AWS re:Invent 2024 - Building multi-account, multi-region apps with Terraform Stacks (DOP206)

00:55:35
https://www.youtube.com/watch?v=gSM9g1v9bSU

Resumen

TLDRThe session focused on building multi-region applications using Terraform stacks. The presentation started by gauging audience experiences with managing dependencies and deploying infrastructure across multiple environments and regions. The speakers, experts from AWS and HashiCorp, introduced two main use cases: platform infrastructure deployment and application workloads deployment, highlighting challenges such as dependency management and consistency. They introduced Terraform Stacks as a solution to declare deployments, allowing for infrastructure orchestration through code without repeating existing Terraform module configurations. The session detailed the four base units of Terraform Stacks: components, deployment, orchestration, and deferred changes, which help model dependencies and streamline infrastructure provisioning. A live demonstration showcased using Terraform Stacks to deploy IAM roles across multiple AWS accounts and regions, utilizing Terraform configurations and providers to manage scalable deployments efficiently. The demo also demonstrated orchestrating EKS clusters with dependencies managed via Terraform Stacks. The session concluded with the potential operational efficiencies offered by Terraform Stacks, such as improved scalability, visibility, consolidation, and the reduction of manual operations through automation of deployment processes.

Para llevar

  • ๐Ÿ“ˆ Terraform Stacks offer powerful scalability for multi-region deployments.
  • ๐Ÿ’ก Infrastructure can be orchestrated via code using Terraform Stacks.
  • ๐Ÿ”„ Components and deployments are at the core of Terraform Stacks.
  • ๐Ÿš€ Operational efficiency is improved through automation and streamlined processes.
  • ๐Ÿ” Improved visibility with Terraform Stacks allows single-pane-of-glass management.
  • ๐Ÿ› ๏ธ Existing Terraform workflows remain intact with the addition of Terraform Stacks.
  • ๐Ÿ‘ Deferred changes help manage dependencies seamlessly.
  • ๐ŸŒ Supports complex multi-account, multi-region setups.
  • ๐Ÿ”’ Secure environment configurations maintained easily.
  • ๐Ÿ‘ฅ Platform engineering principles support efficient infrastructure management.

Cronologรญa

  • 00:00:00 - 00:05:00

    The session is focused on building multi-region applications using Terraform stacks. The speakers engage the audience with survey questions to gauge familiarity with managing dependencies across environments and deploying infrastructure across multiple accounts and regions. The importance of concepts like "Do Not Repeat Yourself" (DRY) and consistency in deployment is emphasized. Speakers introduce themselves and outline the agenda, including use cases, challenges, and solutions with Terraform stacks.

  • 00:05:00 - 00:10:00

    The speakers describe two types of use cases for multi-environment deployments: platform infrastructure and application infrastructure. Platform infrastructure involves deploying resources like networking and role-based access controls across multiple environments. The challenges include maintaining consistency and managing dependencies. Application infrastructure can span different environments and requires careful orchestration of dependencies, changes, and workflows. Solutions like AWS's Account Factory for Terraform and using Jinja templates are mentioned.

  • 00:10:00 - 00:15:00

    The presentation details how deploying application workloads involves complex dependencies, especially with Kubernetes clusters and add-ons that require information about the cluster before they can be deployed. Terraform stacks can help orchestrate these deployments by allowing configuration to be declared, avoiding duplication while maintaining scalability and consistency. The structure involves components, deployments, orchestration, and deferring changes when necessary.

  • 00:15:00 - 00:20:00

    The presentation introduces a conceptual model for Terraform stacks. Components represent infrastructure resources that get deployed; deployments define how resources are replicated across different environments, while accommodating variables specific to each environment. Orchestration rules manage dependencies and execution order, allowing for scalable and repeatable infrastructure while alleviating the need to duplicate code.

  • 00:20:00 - 00:25:00

    The speakers emphasize Terraform stacks' ability to handle dependencies dynamically. They outline that infrastructure orchestration is just as important as application orchestration. Terraform stacks allow infrastructure coded as modules to be reused efficiently. Key benefits include reducing repetition and maintenance burdens. Practical deployments using Stacks ensure infrastructure changes are pivotal and reproducible, aligning with DevOps and platform engineering practices.

  • 00:25:00 - 00:30:00

    A live demo is anticipated, highlighting the worry about technical difficulties but expressing confidence in the process due to the room's energy. The structure of a Terraform stack is further explained, detailing components, orchestration, and deferring changes, and how these solve deployment challenges. The presentation emphasizes how Terraform stacks streamline deployment processes by better handling lifecycle and orchestration complexities.

  • 00:30:00 - 00:35:00

    The live demo begins with a focus on deploying infrastructure components like IAM roles across multiple AWS accounts. Terraform stacks enable declarative infrastructure deployments at scale. The deployment demonstration involves setting up Terra constraints, using providers for orchestration, and showcasing scalability by deploying infrastructure to multiple accounts. The demo presents creating deployment stacks and configuring them to simplify complex, multi-region deployments without duplicating code.

  • 00:35:00 - 00:40:00

    The demo continues with the process of deploying components such as VPC and EKS across environments. It demonstrates how to define dependencies between components and environments, managing order and execution without manual intervention. The presentation demonstrates how Terraform stacks use deferring changes effectively, showcasing its power to handle complex dependencies and streamline the pipeline from development to production.

  • 00:40:00 - 00:45:00

    The speakers wrap up the demo by discussing the operational efficiency and scalability of Terraform stacks. By utilizing a declarative approach, it minimizes the workload involved in managing complex deployments. The demo successfully shows the ease of deploying intricate architectures with dependent resources. This approach highlights troubleshooting ease, scalability, and ongoing infrastructure management reinforcement while enhancing team visibility over infrastructure changes.

  • 00:45:00 - 00:50:00

    The presenters discuss the strategic advantages of Terraform stacks, such as operational efficiency, improved visibility, and simplified code management through consolidation. They emphasize how Terraform stacks manage variables, orchestrate deployments, and ensure consistency across different environments and regions. The stack structure facilitates reduced maintenance overhead and the tasks like change propagation become seamless, alleviating common infrastructural deployment burdens.

  • 00:50:00 - 00:55:35

    The session concludes with an overview of HashiCorp's cloud platform offerings and additional resources for learning about Terraform stacks. The presenters highlight the ecosystem's support for a wide range of infrastructure management needs, including multidimensional scaling, standardization, and security. They thank the audience for their participation, offer gratitude to the tech team, and encourage further exploration of resources and tutorials for better understanding and application of Terraform stacks.

Ver mรกs

Mapa mental

Vรญdeo de preguntas y respuestas

  • What are the key components of Terraform Stacks?

    The key components of Terraform Stacks include components, deployment, orchestration, and deferred changes.

  • How do Terraform Stacks improve operational efficiency?

    Terraform Stacks improve operational efficiency by automating deployment processes, reducing manual operations, and enabling easy scalability.

  • Can existing Terraform modules be used with Terraform Stacks?

    Yes, existing Terraform modules can be used with Terraform Stacks without any changes.

  • What challenges do Terraform Stacks help solve?

    Terraform Stacks help solve challenges such as dependency management, consistency across environments, and orchestration of complex deployments.

  • Is manual intervention required during deployment with Terraform Stacks?

    Terraform Stacks can automate many aspects of deployment, reducing the need for manual intervention.

  • How can Terraform Stacks scale deployments across multiple regions?

    Terraform Stacks can scale deployments across regions using configuration files and provider mappings to automate processes for various environments.

  • What is the benefit of deferred changes in Terraform Stacks?

    Deferred changes allow for continued work and planning when certain resources have not yet been fully applied, helping manage dependencies effectively.

  • How do Terraform Stacks manage multiple AWS accounts?

    Terraform Stacks use configuration within provider blocks to manage deployments and resources across multiple AWS accounts systematically.

  • What kind of infrastructure can be orchestrated using Terraform Stacks?

    Virtually any type of infrastructure, including networks, roles, and application clusters, can be orchestrated using Terraform Stacks.

  • Can Terraform Stacks be used for platform engineering?

    Yes, Terraform Stacks support platform engineering by enabling infrastructure as code and facilitating scalable deployments.

