AWS for

developers (part 2)

Petar Marinković

petar.marinkovic@fatcatcoders.com
AWS for developers (part 2) - Infrastructure
as code
What is IaC?
IaC concepts
Terraform in Action - Shapa App (bootstrap)
Deploy prerequisites
Deploy frontend
Deploy backend
What is IaC?

Infrastructure as code is the approach to defining computing and network

infrastructure through source code that can then be treated just like any software
system. Such code can be kept in source control to allow auditability and
Reproducible Builds, subject to testing practices, and the full discipline of
Continuous Delivery. It's an approach that's been used over the last decade to
deal with growing Cloud Computing platforms and will become the dominant way
to handle computing infrastructure in the next.

Martin Fowler
IaC concepts

Write and execute code to define, deploy, update, and destroy your infrastructure

Automate the creation of your infrastructure and applications on public cloud (AWS, Azure, GCP),
on-premise hypervisors (VMware, OpenStack, Kubernetes) or bare metal servers (Linux / Unix,
Windows)

What kind of code - five categories of IaC

1. Ad-hoc scripts (Bash, PowerShell, Python, any scripting language of your choice) - hard to
manage / not idempotent
2. Configuration management tools (install and manage software on the systems - Ansible,
Puppet, Chef, SaltStack) - used for managing and updating infrastructure, but not defining it
3. Server templating tools (Docker, Packer, Vagrant) - makes an image, but needs to deploy it
“somewhere”
4. Orchestration tools (Kubernetes, Docker Swarm, Mesos, AWS ECS, VMware vSphere) - all
about YAML :)
5. Provisioning tools (Terraform, AWS CloudFormation, OpenStack Heat) - Terraform becoming
“synonym” for IAC
Terraform in Action - Shapa app (bootstrap)

Terraform bootstrap - Terraform state, provider, variables

Terraform commands - Terraform init, Terraform plan, Terraform apply

When to commit?

How to organize Terraform HCL / code ?

What if something goes wrong?

Deploy prerequisites

S3 and DynamoDB - for Terraform state storing

VPC (and VPC components) - to provide networking for ECS / EKS (backend
hosting)

IAM - provision users, groups, IAM roles

CloudTrail - for API logging

Certificates, KMS, DNS

Deploy frontend

S3 - to host your static website

CloudFront - to serve it via CDN with HTTPS, redirects, etc

Deploy backend

ECS cluster - use Fargate for serverless hosting without managing servers

ECS tasks - which Docker image to use, what env variables / secrets, Docker
configuration

ECS services - where and how to expose ECS task

Application Load Balancing - route several ECS tasks based on their host / path
rules

RDS - store relational data

Thank you!