## Deploy Infrastructure as Code (IAC)

### Introduction

https://www.youtube.com/watch?v=ELgbgj4NhAM

## What is (Cloud) Infrastructure?
Cloud services are broadly categorized as Software as a Service (SaaS), Platform as a Service (PaaS), or Infrastructure as a Service (IaaS). Cloud is a collection of geographically distributed data centers that are logically grouped into regions and availability-zones.

The IaaS allows a user to provision Virtual Machines (VMs), set up networks (VPC), create subnets, and associate necessary security features. Further, VMs can be attached to storage volumes, different networks, or servers. All the resources mentioned above are referred to as Infrastructure.

The diagram below shows various cloud infrastructure resources that we will learn to provision on the AWS cloud using the AWS command line and CloudFormation tools. These are the primary resources that are required to build a web app architecture.

![image.png](attachment:f4b73f1c-cf84-401c-b051-a468e73cd7ad.png)

Configuring and managing various infrastructure resources on AWS cloud using CloudFormation

## Prerequisites

To ensure a smooth start to this course, it's recommended that you have some prior knowledge in the following areas:

Familiarity with the AWS Console and basic understanding of core AWS services such as Amazon S3, AWS IAM, AWS EC2, and AWS RDS.
Understanding of what the AWS CLI is and how it works.
Ability to create and maintain YAML files, which will be a crucial part of our Infrastructure as Code practices.
A grasp of computer networking basics, as this knowledge will be helpful in understanding some concepts we'll cover in the course.
Some basic scripting knowledge, as we'll be using scripts to automate our infrastructure deployment
If you don't feel confident in any of these topics, don't worry. We'll provide you with some useful resources and explanations whenever possible. In the meantime, let's put this knowledge to the test!

![image.png](attachment:9d9f57ad-5317-4bef-b656-5f2924f616cf.png)

![image.png](attachment:b0afef65-59ea-44a9-b642-afa087adf088.png)

![image.png](attachment:217d23b8-80e2-4999-acf9-639c9b6b5448.png)

![image.png](attachment:80956761-fb6b-4edf-9baf-5c7f23a057f1.png)

## Course Overview

https://www.youtube.com/watch?v=iKYE3YToVN4

Course Objectives
In this course, you will learn to provision cloud-infrastructure resources using code and industry standard practices. We will use AWS as a cloud service provider. After completing the course, you will be able to:

Make use of the Cloud Formation tool to provision and manage cloud infrastructure.
Create diagrams for web application architectures that represent how different resources can be placed in the cloud.
Provision networking components such as VPCs, subnets, route tables, and internet gateway as a part of your cloud infrastructure, following security and high availability principles.
Deploy and configure groups of servers complying with real world scenarios and conditions.
Add other AWS services to your architectural designs, like RDS databases or S3 buckets.
Lesson Objectives
After completing this lesson, you will be able to:

Describe Infrastructure as a Code (IAC) as one of the best practices used in the DevOps model.
Configure the AWS CLI using the AWS Identity and Access Management (IAM) service.
Explain the fundamentals of CloudFormation.
Contrast the manual vs. automated (script-based) provisioning of cloud resources.

## What is DevOps

https://www.youtube.com/watch?v=mPw3zBGyQV0

DevOps is the combination of industry best practices, and set of tools that improve an organization’s ability to:

Increase the speed of software delivery
Increases the speed of software evolution
Have better reliability of the software
Have scalability using automation,
Improved collaboration among teams.
In other words, these tools enable a company to showcase industry best practices in software development.

