SlideShare uma empresa Scribd logo

深探-IaC-(Infrastructure as Code-基礎設施即程式碼-)-在-AWS-上的應用

Amazon Web Services
Amazon Web Services

Deep Dive into IaC on AWS 深探 IaC (Infrastructure as Code, 基礎設施即程式碼 ) 在 AWS 上的應用 Level: 300, 中文演講 講師: Pahud Hsieh, Specialist Solutions Architect, AWS & Smalltown Tsai, Senior Site Reliability Engineer of Maicoin 採用 Public Cloud Provider 後,需要面對雲端資源的各種管理問題,而其變動頻率和規模都持續在成長中,如何 "降低維運成本","加快執行速度" 和 "降低變動風險" 成為重要課題,而 AWS 的所有資源都可以透過程式自動化控制,因此 Infrastructure as Code 概念便有了實作的著力點;本分享透過 AWS EKS 為範例,示範如何達成 IaC 的 CI/CD 用以降低人員管理雲端的時間成本,自動化雲端資源的修改動作,避免手動修改可能造成的人為錯誤或是資安問題。 聯繫銷售: https://aws.amazon.com/tw/contact-us/ 與銷售線上聊天: https://pages.awscloud.com/tw-hkt-sales-chat.html

1 de 33
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.SUMMIT Deep Dive into IaC on AWS Pahud Hsieh Specialist SA, Serverless Amazon Web Services smalltown Senior Site Reliability Engineer Maicoin
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.SUMMIT Our infrastructure management journey
Manual � Easy to get started � Not reproducible � Error prone � Time consuming
Scripted � What happens if an API call fails? � How do I make updates? � How do I know a resource is ready? � How do I roll back?
Resource Provisioning Engines AWS CloudFormation template (JSON/YAML) HashiCorp Configuration Language (HCL) Desired state configuration � Easy to automate � Reproducible � Configuration syntax � No abstraction, lots of details
Challenges • Automated deployment and rollback • Cross account management • Cooperative development • Integration with existing testing frameworks • Integration with key management system • Integration with Kubernetes or Amazon EKS
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.SUMMIT Introducing smalltown
Hello! I am smalltown MaiCoin Site Reliability Engineer Taipei HashiCorp User Group Organizer AWS User Group Taiwan Staff
Angeda IaC Introduction Multiple Accounts Infrastructure Testing IaC EKS Example
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.SUMMIT IaC Introduction
Infrastructure as Code in 201X... YA! I can write code to manage cloud resource resource "aws_s3_bucket" "b" { bucket = "my_tf_test_bucket" acl = "private" tags { Name = "My bucket" } }
Infrastructure as Code in 201X... • Record your cloud resource with infrastructure as code tool, not document Document: - Easy Out of Date - Hard to Maintain AWS CloudFormation
Terraform Overview Allow 1 person manage the same resource Store the managed resource state Create, Modify, Destroy Resource
The Benefit After Adopt IaC • Automate your deployment and recovery process • Rollback with the same tested processes • Don’t repair, redeploy • Focus on mean time to recovery • Use testing tools to verify your infrastructure • Hook your tests into your monitoring system
Problems Emerged After a While... • Permission control problem • Don’t follow DRY • How to well testing • How to collaborate within a team
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.SUMMIT Multiple Accounts Infrastructure
Why Multiple AWS Accounts ? • Why there are dev, alpha, beta, staging, production environment for the application? • Application need to be well tested, but not impact the real users • Production infrastructure don’t allow access at will • Infrastructure becomes code now, hence, it need to be treated as the same way
Multiple Accounts Infrastructure
Multiple Accounts Infrastructure • IAM user can be central managed • Permission separate as read, write and robot roles in different accounts • The robot role is for Terraform usage
Multiple Accounts Infrastructure • The write role is for human usage if necessary • Production write and robot role only can be permitted through change management process
How to Manage Multiple Accounts • About assume role, don’t forget to enable MFA, and setup expired time • Recommend to use aws- vault to manage multiple roles in multiple accounts [profile central] output = json region = us-east-1 mfa_serial = arn:aws:iam::${CENTRAL_ACCOUNT_ID}:mfa/${IAM_USER} [profile central_read] role_arn = arn:aws:iam::${CENTRAL_ACCOUNT_ID}:role/read mfa_serial = arn:aws:iam::${CENTRAL_ACCOUNT_ID}:mfa/${IAM_USER} source_profile = central
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.SUMMIT Testing IaC
How to Achieve IaC CI/CD
What is Terratest? • Terratest is a Go library that makes it easier to write automated tests for your infrastructure code • It provides a variety of helper functions and patterns for common infrastructure testing tasks
How to Test IaC By Terratest Setup - Compose configuration - Create resource - Wait resource ready Verification - Leverage helper function - Write Golang directly Teardown - Destroy resource - Generate report
Rich Helper Function • Testing Terraform code • Testing Packer templates • Testing Docker images • Executing commands on servers over SSH • Working with Cloud Provider APIs, e.g. AWS • Working with Kubernetes APIs • Testing Helm Charts • Making HTTP requests • Running shell commands
IaC Testing Tools Comparison • XXX-Spec ←→ Terratest ←→ Pure programming language • Learning curve is between XXX-Spec and Pure programming language • Not only check server properties, but also the service functionality • Testing scope include entire systems
Terraform Module Structure W/ Testing tf-aws-iam ├── examples │ ├── iam-roles │ └── iam-users ├── modules │ ├── roles │ └── users └── test ├── iam_roles_test.go └── iam_users_test.go • Modules: The Terraform to create cloud resource • Examples: Illustrate how to use the module • Test: Test the module by executing examples
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.SUMMIT EKS Example - Vishwakarma
Vishwakarma • Vishwakarma can be used to create a Kubernetes cluster in AWS by leveraging HashiCorp Terraform and CoreOS
Terratest in Vishwakarma • Create a EKS cluster with two worker groups (on-demand, spot) • Once the cluster is ready (node, core-dns), deploy Nginx service • Make a HTTP request to the Nginx service • Destroy EKS cluster
Demo
Thank you! SUMMIT © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Recomendados

