Infrastructure as code with

AWS CloudFormation

PyMunich 2016

Justyna Janczyszyn (JJ)

@JJanczyszyn

software engineer at 10Clouds

CHALLENGES

4 PyMunich 2016@JJanczyszyn

https://github.com/tramwaj29/infrastructure-as-code

5 PyMunich 2016@JJanczyszyn

https://github.com/tramwaj29/infrastructure-as-code

6 PyMunich 2016@JJanczyszyn

https://github.com/tramwaj29/infrastructure-as-code

7 PyMunich 2016@JJanczyszyn

https://github.com/tramwaj29/infrastructure-as-code

8 PyMunich 2016@JJanczyszyn

https://github.com/tramwaj29/infrastructure-as-code

9 PyMunich 2016@JJanczyszyn

https://github.com/tramwaj29/infrastructure-as-code

Image taken from: Infrastructure as Code by Kief Morris

10 PyMunich 2016@JJanczyszyn

https://github.com/tramwaj29/infrastructure-as-code

11 PyMunich 2016@JJanczyszyn

https://github.com/tramwaj29/infrastructure-as-code

Infrastructure as code principles and practices to the rescue!

12 PyMunich 2016@JJanczyszyn

https://github.com/tramwaj29/infrastructure-as-code

Any element of infrastructure should be easily reproducible

13 PyMunich 2016@JJanczyszyn

https://github.com/tramwaj29/infrastructure-as-code

Infrastructure as Code by Kief Morris

Systems should be consistent

14 PyMunich 2016@JJanczyszyn

https://github.com/tramwaj29/infrastructure-as-code

Infrastructure as Code by Kief Morris

Processes should be repeatable

15 PyMunich 2016@JJanczyszyn

https://github.com/tramwaj29/infrastructure-as-code

Infrastructure as Code by Kief Morris

Design is always changing

16 PyMunich 2016@JJanczyszyn

https://github.com/tramwaj29/infrastructure-as-code

Infrastructure as Code by Kief Morris

Practices

17 PyMunich 2016@JJanczyszyn

https://github.com/tramwaj29/infrastructure-as-code

• Use Definition files • Self-documented systems and processes • Version all the things • Continuously test the systems and processes • Small changes rather than batches • Services available continuously

Infrastructure as Code by Kief Morris

CloudFormation

18 PyMunich 2016@JJanczyszyn

https://github.com/tramwaj29/infrastructure-as-code

19 PyMunich 2016@JJanczyszyn

https://github.com/tramwaj29/infrastructure-as-code

20 PyMunich 2016@JJanczyszyn

https://github.com/tramwaj29/infrastructure-as-code

Image taken from http://fbrnc.net/blog/2016/05/green-blue-deployments-with-aws-lambda-and-cloudformation

Creating a stack

21 PyMunich 2016@JJanczyszyn

https://github.com/tramwaj29/infrastructure-as-code

aws cloudformation create-stack --stack-name demo-iac

--template-body file://Template.yaml --parameters file://Params.json

--capabilities CAPABILITY_NAMED_IAM --region eu-west-1;

23 PyMunich 2016@JJanczyszyn

https://github.com/tramwaj29/infrastructure-as-code

24 PyMunich 2016@JJanczyszyn

https://github.com/tramwaj29/infrastructure-as-code

25 PyMunich 2016@JJanczyszyn

https://github.com/tramwaj29/infrastructure-as-code

26 PyMunich 2016@JJanczyszyn

https://github.com/tramwaj29/infrastructure-as-code

aws cloudformation describe-stacks --stack-name demo-iac

Describe a stack

Delete a stack

28 PyMunich 2016@JJanczyszyn

https://github.com/tramwaj29/infrastructure-as-code

aws cloudformation delete-stack —stack-name demo-iac

Change Sets

29 PyMunich 2016@JJanczyszyn

https://github.com/tramwaj29/infrastructure-as-code

https://aws.amazon.com/blogs/aws/new-change-sets-for-aws-cloudformation/

https://aws.amazon.com/blogs/aws/new-change-sets-for-aws-cloudformation/

aws cloudformation estimate-template-cost --template-body file://Template.yaml

--parameters file://Params.json;

31 PyMunich 2016@JJanczyszyn

https://github.com/tramwaj29/infrastructure-as-code

Cost estimation

32 PyMunich 2016@JJanczyszyn

https://github.com/tramwaj29/infrastructure-as-code

33 PyMunich 2016@JJanczyszyn

https://github.com/tramwaj29/infrastructure-as-code

Best Practices

34 PyMunich 2016@JJanczyszyn

https://github.com/tramwaj29/infrastructure-as-code

Planning and organizing

• organize stacks by lifecycle and ownership • reuse templetes for various environments • use nested stacks

35 PyMunich 2016@JJanczyszyn

https://github.com/tramwaj29/infrastructure-as-code

Creating templates• don’t embed credentials in templates • validate templates before using them • use parameter constraints

36 PyMunich 2016@JJanczyszyn

https://github.com/tramwaj29/infrastructure-as-code

Managing stacks

• use stack policies • use change sets • manage all stack resources through cloudformation • use code reviews and revision for your templates

Ready to use templates

37 PyMunich 2016@JJanczyszyn

https://github.com/tramwaj29/infrastructure-as-code

• https://github.com/awslabs/aws-cloudformation-templates

• https://github.com/widdix/aws-cf-templates

Library to create AWS CloudFormation descriptions

38 PyMunich 2016@JJanczyszyn

https://github.com/tramwaj29/infrastructure-as-code

• https://github.com/cloudtools/troposphere

Other resources

39 PyMunich 2016@JJanczyszyn

https://github.com/tramwaj29/infrastructure-as-code

• Infrastructure as Code by Kief Morris

http://infrastructure-as-code.com/

• Martin Fowler’s Infrastructure as Code at YOW! 2016:

https://www.youtube.com/watch?v=ueAef9tNUck

http://martinfowler.com/bliki/InfrastructureAsCode.html

• Great blog on AWS:

https://cloudonaut.io/

Step by step automate all

40 PyMunich 2016@JJanczyszyn

https://github.com/tramwaj29/infrastructure-as-code