Infrastructure as Code on Amazon Web Services (AWS) - XenonStack

Overview of Infrastructure as Code

Infrastructure is the process of managing and prevising computer data centers through machine-readable definition. This approach is used to promote cloud computing, which is sometimes marketed as Infrastructure as a service (IAS). Infrastructure as a code can be broken down into three measurable categories –

  • Cost Reduction
  • Speed
  • Risk

There are three approaches to Infrastructure as code –

  • Declarative
  • Imperative
  • Intelligent

Declarative approach focus on what the eventual target configuration should be. It defines the desired state of the system, executes what needs to happen to achieve the desirable state. The main focus of the Imperative approach is how the Infrastructure is to be changed to meets. Imperative defines the specific commands that need to be executed in the appropriate order to end with the desired conclusion. The intelligent approach focuses on why the configuration should be a certain way, and consideration should be a certain way and consideration of all code relationships and code dependency of multiple applications. It determines the correct desire state before when system execution needs to happen to achieve a desirable state that is not coded deployment application.

There are two methods of Infrastructure as code –

  • Pull
  • Push

In the Push method, the control server pushes the configuration to the destination server. In the pull method, the server o be configured according to the configuration from the controlling server.

Infrastructure Resource Lifecycle

The stages of the lifecycle are –

  • Resource provisioning – The administrator provision the resources according to the specifications the administrator wants.
  • Configuration management – In this, the resources become components for the configuration management system, which supports activities such as tuning and patching.
  • Monitoring and performance – In Monitoring and performance tools, authorize the operational status of the resources by analyzing the items such as metrics, synthetic transactions, and log files.
  • Compliance and governance – In Compliance and governance frameworks drive the additional authenticate to ensure the alignment, including corporate and industry standards, as well as regulatory specifications.
  • Resource optimization – The performance data and identify changes needed to optimize the environment around criteria such as performance and cost management which is reviewed by
    Administrators.

Every stage involves procedures that can leverage the code. This increase the benefits of Infrastructure as Code from its traditional role in provisioning to the entire resource lifecycle.

Practitioners of Infrastructure as code

Developers/DevOps teams – It benefits the Cloud Formation for its capability to treat Infrastructure as code; it allows them to apply software engineering principles, such as code reviews, integration testing SOA and revision control to Infrastructure.

IT admins and MSPs – It values Cloud Formation as a platform to enable standardization, managed consumption, and role specialization.

ISVs – It values Cloud Formation for its ability to support scaling out of multi-tenant SaaS products by quickly replicating or updating stacks. ISVs also value Cloud Formation as a way to package and deploy their software in their customer accounts on AWS.

Infrastructure as Code on AWS Cloud Formation

AWS Cloud Formation provides developers and systems administrators an effortless way to create, maintain, provision, and update a collection of appropriate AWS resources reliably. It uses templates written in JSON (JavaScript Object Notation) or YAML (YAML Ain’t Mark-up Language) format to describe the collection of AWS resources. Repeatedly we can use a template to create similar copies of the same stack constantly across AWS Regions. After deploying the resources, we can modify and update them in a good manner way. The information resource lifecycle starts with the modify of resources.

How AWS Cloud Formation works

The formation provides a template-based way of creating Infrastructure and managing the dependencies between resources during the starting process when the process is being designed. With AWS Cloud Formation, we can maintain our Infrastructure just like application source code.

Step 1 – code your Infrastructure from scratch with the help of cloud formation template language, in either YAML or JSON format, or start from many available sample templates.

Step 2 – then check your template code locally or upload your template code into the S3 bucket.

Step 3 – Then use AWS Cloud Formation from the browser console, after this command line tools or APIs to create a stack-based on your template code.

Step 4 – After this, AWS cloud formation provisions and configure the stack and resources you specified on your template.

Amazon EC2 Systems Manager

Amazon EC2 system manager is a collection of ability that analyzes standard maintenance, administration, deployment, and execution of operational tasks on EC2 instances and servers or virtual machines (VMs) in physical environments. Systems Manager helps us to understand and control the current state of the EC2 instance and OS configurations. We can track and slightly to manage the system configuration, OS patch levels, application configurations, and other details.

Systems Manager Document Structure

A Systems Manager document defines the actions that the Systems Manager performs on the managed instances. Systems Manager includes more than a dozen of preconfigured documents to support the capabilities. All documents are written in JSON and also include both parameters and actions.

This is an example of a custom document for a Windows-based host. This document uses the ipconfig command to assemble the network configuration of the node and then installs MySQL.Amazon EC2 Systems Manager helps you to deploy, customize, enforce, and audit an expected state configuration to the EC2 instances and servers or VMs in the physical environment. AWS OpsWorks enables to use of Chef Recipes to support the configuration of an environment. We can use OpsWorks for Chef Automate independently or on the top of an environment provisioned by the AWS Cloud Formation.

The Systems Manager is associated with the run documents and policies, and the recipes associated with OpsWorks for Chef Automate is the part of the infrastructure code base and can be controlled as application source code is managed.

