The art of the possible with Graph TechnologyGraphSummit Paris - The art of the possible with Graph Technology
GraphSummit Paris - The art of the possible with Graph Technology
 
Empowering Growth with Best Software Development Company in Noida - Deuglo
Empowering Growth with Best Software  Development Company in Noida - DeugloEmpowering Growth with Best Software  Development Company in Noida - Deuglo
Empowering Growth with Best Software Development Company in Noida - Deuglo
 
Mobile App Development Company In Noida | Drona Infotech
Mobile App Development Company In Noida | Drona InfotechMobile App Development Company In Noida | Drona Infotech
Mobile App Development Company In Noida | Drona Infotech
 
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
 
2024 eCommerceDays Toulouse - Sylius 2.0.pdf
2024 eCommerceDays Toulouse - Sylius 2.0.pdf2024 eCommerceDays Toulouse - Sylius 2.0.pdf
2024 eCommerceDays Toulouse - Sylius 2.0.pdf
 
Atelier - Innover avec l’IA Générative et les graphes de connaissances
Atelier - Innover avec l’IA Générative et les graphes de connaissancesAtelier - Innover avec l’IA Générative et les graphes de connaissances
Atelier - Innover avec l’IA Générative et les graphes de connaissances
 
SWEBOK and Education at FUSE Okinawa 2024
SWEBOK and Education at FUSE Okinawa 2024SWEBOK and Education at FUSE Okinawa 2024
SWEBOK and Education at FUSE Okinawa 2024
 
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptx
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptxTop Features to Include in Your Winzo Clone App for Business Growth (4).pptx
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptx
 
ALGIT - Assembly Line for Green IT - Numbers, Data, Facts
ALGIT - Assembly Line for Green IT - Numbers, Data, FactsALGIT - Assembly Line for Green IT - Numbers, Data, Facts
ALGIT - Assembly Line for Green IT - Numbers, Data, Facts
 
Neo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
Neo4j - Product Vision and Knowledge Graphs - GraphSummit ParisNeo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
Neo4j - Product Vision and Knowledge Graphs - GraphSummit Paris
 

Terraform, Ansible or pure CloudFormation

  • 1. Terraform, Ansible, or pure CloudFormation? Vladimir Dobriakov AWS Tech Community Days Cologne, September 27th and 28th
  • 2. infrastructure coder Infrastructure as Code • put under source control: diffable, traceable, reproducible • aim for simplicity - orthogonal concepts • unit tests, integration tests and CI 1
  • 4. 3
  • 5. implementation Hosting - 400 VMs in OpenStack public cloud - moving to private cloud - moved applications to kubernetes - some AWS People - 40 dev (5 teams) - 10 ops 24x7 4
  • 6. our aws usage AWS Use Case 1: Media Assets AWS Use Case 2: DB Backup Offsite DB backup for SQL databases. 5
  • 8. terraform: nice syntax resource "aws_iam_user" "deploy_user" { name = "deploy-${var.topic}${var.suffix}" } resource "aws_iam_access_key" "deploy_user" { user = "${aws_iam_user.deploy_user.name}" } resource "aws_s3_bucket" "the_bucket" { bucket = "${data.template_file.bucket_name.rendered}" policy = <<EOF ... "Principal": {"AWS": "${aws_iam_user.deploy_user.arn}"} } output access_key_id { value = "${aws_iam_access_key.deploy_user.id}" } 7
  • 9. terraform advantages • nice, clean syntax • examples very readable, takes fear from starting infrastructure as code • ”plan” feature 8
  • 11. terraform challenges: resources docs Terraform is not an abstraction layer across providers! Need to dive into AWS docs anyway: resource "aws_s3_bucket" "the_bucket" { bucket = "${data.template_file.bucket_name.rendered}" cors_rule { expose_headers = ??? 10
  • 12. terraform challenges: resources docs Terraform documentation https://www.terraform.io/docs/providers/aws/r/s3 bucket.html AWS documentation 11
  • 13. terraform challenges: syntax break Sometimes requires copy+paste from AWS console: resource "aws_s3_bucket" "the_bucket" { bucket = "${data.template_file.bucket_name.rendered}" acl = "private" website { index_document = "index.html" } policy = <<EOF { "Version": "2008-10-17", "Statement": [ { "Sid": "PublicReadForGetTestBucketObjects", "Effect": "Allow", "Principal": "*", 12
  • 14. terraform challenges: endless updates due diff problems Terraform documentation https://github.com/hashicorp/terraform/issues/7045 13
  • 15. terraform challenges: tfstate • Working with 9 people on same terraform code base • Terraform versions • Refactoring: extract to module changes resource names • Refactoring: move objects with tf state mv -state=terraform.tfstate.prod module.publish media prod module.publish media 14
  • 18. set up backup bucket tasks: - name: Create backup aws user iam: iam_type: user name: "{{ backup_user_name }}" state: present access_key_state: create register: created_user # need this name for the template - name: Create backup bucket s3_bucket: name: "{{ backup_bucket_name }}" policy: "{{ lookup(’template’, ’bucket_policy.json.j2’) }}" versioning: true # to enable trash bin register: backup_bucket - name: Set retention for backups s3_lifecycle: name: "{{ backup_bucket_name }}" expiration_days: 30 17
  • 20. old json "UserData" : { "Fn::Base64" : { "Fn::Join" : ["", [ "#!/bin/bash -xen", "yum install -y aws-cfn-bootstrapn", "/opt/aws/bin/cfn-init -v ", " --stack ", { "Ref" : "AWS::StackName" }, " --resource LaunchConfig ", " --region ", { "Ref" : "AWS::Region" }, "n", "/opt/aws/bin/cfn-signal -e $? ", " --stack ", { "Ref" : "AWS::StackName" }, " --resource WebServerGroup ", " --region ", { "Ref" : "AWS::Region" }, "n" ]]}} } 19
  • 21. cloudformation yaml UserData: Fn::Base64: !Sub | #!/bin/bash -xe yum update -y aws-cfn-bootstrap /opt/aws/bin/cfn-init -v --stack ${AWS::StackName} --resource LaunchConfig --region ${AWS::Region} /opt/aws/bin/cfn-signal -e $? --stack ${AWS::StackName} --resource WebServerGroup --region ${AWS::Region} 20
  • 22. Which one to choose?
  • 23. learn aws! Try to implement with CloudFormation first! • learn access and identity management (IAM) concepts • refer to permissions list http://amzn.to/2pPnT1p to implement principle of least privelege • use CloudFormation YAML format 22
  • 24. orchestrate with ansible if needed • for more sophisticated templating and logic • when using multiple clouds • to store some state locally, e.g. generated credentials • to look up some state/parameters elsewhere 23
  • 26. contact Vladimir Dobriakov available for consulting Twitter: @enterprise geek github: geekQ Blog http://infrastructure-as-code.de 25