Terraform
TerraformTerraform
Terraform
Phil Wilkins
 
Comprehensive Terraform Training
Comprehensive Terraform TrainingComprehensive Terraform Training
Comprehensive Terraform Training
Yevgeniy Brikman
 
AWS CDK Introduction
AWS CDK IntroductionAWS CDK Introduction
AWS CDK Introduction
Kasun Dilunika
 
Building PaaS with Amazon EKS for the Large-Scale, Highly Regulated Enterpris...
Building PaaS with Amazon EKS for the Large-Scale, Highly Regulated Enterpris...Building PaaS with Amazon EKS for the Large-Scale, Highly Regulated Enterpris...
Building PaaS with Amazon EKS for the Large-Scale, Highly Regulated Enterpris...
Amazon Web Services
 
infrastructure as code
infrastructure as codeinfrastructure as code
infrastructure as code
Amazon Web Services
 
Building infrastructure as code using Terraform - DevOps Krakow
Building infrastructure as code using Terraform - DevOps KrakowBuilding infrastructure as code using Terraform - DevOps Krakow
Building infrastructure as code using Terraform - DevOps Krakow
Anton Babenko
 
(ARC307) Infrastructure as Code
(ARC307) Infrastructure as Code(ARC307) Infrastructure as Code
(ARC307) Infrastructure as Code
Amazon Web Services
 
[WhaTap DevOps Day] 세션 1 : Observability Practice on AWS
[WhaTap DevOps Day] 세션 1 : Observability Practice on AWS[WhaTap DevOps Day] 세션 1 : Observability Practice on AWS
[WhaTap DevOps Day] 세션 1 : Observability Practice on AWS
WhaTap Labs
 

