SlideShare a Scribd company logo

Terraform, Ansible, or pure CloudFormation?

G
geekQ

This document discusses options for infrastructure as code tools - Terraform, Ansible, or pure CloudFormation. It provides examples of using each tool and highlights advantages and challenges. Terraform is recommended for simple infrastructures managed by a small team. CloudFormation is best to learn AWS concepts. Ansible can be used to orchestrate multiple clouds or store local state. The document encourages learning AWS and implementing with the principle of least privilege.

Software
1 of 26
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
Terraform, Ansible, or pure CloudFormation? Vladimir Dobriakov AWS User Group Cologne, May 2017
Task/Context
shop - kaufhof.de 1
implementation Hosting - 400 VMs in OpenStack public cloud - moving to private cloud and kubernetes - some AWS People - 35 Dev - 9 Ops 2
our aws usage AWS Use Case 1: Media Assets AWS Use Case 2: DB Backup Offsite DB backup for SQL databases. 3
Terraform
terraform: nice syntax resource "aws_iam_user" "deploy_user" { name = "deploy-${var.topic}${var.suffix}" } resource "aws_iam_access_key" "deploy_user" { user = "${aws_iam_user.deploy_user.name}" } resource "aws_s3_bucket" "the_bucket" { bucket = "${data.template_file.bucket_name.rendered}" policy = <<EOF ... "Principal": {"AWS": "${aws_iam_user.deploy_user.arn}"} } output access_key_id { value = "${aws_iam_access_key.deploy_user.id}" } 4
terraform advantages • nice, clean syntax • examples very readable, takes fear from starting infrastructure as code • plan feature 5
Terraform Challenges
terraform challenges: resources docs Terraform is not an abstraction layer across providers! Need to dive into AWS docs anyway: resource "aws_s3_bucket" "the_bucket" { bucket = "${data.template_file.bucket_name.rendered}" cors_rule { expose_headers = ??? 6
terraform challenges: resources docs Terraform documentation https://www.terraform.io/docs/providers/aws/r/s3 bucket.html AWS documentation 7
terraform challenges: syntax break Sometimes requires copy+paste from AWS console: resource "aws_s3_bucket" "the_bucket" { bucket = "${data.template_file.bucket_name.rendered}" acl = "private" website { index_document = "index.html" } policy = <<EOF { "Version": "2008-10-17", "Statement": [ { "Sid": "PublicReadForGetTestBucketObjects", "Effect": "Allow", "Principal": "*", 8
terraform challenges: endless updates due diff problems Terraform documentation https://github.com/hashicorp/terraform/issues/7045 9
terraform challenges: tfstate • Working with 9 people on same terraform code base • Terraform versions • Refactoring: extract to module changes resource names • Refactoring: move objects with tf state mv -state=terraform.tfstate.prod module.publish media prod module.publish media 10
Ansible
ansible cloud modules 11
set up backup bucket tasks: - name: Create backup aws user iam: iam_type: user name: "{{ backup_user_name }}" state: present access_key_state: create register: created_user # need this name for the template - name: Create backup bucket s3_bucket: name: "{{ backup_bucket_name }}" policy: "{{ lookup(’template’, ’bucket_policy.json.j2’) }}" versioning: true # to enable trash bin register: backup_bucket - name: Set retention for backups s3_lifecycle: name: "{{ backup_bucket_name }}" expiration_days: 30 12
CloudFormation
old json "UserData" : { "Fn::Base64" : { "Fn::Join" : ["", [ "#!/bin/bash -xen", "yum install -y aws-cfn-bootstrapn", "/opt/aws/bin/cfn-init -v ", " --stack ", { "Ref" : "AWS::StackName" }, " --resource LaunchConfig ", " --region ", { "Ref" : "AWS::Region" }, "n", "/opt/aws/bin/cfn-signal -e $? ", " --stack ", { "Ref" : "AWS::StackName" }, " --resource WebServerGroup ", " --region ", { "Ref" : "AWS::Region" }, "n" ]]}} } 13
cloudformation yaml UserData: Fn::Base64: !Sub | #!/bin/bash -xe yum update -y aws-cfn-bootstrap /opt/aws/bin/cfn-init -v --stack ${AWS::StackName} --resource LaunchConfig --region ${AWS::Region} /opt/aws/bin/cfn-signal -e $? --stack ${AWS::StackName} --resource WebServerGroup --region ${AWS::Region} 14
Which one to choose?
terraform Inspired the whole industry, even in Redmond Use it, if: • your infrastructure fits into single .tf file • 1-3 people work closely and continuously on same tf code base • already invested in tf, stick to it! 15
learn aws! Try to implement with CloudFormation first! • learn access and identity management (IAM) concepts • refer to permissions list http://amzn.to/2pPnT1p to implement principle of least privelege • use CloudFormation YAML format 16
orchestrate with ansible if needed • for more sophisticated templating and logic • when using multiple clouds • to store some state locally, e.g. generated credentials • to look up some state/parameters elsewhere 17
Thank you! 18
contact Vladimir Dobriakov Twitter: @enterprise geek github: geekQ Blog http://infrastructure-as-code.de Reinventing the Wheel https://github.com/Galeria-Kaufhof/private-postgres-rds 19

