programando sua infraestrutura com o aws cloudformation

Download Programando sua infraestrutura com o AWS CloudFormation

Post on 10-May-2015

1.163 views

Category:

Technology

9 download

Embed Size (px)

DESCRIPTION

Programando sua infraestrutura com o AWS CloudFormation, por Michel Pereir, Solutions Architect da AWS.

TRANSCRIPT

  • 1.AWS CloudFormation Michel Pereira Solutions Architect michelp@amazon.com

2. AWS CloudFormation AWS CloudFormation d aos desenvolvedores e administradores de sistemas uma maneira fcil de criar e gerenciar recursos da AWS, provisionando e atualizando a infra-estrutura de uma maneira ordenada e previsvel. 3. AWS CloudFormationTemplates para descrever os recursos da AWS e qualquer dependncia relacionada ou parmetros requiridos para executar a sua aplicao 4. AWS CloudFormationVoc no precisa descobrir a ordem em qual os servios precisam ser provisionados ou como fazer essas dependncias funcionarem. 5. AWS CloudFormation Uma vez executado, voc pode modificar e atualizar os recursos de uma maneira controlada e previsvel, permitido voc versionar a sua infraestrutura do mesmo jeito que voc faz com o seu cdigo 6. AWS CloudFormationAWS CloudFormation gratuito e voc s paga pelos recursos que sero utilizados pelo seu aplicativo. 7. AWS CloudFormation Templates que descrevem os recursos da AWS Modifique e atualize os seus recursos AWS de uma maneira controlada e previsvel. Tenha controle de verso da sua infraestrutura na AWS 8. AWS CloudFormation 9. Anatomia de um template 10. JSON 11. Perfeito para controle de versoTexto puroJSON Pode ser validado 12. Linguagem declarativa 13. {"AWSTemplateFormatVersion" : "2010-09-09", "Description" : "AWS CloudFormation Sample Template EC2InstanceSample: Create an Amazon EC2 instance running the Amazon Linux AMI. The AMI is chosen based on the region in which the stack is run. This example uses the default security group, so to SSH to the new instance using the KeyPair you enter, you will need to have port 22 open in your default security group. **WARNING** This template an Amazon EC2 instances. You will be billed for the AWS resources used if you create a stack from this template.", "Parameters" : { "KeyName" : { "Description" : "Name of an existing EC2 KeyPair to enable SSH access to the instance", "Type" : "String" } }, "Mappings" : { "RegionMap" : { "us-east-1" : { "AMI" : "ami-7f418316" }, "us-west-1" : { "AMI" : "ami-951945d0" }, "us-west-2" : { "AMI" : "ami-16fd7026" }, "eu-west-1" : { "AMI" : "ami-24506250" }, "sa-east-1" : { "AMI" : "ami-3e3be423" }, "ap-southeast-1" : { "AMI" : "ami-74dda626" }, "ap-northeast-1" : { "AMI" : "ami-dcfa4edd" } } }, "Resources" : { "Ec2Instance" : { "Type" : "AWS::EC2::Instance", "Properties" : { "KeyName" : { "Ref" : "KeyName" }, "ImageId" : { "Fn::FindInMap" : [ "RegionMap", { "Ref" : "AWS::Region" }, "AMI" ]}, "UserData" : { "Fn::Base64" : "80" } } } }, "Outputs" : { "InstanceId" : { "Description" : "InstanceId of the newly created EC2 instance", "Value" : { "Ref" : "Ec2Instance" } }, "AZ" : { "Description" : "Availability Zone of the newly created EC2 instance", "Value" : { "Fn::GetAtt" : [ "Ec2Instance", "AvailabilityZone" ] } }, 14. "AWSTemplateFormatVersion" : "2010-09-09", "Description" : "AWS CloudFormation Sample Template EC2InstanceSample: Create an Amazon EC2 instance running the Amazon Linux AMI. The AMI is chosen based on the region in which the stack is