Stack Mastery: Create and Optimize Advanced AWS CloudFormation Templates - DEV336 - re:Invent 2017

© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Stack Mastery:
C r e a t e a n d O p t i m i z e A d v a n c e d A W S C l o u d F o r m a t i o n T e m p l a t e s
N o v e m b e r 2 9 , 2 0 1 7
D E V 3 3 6
Santiago Cardenas
Partner Solutions Architect
AWS Quick Start
Ian Scofield
Partner Solutions Architect
Emerging Partners
AWS re:INVENT

Continuous improvement

A day in the life of IT
Discover
TryDeploy

Wide spectrum of AWS Quick Starts

• 1 stepSign up, sign in
• 2 stepsChoose region and key pair
• 4 stepsCreate Amazon VPC
• 4 stepsCreate Internet gateway
• 24 stepsCreate 12 subnets
• 24 stepsCreate 4 NACLs
• 16 stepsCreate 4 NAT gateways
• 27 stepsCreate 9 route tables
• 2 stepsCreate routes
• Many more stepsAdd more stacks
Sign up, sign in
Choose region and
key pair
Launch AWS Quick
Start
Reducing complexity
Manual deployment VPC AWS Quick Start

Plan
and
Design
Build
and
Test
Optimize
and
Enhance

Plan and design
your architecture

Secure Reliable Performant Efficient
Attributes of great architectures

Build and test
your deployment

Recurring themes
Scripting Orchestration Source control

Gives developers and systems administrators
an easy way to create and manage a collection
of related AWS resources
Understands dependencies and supports
rollbacks and versioning
Allows for reusable component design
strategies
Supports JSON and YAML formats
AWS CloudFormation

AWS CloudFormation concepts
Template Change SetStack

AWS CloudFormation concepts
Template Stack Set
Stack Stack
Stack Stack

An AWS CloudFormation stack is a
single unit used to manage related
resources
You can create, update, and delete
resources by creating, updating, and
deleting stacks
Stacks are created from templates
Change sets allow you to edit your
stacks
Virtually every kind of AWS resource can
be managed via stacks
It’s all about the stacks
Stack

Optimize and enhance
your deployment

Maintainable Flexible Reusable Standardized
Attributes of great templates

You can build a new AWS infrastructure for
your Magento stack
Deploy Magento into your existing AWS
infrastructure
Choice of Amazon Aurora or MySQL on
Amazon RDS for database operations
Amazon Elastic File System (Amazon EFS)
for shared storage between Amazon
Elastic Compute Cloud (Amazon EC2)
instances
Amazon ElastiCache cluster with the Redis
cache engine to improve application load
times
Magento Open Source Quick Start

Housekeeping
Dashboard to access your AWS
account
• “Starter” lab files
• “Final” versions of the previous
lab
You should have an index card
with a code on it
Labs warning: you may not be able to complete the labs in the allotted time, but don’t worry—we
will give you the final files to follow along and to dive deeper and explore at home

Low-hanging fruit

Parameters
Provide values to your template
Create templates that are
customized each time you create a
stack
Add validation like:
• MinLength/MaxLength
• AllowedPattern (regex)
• AllowedValues
Hide values with NoEcho

Parameters—types
String
Number
List
CommaDelimitedList
AWS-specific parameter types like:
• AWS::EC2::AvailabilityZone::Name
• AWS::EC2::KeyPair::KeyName
• AWS::EC2::VPC::Id
AWS::EC2::AvailabilityZone::Name
AWS::EC2::KeyPair::KeyName

Parameters—not so human-friendly

Parameters—ah, that’s better
Groups
Labels
Descriptions

Let’s launch our stack

CREATE_FAILED

Rules:
SubnetsInVPC:
Assertions:
- Assert:
Fn::EachMemberIn:
- Fn::ValueOfAll:
- AWS::EC2::Subnet::Id
- VpcId
- Fn::RefAll: AWS::EC2::VPC::Id
AssertDescription: All subnets must in the VPC
Gives you the ability to validate entries
before launching the template
Saves time and frustration
Examples:
• Subnets in VPC
• Key pairs not blank
• Service support (Amazon Aurora and
Amazon EFS)
Template constraints (rules)
AWS Service Catalog

AMI mappings
...
Mappings:
AWSAMIRegionMap:
AMI:
AMZNLINUXHVM: amzn-ami-hvm-2017.03.0.20170417-x86_64-gp2
CENTOS7HVM: CentOS Linux 7 x86_64 HVM EBS 1704_01-b7ee8a69-ee97-4a49-9e68-...
US1604HVM: ubuntu/images/hvm-ssd/ubuntu-xenial-16.04-amd64-server-20170516
ap-northeast-1:
AMZNLINUXHVM: ami-923d12f5
CENTOS7HVM: ami-29d1e34e
US1604HVM: ami-1de1df7a
ap-northeast-2:
AMZNLINUXHVM: ami-9d15c7f3
CENTOS7HVM: ami-08e93466
US1604HVM: ami-6722ff09
...

