1 00:00:00,720 --> 00:00:04,380 Come back with a deployment management and we start with cloud formation. 2 00:00:04,650 --> 00:00:05,970 So what is code for mission. 3 00:00:05,970 --> 00:00:10,710 Basically what you want to do is you would like to have your infrastructure as code. 4 00:00:10,740 --> 00:00:17,460 So if you hear any time in any scenario that the customer wants to have the infrastructure managed as 5 00:00:17,460 --> 00:00:22,610 code then clutterer mission must be one of the choices that you have in your mind if not the only choice. 6 00:00:22,620 --> 00:00:28,430 So it is a service that helps you model and set up your Amazon Web services and resources. 7 00:00:28,560 --> 00:00:34,680 So instead of you going manually to set up all the resources that easy to and inside their blocks and 8 00:00:34,680 --> 00:00:42,240 subnets on AGW and all that you can configure that as code in cloud formation in Jasen or YAML and that 9 00:00:42,240 --> 00:00:47,160 template when you run it through the cloud formation engine is going to translate that to it's going 10 00:00:47,160 --> 00:00:49,050 to do all that on your behalf. 11 00:00:49,170 --> 00:00:54,870 If the template is correct so it will allow you to spend less time managing the resources that you need 12 00:00:54,870 --> 00:00:59,960 in your infrastructure ass and more time focusing on the application that turn in it. 13 00:01:00,000 --> 00:01:06,930 So don't worry about the PC subnet Security Group Nikhil's AGW VZW VPN and all that. 14 00:01:06,990 --> 00:01:08,750 An easy to instance launch. 15 00:01:08,940 --> 00:01:11,000 Leave that and focus on your application. 16 00:01:11,010 --> 00:01:16,680 You can model your contribution templates using either Jason or Yamhill you create the template that 17 00:01:16,680 --> 00:01:22,710 describes the resources that you need and it will take care of provisioning and configuring those resources 18 00:01:22,710 --> 00:01:28,710 for you according to the template that you have created and the result of running your template through 19 00:01:28,710 --> 00:01:31,020 the cloud formation engine is called a stack. 20 00:01:31,020 --> 00:01:37,350 So the stack would have VBC in multi Asie multiple of anybody's on subnets easy to instances of just 21 00:01:37,350 --> 00:01:43,570 kidding Elby so on and so forth and we don't anymore individually need to create and configure the sources 22 00:01:43,590 --> 00:01:48,080 and figure out dependencies between them how can it be a template if you know what Jason and yemo. 23 00:01:48,120 --> 00:01:55,110 Well then you can do that or you can have that information designer which will enable you to draw your 24 00:01:55,110 --> 00:01:58,420 infrastructure and then it's going to give you the template that you need. 25 00:01:58,530 --> 00:02:05,110 So benefits of confirmation simplify infrastructure management using a machine you can create update 26 00:02:05,150 --> 00:02:10,320 since you are going to manage your infrastructure as code then you can maintain versions of your infrastructure 27 00:02:10,350 --> 00:02:15,030 and delete your stacks and cloud formation will take care of all that. 28 00:02:15,090 --> 00:02:20,490 Anything that you need to do is create update templates and delete if you don't want the stack anymore 29 00:02:20,580 --> 00:02:24,150 clutter mission will allow you also to quickly replicate your infrastructure. 30 00:02:24,150 --> 00:02:27,510 So let's say you are doing some testing and you do it in one region. 31 00:02:27,530 --> 00:02:28,470 Testing is done. 32 00:02:28,470 --> 00:02:29,430 Results are there. 33 00:02:29,430 --> 00:02:30,990 You have saved the results and all that. 34 00:02:30,990 --> 00:02:36,780 And then you know you need to deploy that in another region and that test included a lot of multiple 35 00:02:36,780 --> 00:02:43,110 of anybody's on route 53 it'll be easy to instances so on and so forth like all the infrastructure instead 36 00:02:43,110 --> 00:02:48,210 of doing all that manually you have the code for that infrastructure and then now we can deploy it in 37 00:02:48,300 --> 00:02:52,770 another one and you take that template and there are some dependencies on the region that you need to 38 00:02:52,770 --> 00:02:53,210 adjust. 