AWSマイスターシリーズReloaded(AWS Cloudformation)

Download AWSマイスターシリーズReloaded(AWS Cloudformation)

Post on 24-May-2015

1.497 views

Category:

Technology

2 download

Embed Size (px)

TRANSCRIPT

<ul><li> 1. AWS ReloadedAWS CloudFormation20120402 @c9katayama akiok@amazon.co.jp</li></ul> <p> 2. Agenda CloudFormation Cloud-init CloudFormation helpers CloudFormer Tips Copyright 2011 Amazon Web Services 3. CloudFormation 4. CloudFormation EC2ELBAWS AWS 5. CloudFormation ElasticLoadBalanceing S3 Cloud Formation SNSEC2 EC2AutoScalingCloudWatch 6. BlogWeb WordPress,Redmine DBEC2 7. CloudFormationAWS 8. 9. EC2S3RDS AppWebServer Server 10. Amazon EC2 Instances Amazon Simple Storage Service (S3) BucketsAmazon Elastic Block Store (EBS) Volumes Amazon Simple DB DomainsElastic Load Balancers Amazon Simple Queue Service (SQS) QueuesElastic IP Addresses Amazon Simple Notification Service (SNS) TopicsAmazon EC2 Security Groups Amazon SNS SubscriptionsAuto Scaling GroupsAmazon Route 53 DNS RecordsAmazon Relational Database Service (RDS) Amazon CloudFront DistributionsInstances AWS Identity and Access Management users andAmazon RDS Security Groups groupsAWS Elastic BeanstalkAWS Identify and Access Management policiesAmazon CloudWatch Alarms New!! Amazon Virtual Private CloudNew!! Amazon ElastiCache 11. AWS ManagementConsole http://aws.amazon.com/developertools/AWS- CloudFormation/2555753788650372Java.NetPHPSDK Java : http://aws.amazon.com/jp/sdkforjava/ .NET : http://aws.amazon.com/jp/sdkfornet/ PHP : http://aws.amazon.com/jp/sdkforphp/ 12. AWS ManagementConsole-1 URLS3 13. AWS ManagementConsole-2 14. AWS ManagementConsole-3 15. AWS ManagementConsole-4 16. AWS ManagementConsole-5 17. 18. { "AWSTemplateFormatVersion" : "2010-09-09", "Description" : Sample", "Parameters" : { "KeyName" : { "Description" : Sample key, "Type" : "String" } }, "Mappings" : { }, "Resources" : {CloudFormation"Ec2Instance" : {"Type" : "AWS::EC2::Instance","Properties" : {"SecurityGroups" : [ { "Ref" : "InstanceSecurityGroup" } ],"KeyName" : { "Ref" : "KeyName" },JSON"ImageId" : { "Fn::FindInMap" : ["RegionMap", { "Ref" : "AWS::Region" }, "AMI" ]}}}, "InstanceSecurityGroup" : { "Type" : "AWS::EC2::SecurityGroup", "Properties" : { "GroupDescription" : "Enable SSH access via port 22", "SecurityGroupIngress" : [ {"IpProtocol" : "tcp","FromPort" : "22","ToPort" : "22","CidrIp" : "0.0.0.0/0" }] } } } } 19. { 2010-09-09"AWSTemplateFormatVersion" : 2010-09-09","Description" : "Valid JSON strings up to 4K", "Parameters" : { set of parameters CloudFormation}, DB"Mappings" : {set of mappings },Hashtable"Resources" : {AMIset of resources },EC2RDS"Outputs" : {set of outputs}} 20. Parameters{"AWSTemplateFormatVersion" : 2010-09-09","Description" : "Valid JSON strings up to 4K","Parameters" : { set of parameters CloudFormation}, DB"Mappings" : {set of mappings },"Resources" : {set of resources },"Outputs" : {set of outputs}} 21. Parameters "Parameters" : {"Age":{ "Type":"Number", Default : 30, MinValue: 20, MaxValue: 60, "Description":"input your age.