More Related Content

What's hot (19)

PPTX
Hadoop enhancements using next gen IA technologies
Bigdata Meetup Kochi
 
ODP
Guava
fbenault
 
PDF
Redis for .NET Developers
Yuriy Guts
 
PPTX
Ufo Ship for AWS ECS
Tung Nguyen
 
PPTX
Dev ops meetup
Bigdata Meetup Kochi
 
PDF
Declarative & workflow based infrastructure with Terraform
Radek Simko
 
PDF
Etcd terraform by Alex Somesan
Maarten van der Hoef
 
PDF
Guava Overview Part 2 Bucharest JUG #2
Andrei Savu
 
PDF
Hashidays London 2017 - Evolving your Infrastructure with Terraform By Nicki ...
OpenCredo
 
PPTX
HaaS: HPCC Systems as a Service – BYOD to the Cloud Party
HPCC Systems
 
PDF
Hybrid Cloud PHPUK2012
Combell NV
 
PDF
Elastic search integration with hadoop leveragebigdata
Pooja Gupta
 
PDF
Google App Engine Developer - Day4
Simon Su
 
PDF
Presto Overfview
Miguel Ping
 
PDF
Philipp Krenn "Elasticsearch (R)Evolution — You Know, for Search…"
Fwdays
 
PPTX
Terraform at Scale
Calvin French-Owen
 
PDF
Automated Hadoop Cluster Construction on EC2
Mark Kerzner
 
PDF
Third Party Auth in WebObjects
WO Community
 
PPTX
3. v sphere big data extensions
Chiou-Nan Chen
 
Hadoop enhancements using next gen IA technologies
Bigdata Meetup Kochi
 
Guava
fbenault
 
Redis for .NET Developers
Yuriy Guts
 
Ufo Ship for AWS ECS
Tung Nguyen
 
Dev ops meetup
Bigdata Meetup Kochi
 
Declarative & workflow based infrastructure with Terraform
Radek Simko
 
Etcd terraform by Alex Somesan
Maarten van der Hoef
 
Guava Overview Part 2 Bucharest JUG #2
Andrei Savu
 
Hashidays London 2017 - Evolving your Infrastructure with Terraform By Nicki ...
OpenCredo
 
HaaS: HPCC Systems as a Service – BYOD to the Cloud Party
HPCC Systems
 
Hybrid Cloud PHPUK2012
Combell NV
 
Elastic search integration with hadoop leveragebigdata
Pooja Gupta
 
Google App Engine Developer - Day4
Simon Su
 
Presto Overfview
Miguel Ping
 
Philipp Krenn "Elasticsearch (R)Evolution — You Know, for Search…"
Fwdays
 
Terraform at Scale
Calvin French-Owen
 
Automated Hadoop Cluster Construction on EC2
Mark Kerzner
 
Third Party Auth in WebObjects
WO Community
 
3. v sphere big data extensions
Chiou-Nan Chen
 

Similar to Terraform, Ansible, or pure CloudFormation? (20)

