Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Terraforming the Cloud

Sebastian Cohnen
July 24, 2015
Technology
0
250

Terraforming the Cloud

Dirk and I talked about our usage of HashiCorp's Terraform at the first AWS Meetup in Cologne on 2015-07-23.

Sebastian Cohnen

July 24, 2015
Tweet

More Decks by Sebastian Cohnen

See All by Sebastian Cohnen
The Life of a Load Generator
tisba
0
810
Load Testing with 1M Users
tisba
2
2.9k
Performance Testing Serverless
tisba
0
120
Performance Testing 101, code.talks commerce 2018 [DE]
tisba
2
410
Why we did not choose Microservices to replace a Legacy System
tisba
1
130
Performance Testing 101 [DE]
tisba
0
110
Load Testing with 1,000,000 Users!
tisba
0
180
code.talks 2016: Last- und Performancetests in der Cloud [DE]
tisba
1
890
FrOSCon 2016: Last- und Performancetests in der Cloud?! [DE]
tisba
0
350

Other Decks in Technology

See All in Technology
【若手エンジニア応援LT会】AWSで繋がり、共に成長! ~コミュニティ活動と新人教育への挑戦~
kazushi_ohata
0
180
CyberAgent 生成AI Deep Dive with Amazon Web Services / genai-aws
cyberagentdevelopers
PRO
1
480
プロダクト成長に対応するプラットフォーム戦略:Authleteによる共通認証基盤の移行事例 / Building an authentication platform using Authlete and AWS
kakehashi
1
150
【若手エンジニア応援LT会】AWS Security Hubの活用に苦労した話
kazushi_ohata
0
170
サイバーエージェントにおける生成AIのリスキリング施策の取り組み / cyber-ai-reskilling
cyberagentdevelopers
PRO
2
200
新卒1年目が挑む!生成AI × マルチエージェントで実現する次世代オンボーディング / operation-ai-onboarding
cyberagentdevelopers
PRO
1
170
Vueで Webコンポーネントを作って Reactで使う / 20241030-cloudsign-vuefes_after_night
bengo4com
4
2.5k
よくわからんサービスについての問い合わせが来たときの強い味方 Amazon Q について
kazzpapa3
0
220
10分でわかるfreeeのQA
freee
1
3.4k
マネジメント視点でのre:Invent参加 ~もしCEOがre:Inventに行ったら~
kojiasai
0
470
Jr. Championsになって、強く連携しながらAWSをもっと使いたい!~AWSに対する期待と行動~
amixedcolor
0
190
Forget efficiency – Become more productive without the stress
ufried
0
140

Featured

See All Featured
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
328
21k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
126
18k
How to Think Like a Performance Engineer
csswizardry
19
1.1k
Why Our Code Smells
bkeepers
PRO
334
57k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
4
290
RailsConf 2023
tenderlove
29
880
YesSQL, Process and Tooling at Scale
rocio
167
14k
How to Ace a Technical Interview
jacobian
275
23k
Being A Developer After 40
akosma
86
590k
Build your cross-platform service in a week with App Engine
jlugia
229
18k
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
27
790
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
27
1.9k

Transcript

  1. Terraforming the Cloud Terraforming the Cloud

  2. Sebastian StormForger @tisba Dirk Freelancer @railsbros_dirk Who?

  3. Challenges • Increasing complexity • Multiple target environments • Multi/hybrid

    cloud • Evolving infrastructure • Communication & Documentation

  4. Opportunities • Infrastructure (not just servers) on demand • Flexible

    APIs for all infrastructure components • Affordable but powerful hardware and services • Virtualization

  5. Solution SCRIPTING SCRIPTING

  6. #!/bin/bash ec2-authorize \ sg-${SECURITY_GROUP_EC2} \ -P tcp \ -p 22

    \ -s 203.0.113.25/32 ec2-run-instances \ ami-${ID} \ -t ${INSTANCE_TYPE} \ -s subnet-${SUBNET_ID} \ -k my-key-pair \ -g sg-${SECURITY_GROUP_EC2} \ --associate-public-ip-address true

  7. Issues with Scripting • Not declarative • Dynamic runtime •

    Hard to reason about prior to execution • How to deal with API errors, timeouts, …? • What about idempotency, versioning and rollbacks?

