AWS infrastructure as code: A year in review (DOP201)

AWS Infrastructure as Code Updates

Key Takeaways

  1. Infrastructure as Code Overview:

    • Infrastructure as Code (IaC) allows you to declare your infrastructure using code, which can then be provisioned by a large orchestration engine like AWS CloudFormation.
    • This enables faster, more reliable, and replicable infrastructure deployments.

  2. AWS IaC Portfolio:

    • AWS offers a range of IaC tools, including CloudFormation, Service Application Model (SAM), Amplify, and the Cloud Development Kit (CDK).
    • These tools provide different levels of abstraction and capabilities to address various infrastructure management needs.

  3. Improving Development Speed:

    • AWS has made improvements to CloudFormation to increase provisioning speed, such as the "optimistic stabilization" deployment strategy.
    • New features like the CloudFormation timeline view, linting tools, and integration with Amazon CodeGuru have been introduced to accelerate the development and testing cycle.
    • CDK has also seen enhancements, including new L2 constructs and improvements to asset management and IAM role session handling.

  4. Enhancing Deployment Safety:

    • CloudFormation change sets now provide more detailed information about the before and after values of resource properties, helping to understand the impact of changes.
    • Git sync integration and the ability to automatically post change sets in pull request comments further improve the review and approval process.
    • Amazon's internal "change guardian" tool is an example of using CloudFormation hooks to enforce deployment safety checks.

  5. Advancing Governance and Control:

    • CloudFormation hooks provide a control point to perform proactive checks on resources before they are provisioned, allowing enforcement of security and compliance best practices.
    • The introduction of managed hooks, easier authoring, and new invocation points (e.g., CloudControl API, stacks, change sets) make it more accessible for customers to implement governance controls.
    • Customer examples like Cox Automotive showcase how to gradually transition from a detective to a proactive control approach using CloudFormation hooks.

  6. Future Directions:

    • AWS is exploring ways to enable more bidirectional and fluid management of resources, allowing CloudFormation to recognize and remediate changes made outside of the IaC workflow.
    • This would involve leveraging the common resource layer and CloudControl API to provide a seamless experience for keeping infrastructure in sync.

Resources

  • Workshops: AWS CloudFormation and AWS CDK
  • Discord channels: AWS CloudFormation and AWS CDK
  • Blog posts and documentation on the latest IaC features and updates

Your Digital Journey deserves a great story.

Build one with us.

Talks
reinvent24
AWS infrastructure as code: A year in review (DOP201)
Cookies Icon

This website stores cookies on your computer.

These cookies are used to collect information about how you interact with this website and allow us to remember you. We use this information to improve and customize your browsing experience, as well as for analytics.

If you decline, your information won’t be tracked when you visit this website. A single cookie will be used in your browser to remember your preference.

 Talk to us