run. This example uses the default security group, so to SSH to the new instance using the KeyPair you enter, you will need to have port 22 open in your default security group. **WARNING** This template an Amazon EC2 instances. You will be billed for the AWS resources used if you create a stack from this template.", "Parameters" : { "KeyName" : { "Description" : "Name of an existing EC2 KeyPair to enable SSH access to the instance", "Type" : "String" } }, "Mappings" : { "RegionMap" : { "us-east-1" : { "AMI" : "ami-7f418316" }, "us-west-1" : { "AMI" : "ami-951945d0" }, "us-west-2" : { "AMI" : "ami-16fd7026" }, "eu-west-1" : { "AMI" : "ami-24506250" }, "sa-east-1" : { "AMI" : "ami-3e3be423" }, "ap-southeast-1" : { "AMI" : "ami-74dda626" }, "ap-northeast-1" : { "AMI" : "ami-dcfa4edd" } } },ParmetrosMapeamentos"Resources" : { "Ec2Instance" : { "Type" : "AWS::EC2::Instance", "Properties" : { "KeyName" : { "Ref" : "KeyName" }, "ImageId" : { "Fn::FindInMap" : [ "RegionMap", { "Ref" : "AWS::Region" }, "AMI" ]}, "UserData" : { "Fn::Base64" : "80" } } } }, "Outputs" : { "InstanceId" : { "Description" : "InstanceId of the newly created EC2 instance", "Value" : { "Ref" : "Ec2Instance" } }, "AZ" : { "Description" : "Availability Zone of the newly created EC2 instance", "Value" : { "Fn::GetAtt" : [ "Ec2Instance", "AvailabilityZone" ] } }, ..RecursosSadasCabealho 15. Parmetros Configuraes em tempo de provisionamento 16. Mapeamentos Condies 17. Recursos 18. KeyName : { Ref : KeyName }, 19. ImageId : { Fn::FindInMap : [ RegionMap, { Ref : AWS::Region }, AMI ] }, 20. ImageId : { Fn::FindInMap : [ RegionMap, { Ref : AWS::Region }, AMI ] }, 21. ImageId : { Fn::FindInMap : [ RegionMap, { Ref : AWS::Region }, AMI ] }, 22. Sadas 23. AWS CloudFormation Recursos: Quase todos os servios AWS O que est faltando (at agora)? Amazon Elastic MapReduce (EMR) Amazon Simple Workflow Service (SWF) Amazon Simple Email Service (SES) Amazon Glacier Amazon CloudSearch Pequenas novidades de outros servios ainda no implementadas 24. AWS CloudFormation Recursos Amazon Elastic Compute Cloud (EC2): { "Type" : "AWS::EC2::Instance", "Properties" : { "AvailabilityZone" : String, "DisableApiTermination" : Boolean, "EbsOptimized" : Boolean, "IamInstanceProfile" : String, "ImageId" : String, "InstanceType" : String, 25. AWS CloudFormation Recursos Amazon EC2: "KernelId" : String, "KeyName" : String, "Monitoring" : Boolean, "PlacementGroupName" : String, "PrivateIpAddress" : String, "RamdiskId" : String, "SecurityGroupIds" : [ String, ... ], "SecurityGroups" : [ String, ... ], 26. AWS CloudFormation Recursos Amazon EC2:"SourceDestCheck" : Boolean, "SubnetId" : String, "Tags" : [ EC2 Tag, ... ], "Tenancy" : String, "UserData" : String, "Volumes" : [ EC2 MountPoint, ... ] } } 27. AWS CloudFormationMETADATA 28. AWS CloudFormation Use AWS::CloudFormation::Init com cfn-init para ajudar a fazer o bootstrap das instncias: "Metadata": { "AWS::CloudFormation::Init" : { "config" : { "packages" : { }, "sources" : { }, "commands" : { }, "files" : { }, "services" : { }, "users" : { }, "groups" : { } } } 29. AWS CloudFormation Instale pacotes com a ferramenta nativa de gerenciamento de pacotes: ServerHost" : { "Type" : "AWS::EC2::Instance", "Metadata" : { "AWS:CloudFormation::Init" : { "config" : { "packages" : { "yum" : { "gcc" : [], "gcc-c++" : [], "make" : [], "automake" : [], 30. AWS CloudFormation Configure