Ver mรกs resรบmenes de vรญdeos

Obtรฉn acceso instantรกneo a resรบmenes gratuitos de vรญdeos de YouTube gracias a la IA.
Subtรญtulos
en
Desplazamiento automรกtico:
  • 00:00:00
    Good morning. Good morning.
  • 00:00:02
    I still see some people settle in in the
  • 00:00:04
    back, but I think we can get started.
  • 00:00:08
    Here we go. So welcome. Today,
  • 00:00:11
    today's stations is above
  • 00:00:14
    building will con multi
  • 00:00:16
    region application with telecom stacks
  • 00:00:19
    before we get started with some introductions. Let's
  • 00:00:21
    kind of warm up the room and we have couple
  • 00:00:24
    kind of survey question for you.
  • 00:00:27
    Uh Great. You might want to ask this first questions.
  • 00:00:29
    This is gonna be really hard because we are gonna need you to show
  • 00:00:32
    your hands if you've ever built custom
  • 00:00:34
    tooling to manage dependencies
  • 00:00:36
    across different environments, be that,
  • 00:00:38
    you know, production, staging development,
  • 00:00:40
    be that multiple regions, multiple
  • 00:00:43
    Aws partitions?
  • 00:00:44
    If you've done that, raise your hand shell
  • 00:00:46
    scripts count, make files count. All right.
  • 00:00:49
    If you wrote your own binaries for that, I love
  • 00:00:51
    you, but I'm so sorry.
  • 00:00:54
    All right.
  • 00:00:55
    Let's do another question. This is a question
  • 00:00:58
    I like. If you
  • 00:01:00
    consider yourself like platform engineers,
  • 00:01:02
    you deploy infrastructures multiple
  • 00:01:04
    times across multiple accounts, multiple
  • 00:01:07
    regions.
  • 00:01:08
    Anyone doing that today?
  • 00:01:09
    Yeah. Awesome.
  • 00:01:11
    My team, my people.
  • 00:01:13
    Um and have you ever heard concepts
  • 00:01:15
    such as dry? Do not repeat yourself?
  • 00:01:18
    Yeah. And also kind of struggle. How
  • 00:01:20
    do I actually, I do that
  • 00:01:23
    and looks like we have a healthy
  • 00:01:25
    amount of right hand on both sides,
  • 00:01:27
    which mean you are on the right sections. I'm
  • 00:01:30
    going to introduce myself. Now, my name is
  • 00:01:32
    Well, I'm a principal partner, solution architect
  • 00:01:35
    at Aws. And here today I'm joined with
  • 00:01:37
    my distinguished colleagues, Kim.
  • 00:01:39
    My name is Kim. I'm a senior developer advocate at
  • 00:01:41
    Hay Corp. We're focused on infrastructure and orchestration,
  • 00:01:43
    tooling. So tools like terraform Packer
  • 00:01:45
    and Nomad.
  • 00:01:47
    So, so we have jam pack again
  • 00:01:49
    the day. Um You rest your hands.
  • 00:01:52
    So you know what you potentially gonna
  • 00:01:54
    learn today
  • 00:01:55
    and in case you didn't really raise your
  • 00:01:57
    hand on boats, stay tuned because there's a couple
  • 00:01:59
    of things that you might learn today as well.
  • 00:02:01
    So today we're gonna discuss what are the
  • 00:02:03
    use cases for multi environment, multi
  • 00:02:06
    econs, multiple regions and et cetera,
  • 00:02:08
    gonna also talk about the challenges that
  • 00:02:10
    happened with that model.
  • 00:02:12
    And then we're gonna talk a little bit about what
  • 00:02:14
    is start from stacks
  • 00:02:15
    and follow with that. We have a cool demo
  • 00:02:18
    and we're gonna wrap up with a couple
  • 00:02:20
    more conclusions.
  • 00:02:22
    So with that,
  • 00:02:23
    um first, I wanna
  • 00:02:25
    talk a little bit more about the
  • 00:02:27
    use cases. Some of you might
  • 00:02:30
    already very familiar with this, but for some,
  • 00:02:32
    this is maybe completely new. So stay
  • 00:02:34
    tuned, you might hear and learn about a couple of
  • 00:02:36
    things.
  • 00:02:38
    So when we talk about multi
  • 00:02:39
    environments. Actually, there's two types of use
  • 00:02:42
    cases. Typically.
  • 00:02:43
    The first one is the one I like platform infrastructures.
  • 00:02:46
    You deploy some resources typically
  • 00:02:48
    like networking layer security
  • 00:02:50
    permissions, im roles and etcetera.
  • 00:02:53
    And in here, you're really kind of doing it as
  • 00:02:56
    consistently across multiple environments
  • 00:02:59
    across multiple workloads.
  • 00:03:01
    And when you talk about this group,
  • 00:03:03
    really one of the key
  • 00:03:07
    items that they really care about is this
  • 00:03:09
    concept of drive, do not repeat yourself
  • 00:03:11
    how you ensure like you're not copy, pasting the same
  • 00:03:13
    code over and over and over again.
  • 00:03:16
    The second thing really important for these types
  • 00:03:19
    of group is that the consistency
  • 00:03:21
    because you are really thinking about dealing with
  • 00:03:23
    10 hundreds or maybe thousands
  • 00:03:26
    of accounts and how you ensure that you have
  • 00:03:28
    that consistency because you cannot really
  • 00:03:30
    go to each of the accounts that inspect everything.
  • 00:03:34
    How are we doing it today? Typically, you have this
  • 00:03:36
    potential model like you
  • 00:03:39
    see in the screens where you try to
  • 00:03:41
    decouple your
  • 00:03:42
    configurations, issuing models
  • 00:03:45
    and then you have your main deployments of your
  • 00:03:47
    root configurations, multiple accounts
  • 00:03:50
    and then you have a pipeline that then handles
  • 00:03:53
    the deployments across multiple
  • 00:03:55
    environments.
  • 00:03:56
    Now, a couple of things in here
  • 00:03:59
    that I think is key to the challenge
  • 00:04:01
    for this group stage management. You
  • 00:04:03
    have to deal with that as part of the
  • 00:04:05
    orchestration itself.
  • 00:04:07
    And the second part is the actual workflow
  • 00:04:09
    navigating through the directories ensuring
  • 00:04:12
    like the right account has the right variables
  • 00:04:14
    and et cetera.
  • 00:04:15
    So this is the first types
  • 00:04:17
    of the use cases and some of those challenges
  • 00:04:19
    that we see today.
  • 00:04:21
    How are we solving this today? Um
  • 00:04:23
    Aws has a solution called Account Factory for Terra,
  • 00:04:26
    which allows you to build a pipeline,
  • 00:04:28
    but it's not really something that
  • 00:04:30
    um easy to use per se
  • 00:04:33
    or you can also use Ginger templates and et cetera,
  • 00:04:35
    you name it, there's some solution out there.
  • 00:04:39
    When you look at the second workload,
  • 00:04:41
    I think a lot of you may have seen something like this as
  • 00:04:43
    well. When we say about real applications,
  • 00:04:46
    application today can span across
  • 00:04:49
    this blurry line between what is called infrastructure
  • 00:04:51
    and what's called applications. For example,
  • 00:04:54
    you might have a community
  • 00:04:55
    clusters that's running your community
  • 00:04:57
    workload.
  • 00:04:59
    Now
  • 00:05:00
    at high level, everything looks straightforward for these types
  • 00:05:02
    of workload. But really let's take a look.
  • 00:05:05
    Um
  • 00:05:06
    Typically you have something like this, you have your PC
  • 00:05:08
    as your networking layers
  • 00:05:10
    and then you have your cluster.
  • 00:05:12
    The cluster also includes an add on.
  • 00:05:14
    Now, if we zoom in on this box,
  • 00:05:17
    what you will see is that first you
  • 00:05:19
    have the cluster that you have to create
  • 00:05:21
    and then after that, you have to create the actual
  • 00:05:24
    service and add ons.
  • 00:05:26
    Now, if you're familiar with how telephone
  • 00:05:28
    works, you run telephone plan,
  • 00:05:30
    what you're going to see is there's gonna be a lot of
  • 00:05:32
    unknown values. For example, for
  • 00:05:34
    your add ons, you have to know what is the cluster
  • 00:05:37
    on or the name of the cluster
  • 00:05:39
    or the idea of that cluster before that
  • 00:05:41
    cluster can be exist, you have to have
  • 00:05:43
    the VPC first,
  • 00:05:45
    which mean like you might have seen a lot of
  • 00:05:47
    this known after apply,
  • 00:05:49
    you fairly familiar with this model
  • 00:05:51
    where in telephone plans, a couple
  • 00:05:53
    of things show up with the values. The rest
  • 00:05:55
    of it is unknown.
  • 00:05:58
    Now, if you delve deep into the
  • 00:06:00
    application, same thing because if you have
  • 00:06:02
    your parts, you have to have your name space before
  • 00:06:04
    you have your name space, you have to have the cluster and
  • 00:06:06
    you have to have the authentications to the communities
  • 00:06:09
    provider from that cluster as well.
  • 00:06:12
    So
  • 00:06:13
    if you look at it, you're gonna split this into
  • 00:06:15
    multiple accounts, multiple environments, then
  • 00:06:18
    suddenly you have a lot of this dependency that's
  • 00:06:20
    gonna mapping from one to the
  • 00:06:22
    others. Um
  • 00:06:24
    What typically customers do today, what
  • 00:06:26
    we hear from the customer is that they are going to slice
  • 00:06:29
    this into multiple telephone deployments.
  • 00:06:31
    First, they're going to deploy the
  • 00:06:33
    c the networking layers
  • 00:06:35
    and then they have another workspace to deploy
  • 00:06:37
    their cluster, followed
  • 00:06:39
    by the service add ons and then the pots,
  • 00:06:42
    they have to do this because they want to ensure that the
  • 00:06:44
    dependency is correctly mapped
  • 00:06:46
    between each of the stages.
  • 00:06:49
    Now, if you imagine that and you have
  • 00:06:51
    a project that has like three environments,
  • 00:06:54
    then suddenly this metrics start to
  • 00:06:56
    grow. Oops, sorry.
  • 00:07:00
    And this metrics in here, you can see there's a lot of dependency
  • 00:07:02
    from one project or one workspace to
  • 00:07:04
    the other workspace. You have to wait for this
  • 00:07:07
    development to complete, going