PDF
Terraform, Ansible or pure CloudFormation
geekQ
 
PDF
AWS DevOps - Terraform, Docker, HashiCorp Vault
Grzegorz Adamowicz
 
PDF
Building infrastructure as code using Terraform - DevOps Krakow
Anton Babenko
 
PPTX
Managing AWS infrastructure using CloudFormation
Anton Babenko
 
PDF
Hashicorp-Terraform-Deep-Dive-with-no-Fear-Victor-Turbinsky-Texuna.pdf
ssuser705051
 
PDF
Terraform-2.pdf
rutiksankapal21
 
PDF
Terraform: An Overview & Introduction
Lee Trout
 
PDF
Terraforming your Infrastructure on GCP
Samuel Chow
 
PDF
AWS Blue_Green Deployment Using Terraform Guide.pdf
squareopsusmarketing
 
PDF
Terraform introduction
Jason Vance
 
PDF
Terraform AWS modules and some best practices - September 2019
Anton Babenko
 
PPTX
RIMA-Infrastructure as a code with Terraform.pptx
MrJustbis
 
PDF
A Hands-on Introduction on Terraform Best Concepts and Best Practices
Nebulaworks
 
PDF
Managing Infrastructure as Code
Allan Shone
 
PDF
DevOps Braga #9: Introdução ao Terraform
DevOps Braga
 
PDF
Infrastructure as code with Amazon Web Services
Julien SIMON
 
PPTX
"Continuously delivering infrastructure using Terraform and Packer" training ...
Anton Babenko
 
PDF
Terraform -- Infrastructure as Code
Martin Schütte
 
PDF
Workshop Infrastructure as Code - Suestra
Mario IC
 
PDF
Terraform modules and best-practices - September 2018
Anton Babenko
 
Terraform, Ansible or pure CloudFormation
geekQ
 
AWS DevOps - Terraform, Docker, HashiCorp Vault
Grzegorz Adamowicz
 
Building infrastructure as code using Terraform - DevOps Krakow
Anton Babenko
 
Managing AWS infrastructure using CloudFormation
Anton Babenko
 
Hashicorp-Terraform-Deep-Dive-with-no-Fear-Victor-Turbinsky-Texuna.pdf
ssuser705051
 
Terraform-2.pdf
rutiksankapal21
 
Terraform: An Overview & Introduction
Lee Trout
 
Terraforming your Infrastructure on GCP
Samuel Chow
 
AWS Blue_Green Deployment Using Terraform Guide.pdf
squareopsusmarketing
 
Terraform introduction
Jason Vance
 
Terraform AWS modules and some best practices - September 2019
Anton Babenko
 
RIMA-Infrastructure as a code with Terraform.pptx
MrJustbis
 
A Hands-on Introduction on Terraform Best Concepts and Best Practices
Nebulaworks
 
Managing Infrastructure as Code
Allan Shone
 
DevOps Braga #9: Introdução ao Terraform
DevOps Braga
 
Infrastructure as code with Amazon Web Services
Julien SIMON
 
"Continuously delivering infrastructure using Terraform and Packer" training ...
Anton Babenko
 
Terraform -- Infrastructure as Code
Martin Schütte
 
Workshop Infrastructure as Code - Suestra
Mario IC
 
Terraform modules and best-practices - September 2018
Anton Babenko
 
Ad

Recently uploaded (20)

PPTX
From spreadsheets and delays to real-time control
SatishKumar2651
 
PPTX
BB FlashBack Pro 5.61.0.4843 With Crack Free Download
cracked shares
 
PDF
Best Web development company in india 2025
Greenusys
 
PDF
Everything you need to know about pricing & licensing Microsoft 365 Copilot f...
Q-Advise
 
PDF
Technical-Careers-Roadmap-in-Software-Market.pdf
Hussein Ali
 
PPTX
UI5con_2025_Accessibility_Ever_Evolving_
gerganakremenska1
 
PPTX
Agentic Automation: Build & Deploy Your First UiPath Agent
klpathrudu
 
PDF
[Solution] Why Choose the VeryPDF DRM Protector Custom-Built Solution for You...
Lingwen1998
 
