AWS Power Tools: Advanced AWS CloudFormation and CLI

Download AWS Power Tools: Advanced AWS CloudFormation and CLI

Post on 13-Aug-2015

379 views

Category:

Technology

6 download

Embed Size (px)

TRANSCRIPT

  1. 1. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 20152015, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Power Tools: Advanced AWS CloudFormation and CLI Alex Corley Solutions Architect
  2. 2. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 How do I plan my stacks?
  3. 3. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 Organize by layers & environments Frontend Services Consumer website, seller website, mobile backend Backend Services Search, payments, reviews, recommendations Shared Services CRM DBs, common monitoring /alarms, subnets, security groups Base Network VPCs, Internet gateways, VPNs, NATs Identity IAM users, groups, roles
  4. 4. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 Apply service-oriented architecture Food catalog website Ordering website Customer DB service Inventory service Recommendations service Analytics service Fulfillment service Payment service
  5. 5. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 Apply service-oriented architecture Food catalog website Customer DB service Outputs : { CustDBEndPoint: } Parameters : { CustDBEndPoint: }
  6. 6. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 Nested stacks Website1 Resources : { ELB, AutoScaling, RDS } Website2 Resources : { ELB, AutoScaling, DynamoDB } ELB_AND_AS Resources : { ELB, AutoScaling } Website1 Resources : { NestedStack, RDS } Website2 Resources : { NestedStack, DynamoDB }
  7. 7. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 How do I ensure error-free stack creation?
  8. 8. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 Validate your templates ValidateTemplate API action validates: JSON syntax Absence of circular dependencies Template structure
  9. 9. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 Use parameter types "Parameters" : { aVpcId" : { "Type" : "AWS::EC2::VPC::Id" }, bSubnetIds" : { "Type" : "List" }, cSecurityGroups" : { "Type" : "List" }, dKeyPair" : { "Type" : "AWS::EC2::KeyPair::KeyName" }
  10. 10. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 Use parameter constraints "Parameters" : { "SourceCIDRForSSH" : { "Description" : "CIDR block to allow SSH from", "Type" : "String", "MinLength" : "9", "MaxLength" : "18", "AllowedPattern" : "^([0-9]+.){3}[0-9]+/[0-9]+$" }
  11. 11. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 How do I deploy and bootstrap software and data?
  12. 12. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 Metadata AWS::CloudFormation::Init Use AWS::CloudFormation::Init Declarative Reusable Grouping & ordering Debug-able Updatable Highly secure BIOT (Bring in other tools) ow.ly/DiNCm
  13. 13. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 Use AWS::CloudFormation::Init "YourInstance": { "Metadata": { "AWS::CloudFormation::Authentication": { "S3AccessCreds": { "type": "S3", "roleName": { "Ref" : "InstanceRole"}, "buckets" : ["your-bucket"] } }, "AWS::CloudFormation::Init": {} Securely download Choose auth type. IAM Role is recommended
  14. 14. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 Use AWS::CloudFormation::Init "AWS::CloudFormation::Init": { "webapp-config": { "packages" : {}, "sources" : {}, "files" : {}, "groups" : {}, "users" : {}, "commands" : {}, "services" : {}
  15. 15. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 Use AWS::CloudFormation::Init "packages" : {}, "sources" : {}, "files" : {}, "groups" : {}, "users" : {}, "commands" : {}, "services" : {}
  16. 16. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 Use AWS::CloudFormation::Init "install_chef" : {}, "install_wordpress" : { "commands" : { "01_get_cookbook" : {}, ..., "05_configure_node_run_list" : { "command" : "knife node run_list add -z `knife node list -z` recipe[wordpress]", "cwd" : "/var/chef/chef-repo", "env" : { "HOME" : "/var/chef" }
  17. 17. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 Use AWS::CloudFormation::Init "UserData": { "# Get the latest CloudFormation helper scripts packagen", "yum update -y aws-cfn-bootstrapn", "# Trigger CloudFormation::Init configuration n", "/opt/aws/bin/cfn-init --stack ", {"Ref": "AWS::StackId"}, " --resource WebServerInstance ", " --region ", {"Ref": "AWS::Region"}, "n", "# Signal completionn", "/opt/aws/bin/cfn-signal e $? --stack ", {"Ref": "AWS::StackId"}, " --resource WebServerInstance ", " --region ", {"Ref": "AWS::Region"}, "n"