Recomendados

Terraform
TerraformTerraform
Terraform
Phil Wilkins
 
Comprehensive Terraform Training
Comprehensive Terraform TrainingComprehensive Terraform Training
Comprehensive Terraform Training
Yevgeniy Brikman
 
AWS CDK Introduction
AWS CDK IntroductionAWS CDK Introduction
AWS CDK Introduction
Kasun Dilunika
 
Building PaaS with Amazon EKS for the Large-Scale, Highly Regulated Enterpris...
Building PaaS with Amazon EKS for the Large-Scale, Highly Regulated Enterpris...Building PaaS with Amazon EKS for the Large-Scale, Highly Regulated Enterpris...
Building PaaS with Amazon EKS for the Large-Scale, Highly Regulated Enterpris...
Amazon Web Services
 
infrastructure as code
infrastructure as codeinfrastructure as code
infrastructure as code
Amazon Web Services
 
Building infrastructure as code using Terraform - DevOps Krakow
Building infrastructure as code using Terraform - DevOps KrakowBuilding infrastructure as code using Terraform - DevOps Krakow
Building infrastructure as code using Terraform - DevOps Krakow
Anton Babenko
 
(ARC307) Infrastructure as Code
(ARC307) Infrastructure as Code(ARC307) Infrastructure as Code
(ARC307) Infrastructure as Code
Amazon Web Services
 
[WhaTap DevOps Day] 세션 1 : Observability Practice on AWS
[WhaTap DevOps Day] 세션 1 : Observability Practice on AWS[WhaTap DevOps Day] 세션 1 : Observability Practice on AWS
[WhaTap DevOps Day] 세션 1 : Observability Practice on AWS
WhaTap Labs
 
Terraform
TerraformTerraform
Terraform
Diego Pacheco
 
(BAC404) Deploying High Availability and Disaster Recovery Architectures with...
(BAC404) Deploying High Availability and Disaster Recovery Architectures with...(BAC404) Deploying High Availability and Disaster Recovery Architectures with...
(BAC404) Deploying High Availability and Disaster Recovery Architectures with...
Amazon Web Services
 
DevOps on AWS
DevOps on AWSDevOps on AWS
DevOps on AWS
Amazon Web Services
 
Terraform 0.9 + good practices
Terraform 0.9 + good practicesTerraform 0.9 + good practices
Terraform 0.9 + good practices
Radek Simko
 
AWS SAM으로 서버리스 아키텍쳐 운영하기 - 이재면(마이뮤직테이스트) :: AWS Community Day 2020
AWS SAM으로 서버리스 아키텍쳐 운영하기 - 이재면(마이뮤직테이스트) :: AWS Community Day 2020 AWS SAM으로 서버리스 아키텍쳐 운영하기 - 이재면(마이뮤직테이스트) :: AWS Community Day 2020
AWS SAM으로 서버리스 아키텍쳐 운영하기 - 이재면(마이뮤직테이스트) :: AWS Community Day 2020
AWSKRUG - AWS한국사용자모임
 
Best Practices of Infrastructure as Code with Terraform
Best Practices of Infrastructure as Code with TerraformBest Practices of Infrastructure as Code with Terraform
Best Practices of Infrastructure as Code with Terraform
DevOps.com
 
Terraform introduction
Terraform introductionTerraform introduction
Terraform introduction
Jason Vance
 
AWS Certified Solutions Architect Professional Course S1-S5
AWS Certified Solutions Architect Professional Course S1-S5AWS Certified Solutions Architect Professional Course S1-S5
AWS Certified Solutions Architect Professional Course S1-S5
Neal Davis
 
Terraform
TerraformTerraform
Terraform
Otto Jongerius
 
An Introduction to the AWS Well Architected Framework - Webinar
An Introduction to the AWS Well Architected Framework - WebinarAn Introduction to the AWS Well Architected Framework - Webinar
An Introduction to the AWS Well Architected Framework - Webinar
Amazon Web Services
 