PDF
Latest Capcut Pro 5.9.0 Crack Version For PC {Fully 2025
utfefguu
 
PDF
How to Hire AI Developers_ Step-by-Step Guide in 2025.pdf
DianApps Technologies
 
PDF
Download Canva Pro 2025 PC Crack Full Latest Version
bashirkhan333g
 
PDF
AOMEI Partition Assistant Crack 10.8.2 + WinPE Free Downlaod New Version 2025
bashirkhan333g
 
PPTX
Build a Custom Agent for Agentic Testing.pptx
klpathrudu
 
PPTX
AEM User Group: India Chapter Kickoff Meeting
jennaf3
 
PDF
UITP Summit Meep Pitch may 2025 MaaS Rebooted
campoamor1
 
PPTX
prodad heroglyph crack 2.0.214.2 Full Free Download
cracked shares
 
PDF
NPD Software -Omnex systems
omnex systems
 
PDF
SAP Firmaya İade ABAB Kodları - ABAB ile yazılmıl hazır kod örneği
Salih Küçük
 
PDF
intro_to_cpp_namespace_robotics_corner.pdf
MohamedSaied877003
 
PDF
IObit Driver Booster Pro 12.4.0.585 Crack Free Download
henryc1122g
 
From spreadsheets and delays to real-time control
SatishKumar2651
 
BB FlashBack Pro 5.61.0.4843 With Crack Free Download
cracked shares
 
Best Web development company in india 2025
Greenusys
 
Everything you need to know about pricing & licensing Microsoft 365 Copilot f...
Q-Advise
 
Technical-Careers-Roadmap-in-Software-Market.pdf
Hussein Ali
 
UI5con_2025_Accessibility_Ever_Evolving_
gerganakremenska1
 
Agentic Automation: Build & Deploy Your First UiPath Agent
klpathrudu
 
[Solution] Why Choose the VeryPDF DRM Protector Custom-Built Solution for You...
Lingwen1998
 
Latest Capcut Pro 5.9.0 Crack Version For PC {Fully 2025
utfefguu
 
How to Hire AI Developers_ Step-by-Step Guide in 2025.pdf
DianApps Technologies
 
Download Canva Pro 2025 PC Crack Full Latest Version
bashirkhan333g
 
AOMEI Partition Assistant Crack 10.8.2 + WinPE Free Downlaod New Version 2025
bashirkhan333g
 
Build a Custom Agent for Agentic Testing.pptx
klpathrudu
 
AEM User Group: India Chapter Kickoff Meeting
jennaf3
 
UITP Summit Meep Pitch may 2025 MaaS Rebooted
campoamor1
 
prodad heroglyph crack 2.0.214.2 Full Free Download
cracked shares
 
NPD Software -Omnex systems
omnex systems
 
SAP Firmaya İade ABAB Kodları - ABAB ile yazılmıl hazır kod örneği
Salih Küçük
 
intro_to_cpp_namespace_robotics_corner.pdf
MohamedSaied877003
 
IObit Driver Booster Pro 12.4.0.585 Crack Free Download
henryc1122g
 
Ad

Terraform, Ansible, or pure CloudFormation?