  18. 18. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 Use CloudWatch Logs for debugging "install_logs": { "packages" : { ... "awslogs" ... }, "services" : { ... "awslogs" ... } "files": { "/tmp/cwlogs/cfn-logs.conf": {} file = /var/log/cfn-init.log log_stream_name = {instance_id}/cfn-init.log file = /var/log/cfn-hup.log log_stream_name = {instance_id}/cfn-hup.log
  19. 19. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 Use CloudWatch Logs for debugging
  20. 20. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 CloudFormation Demo
  21. 21. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 CloudFormation Template: Web Application Availability Zone - A DMZ 10.0.0.0/24 Web 10.0.3.0/24 Database 10.0.6.0/24 Availability Zone - B DMZ 10.0.1.0/24 Web 10.0.4.0/24 Database 10.0.7.0/24 Availability Zone - C DMZ 10.0.2.0/24 Web 10.0.5.0/24 Database 10.0.8.0/24 AWS CloudFormation
  22. 22. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 CloudFormation Template Production, Test, Dev Production Test Development
  23. 23. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 CloudFormation Template Multiple Regions us-east-1 us-west-1 us-west-2
  24. 24. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 CloudFormation Template Second Environment Availability Zone - A DMZ 10.1.0.0/24 Web 10.1.3.0/24 Database 10.1.6.0/24 Availability Zone - B DMZ 10.1.1.0/24 Web 10.1.4.0/24 Database 10.1.7.0/24 Availability Zone - C DMZ 10.1.2.0/24 Web 10.1.5.0/24 Database 10.1.8.0/24 AWS CloudFormation
  25. 25. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 CloudFormation Parameters "Parameters": { "Environment": { "Default": "Development", "Type": "String", "AllowedValues": [ "Production", "Staging", "Development" ], "Description": "Name of Environment", "ConstraintDescription": "Production or Staging or Development" } }
  26. 26. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 CloudFormation Mappings "Mappings": { "AWSRegionAvailabilityZones": { "us-east-1": { "1": "us-east-1a", "2": "us-east-1b", "3": "us-east-1d" }, "us-west-1": { "1": "us-west-1a", "2": "us-west-1b", "3": "us-west-1c" }, "us-west-2": { "1": "us-west-2a", "2": "us-west-2b", "3": "us-west-2c" } } }
  27. 27. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 CloudFormation Mappings "Environment2Vpc": { "Production": { "VpcCidr": "10.0.0.0/16", "PublicSubnet1Cidr": "10.0.0.0/24", "PublicSubnet2Cidr": "10.0.1.0/24", "PublicSubnet3Cidr": "10.0.2.0/24", "WebSubnet1Cidr": "10.0.3.0/24", "WebSubnet2Cidr": "10.0.4.0/24", "WebSubnet3Cidr": "10.0.5.0/24", "PrivateSubnet1Cidr": "10.0.6.0/24", "PrivateSubnet2Cidr": "10.0.7.0/24", "PrivateSubnet3Cidr": "10.0.8.0/24" } }
  28. 28. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 CloudFormation Subnets "PublicSubnet1": { "Type": "AWS::EC2::Subnet", "Properties": { "AvailabilityZone": { "Fn::FindInMap": [ "AWSRegionAvailabilityZones", { "Ref": "AWS::Region" }, "1" ] }, "VpcId": { "Ref": "VPC" }, "CidrBlock": { "Fn::FindInMap": [ "Environment2Vpc", { "Ref": "Environment" }, "PublicSubnet1Cidr" ] }, "Tags": [ { "Key": "Name", "Value": { "Fn::Join": [ "-", [ { "Ref": "Environment" }, "DMZ" ] ] } }, { "Key": "Environment", "Value": { "Ref": "Environment" } }, { "Key": "Application", "Value": { "Ref": "AWS::StackName" } }, { "Key": "Network", "Value": "DMZ" } ] } }
  29. 29. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 Using the CLI
  30. 30. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 When Should I Script? Whenever possible: If it can be scripted, script it! AWS services have API reference guides publicly available. Scripts and AWS CloudFormation templates can be used to quickly launch, start, and stop dev and test environments. AWS CLI AWS CloudFormation template stack
  31. 31. AWS Government, Education, and Nonprofit Symposium Washington, DC I June 25-26, 2015 Key Features of the AWS CLI Its a unified tool to manage your AWS services It can be installed via MSI, a cross-platform bundle, or pip Its a Python package Run aws configure to set access keys and default region/output format All commands in the AWS CLI have a structure similar to: $ aws ex: $ aws ec2 describe-instances Details for commands can be found online and using the help subcommand. AWS CLI
  32. 32. AWS Governm