S U M M I TB e r l i n

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

Boost Your AWS Infrastructure

Philipp Garbe @pgarbe

AWS Container HeroScout24

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

Agenda

Infrastructure as Code

Limits of CloudFormation

What is the CDK?

Boost!

S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

“The enabling idea of infrastructure as code is that the systems and devices which are used to run software can be treated as if they, themselves, are software.”

Kief Morris, Author, Cloud Specialist @kief

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

IaC Ecosystem

Libraries/API

ConfigurationManagement

Configuration Files

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

CloudFormation Options

Declarative Imperative

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

Declarative vs ImperativeDeclarativeIs about „what“

• Easy to get started• Limitations

ImperativeIs about „how“

• More advanced (languageshould be known)

• More flexibility (tooling, language constructs)

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

CloudFormation Programming OptionsDeclarative

• Basic YAML/JSON• Basic Transforms

• Include• SAM

• Advanced Transforms• Macros• Others: Jinja/Mustache

Imperative

• CDK• Troposphere• SparkleFormation• GoFormation• …

At the end it‘s always basic YAML/JSON (no direct API calls)

S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

Challenges

Time

TrustSecurity

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

Can Become Complex• Often, many resources for a single „job“

• Needs to be maintained

• Refactoring is difficult / impossible

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

Copy & Paste• Start from scratch

• Copy existing templates

• Copy snippets

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

Trust• Who wrote the snippet?

• Is something missing?

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

Align on Best Practices• How can best practices be shared?

• Example: IAM Permission

• AWS Docs is just a reference, no best practices

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

Updates• Security Fixes

• Improvements

S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

• Imperative approach• Supported Languages:

JavaScript, TypeScript, Java and .NET (more coming…)

• Currently in Beta

Cloud Development Kit

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

Cloud Development KitApps

• Executable program• Used to render and deploy cfn

templates

Stacks• Deployable unit• Knows about region and account

Constructs• Representations of AWS resources• Can form a hierarchical tree structure

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

Cloud Development Kit

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

3 Levels of Constructs

Level 1: CloudFormation Resources• One-to-one mapping of existing resources• Autogenerated based on „AWS Resource Types Reference“

Level 2: AWS Construct Library• On a AWS Service Level• Opinionated, well-architected, hand-writte• Community

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

3 Levels of Constructs

Level 3: Your awesome stuff• Create production ready services

• Typical alarms• Backup and restore

• Build re-usable solutions• todo: examples

S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

Leverage Level 2 Constructs• Lot of standard use cases

• Sane defaults

• IAM permissions included

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

Share your Level 3 Constructs• Build re-usable constructs as CDK Libs

• Publish them with existing package manager (like npm)

• Use libs as part of your CDK Apps

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

CDK Libs

Trust

TimeSecurity

S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

CDK …• a imperative way to use CloudFormation

• available for your favorite programming language

• can safe your time• No need to start from scratch• Re-use shared constructs

• makes it easy to align on best practices• Leverage Level 2 constructs• Share your own constructs within your company or community

• keeps you secure

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

Good to know!• Beta

• Breaking changes• Level 2 Constructs don’t exist for every AWS service• No Tag support (#932 and #1516)

• CloudFormation Limits still exist• E.g. 200 resource per stack• Not that obvious anymore

• Language support• Only TypeScript constructs can be compiled in different languages

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T

And much more• Unit-Testing• Compile into multiple languages• …

Get your hands dirty:• https://cdkworkshop.com• https://github.com/awslabs/aws-cdk• https://awslabs.github.io/aws-cdk/

Thank you!

S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Philipp Garbe@pgarbe

S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Slide Number 1Boost Your AWS InfrastructureSlide Number 3Slide Number 4Slide Number 5Slide Number 6AgendaInfrastructure as Code (IaC)“The enabling idea of infrastructure as code is that the systems and devices �which are used to run software �can be treated as if they, themselves, �are software.”IaC EcosystemCloudFormation OptionsDeclarative vs ImperativeCloudFormation Programming OptionsLimits of CloudFormationChallengesCan Become ComplexCopy & PasteTrustAlign on Best PracticesUpdatesWhat is the CDK?Cloud Development KitCloud Development KitCloud Development Kit3 Levels of Constructs3 Levels of ConstructsDemoBoost!!Leverage Level 2 ConstructsShare your Level 3 ConstructsSlide Number 31Wrapping up!CDK …Good to know!And much moreSlide Number 36Slide Number 37Slide Number 38