Devops maturity model
Devops maturity modelDevops maturity model
Devops maturity model
ทวิร พานิชสมบัติ
 
Continuous Deployment Practices, with Production, Test and Development Enviro...
Continuous Deployment Practices, with Production, Test and Development Enviro...Continuous Deployment Practices, with Production, Test and Development Enviro...
Continuous Deployment Practices, with Production, Test and Development Enviro...
Amazon Web Services
 
ここから始めるAWSセキュリティ
ここから始めるAWSセキュリティここから始めるAWSセキュリティ
ここから始めるAWSセキュリティ
Amazon Web Services Japan
 
Terraform Introduction
Terraform IntroductionTerraform Introduction
Terraform Introduction
soniasnowfrog
 
엔터프라이즈를 위한 AWS 지원 및 사례 (서수영) - AWS 웨비나 시리즈
엔터프라이즈를 위한 AWS 지원 및 사례 (서수영) - AWS 웨비나 시리즈엔터프라이즈를 위한 AWS 지원 및 사례 (서수영) - AWS 웨비나 시리즈
엔터프라이즈를 위한 AWS 지원 및 사례 (서수영) - AWS 웨비나 시리즈
Amazon Web Services Korea
 
Terraform modules restructured
Terraform modules restructuredTerraform modules restructured
Terraform modules restructured
Ami Mahloof
 
IaC on AWS Cloud
IaC on AWS CloudIaC on AWS Cloud
IaC on AWS Cloud
Bhuvaneswari Subramani
 
AWS January 2016 Webinar Series - Introduction to Deploying Applications on AWS
AWS January 2016 Webinar Series - Introduction to Deploying Applications on AWSAWS January 2016 Webinar Series - Introduction to Deploying Applications on AWS
AWS January 2016 Webinar Series - Introduction to Deploying Applications on AWS
Amazon Web Services
 
Terraform
TerraformTerraform
Terraform
Pathum Fernando ☁
 
Service Mesh, 좀 더 쉽게 - AWS App Mesh :: 안주은 - AWS Community Day 2019
Service Mesh, 좀 더 쉽게 - AWS App Mesh :: 안주은 - AWS Community Day 2019Service Mesh, 좀 더 쉽게 - AWS App Mesh :: 안주은 - AWS Community Day 2019
Service Mesh, 좀 더 쉽게 - AWS App Mesh :: 안주은 - AWS Community Day 2019
AWSKRUG - AWS한국사용자모임
 
Managing Your Cloud Assets
Managing Your Cloud AssetsManaging Your Cloud Assets
Managing Your Cloud Assets
Amazon Web Services
 
Rodney Lester: Well-Architected - Reliability Instructor Led Lab.pdf
Rodney Lester: Well-Architected - Reliability Instructor Led Lab.pdfRodney Lester: Well-Architected - Reliability Instructor Led Lab.pdf
Rodney Lester: Well-Architected - Reliability Instructor Led Lab.pdf
Amazon Web Services
 

Mais conteúdo relacionado

Mais procurados

AWS SAM으로 서버리스 아키텍쳐 운영하기 - 이재면(마이뮤직테이스트) :: AWS Community Day 2020
AWS SAM으로 서버리스 아키텍쳐 운영하기 - 이재면(마이뮤직테이스트) :: AWS Community Day 2020 AWS SAM으로 서버리스 아키텍쳐 운영하기 - 이재면(마이뮤직테이스트) :: AWS Community Day 2020
AWS SAM으로 서버리스 아키텍쳐 운영하기 - 이재면(마이뮤직테이스트) :: AWS Community Day 2020
AWSKRUG - AWS한국사용자모임
 
Best Practices of Infrastructure as Code with Terraform
Best Practices of Infrastructure as Code with TerraformBest Practices of Infrastructure as Code with Terraform
Best Practices of Infrastructure as Code with Terraform
DevOps.com
 
