How to Use Infrastructure As Code for Automated Self-Service AWS Environments Sean Davis Ambassador, Devops Institute @Seanasaservice Imseandavis

How to use Infrastructure as Code for automated self-service AWS environments Sean Davis Ambassador, DevOps Institute @seanasaservice imseandavis

Chris Chapman Partner Solutions Architect at AWS About DevOps Institute

DevOps Institute’s mission is to advance the human elements of DevOps by creating a safe and interactive environment where our members can network, gain knowledge, grow their careers, support enterprise transformation and celebrate professional achievements.

We connect and enable the global DevOps community to drive change in the digital age. Become a professional member at www.devopsinstitute.com An Ideal Approach For Success

Culture Shared Responsibility Locality and Simplicity

Focus, Flow, and Joy Recovery Automation Continuous Plan for Failure Delivery DevOps Improvement of Daily Work Approach Psychological Safety

Measurement Lean Quantify The Optimize Value Customer Focus Effort Delivery Why Infrastructure as Code?

Focus Separation of Duties Allows developers to focus on Idempotent and declarative coding, not provisioning templates prevent infrastructure infrastructure configuration drift Collaboration Time Generates a shared bond Automation reduces time between developers and to deploy, release, and engineering teams scale infrastructure

Process Cost Resource templates enable Leverages native development effective spot and reserved practices and templates instance planning Orchestrating together

Quality Assurance

Security Integration Engineers

Validation Governance Self Service Secrets Continuous Management Testing Definitions Policy As Code Patterns Cost Devs Packages Ops Monitoring Source Control Infrastructure As Build / Release Code Considerations Traceability Leveraging Simplistic Design

Scale • Scale Design Patterns • Auto Scaling Automate • Spot/Reserved Instances • Practice A.U.T.O. Script • GitOps w/ Containers • Version Control Map • Serverless Functions • Test Templates • Manually Define Process • Secure Templates • Measure Feature Value Plan • Leverage Immutability • Establish Name & Tag • Complexity (Gall’s Law) Standards • Consider Cost Control • Define App Patterns • Operational Limitations • Policy As Code • Up/Downstream Impacts Guardrails • Consider End-To-End Supply Chain Evolving Infrastructure as Code Infrastructure as Code Success Checklist

Set A Baseline Of What Your Trying To Accomplish DevOps Done Right And Why It’s Valuable To Ensure Alignment Involve All Teams Required To Plan, Build, And Run Work Together Your Pipelines Consider Every Component In The End-to-End Supply The Glue That Binds Chain And Tool Chains Required Map The Manual Steps, Then Determine The Greatest Map, Then Automate Automation Value. Define Environment Requirements and Differences Simplify And Secure Before Building Templates And Approval Flows Avoid Vanity Metrics, Quantify The Impact Of Your Measure, Measure, Measure Toolchains, And Share Your Progress With Stakeholders Create Self Documenting Toolchains That Can Be Build For Reusability Consumed And Reused By Any Team Chris Chapman Partner Solutions Architect at AWS You can’t build a house without the right tools

AWS Service Catalog AWS CloudFormation

AWS CodePipeline AWS Systems Manager

AWS Cloud Development Kit 1,600+ vendors | 8,000+ products

Automate Automate the Build your IaC Provide self- 1 2 deployment with 3 4 whole process of templates service template managing the IaC

AWS CodePipeline

Push image to ECR

AWS CodeCommit AWS CodeBuild Validate and Build Amazon Elastic Container Registry

Developers AWS Service Catalog AWS Internet CloudFormation Amazon Elastic Templates Container Service

AWS Fargate

Git-Based Version Control 1. Infrastructure Engineer checks in new template

AWS CodeCommit AWS CloudFormation Product Portfolio Templates (CF Stack)

Release Automation 2. AWS CodePipeline automatically picks up the change and starts a deploy AWS CodePipeline AWS CodeBuild

Amazon S3 AWS CloudFormation 1. Copy releases product 2. Update Stack to deploy 3. AWS CloudFormation updates templates to S3 change the AWS Service Catalog portfolio and products AWS Service Catalog End Users provision updated Products

Collaboration & communication Continuous integration Continuous delivery Monitoring & observability Microservices and everything-as-code Testing & quality management Security & compliance Incident management

Ideas Ideas Ideas Plan Build Test Secure Release Operate Ideas

Sample AWS Marketplace solution providers

1,600+ vendors | 8,000+ products

Ideas Ideas Ideas Plan Build Test Secure Release Operate Ideas

Sample AWS Marketplace solution providers

1,600+ vendors | 8,000+ products

Plan Dev Testing and Security Staging Production

CI CI/CD

Infrastructure Automation at Scale

AWS CloudFormation INFRASTRUCTURE AS CODE

SOURCE CONTROL Pre-built, pre-configured, ARTIFACT REPOSITORY AWS Artifact Repository battle-tested plugins to your existing SECRET MANAGEMENT AWS Secrets Manager ecosystems tools AIOPS / MONITORING / LOGGING

Infrastructure automation from Dev-centric and no-code dev to production self-service alternative

Baked-in cloud cost control Free DevOps and platform teams with IaC © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. and compliance without reinventing the wheel How Resident scales DevOps with AWS and Quali CloudShell Colony

AWS Cloud

VPC Provided environments Target Group Port = 80 Port = 80 to global teams in under Application subnet Internet Gateway 5 minutes Amazon Load Balancer

Application Instance Management subnet Route Table Consume native AWS Port = 3000 Port = 8080 S SH/RDP Auto Scaling services group QualiY CloudAMQP Hosted Zone

Amazon Load Balancer Increased development Amazon S3 speed with dynamic environments Sidecar Instances

Amazon DynamoDB

On-Demand Secure Environments throughout the release pipeline:

Development QA Staging Production

Used for: Used for: Used for: Feature Development, Manual QA Tests Product Review Wovenly Resident Integration Tests (CI) Last mile Validation DREAMCLOUD Nectar Security tests

… and more

AWS Cloud ChatOps Bot Source Control Artifact Repository Pipeline

1 2

Environment Ready!

CloudShell Colony 30 Day Free Trial

Find Buy Deploy

A breadth Through flexible With multiple of DevOps solutions: pricing options: deployment options:

Free trial AWS Control Tower Pay-as-you-go AWS Solution Catalog Hourly | Monthly | Annual AWS CloudFormation | Multi-Year (Infrastructure as Code) Bring Your Own License (BYOL) Software as a Service (SaaS) Seller Private Offers Amazon Machine Image (AMI) Channel Partner Private Offers Amazon Elastic Container Service (ECS) Amazon Elastic Kubernetes Service (EKS)

Find, buy, and deploy solutions quicker Make more satisfying purchases

IT decision-makers (ITDMS) cut their ITDMS feel 2.4x better about time in half using AWS Marketplace purchasing using AWS Marketplace compared to other sources. compared to other sources.

*Amazon Web Services (AWS) Marketplace surveyed 500 IT decision-makers (ITDMs) and influencers across the U.S. to understand software usage, purchasing, consumption models, and compared savings.

Modernize your application development and speed up your time-to-market by leveraging Infrastructure as Code

Provide self-service environments and pipelines to streamline application delivery

Easily experiment with software using AWS Marketplace – without license lock-in