Back to articles
December 9, 2024

Infrastructure as Code on AWS

Introduction

  • Cloud computing takes advantage of virtualization to enabled on-demand provisioning of compute, network and storage
  • Manual processes have disadvantages:
    • Higher Cost - people are diverted from more important work
    • Inconsistency due to human error
    • Lack of agility, speed
    • Lack of repeatable process causes compliance failures
  • Infrastructure as Code brings automation to provisioning
    • instantiate infrastructure using configuration files
    • eliminates configuration drift

Infrastructure Resource Lifecycle

  • Figure: Infrastructure Resource Lifecycle
    1. Resource Provisioning:
      1. Administrators provision resources with the specifications they want
    2. Configuration Management:
      1. Resources become components of a configuration management systems that does tuning and patching
    3. Monitoring and Performance:
      1. Tools validate the operational state of resources
      2. Examine metrics, synthetic transactions, log files
    4. Compliance and Governance:
      1. Frameworks drive more validation to ensure alignment with standards:
        1. Corporate standards
        2. Industry standards
        3. Regulatory requirements
    5. Resource optimization:
      1. Review performance data
        1. Identify changes needed to optimize for performance, cost management, etc.
  • Infrastructure Resource Lifecycle
    • Each stage involves procedures that can leverage code

Resource Provisioning

  • Organizations need a repeatable process for instantiating resources consistently
  • Infrastructure as Code using CloudFormation provides the framework for this process

AWS Cloudformation

  • Use templates written in YAML or JSON to describe the collection of AWS resources, their associated dependencies and required runtime parameters
  • Templates can repeatedly create identical copies of the same stack across AWS Regions
  • After deploying, you can modify and update them in a controlled and predictable way
  • Effect is that you have version control for your infrastructure

Template Anatomy

  • Templates contain parameters, resource declarations and outputs
  • Templates can reference other templates

Figure: example of AWS CloudFormation YAML Template

  • Parameters Section: Template requests the name of an EC2 Key Pair from the user
  • Resource Section: Creates an EC2 instance using that key pair
    • EC2 security group is associated with that EC2 instance
    • Security group enables port 80 HTTP access

Parameters: KeyName: Description: The EC2 key pair to allow SSH access to the instance Type: AWS::EC2::KeyPair::KeyName Resources: Ec2Instance: Type: AWS::EC2::Instance Properties: SecurityGroups: !Ref InstanceSecurityGroup KeyName: !Ref KeyName ImageId: ami-70065467 InstanceSecurityGroup: Type: AWS::EC2::SecurityGroup Properties: GroupDescription: Enable HTTP access via port 80 SecurityGroupIngress: - IpProtocol: tcp FromPort: '80' ToPort: '80' CidrIp: 0.0.0.0/0

Change Sets

  • Change Sets feature allows previewing proposed changes to a stack with actually updating the stack
  • Control ability to create and view change sets with IAM
  • Three phases of using Change Sets:
    • Create - submit changes to stack or parameters
    • View - summary provided in JSON from API from console, cli, api
    • Execute - execute the change set to make changes to the stack
Loading comments...