CloudFormation experience
0 likes193 views
The document outlines the structure and components of AWS CloudFormation templates and the Serverless Application Model (SAM). It provides examples of template elements including parameters, resources, and outputs, as well as a mapping for different environments like production, QA, and development. Additionally, it discusses SAM resources, their features, and practical applications, highlighting potential drawbacks and integration with AWS services.
![Template Structure
AWSTemplateFormatVersion: "version date"
Description:
String
Metadata:
template metadata
Parameters:
set of parameters
Mappings:
set of mappings
Conditions:
set of conditions
Transform:
set of transforms
Resources:
set of resources
Outputs:
set of outputs
Mappings:
TemplateMapping:
prod:
lambdaName: "ProdLambda"
apiGatewayStageName: "prod01"
qa:
lambdaName: "QaLambda"
apiGatewayStageName: "qa02"
dev:
lambdaName: "DevLambda"
apiGatewayStageName: "dev"
FunctionName:
Fn::FindInMap: ["TemplateMapping", !Ref Environment, "lambdaName"]](https://image.slidesharecdn.com/cloudformationexperience-191017104456/85/CloudFormation-experience-8-320.jpg)
![Template Structure
AWSTemplateFormatVersion: "version date"
Description:
String
Metadata:
template metadata
Parameters:
set of parameters
Mappings:
set of mappings
Conditions:
set of conditions
Transform:
set of transforms
Resources:
set of resources
Outputs:
set of outputs
Conditions:
ProdEnvironment: !Equals [!Ref Environment, "prod"]
Resources:
KinesisStream:
Type: "AWS::Kinesis::Stream"
Condition: ProdEnvironment
DeletionPolicy: Delete
Properties:
...
Outputs:
kinesisId:
Value: !Ref KinesisStream
Export:
Name: !Sub "${Environment}-kinesis-id"](https://image.slidesharecdn.com/cloudformationexperience-191017104456/85/CloudFormation-experience-9-320.jpg)
![WorkerLambdaResource:
Type: "AWS::Lambda::Function"
Properties:
FunctionName: !FindInMap ["TemplateMapping", !Ref Environment, "lambdaName"]
Role: !Sub "arn:aws:iam::${AWS::AccountId}:role/lambda-role"
MemorySize: 512
Runtime: java8
Code:
S3Bucket: "lambda-functions"
S3Key: "worker.jar"
Handler: "com.example.ExampleHandler"
VpcConfig:
SecurityGroupIds: [sg-085912345678492fb]
SubnetIds:
- subnet-071f712345678e7c8
- subnet-07fd123456788a036
Environment:
Variables:
param: value
lambda_environment: !Ref Environment](https://image.slidesharecdn.com/cloudformationexperience-191017104456/85/CloudFormation-experience-11-320.jpg)
CloudFormation experience
- 2. Menu ● appetizer: Amazon Services ● main course: CloudFormation basis ● desert: Serverless Application Model (SAM)
- 4. Imagine Flow
- 5. What is my main course?