![image.png](attachment:6ecfa923-c299-41f3-b537-d257dde3fba0.png)

## Why you need DevOps

https://www.youtube.com/watch?v=E_LPxEzatDI

Issues that DevOps tries to solve:
Unpredictable deployments
Mismatched environments (development doesn’t match production)
Configuration Drift

![image.png](attachment:8c222308-2081-46d3-a1a3-473b67d9db04.png)

## What are the benefits of Cloud DevOps?

https://www.youtube.com/watch?v=7EW0A-qlzFw

DevOps Best Practices and Tools
One of the benefits of using DevOps is that it allows predictable deployments using automated scripts. In the DevOps model, development and operations teams are merged into a single team. These DevOps teams use a few tools and best practices that deploy and manage configuration changes to servers. Stackexchange(opens in a new tab) has a discussion post detailing the difference between DevOps tools vs. Software Configuration Tools.

The most important practices are:

Continuous Integration / Continuous Delivery (CI/CD) - new features are automatically deployed with all the required dependencies.
Infrastructure as Code (IaaC) - configuration and management of cloud infrastructure using re-usable scripts.
Other prevalent practices are:

Microservices
Monitoring and Logging
Communication and Collaboration

https://softwareengineering.stackexchange.com/questions/130850/difference-between-devops-and-software-configuration-management

https://www.youtube.com/watch?v=NtaNe7ioFzM

Continuous Integration Continuous Deployment (CI/CD): Tracks the development workflow from testing through production. Continuous integration is the process flow of testing any change made to your development flow, while continuous deployment tracks those changes through to staging and production systems. You may like to read this article by Atlassian.com(opens in a new tab) that describes CI/CD in detail.

Infrastructure as code (IaC): Provision and manages the cloud-infrastructure by using scripts. These scripts can be written in YAML or JSON format. These scripts ensure that the same architecture can be re-built multiple numbers of times. These scripts are particularly useful in enterprise applications and different environments - dev, prod, or test. Read more here(opens in a new tab).

https://www.atlassian.com/continuous-delivery/principles/continuous-integration-vs-delivery-vs-deployment

https://en.wikipedia.org/wiki/Infrastructure_as_code

![image.png](attachment:b0c1e6c8-4150-474b-96ef-ccae2e9e0d6a.png)

## Required Tools for this Course

https://www.youtube.com/watch?v=tLLB6fA6f_A

CloudFormation
CloudFormation is an AWS service for creating, managing, configuring, and deploying cloud resources. This tool is beneficial if you have to provision a set of cloud resources multiple times, at scale.

You can do so by simply writing (YAML or JSON) scripts that you can easily edit and run numerous times. In the script, we mention each resource's necessary configuration that we want to provision and then use the AWS CLI tool and commands to execute the scripts.

AWS CLI v2
The AWS CLI is how we interact with AWS services and resources by using a terminal. You will find Workspaces available for all lessons including CloudFormation exercises. These Workspaces will already have AWS CLI v2 installed.

You will have to use the proper AWS credentials, though. In the following pages, you will also find a guide explaining how to configure your AWS CLI using the Cloud Gateway AWS credentials provided in this course.

NOTE: when choosing regions, use either US West 2 (Oregon) or US East 1 (N. Virginia). This will guarantee that options are the same for all students.

Command Line Interface
Choose Linux or Windows alternatives. We strongly suggest you to use the bash terminal provided in the Workspaces.

Code Editor
The instructor has used the VS code editor in his demonstrations. You are free to choose any code editor of your choice. The Workspaces available in this course provide a VS Code environment, which is the recommended way to run all your tests and exercises.

CloudFormation is a declarative language, not an imperative language.
CloudFormation handles resource dependencies so that you don’t have to specify which resource to start up before another. There are cases where you can specify that a resource depends on another resource, but ideally, you’ll let CloudFormation take care of dependencies.
VPC is the smallest unit of resource.
Key Terms
Declarative languages: These languages specify what you want, without requiring you to specify how to get it. An example of a popular declarative language is SQL.
Imperative languages: These languages use statements to change the state of the program.
Additional Resources
Here is the Wikipedia page(opens in a new tab) describing the differences between the two.
Here is a Stack Overflow(opens in a new tab) thread describing imperative languages.

https://en.wikipedia.org/wiki/Imperative_programming

https://stackoverflow.com/questions/17826380/what-is-difference-between-functional-and-imperative-programming-languages

