This document discusses automating infrastructure deployment with AWS CloudFormation and OpsWorks. It covers topics like repeatable deployments, treating infrastructure as code, deploying different environments, updating stacks, and expanding the use of CloudFormation through multiple templates and nested stacks.
3. • Repeatable deployments
• Versioned Infrastructure as code
• Use-case specific deployments
• Management at scale
• Application automation
Why treat your infrastructure as code?
4. • Repeatable deployments
• Versioned Infrastructure as code
• Use-case specific deployments
• Management at scale
• Application automation
A love story
5. A Simple Wordpress deployment with CloudFormation
Users
Web Server RDS Database
security group security group
26. • Modify existing template
• Or create a new one
– Ensure all resources are present
• Infrastructure as Code:
– Store in version control
– Store with your code
– Git, Subversion, etc
Update your template, apply it to the stack
"Resources" : {
"BrandNewDNSrecord" : {
"Type" : "AWS::Route53::RecordSet",
"Properties" : {
"Comment" : "Demo for Summit 2015",
"HostedZoneId" : "ABC123BUZZY",
"Name" : "summit.buzzy.geek.nz.",
"TTL" : "60",
"Type" : "A"
}
}
}
36. The love story so far...
• Repeatable deployments
• Versioned Infrastructure as code
37. Deploying different environments
• Multiple similar environments
– Production
– Test, Development
– Multiple AWS regions
• Avoid becoming a template factory
– Fewer, more adaptable templates
38. Example: Production or Dev?
stack
Auto Scaling
stack
Elastic Load
Balancing
template
Prod
Dev
Web Server
security group
RDS Database
security group security group
Instances
RDS Database
security group
39. • A parameter to specify
the kind of stack
Parameters and Conditions
"Parameters" : {
"EnvironmentType" : {
"Description" : "Production or Development environment",
"AllowedValues" : [ "Prod", "Dev" ],
"ConstraintDescription" : "Must be Prod or Dev"
}
"Conditions" : {
"UseProdCondition" : {
"Fn::Equals" : [{"Ref" : "EnvironmentType"}, "Prod"]
},
"UseDevCondition" : {
"Fn::Equals" : [{"Ref" : "EnvironmentType"}, "Dev"]
}
"Resources": {
"WebServer": {
"Type": "AWS::EC2::Instance",
"Condition": "useDevCondition",
},
40. • A parameter to specify
the kind of stack
• Conditions that will be
evaluated
Parameters and Conditions
"Parameters" : {
"EnvironmentType" : {
"Description" : "Production or Development environment",
"AllowedValues" : [ "Prod", "Dev" ],
"ConstraintDescription" : "Must be Prod or Dev"
}
"Conditions" : {
"UseProdCondition" : {
"Fn::Equals" : [{"Ref" : "EnvironmentType"}, "Prod"]
},
"UseDevCondition" : {
"Fn::Equals" : [{"Ref" : "EnvironmentType"}, "Dev"]
}
"Resources": {
"WebServer": {
"Type": "AWS::EC2::Instance",
"Condition": "UseDevCondition",
},
41. • A parameter to specify
the kind of stack
• Conditions that will be
evaluated
• Determines whether a
resource or property
should be created
Parameters and Conditions
"Parameters" : {
"EnvironmentType" : {
"Description" : "Production or Development environment",
"AllowedValues" : [ "Prod", "Dev" ],
"ConstraintDescription" : "Must be Prod or Dev"
}
"Conditions" : {
"UseProdCondition" : {
"Fn::Equals" : [{"Ref" : "EnvironmentType"}, "Prod"]
},
"UseDevCondition" : {
"Fn::Equals" : [{"Ref" : "EnvironmentType"}, "Dev"]