  • 00:07:09
    to the productions. After the production
  • 00:07:11
    complete, you go to the dr if something
  • 00:07:13
    goes wrong, then the dependency issues
  • 00:07:15
    in here. It also
  • 00:07:18
    mean like if you want to add new environments,
  • 00:07:20
    then you have to have to inject
  • 00:07:22
    this into this new ordering. You have to
  • 00:07:24
    deal with this ordering, not to mention
  • 00:07:26
    the time it takes to actually go through it.
  • 00:07:30
    So two use cases, platform
  • 00:07:32
    resources, workload resources,
  • 00:07:35
    edo surface kind of looks different,
  • 00:07:38
    right? One is about many cos many
  • 00:07:40
    regions, you know, preferred consistencies.
  • 00:07:42
    Um you have large target and you have higher
  • 00:07:45
    level abstractions. While the others
  • 00:07:47
    is workload where you have
  • 00:07:49
    a very targeted, you have a specific order,
  • 00:07:51
    how you want to deploy your workloads.
  • 00:07:53
    Um Regardless
  • 00:07:56
    between this platform and the workload
  • 00:07:58
    resources, there are still challenges in terms
  • 00:08:00
    like how you manage the workflow and the stage
  • 00:08:02
    management.
  • 00:08:05
    All right,
  • 00:08:06
    with that,
  • 00:08:07
    we really think about these issues.
  • 00:08:10
    It's come to this idea of like
  • 00:08:12
    why don't we have a way to declare
  • 00:08:15
    the deployments?
  • 00:08:16
    You can declare your infrastructure as the code.
  • 00:08:19
    But why can't I declare my deployment
  • 00:08:21
    as the code as well?
  • 00:08:24
    And exactly that's what we're thinking um
  • 00:08:26
    in here is that
  • 00:08:28
    let's just have this kind of like pseudo code.
  • 00:08:30
    As you can see in the screen will say, I want to declare
  • 00:08:32
    my deployments, specify the input regions
  • 00:08:35
    and then I specify the number of these
  • 00:08:37
    instances, for example.
  • 00:08:40
    And this is really like what we're
  • 00:08:43
    trying to build. And the idea is like, we don't want
  • 00:08:45
    to change the existing way you work with Terra,
  • 00:08:47
    you're still using the same models. For example,
  • 00:08:49
    we don't want to expect you to make any changes
  • 00:08:52
    to that. But building
  • 00:08:54
    on top of that, we want to have this another layer
  • 00:08:56
    of instructions written as a quote
  • 00:08:58
    to really allow you to orchestrate
  • 00:09:00
    these deployments.
  • 00:09:03
    And with that, we're going to introduce you to
  • 00:09:05
    telephone stacks. I'm gonna have Karim to talk
  • 00:09:07
    a little bit more about this.
  • 00:09:08
    Beautiful. Thank you.
  • 00:09:10
    So, the important thing is that for the past decade
  • 00:09:13
    or so, right. We've tried to isolate
  • 00:09:15
    our workspaces. We've tried to make sure everything
  • 00:09:17
    is neatly separated. So
  • 00:09:20
    when somebody updates DNS records, they
  • 00:09:22
    don't actually wipe out the DNS zones,
  • 00:09:24
    wipe out VPC and everything,
  • 00:09:27
    even though a single apply would probably be
  • 00:09:29
    easier. Luckily,
  • 00:09:31
    you can still have that isolation with
  • 00:09:34
    stacks. You're just able to take it a little bit
  • 00:09:36
    further. And
  • 00:09:37
    I wanna give credit to our product manager
  • 00:09:39
    who came up with the idea of calling this infrastructure
  • 00:09:41
    as code as code.
  • 00:09:43
    Uh So basically,
  • 00:09:45
    you know, go go next level, still
  • 00:09:47
    use your own modules. Sorry, your old modules
  • 00:09:50
    um keep maintaining them, keep using them,
  • 00:09:52
    but add a little bit on top of that.
  • 00:09:54
    So with we giving us a clear understanding
  • 00:09:57
    of the problem space and workflows
  • 00:10:00
    and work flows that may or may not work
  • 00:10:02
    for what you need
  • 00:10:04
    in the sense of oh it takes human interaction.
  • 00:10:06
    Nobody has time for that.
  • 00:10:08
    Nobody wants to spend time on that. Nobody wants to wait
  • 00:10:10
    for things to be deployed.
  • 00:10:12
    Let's have a look at how sta can solve
  • 00:10:14
    this. And
  • 00:10:17
    so a terraform stack, like
  • 00:10:19
    your actual application stack consists
  • 00:10:21
    of a couple of different units. And the
  • 00:10:23
    first base unit we're gonna be talking about is called
  • 00:10:25
    a component
  • 00:10:27
    combination of one or more modules,
  • 00:10:29
    telephone modules
  • 00:10:31
    that define what your stock looks
  • 00:10:33
    like from a resource perspective. So
  • 00:10:36
    your R DS, your two
  • 00:10:39
    whatever else you need and have
  • 00:10:41
    combination of networking, computer storage,
  • 00:10:43
    you know, everything really
  • 00:10:46
    add to that a
  • 00:10:48
    deployment.
  • 00:10:49
    This unit basically defines
  • 00:10:52
    how many times a collection
  • 00:10:54
    of modules and a collection of components gets
  • 00:10:56
    deployed. And how
  • 00:10:58
    goal here is really to repeat the infrastructure
  • 00:11:01
    provisioning
  • 00:11:02
    and that part of the whole process
  • 00:11:04
    while not repeating the code for it. Because
  • 00:11:07
    there's no point
  • 00:11:08
    also when you repeat code,
  • 00:11:10
    you sell yourself up with maintenance
  • 00:11:12
    burden because that extra
  • 00:11:14
    deployment which has slightly different
  • 00:11:16
    code than the other one.
  • 00:11:18
    Now basically means you have to go through two RBI cycles.
  • 00:11:22
    And I'm a very lazy person. I don't want to read you the SIM code
  • 00:11:24
    twice,
  • 00:11:25
    but we're not there yet. You know, writing
  • 00:11:27
    code is easy,
  • 00:11:29
    writing good code is slightly harder,
  • 00:11:31
    especially if you need to add the documentation,
  • 00:11:33
    which you know,
  • 00:11:35
    while trying to enable platform
  • 00:11:37
    paradigms,
  • 00:11:38
    which kind of means that we want to hand off our best
  • 00:11:40
    code to other people.
  • 00:11:42
    It's the right documentation for that.
  • 00:11:45
    And then you have to invoke it multiple times
  • 00:11:47
    in a predictable way.
  • 00:11:50
    Doing that manually is not the predictable
  • 00:11:52
    way. It's hard, it's it's tedious
  • 00:11:54
    and primarily
  • 00:11:57
    it's error prone.
  • 00:11:58
    So we wanna get away from that
  • 00:12:01
    where infrastructure really gets interesting is
  • 00:12:06
    when you define the orchestration, part of
  • 00:12:08
    that infrastructure, we're not talking
  • 00:12:10
    cinetis or nomad
  • 00:12:11
    or workload, orchestration. But the actual infrastructure
  • 00:12:14
    orchestration, you know, this workspace should be
  • 00:12:16
    deployed when that workspace is done with
  • 00:12:18
    this resource should be done when that
  • 00:12:20
    resource gets fully provisioned.
  • 00:12:23
    And when we have things like an are available
  • 00:12:25
    that we can use to configure things downstream.
  • 00:12:28
    So in the orchestration unit, you to find
  • 00:12:31
    the checks and the rules that you need
  • 00:12:33
    to get your deployment
  • 00:12:35
    out there
  • 00:12:36
    and last but not least, of course.
  • 00:12:39
    And, and this is one of my favorite
  • 00:12:41
    uh features of, of stacks really
  • 00:12:43
    is the fur changes.
  • 00:12:45
    Sometimes you've got this set up where you make a conflict
  • 00:12:48
    change, right? Your plan runs
  • 00:12:50
    and telephone will go, there's
  • 00:12:52
    27 things that will be known
  • 00:12:54
    after apply.
  • 00:12:55
    Terefore really makes an effort to retrieve that information,
  • 00:12:57
    tries to figure out the relationship of everything.
  • 00:13:01
    But it can't always sometimes
  • 00:13:03
    takes, you know, 1015 minutes to get
  • 00:13:05
    a cluster. If you're doing h databases,
  • 00:13:08
    that time goes up.
  • 00:13:10
    So at that point, TEIR is blocked
  • 00:13:13
    with the first changes, work can
  • 00:13:15
    still continue
  • 00:13:17
    in the background
  • 00:13:18
    and then get back to the main
  • 00:13:20
    plan to figure out what needs to be
  • 00:13:22
    done until you end up at the
  • 00:13:24
    bottom of
  • 00:13:26
    our beautiful um
  • 00:13:28
    not diagram diagram
  • 00:13:30
    which is success. It's time for more
  • 00:13:32
    coffee
  • 00:13:35
    starts with a simple change.
  • 00:13:37
    Maybe you're deploying an EKS cluster,
  • 00:13:39
    the workload definition that needs
  • 00:13:42
    some add ons some name spaces
  • 00:13:46
    in all those results
  • 00:13:48
    in delays,
  • 00:13:50
    not with terraform sex,
  • 00:13:52
    everything just gets provisioned the way
  • 00:13:55
    you want it.
  • 00:13:56
    I think it be fun to look at how we can
  • 00:13:58
    model this
  • 00:14:00
    because theory is important.
  • 00:14:02
    Applied theory is more fun. Maybe
  • 00:14:04
    we'll throw in a life demo.
  • 00:14:06
    I think we're gonna do that later on. Yeah, that's gonna
  • 00:14:08
    be troublesome.
  • 00:14:10
    But so we've got four basic units that
  • 00:14:13
    make up from stack.
  • 00:14:15
    So if we look back at the two previous examples that,
  • 00:14:17
    well, I mentioned
  • 00:14:19
    we've got the core of our application. So VPC
  • 00:14:21
    CR calculations um regional
  • 00:14:24
    cr calculations of course, because
  • 00:14:26
    we don't want to interfere with the office VPN that's
  • 00:14:28
    also connected.
  • 00:14:30
    Um All the out of here, here's some
  • 00:14:32
    people chuckling you haven't been there.
  • 00:14:35
    Yeah, that's, uh, that's a painful part.
  • 00:14:37
    We can do a self help group after that.
  • 00:14:39
    Um, routing tables. Of course, don't forget
  • 00:14:41
    those internet gateways, everything else that, you
