AWS CloudFormation Intrinsic Functions and Mappings
•Transferir como PPTX, PDF•
2 gostaram•4,279 visualizações
A Deep Dive into the Intrinsic Functions of Cloud Formation Templates showing you how to make your json templates more resilient and reusable
Recomendados
Recomendados
Mais conteúdo relacionado
Mais procurados
Mais procurados (20)
Destaque
Destaque (15)
Semelhante a AWS CloudFormation Intrinsic Functions and Mappings
Semelhante a AWS CloudFormation Intrinsic Functions and Mappings (20)
Mais de Adam Book
Mais de Adam Book (13)
Último
Último (20)
AWS CloudFormation Intrinsic Functions and Mappings
- 1. AWS CloudFormation Intrinsic Functions and Mappings Managing Windows instances in the Cloud
- 2. Sponsors
- 3. Presented by Adam Book from Find me on LinkedIn CloudFormation Deep Dive
- 4. CloudFormation Review AWS CloudFormation Allows you to build Infrastructure as code using templates which are constructed from json.
- 5. CloudFormation Template There are 8 sections of a Cloud formation template, most of which are optional Format Version (optional) Description (optional) Metadata (optional) Mappings (optional) Parameters(optional) Conditions(optional) Resources (required) Outputs(optional)
- 6. CloudFormation Best Practice For more info http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/best-practices.html As you use Cloud Formation make sure you follow the best practices for success • Do Not Embed Credentials in You Templates • Use AWS-Specific Parameter Types • Use Parameter Constraints • Validate Templates Before Using them • Manage All Stack Resources Through AWS Cloud Formation
- 7. CloudFormation Intrinsic Functions Function Overview Fn::Base64 returns the Base64 representation of the input string (user data) Fn::FindInMap returns the value corresponding to keys in a two-level map that is declared in the Mappings section Fn::GetAtt returns the value of an attribute from a resource in the template. Fn::GetAZs returns an array that lists Availability Zones for a specified region. Fn::Join appends a set of values into a single value, separated by the specified delimiter. Fn::Select returns a single object from a list of objects by index. Ref returns the value of the specified parameter or resource.
- 8. CloudFormation Mappings The Mappings section is optional but is matches a key to a corresponding set of named values. If you want to set values based on region, you can create a mapping that uses the key as the name and then contains the values you want to specify for each region. You cannot include parameters, pseudo parameters, or intrinsic functions in the Mappings section.
- 9. CloudFormation Mappings - cont. "Mappings" : { "RegionMap" : { "us-east-1" : { "32" : "ami-6411e20d"}, "us-west-1" : { "32" : "ami-c9c7978c"}, "eu-west-1" : { "32" : "ami-37c2f643"}, "ap-southeast-1" : { "32" : "ami-66f28c34"}, "ap-northeast-1" : { "32" : "ami-9c03a89d"} } }
- 10. CloudFormation Mappings - cont. "asgApp": { "MinSize" : { "value": "2" }, "MaxSize" : { "value": "2" }, "DesiredCapacity" : { "value": "2" }, "HealthCheckType" : { "value": "EC2" }, "TerminationPolicies" : { "value": "OldestInstance" } }
- 11. CloudFormation Mappings - cont. "asgAppA": { "Type": "AWS::AutoScaling::AutoScalingGroup", "Properties": { "AvailabilityZones" : { "Ref": "AZs" }, "VPCZoneIdentifier" : { "Ref": "PrivateAPPSubnets" }, "LaunchConfigurationName" : { "Ref": "LaunchConfig" }, "MinSize" : { "Fn::FindInMap": [ "asgApp", "MinSize", "value" ] }, "MaxSize" : { "Fn::FindInMap": [ "asgApp", "MaxSize", "value" ] }, "DesiredCapacity" : { "Fn::FindInMap": [ "asgApp", "DesiredCapacity", "value" ] }, "HealthCheckType" : { "Fn::FindInMap": [ "asgApp", "HealthCheckType", "value" ] }, "TerminationPolicies" : [{ "Fn::FindInMap": [ "asgApp", "TerminationPolicies", "value" ] }],
- 12. Fn::FindInMap "Resources" : { "myEC2Instance" : { "Type" : "AWS::EC2::Instance", "Properties" : { "ImageId" : { "Fn::FindInMap" : [ "RegionMap", { "Ref" : "AWS::Region" }, "32"]}, "InstanceType" : "m1.small" } } } } This function performs lookups, it accepts a ‘mappings’ object on of one or two keys and then returns a value For more info http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function- reference-findinmap.html
- 13. Fn::Base64 { "Fn::Base64" : ”apt-get update –y " } This function accepts plain text and converts it to Base 64 For more info http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function- reference-base64.html