Lab 1 time (30 mins)
Objectives:
1. Create an AMI mappings section
2. Add template rules (constraints)
3. Limit parameters to allowed values
4. Extra credit: create groups and labels

Stackception

Splitting into reusable modules
Identify common components, such as:
• Amazon VPC
• Bastion access
Then take a look at your application:
• Database
• Caching
• Web servers
…Pull these pieces out
Why?
• Reusability
• Easier to maintain/collaborate
• Version control

Avoid named resources
Certain resources can allow you to specify a name,
for example:
• Amazon S3 buckets
• IAM roles
• Amazon SNS topics
You lose the ability to perform updates on your
stack if the resource requires replacement
Can’t launch multiple instances of your stack
Let AWS CloudFormation name your resources
Flexible
Reusable

Stack nesting
We have our application broken into pieces,
but we need a way to put them together
Nested stacks!
Orchestration template launches all of the
individual components
Helps you get around stack limits like length
Orchestration
Web ServersDatabase
VPC
Caching
Bastion
Access
Workload

Objectives:
1. Create a master template which orchestrates the entire stack
A. Use the starter orchestration template
B. Use the URLs from the dashboard
Lab 1 final templates are now available for download

AWS CloudFormation building blocks

Built-in functions to help you manage
your stacks
Assign values to properties not available
at runtime
Conditionally create stack resources
Used in resource properties, outputs,
metadata attributes, and update policy
attributes
Fn::Base64
Fn::FindInMap
Ref
Fn::GetAtt
Fn::GetAZs
Fn::ImportValue
Fn::Join
Fn::Split
Fn::Select
Fn::Sub
Fn::If, And, Or, Not, Equals
Intrinsic functions

Fn::Join as opposed to Fn::Sub
UserData:
Fn::Base64:
Fn::Join:
- ''
- - '#!/bin/bashn'
- 'cfn-init -v -s '
- Ref: AWS::StackName
- ' -r ResourceName --region '
- Ref: AWS::Region
- 'n'
- 'cfn-signal -e $? -s '
- Ref: AWS::StackName
- ' -r ResourceName --region '
- Ref: AWS::Region
- 'n'
...

Fn::Join as opposed to Fn::Sub
UserData:
Fn::Base64:
Fn::Sub: |
#!/bin/bash
cfn-init -v -s ${AWS::StackName} -r ResourceName --region ${AWS::Region}
cfn-signal -e $? -s ${AWS::StackName} -r ResourceName --region ${AWS::Region}
...

cfn-init
Enables a variety of scripting languages for bootstrapping
Credentials are specified in AWS::CloudFormation::Authentication
Configuration is specified in AWS::CloudFormation::Init
Executes as root (Linux)/Local System (Windows)

Example authentication section
Metadata:
...
AWS::CloudFormation::Authentication:
S3AccessCreds:
type: S3
roleName:
Ref: SomeHostRole
buckets:
-Ref: QSS3BucketName
... Optional…used with
cfn-init sources

Example Linux init files
Metadata:
AWS::CloudFormation::Init:
config:
files:
/tmp/some_script.sh:
source:
Fn::Sub:
https://${QSS3BucketName}.s3.amazonaws.com/${QSS3KeyPrefix}scripts/script.sh
mode: '000550'
owner: root
group: root
authentication: S3AccessCreds
...

Example Linux init commands
Metadata:
AWS::CloudFormation::Init:
config:
files:
...
commands:
do_first_thing:
command:
Fn::Sub: /tmp/some_script.sh --parameter ${ParameterFromTemplate}
do_second_thing:
command: touch /tmp/some_file
...

Objectives:
1. Convert Fn::Join functions to Fn::Sub functions
2. Add a metadata section for cfn-init and include:
AWS::CloudFormation::Authentication
AWS::CloudFormation::Init
Relative paths using Fn::Sub

Enhance

From instance to Auto Scaling group
AMI AWS::AutoScaling::LaunchConfiguration
AWS::EC2::Instance
AWS::AutoScaling::AutoScalingGroup
AWS::AutoScaling::ScalingPolicy
AWS::AutoScaling::ScheduledAction
AWS::AutoScaling::LifecycleHook

Load balancing
AWS::ElasticLoadBalancingV2::LoadBalancer
(or AWS::ElasticLoadBalancing::LoadBalancer)
AWS::AutoScaling::AutoScalingGroup
TargetGroupARNs
(or LoadbalancerNames)
Application
Load
Balancer
Network
Load
Balancer
Classic
Load
Balancer
AWS::ElasticLoadBalancingV2::TargetGroup
AWS::ElasticLoadBalancingV2::Listener
AWS::ElasticLoadBalancingV2::ListenerRule
AWS::ElasticLoadBalancingV2::ListenerCertificate

MySQL to Amazon Aurora
AWS::EC2::Instance
+
Database
AWS::RDS::DBInstance AWS::RDS::Cluster
+
AWS::RDS::DBInstances
Lower performance Higher performance

Amazon EFS for shared storage
AWS::EFS::FileSystem
AWS::EFS::MountTarget AWS::EFS::MountTarget
NFS
Server
Volume Volume
NFS
Server
Volume Volume
NFS
Clients Clients Clients
NFS
Clients

Objectives:
1. Convert web server instance to Auto Scaling group
2. Review:
A. Elastic Load Balancing
B. Amazon Aurora
C. Amazon EFS

Secure Reliable Performant Efficient
Scripting Orchestration Source
control
Maintainable Flexible Reusable Standardized
Plan
and
Design
Build
and
Test
Optimize
and
Enhance

Thank you!

Stack Mastery: Create and Optimize Advanced AWS CloudFormation Templates - DEV336 - re:Invent 2017

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Stack Mastery: Create and Optimize Advanced AWS CloudFormation Templates - DEV336 - re:Invent 2017

Similar to Stack Mastery: Create and Optimize Advanced AWS CloudFormation Templates - DEV336 - re:Invent 2017 (20)

More from Amazon Web Services

More from Amazon Web Services (20)

Stack Mastery: Create and Optimize Advanced AWS CloudFormation Templates - DEV336 - re:Invent 2017