  • 00:14:44
    know, well, architected uh, framework
  • 00:14:46
    tells you to have in there and, and to make
  • 00:14:48
    sure. And I know, you
  • 00:14:50
    know, from the way you raise your hand, everyone
  • 00:14:53
    here writes very well defined,
  • 00:14:55
    very
  • 00:14:56
    perfect code. Right. We all
  • 00:14:58
    have those colleagues that don't
  • 00:15:00
    and that's troublesome.
  • 00:15:02
    Uh So, you know, im modules
  • 00:15:05
    that define boundaries, so
  • 00:15:07
    people can't break things, they shouldn't be able to break.
  • 00:15:11
    Um We'll define our access profile,
  • 00:15:13
    what else? Um
  • 00:15:15
    Things that line up with our organization's
  • 00:15:17
    requirements that make the czar happy
  • 00:15:20
    that uh end up in you not resulting
  • 00:15:23
    in getting a news article published about your company.
  • 00:15:25
    The important stuff here,
  • 00:15:28
    permission sets. Uh If you're working
  • 00:15:30
    with multiple Aws accounts, you should,
  • 00:15:32
    if you're not, you should very
  • 00:15:34
    important. Uh permission sets will drastically
  • 00:15:37
    make that easily uh easier,
  • 00:15:39
    not easy. Sorry, security
  • 00:15:41
    is never easy,
  • 00:15:42
    but it should always be
  • 00:15:45
    built in a way that you don't want to say no
  • 00:15:47
    to it because that's what your security
  • 00:15:49
    team does.
  • 00:15:51
    But in our case, we're splitting up our components
  • 00:15:54
    in a way that logically makes sense.
  • 00:15:57
    This is one way to do it as
  • 00:15:59
    well. He pointed out earlier. This is not the only
  • 00:16:01
    way usually if
  • 00:16:03
    you build infrastructure, it will model the way
  • 00:16:06
    your organization works
  • 00:16:07
    because that's what we do as engineers, right? We build
  • 00:16:09
    stuff that reflects who we are
  • 00:16:12
    and how we work, how our organization works.
  • 00:16:16
    And so
  • 00:16:18
    once you've modeled all your dependencies,
  • 00:16:20
    you've got your deployment
  • 00:16:22
    networking.
  • 00:16:23
    I ma
  • 00:16:24
    little bit of extra stuff on there
  • 00:16:27
    and we can turn this deployment
  • 00:16:29
    into a couple of different deployments
  • 00:16:32
    with deployment specific variables
  • 00:16:34
    across all three of these
  • 00:16:37
    or across kind of things.
  • 00:16:39
    Or 100
  • 00:16:43
    quick show of hands who here knows how many
  • 00:16:45
    regions aws has
  • 00:16:48
    26.
  • 00:16:50
    It's a good guess
  • 00:16:51
    if you're not using the beta regions,
  • 00:16:54
    the first question for that would be which
  • 00:16:56
    partition are we talking about?
  • 00:16:58
    But 26 is good. 29 would also
  • 00:17:00
    uh be really good if you do all the beta stuff,
  • 00:17:05
    this gets insanely complex when
  • 00:17:07
    you do this for every region and sometimes
  • 00:17:09
    you have workloads that require that think
  • 00:17:12
    gaming uh
  • 00:17:14
    not just static assets, static assets is easy,
  • 00:17:16
    right? Throw that onto a cloud front
  • 00:17:19
    distribution, things get super
  • 00:17:21
    super easy there. But actual
  • 00:17:23
    stuff that needs to be calculated everywhere
  • 00:17:26
    with fail over and everything add
  • 00:17:28
    in availability zones.
  • 00:17:30
    Yeah, this uh complexity
  • 00:17:33
    goes out the door.
  • 00:17:34
    Couldn't fit that on this slide or both of these slides
  • 00:17:36
    together. So we'll need
  • 00:17:38
    orchestration rules for this.
  • 00:17:41
    But first let's go back to your uh application
  • 00:17:43
    workload example
  • 00:17:44
    and
  • 00:17:46
    look what we can do there in terms of
  • 00:17:48
    modeling it.
  • 00:17:50
    So bring in VPC,
  • 00:17:52
    which is the easy part,
  • 00:17:55
    bring in our heavy hitter, which is our
  • 00:17:57
    ECs cluster.
  • 00:17:58
    And if you've ever written an
  • 00:18:00
    ECs cluster module,
  • 00:18:02
    you know, there's about 417
  • 00:18:04
    different questions that you're going to be asking yourself
  • 00:18:06
    as part of this process
  • 00:18:09
    because you want it to be perfect, right?
  • 00:18:11
    You want to be doing exactly what you need,
  • 00:18:15
    but making it reusable is the hard
  • 00:18:17
    part. So we
  • 00:18:19
    have a little bit of a separation of dependencies
  • 00:18:21
    here going
  • 00:18:23
    and we choose to isolate by component
  • 00:18:25
    type. But cost
  • 00:18:27
    alone, is it right? We need name spaces,
  • 00:18:29
    we need add ons for monitoring. I think
  • 00:18:31
    you've got the FOPS add on in your
  • 00:18:33
    stuff.
  • 00:18:36
    We had, we had monitoring role based access.
  • 00:18:38
    Of course, we
  • 00:18:39
    want to make sure our workloads work
  • 00:18:42
    but are properly isolated and easily
  • 00:18:44
    distributed.
  • 00:18:47
    I'm the kind of engineer that likes to build stuff
  • 00:18:49
    that doesn't break at three in the morning because
  • 00:18:51
    I really don't operate well at that time,
  • 00:18:54
    which means we spend a lot,
  • 00:18:56
    I think when we work together, we spend a lot more time
  • 00:18:59
    thinking about it than actually building it
  • 00:19:01
    because writing code is easy, right? Making
  • 00:19:03
    sure it doesn't break is the hard part.
  • 00:19:06
    I just want to add one thing as well. Like the way
  • 00:19:08
    we want to model these components in here is
  • 00:19:10
    to make sure we understand the life cycle of
  • 00:19:12
    these resources. So life cycle of
  • 00:19:14
    resources that has pretty much the same,
  • 00:19:16
    like you can likely deploy
  • 00:19:17
    BC and IM roll that could be in the
  • 00:19:20
    same components.
  • 00:19:21
    But then if you look at this, what
  • 00:19:23
    Kim described earlier,
  • 00:19:25
    there is a separation between the cluster
  • 00:19:27
    and then the Cubin.
  • 00:19:28
    Because in order for you to start working on
  • 00:19:30
    those CIN resources, you have to have
  • 00:19:32
    that cluster ready first. That's why we
  • 00:19:34
    kind of try to kind of specialize these
  • 00:19:36
    components in here back to you back.
  • 00:19:39
    Thank you.
  • 00:19:40
    Yeah, I think to, to put this how a friend
  • 00:19:42
    of mine once put it to do devops
  • 00:19:45
    and to do platform engineering, you have to be
  • 00:19:47
    platform engineering, you have to feel platform
  • 00:19:49
    engineering deep inside your heart
  • 00:19:51
    because only when you understand how your application
  • 00:19:53
    pods depend on the name spaces
  • 00:19:55
    and everything else. Can you actually model
  • 00:19:57
    this in a sensible way
  • 00:19:59
    and that's your mindfulness tip for today, be
  • 00:20:01
    one with your infrastructure by understanding what
  • 00:20:03
    you're doing before you do it
  • 00:20:05
    before your cluster gets to be operational.
  • 00:20:08
    And just like before you can
  • 00:20:11
    package this up for your environment
  • 00:20:13
    in any way you need.
  • 00:20:14
    And of course, if you've ever deployed
  • 00:20:17
    this exact type of setup,
  • 00:20:19
    you know, it's gonna break because you cannot
  • 00:20:22
    configure a Cuban TIS provider and the home provider
  • 00:20:24
    until the EKS cluster is done, which
  • 00:20:27
    means you can do the name spaces.
  • 00:20:29
    Are there ways around that? Of course, you could do
  • 00:20:31
    something like local exec you could use shell
  • 00:20:34
    script,
  • 00:20:36
    you could really upset everyone in this room
  • 00:20:38
    by going even further down
  • 00:20:41
    the road. But really, it's a chicken meat egg problem
  • 00:20:44
    and we want to avoid that. So
  • 00:20:47
    bring in a couple of deferred changes
  • 00:20:49
    and let terraform stacks figure out how this
  • 00:20:51
    can go and how the applied
  • 00:20:54
    process should go.
  • 00:20:55
    Terraform for the past 10 years has spent
  • 00:20:58
    time understanding the relationship of your
  • 00:21:01
    infrastructure, right?
  • 00:21:02
    We do a dynamic reference from one resource
  • 00:21:05
    to another. That's a relationship.
  • 00:21:07
    The uh that's goes through the graph,
  • 00:21:09
    the graph figures out I need to do this first.
  • 00:21:12
    Then we can do this
  • 00:21:13
    care from sacks, takes that a little
  • 00:21:16
    bit further
  • 00:21:18
    and then comes the easy part,
  • 00:21:20
    Stax figures this out, rinse and repeat three
  • 00:21:23
    environments,
  • 00:21:25
    different input variables, of course,
  • 00:21:27
    different region names,
  • 00:21:29
    but all in all same code,
  • 00:21:33
    it's a lot of theory. So sorry
  • 00:21:35
    for that. I know there's a, there's a lot
  • 00:21:38
    we're packing into this.
  • 00:21:39
    You know what I'm, I'm super excited for what
  • 00:21:41
    comes next
  • 00:21:42
    and what comes next
  • 00:21:44
    is going to be life. So first
  • 00:21:46
    of all, Willie was worried that this
  • 00:21:49
    might not work
  • 00:21:50
    and I told him it's gonna work because the energy in the
  • 00:21:52
    room is gonna be crazy.
  • 00:21:57
    So somebody could just go like w well,
  • 00:22:00
    all right, see, you know, you can
  • 00:22:02
    fill now, I know no pressure,
  • 00:22:04
    no pressure.
  • 00:22:06
    OK?
  • 00:22:07
    We always try not to do too
  • 00:22:09
    much of live demos, but I can, I
  • 00:22:11
    can just help myself for this.
  • 00:22:14
    So we hope that the Wi Fi
  • 00:22:16
    is gonna work well.
  • 00:22:18
    Um
  • 00:22:18
    Yeah. So I think the next part in here.
  • 00:22:21
    Oh, sorry. Just the demo.
  • 00:22:23
    Switch the screen,
  • 00:22:28
    right? Readable all the way in the
  • 00:22:30
    back. Yep.
  • 00:22:31
