Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
SlideShare a Scribd company logo

CloudFormation experience

Vitebsk Miniq
Vitebsk Miniq

Презентация подготовлена по материалам выступления Ксении Перепечиной на витебском MiniQ#19, который был проведен 10 октября 2019: https://vk.com/miniq19; https://communities.by/events/miniq-vitebsk-19. Про доклад: Мы побеседуем про Infrastructure As A Code на примере использования AWS Cloudformation и Serverless Application Model, про особенности этих сервисов и некоторые практические полезные советы по их использованию.

Related slideshows

Infrastructure as Code in AWS using Cloudformation
Infrastructure as Code in AWS using CloudformationInfrastructure as Code in AWS using Cloudformation
Infrastructure as Code in AWS using Cloudformation
 
AWS Infrastructure as Code - September 2016 Webinar Series
AWS Infrastructure as Code - September 2016 Webinar SeriesAWS Infrastructure as Code - September 2016 Webinar Series
AWS Infrastructure as Code - September 2016 Webinar Series
 
2013 05-fite-club-working-models-cloud-growing-up
2013 05-fite-club-working-models-cloud-growing-up2013 05-fite-club-working-models-cloud-growing-up
2013 05-fite-club-working-models-cloud-growing-up
 
1 of 21
Download to read offline
CloudFormation Experience Kseniya Perapechyna ITS Partner
Menu ● appetizer: Amazon Services ● main course: CloudFormation basis ● desert: Serverless Application Model (SAM)
CloudFormation experience
Imagine Flow
What is my main course?
CloudFormation Concept
Template Structure AWSTemplateFormatVersion: "version date" Description: String Metadata: template metadata Parameters: set of parameters Mappings: set of mappings Conditions: set of conditions Transform: set of transforms Resources: set of resources Outputs: set of outputs AWSTemplateFormatVersion: "2010-09-09" Description: "CloudFormation template Example" Metadata: Databases: "Information about databases" Instances: "Information about EC2 instances" Parameters: KinesisShardCount: Type: Number Default: 3 MinValue: 1 MaxValue: 10 Environment: Type: String Default: qa AllowedValues: - "prod" - "qa" - "dev"
Template Structure AWSTemplateFormatVersion: "version date" Description: String Metadata: template metadata Parameters: set of parameters Mappings: set of mappings Conditions: set of conditions Transform: set of transforms Resources: set of resources Outputs: set of outputs Mappings: TemplateMapping: prod: lambdaName: "ProdLambda" apiGatewayStageName: "prod01" qa: lambdaName: "QaLambda" apiGatewayStageName: "qa02" dev: lambdaName: "DevLambda" apiGatewayStageName: "dev" FunctionName: Fn::FindInMap: ["TemplateMapping", !Ref Environment, "lambdaName"]
Template Structure AWSTemplateFormatVersion: "version date" Description: String Metadata: template metadata Parameters: set of parameters Mappings: set of mappings Conditions: set of conditions Transform: set of transforms Resources: set of resources Outputs: set of outputs Conditions: ProdEnvironment: !Equals [!Ref Environment, "prod"] Resources: KinesisStream: Type: "AWS::Kinesis::Stream" Condition: ProdEnvironment DeletionPolicy: Delete Properties: ... Outputs: kinesisId: Value: !Ref KinesisStream Export: Name: !Sub "${Environment}-kinesis-id"