- 14. Fn::Join "Outputs" : { "URL" : { "Description" : "The URL of your demo website", "Value" : { "Fn::Join" : [ "", [ "http://", { "Fn::GetAtt" : [ "ElasticLoadBalancer", "DNSName" ]}]]} } } This can be used to concatenate various components to produce things such as a URL. For more info http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function- reference-join.html
- 15. Fn::GetAtt Some examples of attributes that can be called are: • EC2 -> PrivateIp • EC2-> PublicIp • ElasticLoadBalancing -> DNSName • IAM::Group -> ARN • S3 Bucket -> DomainName • Simple AD -> Alias As you dynamically create items in your Cloud Formation templates , you may need to use some of the Attributes after they are created. For more info http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function- reference-getatt.html
- 16. Fn::GetAtt "MyEIP" : { "Type" : "AWS::EC2::EIP", "Properties" : { "InstanceId" : { "Ref" : "MyEC2Instance" } } } “Fn:GetAtt” :[ “MyEIP”, “AllocationId” ] As you dynamically create items in your Cloud Formation templates For more info http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function- reference-getatt.html
- 17. Fn::GetAZs { "Fn::GetAZs" : "us-east-1" } { "Fn::GetAZs" : { "Ref" : "AWS::Region" } } The intrinsic function Ref returns to value of the specified parameter or resource. For more info http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function- reference-select.html NOTE: You can use the Ref function in the Fn::GetAZz function.
- 18. Fn::Select { “Fn::Select” : [ “0”, {”Fn::GetAZs” : “”} ] } Selects a single object from a list of object and can be paired with other functions such as Fn::GetAZs For more info http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function- reference-select.html The output is the first Availablity zone in the region where the template is applied. Replacing the 0 with a 1 would select the second Availability Zone
- 19. Fn::Ref "MyEIP" : { "Type" : "AWS::EC2::EIP", "Properties" : { "InstanceId" : { "Ref" : "MyEC2Instance" } } } The intrinsic function Ref returns to value of the specified parameter or resource. For more info http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function- reference-ref.html
- 20. Cloud Formation Templates Real World Examples Photo curtesy of Stephen Radford via http://snap.io
Notas do Editor
- AWS already has managed policies for SSM to attached either to your users or Roles. These can be easily found by going to to policy section of IAM and then searching for SSM
- Some sections in a template can be in any order. If you use a tool such as troposphere then the output can be placed out as Alphabetical vs logical if you are used to the templates provided by AWS
- With constraints, you can describe allowed input values so that AWS CloudFormation catches any invalid values before creating a stack. You can set constraints such as a minimum length, maximum length, and allowed patterns. For example, you can set constraints on a database user name value so that it must be a minimum length of eight character and contain only alpha-numeric characters.
- Intrinsic functions are inbuilt functions provided by AWS to help you manage, reference, and conditionally act upon resources, situations and inputs to a stack You can compare intrinsic functions to logical operations in programming such as: If – Else, Case, Switch etc
- Although the most used case with mappings is with AMI’s and bits. There are other cases where you can use mappings for quick lookups
- This example shows a Mappings section with a map RegionMap, which contains five keys that map to name-value pairs containing single string values. The keys are region names. Each name-value pair is the AMI ID for the 32-bit AMI in the region represented by the key.
- This example shows a Mappings section with a map RegionMap, which contains five keys that map to name-value pairs containing single string values. The keys are region names. Each name-value pair is the AMI ID for the 32-bit AMI in the region represented by the key.
- This example shows a Mappings section being used in an autoscale group.
- Its useful when other elements in a stack need Base 64 input such as EC2 user data
- One of the best uses of the Join is in the output section and to produce the output endpoint for your users.
- Remember to include the DependsOn piece in your resources if you downstream resources needs the attribute of a previously created resource
- This is probably the most useful and easiest of the Intrinsic functions I’ve found to date.