Terraform for Serverless.€¦ · $ terraform apply -parallelism=100 var.account_id Allowed AWS...

IP Expo Manchester

April 2019

Terraform for Serverless.

Best Practices. Lessons Learned.

IP Expo Manchester

April 2019

DevOps Landscape. Daily Challenges.

IP Expo Manchester

April 2019

If That Was Not Enough…

Introducing Serverless Landscape

IP Expo Manchester

April 2019

Serverless Landscape. Daily Challenges.

IP Expo Manchester

April 2019

Raise your hand if...

this feels like

TOO MUCHto keep up with

IP Expo Manchester

April 2019

Eugene

ISTRATI

@eistrati

About Presenter

• CTO, Tech Partner @ Mitoc Group

• Ex-AWS, ex-Hearst, ex-GrubHub

• Certified AWS Solutions Architect

• 20 Years in IT; 10 Years in Cloud

Computing; 5 Years in Enterprise IT

• Focusing on: Automation, DevOps,

Serverless

IP Expo Manchester

April 2019

Agenda

Exponential increase

in services and tools

for cloud & serverless

Provide reusable and

cloud native solutions to

large organizationsThe Devil is in Details

IP Expo Manchester

April 2019

The Problem

Exponential Increase

in Services and Tools

for Cloud & Serverless

IP Expo Manchester

April 2019

The Opportunity

$49B customer

$33B customer

$11B customer

+ other customers

IP Expo Manchester

April 2019

Enterprise Customers Love Terraform

$49B customer

$33B customer

$11B customer

+ other customers

IP Expo Manchester

April 2019

IP Expo Manchester

April 2019

Prerequisites: Terraform For Serverless

1. Understand IT-as-a-Service Spectrum

1. Understand DevOps Spectrum

2. Understand Scope & Boundaries

IP Expo Manchester

April 2019

1. Understand IT-as-a-Service Spectrum

On-Prem

Data

Application

Databases

Operation System

Virtualization

Physical Servers

Network & Storage

Data Center

Colocation

Data

Application

Databases

Operation System

Virtualization

Physical Servers

Network & Storage

Data Center

Hosting

Data

Application

Databases

Operation System

Virtualization

Physical Servers

Network & Storage

Data Center

IaaS

Data

Application

Databases

Operation System

Virtualization

Physical Servers

Network & Storage

Data Center

PaaS

Data

Application

Databases

Operation System

Virtualization

Physical Servers

Network & Storage

Data Center

SaaS

Data

Application

Databases

Operation System

Virtualization

Physical Servers

Network & Storage

Data Center

Managed by Customer Managed by Provider

IP Expo Manchester

April 2019

What Is Serverless?

IP Expo Manchester

April 2019

Serverless in IT-as-a-Service Spectrum

On-Prem

Data

Application

Databases

Operation System

Virtualization

Physical Servers

Network & Storage

Data Center

Colocation

Data

Application

Databases

Operation System

Virtualization

Physical Servers

Network & Storage

Data Center

Hosting

Data

Application

Databases

Operation System

Virtualization

Physical Servers

Network & Storage

Data Center

IaaS

Data

Application

Databases

Operation System

Virtualization

Physical Servers

Network & Storage

Data Center

PaaS

Data

Application

Databases

Operation System

Virtualization

Physical Servers

Network & Storage

Data Center

SaaS

Data

Application

Databases

Operation System

Virtualization

Physical Servers

Network & Storage

Data Center

Managed by Customer Managed by Provider

Serverless Architecture

not in scope

IP Expo Manchester

April 2019

2. Understand DevOps Spectrum

IP Expo Manchester

April 2019

3. Understand Scope & Boundaries

A

B C

IP Expo Manchester

April 2019

Terraform For Serverless

A

B C

B == Terraform

A + B + C == Terraform

For Serverless

IP Expo Manchester

April 2019


Best Practices.

Lessons Learned.