}
"Resources": {
"WebServer": {
"Type": "AWS::EC2::Instance",
"Condition": "UseDevCondition",
},
42. Example: Production or Dev?
stack
Auto Scaling
stack
Elastic Load
Balancing
template
Web Server
security group
RDS Database
security group security group
Instances
Parameter:
Prod or Dev
RDS Database
security group
43. • Logic about how a
resource will be created
Mappings
"Parameters" : {
"EnvironmentType" : {
"Description" : "Production or Development environment",
"AllowedValues" : [ "Prod", "Dev" ],
"ConstraintDescription" : "Must be Prod or Dev"
},
"Mappings" : {
"SourceAMI" : {
"Prod" : { "ap-southeast-1" : "ami-d34db33f", "us-east-1" : "ami-12345678" },
"Dev" : { "ap-southeast-1" : "ami-d5f8fc0d", "us-east-1" : "ami-b6c63d8f" }
}
}
"Resources": {
"WebServer": {
"ImageID" : { "Fn::FindInMap" : [ "SourceAMI", { "Ref" : "EnvironmentType" },
{ "Ref" : "AWS::Region" ] }
48. The love story so far...
• Repeatable deployments
• Versioned Infrastructure as code
• Use-case specific deployments
49. Expanding your use of CloudFormation:
Working with multiple templates
• An inevitability as you grow
– Stack limits (60 outputs, 200 resources, 51200 bytes)
– Segregation of duties
– Velocity of change
• Layers of stacks
– Identity
– Network
– Shared services
– Back end services
– Front end services
57. Xero
Leading small business cloud platform
Vision
Millions of people all over the
world love doing business on
Xero
Mission
Grow prosperity by connecting
people through beautifully
designed business software
Goal
Achieving scale and value by
winning one million+ customers
58. Technology at Xero
• Mostly a Microsoft shop
– Big SQL Server user
– Lots of .NET web applications
• Linux is used for some functionality
– Redis
– Cassandra
– Elastic Search
60. Our Journey – Introducing CloudFormation
• Started Small
– A single template
– Provisioned a VPC, Subnets, Internet Gateway, NAT instance
and Windows box!
• Then – we added more...
– Added some more network configuration
– Provisioned some more Windows boxes
61. Our Journey – Introducing CloudFormation
• But, we ran into some problems
– There is a file size limit – 460,800 bytes
– JSON syntax validation
– Lots of changes, engineers starting to overwrite each other
– Other limits, in particular
• 60 parameters
• 60 outputs
62. Our Journey – Tooling
• JSON Syntax Validation
– We wrote a Powershell JSON validation script
– Recently expanded it validate parameters
• Source Control
– Placed CloudFormation scripts in Source Control
– Wrote a “Sync to S3” script
• Visual Studio
– Helped with syntax
– AWS Tools for Visual Studio are a must!
63. Our Journey – Nested Stacks
• To get around the file size and parameter issue:
– Split the stack into a number of components
– AWS::CloudFormation::Stack
– Parameters made parts of the stack reusable
• VPC Formation
• Web Server Provisioning
64. Our Journey – Fun with Parameters
• String
• Number
• List<Number>
• CommaDelimitedList
• AWS::EC2::KeyPair::KeyName
• AWS::EC2::SecurityGroup::Id
• AWS::EC2::VPC::Id
• List<AWS::EC2::VPC::Id>
• List<AWS::EC2::SecurityGroup::Id>
• List<AWS::EC2::Subnet::Id>
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/parameters-section-structure.html
65. Our Journey – Fun with Parameters
"Parameters" : {
"ipProxyPublic1" : {
"Description" : "Public IP Address for Proxy1",
"Type" : "String”
},
"SecurityGroupForProxy" : {
"Description" : "Comma Delimited String of Security Groups...”,
"Type" : "List<AWS::EC2::SecurityGroup::Id>”
}
}
69. Our Journey – What’s Next?
• CI / CD
– Automates the creation and updates of the stack
• Decomposing the Nested Stack
– Let CI assist with the orchestration
• Implement an Infrastructure Testing Framework
– Infrastructure as code is great – but how do you test it?
82. The love story so far...
• Repeatable deployments
• Versioned Infrastructure as code
• Use-case specific deployments
• Management at scale
• Application automation
83. Next steps
• Get the templates used in this session:
http://s3.buzzy.geek.nz/summit2015
• Experiment!