    All good in the back. Someone can make thumbs
  • 00:22:33
    up. Awesome. Thank you.
  • 00:22:35
    All right. So let's go start with
  • 00:22:37
    the demo.
  • 00:22:38
    We're gonna coming back to a couple of the
  • 00:22:40
    theories that Kim mentioned earlier.
  • 00:22:43
    But first of all,
  • 00:22:44
    I have
  • 00:22:45
    three components that I want to demo today.
  • 00:22:48
    First, we're gonna look at the infrastructures. Remember
  • 00:22:50
    we have iron rolls and stuff like that. Let's
  • 00:22:52
    try to replicate that in stacks across
  • 00:22:54
    one, multiple accounts and I will try
  • 00:22:56
    to kind of scale that across like a dozen
  • 00:22:59
    more accounts. And how, how are we gonna do that
  • 00:23:01
    without typing too many codes?
  • 00:23:04
    So my first part of the demo,
  • 00:23:06
    let's kind of get a sense like
  • 00:23:08
    what is tax and how that looks like in
  • 00:23:10
    your terra
  • 00:23:12
    you might see in some files in here that looks
  • 00:23:14
    familiar but not really.
  • 00:23:16
    Uh First there's the components, the TF stacks,
  • 00:23:19
    remember Karin mentioned earlier about the components,
  • 00:23:21
    this is like those resources that share
  • 00:23:23
    the same life cycles.
  • 00:23:25
    And then there's the deployments, deployments that
  • 00:23:27
    TF deploy. This is where you're going to orchestrate
  • 00:23:29
    the actual telecom
  • 00:23:31
    deployments.
  • 00:23:32
    Of course, there's outputs providers, variables,
  • 00:23:34
    etcetera.
  • 00:23:36
    So first let's have a look at
  • 00:23:38
    our components.
  • 00:23:40
    Now, imagine we're gonna do
  • 00:23:42
    this a little bit more simpler. Um I don't
  • 00:23:44
    have my PC and stuff like that. I just have an
  • 00:23:46
    IM role. I've been tasked with
  • 00:23:48
    my team to kind of create a new
  • 00:23:51
    I AM role that will be deployed across multiple
  • 00:23:53
    accounts.
  • 00:23:54
    Well, so you know, that is real,
  • 00:23:56
    I'm not doing a video.
  • 00:23:58
    So as I mentioned earlier, we have this Im role,
  • 00:24:00
    right? So this I am role, I copy
  • 00:24:03
    paste from my other talk.
  • 00:24:04
    Now you start to see something similar main
  • 00:24:07
    outputs and etcetera.
  • 00:24:09
    So the IM roll itself is pretty much straightforward.
  • 00:24:11
    I just have two IM roll one for what I call
  • 00:24:13
    my security scanners.
  • 00:24:16
    And the second one is for my
  • 00:24:18
    pin scanners.
  • 00:24:19
    So imagine like I have maybe two S providers,
  • 00:24:22
    I'm going to use, I need to deploy those across multiple accounts.
  • 00:24:25
    We're not really gonna dwell into what is this
  • 00:24:27
    code is. But yeah, you see the main
  • 00:24:30
    outputs and my input variable
  • 00:24:33
    very straightforward. Yeah,
  • 00:24:35
    so really what I do in my components, I just
  • 00:24:38
    model that I want to use this I am role, I want
  • 00:24:40
    to deploy this
  • 00:24:41
    and then I start to providing the inputs.
  • 00:24:43
    As you can see on this line. In here,
  • 00:24:46
    the left side is the input variable
  • 00:24:48
    on the module.
  • 00:24:49
    And then on the right side
  • 00:24:51
    is the variables that I will declare
  • 00:24:54
    at the stack level. So imagine like
  • 00:24:56
    left side is what the actual variable
  • 00:24:58
    names in the module
  • 00:25:00
    and the right side, which is this part
  • 00:25:02
    in here, I mean
  • 00:25:03
    is what uh available
  • 00:25:06
    at the stack level.
  • 00:25:07
    So I specify my source,
  • 00:25:10
    my input and then I specify
  • 00:25:12
    my providers
  • 00:25:13
    because in my I am role, I'm using two providers.
  • 00:25:15
    I say I want to use the AWS in random.
  • 00:25:18
    So again, I'm specifying on the website,
  • 00:25:20
    this is the
  • 00:25:21
    AWS provider will be used inside of the
  • 00:25:23
    model.
  • 00:25:24
    And then on the right side, this is kind of new,
  • 00:25:26
    right? We say provider dot
  • 00:25:29
    aws dot configurations. So
  • 00:25:31
    let's take a deeper look into the provider
  • 00:25:33
    block in here to see that what is actually
  • 00:25:36
    we doing in here.
  • 00:25:38
    So on my provider dot kev
  • 00:25:41
    stack, you see again something that kind of familiar,
  • 00:25:43
    right? You specify the required
  • 00:25:45
    providers, etcetera, etcetera.
  • 00:25:48
    But then in here things start to get
  • 00:25:50
    a little bit more interesting
  • 00:25:52
    one. I have my provider block, but
  • 00:25:54
    then I can name it, I call this configuration
  • 00:25:57
    and then I have this new conflict block
  • 00:25:59
    with the number of regions or the region
  • 00:26:01
    I want to deploy to.
  • 00:26:02
    And then some of the stuff that you typically
  • 00:26:04
    see assume role with web identity
  • 00:26:07
    because I'm using SGP
  • 00:26:08
    terraform and in sep terraform, I can
  • 00:26:10
    assume a role so that I don't have to
  • 00:26:12
    hard code the credentials
  • 00:26:15
    with that. Also the default tax,
  • 00:26:17
    the pro provider
  • 00:26:19
    for the like a random and
  • 00:26:21
    the local, I'm not doing anything special
  • 00:26:23
    in here. So just keep it like that.
  • 00:26:25
    So
  • 00:26:27
    now the fun part,
  • 00:26:28
    how we model the deployment.
  • 00:26:31
    So this is very simple example,
  • 00:26:34
    I have two accounts, account one and account
  • 00:26:36
    two for the first account. I say,
  • 00:26:38
    all right, we're gonna deploy to this region.
  • 00:26:41
    So I specify the inputs, I'm going to deploy
  • 00:26:43
    to region us is one,
  • 00:26:45
    this is will be the input to the
  • 00:26:47
    provider block. As you remember in here,
  • 00:26:49
    I specify the region based on
  • 00:26:52
    the far region. So that's how it gets
  • 00:26:54
    to the input in here.
  • 00:26:57
    Same thing with like the royal arm because
  • 00:26:59
    I'm going to deploy this using existing I role
  • 00:27:01
    so that she can assume this role also
  • 00:27:04
    specify the account ID where the role
  • 00:27:06
    will recite.
  • 00:27:07
    And then more importantly, this is the two inputs
  • 00:27:10
    that we're gonna pass on to the models.
  • 00:27:12
    I specify the value of this input in here
  • 00:27:14
    as well. Now,
  • 00:27:16
    if I have two accounts,
  • 00:27:18
    what I can do is that I can
  • 00:27:19
    replicate that in the second accounts
  • 00:27:23
    in here. Remember, I don't have to copy, paste
  • 00:27:25
    that same modules and declare
  • 00:27:27
    it again, et cetera. I'm just saying like, hey,
  • 00:27:29
    based on the components that I have in here,
  • 00:27:32
    replicate this for the second region. For
  • 00:27:34
    the second accounts, I have the region
  • 00:27:36
    again, I have the role and all of the inputs.
  • 00:27:39
    So now I have two deployments
  • 00:27:41
    and if I want to, I think Kim already
  • 00:27:43
    mentioned about orchestration, like maybe you
  • 00:27:45
    are too lazy. You don't want to like review across
  • 00:27:48
    hundreds of accounts.
  • 00:27:49
    What you can do is that you can also
  • 00:27:51
    like I prefer the term optimized
  • 00:27:53
    workflow optimized. Yes, not lazy
  • 00:27:56
    optimizing. Exactly.
  • 00:27:57
    And what you can do is that you can set
  • 00:28:00
    up orchestration rules to say, hey,
  • 00:28:02
    let's approve our plan because I trust
  • 00:28:04
    you. And in this case, the conditions
  • 00:28:06
    say if the context of the operation
  • 00:28:08
    is planned,
  • 00:28:09
    we will also approve it.
  • 00:28:11
    I can also be more specific.
  • 00:28:14
    For example, I can say
  • 00:28:16
    if this is special account
  • 00:28:18
    that I know is maybe part of lower environments,
  • 00:28:21
    then I will also prove based on certain
  • 00:28:23
    contexts where in this
  • 00:28:25
    case, the context is that is
  • 00:28:27
    the plan and the deployment name
  • 00:28:29
    is account number one.
  • 00:28:32
    All right. So we see how
  • 00:28:34
    we model the component,
  • 00:28:37
    we see how the provider is being declared
  • 00:28:39
    in here
  • 00:28:40
    and we see what's the deployment looks like.
  • 00:28:43
    So let's now jump to the
  • 00:28:45
    telephone
  • 00:28:46
    and see how we actually going to
  • 00:28:49
    use it.
  • 00:28:50
    So I already pre log into my HEP,
  • 00:28:52
    I have my project Hep
  • 00:28:54
    Tefo in here and I have my project
  • 00:28:57
    called Rent 24
  • 00:29:00
    right? And then I'm
  • 00:29:02
    gonna go ahead and create a new stack.
  • 00:29:06
    So with stack, I'm connecting to a repository.
  • 00:29:09
    So connect to
  • 00:29:10
    github and I will
  • 00:29:12
    use my repo in here.
  • 00:29:15
    Uh We call that infra one. So
  • 00:29:17
    can help me use that.
  • 00:29:19
    I can choose whether I want to trigger this based
  • 00:29:22
    on tech or branch for. Now,
  • 00:29:24
    you're going to use the branch. I'm gonna use my
  • 00:29:26
    develop branch.
  • 00:29:28
    Go ahead and create the stack.
  • 00:29:34
    All right, I just create my stack. So what do you
  • 00:29:36
    see on the screen right? Now,
  • 00:29:37
    you see on the top
  • 00:29:39
    stack will start to fetch that
  • 00:29:41
    configurations from the repository.
  • 00:29:44
    And then underneath that this deployment
  • 00:29:46
    roll out in here, this is where we're gonna see
  • 00:29:48
    the actual deployments.
  • 00:29:50
    So now let's go ahead and try
  • 00:29:52
    to look at the configuration itself.
  • 00:29:57
    OK? So I'm
  • 00:29:59
    double clicking into the actual configurations.
  • 00:30:02
    Now, I can see. All right, this is the source
  • 00:30:04
    of my commit,
