AWS Infrastructure Services


Infrastructure Services

 AWS CloudFormation 

 AWS CloudFormation provides several built-in functions that help you manage your stacks. Use intrinsic functions in your templates to assign values to properties that are not available until runtime.

Currently, you can use intrinsic functions in resource properties, outputs, metadata attributes, and update policy attributes. You can also use intrinsic functions to conditionally create stack resources.

Examples - Fn::Base64, GetAtt, GetAZ, Select, Join, Sub, Transform, Ref

The Fn::GetAtt intrinsic function returns the value of an attribute from a resource in the template. 

The intrinsic function Fn::Transform specifies a macro to perform custom processing on part of a stack template. Macros enable you to perform custom processing on templates, from simple actions like find-and-replace operations to extensive transformations of entire templates. 

The intrinsic function Ref returns the value of the specified parameter or resource.

Pseudo parameters are parameters that are predefined by AWS CloudFormation. You don't declare them in your template. Use them the same way as you would a parameter, as the argument for the Ref function.

Examples AWS::AccountId, Region, 

You can use a wait condition for situations like:

  • To track the status of a configuration process.

  • To coordinate stack resource creation with configuration actions that are external to the stack creation.

"WaitCondition": { "Type": "AWS::CloudFormation::WaitCondition",

The AWS::CloudFormation::StackSet enables you to provision stacks into AWS accounts and across Regions by using a single CloudFormation template. In the stack set, you specify the template to use, as well as any parameters and capabilities that the template requires.
  1. Cloudformation max resources per template - 500
  2. Cloudformation max parameters, mappings, outputs - 200
  3. CloudFormation provides a WaitCondition resource that acts as a barrier and blocks the creation of other resources until a completion signal is received from an external source, such as a user application or management system.
  4. AWS CloudFormation intrinsic functions are special actions you use in your template to assign values to properties not available until runtime. 
  5. Add an UpdatePolicy attribute to your Auto Scaling group (AWS::AutoScaling::LaunchConfiguration)  to perform rolling updates.
  6. You can use AWS CodeDeploy to deploy an application to Amazon EC2 instances running within an Amazon Virtual Private Cloud (VPC). However, the AWS CodeDeploy agent installed on the Amazon EC2 instances must be able to access the public AWS CodeDeploy and Amazon S3 service endpoints.
  7. CF manages ASG not EC2
    1. Creation Policy - define success conditions for launch of EC2 instances.
    2. Update Policy - Define update strategies for underlying EC2
    3. Deletion Policy - to avoid resource getting deleted when template is deleted set DeletionPolicy = Retain.
  8. The parameters in an AWS CloudFormation template define the set of values that users can specify when creating a stack. A template constraint consists of one or more rules that narrow the allowable values for parameters that are defined in the product's underlying AWS CloudFormation template.
  9. Optimizing a Cloudformation template to reduce the number of parameters passed using Service Catalog
    1. Create a new portfolio for the services in AWS Service Catalog. 
    2. Create a new AWS CloudFormation template for each service. 
    3. Alter the existing templates to use cross-stack references to eliminate passing many parameters to each template. 
    4. Call each required stack for the application as a nested stack from the new stack. 
    5. Create a product for each application. 
    6. Add the service template to the product. 
    7. Add each new product to the portfolio. 
    8. Deploy the product from the portfolio to deploy the service with the necessary parameters only to start the deployment.
  10. You specify a DeletionPolicy attribute for each resource that you want to control. If a resource has no DeletionPolicy attribute, AWS CloudFormation deletes the resource by default. With the DeletionPolicy attribute you can preserve, and in some cases, backup a resource when its stack is deleted.
  11. The values for DeletionPolicy are Retain, Snapshot and Delete.
    1. S3 has Retain and Delete attribute only
    2. ElastiCache, RDS has Snapshot also
  12. Use permission of IAM principal.
  13. Cross Stack  - Different lifecycles - e.g App refers to VPC stack - When you need to pass export values to stacks use Output Export and Fn::importValue
  14. Nested Stack - Reusing components - 
  15. Cloudformer - Creating template from manually created resources 
  1. OpsWorks - With AWS OpsWorks, you can automate how nodes are configured, deployed, and managed, whether they are Amazon EC2 instances or on-premises devices.
    1. The stack is the top-level AWS OpsWorks Stacks entity.  AWS OpsWorks Stacks lets you manage applications and servers on AWS and on-premises. With OpsWorks Stacks, you can model your application as a stack containing different layers, such as load balancing, database, and application server. 
    2. OpsWorks Stacks lets you set automatic scaling for your servers based on preset schedules or in response to changing traffic levels, and it uses lifecycle hooks to orchestrate changes as your environment scales.
    3. You cannot configure an instance directly, You must create and configure an appropriate layer, and add the instance to the layer.
    4. Layers depend on Chef recipes to handle tasks such as installing packages on instances, deploying apps, and running scripts.
    5. OpsWorks Stacks can auto heal your stack. If an instance fails in your stack, OpsWorks Stacks can replace it with a new one.
  2. SAM
    1. The AWS Serverless Application Model (SAM) is an open source framework for building serverless applications. 
    2. You define the application you want with just a few lines per resource and model it using YAML. During deployment, SAM transforms and expands the SAM syntax into AWS CloudFormation syntax. Then, CloudFormation provisions your resources with reliable deployment capabilities.
    3. The traffic shifting feature of SAM can be used to test the new version of function without having to manually move 100% of the traffic to the new version in one shot.
  3. Code Deploy - AWS CodeDeploy has three deployment options:
    1.  Canary - Traffic is shifted in two increments. 
    2. Linear - Traffic is shifted in equal increments with an equal number of minutes between each increment.
    3. All at once - All traffic is shifted from the original Lambda function to the updated Lambda function version at once.
    4. Agents will be required on the instances.
    5. Default is in-place deployments.
    6. Hooks can be used to validate after deployment phase.
    7. Half at a time deployment - as name implies half of the instances are taken offline and upgraded to next version.  Then the 2nd half is upgraded.
    8. CodeDeploy makes it easy to gradually and safely deploy updates to Lambda, and it is supported by SAM. AWS CodeDeploy leverages Lambda’s traffic shifting capabilities to automate the gradual rollout of new function versions. Pre-traffic Lambda function can be used to test the new version before shifting. Post-traffic lambda function can be used to run tests after shifting. Post this v1 of Lambda can be brought down.
    9. SAM uses CodeDeploy natively for traffic shifting.
  4. CDK
    1. A construct represents a "cloud component" and encapsulates everything AWS CloudFormation needs to create the component.
    2. Composition is the key pattern for defining higher-level abstractions through constructs.
    3. The App construct doesn't require any initialization arguments, because it's the only construct that can be used as a root for the construct tree. 
    4. App Lifecycle
      1. Construct
      2. Prepare
      3. Validate
      4. Synthesize
      5. Deploy
    5. The unit of deployment in the AWS CDK is called a stack. All AWS resources defined within the scope of a stack, either directly or indirectly, are provisioned as a single unit.

