Taking the first steps into Infrastructure as Code in AWS

Published by Gabrielle Guerrini on

Taking the first steps into Infrastructure as Code in AWS

In this blog article we will analyze a new technology that is used to automate deployment of infrastructure on AWS in a clean and fast manner compared to previously used CloudFormation Service (also an IaC technology).

What does IaC mean?

Infrastructure as Code, commonly known as IaC, is a term used to refer to the practice of describing your infrastructure and configuration using a coding language, a code that can be used in turn to automatically provision the said infrastructure.

IaC in Amazon Web Services (AWS)

AWS is one of the biggest public cloud players in the industry with thousands of services catered from very niche to generic purposes. With the ecosystem of services growing day by day, in 2011, it became necessary to provide a way to quickly provision these services with lesser effort. To support this purpose, AWS launched CloudFormation service, a service that was used by infrastructure teams since then. This service uses templates written in YAML or JSON format to create new services in the form of stacks. However, those templates require a knowledge of specific terminologies which was a significant upskill step.

To solve this rough end, AWS launched AWS Cloud Development Kit (AWS CDK) in mid-2018. AWS CDK is a software development framework for defining cloud infrastructure in code and provisioning it through AWS CloudFormation. AWS CDK is not to be confused with AWS CLI, which is the command line interface tool to manage your AWS services. It is also not to be confused with AWS SDK, which is used to develop applications that interact with the AWS services through an API.

Different Players in the market?

There are many providers of Infrastructure as Code on AWS, just to name a few : 
   1/ Terraform
   2/ SaltStack
   3/ Ansible
   4/ Chef

A few of them are configuration management tools which have evolved to incorporate IAC. Terraform, from Hashicorp, leads the race as a third-party provider for IAC.

Why AWS CDK?

AWS CDK is built by AWS directly on top of CloudFormation. Since no third-party tools are involved, AWS is ensuring the same level of consistency whichever tool we use between CloudFormation or AWS CDK. Just like CloudFormation stacks can be added, updated or deleted, AWS CDK gives the same level of flexibility. A CloudFormation template, which could be as long as 1000 lines, can be coded using AWS CDK for less than 100 lines of code. Further, the CDK allows for errors checking in your code before pushing the template(s) to CloudFormation.

CDK provides the option of 5 coding languages: TypeScript, JavaScript, Java, Python and .NET. This skill can be picked up easily by the DevOps team with a little knowledge on any of the above languages. All the usual coding practices can be leveraged when provisioning the infrastructure, from Exception management, modules factoring and, of course, git versioning.

Usage

Let’s dive deeper into the technical area of AWS CDK.

AWS CDK is built on TypeScript, and hence requires the installation of NPM. The architecture of creating a CDK has 3 tiers, namely from the top:
   – Apps
   – Stacks
   – Constructs

   – An App encompasses the smaller building blocks of CDK i.e. Stacks.

   – Stacks are a list of Constructs packed together for a specific region and provisioned for a specific account. Multiple stacks for different regions can be clubbed together in a single app. Each deployment of a Stack is visible in CloudFormation Service.

   – Constructs are the structures which define the different AWS resources that will be created using the CDK. Multiple Constructs can be chained together to create an infrastructure.

Figure 1 - Layout of an AWS CDK App

Constructs are further classified into the following:

   – CloudFormation Resource Constructs : these are the low-level constructs which give high flexibility to the creator but requires extensive details to create them.

   – AWS Constructs : these are the constructs built on top of CloudFormation Resource Constructs. They offer less flexibility but require less details. Further they provide supported functions to build a bigger architecture quickly. For certain standard use cases, they are the preferred constructs.

   – Pattern Constructs : these are even higher-level constructs and are used to complete common tasks.

The Constructs can be linked using their respective reference IDs. Different Stacks within an App can share constructs by exporting and importing them. This functionality is picked from CloudFormation. Furthermore, Stacks can be linked using a dependency functionality. This allows your app to provision the resources in the correct order.

Our latest assessment

Stability

AWS CDK’s stability is surprisingly good. However still in the development phase for a lot of services, it is already production-grade for many others. You can check which service is production-ready with AWS CDK by following the github board under Shipped section. AWS CDK is being developed at a rapid pace. There are newer versions almost every other week. There are updates and new modules added in each version which have to be followed up diligently.

Security

The CDK needs a machine to run, therefore the role associated with this machine has to be restricted to a selected set of users. An access to the machine with AWS CDK installed and attached with this role, can give a user elevated privileges to provision or modify the infrastructure.

Future

The future of AWS CDK can be gauged from the responses received in the open source community on Stack Overflow, Gitter, Developer Blogs etc. This community suggests new and interesting features to AWS while the AWS team members are actively responding on each of these mediums to educate and help the software community across the globe. This will make the product more mature and easy to use.

Conclusion

AWS CDK is quickly integrating into another horizon of DevOps i.e Continuous Integration and Continuous Development. With CDKPipeline, users can leverage AWS CDK and Codepipeline, to utilize the best of both worlds.
An approach to automate the complete application cycle would be to use AWS CDKpipelines and Configuration Management Tools. This would allow a developer to use each tool’s strengths and enhance the developer experience.

Shashank SINGHAL

Consultant, EVA Group APAC

Categories: EVATECH