advanced infrastructure as code: building modular, dynamic aws cloudformation stacks

Advanced Infrastructure as CodeBuilding Dynamic, Modular AWS CloudFormation Stacks

Thomas “T-Rex” RectenwaldSenior Systems Engineer, DevOpsLogicworks

www.logicworks.net

©2016 Logicworks. All Rights Reserved.

http://www.logicworks.net/

About Logicworks

We design, build, automate, and manage cloud infrastructure for enterprise IT.

Cloud Strategy & Migration

Managed Cloud

Cloud Security

DevOps Automation

©2016 Logicworks. All Rights Reserved. 2

The days when IT managed monolithic, infrequently modified

systems are long gone.


How to efficiently manage multiple stacks?

Manage infrastructure as code.


What is Infrastructure as Code?


✗✔• State machine• Versioned• Essential part of

deployment process

• One-off• Just a quick way

to script an environment

IaC is youngAWS CloudFormation is awesome but unforgivingRisk of over-engineering and assuming a perfect worldIaC implemented incorrectly can be dangerous

Stack Anarchy


Agenda


① AWS CloudFormationFundamentals② Advanced Best Practices

▪ Stack Organization▪ Naming Conventions▪ Blast Radius

③ Creating a ServiceCatalog④Dynamic AWS CloudFormation & Beyond

Build network foundationConfigure gateways and access points

Install management services, like Puppet

Allocate Amazon S3buckets

Attach encrypted volumesControl and manage access though AWS Identity & Access

Management (IAM)

Register DNS names with Amazon Route 53

Configure logshipping and retention

① AWS CloudFormation Fundamentals


WHAT CLOUDFORMATION DOES:

② Best Practices: Stack Organization


QA Stage Production

ASGs

Security Groups

Layered Architecture

Instances ELBsVarious

Substacks



Instances, ASGs, ELBs,

etc.

Service Oriented Architecture

Networks(VPCs, routes, subnets, etc.)

Security Groups

IAM(Global

Resource)

② Best Practices: Naming Conventions



QA


Stage Production

ASGs

Security Groups


Substacks✗Layered Architecture


ASGs

Security Groups


Substacks✗Q✗A

S✗tag

e

Prod✗uction

Layered Architecture


② Best Practices: Blast Radius

Instances,


ASGs, ELBs,etc.

Networks(VPCs, routes, subnets, etc.)

Security Groups

IAM(Global

Resource)✗Service Oriented Architecture

③ Service Catalog

High Performance Multi-Region

PCI Compliant Template

Secu

rity

/Co

mpl

ianc

e

Low Cost Non-Compliant

Development Template

Performance / Availability

AWS Service Catalog


(Isn’t it time we stopped worrying about this stuff?)

③ Service Catalog: Too Much to Manage?

Route Tables


Load Balancers

Security Groups

VPCs

Subnets

Access Policies

S3 Bucket Policies

IAMRoles

DRInstances

③ Service Catalog: Framework


AWS CloudFormation is the right medium,

but is it the righttool?

What you really need:a framework

④ Dynamic CloudFormation: Troposphere

The Goal: Generate JSON, do not develop in it.

• Use a real programming language not a data format

• Enjoy variables, libraries, easy integration into CI/CD

• Infrastructure as an Application


Troposphere Demo


④ Dynamic CloudFormation: SparkleFormation


④ Dynamic CloudFormation: “Beyond”

AWS CloudFormation


The Big Picture: Dynamic CloudFormation

Static Templates

Dynamic Program Instruction

Function-Based Programming

</HTML>

AWSCloudFormation

SparkleFormation Troposphere AWS Lambda


1. Build templates, not snowflakes2. Create central management & governance by making

templates available in self-service fashion to product teams3. Investigate new, more flexible abstraction layers to manage

multiple templates


Summary: What to Do Now

Questions?

©2015 Logicworks. All Rights Reserved.

Thomas “T-Rex” Rectenwald Logicworks www.logicworks.net

Visit Logicworks’ Booth #433 for more information on AWS Managed Services

http://www.logicworks.net/

advanced infrastructure as code: building modular, dynamic aws cloudformation stacks

Technology