Comments

Post a Comment

Popular posts from this blog

AWS Organizations, IAM

Image
Active Directory AD Connector is a directory gateway with which you can redirect directory requests to your on-premises Microsoft Active Directory without caching any information in the cloud. AD Connector comes in two sizes, small and large. You can spread application loads across multiple AD Connectors to scale to your performance needs.  AD Connector is your best choice when you want to use your existing on-premises directory with AWS services. AD Connectors and your on-premises AD domains have a 1-to-1 relationship.  Your end users and IT administrators can use their existing corporate credentials to log on to AWS applications such as WorkSpaces, Amazon WorkDocs, or Amazon WorkMail. Simple AD is a standalone managed directory.  Small - Supports up to 500 users,  Large - Supports up to 5,000 users.  Simple AD does not support features such as multi-factor authentication (MFA), trust relationships with other domains.  AWS Directory Service lets you run Microsoft Active Directory (AD)
Read more

Key Concepts

A  resource group  is a collection of AWS resources that are all in the same AWS Region, and that match the criteria specified in the group's query.  Tag-based queries include lists of resources and tags.  In an AWS CloudFormation stack-based query, you choose an AWS CloudFormation stack in your account in the current region, and then choose resource types within the stack that you want to be in the group.   You can use  resource groups  to organize your AWS resources. AWS Resource Groups is the service that lets you manage and automate tasks on large numbers of resources at one time.  With Resource Groups, you can create a custom console that organizes and consolidates information based on criteria specified in tags, or the resources in an AWS CloudFormation stack.  Transfer Family - Supports connecting to S3 or EFS through FTPS/SFTP/FTP protocols.  The hostname for the endpoint can also configured with R53.  The transfer family can be associated with Elastic IP. Security group pe
Read more

Linear Algebra Concepts

Vector Spaces Rank of matrix is the number of non zero rows in REF form. Alternatively rank of matrix is = total number of columns - total number of dependent columns. In the REF form, If a column of a matrix can be expressed in terms of other columns then it is a dependent vector. The vectors on the left most side with leading 1 at the col number position ( 1 at 1st row 1st col, 1 at 2nd row 2nd col, likewise) then such columns are linearly independent columns. For linerarly independence a1v1+a2v2+a3v3=0 where v1,v2,v3 are vectors and a1,a2,a3 are scalars. Span of a vector space is all the possible vectors which can be formed using the basis vectors. Basis vectors are linearly independent vectors which can span the vector space. Column space is all possible set of vectors formed by the column vectors. Row space is all possible set of vectors formed by the row vectors. Dimension of a row space or column space is equal to its rank. Null space or kernel of a matrix is any vector x which
Read more