  • 00:30:05
    uh which I do a couple of hours ago
  • 00:30:07
    and then I'll see that two accounts,
  • 00:30:09
    remember we have in the code earlier,
  • 00:30:12
    account one and account two. Now that is showing
  • 00:30:14
    up in here as the deployments.
  • 00:30:16
    So the deployment name
  • 00:30:18
    in here is really pretty much
  • 00:30:20
    uh replica of this deployment
  • 00:30:23
    in here, account one and account two.
  • 00:30:27
    All right now looks like I have some actions
  • 00:30:29
    in here. Let's take a look
  • 00:30:31
    first on account one, I
  • 00:30:33
    can see that term from stack
  • 00:30:35
    as able to perform
  • 00:30:37
    the plan. Here's my inputs.
  • 00:30:39
    This input is again based on that
  • 00:30:41
    same deployment block that I declared
  • 00:30:43
    earlier. And here's the plan
  • 00:30:46
    output,
  • 00:30:47
    we not gonna really go too much into it, but
  • 00:30:49
    this is the output of the plan.
  • 00:30:51
    So I'm pretty much ok with this.
  • 00:30:54
    I want to go ahead
  • 00:30:55
    and I approve the plan.
  • 00:30:58
    Right. Right. So first one
  • 00:31:00
    is done, remember because I don't set the orchestration
  • 00:31:02
    rule. So it's still asking me for approving
  • 00:31:05
    the plan. Same thing with the second one, I can
  • 00:31:07
    go ahead and now I'm going to dip a little
  • 00:31:09
    bit deeper into the actual
  • 00:31:12
    uh deployments itself. So this
  • 00:31:14
    is for account number two,
  • 00:31:15
    again, similar inputs and
  • 00:31:18
    the plan,
  • 00:31:19
    I'm happy with this. I'm gonna go ahead and
  • 00:31:21
    approve the plan
  • 00:31:23
    here. I can also see the timeline like
  • 00:31:25
    when this configuration is fetched.
  • 00:31:28
    Um And then who is approving
  • 00:31:30
    this configuration as well? So from like single
  • 00:31:32
    panel glass, I can see all of that.
  • 00:31:36
    All right.
  • 00:31:37
    So
  • 00:31:39
    it's just an iron roll. So it's very fast. I can
  • 00:31:41
    see immediately in here, count one and count
  • 00:31:43
    two is showing up.
  • 00:31:45
    And if I go and look at this deployment
  • 00:31:47
    in here, I can see the first
  • 00:31:50
    telephone will do the plan finish with that,
  • 00:31:52
    apply the configurations and then
  • 00:31:54
    it will run another plan to ensure
  • 00:31:56
    that everything converts. There is no Dr and
  • 00:31:58
    etcetera and I can see that in
  • 00:32:00
    here as well.
  • 00:32:02
    Now, this is cool if
  • 00:32:04
    I have maybe one or two accounts,
  • 00:32:07
    I can model it like this.
  • 00:32:09
    But what if I have do end of accounts?
  • 00:32:11
    Right. Hundreds anyone in here
  • 00:32:14
    have maybe a couple of 100 accounts. Raise your hand
  • 00:32:16
    perhaps. Yep. I see a couple in the audience.
  • 00:32:18
    So now let's take a look at the second
  • 00:32:21
    model.
  • 00:32:22
    So suppose that I have
  • 00:32:24
    maybe a dozen of accounts
  • 00:32:26
    that I want to deploy
  • 00:32:28
    and I model it using AWS organization.
  • 00:32:31
    So it's based on the ou structures, organizational
  • 00:32:33
    units, right?
  • 00:32:36
    Um On my second demo,
  • 00:32:38
    everything looks the same, my components, nothing
  • 00:32:40
    changed is exactly the same copy. I'm still
  • 00:32:42
    using the same I roll and everything else.
  • 00:32:46
    My deployment
  • 00:32:47
    now things get a little bit more interesting. I can use
  • 00:32:49
    local. So I'm going to use local, specify
  • 00:32:51
    the regions and etcetera,
  • 00:32:53
    but also specifying like at this map
  • 00:32:55
    of ou for depth and productions
  • 00:32:58
    and then have like a list of accounts for each
  • 00:33:00
    of them. If I want,
  • 00:33:02
    I can actually push this to HP as
  • 00:33:04
    a variable sets and have that variable
  • 00:33:06
    set driven by like a data source
  • 00:33:09
    from AWS organizations
  • 00:33:11
    for simplicity. I'm just going to put it in the map
  • 00:33:13
    in here. So we don't have too many components to look
  • 00:33:15
    at. So
  • 00:33:17
    let's look at how I model my deployment.
  • 00:33:19
    This is what I really like about stack is
  • 00:33:21
    the flexibility
  • 00:33:23
    here. I say my input is the region
  • 00:33:26
    and then I have
  • 00:33:28
    several accounts is a list
  • 00:33:30
    that I derive from this local
  • 00:33:33
    ou de. If you look at in here,
  • 00:33:35
    this is the O DEV and the list of
  • 00:33:37
    the accounts,
  • 00:33:40
    the rest looks very much the same. But how
  • 00:33:42
    we actually using these accounts, let's
  • 00:33:45
    take a look at our providers.
  • 00:33:48
    So
  • 00:33:49
    what's really cool with that is that I can
  • 00:33:51
    now start to use more expression
  • 00:33:53
    in my provider.
  • 00:33:55
    So what I do in here, I use four loops each.
  • 00:33:59
    So for that list of the accounts
  • 00:34:02
    pass from the deployment, right?
  • 00:34:04
    For the o for example,
  • 00:34:06
    I'm looping the provider
  • 00:34:08
    and then I specify the region.
  • 00:34:10
    And that allows me to have like a more expressive
  • 00:34:13
    way to specify the role on. Essentially
  • 00:34:16
    if I want, I can maybe double click on this and
  • 00:34:18
    say like it's not only a single
  • 00:34:20
    list but maybe a complex map where
  • 00:34:22
    I have like four
  • 00:34:23
    for the accounts and then also
  • 00:34:26
    for the region for example.
  • 00:34:27
    But for simplicity, I just keep it as is like
  • 00:34:29
    this. Now, let's
  • 00:34:32
    take a look again how this works inside
  • 00:34:34
    of the stack.
  • 00:34:36
    So for that, actually, I already uh
  • 00:34:39
    configured the Infra two in here.
  • 00:34:42
    I don't have any deployment I can see on the
  • 00:34:44
    bottom still empty.
  • 00:34:46
    Let's go ahead and fetch it.
  • 00:34:51
    All right. Gonna take a couple of seconds for it to
  • 00:34:53
    fetch
  • 00:34:57
    and here we go. So gonna
  • 00:34:59
    go ahead and look at the configurations.
  • 00:35:05
    Yeah, wi a little bit slow. But um they should
  • 00:35:07
    show up
  • 00:35:10
    right
  • 00:35:11
    now stacks that to pull those
  • 00:35:13
    same configurations
  • 00:35:15
    that you see earlier in the screen.
  • 00:35:17
    And now my deployment is obstructed
  • 00:35:20
    at the O level. So I have like a DEA
  • 00:35:22
    ou and production ou. So
  • 00:35:24
    earlier, you see like a hyper con one account two and etcetera.
  • 00:35:27
    Why? Because I'm an impro guy, the way
  • 00:35:29
    I'm looking at the consistency of my deployment
  • 00:35:31
    is based on certain ou like what's in the
  • 00:35:33
    DEV, what's in the product, for example.
  • 00:35:36
    So if I look at my deaf or you,
  • 00:35:40
    like, first I have the same inputs,
  • 00:35:42
    like say all of these accounts, I want
  • 00:35:44
    to go through and then what's the
  • 00:35:46
    value for that? Because for de
  • 00:35:48
    the fin up scanner is not running,
  • 00:35:50
    but the security scandal still runs.
  • 00:35:53
    And what I can see in here is that stack will automatically
  • 00:35:56
    using that for each to render
  • 00:35:59
    the deployment of my IM role across
  • 00:36:01
    multiple target accounts. So I can
  • 00:36:03
    see this is for account number one,
  • 00:36:05
    the second account
  • 00:36:07
    and the third one,
  • 00:36:09
    I'm happy with that. I go ahead and approve the plan
  • 00:36:12
    and stock will automatically go
  • 00:36:14
    and then start deploying across those accounts
  • 00:36:17
    can do the same for the second one. So I want to just go ahead
  • 00:36:19
    and again, you see a different list
  • 00:36:21
    because I have a different list for my o depth
  • 00:36:23
    and productions. Again, I'm gonna go ahead
  • 00:36:26
    and profit.
  • 00:36:29
    All right. So with that, that allows me
  • 00:36:31
    to really model my deployment for
  • 00:36:33
    multi account, multi regions in the infrastructure
  • 00:36:36
    platform by using a single,
  • 00:36:38
    like a components and just like a two
  • 00:36:40
    deployment script.
  • 00:36:42
    Now, the last thing I want to do for the
  • 00:36:44
    demo, I think we are a little bit short on time.
  • 00:36:46
    So try to keep this one
  • 00:36:48
    fast is that second
  • 00:36:51
    model that
  • 00:36:53
    mentions the coon
  • 00:36:54
    applications.
  • 00:36:56
    So how we do that? Right? First,
  • 00:36:58
    we have a couple of components like the PC
  • 00:37:00
    components. Of course, you have to have the network
  • 00:37:03
    and then you have your
  • 00:37:04
    S component here. So hopefully, by now you start
  • 00:37:06
    to get familiar with how this works.
  • 00:37:08
    Um I want to do it multi
  • 00:37:11
    region so I can actually do for
  • 00:37:13
    each in the component as well. Again,
  • 00:37:15
    this is really where the flexibility of
  • 00:37:17
    se that you typically do
  • 00:37:19
    really surfacing again inside of the components
  • 00:37:22
    deployments and also on the providers.
  • 00:37:25
    So, but just this one
  • 00:37:27
    single line in here are basically telling the
  • 00:37:29
    stacks and the component, this component
  • 00:37:31
    in here actually gonna span across multiple regions.
  • 00:37:35
    And then I specify the inputs such as
  • 00:37:37
    PP C and etc.
  • 00:37:40
    What's really interesting in here if you pay attention
  • 00:37:43
    to this part,
  • 00:37:45
    this component is actually taking dependency
  • 00:37:47
    from the PC earlier. So
  • 00:37:49
    this PC has to be created first
  • 00:37:52
    and then the
  • 00:37:52
    S will take the dependency of PC
  • 00:37:55
    from the PC components.
  • 00:37:57
    And same thing with my say
