Module 11: Automating Flashcards
Why automate ?
Because manual processes are error prone, unreliable and inadequate to support agile business
Risk of manual processes
Not repeatable at scale
No version control
Lacks audit trails
Inconsistent configurations
Benefits of automation
Reduce manual intervention and access
Allows reproduicle environments
Improves productivity
automates testing and scaling
What is IaC
Infrastructure as Code
What is the principle of infrastructure as code
it’s the practice to enable creation, deloyment and maintenance of infrastructure in a programmatic way.
IaC definition
Infrastructure as code (IaC) is an industry term that refers to the process of provisioning and managing cloud resources by defining them in a template file that is both human-readable and machine-consumable
IaC benefits
Rapidly deploy complex environment with consistency
Propagate change to all stacks by modifying the template
Easy clean up…
Reusable, repeatable, maintainable.
What is Cloudformation?
Cloudfromation provisions resources by using infrastructure as code.
Services working with cloudformation
AWS Beanstalk: SaaS to manage web apps programmed in Go, Java, .Net, Node JS PHP r Python. You send your app to beanstalk and it will fully manage the cloud ressources for you.
AWS Quick starts: Automated ref archtitecture based on template.
AWS Serverless Application Model (SAM): To build serverless architecture
AWS Amplify: A dev framework for full stack web and mobile app, with a facilitated code
AWS Cloud Dev Kit: Open source dev framework to model and provision resources through cloudformation
How does cloud formation work?
You define the resources in a template and create the template from scratch or use a prebuilt template. You upload the template or store it and then you create the stack action. Then you observe the progress, and once created you get to use the stack to manage the created ressources centrally
What is the trick when developing an automation where cloud formation is not supported ?
Go through a lambda function to reach the service
What is the syntax of Cloudformation template ?
YAML or JSON
(YAML optimized for readability and supports embeded comments)
(JSON widely used, data in JSON can be used by many sysems, less complex to parse and generate than YAML)
How should I manage my templates ?
Like I would do source code. I store them in a repository
Example of YAML formated template.
+
What is the only mandatory field in a template?
Resources is the only mandatory field
AWSTemplateFormatVersion: “version date” Description: StringMetadata: template metadataParameters: set of parametersRules: set of rulesMappings: set of mappingsConditions: set of conditionsTransform: set of transformsResources: set of resourcesOutputs: set of outputs
Where can I design my templates
Any text editor to right code or AWS Cloud Formation Designer, A template editor helping in the build with a canvas as a drag and drop interface to create code
Why is it a clever thing to do to use a single template for creating dev and prod environment?
Because like that, same application bnaries same Java version same db version. Far easier to manage.
OK my dev and prod environment are on the same template… But what if I need to update my databse. I can’t test ? What is the tool that allows to test new configurations?
Yes you can test new conf by usinga “change set”.
You create xour change set. You examine how it responds. Once happy you run the change set and tadaaa!
Nice thing to do when using change set is to organise deletion policy so as not to have build up
That’s just it. re-read again if you don’t know it.
What is the use of the “Detect Drift” Function ?
Sometimes the application that you push through the template is changed by someone manually. A detect drift will tell you if your app deviates from the original template
As the org grows and you have more template you will have need for what?
Some order and organisation because it can get messy. AWS gives some good practices on the topic.
What is AWS quick start for ?
It provides Cloud formation template and are best practices standard for security and high availability
Added benefits of Quick start ?
You get a deployment guide with the template
Infrastructure as code has benefits but:
Coding can be tricky. Human error, differing skill levels, size and complexity, sec vulneraiblities…
What is Amazon Q developer for
Gen AI coding assistant
Amazon Q developer helps you accross your dev lifecycle, but what is the dev lifecycle ?
Plan
Create
Test and secure
Operate
Maintain and modernise
What is the Well architected pillar that is the closest to IaC?
Operational Excellence
What are Operational Excellence principles for IaC
Use IaC, frequent small and reversible changes, fully automate integration and deployment
SECURITY and IAC
Automate security best practices
Reliability and IAC
Deploy changes with automation
Use automation when obtaining or scaling resources
