Infrastructure as a Code (IaC)

Infrastructure as Code (IaC) allows you to manage and provision computing resources using code instead of manual processes. By writing scripts or templates, you can automate the setup of servers and networks, ensuring consistency and easier management. AWS offers several services for IaC, including AWS CloudFormation, AWS OpsWorks, and AWS Elastic Beanstalk.
AWS Infrastructure as a code
AWS Infrastructure as a code

Infrastructure as Code (IaC) is a method to manage and provision computing resources using code rather than manual processes. Instead of setting up servers and networks by hand, you write scripts or templates that automate these tasks. This approach makes it easier to repeat setups, track changes, and maintain consistency across environments. AWS provides multiple services that allows you to use this approach. The main solutions and approaches you can choose from are:

  • AWS CloudFormation
  • AWS OpsWorks
  • AWS Elastic Beanstalk

Risks of using manual processes:

  • doesn’t support replicability at scale
  • no version control
  • lack of audit
  • inconsistent data management

AWS CloudFormation

  • service that allows you to create IaC (Infrastructure as a code). We create a model in a document, and then resources are created based on it
  • the collection of resources is called AWS CloudFormation stack
  • we can create, modify and delete a stack (update stack, detect drift, delete stack)
  • we can use version control (Github, AWS CloudCommit)
  • templates are in JSON or YAML
  • we can have conditions in templates and use them to make configurations adapted to the type of environment

AWS CloudFormation change sets

  • to update the stack we can make changes to the template and use the Update Stack option. Before making an update we can preview the changes – change set
  • using the DeletionPolicy attribute we can decide whether we want to make a backup of the changed or deleted resources

Drift

  • the difference between what we have in the template used to create the stack and what is actually currently in this stack, they may be different because e.g. someone could have manually modified something

Drift detection

  • stack has a Detect Drift option that returns the drift of each resource that supports this option

Deletion of stack with a drift

  • drift is not supported by the AWS CloudFormation resource cleanup process, so if there are any unresolved resource dependencies, the deletion may fail and will need to be manually fixed

Scoping and organizing template

  • in an organization we will usually have several templates for setting up infrastructure, it is best to combine them taking into account the degree of interconnection of resources and, for example, divide them into: frontend services, backend services, shared services, network, and security

AWS Quick Starts

  • AWS Quick Starts are AWS CloudFormation templates and deployment guides prepared by AWS and partners for the most popular solutions using best practices
  • AWS Quick Starts may sound similar to AWS Marketplace Amazon Machine Images but AMIs are single-vendor solutions that run on an EC2 instance, and Quick Start is more modular, customizable and does not have to use EC2

AWS System Manager

  • even when using CloudFormation is is good to have some additional management tool, for example AWS System Manager
  • it focuses on task automation and can be used to manage on-premise and cloud infrastructure
  • features:
    • collecting software inventory
    • applying os patches
    • creating system images
    • configuring Windows and Linux
  • so its main responsibilities are defining and tracking system configuration, preventing drift and maintaining system compliance of EC2 and on-premise configuration
  • CloudFormation is used to define AWS cloud resources and System Manager is responsible for automations inside guests operating systems

AWS OpsWorks

  • configuration management service, for automating how EC2 instances are configured, deployed, and managed
  • it does not automate operational tasks across AWS resources
  • OpsWorks comes in three options:
    • AWS OpsWorks for Chef Automate
    • AWS OpsWorks for Puppet Enterprise
    • AWS OpsWorks Stacks (also uses Chef)

AWS OpsWorks Stacks

  • once we’ve created a stack, we can add layers to it, building the application as a set of cooperating layers of functionalities i.e. we have an application server layer, load balancing layer, RDS layer, etc.
  • these layers depend on Chef recipes for installing packages, deploying apps, running scripts, etc.
  • Chef cookbooks are used to install and configure packages and deploy applications. The custom cookbook must be stored in an online repository – archive (zip) or source control version (git)
  • one key OpsWorks Stacks feature is a set of lifecycle events—including Setup, Configure, Deploy, Undeploy, and Shutdown — which automatically runs a specified set of recipes at the appropriate time on each instance. Each layer can have a set of recipes that are assigned to each lifecycle event

AWS Elastic Beanstalk

  • managed service, that is responsible for automatic:
    • infrastructure provisioning and configuration
    • deployment
    • load balancing
    • scaling
    • health monitoring
    • analysis and debugging
    • logging
  • there are no additional fees for using it (only for resources that are launched)
  • resources created by Elastic Beanstalk are fully transparent, meaning they are visible in the AWS Management Console
  • platform as a service (PaaS) that allows you to quickly launch your app – you only upload the code
  • AWS Elastic Beanstalk deploys your code on:
    • Apache Tomcat for Java applications
    • Apache HTTP Server for PHP and Python applications
    • NGINX or Apache HTTP Server for Node.js applications
    • Passenger or Puma for Ruby applications
    • Microsoft Internet Information Services (IIS) for .NET, Java SE, Docker, and Go applications

How to choose right automation tool

  • Elastic Beanstalk is an easy-to-use application service for building web applications that run on Java, PHP, Node.js, Python, Ruby, or Docker. If you want to upload your code and don’t need to customize your environment, Elastic Beanstalk might be a good choice for you
  • OpsWorks enables you to launch an application, define its architecture, and define the specification for each component, including package installation, software configuration, and resources(such as storage). You can use templates for common technologies (applications servers, databases, and others), or you can build your own template.
AWS automation services scale

Both Elastic Beanstalk and OpsWorks provide a higher level of service than authoring and maintaining AWS CloudFormation templates to create stacks, or managing EC2 instances directly. The correct choice of service to use depends on your needs. You must decide which services will be the most appropriate for your use case.

Tags
Share this article!

Related Posts