We will make extensive use of tagging throughout the lab. The CloudFormation template for the lab includes the definition of multiple tags against a variety of resources.
AWS enables you to assign metadata to your AWS resources in the form of tags. Each tag is a simple label consisting of a customer-defined key and an optional value that can make it easier to manage, search for, and filter resources. Although there are no inherent types of tags, commonly adopted categories of tags include technical tags (e.g., Environment, Workload, InstanceRole, and Name), tags for automation (e.g., Patch Group, and SSMManaged), business tags (e.g., Owner), and security tags (e.g., Confidentiality).
Apply the following best practices when using tags: * Use a standardized, case-sensitive format for tags, and implement it consistently across all resource types * Consider tag dimensions that support the following: * Managing resource access control with IAM * Cost tracking * Automation * AWS console organization * Implement automated tools to help manage resource tags. The Resource Groups Tagging API enables programmatic control of tags, making it easier to automatically manage, search, and filter tags and resources. * Err on the side of using too many tags rather than too few tags. * Develop a tagging strategy.
It is easy to modify tags to accommodate changing business requirements; however, consider the consequences of future changes, especially in relation to tag-based access control, automation, or upstream billing reports.
Patch Group is a reserved tag key used by Systems Manager Patch Manager that is case sensitive with a space between the two words.
AWS CloudFormation is a service that helps you model and set up your Amazon Web Services resources so that you can spend less time managing those resources and more time focusing on your applications. You create a template that describes all the AWS resources that you want (like Amazon EC2 instances or Amazon RDS DB instances) and AWS CloudFormation provisions and configures those resources for you. AWS CloudFormation enables you to use a template file to create and delete a collection of resources as a single unit (a stack).
There is no additional charge for AWS CloudFormation. You pay for AWS resources (such as Amazon EC2 instances, Elastic Load Balancing load balancers, etc.) created using AWS CloudFormation in the same manner as if you created the resources manually. You only pay for what you use as you use it. There are no minimum fees and no required upfront commitments.
To deploy the lab infrastructure:
AWS CloudFormation Designer
AWS CloudFormation Designer is a graphic tool for creating, viewing, and modifying AWS CloudFormation templates. With Designer you can diagram your template resources using a drag-and-drop interface. You can edit their details using the integrated JSON and YAML editor. AWS CloudFormation Designer can help you see the relationship between template resources.
A CloudFormation template is a JSON or YAML formatted text file that describes your AWS infrastructure containing both optional and required sections. In the next steps, we will provide a name for our stack and parameters that will be passed into the template to help define the resources that will be implemented.
a. Leave InstanceProfile blank as we have not yet defined an instance profile.
b. Leave InstanceTypeApp and InstanceTypeWeb as the default free-tier-eligible t2.micro value.
c. Select the EC2 KeyName you defined earlier from the list.
* In a browser window, go to http://checkip.amazonaws.com/ to get your IP. Enter your IP address in RDPLocation in CIDR notation (i.e., ending in /32).
* Define the Workload Name as
* Choose Next.
a. **Check the box next to your Stack Name** to see its details. b. If your **Stack Name** is not displayed, click the **refresh** button (circular arrow) in the top right until it appears. c. If the details are not displayed, choose the refresh button until details appear.
When the Status of your stack displays CREATE_COMPLETE in the filter list, you have just created a representation of a typical lift and shift 2-tier application migrated to the cloud.
a. Choose **Instances**. b. Select a server and review the details under its **Description** and **Tag** tabs. !(/images/sm_image002.PNG) c. (Optional) choose **Security Groups** and select the Security Group whose name begins with the name of your stack. Examine the inbound rules. d. (Optional) navigate to the VPC console and examine the configuration of the VPC you just created.
With infrastructure as code, if you can deploy one environment, you can deploy any number of copies of that environment. In this example we have created a
Test environment. Later, we will repeat these steps to deploy a
The ability to dynamically deploy temporary environments on-demand enables parallel experimentation, development, and testing efforts. It allows duplication of environments to recreate and analyze errors, as well as cut-over deployment of production systems using blue-green methodologies. These practices contribute to reduced risk, increased operations effectiveness, and efficiency.