39 00:02:53,220 --> 00:02:58,980 If not there and then you can deploy it in a different region save you a lot of time lot of hassle and 40 00:02:58,980 --> 00:03:03,440 you're testing or development environment can be up and running in almost no time. 41 00:03:03,450 --> 00:03:09,030 So what you need to do is describe your resources once in a template and then provision the same resources 42 00:03:09,030 --> 00:03:12,900 over and over again in multiple regions as many as you want. 43 00:03:12,900 --> 00:03:16,560 The other benefit is easier to track changes to your infrastructure. 44 00:03:16,560 --> 00:03:21,420 Remember when you're talking about version control that is called now change your resources upgrade 45 00:03:21,540 --> 00:03:25,580 update or rollback changes basically manager infrastructure as code. 46 00:03:25,590 --> 00:03:30,990 And that's why when you hear about infrastructure as code then you need to think platform how it works. 47 00:03:30,990 --> 00:03:31,710 Let's look at that. 48 00:03:31,710 --> 00:03:37,410 So you create the template and then you save the template locally on your computer not book or you can 49 00:03:37,570 --> 00:03:44,880 use it in an SD bucket then use it as club formation to create a stack based on your template and it 50 00:03:44,890 --> 00:03:49,450 constructs and configures your stack resources according to your template. 51 00:03:49,500 --> 00:03:55,050 So in a nutshell clutterer mission template executed or when you run it it becomes a stack. 52 00:03:55,050 --> 00:04:01,730 When you create a stack confirmation mix link service API calls to you as to provision and configure 53 00:04:01,730 --> 00:04:02,370 your resources. 54 00:04:02,370 --> 00:04:06,050 One good thing here to note confirmation integrates with cloud. 55 00:04:06,060 --> 00:04:12,960 So if I enable logging what happens my template which includes two instances includes three buckets 56 00:04:12,960 --> 00:04:17,130 includes route 53 Elby subnets creating the PCs and all that. 57 00:04:17,130 --> 00:04:19,480 So what will be logged in my cloud trail. 58 00:04:19,500 --> 00:04:25,170 What will be logged in your country logs will be all the API calls to all the services that the cloud 59 00:04:25,170 --> 00:04:28,020 formation will do on your behalf when you execute the template. 60 00:04:28,020 --> 00:04:33,510 So what happens is all the different API calls that cloud formation will do on your behalf to all the 61 00:04:33,510 --> 00:04:35,910 different services including in the template. 62 00:04:35,910 --> 00:04:40,830 All of that will be logged so you can track it you can know what happens next is really what completed 63 00:04:40,830 --> 00:04:41,900 what failed and on. 64 00:04:41,910 --> 00:04:47,040 Also one important note what if I am running a cloud formation template to create a stack but then there 65 00:04:47,040 --> 00:04:49,170 are some errors when errors happen. 66 00:04:49,170 --> 00:04:54,510 Cloud formation is going to roll back and delete everything that happened or that was created. 67 00:04:54,510 --> 00:05:01,210 Preceding that error that happened it will clean everything and nothing will be left omission can perform 68 00:05:01,240 --> 00:05:06,880 only actions that you who created the template have permission to do so when you do a mission template 69 00:05:07,150 --> 00:05:08,190 either you assign. 70 00:05:08,200 --> 00:05:14,590 And I am wrong that has all the permissions that you need for cloud formation to create and do and all 71 00:05:14,590 --> 00:05:17,200 that or it will take you. 72 00:05:17,200 --> 00:05:21,530 I am a user permissions and that will be the limit of what it can and cannot do. 73 00:05:21,550 --> 00:05:27,410 If you specify a template file stored locally locally means and your computer will upload it to an extreme 74 00:05:27,490 --> 00:05:29,210 bucket in your account. 75 00:05:29,370 --> 00:05:34,150 Clutter will create a bucket for each region in which you upload a template. 76 00:05:34,270 --> 00:05:39,080 Those markets will be accessible to anyone with areas as the permissions in your account. 77 00:05:39,100 --> 00:05:45,390 And if a bucket is created by alteration is already present the template will be added to that bucket. 78 00:05:45,420 --> 00:05:46,430 It cannot create anyone. 79 00:05:46,450 --> 00:05:50,100 You can use your own bucket and you upload the templates for that. 80 00:05:50,160 --> 00:05:54,700 So bucket then only what you need to do then is to see if you are in there as you are. 81 00:05:54,700 --> 00:06:00,100 All of that template file when you are configuring the cloud formation to whenever you need to create 82 00:06:00,100 --> 00:06:01,390 or update your stack. 83 00:06:01,390 --> 00:06:06,910 All they need to do is to provide the three or four where the template is after everything has been 84 00:06:06,910 --> 00:06:08,080 completed successfully. 