Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Terraforming the Cloud

Sebastian Cohnen
July 24, 2015
Technology
0
250

Terraforming the Cloud

Dirk and I talked about our usage of HashiCorp's Terraform at the first AWS Meetup in Cologne on 2015-07-23.

Sebastian Cohnen

July 24, 2015
Tweet

More Decks by Sebastian Cohnen

See All by Sebastian Cohnen
The Life of a Load Generator
tisba
0
810
Load Testing with 1M Users
tisba
2
2.9k
Performance Testing Serverless
tisba
0
130
Performance Testing 101, code.talks commerce 2018 [DE]
tisba
2
410
Why we did not choose Microservices to replace a Legacy System
tisba
1
130
Performance Testing 101 [DE]
tisba
0
110
Load Testing with 1,000,000 Users!
tisba
0
190
code.talks 2016: Last- und Performancetests in der Cloud [DE]
tisba
1
890
FrOSCon 2016: Last- und Performancetests in der Cloud?! [DE]
tisba
0
350

Other Decks in Technology

See All in Technology
TanStack Routerに移行するのかい しないのかい、どっちなんだい! / Are you going to migrate to TanStack Router or not? Which one is it?
kaminashi
0
600
インフラとバックエンドとフロントエンドをくまなく調べて遅いアプリを早くした件
tubone24
1
430
エンジニア人生の拡張性を高める 「探索型キャリア設計」の提案
tenshoku_draft
1
130
Engineer Career Talk
lycorp_recruit_jp
0
190
ドメインの本質を掴む / Get the essence of the domain
sinsoku
2
160
SREが投資するAIOps ~ペアーズにおけるLLM for Developerへの取り組み~
takumiogawa
1
460
初心者向けAWS Securityの勉強会mini Security-JAWSを9ヶ月ぐらい実施してきての近況
cmusudakeisuke
0
130
ExaDB-D dbaascli で出来ること
oracle4engineer
PRO
0
3.9k
OCI Network Firewall 概要
oracle4engineer
PRO
0
4.2k
日経電子版のStoreKit2フルリニューアル
shimastripe
1
150
10XにおけるData Contractの導入について: Data Contract事例共有会
10xinc
6
670
AWS Lambda のトラブルシュートをしていて思うこと
kazzpapa3
2
180

Featured

See All Featured
BBQ
matthewcrist
85
9.3k
Optimising Largest Contentful Paint
csswizardry
33
2.9k
Documentation Writing (for coders)
carmenintech
65
4.4k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
226
22k
Done Done
chrislema
181
16k
Designing Experiences People Love
moore
138
23k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
280
13k
GraphQLとの向き合い方2022年版
quramy
43
13k
Navigating Team Friction
lara
183
14k
A Philosophy of Restraint
colly
203
16k
Faster Mobile Websites
deanohume
305
30k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
250
21k

Transcript

  1. Terraforming the Cloud Terraforming the Cloud

  2. Sebastian StormForger @tisba Dirk Freelancer @railsbros_dirk Who?

  3. Challenges • Increasing complexity • Multiple target environments • Multi/hybrid

    cloud • Evolving infrastructure • Communication & Documentation

  4. Opportunities • Infrastructure (not just servers) on demand • Flexible

    APIs for all infrastructure components • Affordable but powerful hardware and services • Virtualization

  5. Solution SCRIPTING SCRIPTING

  6. #!/bin/bash ec2-authorize \ sg-${SECURITY_GROUP_EC2} \ -P tcp \ -p 22

    \ -s 203.0.113.25/32 ec2-run-instances \ ami-${ID} \ -t ${INSTANCE_TYPE} \ -s subnet-${SUBNET_ID} \ -k my-key-pair \ -g sg-${SECURITY_GROUP_EC2} \ --associate-public-ip-address true

  7. Issues with Scripting • Not declarative • Dynamic runtime •

    Hard to reason about prior to execution • How to deal with API errors, timeouts, …? • What about idempotency, versioning and rollbacks?