CloudFormation SNS Resource Type: AWS::SNS::Topic Properties: DisplayName: String KmsMasterKeyId: String TopicName: String Subscription: - Subscription EmailNotification: Type: "AWS::SNS::Topic" Properties: TopicName: "interesting-information" Subscription: - "some.address@email.com" - "one.more.address@email.com"
WorkerLambdaResource: Type: "AWS::Lambda::Function" Properties: FunctionName: !FindInMap ["TemplateMapping", !Ref Environment, "lambdaName"] Role: !Sub "arn:aws:iam::${AWS::AccountId}:role/lambda-role" MemorySize: 512 Runtime: java8 Code: S3Bucket: "lambda-functions" S3Key: "worker.jar" Handler: "com.example.ExampleHandler" VpcConfig: SecurityGroupIds: [sg-085912345678492fb] SubnetIds: - subnet-071f712345678e7c8 - subnet-07fd123456788a036 Environment: Variables: param: value lambda_environment: !Ref Environment
Dessert please
Serverless Application Model Transform: "AWS::Serverless-2016-10-31"
Serverless Resource types ● AWS::Serverless::Function ● AWS::Serverless::Api ● AWS::Serverless::Application ● AWS::Serverless::SimpleTable ● AWS::Serverless::LayerVersion
SAM Features Globals Section Globals: Function: Runtime: nodejs6.10 Timeout: 180 Handler: index.handler Environment: Variables: TABLE_NAME: data-table Api: EndpointConfiguration: REGIONAL Cors: "'www.example.com'" SimpleTable: SSESpecification: SSEEnabled: true
API Gateway CloudFormation Resources ● API Gateway account ● REST API ● ... ● Resources hierarchy ● Methods ● Stages ● Deployments ● API key ● Custom domain name ● CORS (OPTIONS methods)
API Gateway Serverless Resources Globals: Api: EndpointConfiguration: REGIONAL Cors: AllowHeaders: "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token'" AllowMethods: "'POST,GET,OPTIONS'" AllowOrigin: "'www.example.com'" MethodSettings: - HttpMethod: GET ResourcePath: "/api/v1" LoggingLevel: INFO MetricsEnabled: false CachingEnabled: false ThrottlingRateLimit: 10000 ThrottlingBurstLimit: 5000 Resources: ExampleRestApi: Type: "AWS::Serverless::Api" Properties: Name: "REST API Example" StageName: !Ref Environment DefinitionUri: Bucket: api-bucket Key: swagger.yml
WorkerLambdaResorce: Type: "AWS::Serverless::Function" Properties: FunctionName: worker-service Role: !Sub "arn:aws:iam::${AWS::AccountId}:role/lambda-role" Runtime: java8 MemorySize: 512 AutoPublishAlias: !Ref Environment CodeUri: S3Bucket: "lambda-functions" S3Key: "worker.jar" Handler: "com.example.ExampleHandler" Environment: Variables: lambda_environment: !Ref Environment Events: GetResource: Type: Api Properties: Path: "/api/v1/worker" Method: GET
SAM Drawbacks - API Key creation does not support - AWS::Serverless::API creates additional stage - Lambda permission issue Events: PostResource: Type: Api Properties: RestApiId: !Ref ExampleRestApi Path: "/api/v1/worker" Method: GET LambdaInvokePermission: Type: "AWS::Lambda::Permission" Properties: FunctionName: !Ref WorkerLambdaResorce Action: "lambda:InvokeFunction" ...
Practical Use 1. One text file described your resources 2. Integration with AWS Code Pipeline 3. Work with AWS Service Catalog
Questions

