Deployment automation for an AWS Serverless project: SAM vs CloudFormation vs Terraform

A presentation at AWS Community Summit UK 2019 in April 2019 in Manchester, UK by Bruno Amaro Almeida

Slide 1

Slide 1

Deployment automation for an AWS Serverless project: SAM vs CloudFormation vs Terraform AWS Community Summit UK 02.04.2019 Bruno Amaro Almeida BERLIN · HELSINKI · LONDON · MUNICH · OSLO · STOCKHOLM · TAMPERE

Slide 2

Slide 2

2nd level subsection title Subtitle

Slide 3

Slide 3

$ whoami Principal Architect & Technology Advisor @ Futurice ” native, based in # Architecture, Cloud, Security, DevOps & AI ! coffee, music, travel & indoor climbing Reach out on: @bruno_amaro BERLIN · HELSINKI · LONDON · MUNICH · OSLO · STOCKHOLM · TAMPERE @brunoamaroalmeida

Slide 4

Slide 4

Why is Deployment Automation Important? AUTOMATE AND DEPLOY (…) provisions your resources in a safe, repeatable manner, allowing you to build and rebuild your infrastructure and applications, without having to perform manual actions or write custom scripts. source: aws.amazon.com REASONS FOR AUTOMATING INFRASTRUCTURE • Repeatable re-deployable infrastructure • Documented maintainable infrastructure • Scalable solutions • Huge Architectures • Complex systems source: google cloud platform

Slide 5

Slide 5

[UNPOPULAR OPINION]: NOT EVERYTHING NEEDS TO BE AUTOMATED BERLIN · HELSINKI · LONDON · MUNICH · OSLO · STOCKHOLM · TAMPERE Photo by Steve Johnson on Unsplash

Slide 6

Slide 6

A Serverless App • 1 x Static Website Allows the visitor to select an option. • 1 x API Process the chosen option and saves the result. Visit hello.devopssquad.com today ! BERLIN · HELSINKI · LONDON · MUNICH · OSLO · STOCKHOLM · TAMPERE

Slide 7

Slide 7

Architecture

Slide 8

Slide 8

Athena & QuickSight for Results

Slide 9

Slide 9

“ AWS CloudFormation provides a common language for you to describe and provision all the infrastructure resources in your cloud environment. CloudFormation allows you to use a simple text file to model and provision, in an automated and secure manner, all the resources needed for your applications across all regions and accounts. source: aws.amazon.com

Slide 10

Slide 10

CloudFormation (optional) Parameters Resources (optional) Outputs Other sections (optional): Transforms, Mappings, Conditions, etc

Slide 11

Slide 11

“ The AWS Serverless Application Model extends AWS CloudFormation to provide a simplified way of defining the Amazon API Gateway APIs, AWS Lambda functions, and Amazon DynamoDB tables needed by your serverless application.” source: aws.amazon.com

Slide 12

Slide 12

Serverless Application Model AWS::IAM::Role AWS::Lambda::Function AWS::Lambda::Permission AWS::ApiGateway::RestApi AWS::ApiGateway::Resource AWS::ApiGateway::Method AWS::ApiGateway::Deployment AWS::ApiGateway::Stage AWS::ApiGateway::Method AWS::ApiGateway::ApiKey AWS::ApiGateway::UsagePlan AWS::ApiGateway::UsagePlanKey AWS::ApiGateway::DomainName AWS::ApiGateway::BasePathMapping AWS::Route53::RecordSetGroup AWS::S3::Bucket AWS::S3::BucketPolicy AWS::Serverless::Api (*) AWS::Serverless::Function CloudFormation SAM

Slide 13

Slide 13

Serverless Application Model • Local debugging and testing • Zip the lambda dir & S3 upload • Outputs a new template file ( packaged.yaml ) • Allow publishing to public repository

Slide 14

Slide 14

“ Terraform is a tool for building, changing, and versioning infrastructure safely and efficiently. Terraform can manage existing and popular service providers as well as custom inhouse solutions.” source: terraform.io

Slide 15

Slide 15

Terraform • Open Source project from Hashicorp • Multi-Cloud support (AWS, Azure, GCP, etc) • Multiple providers and services to be combined and composed • Separation between planning and execution phase • Module Registry

Slide 16

Slide 16

Terraform Init Plan

Slide 17

Slide 17

Terraform (Optional) Generate resource graph Apply

Slide 18

Slide 18

CloudFormation vs SAM vs Terraform Serverless Application Model CloudFormation Pro Pro: Pro: Terraform • AWS Native • Extension of AWS CloudFormation • Open Source project from Hashicorp • Fully supported by AWS • Ability to local debugging and testing • Module Registry • Free of charge • Easier packaging • Multiple providers to be combined and composed • JSON or YAML • AWS Serverless Application Repository • Multi-Cloud support (AWS, Azure, GCP, etc) • Con Con: Con: Hard to troubleshoot • Only covers some AWS Resources • Not AWS Native and Support is paid • Couple of workarounds here and there ¯_( )/¯ • Not so easy to write templates • Documentation is not at a good level ¯_( • )/¯ You still end up writting the usual CF to workaround missing features ¯_( )_/¯ • Multi-Cloud support • Resource Graphs • Separate planning and execution phase • Remote state files (chicken or the egg)

Slide 19

Slide 19

Thank you! Kiitos! Danke! Tack! Bruno Almeida PRINCIPAL ARCHITECT & TECHNOLOGY ADVISOR Cloud, Security, DevOps, Data Engineering & AI Reach out on: @bruno_amaro @brunoamaroalmeida BERLIN · HELSINKI · LONDON · MUNICH · OSLO · STOCKHOLM · TAMPERE