Infrastructure as CodeΒΆ

Infrastructure as Code (IAC) is the managing and provisioning of infrastructure through code instead of through manual processes. It is a critical piece for building applications on cloud. There are lots of IAC tools, such as terraform, pulumi, CloudFormation, etc … You can use any of them that you feel most comfortable with. In this project, for demonstration purpose, we will use CloudFormation. But the concepts and best practices are the same for all of them.

Break down the infrastructure into modulesΒΆ

In this example, we have an iac module that implements the IAC. It has three sub-modules. define module declared all the infrastructure in code, and break down the IAC definition into modules when it is large. module declared the adaptor to access the IAC output. And the module implements the IAC deployment script:


The is a module to choose what IAC module you want to includes. It just import other IAC modules.

The is a IAC module that includes the AWS IAM related resources. Of course you can have more IAC modules like this. I personally use cottonformation, a Pythonic IAC tools. Please feel free to use any other tools.

The module provides a simple and straightforward way to programmatically access the CloudFormation stack output values.

The module is a wrapper of the native deployment API. It implements the core logic that can be reused by the CI/CD shell scripts

Again, I use cottonformation, this is the example deployment logs from my CI build:

+----- ⏱ πŸš€ πŸ‘ Deploy CloudFormation Stack ------------------------------------+
open cloudformation console for status:
============== Deploy stack: aws_lambda_python_example-dev ==============
  preview stack in AWS CloudFormation console:
  upload template to s3://111122223333-us-east-1-artifacts/projects/aws_lambda_python_example/cloudformation/templates/a8992bbc770b11edc09a6a406b45385e.json ...
    preview at
  preview change set details at:
  wait for change set creation to finish ...

    on 1 th attempt, elapsed 5 seconds, remain 115 seconds ...
    reached status CREATE_COMPLETE
                >>> Change for stack aws_lambda_python_example-dev <<<
stack id = arn:aws:cloudformation:us-east-1:111122223333:stack/aws_lambda_python_example-dev/1f97ce30-b6bd-11ed-8c9e-0ac70d5d88bf
change set id = arn:aws:cloudformation:us-east-1:111122223333:changeSet/aws_lambda_python_example-dev-2023-02-27-16-38-11-129/b3bb8c3e-e0ee-467e-a6e8-a5f253e47a4e
+---------------------------- Change Set Statistics -----------------------------
| 🟒 Add        2 Resources
+----------------------------------- Changes ------------------------------------
| 🟒 πŸ“¦ Add Resource:        IamInlinePolicyForLambda                 AWS::IAM::Policy
| 🟒 πŸ“¦ Add Resource:        IamRoleForLambda                         AWS::IAM::Role
    need to execute the change set to apply those changes.
  preview create stack progress at:
 wait for deploy to finish ...

    on 1 th attempt, elapsed 5 seconds, remain 115 seconds ...
    on 2 th attempt, elapsed 10 seconds, remain 110 seconds ...
    on 3 th attempt, elapsed 15 seconds, remain 105 seconds ...
    on 4 th attempt, elapsed 20 seconds, remain 100 seconds ...
    reached status 🟒 'CREATE_COMPLETE'
πŸ‘ βœ… Deploy CloudFormation stack succeeded!
+----- ⏰ πŸš€ πŸ‘ End 'Deploy CloudFormation Stack', elapsed = 56.83 sec ---------+

If you are interested in how to use this framework to work with other IAC tools, please submit an issue to ask the Author.