},"FirstName":{ "Type":"String", "Description":"input your first name.},} 22. Parameters Type String Number CommaDelimitedListDefault NoEcho*****AllowedValues [true,false] AllowedPattern[a-zA-Z]*MaxLength MaxValueMinValueDescription ConstraintDescription AllowedPatternMaxLength 23. Parameters Ref Resources" : {MyServer":{Type":AWS::EC2::Instance",Properties : {KeyName: { Ref : Age},Tags : { Ref : FirstName}}}} 24. FunctionRef Fn::Base64 Base64Fn::FindInMap MapFn::GetAtt "Fn::GetAtt" : [ "MyELB" , "DNSName"]Fn:GetAZs Fn:Join Fn::Join : [ :, [ a, b, c ] ] a:b:c : http://docs.amazonwebservices.com/AWSCloudFormation/latest/UserGuide/index.html?intrinsic-function-reference.html 25. Pseudo ParameterAWS::Region { Ref : AWS::Region } AWS::StackName { Ref : AWS::StackName } Resources" : {MyServer":{Type":AWS::EC2::Instance",Properties : {KeyName: { Ref : AWS::StackName},Tags : { Ref : AWS::Region}}}}http://docs.amazonwebservices.com/AWSCloudFormation/latest/UserGuide/index.html?pseudo-parameter-reference.html 26. Mappings{"AWSTemplateFormatVersion" : 2010-09-09","Description" : "Valid JSON strings up to 4K","Parameters" : { set of parameters},"Mappings" : {set of mappings },Hashtable"Resources" : {AMIset of resources },"Outputs" : {set of outputs}} 27. Mappings "Mappings" : { "RegionTable" : { "us-east-1" : { "AMI" : "ami-8c1fece5, RegionTableKey : myKey-east }, "us-west-1" : {"AMI" : "ami-3bc9997e,Fn::FindInTemplateKey : myKey-west }, "ap-northeast-1" : {"AMI" : "ami-300ca731,Key : myKey-japan } } }, 28. Mappings Fn:FindInMap "Fn::FindInMap" : [ "MapName", "Key", "Value"] MapName,key,ValueRef"Mappings" : { "RegionTable" : { "us-east-1" : {Resources" : {"AMI" : "ami-8c1fece5, MyServer":{Key : myKey-eastType":AWS::EC2::Instance", }, Properties : { "us-west-1" : {ImageId: {Fn::FindInTemplate"AMI" : "ami-3bc9997e, Fn:FindInMap : [Key : myKey-westRegionTable , },{ Ref : region }, "ap-northeast-1" : { AMI]"AMI" : "ami-300ca731,},Key : myKey-japan } }} }} },regionAMIID 29. Resources{"AWSTemplateFormatVersion" : 2010-09-09","Description" : "Valid JSON strings up to 4K","Parameters" : { set of parameters},"Mappings" : {set of mappings },"Resources" : {set of resources }, EC2RDS"Outputs" : { set of outputs}} 30. Resources EC2ELB,RDS Resources" : { MyWebServer" : { Type" : AWS:EC2::Instance Properties" : {KeyName" : "ami-8c1fece5,ImageId : myKey-east }, "us-west-1" : {"AMI" : "ami-3bc9997e,Key : myKey-west }, "ap-northeast-1" : {"AMI" : "ami-300ca731,Key : myKey-japan } } }, 31. EC2+SecurityGroup"Resources" : { "Ec2Instance" : { "Type" : "AWS::EC2::Instance", "Properties" : { "SecurityGroups" : [ { "Ref" : "InstanceSecurityGroup" } ], "KeyName" : { "Ref" : "KeyName" }, "ImageId" : { "Fn::FindInMap" : [ "RegionMap", { "Ref" : "AWS::Region" }, "AMI" ]} } }, "InstanceSecurityGroup" : { "Type" : "AWS::EC2::SecurityGroup", "Properties" : { "GroupDescription" : "Enable SSH access via port 22", "SecurityGroupIngress" : [ { "IpProtocol" : "tcp", "FromPort" : "22", "ToPort" : "22", "CidrIp" : "0.0.0.0/0" }] } } } 32. Auto Scaling AutoScalingGroup AWS::AutoScaling::AutoScalingGroupAuto Scaling AutoScalingGroup AWS::AutoScaling::AutoScalingGroupIAM Access KeyAWS::IAM::AccessKey Auto Scaling LaunchConfigurationAWS::AutoScaling::LaunchConfigurationIAM Group AWS::IAM::Group Auto Scaling Policy AWS::AutoScaling::ScalingPolicyIAM PolicyAWS::IAM::PolicyAuto Scaling TriggerAWS::AutoScaling::TriggerIAM Add User to Group UserToGroupAddition Amazon CloudFormation Stack AWS::CloudFormation::StackIAM UserAWS::IAM::UserAmazon CloudFormation WaitCondition AWS::CloudFormation::WaitConditionAmazon CloudFormationElastic Load Balancing LoadBalancer AWS::ElasticLoadBalancing::LoadBalancer AWS::CloudFormation::WaitConditionHandleWaitConditionHandleAmazon RDS DBInstance AWS::RDS::DBInstanceAmazon CloudFront DistributionAWS::CloudFront::DistributionAmazon RDS DBSecurityGroupAWS::RDS::DBSecurityGroup Amazon CloudWatch AWS::CloudWatch::AlarmAmazon Route 53 Resource Record Set AWS::Route53::RecordSet Amazon EBS Volume AWS::EC2::VolumeAmazon Route 53 Resource Record Set Amazon EBS Volume AttachmentAWS::EC2::VolumeAttachmentAWS::Route53::RecordSetGroupGroupAmazon EC2 Elastic IP Address AWS::EC2::EIPAmazon S3 BucketAWS::S3::BucketAmazon EC2 Elastic IP AddressAWS::EC2::EIPAssociationAmazon S3 Bucket Policy AWS::S3::BucketPolicy AssociationAmazon EC2 Instance AWS::EC2::InstanceAmazon SimpleDB DomainAWS::SDB::DomainAmazon EC2 Security Group AWS::EC2::SecurityGroupSNS Topic PolicyAWS::SNS::TopicPolicyAmazon EC2 Security Group Ingress AWS::EC2::SecurityGroupIngressAmazon SNS Subscription AWS::SNS::SubscriptionAmazon SQS Queue Policy AWS::SQS::QueuePolicyAmazon SNS TopicAWS::SNS::TopicAmazon SQS QueueAWS::SQS::Queuehttp://docs.amazonwebservices.com/AWSCloudFormation/latest/UserGuide/index.html?aws-template-resource-type-ref.html 33. Outputs{"AWSTemplateFormatVersion" : 2010-09-09","Description" : "Valid JSON strings up to 4K","Parameters" : { set of parameters},"Mappings" : {set of mappings },"Resources" : {set of resources },"Outputs" : {set of outputs}} 34. Outputs URLDBIAM ID 35. Output "Outputs" : {"InstanceId" : { "Description" : "InstanceId of the newly created EC2 instance", "Value" : { "Ref" : "Ec2Instance" } }, "AZ" : { "Description" : "Availability Zone of the newly created EC2 instance", "Value" : { "Fn::GetAtt" : [ "Ec2Instance", "AvailabilityZone" ] } }, "ApplicationURL" : { "Description" : "URL of running web application", "Value" : { "Fn::Join":["", [ "http://", { "Fn::GetAtt": [ "Ec2Instance" , "PublicIp"] } , "/index.html"] ] } } } Function 