## Stacks, Templates, and Resources

https://www.youtube.com/watch?v=TXH4Ee8XrhI

CloudFormation scripts are called templates.
A template declares one or more resources, along with their desired property values. These are to be created or updated using the CloudFormation service.
When a template is submitted to CloudFormation to initiate the creation, update, or deletion of resources, a resource called a CloudFormation stack is created. A stack is the set of all the resources listed in the template, to be managed as a single unit by the CloudFormation service.
Whenever you execute a template, whether it is through the AWS UI or the CLI, you pass the name of the stack you want to create. If the stack already exists, the template will be used to update the existing stack with any changes it detects.
Template Formats
YAML and JSON file formats are both supported for CloudFormation, but YAML is the industry-preferred version.
An important note about YAML files: whitespace indentation matters! We recommend that you use two white spaces for each indentation.

![image.png](attachment:620f82f6-50d1-45f9-a144-4a88136c4d4a.png)

Template Anatomy

A CloudFormation YAML file can contain several sections. Here's an example template file with the most commonly used ones. We will also delve into the Parameters and Resources sections, as they are important to understand properly.

You can also find links to detailed explanations of all sections in the Additional resources section below.

---
AWSTemplateFormatVersion: "2010-09-09"

Description: A string describing the resources of this template.

Parameters:
  List of parameters passed to the template at runtime.

Resources:
  List of resources and their properties to be managed with this template.

Outputs:
  List of values to be returned from the stack, can be imported in other stacks. 


Parameters
Optional. You declare here any values that should be passed to the template as runtime arguments. This is how you declare parameters in a template:

Parameters:
  EnvironmentName:
    Type: String
    Description: Prefix name for our resources
    Default: udacity-cd12352

ParameterName: unique identifier for the parameter in your template.

Type: the parameter data type. In this case String.

Description: optional description clarifying the parameter.

Default: optional default value, in case no value is passed as argument to the template during execution.

Once defined, a parameter can be referenced inside your template like this:

!Ref EnvironmentName

Parameters are usually passed inside a JSON file. Any named parameters in the Parameters section of our CloudFormation template will need to have either a default value, or a matching value in that file. This is a sample JSON-formatted parameter file:

In [None]:
[
  {
      "ParameterKey": "EnvironmentName",
      "ParameterValue": "non-default-value"
  }
]

A popular use case is to create separate parameter files for different environments of your workloads. They use the same resources, but can have specific values for each parameter depending on the environment you are deploying to.

Resources
Mandatory section. Makes sense, right? If we didn't declare any resources in our template, we would be creating an empty stack. This is how you would declare a resource in a template:

Resources:
  VPC: 
    Type: AWS::EC2::VPC
    Properties:
      CidrBlock: 10.0.0.0/16
      EnableDnsHostnames: true

Logical ID: unique template identifier for your resource. In our example: VPC

Type: a predefined string identifying the resource you are creating. In our example, AWS::EC2::VPC

Properties: list of property values you want your resource have. They are specific to each resource type. In our VPC example, we declare we want the CidrBlock to be 10.0.0.0/16, and to set the EnableDnsHostnames flag to true.

CloudFormation Resource Reference
Since every resource type has its own set of properties, the AWS resource and property types reference(opens in a new tab) documentation will be a great companion when working with CloudFormation templates.

There you will find a list of all supported resource types grouped by AWS service. For each resource type, you will find a detailed explanation of its individual properties and values, along with helpful examples.

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-template-resource-type-ref.html

![image.png](attachment:2489813b-7511-495c-a446-de8c36d4a257.png)

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/template-anatomy.html

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/parameters-section-structure.html

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/resources-section-structure.html

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpc.html

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-template-resource-type-ref.html

## Using Intrinsic Functions

These are built-in functions you can use in your templates provided by CloudFormation. They allow your templates to use values that are not available until runtime, like resource properties.