- 7. Template Structure AWSTemplateFormatVersion: "version date" Description: String Metadata: template metadata Parameters: set of parameters Mappings: set of mappings Conditions: set of conditions Transform: set of transforms Resources: set of resources Outputs: set of outputs AWSTemplateFormatVersion: "2010-09-09" Description: "CloudFormation template Example" Metadata: Databases: "Information about databases" Instances: "Information about EC2 instances" Parameters: KinesisShardCount: Type: Number Default: 3 MinValue: 1 MaxValue: 10 Environment: Type: String Default: qa AllowedValues: - "prod" - "qa" - "dev"
- 8. Template Structure AWSTemplateFormatVersion: "version date" Description: String Metadata: template metadata Parameters: set of parameters Mappings: set of mappings Conditions: set of conditions Transform: set of transforms Resources: set of resources Outputs: set of outputs Mappings: TemplateMapping: prod: lambdaName: "ProdLambda" apiGatewayStageName: "prod01" qa: lambdaName: "QaLambda" apiGatewayStageName: "qa02" dev: lambdaName: "DevLambda" apiGatewayStageName: "dev" FunctionName: Fn::FindInMap: ["TemplateMapping", !Ref Environment, "lambdaName"]
- 9. Template Structure AWSTemplateFormatVersion: "version date" Description: String Metadata: template metadata Parameters: set of parameters Mappings: set of mappings Conditions: set of conditions Transform: set of transforms Resources: set of resources Outputs: set of outputs Conditions: ProdEnvironment: !Equals [!Ref Environment, "prod"] Resources: KinesisStream: Type: "AWS::Kinesis::Stream" Condition: ProdEnvironment DeletionPolicy: Delete Properties: ... Outputs: kinesisId: Value: !Ref KinesisStream Export: Name: !Sub "${Environment}-kinesis-id"
- 10. CloudFormation SNS Resource Type: AWS::SNS::Topic Properties: DisplayName: String KmsMasterKeyId: String TopicName: String Subscription: - Subscription EmailNotification: Type: "AWS::SNS::Topic" Properties: TopicName: "interesting-information" Subscription: - "some.address@email.com" - "one.more.address@email.com"
- 11. WorkerLambdaResource: Type: "AWS::Lambda::Function" Properties: FunctionName: !FindInMap ["TemplateMapping", !Ref Environment, "lambdaName"] Role: !Sub "arn:aws:iam::${AWS::AccountId}:role/lambda-role" MemorySize: 512 Runtime: java8 Code: S3Bucket: "lambda-functions" S3Key: "worker.jar" Handler: "com.example.ExampleHandler" VpcConfig: SecurityGroupIds: [sg-085912345678492fb] SubnetIds: - subnet-071f712345678e7c8 - subnet-07fd123456788a036 Environment: Variables: param: value lambda_environment: !Ref Environment
- 12. Dessert please
- 13. Serverless Application Model Transform: "AWS::Serverless-2016-10-31"
- 14. Serverless Resource types ● AWS::Serverless::Function ● AWS::Serverless::Api ● AWS::Serverless::Application ● AWS::Serverless::SimpleTable ● AWS::Serverless::LayerVersion
- 15. SAM Features Globals Section Globals: Function: Runtime: nodejs6.10 Timeout: 180 Handler: index.handler Environment: Variables: TABLE_NAME: data-table Api: EndpointConfiguration: REGIONAL Cors: "'www.example.com'" SimpleTable: SSESpecification: SSEEnabled: true
- 16. API Gateway CloudFormation Resources ● API Gateway account ● REST API ● ... ● Resources hierarchy ● Methods ● Stages ● Deployments ● API key ● Custom domain name ● CORS (OPTIONS methods)
- 17. API Gateway Serverless Resources Globals: Api: EndpointConfiguration: REGIONAL Cors: AllowHeaders: "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token'" AllowMethods: "'POST,GET,OPTIONS'" AllowOrigin: "'www.example.com'" MethodSettings: - HttpMethod: GET ResourcePath: "/api/v1" LoggingLevel: INFO MetricsEnabled: false CachingEnabled: false ThrottlingRateLimit: 10000 ThrottlingBurstLimit: 5000 Resources: ExampleRestApi: Type: "AWS::Serverless::Api" Properties: Name: "REST API Example" StageName: !Ref Environment DefinitionUri: Bucket: api-bucket Key: swagger.yml
- 18. WorkerLambdaResorce: Type: "AWS::Serverless::Function" Properties: FunctionName: worker-service Role: !Sub "arn:aws:iam::${AWS::AccountId}:role/lambda-role" Runtime: java8 MemorySize: 512 AutoPublishAlias: !Ref Environment CodeUri: S3Bucket: "lambda-functions" S3Key: "worker.jar" Handler: "com.example.ExampleHandler" Environment: Variables: lambda_environment: !Ref Environment Events: GetResource: Type: Api Properties: Path: "/api/v1/worker" Method: GET
- 19. SAM Drawbacks - API Key creation does not support - AWS::Serverless::API creates additional stage - Lambda permission issue Events: PostResource: Type: Api Properties: RestApiId: !Ref ExampleRestApi Path: "/api/v1/worker" Method: GET LambdaInvokePermission: Type: "AWS::Lambda::Permission" Properties: FunctionName: !Ref WorkerLambdaResorce Action: "lambda:InvokeFunction" ...
- 20. Practical Use 1. One text file described your resources 2. Integration with AWS Code Pipeline 3. Work with AWS Service Catalog
- 21. Questions