Terraform introduction
Terraform introductionTerraform introduction
Terraform introduction
Jason Vance
 
AWS January 2016 Webinar Series - Introduction to Deploying Applications on AWS
AWS January 2016 Webinar Series - Introduction to Deploying Applications on AWSAWS January 2016 Webinar Series - Introduction to Deploying Applications on AWS
AWS January 2016 Webinar Series - Introduction to Deploying Applications on AWS
Amazon Web Services
 

Mais procurados (20)

Terraform
TerraformTerraform
Terraform
 
(BAC404) Deploying High Availability and Disaster Recovery Architectures with...
(BAC404) Deploying High Availability and Disaster Recovery Architectures with...(BAC404) Deploying High Availability and Disaster Recovery Architectures with...
(BAC404) Deploying High Availability and Disaster Recovery Architectures with...
 
DevOps on AWS
DevOps on AWSDevOps on AWS
DevOps on AWS
 
Terraform 0.9 + good practices
Terraform 0.9 + good practicesTerraform 0.9 + good practices
Terraform 0.9 + good practices
 
AWS SAM으로 서버리스 아키텍쳐 운영하기 - 이재면(마이뮤직테이스트) :: AWS Community Day 2020
AWS SAM으로 서버리스 아키텍쳐 운영하기 - 이재면(마이뮤직테이스트) :: AWS Community Day 2020 AWS SAM으로 서버리스 아키텍쳐 운영하기 - 이재면(마이뮤직테이스트) :: AWS Community Day 2020
AWS SAM으로 서버리스 아키텍쳐 운영하기 - 이재면(마이뮤직테이스트) :: AWS Community Day 2020
 
Best Practices of Infrastructure as Code with Terraform
Best Practices of Infrastructure as Code with TerraformBest Practices of Infrastructure as Code with Terraform
Best Practices of Infrastructure as Code with Terraform
 
Terraform introduction
Terraform introductionTerraform introduction
Terraform introduction
 
AWS Certified Solutions Architect Professional Course S1-S5
AWS Certified Solutions Architect Professional Course S1-S5AWS Certified Solutions Architect Professional Course S1-S5
AWS Certified Solutions Architect Professional Course S1-S5
 
Terraform
TerraformTerraform
Terraform
 
An Introduction to the AWS Well Architected Framework - Webinar
An Introduction to the AWS Well Architected Framework - WebinarAn Introduction to the AWS Well Architected Framework - Webinar
An Introduction to the AWS Well Architected Framework - Webinar
 
Devops maturity model
Devops maturity modelDevops maturity model
Devops maturity model
 
Continuous Deployment Practices, with Production, Test and Development Enviro...
Continuous Deployment Practices, with Production, Test and Development Enviro...Continuous Deployment Practices, with Production, Test and Development Enviro...
Continuous Deployment Practices, with Production, Test and Development Enviro...
 
ここから始めるAWSセキュリティ
ここから始めるAWSセキュリティここから始めるAWSセキュリティ
ここから始めるAWSセキュリティ
 
Terraform Introduction
Terraform IntroductionTerraform Introduction
Terraform Introduction
 
엔터프라이즈를 위한 AWS 지원 및 사례 (서수영) - AWS 웨비나 시리즈
엔터프라이즈를 위한 AWS 지원 및 사례 (서수영) - AWS 웨비나 시리즈엔터프라이즈를 위한 AWS 지원 및 사례 (서수영) - AWS 웨비나 시리즈
엔터프라이즈를 위한 AWS 지원 및 사례 (서수영) - AWS 웨비나 시리즈
 
Terraform modules restructured
Terraform modules restructuredTerraform modules restructured
Terraform modules restructured
 