  • 1. Terraform, Ansible, or pure CloudFormation? Vladimir Dobriakov AWS User Group Cologne, May 2017
  • 4. implementation Hosting - 400 VMs in OpenStack public cloud - moving to private cloud and kubernetes - some AWS People - 35 Dev - 9 Ops 2
  • 5. our aws usage AWS Use Case 1: Media Assets AWS Use Case 2: DB Backup Offsite DB backup for SQL databases. 3
  • 7. terraform: nice syntax resource "aws_iam_user" "deploy_user" { name = "deploy-${var.topic}${var.suffix}" } resource "aws_iam_access_key" "deploy_user" { user = "${aws_iam_user.deploy_user.name}" } resource "aws_s3_bucket" "the_bucket" { bucket = "${data.template_file.bucket_name.rendered}" policy = <<EOF ... "Principal": {"AWS": "${aws_iam_user.deploy_user.arn}"} } output access_key_id { value = "${aws_iam_access_key.deploy_user.id}" } 4
  • 8. terraform advantages • nice, clean syntax • examples very readable, takes fear from starting infrastructure as code • plan feature 5
  • 10. terraform challenges: resources docs Terraform is not an abstraction layer across providers! Need to dive into AWS docs anyway: resource "aws_s3_bucket" "the_bucket" { bucket = "${data.template_file.bucket_name.rendered}" cors_rule { expose_headers = ??? 6
  • 11. terraform challenges: resources docs Terraform documentation https://www.terraform.io/docs/providers/aws/r/s3 bucket.html AWS documentation 7
  • 12. terraform challenges: syntax break Sometimes requires copy+paste from AWS console: resource "aws_s3_bucket" "the_bucket" { bucket = "${data.template_file.bucket_name.rendered}" acl = "private" website { index_document = "index.html" } policy = <<EOF { "Version": "2008-10-17", "Statement": [ { "Sid": "PublicReadForGetTestBucketObjects", "Effect": "Allow", "Principal": "*", 8
  • 13. terraform challenges: endless updates due diff problems Terraform documentation https://github.com/hashicorp/terraform/issues/7045 9
  • 14. terraform challenges: tfstate • Working with 9 people on same terraform code base • Terraform versions • Refactoring: extract to module changes resource names • Refactoring: move objects with tf state mv -state=terraform.tfstate.prod module.publish media prod module.publish media 10
  • 17. set up backup bucket tasks: - name: Create backup aws user iam: iam_type: user name: "{{ backup_user_name }}" state: present access_key_state: create register: created_user # need this name for the template - name: Create backup bucket s3_bucket: name: "{{ backup_bucket_name }}" policy: "{{ lookup(’template’, ’bucket_policy.json.j2’) }}" versioning: true # to enable trash bin register: backup_bucket - name: Set retention for backups s3_lifecycle: name: "{{ backup_bucket_name }}" expiration_days: 30 12
  • 19. old json "UserData" : { "Fn::Base64" : { "Fn::Join" : ["", [ "#!/bin/bash -xen", "yum install -y aws-cfn-bootstrapn", "/opt/aws/bin/cfn-init -v ", " --stack ", { "Ref" : "AWS::StackName" }, " --resource LaunchConfig ", " --region ", { "Ref" : "AWS::Region" }, "n", "/opt/aws/bin/cfn-signal -e $? ", " --stack ", { "Ref" : "AWS::StackName" }, " --resource WebServerGroup ", " --region ", { "Ref" : "AWS::Region" }, "n" ]]}} } 13
  • 20. cloudformation yaml UserData: Fn::Base64: !Sub | #!/bin/bash -xe yum update -y aws-cfn-bootstrap /opt/aws/bin/cfn-init -v --stack ${AWS::StackName} --resource LaunchConfig --region ${AWS::Region} /opt/aws/bin/cfn-signal -e $? --stack ${AWS::StackName} --resource WebServerGroup --region ${AWS::Region} 14
  • 21. Which one to choose?
  • 22. terraform Inspired the whole industry, even in Redmond Use it, if: • your infrastructure fits into single .tf file • 1-3 people work closely and continuously on same tf code base • already invested in tf, stick to it! 15
  • 23. learn aws! Try to implement with CloudFormation first! • learn access and identity management (IAM) concepts • refer to permissions list http://amzn.to/2pPnT1p to implement principle of least privelege • use CloudFormation YAML format 16
  • 24. orchestrate with ansible if needed • for more sophisticated templating and logic • when using multiple clouds • to store some state locally, e.g. generated credentials • to look up some state/parameters elsewhere 17
  • 26. contact Vladimir Dobriakov Twitter: @enterprise geek github: geekQ Blog http://infrastructure-as-code.de Reinventing the Wheel https://github.com/Galeria-Kaufhof/private-postgres-rds 19