deep dive: aws cloudformation

Download Deep Dive: AWS CloudFormation

Post on 16-Apr-2017

872 views

Category:

Technology

1 download

Embed Size (px)

TRANSCRIPT

  • Elastic Beanstalk OpsWorks CloudFormation EC2

    Convenience Control

    Higher-level services Do it yourself

  • Continuous integration for your complete stack

    Version Control Jenkins

    Test

    Live

    Amazon

    S3

    AWS

    CloudFormation

    App commit

    Infra commit

    Pull

    Deploy new

    template

    Deploy

    new app

  • Continuous integration for your complete stack

    Version Control Jenkins

    Test

    Live

    Amazon

    S3

    AWS

    CloudFormation

    App commit

    Infra commit

    Pull

    Promote new

    template

    Promote

    new app

  • "Parameters"

    "Mappings"

    "Conditions"

    "Resources"

    "Outputs"

  • create custom resources

    http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/template-custom-resources-lambda.html

  • "ImageId" : { "Fn::FindInMap" : [ "RegionMap", { "Ref" : "AWS::Region" }, "AMI" ]}

  • "Outputs" : {

    "InstancePublicDnsName" : {

    "Description" : "The public DNS name of the newly created EC2 instance",

    "Value" : { Fn::GetAtt" : [ "Ec2Instance, PublicDnsName ] }

    }

    }

  • "MountPoint" :

    {

    "Type" : "AWS::EC2::VolumeAttachment",

    "Condition" : "CreateProdResources",

    "Properties" : {

    "InstanceId" : { "Ref" : "EC2Instance" },

    "VolumeId" : { "Ref" : "NewVolume" },

    "Device" : "/dev/sdh

    }

    }

  • http://aws.amazon.com/cloudformation/aws-

    cloudformation-templates/

    http://docs.aws.amazon.com/AWSCloudFormation/latest/U

    serGuide/CHAP_TemplateQuickRef.html

    http://aws.amazon.com/cloudformation/aws-cloudformation-templates/http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/CHAP_TemplateQuickRef.html

  • https://console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks/new?stackName=lambda-etl&templateURL=https://s3.amazonaws.com/awslambda-reference-architectures/extract-transform-load/lambda_etl.templatehttps://console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks/new?stackName=lambda-etl&templateURL=https://s3.amazonaws.com/awslambda-reference-architectures/extract-transform-load/lambda_etl.template

  • "Metadata" : {

    "AWS::CloudFormation::Init" : {

    "webapp-config": {

    "packages" : {},

    "sources" : {},

    "files" : {},

    "groups" : {},

    "users" : {},

    "commands" : {},

    "services" : {}

    }

    }

    },

  • "packages" : {},

    "sources" : {},

    "files" : {},

    "groups" : {},

    "users" : {},

    "commands" : {},

    "services" : {}

  • Managing your stacks

  • Frontend Services

    E-Commerce Website

    Backend Services

    Search, Payment Gateway, Reviews, Recommendations

    Shared Services

    Common Monitoring tools, Queues

    Base Network

    VPCs, Subnets, VPNs, NATs

    Identity IAM Users, Groups, Roles

  • E-Commerce Website Recommendations Engine

    "Parameters" : {

    RecommendationsEndPoint : {

    Description : URL of the recommendations ELB,

    Type : String

    }

    },

    "Outputs" : {

    "RecommendationsEndPoint" : {

    "Description" : "URL of the recommendations ELB",

    "Value" : { Fn::GetAtt" : [ "RecommendationsELB, PublicDnsName ] }

    }

    }

  • ELB_AND_AS

    Resources : {

    ELB,

    AutoScaling

    }

    Website1

    Resources : {

    NestedStack,

    RDS

    }

    Website2

    Resources : {

    NestedStack,

    DynamoDB

    }

    Website1

    Resources : {

    ELB,

    AutoScaling,

    RDS

    }

    Website2

    Resources : {

    ELB,

    AutoScaling,

    DynamoDB

    }

  • Amazon

    Route 53

  • "UpdatePolicy" : {

    "AutoScalingRollingUpdate" : {

    "MaxBatchSize" : 2,

    "MinInstancesInService" : 2,

    "PauseTime" : PT20M

    }

    }

  • "UpdatePolicy": {

    "AutoScalingRollingUpdate": {

    "PauseTime": "PT0S",

    "MaxBatchSize": 6",

    "MinInstancesInService": "0"

    }

    }

    "UpdatePolicy": {

    "AutoScalingRollingUpdate": {

    "PauseTime": "PT15S",

    "MaxBatchSize": "2",

    "MinInstancesInService": "2"

    }

    }

  • AWS::EC2::VPC::Id

    List

    List

    AWS::EC2::KeyPair::KeyName

  • {

    "AWSTemplateFormatVersion" : "2010-09-09",

    "Resources" : {

    "myS3Bucket" : {

    "Type" : "AWS::S3::Bucket",

    "DeletionPolicy" : "Retain"

    "Properties" : {

    "BucketName" : MyBucket

    }

    }

    }

    }

    {

    "AWSTemplateFormatVersion" : "2010-09-09",

    "Resources" : {

    "myVolume" : {

    "Type":"AWS::EC2::Volume",

    "DeletionPolicy" : "Snapshot

    "Properties" : {

    "AvailabilityZone" :us-east-1a,

    "Size : 100

    }

    }

    }

    }

    MyBucket myVolume Snapshot

  • Do not update the databases

    "Effect" : "Deny",

    "Principal" : "*",

    "Action" : "Update:*",

    "Resource" : "*",

    "Condition" : {

    "StringEquals" : {

    "ResourceType : [

    "AWS::RDS::DBInstance,

    "AWS::Redshift::Cluster

    ]

    }

    }

    Okay to update, unless the update requires replacement

    "Effect" : "Deny",

    "Principal": "*",

    "Action" : "Update:Replace",

    "Resource" : "LogicalResourceId/MyInstance"

  • {

    "Version": "2012-10-17",

    "Statement": [

    {

    "Effect": Deny",

    "Action": *",

    "Resource": "*"

    },

    {

    "Effect" : Allow",

    "Action" : [

    "Action": "ec2:Describe*

    ],

    "Condition": {

    "Null": { "ec2:ResourceTag/*cloudformation*" : "true" }

    },

    "Resource" : "*"

    }

    ]

    }