IaC on AWS Cloud
IaC on AWS CloudIaC on AWS Cloud
IaC on AWS Cloud
 
AWS January 2016 Webinar Series - Introduction to Deploying Applications on AWS
AWS January 2016 Webinar Series - Introduction to Deploying Applications on AWSAWS January 2016 Webinar Series - Introduction to Deploying Applications on AWS
AWS January 2016 Webinar Series - Introduction to Deploying Applications on AWS
 
Terraform
TerraformTerraform
Terraform
 
Service Mesh, 좀 더 쉽게 - AWS App Mesh :: 안주은 - AWS Community Day 2019
Service Mesh, 좀 더 쉽게 - AWS App Mesh :: 안주은 - AWS Community Day 2019Service Mesh, 좀 더 쉽게 - AWS App Mesh :: 안주은 - AWS Community Day 2019
Service Mesh, 좀 더 쉽게 - AWS App Mesh :: 안주은 - AWS Community Day 2019
 

Semelhante a 深探-IaC-(Infrastructure as Code-基礎設施即程式碼-)-在-AWS-上的應用

Managing Your Cloud Assets
Managing Your Cloud AssetsManaging Your Cloud Assets
Managing Your Cloud Assets
Amazon Web Services
 
DevOps, Continuous Integration and Deployment on AWS: Putting Money Back into...
DevOps, Continuous Integration and Deployment on AWS: Putting Money Back into...DevOps, Continuous Integration and Deployment on AWS: Putting Money Back into...
DevOps, Continuous Integration and Deployment on AWS: Putting Money Back into...
Amazon Web Services
 

Semelhante a 深探-IaC-(Infrastructure as Code-基礎設施即程式碼-)-在-AWS-上的應用 (20)

Managing Your Cloud Assets
Managing Your Cloud AssetsManaging Your Cloud Assets
Managing Your Cloud Assets
 
Rodney Lester: Well-Architected - Reliability Instructor Led Lab.pdf
Rodney Lester: Well-Architected - Reliability Instructor Led Lab.pdfRodney Lester: Well-Architected - Reliability Instructor Led Lab.pdf
Rodney Lester: Well-Architected - Reliability Instructor Led Lab.pdf
 
Meetup callback
Meetup callbackMeetup callback
Meetup callback
 
What is Serverless Computing?
What is Serverless Computing?What is Serverless Computing?
What is Serverless Computing?
 
Application Delivery Patterns for Developers - Technical 401
Application Delivery Patterns for Developers - Technical 401Application Delivery Patterns for Developers - Technical 401
Application Delivery Patterns for Developers - Technical 401
 
Groovy & Grails - From Scratch to Production
Groovy & Grails - From Scratch to Production Groovy & Grails - From Scratch to Production
Groovy & Grails - From Scratch to Production
 
Application Delivery Patterns
Application Delivery PatternsApplication Delivery Patterns
Application Delivery Patterns
 
Getting to Walk with DevOps
Getting to Walk with DevOpsGetting to Walk with DevOps
Getting to Walk with DevOps
 
Tech Talk on Cloud Computing
Tech Talk on Cloud ComputingTech Talk on Cloud Computing
Tech Talk on Cloud Computing
 
Configuration Management in the Cloud | AWS Public Sector Summit 2017
Configuration Management in the Cloud | AWS Public Sector Summit 2017Configuration Management in the Cloud | AWS Public Sector Summit 2017
Configuration Management in the Cloud | AWS Public Sector Summit 2017
 
Azure Functions Real World Examples
Azure Functions Real World Examples Azure Functions Real World Examples
Azure Functions Real World Examples
 
PuppetConf 2017: Unlocking Azure with Puppet Enterprise- Keiran Sweet, Source...
PuppetConf 2017: Unlocking Azure with Puppet Enterprise- Keiran Sweet, Source...PuppetConf 2017: Unlocking Azure with Puppet Enterprise- Keiran Sweet, Source...
PuppetConf 2017: Unlocking Azure with Puppet Enterprise- Keiran Sweet, Source...
 