  • 00:37:59
    cit resources like our,
  • 00:38:00
    it's gonna take the
  • 00:38:02
    S component first followed by the
  • 00:38:04
    add on and etcetera.
  • 00:38:06
    So you can see in here like we are building a dependency
  • 00:38:08
    within the components as well. And we'll see
  • 00:38:11
    how terraform stack will actually
  • 00:38:13
    map mapping those dependency.
  • 00:38:17
    We're not going to go and look into each of these sub
  • 00:38:19
    module. But really this is like your regular
  • 00:38:22
    PC models, your ES
  • 00:38:24
    and etcetera. Nothing really special in
  • 00:38:26
    here. A me
  • 00:38:29
    as you probably know, deploying a CS cluster,
  • 00:38:31
    take 20 minutes. I'm not going to
  • 00:38:33
    wait and have you sitting in here waiting for
  • 00:38:35
    me for that. So we
  • 00:38:37
    are like a little bit cheap um
  • 00:38:39
    so far.
  • 00:38:40
    So I just push that configuration, I take
  • 00:38:43
    this recording to kind of just speed
  • 00:38:45
    up, right? You can see in here that
  • 00:38:47
    I have two deployment for development
  • 00:38:49
    and product.
  • 00:38:50
    My depth is already done a couple
  • 00:38:52
    couple of hours ago. So I'm not going to see any
  • 00:38:55
    changes in here, but for the productions,
  • 00:38:57
    I can see that there is this a new plan
  • 00:38:59
    that's coming up.
  • 00:39:01
    So let's take a look at this plan value
  • 00:39:03
    and see what's the result.
  • 00:39:06
    Now you can see in here like ST start to
  • 00:39:08
    model the components first, the
  • 00:39:10
    VPC and the
  • 00:39:11
    EKS. Not only that you can see like
  • 00:39:13
    you are able to actually do full plan
  • 00:39:16
    for the S and also the VPC.
  • 00:39:19
    But there are other components such as the community
  • 00:39:22
    resources that still called divert.
  • 00:39:24
    Notice this in here, there's a line called divert.
  • 00:39:27
    And that's because again, if you remember
  • 00:39:30
    all of those components, a lot of this value
  • 00:39:32
    is still unknown at the time, the
  • 00:39:34
    telephone running it.
  • 00:39:36
    So
  • 00:39:37
    te from stack is smart enough to say we're gonna
  • 00:39:39
    wait and still the other resources
  • 00:39:41
    is fully deployed. And then we run
  • 00:39:43
    again, the plan automatically, you don't have to do
  • 00:39:45
    anything, you can grab a coffee or something. And
  • 00:39:48
    after that, it will come back to you and say, hey,
  • 00:39:50
    well, I see all of this is all taste. All the
  • 00:39:52
    full dependency are you to
  • 00:39:54
    go ahead and that.
  • 00:39:55
    So I'm gonna hit a probe in
  • 00:39:57
    here. That's just to build the first part
  • 00:39:59
    of the component, the P PC and the cluster
  • 00:40:02
    again, we're gonna speed up this recording in
  • 00:40:04
    here. Um
  • 00:40:05
    You're gonna see that the P PC resources
  • 00:40:08
    will be created magically.
  • 00:40:10
    And then after that,
  • 00:40:11
    there we go, that's the P PC part right
  • 00:40:14
    after P PC is done, the EKS cluster
  • 00:40:16
    can be a planned and uh approved
  • 00:40:19
    as well without any additional dependency
  • 00:40:21
    from you.
  • 00:40:22
    So you can see in here telephone stack, go ahead
  • 00:40:24
    and start creating the ECs cluster
  • 00:40:28
    following that. Um
  • 00:40:30
    After the cluster completed this again, takes
  • 00:40:32
    maybe 1015 minutes, we're going to
  • 00:40:34
    fast forward this recording. And
  • 00:40:36
    magically you will see the S cluster is done
  • 00:40:39
    then the other components such as the communities
  • 00:40:42
    cluster now can be fully planned.
  • 00:40:44
    Now, what the chart from stack
  • 00:40:46
    will do for you is that it gives you another
  • 00:40:48
    converged plan. So I can click in here.
  • 00:40:51
    Now, I can see the full plan because
  • 00:40:54
    I have my detail of my PC, I have
  • 00:40:56
    detail of my S clusters and everything else.
  • 00:40:58
    So if I go and click deeper into,
  • 00:41:00
    for example, other components
  • 00:41:02
    outside of the cluster, and you can see in here
  • 00:41:05
    for my coin,
  • 00:41:06
    I can see the actual full plan output.
  • 00:41:09
    What's this resources
  • 00:41:11
    will do? And
  • 00:41:14
    if I'm feeling good with this because this is production,
  • 00:41:16
    I really wanna making sure I look at all
  • 00:41:19
    of this plan review and then approve
  • 00:41:21
    it right
  • 00:41:23
    by doing that. Now, I can start to complete
  • 00:41:25
    the deployments. And I can see in here
  • 00:41:28
    all of the history of the
  • 00:41:30
    uh the changes.
  • 00:41:32
    And after this is completed,
  • 00:41:35
    later on, ST will also do additional
  • 00:41:37
    convergence in order to
  • 00:41:39
    ensure like everything
  • 00:41:42
    done correctly. So there is no drip and
  • 00:41:44
    et cetera.
  • 00:41:45
    So the final thing after all of these resources
  • 00:41:48
    is completed,
  • 00:41:49
    they will see that the staff will
  • 00:41:51
    do the final plan just to give
  • 00:41:53
    you an idea about the final
  • 00:41:55
    result of it,
  • 00:41:58
    right? So you see here, say, all right, we're done,
  • 00:42:00
    we apply successfully. Let's look
  • 00:42:02
    at the plan 1.3 which is
  • 00:42:04
    like a final convergence. Let's just do
  • 00:42:06
    a final drift, making sure nothing is breaking.
  • 00:42:09
    There's no new resources get introduced,
  • 00:42:11
    there's no drift and etcetera.
  • 00:42:15
    All right. And then you will see
  • 00:42:17
    very shortly in here
  • 00:42:20
    that after that's completed um
  • 00:42:22
    that's gonna conclude uh part of my demo.
  • 00:42:26
    OK?
  • 00:42:28
    I'm gonna cut this just to save some time.
  • 00:42:31
    Um
  • 00:42:32
    Let's move back to the presentation.
  • 00:42:38
    All right,
  • 00:42:39
    let's do a quick recap.
  • 00:42:42
    So apart from
  • 00:42:44
    a little bit issue early in the beginning,
  • 00:42:46
    what do you see?
  • 00:42:48
    So you see in here that is
  • 00:42:50
    very powerful in a way
  • 00:42:52
    for you to represent the deployment
  • 00:42:55
    in the declarative way.
  • 00:42:57
    For example, you can see that you
  • 00:42:59
    don't need to repeat those infrastructures for
  • 00:43:01
    like a platform resources, right?
  • 00:43:04
    I can declare it once and then I can have
  • 00:43:06
    multiple of these stacks at scale
  • 00:43:08
    from like one or two dozen
  • 00:43:11
    and 10 to hundreds and etcetera.
  • 00:43:14
    But beyond that,
  • 00:43:16
    Kim, I think you also see something very
  • 00:43:18
    interesting in here, right?
  • 00:43:20
    There's a couple of interesting things that you get
  • 00:43:22
    to see if we can briefly go back to the previous
  • 00:43:24
    slide. There's one thing that's worth pointing out
  • 00:43:26
    to add to what you said earlier.
  • 00:43:28
    We predefined four account studies,
  • 00:43:30
    right, hard coded in their not
  • 00:43:32
    dynamic
  • 00:43:34
    works for a demo, but it's probably not
  • 00:43:36
    gonna be what you have in production.
  • 00:43:39
    As I mentioned, you can pull those
  • 00:43:41
    details from a variable set which you
  • 00:43:43
    can fill with terraform.
  • 00:43:45
    So you can use the Terraform enterprise provider for
  • 00:43:47
    HTP Terraform
  • 00:43:48
    populate your variable sets with the
  • 00:43:50
    output of a data source. So you could take,
  • 00:43:53
    for example, as we talked about earlier, all the AWS
  • 00:43:55
    regions get a dynamic list of
  • 00:43:57
    that or retrieve
  • 00:43:59
    availability zones
  • 00:44:01
    or account I DS, anything
  • 00:44:03
    that you really need,
  • 00:44:04
    that you need to be reliable and that probably
  • 00:44:07
    should not be done by human copy, pasting
  • 00:44:09
    things from left to right.
  • 00:44:11
    You can just fill up, fill in dynamically
  • 00:44:15
    and that is a waterfront
  • 00:44:17
    if we go to the next slide. Thank you.
  • 00:44:21
    That's gonna be easier.
  • 00:44:23
    So we've got a stack.
  • 00:44:25
    We've orchestrated the deployment of our EKS cluster.
  • 00:44:28
    Each cluster is networking. Each cluster is
  • 00:44:30
    all the add ons all the configurations and everything
  • 00:44:32
    in there altogether.
  • 00:44:34
    This is 18 components in total across
  • 00:44:36
    three environments
  • 00:44:38
    that we map to de fraud,
  • 00:44:40
    disaster recovery.
  • 00:44:43
    But really
  • 00:44:44
    the reason we map it 23 is because
  • 00:44:46
    that's the screen is safe we have and it could be way
  • 00:44:48
    way more
  • 00:44:50
    uh which really brings us to the last part
  • 00:44:53
    of our presentation
  • 00:44:56
    care from stacks, gives you a lot
  • 00:44:59
    of operational efficiency gains.
  • 00:45:01
    Biggest thing I think
  • 00:45:03
    the biggest core tenant I see
  • 00:45:05
    is the scalability.
  • 00:45:08
    We do all of this with a few lines
  • 00:45:10
    of code.
  • 00:45:11
    It's a super set to the modules you already have.
  • 00:45:14
    If you know how to write terraform, you know how to write
  • 00:45:16
    a stack configuration.
  • 00:45:19
    It's,
  • 00:45:19
    it's really that simple.
  • 00:45:21
    It's actually harder for us to connect to a screen
  • 00:45:24
    than to write a new Stax
  • 00:45:26
    configuration
  • 00:45:27
    as you can see from the live demo, which I want
  • 00:45:29
    to point out actually worked. Um and
  • 00:45:32
    the only part we skipped through was the things that
  • 00:45:34
    take longer
  • 00:45:36
    operational efficiency is important, right?
  • 00:45:39
    We don't want to spend
  • 00:45:41
    time debugging because debugging takes
