Advanced Infrastructure as Code: Building Modular, Dynamic AWS CloudFormation Stacks
•
4 gefällt mir•3,487 views
It was once said that a great piece of software should be able to do things its creator never anticipated. In this session, you will learn how to use AWS CloudFormation to lay the foundation for modular, reusable AWS resources, build an infrastructure service catalog, and use dynamic programming languages to control templates at scale. You will also learn about the latest tools that control AWS CloudFormation and best practices for using these tools to scale your current "infrastructure as code". Session sponsored by Logicworks.
Empfohlen
Empfohlen
Weitere ähnliche Inhalte
Andere mochten auch
Andere mochten auch (20)
Mehr von Amazon Web Services
Mehr von Amazon Web Services (20)
Kürzlich hochgeladen
Kürzlich hochgeladen (20)
Advanced Infrastructure as Code: Building Modular, Dynamic AWS CloudFormation Stacks
- 1. Advanced Infrastructure as Code Building Dynamic, Modular AWS CloudFormation Stacks Thomas “T-Rex” Rectenwald Senior Systems Engineer, DevOps Logicworks www.logicworks.net ©2016 Logicworks. All Rights Reserved.
- 2. About Logicworks We design, build, automate, and manage cloud infrastructure for enterprise IT. Cloud Strategy & Migration Managed Cloud Cloud Security DevOps Automation ©2016 Logicworks. All Rights Reserved. 2
- 3. The days when IT managed monolithic, infrequently modified systems are long gone. ©2014 Logicworks. All Rights Reserved. 3
- 4. How to efficiently manage multiple stacks? Manage infrastructure as code. ©2014 Logicworks. All Rights Reserved. 4
- 5. What is Infrastructure as Code? ©2016 Logicworks. All Rights Reserved. 5 ✗✔ • State machine • Versioned • Essential part of deployment process • One-off • Just a quick way to script an environment
- 6. IaC is young AWS CloudFormation is awesome but unforgiving Risk of over-engineering and assuming a perfect world IaC implemented incorrectly can be dangerous Stack Anarchy ©2016 Logicworks. All Rights Reserved. 6
- 7. Agenda ©2016 Logicworks. All Rights Reserved. 7 ① AWS CloudFormationFundamentals ② Advanced Best Practices ▪ Stack Organization ▪ Naming Conventions ▪ Blast Radius ③ Creating a ServiceCatalog ④ Dynamic AWS CloudFormation & Beyond
- 8. Build network foundation Configure gateways and access points Install management services, like Puppet Allocate Amazon S3buckets Attach encrypted volumes Control and manage access though AWS Identity & Access Management (IAM) Register DNS names with Amazon Route 53 Configure logshipping and retention ① AWS CloudFormation Fundamentals ©2016 Logicworks. All Rights Reserved. 8 WHAT CLOUDFORMATION DOES:
- 9. ② Best Practices: Stack Organization ©2016 Logicworks. All Rights Reserved. 9 QA Stage Production ASGs Security Groups Layered Architecture Instances ELBs Various Substacks
- 10. ② Best Practices: Stack Organization ©2016 Logicworks. All Rights Reserved. 10 Instances, ASGs, ELBs, etc. Service Oriented Architecture Networks (VPCs, routes, subnets, etc.) Security Groups IAM (Global Resource)
- 11. ② Best Practices: Naming Conventions ©2016 Logicworks. All Rights Reserved. 11
- 12. ② Best Practices: Stack Organization QA ©2016 Logicworks. All Rights Reserved. 12 Stage Production ASGs Security Groups Instances ELBs Various Substacks✗ Layered Architecture
- 13. ② Best Practices: Stack Organization ASGs Security Groups Instances ELBs Various Substacks✗ Q✗A S✗tag e Prod✗uction Layered Architecture ©2016 Logicworks. All Rights Reserved. 13
- 14. ② Best Practices: Blast Radius Instances, ©2016 Logicworks. All Rights Reserved. 14 ASGs, ELBs, etc. Networks (VPCs, routes, subnets, etc.) Security Groups IAM (Global Resource)✗ Service Oriented Architecture
- 15. ③ Service Catalog High Performance Multi-Region PCI Compliant Template Security/Compliance Low Cost Non-Compliant Development Template Performance / Availability AWS Service Catalog ©2016 Logicworks. All Rights Reserved. 15
- 16. (Isn’t it time we stopped worrying about this stuff?) ③ Service Catalog: Too Much to Manage? Route Tables ©2016 Logicworks. All Rights Reserved. 16 Load Balancers Security Groups VPCs Subnets Access Policies S3 Bucket Policies IAM Roles DR Instances
- 17. ③ Service Catalog: Framework ©2016 Logicworks. All Rights Reserved. 17 AWS CloudFormation is the right medium, but is it the righttool? What you really need: a framework
- 18. ④ Dynamic CloudFormation: Troposphere The Goal: Generate JSON, do not develop in it. • Use a real programming language not a dataformat • Enjoy variables, libraries, easy integration into CI/CD • Infrastructure as an Application ©2016 Logicworks. All Rights Reserved. 18
- 19. Troposphere Demo ©2016 Logicworks. All Rights Reserved. 19
- 20. ④ Dynamic CloudFormation: SparkleFormation ©2016 Logicworks. All Rights Reserved. 20
- 21. ④ Dynamic CloudFormation: “Beyond” AWS CloudFormation ©2016 Logicworks. All Rights Reserved. 21
- 22. The Big Picture: Dynamic CloudFormation Static Templates Dynamic Program Instruction Function-Based Programming </HTML> AWS CloudFormation SparkleFormation Troposphere AWS Lambda ©2016 Logicworks. All Rights Reserved. 22
- 23. 1. Build templates, not snowflakes 2. Create central management & governance by making templates available in self-service fashion to productteams 3. Investigate new, more flexible abstraction layers to manage multiple templates ©2016 Logicworks. All Rights Reserved. 23 Summary: What to Do Now
- 24. Questions? ©2015 Logicworks. All Rights Reserved. Thomas “T-Rex” Rectenwald Logicworks www.logicworks.net Visit Logicworks’ Booth #433 for more information on AWS Managed Services