Let's get to know some of them.

https://www.youtube.com/watch?v=-z5m3TL0muY

!Ref
Returns a parameter value or the physical ID of a resource. We met this function while reviewing parameters:

!Ref EnvironmentName

!Sub
Returns an interpolated string resulting from replacing placeholders in an input string with static or dynamic values. For example, you can create a new string using the EnvironmentName variable:

!Sub My environment name is ${EnvironmentName}

!GetAtt
Returns a specific property from a resource. For example, to get the CIDR block of a VPC:

!GetAtt Vpc.CidrBlock

Function Invocation
Each function has two ways to be invoked from within a template:

Full function name: as in Fn::Sub:
Short form: as in !Sub
You may use either one of them.

We will meet and detail a few other intrinsic functions in this course. If you want to take a look at all of them, check out the link provided in the Additional resources section below.

![image.png](attachment:47452972-823b-4915-be76-bcbe7aa4462e.png)

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/template-anatomy.html

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-template-resource-type-ref.html

## Creating an EC2 Instance using the AWS Management Console

We will now demonstrate how to create an EC2 instance using the AWS Management Console. This involves selecting an Amazon Machine Image (AMI), choosing an instance type, configuring network settings, and other necessary steps to set up the infrastructure.

Afterwards, we will compare this manual process with AWS CloudFormation, creating the same infrastructure.

https://www.youtube.com/watch?v=3HnbnbNJNGM

![image.png](attachment:c9243a3f-7d98-4069-a7c8-d1489fba1c5a.png)

## Creating an EC2 Instance using CloudFormation

We will now use CloudFormation to create the same resource, so we can compare both alternative procedures.

EC2 Instance CloudFormation template

Here's the CloudFormation template used in this example, in case you would like to try it on your own.

Parameters:
  SubnetId:
    Type: String
    Default: add-your-value-here
  SecurityGroupId:
    Type: String
    Default: add-your-value-here
  ImageId:
    Type: String
    Default: add-your-value-here

Resources:
  Ec2Instance: 
    Type: AWS::EC2::Instance
    Properties:
      InstanceType: t3.micro
      ImageId: !Ref ImageId
      SubnetId: !Ref SubnetId
      SecurityGroupIds:
      - !Ref SecurityGroupId

To avoid hourly charges, remember to delete this stack afterward, by going to the CloudFormation stack section in the UI and selecting the Delete option.

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-instance.html

## Stack Status and Transitions

Now that you've seen how a CloudFormation stack is created, it will be useful to discuss the various statuses that a CloudFormation stack can have and the transitions that occur as the stack moves from one status to another. This knowledge will prove valuable when troubleshooting in the future.

We will review the status transitions for three scenarios: creation, update, and deletion of stacks. There are other possible scenarios, like importing resources or creating a stack using change sets, but we will not cover those in this course.

For each scenario, we will use the following color code:

Gray for intermediate statuses. You should just wait for the next transition.
Green for successful end statuses. Your changes are applied, and everything should be good.
Blue for successful rollbacked states, which will require you to review the Events and correct issues before retrying.
Red for failed states, which will require you to manually correct issues or, in the worst case scenario, delete the stack.
Transitions when creating a stack

![image.png](attachment:a5b821e8-b537-4a05-8ed1-d0f9c4e08908.png)

Create Stack Status Transitions

When you trigger stack creation, you will first see the CREATE_IN_PROGRESS status.
If the creation process completes without errors, the stack will reach the CREATE_COMPLETE status.
If there are invalid parameter values, insufficient permissions, or some other initial error, the stack will reach the CREATE_FAILED status. Inspect the stack Events and correct any issues before retrying.
If there are errors after some resources have been created, the stack will attempt to rollback (ROLLBACK_IN_PROGRESS) and remove the new resources.
If the rollback is successful (ROLLBACK_COMPLETE), you will need to delete the stack before retrying.
If the rollback fails (ROLLBACK_FAILED), review the stack Events and fix any issues before retrying the rollback process or deleting the stack.
Transitions when updating a stack