MongoDB World 2018: Tutorial - How to Build Applications with MongoDB Atlas &...
MongoDB World 2018: Tutorial - How to Build Applications with MongoDB Atlas &...MongoDB World 2018: Tutorial - How to Build Applications with MongoDB Atlas &...
MongoDB World 2018: Tutorial - How to Build Applications with MongoDB Atlas &...
 
NetflixOSS for Triangle Devops Oct 2013
NetflixOSS for Triangle Devops Oct 2013NetflixOSS for Triangle Devops Oct 2013
NetflixOSS for Triangle Devops Oct 2013
 
DevOps, Continuous Integration and Deployment on AWS: Putting Money Back into...
DevOps, Continuous Integration and Deployment on AWS: Putting Money Back into...DevOps, Continuous Integration and Deployment on AWS: Putting Money Back into...
DevOps, Continuous Integration and Deployment on AWS: Putting Money Back into...
 
Devops continuousintegration and deployment onaws puttingmoneybackintoyourmis...
Devops continuousintegration and deployment onaws puttingmoneybackintoyourmis...Devops continuousintegration and deployment onaws puttingmoneybackintoyourmis...
Devops continuousintegration and deployment onaws puttingmoneybackintoyourmis...
 
Azure App Service Deep Dive
Azure App Service Deep DiveAzure App Service Deep Dive
Azure App Service Deep Dive
 
Assembling an AWS CloudFormation Authoring Tool Chain (DEV368-R2) - AWS re:In...
Assembling an AWS CloudFormation Authoring Tool Chain (DEV368-R2) - AWS re:In...Assembling an AWS CloudFormation Authoring Tool Chain (DEV368-R2) - AWS re:In...
Assembling an AWS CloudFormation Authoring Tool Chain (DEV368-R2) - AWS re:In...
 
Infrastructure as Code
Infrastructure as CodeInfrastructure as Code
Infrastructure as Code
 
Cloud Foundry Compared With Other PaaSes (Cloud Foundry Summit 2014)
Cloud Foundry Compared With Other PaaSes (Cloud Foundry Summit 2014)Cloud Foundry Compared With Other PaaSes (Cloud Foundry Summit 2014)
Cloud Foundry Compared With Other PaaSes (Cloud Foundry Summit 2014)
 

Mais de Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Amazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Amazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
Amazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Amazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
Amazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Amazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
Amazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
Amazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
Amazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
Amazon Web Services
 

