AWS CloudFormation

Simplified way to model, create, and manage a collection of AWS resources. You provide a document with the resources and services your architecture requires. It is free and enables you to use version control. Even though it can create many resources, it can’t create ALL resources.

The create stack action runs the template and creates the resources. It only affects one region across multiple services. Before applying an update, you can use a Change Set to preview the changes in your infrastructure. Deletion Policies can be used to preserve or backup a resource when a stack is deleted/updated, if no policy, AWS deletes the resource.

• CreationPolicy → Resource prevents the status to reach success if conditions haven’t signaled success.

Drift is detected when a user makes a change to the infrastructure outside CloudFormation. Can be detected running drift detection.

Infrastructure as Code (IaC)

Process of provisioning and managing cloud resources being human readable and machine consumable. They allow you to roll back to previous versions.

Benefits are reusability, repeatability, and maintainability

AWS QuickStarts

Built by experts, these are quick ways to create well-architected solutions. They are based on CloudFormation templates that you can run. You can copy the files or customize them to your needs.

AWS Service Catalog

Create, manage, and distribute catalogs of approved products to end users.

• Use: Standardization of assets, self-discovery and launch, fine-grained access control, extensibility and version control.
• Works with IaC templates.
• Security → S3 and DynamoDB, encrypted at rest (KMS, AWS-owned keys) and in transit (TLS).

Templates

Templates can be written in JSON (more widely used) and YAML (less verbose and can have comments). They should be scoped to different areas, applications, or department needs.

Components (CloudFormation template version is 2010-09-09):

• Parameters → OPTIONAL section, pass values at runtime when creating/updating a stack, can be referenced by the other sections. Referenced values can be used with a Ref.
• Resources → Required (⚠️) section, defines needed resources to be created.
• Outputs → OPTIONAL section, describes the values returned when the stack is created.
• Conditions → OPTIONAL section, used to generate slight variations of architectures. Statements that define circumstances under which entities are created/configured. For example, making the same architecture run in 2 AZs.

Automate Deployments

AWS Systems Manager (SSM)

Automates operational tasks such as applying EC2 patches. Simplifies resource and application management. Can manage on-premise services or in the cloud.

Commands:

• Run Command → You can manage configuration remotely, without SSH or RDP → No bastion host.
• Maintenance Windows → Let you find windows to perform maintenance operations.
• Parameter Store → Secure storage for configuration data and secrets management.
• Patch Manager → Automates patching instances and other updates.
• State Manager → Automates process of keeping EC2 in defined states.
• Automation → Build automation workflows to configure/manage instances and resources.
• Session Manager → Manage EC2 instances via interactive shell online.
• Inventory → Visibility into EC2 and on-premises environment.
• Documents → Define actions that SSM performs on instances.

AWS OpsWorks

Configuration management service. Automates how servers are deployed, configured, and managed.

Types:

• OpsWorks For Chef Automate → Fully-managed Chef server for continuous deployment and automated testing.
• OpsWorks For Puppet Enterprise → Managed Puppet Enterprise server for workflow automation for orchestration, automated provisioning, and visualization for traceability.
• OpsWorks Stacks → Configuration management service to configure and operate services using Chef.

AWS Elastic Beanstalk

Managed service used to deploy web applications (Tomcat, Passenger, Puma, and Docker). It handles infrastructure provisioning and configuration (RDS as DB), load balancing, logging, deployment, auto scaling, health check, and analysis and debugging. It is free, you only pay for the underlying resources. All resources created are fully visible in the console.

• Enhanced Health → More detailed monitoring with a custom health agent in the AMIs.
• Logging → Application files in S3, log files can be stored in S3 or CloudWatch Logs.
• Environments:
  • Single Instance → Launch single EC2 instance.
  • Multiple Instance → Includes load balancing and automatic scaling configuration.

Lightsail

Offers everything needed to launch an application or website → Ideal for simple workloads and fast deployments. Cost-effective monthly plan.

AWS Amplify

Simplifies the development of full-stack applications. No cloud expertise required.

• Amplify Studio → Use the studio to quickly build a backend with authentication, datastore, analytics, functions, API, and many other features.
• Amplify Hosting → Fully-managed service to deploy and host web applications (similar to Elastic Beanstalk). Can also manage users and content from here.
• Use: Build a frontend, build a backend, host a web app.

AWS Device Farm

Application testing service using a range of desktop and mobile browsers. Better simulate real-world environments and reproduce errors.

• Enables automatic testing and remote access.

Migration