IP Expo Manchester

April 2019

Best Practice #1 (of 8)

Adopt microservices architecture; aim for 1-to-1 relationship

between serverless resources and terraform configurations

IP Expo Manchester

April 2019


Pass variables between resources using terraform remote state

IP Expo Manchester

April 2019


Avoid code build using local provisioner or external data; instead

use hooks provided by terraform orchestration tools

IP Expo Manchester

April 2019


Execute in parallel your automated terraform workflows; don’t

ignore terraform configurations dependencies

IP Expo Manchester

April 2019


Execute in parallel your automated terraform workflows; don’t

ignore terraform configurations dependencies

$ terraform apply -parallelism=100var.account_id

Allowed AWS account ID, to prevent you

from mistakenly using an incorrect one

(and potentially end up destroying a live

environment)

$ terrahub apply --auto-approve[api_gateway_rest_api] terraform apply -auto-approve

[cognito_identity_pool_es] terraform apply -auto-approve

[cloudtrail] terraform apply -auto-approve

[codebuild] terraform apply -auto-approve

[codepipeline] terraform apply -auto-approve

[cognito_user_pool_client] terraform apply -auto-approve

[cognito_user_pool] terraform apply -auto-approve

[db_subnet_group] terraform apply -auto-approve

IP Expo Manchester

April 2019


Optimize automated terraform workflows with git diff

IP Expo Manchester

April 2019


Optimize automated terraform workflows with git diff

$ terrahub run --dry-runProject: Security_Terraform

├─ IamIdp

├─ IamRoleForADadmins

├─ IamRoleForADcompliance

├─ IamRoleForADdevelopers

├─ IamRoleForADdevops

├─ IamRoleForADguests

├─ IamRoleForApiGateway

├─ IamRoleForGlue

├─ IamRoleForLambda

└─ IamCrossAccountRoleForTerrahub

$ terrahub run --dry-run --git-diff master...devProject: Security_Terraform

├─ IamRoleForApiGateway

└─ IamRoleForLambda

IP Expo Manchester

April 2019


Logically separate environments using terraform workspace

IP Expo Manchester

April 2019


Logically separate environments using terraform workspace

dev == default

IP Expo Manchester

April 2019


Overwrite environment specific values using variables precedence

IP Expo Manchester

April 2019


Overwrite environment specific values using variables precedence

https://www.terraform.io/docs/configuration/variabl

es.html#variable-precedence

https://www.terraform.io/docs/configuration/variables.html#variable-precedence

IP Expo Manchester

April 2019


Get comfortable with lots of terraform code; or use terrahub cli

IP Expo Manchester

April 2019


Get comfortable with lots of terraform code; or use terrahub cli

$ find . -name ‘*.tf*’ | xargs wc -l | grep total

33998 total

$ find . -name ‘.terrahub*.yml’ | xargs wc -l | grep total

22118 total

IP Expo Manchester

April 2019

Best Practices Summary

1. Adopt microservices architecture; aim for 1-to-1 relationship

1. Pass variables between resources using terraform remote state

1. Avoid code build using local provisioner or external data

1. Execute in parallel your automated terraform workflows; don’t ignore

terraform configurations dependencies

1. Optimize automated terraform workflows with git diff

1. Logically separate environments using terraform workspace

1. Overwrite environment specific values using variables precedence

1. Get comfortable with lots of terraform code; or use terrahub cli

IP Expo Manchester

April 2019

Lessons Learned Summary

1. Adopt microservices architecture; aim for 1-to-1 relationship

1. Pass variables between resources using terraform remote state

1. Avoid code build using local provisioner or external data

1. Execute in parallel your automated terraform workflows; don’t ignore

terraform configurations dependencies

1. Optimize automated terraform workflows with git diff

1. Logically separate environments using terraform workspace

1. Overwrite environment specific values using variables precedence

1. Get comfortable with lots of terraform code; or use terrahub cli

https://github.com/

TerraHubCorp/terrahub

https://github.com/TerraHubCorp/terrahub

https://github.com/TerraHubCorp/terrahub

IP Expo Manchester

April 2019


DEMO

https://github.com/TerraHubCorp/

demo-terraform-automation-aws

https://github.com/TerraHubCorp/demo-terraform-automation-aws

https://github.com/TerraHubCorp/demo-terraform-automation-aws

IP Expo Manchester

April 2019

IP Expo Manchester

April 2019

Terraform for Serverless.

Best Practices. Lessons Learned.

Eugene Istrati @eistrati

[email protected]

Thank You!

Terraform for Serverless.€¦ · $ terraform apply -parallelism=100 var.account_id Allowed AWS...

Documents

Transcript of Terraform for Serverless.€¦ · $ terraform apply -parallelism=100 var.account_id Allowed AWS...