## Transitions when updating a stack

![image.png](attachment:2e8bc4eb-656e-48d3-9f32-6d8f752369b7.png)

## Update Stack Status Transitions

When you trigger a stack update, you will first see the UPDATE_IN_PROGRESS status.
If there are errors in the update process, the stack will reach the UPDATE_FAILED status. You will need to review the stack Events before retrying.
If the desired changes are applied without errors, CloudFormation will perform a cleanup (remove any old resources) and the stack will get to the UPDATE_COMPLETE_CLEANUP_IN_PROGRESS status.
If cleanup is successful, the stack will get to the UPDATE_COMPLETE status.
If cleanup fails, it will attempt to rollback the changes (UPDATE_ROLLBACK_IN_PROGRESS).
If rollback fails, the stack will get to the UPDATE_ROLLBACK_FAILED status. Review the stack Events and fix any issues before retrying the rollback process or deleting the stack.
If rollback succeeds, it will also trigger a cleanup, and the stack will get to the UPDATE_ROLLBACK_COMPLETE_CLEANUP_IN_PROGRESS status.
If the after-rollback cleanup is successful, you will get to the UPDATE_ROLLBACK_COMPLETE status. That is, your stack will get to its initial state. You should review the Events before retrying.
If the after-rollback cleanup fails, the stack will get to the UPDATE_ROLLBACK_FAILED status. Review the stack Events and fix any issues before retrying the rollback process or deleting the stack.

## Transitions when deleting a stack

![image.png](attachment:239581fc-618d-4ab3-ba3c-33f053bc80c2.png)

## Common CloudFormation Errors

To assist you on your journey, we provide a list of common CloudFormation errors you might encounter while working from the CLI, along with the steps to follow.

Unable to locate credentials. You can configure credentials by running "aws configure".
You have not configured your AWS credentials in your workspace. Get your Access Key Id, Secret Access Key, and Session Token credentials from the AWS account and configure your workspace's AWS CLI.


An error occurred (ExpiredToken) when calling the someoperationname operation: The security token included in the request is expired.
You have added your AWS credentials to your workspace, but those credentials have expired. You need to get new credentials from the AWS account and configure your workspace's AWS CLI.


An error occurred (ValidationError) when calling the UpdateStack operation: Stack [somestackname] does not exist
You tried to update a stack that doesn't exist. Make sure you used the correct stack name, or use the create-stack command when creating a new stack.


An error occurred (AlreadyExistsException) when calling the CreateStack operation: Stack [somestackname] already exists
You tried to create a stack that already exists. Make sure you used the correct stack name, or use the update-stack command when updating an existing stack.


## Template format error: YAML not well-formed.

Your YML template has incorrect indentations. Review your CloudFormation template and correct any improper indentations. You can use online YAML validators or IDE plugins to help you detect errors.

## Conclusion

CloudFormation Best Practices
Use Infrastructure as Code to manage as much infrastructure as you can. Avoid manual configurations whenever possible.
Treat your templates as code: use version control!
Modularize templates by separating your resources in multiple files. Avoid large templates, they become unmanageable! When doing the split, try to think in the lifecycle and team ownership of your resources.
Use parameter files to reuse templates when deploying the same resources to different environments.
Do not embed credentials in your templates. You can always pass them securely as parameters or leverage more advanced AWS features to handle secrets.

![image.png](attachment:71131233-2f44-4b4b-894b-86ae09706591.png)

https://www.youtube.com/watch?v=TbuMGXSRK_w

Summary

As this lesson comes to an end, now should now be able to:

Describe Infrastructure as a Code (IAC) as one of the best practices used in the DevOps model.
Configure the AWS CLI using the AWS Identity and Access Management (IAM) service.
Explain the fundamentals of CloudFormation.
Contrast the manual vs. automated (script-based) provisioning of cloud resources