85 00:06:08,080 --> 00:06:12,790 Only then permission will report that everything has been created successfully. 86 00:06:12,790 --> 00:06:17,890 And if it fails then confirmation will run back all your changes and delete the resources that were 87 00:06:17,890 --> 00:06:18,340 created. 88 00:06:18,340 --> 00:06:23,190 All right so how about updating the stack if I have created already the stack and now I need to update 89 00:06:23,190 --> 00:06:23,290 it. 90 00:06:23,290 --> 00:06:29,140 Before that let's take a step back if I have created an infrastructure that includes two instances it'll 91 00:06:29,200 --> 00:06:32,320 be route 53 and all that through cloud formation. 92 00:06:32,320 --> 00:06:37,390 After creating that infrastructure can I go ahead and play a little bit with two instances or play a 93 00:06:37,390 --> 00:06:42,100 little bit changes for the infrastructure or should I do it and update it through the stack. 94 00:06:42,100 --> 00:06:47,050 Of course it's the second one through the stack white cloud formation will maintain the status and manage 95 00:06:47,280 --> 00:06:48,300 the stack for you. 96 00:06:48,300 --> 00:06:54,240 So when you do the changes through club formation then it is in sync with what exactly is an infrastructure 97 00:06:54,250 --> 00:06:57,790 but if you do management changes what will happen is the minimal changes that you have done with the 98 00:06:57,790 --> 00:07:02,470 next update mission is going to wipe out whatever it is you have done because it doesn't know anything 99 00:07:02,470 --> 00:07:07,840 about it when you run the updated stack or that template it's going to do only what is in the template 100 00:07:07,900 --> 00:07:09,920 and it doesn't know anything about the things you have done. 101 00:07:10,150 --> 00:07:16,520 So avoid changing resources created by cloud formation manually away from cloud formation. 102 00:07:16,540 --> 00:07:23,470 So one thing we learn here is we can update the stack resources by updating the template and the template. 103 00:07:23,470 --> 00:07:27,640 And when you try to executed it yes it's going to take that and it's going to show you what changes 104 00:07:27,640 --> 00:07:29,940 will be done that is called changeset. 105 00:07:30,370 --> 00:07:35,980 So the change set it will be presented to you then you can decide either to forget about these changes 106 00:07:35,980 --> 00:07:40,800 and obliterate them but again if there's anything wrong or go ahead and deploy that sort of to stack 107 00:07:40,860 --> 00:07:46,300 create a change set by submitting a unified version of the original stack template different input parameter 108 00:07:46,300 --> 00:07:51,670 values or both depending on what changes you want to make as well compare the modified template with 109 00:07:51,670 --> 00:07:54,040 the original template and generates a change set. 110 00:07:54,040 --> 00:07:58,710 So the delta between that and the change that will list the proposed changes after review the changes 111 00:07:58,740 --> 00:08:04,200 an understanding confirming what will change you can execute or you can create a new change set. 112 00:08:04,240 --> 00:08:10,180 If you don't like or if you think that one was writing editing that template saving the updated template 113 00:08:10,260 --> 00:08:15,790 and then you can use eeriest got permission to produce or generate a change set based on these changes. 114 00:08:15,790 --> 00:08:19,630 Then you need to validate the changes and find out if this is what you want or not. 115 00:08:19,660 --> 00:08:23,980 Lastly if everything is OK then you can execute the change set to update the stack. 116 00:08:24,040 --> 00:08:29,320 You need to be careful what updates are you making and what interruptions they may have and depending 117 00:08:29,320 --> 00:08:34,810 on the resource and properties that you operating and it might interrupt or even replace an existing 118 00:08:34,810 --> 00:08:35,490 resource. 119 00:08:35,500 --> 00:08:38,560 One of the changes could be I had a somewhat odious instance. 120 00:08:38,570 --> 00:08:43,540 Now I need to move to a larger audience instance of course that will disrupt the existing audience instance 121 00:08:43,540 --> 00:08:44,560 for the transition. 122 00:08:44,560 --> 00:08:47,090 Deleting a stack can I delete a stack of course you can. 123 00:08:47,140 --> 00:08:52,360 You can create a date and delete when you do need a stack you specify the stack that you want to delete 124 00:08:52,390 --> 00:08:57,780 and cloud formation will delete the stack and all the resources in that stack are the exceptions. 