It was once said that a great piece of software should be able to do things its creator never anticipated. In this session, you will learn how to use AWS CloudFormation to lay the foundation for modular, reusable AWS resources, build an infrastructure service catalog, and use dynamic programming languages to control templates at scale. You will also learn about the latest tools that control AWS CloudFormation and best practices for using these tools to scale your current "infrastructure as code". Session sponsored by Logicworks.

1. Advanced Infrastructure as Code
Building Dynamic, Modular AWS CloudFormation Stacks
Thomas “T-Rex” Rectenwald
Senior Systems Engineer, DevOps
Logicworks
www.logicworks.net
©2016 Logicworks. All Rights Reserved.

2. About Logicworks
We design, build, automate, and manage cloud infrastructure for enterprise IT.
Cloud Strategy
& Migration
Managed
Cloud
Cloud
Security
DevOps
Automation
©2016 Logicworks. All Rights Reserved. 2

3. The days when IT managed
monolithic, infrequently modified
systems are long gone.
©2014 Logicworks. All Rights Reserved. 3

4. How to efficiently manage
multiple stacks?
Manage infrastructure as code.
©2014 Logicworks. All Rights Reserved. 4

5. What is Infrastructure as Code?
©2016 Logicworks. All Rights Reserved. 5
✗✔
• State machine
• Versioned
• Essential part of
deployment
process
• One-off
• Just a quick way
to script an
environment

6. IaC is young
AWS CloudFormation is
awesome but unforgiving
Risk of over-engineering and
assuming a perfect world
IaC implemented incorrectly
can be dangerous
Stack Anarchy
©2016 Logicworks. All Rights Reserved. 6

7. Agenda
©2016 Logicworks. All Rights Reserved. 7
① AWS CloudFormationFundamentals
② Advanced Best Practices
▪ Stack Organization
▪ Naming Conventions
▪ Blast Radius
③ Creating a ServiceCatalog
④ Dynamic AWS CloudFormation & Beyond

8. Build network foundation
Configure gateways and access points
Install management services, like Puppet
Allocate Amazon S3buckets
Attach encrypted volumes
Control and manage access though AWS Identity & Access
Management (IAM)
Register DNS names with Amazon Route 53
Configure logshipping and retention
① AWS CloudFormation Fundamentals
©2016 Logicworks. All Rights Reserved. 8
WHAT CLOUDFORMATION DOES:

9. ② Best Practices: Stack Organization
©2016 Logicworks. All Rights Reserved. 9
QA Stage Production
ASGs
Security Groups
Layered Architecture
Instances ELBs
Various
Substacks

10. ② Best Practices: Stack Organization
©2016 Logicworks. All Rights Reserved. 10
Instances,
ASGs, ELBs,
etc.
Service Oriented Architecture
Networks
(VPCs, routes,
subnets, etc.)
Security
Groups
IAM
(Global
Resource)

11. ② Best Practices: Naming Conventions
©2016 Logicworks. All Rights Reserved. 11

12. ② Best Practices: Stack Organization
QA
©2016 Logicworks. All Rights Reserved. 12
Stage Production
ASGs
Security Groups
Instances ELBs
Various
Substacks✗
Layered Architecture

13. ② Best Practices: Stack Organization
ASGs
Security Groups
Instances ELBs
Various
Substacks✗
Q✗A
S✗tag
e
Prod✗uction
Layered Architecture
©2016 Logicworks. All Rights Reserved. 13

14. ② Best Practices: Blast Radius
Instances,
©2016 Logicworks. All Rights Reserved. 14
ASGs, ELBs,
etc.
Networks
(VPCs, routes,
subnets, etc.)
Security
Groups
IAM
(Global
Resource)✗
Service Oriented Architecture

15. ③ Service Catalog
High Performance
Multi-Region
PCI Compliant Template
Security/Compliance
Low Cost
Non-Compliant
Development Template
Performance / Availability
AWS Service Catalog
©2016 Logicworks. All Rights Reserved. 15

16. (Isn’t it time we stopped worrying about this stuff?)
③ Service Catalog: Too Much to Manage?
Route
Tables
©2016 Logicworks. All Rights Reserved. 16
Load
Balancers
Security
Groups
VPCs
Subnets
Access
Policies
S3 Bucket
Policies
IAM
Roles
DR
Instances

17. ③ Service Catalog: Framework
©2016 Logicworks. All Rights Reserved. 17
AWS CloudFormation
is the right medium,
but is it the righttool?
What you really need:
a framework

18. ④ Dynamic CloudFormation: Troposphere
The Goal: Generate JSON, do
not develop in it.
• Use a real programming
language not a dataformat
• Enjoy variables, libraries,
easy integration into CI/CD
• Infrastructure as an
Application
©2016 Logicworks. All Rights Reserved. 18

19. Troposphere Demo
©2016 Logicworks. All Rights Reserved. 19

20. ④ Dynamic CloudFormation: SparkleFormation
©2016 Logicworks. All Rights Reserved. 20

21. ④ Dynamic CloudFormation: “Beyond”
AWS CloudFormation
©2016 Logicworks. All Rights Reserved. 21

22. The Big Picture: Dynamic CloudFormation
Static
Templates
Dynamic
Program
Instruction
Function-Based
Programming
</HTML>
AWS
CloudFormation
SparkleFormation
Troposphere
AWS Lambda
©2016 Logicworks. All Rights Reserved. 22

23. 1. Build templates, not snowflakes
2. Create central management & governance by making
templates available in self-service fashion to productteams
3. Investigate new, more flexible abstraction layers to manage
multiple templates
©2016 Logicworks. All Rights Reserved. 23
Summary: What to Do Now

24. Questions?
©2015 Logicworks. All Rights Reserved.
Thomas “T-Rex” Rectenwald
Logicworks
www.logicworks.net
Visit Logicworks’ Booth #433 for more information on AWS Managed Services