AWS - Infrastructure as a Code (IAC) - CloudFormation (CF)

 AWS - Infrastructure as a Code (IAC) - CloudFormation (CF)
AWS Associtaes - Class notes - 3/06/2021

aws professional certification devops

look for detail

We recently completed launching manually EC2, security group, LB and more services

As a cloud engineer, you may do this manual job but what if you have throusands of resources to manage?
when you do manual, you may miss something and its hard to figure it out the error. takes lots of time to fix the issue.

rather than manual, you would like to automate. how? you write code and direct your system to run it.

You test and verify the code. You will launch the entire  infrascture using this code.
You run one time or hundreds of times. This code know how to create and how to delete.

There is no one click on aws console which will delete the entire infrascture.

Using code, you can have one enter entire infrascture creates and deletes.

Using code, we can create our infrascture, this method is called infrascture as a code. AWs has a product called cloud formation.

this service is to provision all your infrascture in your enterprise.

you write code/template.

AWS has lots of services and each service is doing some kind of service.or provide services
such as
- EC2 - instances
- EBS - storage
- ELB - load balance

There are two ways you can interact with aws
1. Manual way
a. Using the interface
b. aws cli
Good thing about cli is you don't have to login to console, you can run from your PC.

2. Auto
one click your entire infrascture will be created.

1. imperative approach
- aws provides some API where you can write your code
for eg
API
- Python
   - Code

setup.py - go to these services and perform these tasks.
- go to ec2, ebs, security group

This approach has a problem or challenges.
whatever code you write, they are not intellegent codes.
-  say you have code go and launch ec2 instance
   again run this code, it will all the code on the file.
   these codes are not intellegent enough
if my instance is already there, don't run this code.
whatever you ask, they do, they don't check or does not have intellegence to check.

2. Declarative language (approach)
- you don't have to know actual language.
- its so simple like key value pair
- anyone can create very quickly and use it.
- just declear what you want to do.

say you want to create an instance ec2 -> myos1
before they run the code, they go to aws and check if this instance is already running or exist.

what it does is, it will do what is your desier but before performing the task, it verifies..
you declear what you want. but say, someone goes online and creates an instance
or say new port 8080 need to be enabled.. if someone deletes the instance, create it
anyone chnages the security rule, i will check the make change
or whatever your desier state is and the service is not on that desire state, I will change it.


clud formation
code you write
- in template

ansible can do some sort sort of IAC job but it is not designed for it. For aws code automation cloud formation is the tool to use.

But cloud formation does not have the capability to launch service on other providers such as azure, google even they have some plugins, they are not mature enough.

There is another tool called terraform which can run code for most cloud provider.(Multi-cloud)

--------------------------------------------

1. Login to aws console

ec2 instance - code

manual it takes time
but writing code at first can be time consuming but its really good on long run.


as a developer, you create can be useful to other folks.

we have Devloper develops the code

QAT (testing)
- testing team test the code
- verify both manual and automated. same infracture created both ways.

this type of code is very useful in DevOps world.
- faster delivery

always a good practice, you have to make sure, if you want to
- automate everything
- manual everything

note: code is like a document. you are not clicking anywhere. you type in one document to launch an say instance

say,
ec2name = myos
ani = ami-1234

if you forget something on your code, and need to modify, don't go to console manually and change it. never do it.
go to your code and make changes to your code and run the code against it.
- never change manually but update the code

the reason, this code may be shared to different team and if they run it may create problem.

let the code do everything for you.

In summary, if you have your bigger size env, use IAC
say you want to create ec2, EIP, SG, VPC .. or more
you are launching multiple service say multiple stack which launch the infracture.

stack
EC2, IAM, VPC ...

how to use cloud formation?

lets write our first code

1. go to cloud formation
2- create stack

3. Specify the


write in such a way that cloud formation understand
lets define ...they have specific keyword and specific values.
for eg, you want to run instance, it can be
key    value
ec2name = myos
ani = ami-1234

you don't remember, check the document.
you need to know how to get the keyword and the value it goes with

when you want to launch an instance, you know what instance type you want to launch

instancetype=t2.micro
we don't know the keywork or value. the one we write may be not correct.
we know what we want but don't know the proper value.

google
aws cloudformation key ec2
look for document.

you may find some yaml example..

InstanceType

Note: if you don't know the concept first, you can't convert that concept to code. You must know the concept first

Domain specific language
- cloudformat
- terraform
they have their own personal keywords and their own format

do they use space, or : or tab or ,

cloudformation usages two language
- JSON - use { ... }
- YAML  - uses keyworks  space delimitted...

ou have to know what service you want ..
so far we have, you have to go manually, and collect the information.
Note: ec2 is a big service -> instance, volume, security group and much more ...