36. Output"Outputs" : {"InstanceId" : { "Description" : "InstanceId of the newly created EC2 instance", "Value" : { "Ref" : "Ec2Instance" } }, "AZ" : { "Description" : "Availability Zone of the newly created EC2 instance", "Value" : { "Fn::GetAtt" : [ "Ec2Instance", "AvailabilityZone" ] } }, "ApplicationURL" : { "Description" : "URL of running web application", "Value" : { "Fn::Join":["", [ "http://", { "Fn::GetAtt": [ "Ec2Instance" , "PublicIp"] } , "/index.html"] ] } } } 37. Parameters,Mappings,Resources,Outputs4MappingFunctionsResource http://docs.amazonwebservices.com/AWSCloudFormatio n/latest/UserGuide/index.html?aws-template-resource- type-ref.html 38. Tips EC2 DB NG CloudFormation DeletionPolicyRetain "Resources" : {"myS3Bucket" : {"Type" : "AWS::S3::Bucket","DeletionPolicy" : "Retain"}} 39. Tips Tags "MyInstance" : { "Type" : "AWS::EC2::Instance", "Properties" : {"SecurityGroups" : [ { "Ref" : "MySecurityGroup" } ],"ImageId" : "ami-20b65349", "Tags" : [ { "Key" : Name", "Value" : MyInstance" } ] } } 40. Tips CloudFormation 41. Tips 42. Cloud-init 43. Cloud-initAmazonLinux UbuntuEC2userdata #! 44. Cloud-initEC2 User DataCloud-inituserdata 45. Cloud-init AMIAMI ApacheAMIOSApache userdata 16KByte 46. CloudFormation EC2UserData"MyInstance": { "Type": "AWS::EC2::Instance", "Properties": { "ImageId" : "ami-dcfa4edd", "KeyName": { "Ref" : "KeyName" }, "UserData" : { "Fn::Base64" : { "Fn::Join" : ["", ["#!/bin/bashn","log=/tmp/init.logn","apt-get update &amp;&gt;&gt; $logn","apt-get install -y ruby &amp;&gt;&gt; $logn","cd /tmpn","wget http://rubygems.org/rubygems.tgz &amp;&gt;&gt; $logn","tar zxf rubygems.tgz &amp;&gt;&gt; $logn","cd rubygemsn","ruby setup.rb --no-format-executable &amp;&gt;&gt; $logn",]]}} } 47. CloudFormation CloudFormationUserDataRef Fn::GetAttr RDSEndPointUserData "Resources" : { "MyInstance": { "Type": "AWS::EC2::Instance","Properties": { "ImageId" : "ami-dcfa4edd", "UserData" : { "Fn::Base64" : { "Fn::Join" : ["", [ "#!/bin/bashn", "cd /home/ec2-usern",{ "Fn::Join" : ["", ["echo ", {"Fn::GetAtt" : ["DBInstance", "Endpoint.Address"]} , "&gt; db.confn"]]}]]} } } }, "DBInstance" : { "Type": "AWS::RDS::DBInstance", } } 48. CloudFormation helpers 49. CloudFormation helpers EC2 AmazonLinux2011.09 /opt/aws/bin cfn-init cfn-get-metadata cfn-signal cfn-hup Python 50. cfn-initMetadata sources,packages,files,services"Resources": { "MyInstance": { "Type": "AWS::EC2::Instance", "Metadata" : {"AWS::CloudFormation::Init" : {"config" : {source,package,files,services"sources" : { : },"packages" : { : } "files" : { : }"services" : { : } } }},"Properties": { : }} 51. cfn-init sources URL Tar,zip,tar+gzip,tar+bz2"sources" : {"/etc/myapp" : "https://s3.amazonaws.com/mybucket/myapp.tar.gz"} packages Apt,yum,rubygems,python,rpm"packages" : { "yum" : {"httpd" : [],"php" : [], }, "rubygems" : {"chef" : [ "0.10.2" ],}} 52. cfn-init