  8. Wishlist • Describe entire infrastructure in a declarative way •

    Keep track of changes to the infrastructure • Changing infrastructure is accessible to entire team • Rollback your infrastructure to a previous point

  9. Solutions? Tools? This time for real…

  10. – @bascht “For any (dev)ops related problem HashiCorp most likely

    already has a tool.”
  11. None

  12. – terraform.io “Terraform provides a common configuration to launch infrastructure

    [...]. Once launched, Terraform safely and efficiently changes infrastructure as the configuration is evolved.” Terraform

  13. Setup Staging Environment $ terraform plan -out staging.plan terraform/staging $

    terraform apply staging.plan

  14. Terraform • Describe entire infrastructure in a declarative way •

    Keep track of changes to the infrastructure • Changing infrastructure is accessible to entire team • Rollback your infrastructure to a previous point

  15. Terraform Providers*… Atlas AWS Azure CloudFlare CloudStack Consul DigitalOcean DNSMadeEasy

    DNSimple Docker Google Cloud Heroku Mailgun OpenStack *currently

  16. Terraform AWS Resources aws_app_cookie_stickiness_policy aws_autoscaling_group aws_autoscaling_notification aws_autoscaling_policy aws_cloudwatch_metric_alarm aws_customer_gateway aws_db_instance

    aws_db_parameter_group aws_db_security_group aws_db_subnet_group aws_dynamodb_table aws_ebs_volume aws_ecs_cluster aws_ecs_service aws_ecs_task_definition aws_eip aws_elasticache_cluster
 aws_elasticache_parameter_group aws_elasticache_security_group aws_elasticache_subnet_group aws_elb aws_flow_log aws_iam_access_key aws_iam_group aws_iam_group_policy aws_iam_group_membership aws_iam_instance_profile aws_iam_policy aws_iam_policy_attachment aws_iam_role aws_iam_role_policy aws_iam_server_certificate aws_iam_user aws_iam_user_policy
 aws_instance aws_internet_gateway aws_key_pair aws_kinesis_stream aws_lambda_function aws_launch_configuration aws_lb_cookie_stickiness_policy aws_main_route_table_association aws_network_acl aws_network_interface aws_proxy_protocol_policy aws_route53_delegation_set aws_route53_health_check aws_route53_record aws_route53_zone aws_route53_zone_association aws_route_table aws_s3_bucket aws_security_group aws_security_group_rule aws_sns_topic aws_sns_topic_subscription aws_spot_instance_request aws_sqs_queue aws_subnet aws_volume_attachment aws_vpc aws_vpc_dhcp_options aws_vpc_dhcp_options_association aws_vpc_endpoint aws_vpc_peering aws_vpn_connection aws_vpn_connection_route aws_vpn_gateway

  17. Example Infrastructure

  18. Enterprise Cloud Architecture Plan™ ELB +TLS Certificate +DNS Record EC2

    Instance RDS Instance (with PostgreSQL) Security Group Security Group

  19. What we need… DNS Record aws_route53_record Load Balancer aws_elb TLS

    Certificate aws_iam_server_certificate EC2 Instance aws_instance PostgreSQL Instance aws_db_instance Security Groups aws_security_group ELB +TLS Certificate +DNS Record EC2 Instance RDS Instance (with PostgreSQL)

  20. Configuration Layout resource TYPE NAME { CONFIG ... [count =

    COUNT] [depends_on = [RESOURCE NAME, ...]] [LIFECYCLE] }

  21. resource "aws_iam_server_certificate" "demo" { name = "demo" certificate_body = "${file("certs/demo.cert.pem")}"

    certificate_chain = "${file("certs/demo.ca-bundle.pem")}" private_key = "${file("secrets/demo.pem")}" }

  22. resource "aws_elb" "staging_elb" { depends_on = ["aws_iam_server_certificate.demo"] name = "staging-elb"

    availability_zones = ["eu-central-1a", "eu-central-1b"] listener { instance_port = 80 instance_protocol = "http" lb_port = 443 lb_protocol = "https" ssl_certificate_id = "${aws_iam_server_certificate.demo.arn}" } health_check { target = "HTTP:80/status_check" } security_groups = ["${aws_security_group.staging_elb.id}"] instances = ["${aws_instance.staging_web.id}"] }

  23. resource "aws_instance" "staging_web" { ami = "${lookup(var.staging_amis, var.region)}" instance_type =

    "t2.micro" security_groups = [ "default", "${aws_security_group.staging_web.name}" ] iam_instance_profile = "staging-ec2" tags { Name = "staging_web" Roles = "web,db" Stages = "staging" } }

  24. Q&A Sebastian Cohnen stormforger.com @tisba Dirk Breuer tfcl.de @railsbros_dirk