Amazon Cloud Watch

It is a set of services that ingests, interprets, and responds to runtime metrics, logs, and events. Cloud Watch collects metrics from many AWS services automatically, such as Amazon EC2, Elastic Load Balancing (ELB), and Amazon Dynamo DB. Cloud Watch consists of three services: the leading Cloud Watch service, Amazon Cloud Watch Logs, and Amazon Cloud Watch Events.

Amazon Cloud Watch Logs

Amazon Cloud Watch Logs stores and monitors logs from Amazon EC2, AWS Cloud Trail, and other sources. Ingested log data is the basis for new Cloud Watch metrics that can be, in turn, trigger Cloud Watch alarms. Log processing and correlation are used for a more in-depth analysis of application behaviors and can expose internal details that are hard to figure out from metrics.

Amazon Cloud Watch Events

Amazon Cloud Watch Events produces a stream of events from AWS environments; it applies a rules engine and delivers matching events to specify the targets. The capability of the Infrastructure to respond to particular circumstances offers benefits in both operations and security. About information security, events mayor can provide notifications for console logins, authentication failures, and risky API calls recorded by Cloud Trail.

Monitoring is essential to understand systems behavior and to automate data-driven reactions. Cloud Watch collects observations from runtime environments, in the form of metrics and logs, and makes those actionable through alarms, streams, and events. Lambda functions that are written in Python, Node.js, Java, or C# can respond to the events through extending the role of Infrastructure as Code to the operational domain and improving the flexibility of operating environments.

Why Use YAML in AWS Cloud Formation?

  • In YAML, better authoring and readability of templates are done.
  • YAML supports native comment.
  • In YAML simplification as templates get more and more complex.
  • In YAML, sequence items are denoted by a dash.

YAML Function Declaration

  • Two ways to declare intrinsic functions: Long and Short
  • Short Form: o ! FindInMap [ MapName, TopLevelKey, SecondLevelKey ]
  • Long Form: o "Fn::FindInMap”: [ "MapName", "TopLevelKey", "SecondLevelKey"]
  • Tag = ! (It’s not Negation operator)
  • Few things to note with Tags
  • You cannot use one tag instantly after another. o !Base64!Sub…
  • Instead, you can do this o "Fn::Base64": !Sub… o !Select [ !Ref Value, [1,2,3]]

Intrinsic Functions in Cloud Formation

Fn:: Sub In cloud Formation

It Substitutes the variables in an input string with values.

The function accepts a string or a map as a parameter.

Usage


o VarName: ${MyVariableValue}
o Literal: ${!LiteralValue}

Use ‘|’if you are spanning multiple lines -It is also available in JSON.

Cross Stack References In cloud Formation -In this Sharing resources is made easy

IAM roles, VPC, Security groups

  • We can add an explicit “Export” declaration to stack output
  • We can use the resource in another stack using a new intrinsic function -Fn::ImportValue

Few guidelines –

  • Export names must be unique within an account and region
  • It cannot create references across regions
  • It cannot delete a stack that is referenced by another stack (Dependencies are communicated in errors).
  • This Output cannot be modified or removed as long as a current stack references it.

A Holistic Strategy

Infrastructure is the process of managing and prevising computer data centers through machine-readable definition. There are three approaches to Infrastructure as a code. Declarative approach focus on what the eventual target configuration should be. The imperative approach focuses on how the Infrastructure is to be changed to meets. The intelligent approach focuses on why the configuration should be a certain way, and consideration should be a certain way, and payment of all code relationships and code dependency of multiple applications. There are two methods of Infrastructure as a code. In the Push method, the control server pushes the configuration to the destination server. In the pull method, the server o be configured according to the configuration from the controlling server. Stages of the lifecycle are Resource provisioning: Administrator provision the resources according to the specifications the administrator wants.

Configuration management – In this, the resources become components for the configuration management system, which supports activities such as tuning and patching. Monitoring and performance: In Monitoring and performance tools, it validates the operational status of the resources by examining items such as metrics, synthetic transactions, and log files.

Compliance and governance – Compliance and governance frameworks drive the additional validation to ensure alignment with corporate and industry standards, as well as regulatory requirements. Resource optimization: the performance data needed to optimize the environment around criteria such as performance and cost management, which is reviewed by Administrators. AWS Cloud Formation provides developers and systems administrators an easy way to create, manage, provision, and update a collection of related AWS resources in a proper manner way. Amazon Ec2 system manager simplifies standard maintenance, management, deployment, and execution of operational tasks on EC2 instances and servers or virtual machines A Systems Manager document defines the actions that Systems Manager performs on the managed instances. Amazon Cloud Watch Logs stores and monitors logs from Amazon EC2, AWS Cloud Trail, and other sources. Amazon Cloud Watch Events produces a stream of events from AWS environments.



Leave a Comment

Name required.
Enter a Valid Email Address.
Comment required.(Min 30 Char)