Part 2 - Deploy an Environment Using Infrastructure as Code

Tagging

We will make extensive use of tagging throughout the lab. The CloudFormation template for the lab includes the definition of multiple tags against a variety of resources.

AWS enables you to assign metadata to your AWS resources in the form of tags. Each tag is a simple label consisting of a customer-defined key and an optional value that can make it easier to manage, search for, and filter resources. Although there are no inherent types of tags, commonly adopted categories of tags include technical tags (e.g., Environment, Workload, InstanceRole, and Name), tags for automation (e.g., Patch Group, and SSMManaged), business tags (e.g., Owner), and security tags (e.g., Confidentiality).

Apply the following best practices when using tags: * Use a standardized, case-sensitive format for tags, and implement it consistently across all resource types * Consider tag dimensions that support the following: * Managing resource access control with IAM * Cost tracking * Automation * AWS console organization * Implement automated tools to help manage resource tags. The Resource Groups Tagging API enables programmatic control of tags, making it easier to automatically manage, search, and filter tags and resources. * Err on the side of using too many tags rather than too few tags. * Develop a tagging strategy.

Note
It is easy to modify tags to accommodate changing business requirements; however, consider the consequences of future changes, especially in relation to tag-based access control, automation, or upstream billing reports.

Important
Patch Group is a reserved tag key used by Systems Manager Patch Manager that is case sensitive with a space between the two words.

Management Tools: CloudFormation

AWS CloudFormation is a service that helps you model and set up your Amazon Web Services resources so that you can spend less time managing those resources and more time focusing on your applications. You create a template that describes all the AWS resources that you want (like Amazon EC2 instances or Amazon RDS DB instances) and AWS CloudFormation provisions and configures those resources for you. AWS CloudFormation enables you to use a template file to create and delete a collection of resources as a single unit (a stack).

There is no additional charge for AWS CloudFormation. You pay for AWS resources (such as Amazon EC2 instances, Elastic Load Balancing load balancers, etc.) created using AWS CloudFormation in the same manner as if you created the resources manually. You only pay for what you use as you use it. There are no minimum fees and no required upfront commitments.

Deploy the Lab Infrastructure

To deploy the lab infrastructure:

1. Use your administrator account to access the CloudFormation console at https://console.aws.amazon.com/cloudformation/.

2. Choose Create Stack.

3. On the Select Template page, select Specify an Amazon S3 template URL and enter https://thorium-systemsmanager-lab.s3.amazonaws.com/OE_Inventory_and_Patch_Mgmt.json for the location.

AWS CloudFormation Designer

AWS CloudFormation Designer is a graphic tool for creating, viewing, and modifying AWS CloudFormation templates. With Designer you can diagram your template resources using a drag-and-drop interface. You can edit their details using the integrated JSON and YAML editor. AWS CloudFormation Designer can help you see the relationship between template resources.

6. Briefly review the graphical representation of the environment we are about to create, including the template in the JSON and YAML formats. You can use this feature to convert between JSON and YAML formats.

7. Choose the Create Stack icon (a cloud with an arrow) to return to the Select Template page.

8. On the Select Template page, choose Next.

A CloudFormation template is a JSON or YAML formatted text file that describes your AWS infrastructure containing both optional and required sections. In the next steps, we will provide a name for our stack and parameters that will be passed into the template to help define the resources that will be implemented.

9. In the Specify Details section, define a Stack name, such as OELabStack1.

10. In the Parameters section:

a. Leave InstanceProfile blank as we have not yet defined an instance profile. b. Leave InstanceTypeApp and InstanceTypeWeb as the default free-tier-eligible t2.micro value. c. Select the EC2 KeyName you defined earlier from the list. * In a browser window, go to http://checkip.amazonaws.com/ to get your IP. Enter your IP address in RDPLocation in CIDR notation (i.e., ending in /32). * Define the Workload Name as Test. * Choose Next.

11. On the Options page under Tags, define a Key of Owner, with Value set to the username you choose for your administrator. You may define additional keys as needed. The CloudFormation template creates all the example tags given in the discussion on tagging above.

12. Leave all other sections unmodified. Scroll to the bottom of the page and choose Next.

13. On the Review page, review your choices and then choose Create.

14. On the CloudFormation console page

a. **Check the box next to your Stack Name** to see its details. 
b. If your **Stack Name** is not displayed, click the **refresh** button (circular arrow) in the top right until it appears.
c. If the details are not displayed, choose the refresh button until details appear.

15. Choose the Events tab for your selected workload to see the activity log from the creation of your CloudFormation stack.

When the Status of your stack displays CREATE_COMPLETE in the filter list, you have just created a representation of a typical lift and shift 2-tier application migrated to the cloud.

16. Navigate to the EC2 console to view the deployed systems:

a. Choose **Instances**.
b. Select a server and review the details under its **Description** and **Tag** tabs.
![](/images/sm_image002.PNG)
c. (Optional) choose **Security Groups** and select the Security Group whose name begins with the name of your stack. Examine the inbound rules.
d. (Optional) navigate to the VPC console and examine the configuration of the VPC you just created.

The impact of Infrastructure as Code

With infrastructure as code, if you can deploy one environment, you can deploy any number of copies of that environment. In this example we have created a Test environment. Later, we will repeat these steps to deploy a Prod environment.

The ability to dynamically deploy temporary environments on-demand enables parallel experimentation, development, and testing efforts. It allows duplication of environments to recreate and analyze errors, as well as cut-over deployment of production systems using blue-green methodologies. These practices contribute to reduced risk, increased operations effectiveness, and efficiency.