arquivos:"/home/ec2-user/.s3cfg": { "content": { "Fn::Join": [ "", [ "[default]","n", "access_key = ", { "Ref": "CFNKeys"}, "n", "secret_key = ", { "Fn::GetAtt": [ "CFNKeys", "SecretAccessKey" ]}, "n" ] ] }, "group": "ec2-user", "mode": "000600", "owner": "ec2-user" }, 31. AWS CloudFormation Publique cdigo de tar, tar+gzip, tar+bz2 and zip. At Github!: "AWS::CloudFormation::Init" : { "config" : { "sources" : { "/var/www/html" : "https://s3.amazonaws.com/cloudformationexamples/CloudFormationPHPSample.zip" } } } 32. AWS CloudFormation Ligue servios dentro do host: "services" : { "sysvinit" : { "nginx" : { "enabled" : "true", "ensureRunning" : "true", "files" : ["/etc/nginx/nginx.conf"], "sources" : ["/var/www/html"] }, "sendmail" : { "enabled" : "false", "ensureRunning" : "false" } } } 33. AWS CloudFormation Recursos Amazon RDS: "MyDB" : { "Type" : "AWS::RDS::DBInstance", "Properties" : { "DBName" : { "Ref" : "DBName" }, "AllocatedStorage" : { "Ref" : "DBAllocatedStorage" }, "DBInstanceClass" : { "Ref" : "DBClass" }, "Engine" : "MySQL", "EngineVersion" : "5.5", "MasterUsername" : { "Ref" : "DBUsername" } , "MasterUserPassword" : { "Ref" : "DBPassword" }, "DBSubnetGroupName" : { "Ref" : "MyDBSubnetGroup" }, "DBSecurityGroups" : [ { "Ref" : "MyDBSecurityGroup" } ] } } 34. AWS CloudFormation Recursos Amazon RDS: "Parameters" : { "DBName": { "Default": "MyDatabase", "Description" : "The database name", "Type": "String", "MinLength": "1", "MaxLength": "64", "AllowedPattern" : "[a-zA-Z][a-zA-Z0-9]*", "ConstraintDescription" : "must begin with a letter and contain only alphanumeric characters." }, "DBUsername": { "Default": "admin", "NoEcho": "true", "Description" : "The database admin account username", "Type": "String", "MinLength": "1", "MaxLength": "16", "AllowedPattern" : "[a-zA-Z][a-zA-Z0-9]*", "ConstraintDescription" : "must begin with a letter and contain only alphanumeric characters." }, 35. AWS CloudFormation Recursos security groups: "ControllerSecurityGroup": { "Type": "AWS::EC2::SecurityGroup", "Properties": { "GroupDescription": "Enable SSH access", "SecurityGroupIngress": [ { "IpProtocol": "tcp", "FromPort": "22", "ToPort": "22", "CidrIp": "0.0.0.0/0" } ] } } In VPC? Add in: "VpcId" : { "Ref" : " }, 36. AWS CloudFormation Recursos Amazon Virtual Private Cloud (VPC): MyVPC" : { "Type" : "AWS::EC2::VPC", "Properties" : { "CidrBlock" : "192.168.0.0/16 } } 37. AWS CloudFormation Recursos Amazon VPC (continued): "PublicSubnet" : { "Type" : "AWS::EC2::Subnet", "Properties" : { "VpcId" : { "Ref" : MyVPC" }, "CidrBlock" : "192.168.1.0/24" } }, 38. AWS CloudFormation Recursos Amazon VPC (continued): "InternetGateway" : { "Type" : "AWS::EC2::InternetGateway", "Properties" : { } }, "AttachGateway" : { "Type" : "AWS::EC2::VPCGatewayAttachment", "Properties" : { "VpcId" : { "Ref" : MyVPC" }, "InternetGatewayId" : { "Ref" : "InternetGateway" } } }, 39. AWS CloudFormation Recursos Amazon VPC(continued): "PublicRouteTable" : { "Type" : "AWS::EC2::RouteTable", "Properties" : { "VpcId" : {"Ref" : MyVPC"}, } },"PublicRoute" : { "Type" : "AWS::EC2::Route", "Properties" : { "RouteTableId" : { "Ref" : "PublicRouteTable" }, "DestinationCidrBlock" : "0.0.0.0/0", "GatewayId" : { "Ref" : "InternetGateway" } } },"PublicSubnetRouteTableAssociation" : { "Type" : "AWS::EC2::SubnetRouteTableAssociation", "Properties" : { "SubnetId" : { "Ref" : "PublicSubnet" }, "RouteTableId" : { "Ref" : "PublicRouteTable" } } 40.