(app304) aws cloudformation best practices | aws re:invent 2014

Download (APP304) AWS CloudFormation Best Practices | AWS re:Invent 2014

Post on 30-Jun-2015

1.991 views

Category:

Technology

4 download

Embed Size (px)

DESCRIPTION

"With AWS CloudFormation you can model, provision, and update the full breadth of AWS resources. You can manage anything from a single Amazon EC2 instance to a multi-tier application. If you are familiar with AWS CloudFormation or using it already, this session is for you. If you are familiar with AWS CloudFormation, you may have questions such as ''How do I plan my stacks?', ''How do I deploy and bootstrap software on my stacks?' and ''Where does AWS CloudFormation fit in a DevOps pipeline?' If you are using AWS CloudFormation already, you may have questions such as ''How do I manage my templates at scale?', ''How do I safely update stacks?', and ''How do I audit changes to my stack?' This session is intended to answer those questions. If you are new to AWS CloudFormation, get up to speed for this session by completing the Working with CloudFormation lab in the self-paced Labs Lounge."

TRANSCRIPT

  • 1. November 13, 2014 | Las Vegas, NVChetan Dandekar, Senior Product Manager, Amazon Web Services

2. EffectivenessSafetyVisibility 3. DesignTemplatesApp codeStacksIterate 4. Frontend ServicesConsumer Website, Seller Website, Mobile BackendBackend ServicesSearch, Payments, Reviews, RecommendationsShared ServicesCRM DBs, Common Monitoring /Alarms, Subnets, Security GroupsBase NetworkVPCs, Internet Gateways, VPNs, NATsIdentityIAM Users, Groups, Roles 5. Food Catalog websiteOrdering websiteCustomer DB serviceInventory serviceRecommendations serviceAnalytics serviceFulfillmentservicePaymentservice 6. Food Catalog websiteCustomer DB serviceOutputs : {CustDBEndPoint}Parameters : {CustDBEndPoint} 7. Website1Resources : {ELB,AutoScaling,RDS}Website2Resources : {ELB,AutoScaling,DynamoDB}ELB_AND_ASResources : {ELB,AutoScaling}Website1Resources : {NestedStack,RDS}Website2Resources : {NestedStack,DynamoDB} 8. AWS::EC2::VPC::IdListListAWS::EC2::KeyPair::KeyNameParamvalidationStack creation workflowAppinstances 9. MinLengthMaxLengthAllowedPattern 10. User/RoleAWSCloudFormationAmazon EC2Amazon RDSAmazonElastiCacheEtc.Permissions to call AWS CloudFormationPermissions to create ALL resources specified in a template 11. AccountAWSCloudFormationAmazon EC2Amazon RDSElastiCacheEtc.# of AWS CloudFormation stacks# of EC2 instances, total Amazon RDS storage, etc. 12. MetadataAWS::CloudFormation::InitDeclarativeReusableGrouping & OrderingDebug-ableUpdatableHighly SecureBIOT (Bring In Other Tools)ow.ly/DiNCm 13. "packages" : {}, "sources" : {}, "files" : {}, "groups" : {}, "users" : {},"commands" : {}, "services" : {} 14. commandsrecipe[wordpress]ow.ly/DiNkz 15. Securely downloadChoose auth type. IAM Role is recommendedow.ly/DqkrB 16. UserDataGet the latestTrigger CloudFormation::InitSignal completion 17. awslogsawslogscfn-logs.conffile = /var/log/cfn-init.loglog_stream_name = {instance_id}/cfn-init.logfile = /var/log/cfn-hup.loglog_stream_name = {instance_id}/cfn-hup.logow.ly/E0zO3 18. ow.ly/E0zO3 19. arn:aws:cloudformation:us-west-2:123456789:stack/BaseNet* arn:aws:cloudformation:us-west-2:123456789:stack/FrontEnd*Frontend ServicesConsumer Website, Seller Website, Mobile BackendBackend ServicesSearch, Payments, Reviews, RecommendationsShared ServicesCRM DBs, Common Monitoring /Alarms, Subnets, Security GroupsBase NetworkVPCs, Internet Gateways, VPNs, NATsIdentityIAM Users, Groups, Roles 20. {"Effect" : "Deny","Action" : [ "ec2:TerminateInstances"],"Condition": {"Null": { "ec2:ResourceTag/*cloudformation*": "true" }},"Resource" : "*"} 21. DescriptionMetadataComment 22. FasterCost-efficientSimpler state and data migrationNo touching of a working stack 23. Textual diffRefs and Fn::GetAttsNo InterruptionSome InterruptionReplacementIAM permissions driftAWS ConfigCloudFormer 24. Do not update the databases"Effect" : "Deny","Principal" : "*","Action" : "Update:*","Resource" : "*","Condition" : {"StringEquals" : {"ResourceType" : ["AWS::RDS::DBInstance", "AWS::Redshift::Cluster"]}}Okay to update, unless the update requires replacement"Effect" : "Deny","Principal": "*","Action" : "Update:Replace","Resource" : "LogicalResourceId/MyInstance"ow.ly/E0Njj 25. ow.ly/E9nLm 26. security groupAuto Scaling groupEC2instanceElastic LoadBalancingElastiCacheMemcached clusterSoftware pkgs,CloudWatch config, & dataalarmsWeb AnalyticsServiceAWSCloudFormationProvisionAWS ResourcesCreate, Update,Rollback, or DeleteWorkerAmazonSNS TopicStack Events 27. security groupAuto Scaling groupEC2instanceElastic LoadBalancingElastiCacheMemcached clusterSoftware pkgs,CloudWatch config, & dataalarmsWeb AnalyticsServiceAWSCloudFormationProvisionAWS ResourcesSuccess + MetadataCreate, Update, Rollback, or Delete+ Metadataow.ly/DiSXp 28. https://console.aws.amazon.com/cost-reports/home?#/customow.ly/E0Ny9 29. AWSCloudFormationIssue TrackerApp DevelopersDevOps Engineers,Infrastructure Developers,Systems EngineersDev EnvCode RepoApp Pkgs,AWS CloudFormation Templates, Etc.CI ServerTestStagingProdCode Review"Infra-as-Code"App Code& Templates 30. http://bit.ly/awsevalsow.ly/Ec28aow.ly/EdMyk