Mais de Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

深探-IaC-(Infrastructure as Code-基礎設施即程式碼-)-在-AWS-上的應用

  • 1. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.SUMMIT Deep Dive into IaC on AWS Pahud Hsieh Specialist SA, Serverless Amazon Web Services smalltown Senior Site Reliability Engineer Maicoin
  • 2. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.SUMMIT Our infrastructure management journey
  • 3. Manual � Easy to get started � Not reproducible � Error prone � Time consuming
  • 4. Scripted � What happens if an API call fails? � How do I make updates? � How do I know a resource is ready? � How do I roll back?
  • 5. Resource Provisioning Engines AWS CloudFormation template (JSON/YAML) HashiCorp Configuration Language (HCL) Desired state configuration � Easy to automate � Reproducible � Configuration syntax � No abstraction, lots of details
  • 6. Challenges • Automated deployment and rollback • Cross account management • Cooperative development • Integration with existing testing frameworks • Integration with key management system • Integration with Kubernetes or Amazon EKS
  • 7. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.SUMMIT Introducing smalltown
  • 8. Hello! I am smalltown MaiCoin Site Reliability Engineer Taipei HashiCorp User Group Organizer AWS User Group Taiwan Staff
  • 9. Angeda IaC Introduction Multiple Accounts Infrastructure Testing IaC EKS Example
  • 10. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.SUMMIT IaC Introduction
  • 11. Infrastructure as Code in 201X... YA! I can write code to manage cloud resource resource "aws_s3_bucket" "b" { bucket = "my_tf_test_bucket" acl = "private" tags { Name = "My bucket" } }
  • 12. Infrastructure as Code in 201X... • Record your cloud resource with infrastructure as code tool, not document Document: - Easy Out of Date - Hard to Maintain AWS CloudFormation
  • 13. Terraform Overview Allow 1 person manage the same resource Store the managed resource state Create, Modify, Destroy Resource
  • 14. The Benefit After Adopt IaC • Automate your deployment and recovery process • Rollback with the same tested processes • Don’t repair, redeploy • Focus on mean time to recovery • Use testing tools to verify your infrastructure • Hook your tests into your monitoring system
  • 15. Problems Emerged After a While... • Permission control problem • Don’t follow DRY • How to well testing • How to collaborate within a team
  • 16. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.SUMMIT Multiple Accounts Infrastructure
  • 17. Why Multiple AWS Accounts ? • Why there are dev, alpha, beta, staging, production environment for the application? • Application need to be well tested, but not impact the real users • Production infrastructure don’t allow access at will • Infrastructure becomes code now, hence, it need to be treated as the same way
  • 19. Multiple Accounts Infrastructure • IAM user can be central managed • Permission separate as read, write and robot roles in different accounts • The robot role is for Terraform usage
  • 20. Multiple Accounts Infrastructure • The write role is for human usage if necessary • Production write and robot role only can be permitted through change management process
  • 21. How to Manage Multiple Accounts • About assume role, don’t forget to enable MFA, and setup expired time • Recommend to use aws- vault to manage multiple roles in multiple accounts [profile central] output = json region = us-east-1 mfa_serial = arn:aws:iam::${CENTRAL_ACCOUNT_ID}:mfa/${IAM_USER} [profile central_read] role_arn = arn:aws:iam::${CENTRAL_ACCOUNT_ID}:role/read mfa_serial = arn:aws:iam::${CENTRAL_ACCOUNT_ID}:mfa/${IAM_USER} source_profile = central
  • 22. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.SUMMIT Testing IaC
  • 23. How to Achieve IaC CI/CD
  • 24. What is Terratest? • Terratest is a Go library that makes it easier to write automated tests for your infrastructure code • It provides a variety of helper functions and patterns for common infrastructure testing tasks
  • 25. How to Test IaC By Terratest Setup - Compose configuration - Create resource - Wait resource ready Verification - Leverage helper function - Write Golang directly Teardown - Destroy resource - Generate report
  • 26. Rich Helper Function • Testing Terraform code • Testing Packer templates • Testing Docker images • Executing commands on servers over SSH • Working with Cloud Provider APIs, e.g. AWS • Working with Kubernetes APIs • Testing Helm Charts • Making HTTP requests • Running shell commands
  • 27. IaC Testing Tools Comparison • XXX-Spec ←→ Terratest ←→ Pure programming language • Learning curve is between XXX-Spec and Pure programming language • Not only check server properties, but also the service functionality • Testing scope include entire systems
  • 28. Terraform Module Structure W/ Testing tf-aws-iam ├── examples │ ├── iam-roles │ └── iam-users ├── modules │ ├── roles │ └── users └── test ├── iam_roles_test.go └── iam_users_test.go • Modules: The Terraform to create cloud resource • Examples: Illustrate how to use the module • Test: Test the module by executing examples
  • 29. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.SUMMIT EKS Example - Vishwakarma
  • 30. Vishwakarma • Vishwakarma can be used to create a Kubernetes cluster in AWS by leveraging HashiCorp Terraform and CoreOS
  • 31. Terratest in Vishwakarma • Create a EKS cluster with two worker groups (on-demand, spot) • Once the cluster is ready (node, core-dns), deploy Nginx service • Make a HTTP request to the Nginx service • Destroy EKS cluster
  • 32. Demo
  • 33. Thank you! SUMMIT © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.