  8. Wishlist • Describe entire infrastructure in a declarative way •

    Keep track of changes to the infrastructure • Changing infrastructure is accessible to entire team • Rollback your infrastructure to a previous point

  9. Solutions? Tools? This time for real…

  10. – @bascht “For any (dev)ops related problem HashiCorp most likely

    already has a tool.”
  11. None

  12. – terraform.io “Terraform provides a common configuration to launch infrastructure

    [...]. Once launched, Terraform safely and efficiently changes infrastructure as the configuration is evolved.” Terraform

  13. Setup Staging Environment $ terraform plan -out staging.plan terraform/staging $

    terraform apply staging.plan

  14. Terraform • Describe entire infrastructure in a declarative way •

    Keep track of changes to the infrastructure • Changing infrastructure is accessible to entire team • Rollback your infrastructure to a previous point

  15. Terraform Providers*… Atlas AWS Azure CloudFlare CloudStack Consul DigitalOcean DNSMadeEasy

    DNSimple Docker Google Cloud Heroku Mailgun OpenStack *currently

  16. Terraform AWS Resources aws_app_cookie_stickiness_policy aws_autoscaling_group aws_autoscaling_notification aws_autoscaling_policy aws_cloudwatch_metric_alarm aws_customer_gateway aws_db_instance

    aws_db_parameter_group aws_db_security_group aws_db_subnet_group aws_dynamodb_table aws_ebs_volume aws_ecs_cluster aws_ecs_service aws_ecs_task_definition aws_eip aws_elasticache_cluster
 aws_elasticache_parameter_group aws_elasticache_security_group aws_elasticache_subnet_group aws_elb aws_flow_log aws_iam_access_key aws_iam_group aws_iam_group_policy aws_iam_group_membership aws_iam_instance_profile aws_iam_policy aws_iam_policy_attachment aws_iam_role aws_iam_role_policy aws_iam_server_certificate aws_iam_user aws_iam_user_policy
 aws_instance aws_internet_gateway aws_key_pair aws_kinesis_stream aws_lambda_function aws_launch_configuration aws_lb_cookie_stickiness_policy aws_main_route_table_association aws_network_acl aws_network_interface aws_proxy_protocol_policy aws_route53_delegation_set aws_route53_health_check aws_route53_record aws_route53_zone aws_route53_zone_association aws_route_table aws_s3_bucket aws_security_group aws_security_group_rule aws_sns_topic aws_sns_topic_subscription aws_spot_instance_request aws_sqs_queue aws_subnet aws_volume_attachment aws_vpc aws_vpc_dhcp_options aws_vpc_dhcp_options_association aws_vpc_endpoint aws_vpc_peering aws_vpn_connection aws_vpn_connection_route aws_vpn_gateway

  17. Example Infrastructure

  18. Enterprise Cloud Architecture Plan™ ELB +TLS Certificate +DNS Record EC2

    Instance RDS Instance (with PostgreSQL) Security Group Security Group

  19. What we need… DNS Record aws_route53_record Load Balancer aws_elb TLS

    Certificate aws_iam_server_certificate EC2 Instance aws_instance PostgreSQL Instance aws_db_instance Security Groups aws_security_group ELB +TLS Certificate +DNS Record EC2 Instance RDS Instance (with PostgreSQL)

  20. Configuration Layout resource TYPE NAME { CONFIG ... [count =

    COUNT] [depends_on = [RESOURCE NAME, ...]] [LIFECYCLE] }

  21. resource "aws_iam_server_certificate" "demo" { name = "demo" certificate_body = "${file("certs/demo.cert.pem")}"

    certificate_chain = "${file("certs/demo.ca-bundle.pem")}" private_key = "${file("secrets/demo.pem")}" }

  22. resource "aws_elb" "staging_elb" { depends_on = ["aws_iam_server_certificate.demo"] name = "staging-elb"

    availability_zones = ["eu-central-1a", "eu-central-1b"] listener { instance_port = 80 instance_protocol = "http" lb_port = 443 lb_protocol = "https" ssl_certificate_id = "${aws_iam_server_certificate.demo.arn}" } health_check { target = "HTTP:80/status_check" } security_groups = ["${aws_security_group.staging_elb.id}"] instances = ["${aws_instance.staging_web.id}"] }

  23. resource "aws_instance" "staging_web" { ami = "${lookup(var.staging_amis, var.region)}" instance_type =

    "t2.micro" security_groups = [ "default", "${aws_security_group.staging_web.name}" ] iam_instance_profile = "staging-ec2" tags { Name = "staging_web" Roles = "web,db" Stages = "staging" } }

  24. Q&A Sebastian Cohnen stormforger.com @tisba Dirk Breuer tfcl.de @railsbros_dirk