Type: AWS::EC2::Instance    # its like ARN
Properties:    # these below items are properties, so indent them with space
  ImageID: ami-04533f4gh343hd45e3
  InstanceType = t2.micro


when you launch instance, you launch on availibity zone
look for example .. look for keyword

we have our one stack created.

The code we are creating here, aws is creating ec2 instance

These are resources, so entire code is block of code of resources, so lets updat our code

Resources:
  MyFirstOSResource:    # name of your resource, a unique name
    Type: AWS::EC2::Instance    #
      Properties:    
      ImageID: ami-04533f4gh343hd45e3
      InstanceType = t2.micro

this way you can create as much resource you want

Resources:
  MyFirstOSResource:    
    Type: AWS::EC2::Instance    #
      Properties:    
      ImageID: ami-04533f4gh343hd45e3
      InstanceType = t2.micro

Resources:
  MyFirstOSResource:    
    Type: AWS::EC2::Instance    #
      Properties:    
      ImageID: ami-04533f4gh343hd45e3
      InstanceType = t2.micro
..................

save this file

go to your cmd
> notepad mycode.yaml
Resources:
  MyFirstOSResource:    
    Type: AWS::EC2::Instance    #
      Properties:    
      ImageID: ami-04533f4gh343hd45e3
      InstanceType = t2.micro
      AvailibityZone: ap-souch-1a

my  template is ready and launch it..


now, go back to cloud formation

on specify template, upload the file and click next

it ask you about stack name
give some name: myfirstStack

parameter leave default -> next

just leave default and click next

it will give you estimate cost. review and see how much it cost you.

review and click on create stack.
you see status create in progress ...
resource creation initiated..

now, open a new aws console and go to ec2 instance page..
refresh, you will see one instance initilized..

if you see red message, that is not good sign.

now finally you see the instance.

if you are using one or 10 instance, CF is not good but if you are managing whole infrascture, CF is good

now, go to CF and click on your stack you created, click on it and go to templace, and review the code
go to resources and click on physical id, it will take you to the launch instance.

Parameter - makes your code little more dynamic

the code we wriote is an static, lets make some change..

> notepad mycode.yaml
Resources:
  MyFirstOSResource:    
    Type: AWS::EC2::Instance    #
      Properties:    
      ImageID: ami-04533f4gh343hd45e3
      InstanceType = $x
      AvailibityZone: ap-souch-1a

whatever part you or your team want to change, you make change to your code. make little dynamic

say, before you run,ask for value

you see above code, we added $x which is called parameter
parameter is like an input function.

lets say

Parameters:
  x:    # use some meaning ful name like myinstance-name
    Type: String    # define the type of varialbe
    Description: This is variable for my instance type



> notepad mycode.yaml
Resources:
  MyFirstOSResource:    
    Type: AWS::EC2::Instance    #
      Properties:    
      ImageID: ami-04533f4gh343hd45e3
      InstanceType =  !Ref x    # refrence x, get the value of x, normally we use $x but there we refence the variable
      AvailibityZone: ap-souch-1a

this is how we added extra functionality.
save the code, lets upload it

you can either create a new stack or update

to update
- go to stack on CF
- click on your stack
- click on update

it asks you, select
- ureplace current templace
- upload

on parameters specify the value

x
t2.small    # specify it here.. note, what you change to

- click next -> next (Review the page)

when you update your stack, at the end of the page, you see change set preview

you have only one resource, and you have modified.

click on update the stack

now review on Events

wait for a minutes or so..
go to aws console under ec2 dashboard and see if instance is created.


what happened with your old instance that you launch with the same instance?

change cpu/mem -> virtical scaling

now, you can change the instance type on the ec2 dash board
go to action -> instance


lets change your code again

> notepad mycode.yaml
Resources:
  MyFirstOSResource:    
    Type: AWS::EC2::Instance    #
      Properties:    
      ImageID: ami-04533f4gh343hd45e3
      InstanceType =  !Ref x    # refrence x, get the value of x, normally we use $x but there we refence the variable
      AvailibityZone: ap-souch-1a

change the instance type to t2.micro and replacement is conditional mean it will just upload

True mean, i have to remove your

lets change availibilty

> notepad mycode.yaml
Resources:
  MyFirstOSResource:    
    Type: AWS::EC2::Instance    #
      Properties:    
      ImageID: ami-04533f4gh343hd45e3
      InstanceType =  !Ref x    # refrence x, get the value of x, normally we use $x but there we refence the variable
      AvailibityZone: ap-souch-1b

we change the AZ

and update your stack

you will see the status
condition true mean we have to delete old one and create a new one
first it creates and removes

Note: before executing the program, it first tries to compare what it can do, and give you the status such as true, conditional