125 00:08:57,780 --> 00:09:02,040 Yes sometimes we do what we call stacks that are dependent on one another. 126 00:09:02,050 --> 00:09:08,350 So let's say I have a network team that creates PCs and tablets and all that and application teams that 127 00:09:08,350 --> 00:09:14,560 will create in that same Ribisi will create two instances upload applications and all that. 128 00:09:14,590 --> 00:09:16,110 Now there are different stacks. 129 00:09:16,180 --> 00:09:20,910 Can I delete the underlying VPC without the application first deleting. 130 00:09:20,970 --> 00:09:22,520 There are only two instances you can. 131 00:09:22,570 --> 00:09:25,810 There are dependencies there so away from the dependencies. 132 00:09:25,810 --> 00:09:29,190 The fact that you are you are you should be able to delete a stack. 133 00:09:29,200 --> 00:09:34,230 Yes you can but there could be some dependencies that you need to take care of first before doing that. 134 00:09:34,240 --> 00:09:39,530 You can do it stacks by using it for Mission Control Selye or API. 135 00:09:39,880 --> 00:09:45,100 After the resources have been deleted from Mission signals that your stack has been successfully deleted 136 00:09:45,110 --> 00:09:51,410 so it gives you an acknowledgment that there is good for mission cannot delete a resource if it cannot 137 00:09:51,410 --> 00:09:51,950 read the resource. 138 00:09:52,020 --> 00:09:52,680 What will happen. 139 00:09:52,720 --> 00:09:58,630 The stack will not be deleted and any resources that haven't been deleted will remain until you successfully 140 00:09:59,400 --> 00:10:00,160 the stack. 141 00:10:00,400 --> 00:10:06,580 So if it started deleting and then at one resource it was not able to delete it then you would be stuck 142 00:10:06,580 --> 00:10:11,080 with that until you are successfully able to do that so that there might be some dependencies you need 143 00:10:11,080 --> 00:10:16,630 to take care of them and then you can delete the stack if you want to delete a stack but want to remain 144 00:10:16,660 --> 00:10:19,000 to retain some resources in that stack. 145 00:10:19,000 --> 00:10:23,910 You can use a deletion policy to retain those resources and we look at that. 146 00:10:23,920 --> 00:10:25,480 Give me an example quick one. 147 00:10:25,630 --> 00:10:30,620 I have an ebook as volume that I don't want to use that that end up as volume when I delete the stack 148 00:10:30,930 --> 00:10:32,430 to create a snapshot. 149 00:10:32,440 --> 00:10:36,970 Yes you can have an audience instance in a stack and I would like to maintain it. 150 00:10:36,970 --> 00:10:42,170 So what I need to do is I need to create what we call a deletion policy for the resource and define 151 00:10:42,190 --> 00:10:48,300 that when whenever the stack is going to be removed either retain it deleted or snapshot the cloud formation 152 00:10:48,310 --> 00:10:48,880 designer. 153 00:10:48,910 --> 00:10:53,470 As I mentioned if you don't know much about Jason or Yamla you're not comfortable to write the template 154 00:10:53,710 --> 00:10:58,900 into and on your own then you can use the classification designer which is a graphical tool for creating 155 00:10:58,900 --> 00:11:01,870 viewing and modifying cloud formation templates. 156 00:11:01,870 --> 00:11:07,700 So how does it work that designer only to do is you need in a canvas that you will be presented where 157 00:11:07,720 --> 00:11:12,640 you need to build the diagram for the template the resources using drag and drop interface. 158 00:11:12,640 --> 00:11:15,130 So you have navigation pane and then you have the compass. 159 00:11:15,130 --> 00:11:18,800 All you need to do is you need to pick easy to instance drag it and drop it. 160 00:11:18,880 --> 00:11:22,550 You need a subnet drag and drop in a gateway drug and drop it. 161 00:11:22,610 --> 00:11:29,520 And as you are drawing your infrastructure underneath there will be a choice that you can do Yamla you 162 00:11:29,530 --> 00:11:32,540 can do adjacent and then your code is being done here. 163 00:11:32,680 --> 00:11:35,090 Jason or the YAML based template. 164 00:11:35,230 --> 00:11:40,230 All right so that was quickly an introduction to conformational still have a lot to do without permission 165 00:11:40,240 --> 00:11:42,640 so let's take a break come back and continue. 166 00:11:42,640 --> 00:11:43,440 I'll see you after the break. 167 00:11:43,450 --> 00:11:43,770 Thank you.