(APP304) AWS CloudFormation Best Practices | AWS re:Invent 2014
Post on 30-Jun-2015
2002 Views
Preview:
DESCRIPTION
Transcript
November 13, 2014 | Las Vegas, NV
Chetan Dandekar, Senior Product Manager, Amazon Web Services
Effectiveness
SafetyVisibility
Design
Templates
App code
Stacks
Iterate
Frontend Services
• Consumer Website, Seller Website, Mobile Backend
Backend Services
• Search, Payments, Reviews, Recommendations
Shared Services
• CRM DBs, Common Monitoring /Alarms, Subnets, Security Groups
Base Network
• VPCs, Internet Gateways, VPNs, NATs
Identity • IAM Users, Groups, Roles
Food Catalog website
Ordering website
Customer DB service
Inventory service
Recommendations service
Analytics service Fulfillment
service
Payment
service
Food Catalog website
Customer DB service
“Outputs” : {
“CustDBEndPoint”
}
“Parameters” : {
“CustDBEndPoint”
}
Website1
“Resources” : {“ELB”,“AutoScaling”,“RDS”
}Website2
“Resources” : {“ELB”,“AutoScaling”,“DynamoDB”
}
ELB_AND_AS
“Resources” : {“ELB”,“AutoScaling”
}
Website1
“Resources” : {“NestedStack”,“RDS”
}
Website2
“Resources” : {“NestedStack”,“DynamoDB”
}
AWS::EC2::VPC::Id
List<AWS::EC2::Subnet::Id>
List<AWS::EC2::SecurityGroup::Id>
AWS::EC2::KeyPair::KeyName
Param
validation
Stack creation workflow
App
instances
MinLength
MaxLength
AllowedPattern
User/RoleAWS
CloudFormation
Amazon EC2
Amazon RDS
AmazonElastiCache
Etc.
Permissions to call AWS
CloudFormation
Permissions to create ALL
resources specified in a template
AccountAWS
CloudFormation
Amazon EC2
Amazon RDS
ElastiCache
Etc.
# of AWS CloudFormation stacks
# of EC2 instances, total
Amazon RDS storage, etc.
Metadata
AWS::CloudFormation::Init
Declarative
Reusable
Grouping & Ordering
Debug-able
Updatable
Highly Secure
BIOT™ (Bring In Other Tools)
ow.ly/DiNCm
"packages" : {}, "sources" : {}, "files" : {}, "groups" : {}, "users" : {},"commands" : {}, "services" : {}
UserData
Get the latest
Trigger CloudFormation::Init
Signal completion
awslogs
awslogs
cfn-logs.conf
file = /var/log/cfn-init.loglog_stream_name = {instance_id}/cfn-init.log
file = /var/log/cfn-hup.loglog_stream_name = {instance_id}/cfn-hup.log
ow.ly/E0zO3
arn:aws:cloudformation:us-west-2:123456789:stack/BaseNet*
arn:aws:cloudformation:us-west-2:123456789:stack/FrontEnd*
Frontend Services
• Consumer Website, Seller Website, Mobile Backend
Backend Services
• Search, Payments, Reviews, Recommendations
Shared Services
• CRM DBs, Common Monitoring /Alarms, Subnets, Security Groups
Base Network
• VPCs, Internet Gateways, VPNs, NATs
Identity • IAM Users, Groups, Roles
{"Effect" : "Deny","Action" : [ "ec2:TerminateInstances"
],"Condition": {"Null": {
"ec2:ResourceTag/*cloudformation*" : "true" }},"Resource" : "*"
}
Description
Metadata
Comment
Faster
Cost-efficient
Simpler state and
data migration
No touching of a
working stack
Textual diff
Refs and Fn::GetAtts
No Interruption Some Interruption Replacement
IAM permissions
drift
AWS Config CloudFormer
“Do not update the databases”
"Effect" : "Deny",
"Principal" : "*",
"Action" : "Update:*",
"Resource" : "*",
"Condition" : {
"StringEquals" : {
"ResourceType" : ["AWS::RDS::DBInstance",
"AWS::Redshift::Cluster"]
}
}
“Okay to update, unless the update requires replacement”
"Effect" : "Deny",
"Principal": "*",
"Action" : "Update:Replace",
"Resource" : "LogicalResourceId/MyInstance"
ow.ly/E0Njj
security group
Auto Scaling group
EC2
instance
Elastic Load
Balancing
ElastiCache
Memcached cluster
Software pkgs,
config, & dataCloudWatch
alarmsWeb Analytics
ServiceAWS
CloudFormation
Provision
AWS Resources
“Create, Update,
Rollback, or Delete”
Worker
Amazon
SNS Topic
Stack Events
security group
Auto Scaling group
EC2
instance
Elastic Load
Balancing
ElastiCache
Memcached cluster
Software pkgs,
config, & dataCloudWatch
alarmsWeb Analytics
ServiceAWS
CloudFormation
Provision
AWS Resources
“Success” + Metadata
“Create, Update, Rollback, or Delete”
+ Metadata
ow.ly/DiSXp
https://console.aws.amazon.com/cost-reports/home?#/custom
ow.ly/E0Ny9
AWS CloudFormationIssue Tracker
App Developers
DevOps Engineers,Infrastructure Developers,
Systems Engineers
Dev Env Code Repo
App Pkgs, AWS CloudFormation Templates, Etc.
CI Server
Test
Staging
ProdCode Review
"Infra-as-Code"
App Code & Templates
http://bit.ly/awsevals
ow.ly/Ec28a ow.ly/EdMyk
top related