More Related Content

CloudFormation experience

  • 2. Menu ● appetizer: Amazon Services ● main course: CloudFormation basis ● desert: Serverless Application Model (SAM)
  • 5. What is my main course?
  • 7. Template Structure AWSTemplateFormatVersion: "version date" Description: String Metadata: template metadata Parameters: set of parameters Mappings: set of mappings Conditions: set of conditions Transform: set of transforms Resources: set of resources Outputs: set of outputs AWSTemplateFormatVersion: "2010-09-09" Description: "CloudFormation template Example" Metadata: Databases: "Information about databases" Instances: "Information about EC2 instances" Parameters: KinesisShardCount: Type: Number Default: 3 MinValue: 1 MaxValue: 10 Environment: Type: String Default: qa AllowedValues: - "prod" - "qa" - "dev"
  • 8. Template Structure AWSTemplateFormatVersion: "version date" Description: String Metadata: template metadata Parameters: set of parameters Mappings: set of mappings Conditions: set of conditions Transform: set of transforms Resources: set of resources Outputs: set of outputs Mappings: TemplateMapping: prod: lambdaName: "ProdLambda" apiGatewayStageName: "prod01" qa: lambdaName: "QaLambda" apiGatewayStageName: "qa02" dev: lambdaName: "DevLambda" apiGatewayStageName: "dev" FunctionName: Fn::FindInMap: ["TemplateMapping", !Ref Environment, "lambdaName"]
  • 9. Template Structure AWSTemplateFormatVersion: "version date" Description: String Metadata: template metadata Parameters: set of parameters Mappings: set of mappings Conditions: set of conditions Transform: set of transforms Resources: set of resources Outputs: set of outputs Conditions: ProdEnvironment: !Equals [!Ref Environment, "prod"] Resources: KinesisStream: Type: "AWS::Kinesis::Stream" Condition: ProdEnvironment DeletionPolicy: Delete Properties: ... Outputs: kinesisId: Value: !Ref KinesisStream Export: Name: !Sub "${Environment}-kinesis-id"
  • 10. CloudFormation SNS Resource Type: AWS::SNS::Topic Properties: DisplayName: String KmsMasterKeyId: String TopicName: String Subscription: - Subscription EmailNotification: Type: "AWS::SNS::Topic" Properties: TopicName: "interesting-information" Subscription: - "some.address@email.com" - "one.more.address@email.com"
  • 11. WorkerLambdaResource: Type: "AWS::Lambda::Function" Properties: FunctionName: !FindInMap ["TemplateMapping", !Ref Environment, "lambdaName"] Role: !Sub "arn:aws:iam::${AWS::AccountId}:role/lambda-role" MemorySize: 512 Runtime: java8 Code: S3Bucket: "lambda-functions" S3Key: "worker.jar" Handler: "com.example.ExampleHandler" VpcConfig: SecurityGroupIds: [sg-085912345678492fb] SubnetIds: - subnet-071f712345678e7c8 - subnet-07fd123456788a036 Environment: Variables: param: value lambda_environment: !Ref Environment
  • 13. Serverless Application Model Transform: "AWS::Serverless-2016-10-31"
  • 14. Serverless Resource types ● AWS::Serverless::Function ● AWS::Serverless::Api ● AWS::Serverless::Application ● AWS::Serverless::SimpleTable ● AWS::Serverless::LayerVersion
  • 15. SAM Features Globals Section Globals: Function: Runtime: nodejs6.10 Timeout: 180 Handler: index.handler Environment: Variables: TABLE_NAME: data-table Api: EndpointConfiguration: REGIONAL Cors: "'www.example.com'" SimpleTable: SSESpecification: SSEEnabled: true
  • 16. API Gateway CloudFormation Resources ● API Gateway account ● REST API ● ... ● Resources hierarchy ● Methods ● Stages ● Deployments ● API key ● Custom domain name ● CORS (OPTIONS methods)
  • 17. API Gateway Serverless Resources Globals: Api: EndpointConfiguration: REGIONAL Cors: AllowHeaders: "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token'" AllowMethods: "'POST,GET,OPTIONS'" AllowOrigin: "'www.example.com'" MethodSettings: - HttpMethod: GET ResourcePath: "/api/v1" LoggingLevel: INFO MetricsEnabled: false CachingEnabled: false ThrottlingRateLimit: 10000 ThrottlingBurstLimit: 5000 Resources: ExampleRestApi: Type: "AWS::Serverless::Api" Properties: Name: "REST API Example" StageName: !Ref Environment DefinitionUri: Bucket: api-bucket Key: swagger.yml
  • 18. WorkerLambdaResorce: Type: "AWS::Serverless::Function" Properties: FunctionName: worker-service Role: !Sub "arn:aws:iam::${AWS::AccountId}:role/lambda-role" Runtime: java8 MemorySize: 512 AutoPublishAlias: !Ref Environment CodeUri: S3Bucket: "lambda-functions" S3Key: "worker.jar" Handler: "com.example.ExampleHandler" Environment: Variables: lambda_environment: !Ref Environment Events: GetResource: Type: Api Properties: Path: "/api/v1/worker" Method: GET
  • 19. SAM Drawbacks - API Key creation does not support - AWS::Serverless::API creates additional stage - Lambda permission issue Events: PostResource: Type: Api Properties: RestApiId: !Ref ExampleRestApi Path: "/api/v1/worker" Method: GET LambdaInvokePermission: Type: "AWS::Lambda::Permission" Properties: FunctionName: !Ref WorkerLambdaResorce Action: "lambda:InvokeFunction" ...
  • 20. Practical Use 1. One text file described your resources 2. Integration with AWS Code Pipeline 3. Work with AWS Service Catalog