Tom Maddox –

Elastic Beanstalk OpsWorks CloudFormation EC2

Convenience Control

Higher-level services Do it yourself

Continuous integration for your complete stack

Version Control Jenkins

Test

Live

Amazon

S3

AWS

CloudFormation

App commit

Infra commit

Pull

Deploy new

template

Deploy

new app

Continuous integration for your complete stack

Version Control Jenkins

Test

Live

Amazon

S3

AWS

CloudFormation

App commit

Infra commit

Pull

Promote new

template

Promote

new app

"Parameters"

"Mappings"

"Conditions"

"Resources"

"Outputs"

"Parameters" : {

“InstanceType” : {

“Description” : “The EC2 Instance Type to launch.”,

“Type” : “String”,

“AllowedValues” : [“t1.micro”, “m1.small”, “m1.medium”]

}

},

“InstanceType” : { “Ref” : “InstanceType” }

"Outputs" : {

"InstancePublicDnsName" : {

"Description" : "The public DNS name of the newly created EC2 instance",

"Value" : { ”Fn::GetAtt" : [ "Ec2Instance”, “PublicDnsName” ] }

}

}

"Environment" : {

"Description" : "Specifies if this a Dev QA or Prod Environment",

"Type" : "String",

"Default" : "Dev",

"AllowedValues" : [ "Dev", "QA", "Prod"]

},

"Conditions" : {

"ProdEnvironment" : { "Fn::Equals" : [ { "Ref" : "Environment" }, "Prod" ]}

},

"InstanceType" : { "Fn::If" : [ "ProdEnvironment", “m3.2xlarge”, “m3.medium” ] }

"Mappings" : {

"RegionMap" : {

"us-east-1" : { "32" : "ami-6411e20d", "64" : "ami-7a11e213" },

"us-west-1" : { "32" : "ami-c9c7978c", "64" : "ami-cfc7978a" },

"eu-west-1" : { "32" : "ami-37c2f643", "64" : "ami-31c2f645" },

"ap-southeast-1" : { "32" : "ami-66f28c34", "64" : "ami-60f28c32" },

"ap-northeast-1" : { "32" : "ami-9c03a89d", "64" : "ami-a003a8a1" }

}

},

"ImageId" : { "Fn::FindInMap" : [ "RegionMap", { "Ref" : "AWS::Region" }, "32"]},

http://aws.amazon.com/cloudformation/aws-cloudformation-templates/

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/CHAP_Te

mplateQuickRef.html

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/template-

reference.html

"Metadata" : {

"AWS::CloudFormation::Init" : {

"webapp-config": {

"packages" : {},

"sources" : {},

"files" : {},

"groups" : {},

"users" : {},

"commands" : {},

"services" : {}

}

}

},

"packages" : {},

"sources" : {},

"files" : {},

"groups" : {},

"users" : {},

"commands" : {},

"services" : {}

Managing your stacks

Frontend Services

• E-Commerce Website

Backend Services

• Search, Payment Gateway, Reviews, Recommendations

Shared Services

• Common Monitoring tools, Queues

Base Network

• VPCs, Subnets, VPNs, NATs

Identity • IAM Users, Groups, Roles

E-Commerce Website Recommendations Engine

"Parameters" : {

“RecommendationsEndPoint” : {

“Description” : “URL of the recommendations ELB”,

“Type” : “String”

}

},

"Outputs" : {

"RecommendationsEndPoint" : {

"Description" : "URL of the recommendations ELB",

"Value" : { ”Fn::GetAtt" : [ "RecommendationsELB”, “PublicDnsName” ] }

}

}

ELB_AND_AS

“Resources” : {

“ELB”,

“AutoScaling”

}

Website1

“Resources” : {

“NestedStack”,

“RDS”

}

Website2

“Resources” : {

“NestedStack”,

“DynamoDB”

}

Website1

“Resources” : {

“ELB”,

“AutoScaling”,

“RDS”

}

Website2

“Resources” : {

“ELB”,

“AutoScaling”,

“DynamoDB”

}

Amazon

Route 53

"UpdatePolicy" : {

"AutoScalingRollingUpdate" : {

"MaxBatchSize" : “2”,

"MinInstancesInService" : ”2”,

"PauseTime" : “PT20M”

}

}

"UpdatePolicy": {

"AutoScalingRollingUpdate": {

"PauseTime": "PT0S",

"MaxBatchSize": “6",

"MinInstancesInService": "0"

}

}

"UpdatePolicy": {

"AutoScalingRollingUpdate": {

"PauseTime": "PT15S",

"MaxBatchSize": "2",

"MinInstancesInService": "2"

}

}

AWS::EC2::VPC::Id

List<AWS::EC2::Subnet::Id>

List<AWS::EC2::SecurityGroup::Id>

AWS::EC2::KeyPair::KeyName

{

"AWSTemplateFormatVersion" : "2010-09-09",

"Resources" : {

"myS3Bucket" : {

"Type" : "AWS::S3::Bucket",

"DeletionPolicy" : "Retain"

"Properties" : {

"BucketName" : “MyBucket”

}

}

}

}

{

"AWSTemplateFormatVersion" : "2010-09-09",

"Resources" : {

"myVolume" : {

"Type":"AWS::EC2::Volume",

"DeletionPolicy" : "Snapshot”

"Properties" : {

"AvailabilityZone" :”us-east-1a”,

"Size” : “100”

}

}

}

}

MyBucket myVolume Snapshot

“Do not update the databases”

"Effect" : "Deny",

"Principal" : "*",

"Action" : "Update:*",

"Resource" : "*",

"Condition" : {

"StringEquals" : {

"ResourceType” : [

"AWS::RDS::DBInstance”,

"AWS::Redshift::Cluster”

]

}

}

“Okay to update, unless the update requires replacement”

"Effect" : "Deny",

"Principal": "*",

"Action" : "Update:Replace",

"Resource" : "LogicalResourceId/MyInstance"

{

"Version": "2012-10-17",

"Statement": [

{

"Effect": ”Deny",

"Action": “*",

"Resource": "*"

},

{

"Effect" : ”Allow",

"Action" : [

"Action": "ec2:Describe*”

],

"Condition": {

"Null": { "ec2:ResourceTag/*cloudformation*" : "true" }

},

"Resource" : "*"

}

]

}

http://tinyurl.com/pgs3mjo

http://tinyurl.com/pd86795