files "files" : { "/app/db.conf" : {"content" : { "Fn::Join" : ["", ["db.name=", {"Ref" : "DBName"}, "n","db.user=", {"Ref" : "DBUser"}, "n","db.pass=", {"Ref" : "DBPassword" },"n","db.host=", {"Fn::GetAtt" : ["DBInstance", "Endpoint.Address"]}, "n",]] },"mode" : "000644","owner" : "root","group" : "root"} S3 "/etc/myapp/myapp-init.pp" : { "source" : "https://s3.amazonaws.com/myapp/myapp-init.pp", "mode" : "100644", "owner" : "root", "group" : "wheel" } } 53. cfn-init services sysvinit"services" : { OS "sysvinit" : {"nginx" : {"enabled" : "true",cfn-init"ensureRunning" : "true","files" : ["/etc/nginx/nginx.conf"],"sources" : ["/var/www/html"]},"php-fastcgi" : {"enabled" : "true", "ensureRunning" : "true","packages" : { "yum" : ["php", "spawn-fcgi"] }}}Cfg-init 54. cfn-init cfn-init User-datacfn-init cloud-init "Properties": {"UserData" : { "Fn::Base64" : { "Fn::Join" : ["", ["#!/bin/bashn","/opt/aws/bin/cfn-init -s ", { "Ref" : "AWS::StackName" }, " -r WebServer ","--access-key ", { "Ref" : "HostKeys" },"--secret-key ", {"Fn::GetAtt": ["HostKeys", "SecretAccessKey"]},"--region ", { "Ref" : "AWS::Region" }, "n",]]}} } 55. EC2cfn-initmeta-dataInit.d cloud-init Meta-dataSources( User-dataPackages( Files(Services( cfn-init 56. https://s3.amazonaws.com/cloudformation-templates-Chef(solo)us-east-1/wordpress-via-chef-solo.template EC2cfn-initmeta-dataInit.d cloud-init Meta-data User-dataSources( Packages(rubygemchefFilescfn-init Chefchef 57. cfn-get-metadata Metadatacfn-signal WaitCondition cfn-signal cfn-hup StackUpdateAPI https://s3.amazonaws.com/cloudformation- examples/BoostrappingApplicationsWithAWSCloudFormation.pdf 58. CloudFormer 59. CloudFormer CloudFormerEC2EC2AutoScaling 60. CloudFormer https://forums.aws.amazon.com/ann.jspa?annID=10 48 OutputsURL 61. CloudFormer 62. Tips 63. AWS::CloudFormation::Stack TemplateURL"Resources" : {"WebServer" : {"Type" : "AWS::CloudFormation::Stack", "Properties" : { "TemplateURL" : https://s3.amazonaws.com/hoge.template" ]]}, "Parameters" : { "KeyName" : { "Ref" : "KeyName" }, "InstanceType" : { "Ref" : "InstanceType"}, } }, 64. Baked AMI VS CF-InitAMI VS Cloud-init+CloudFormation helpersAMIcloud-inithelper AMIAMI/ AMI+AMI/ Cloud-init+CFN OShelpersDB 65. IAM Capability CloudFormationIAM on cfn-create-stackcfn-update-stack--capalilities CAPABILITY_IAM 66. 67. CloudFormationAmazonLinuxOScloud-initcfnchefCloudFormation 68. CloudFormationAppWeb Server Server 69. Cloud Formation Samples http://aws.amazon.com/jp/cloudformation/aws- cloudformation-templates/BootstrappingApplicationsWithAWSCloudFormation https://s3.amazonaws.com/cloudformation- examples/BoostrappingApplicationsWithAWSCloudForma tion.pdfIntegrating CloudFormation with Chef https://s3.amazonaws.com/cloudformation- examples/IntegratingAWSCloudFormationWithOpscodeC hef.pdfCloudFormer https://forums.aws.amazon.com/ann.jspa?annID=1048</p>