Infrastructure as Code¶

Infrastructure as Code (IAC) is the managing and provisioning of infrastructure through code instead of through manual processes. It is a critical piece for building applications on cloud. There are lots of IAC tools, such as terraform, pulumi, CloudFormation, etc … You can use any of them that you feel most comfortable with. In this project, for demonstration purpose, we will use CloudFormation. But the concepts and best practices are the same for all of them.

Break down the infrastructure into modules¶

In this example, we have an iac module that implements the IAC. It has three sub-modules. define module declared all the infrastructure in code, and break down the IAC definition into modules when it is large. output.py module declared the adaptor to access the IAC output. And the deploy.py module implements the IAC deployment script:

.../iac
.../iac/define/
.../iac/define/main.py
.../iac/define/iam.py
.../iac/output.py
.../iac/deploy.py

The main.py is a module to choose what IAC module you want to includes. It just import other IAC modules.

The iam.py is a IAC module that includes the AWS IAM related resources. Of course you can have more IAC modules like this. I personally use cottonformation, a Pythonic IAC tools. Please feel free to use any other tools.

The output.py module provides a simple and straightforward way to programmatically access the CloudFormation stack output values.

The deploy.py module is a wrapper of the native deployment API. It implements the core logic that can be reused by the CI/CD shell scripts

Again, I use cottonformation, this is the example deployment logs from my CI build:

+----- ⏱ 🚀 🐑 Deploy CloudFormation Stack ------------------------------------+
🐑
open cloudformation console for status: https://console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks?filteringStatus=active&filteringText=aws_lambda_python_example-dev&viewNested=true&hideStacks=false&stackId=
============== Deploy stack: aws_lambda_python_example-dev ==============
  preview stack in AWS CloudFormation console: https://console.aws.amazon.com/cloudformation/home?#/stacks?filteringStatus=active&filteringText=aws_lambda_python_example-dev&viewNested=true&hideStacks=false
  upload template to s3://111122223333-us-east-1-artifacts/projects/aws_lambda_python_example/cloudformation/templates/a8992bbc770b11edc09a6a406b45385e.json ...
    preview at https://console.aws.amazon.com/s3/object/111122223333-us-east-1-artifacts?prefix=projects/aws_lambda_python_example/cloudformation/templates/a8992bbc770b11edc09a6a406b45385e.json
  preview change set details at: https://us-east-1.console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks/changesets/changes?stackId=arn:aws:cloudformation:us-east-1:111122223333:stack/aws_lambda_python_example-dev/1f97ce30-b6bd-11ed-8c9e-0ac70d5d88bf&changeSetId=arn:aws:cloudformation:us-east-1:111122223333:changeSet/aws_lambda_python_example-dev-2023-02-27-16-38-11-129/b3bb8c3e-e0ee-467e-a6e8-a5f253e47a4e
  wait for change set creation to finish ...

    on 1 th attempt, elapsed 5 seconds, remain 115 seconds ...
    reached status CREATE_COMPLETE
                >>> Change for stack aws_lambda_python_example-dev <<<
stack id = arn:aws:cloudformation:us-east-1:111122223333:stack/aws_lambda_python_example-dev/1f97ce30-b6bd-11ed-8c9e-0ac70d5d88bf
change set id = arn:aws:cloudformation:us-east-1:111122223333:changeSet/aws_lambda_python_example-dev-2023-02-27-16-38-11-129/b3bb8c3e-e0ee-467e-a6e8-a5f253e47a4e
+---------------------------- Change Set Statistics -----------------------------
| 🟢 Add        2 Resources
|
+--------------------------------------------------------------------------------
+----------------------------------- Changes ------------------------------------
| 🟢 📦 Add Resource:        IamInlinePolicyForLambda                 AWS::IAM::Policy
| 🟢 📦 Add Resource:        IamRoleForLambda                         AWS::IAM::Role
|
+--------------------------------------------------------------------------------
    need to execute the change set to apply those changes.
  preview create stack progress at: https://us-east-1.console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks/stackinfo?filteringText=aws_lambda_python_example-dev&viewNested=true&hideStacks=false&stackId=arn:aws:cloudformation:us-east-1:111122223333:stack/aws_lambda_python_example-dev/1f97ce30-b6bd-11ed-8c9e-0ac70d5d88bf&filteringStatus=active
 wait for deploy to finish ...

    on 1 th attempt, elapsed 5 seconds, remain 115 seconds ...
    on 2 th attempt, elapsed 10 seconds, remain 110 seconds ...
    on 3 th attempt, elapsed 15 seconds, remain 105 seconds ...
    on 4 th attempt, elapsed 20 seconds, remain 100 seconds ...
    reached status 🟢 'CREATE_COMPLETE'
  done
🐑 ✅ Deploy CloudFormation stack succeeded!
🐑
+----- ⏰ 🚀 🐑 End 'Deploy CloudFormation Stack', elapsed = 56.83 sec ---------+

If you are interested in how to use this framework to work with other IAC tools, please submit an issue to ask the Author.