  • 00:45:43
    way too much time. It's error prone. And
  • 00:45:46
    if we didn't figure out the first time, it's going to take
  • 00:45:48
    us longer the second time.
  • 00:45:52
    So scalability
  • 00:45:55
    and the ability to just spin up
  • 00:45:57
    new regions,
  • 00:45:59
    be that a
  • 00:46:00
    full region, be that parts
  • 00:46:02
    of a region, be that an actual
  • 00:46:05
    new partition?
  • 00:46:06
    These are these are important and
  • 00:46:09
    the conflict structures around that in in
  • 00:46:11
    tele fromm sacks allow you to very rapidly
  • 00:46:13
    do that uh and repeat
  • 00:46:16
    your infrastructure without repeating your code
  • 00:46:19
    improved visibility. This is
  • 00:46:21
    one that I really care about. This goes beautifully
  • 00:46:23
    with the HP terraform explorer
  • 00:46:26
    just being able to see what your
  • 00:46:28
    terraform infrastructure and landscape and
  • 00:46:30
    and you know, cloud real estate really
  • 00:46:32
    is doing.
  • 00:46:34
    Are you using outdated modules? Are you using
  • 00:46:36
    outdated providers? How do you deal
  • 00:46:38
    with that kind of drift?
  • 00:46:40
    What gets a lot easier when everything is orchestrated
  • 00:46:42
    in this way you saw? Well, you define a
  • 00:46:44
    couple of different providers. So we know,
  • 00:46:47
    for example, um the base
  • 00:46:49
    version of all the AWS stuff is gonna be 5.7
  • 00:46:52
    for the provider.
  • 00:46:53
    And that's incredibly important because
  • 00:46:56
    that predictability lowers
  • 00:46:58
    the maintenance burden.
  • 00:47:00
    Then of course, consolidation
  • 00:47:03
    the F changes allow us
  • 00:47:05
    to work with configuration in a more streamlined
  • 00:47:07
    way no longer
  • 00:47:09
    need to wait for everything to work out
  • 00:47:12
    and you can make events, make changes based
  • 00:47:14
    on events
  • 00:47:17
    and that's nice. I like those orchestration rules.
  • 00:47:19
    The other thing I want to point out as well, like I think
  • 00:47:21
    I mentioned earlier is that you have a single
  • 00:47:24
    pane of glass of the entire deployments.
  • 00:47:27
    You're not looking at different workspaces,
  • 00:47:29
    different pipelines and et cetera, everything
  • 00:47:32
    is actually abstracted into one single
  • 00:47:34
    user interface within the stacks
  • 00:47:36
    itself. So there everybody
  • 00:47:38
    in the team has the full feasibility like
  • 00:47:41
    we are deploying to multiple or use multiple
  • 00:47:43
    regions and et cetera.
  • 00:47:45
    And it's so easy for you to just adding
  • 00:47:47
    a new regions or new accounts
  • 00:47:49
    without having to like duplicate a lot of codes
  • 00:47:51
    which is can be also very error
  • 00:47:54
    prone by itself.
  • 00:47:56
    If you remember at the beginning, we asked who here
  • 00:47:58
    built custom tooling and we have built a couple of shell
  • 00:48:00
    scripts, all
  • 00:48:02
    those approaches are valid, right? It's, it's
  • 00:48:04
    never about the technology because we always
  • 00:48:06
    had the technology to do multi-account,
  • 00:48:09
    multi region deployments,
  • 00:48:11
    care from sex, just streamlines it and makes it a lot
  • 00:48:13
    easier
  • 00:48:15
    putting you in a position where you don't need to maintain
  • 00:48:17
    that tooling, which I think is important
  • 00:48:19
    because ultimately,
  • 00:48:21
    when you think about modern applications,
  • 00:48:23
    you know, standard application has between
  • 00:48:25
    30 100 secrets,
  • 00:48:28
    you need to deal with different
  • 00:48:30
    uh legal concerns. GDPR
  • 00:48:32
    in Europe in is two,
  • 00:48:35
    all the stuff that you have uh going on here
  • 00:48:37
    and all the beautiful acronyms that take
  • 00:48:39
    you away from having fun stuff,
  • 00:48:41
    you know, like actually experimenting
  • 00:48:43
    uh with the infrastructure.
  • 00:48:46
    Getting that overview and getting all of
  • 00:48:48
    this locked in
  • 00:48:49
    is very nice. So I definitely
  • 00:48:51
    encourage you to, to think about this
  • 00:48:54
    a little more
  • 00:48:55
    and I think we didn't talk about it here, but
  • 00:48:58
    at hashi com a couple of months ago, we announced
  • 00:49:00
    a change requests
  • 00:49:02
    for your workspaces. So
  • 00:49:04
    when you're doing large deployments, you see
  • 00:49:07
    somebody using older providers,
  • 00:49:09
    you could go in and fix that, but that puts
  • 00:49:11
    the maintenance burden on you,
  • 00:49:14
    make sure that team knows that they need
  • 00:49:16
    to fix it.
  • 00:49:17
    And now you're sharing that burden,
  • 00:49:19
    you're both investing in making your infrastructure
  • 00:49:22
    much better and, and
  • 00:49:25
    more reliable and more
  • 00:49:27
    joyful to maintain. I almost
  • 00:49:29
    want to say.
  • 00:49:30
    So I know like everything you saw
  • 00:49:32
    earlier today is part of the
  • 00:49:35
    terra form stacks that's also available
  • 00:49:37
    in uh HEP cloud platform
  • 00:49:39
    or HCPK. Why don't you talk
  • 00:49:41
    a little bit about what is Hep?
  • 00:49:43
    So HCP is, is really
  • 00:49:46
    a streamlined way to get all
  • 00:49:48
    your infrastructure needs solved.
  • 00:49:50
    Uh Obviously, that's a marketing
  • 00:49:52
    approach. But if you think about it from the left
  • 00:49:54
    to the right side,
  • 00:49:56
    infrastructure is code to deploy your
  • 00:49:58
    resources to configure your servers to
  • 00:50:00
    do everything around that
  • 00:50:02
    bring in Packer. So when you boot
  • 00:50:04
    up your two instances and your
  • 00:50:06
    EKS instances, your A I already
  • 00:50:08
    have the right agents and configurations
  • 00:50:11
    pre installed.
  • 00:50:13
    Uh Way point. Of course, we talk
  • 00:50:15
    a lot about platform engineering. We talk
  • 00:50:17
    a lot about building really, really
  • 00:50:19
    cool stuff.
  • 00:50:21
    But we also know when you're building anything
  • 00:50:23
    that has a word cluster in it, there's gonna be
  • 00:50:25
    50 100 maybe 200 configuration
  • 00:50:28
    options.
  • 00:50:29
    Many of us understand that but not
  • 00:50:31
    everyone in our organization does.
  • 00:50:33
    With way point, we can expose ways
  • 00:50:36
    that have
  • 00:50:37
    way less knobs and way less levers
  • 00:50:40
    to fill in when you use a module like that,
  • 00:50:42
    making it drastically easier for somebody
  • 00:50:44
    to consume your work
  • 00:50:47
    in a much more sensible way.
  • 00:50:49
    And then of course,
  • 00:50:50
    if you don't want to deploy
  • 00:50:52
    s you need to run workloads that are not
  • 00:50:54
    containerized, you need to run stuff
  • 00:50:56
    in different ways. Think job
  • 00:50:59
    application legacy. If
  • 00:51:01
    um if you're lucky to work for one of the financial
  • 00:51:03
    institutions that still use FORTRAN,
  • 00:51:06
    uh congrats on job security
  • 00:51:08
    nomad would probably
  • 00:51:11
    be a good solution for that because
  • 00:51:13
    containerizing a FORTRAN application is not
  • 00:51:16
    what you want to be spending your time on.
  • 00:51:18
    We know this because we had a colleague, try out
  • 00:51:22
    rest in peace.
  • 00:51:25
    He's now a sheep farmer
  • 00:51:26
    anyway, uh
  • 00:51:27
    moving on. So um
  • 00:51:29
    our infrastructure portfolio
  • 00:51:32
    really
  • 00:51:33
    really helps you with the whole life cycle,
  • 00:51:35
    but it's not the whole part, of course, is also
  • 00:51:38
    a large security component.
  • 00:51:39
    So as you build your deployments, think
  • 00:51:42
    about how you get secrets into things.
  • 00:51:44
    Think about your secrets management, your certificate
  • 00:51:46
    management
  • 00:51:48
    vault, I think is a really great approach
  • 00:51:50
    for that, especially when you pair it with
  • 00:51:52
    stacks and get things and secrets
  • 00:51:54
    in and credentials in at the
  • 00:51:56
    last possible minute with the
  • 00:51:58
    strongest limitations that you can define.
  • 00:52:04
    But all of this is really a journey.
  • 00:52:06
    Uh We've been around for 10 plus years.
  • 00:52:08
    We've seen our customers go through these journeys.
  • 00:52:11
    It's, it's not something that happens overnight, right?
  • 00:52:13
    Even if you pick up stacks right now, it's not
  • 00:52:15
    a silver bullet, it's not gonna solve all your problems
  • 00:52:19
    in six lines of code because you will have
  • 00:52:21
    to think more about your infrastructure.
  • 00:52:24
    So it will be a journey for you too.
  • 00:52:26
    But that's OK.
  • 00:52:27
    You don't have to do it alone. We've got
  • 00:52:30
    ideas, tutorials, blueprints
  • 00:52:32
    everything around this on our website,
  • 00:52:34
    on developer dot Has co.com
  • 00:52:36
    that you can download and see what we've
  • 00:52:39
    learned over a year. So you don't have to learn
  • 00:52:41
    it the painful way.
  • 00:52:44
    Then when you get to the standardizing phase,
  • 00:52:46
    you're enabling yourself to get more into
  • 00:52:48
    the whole platform engineering aspect,
  • 00:52:50
    you're enabling your teams to consume
  • 00:52:53
    your work.
  • 00:52:55
    And I think that
  • 00:52:56
    that's where the fun starts
  • 00:52:58
    because ultimately you get to the scaling part, right?
  • 00:53:01
    Doing a single stack across
  • 00:53:03
    a couple of regions, very cool. Doing a single
  • 00:53:05
    stack across a couple of regions
  • 00:53:07
    with a couple of environments also cool.
  • 00:53:10
    But if we're talking less than 100. Yeah. Come
  • 00:53:12
    on, rookie numbers. Right. Let's go big.
  • 00:53:16
    Let's add a couple of 100 accounts. I saw somebody
  • 00:53:18
    raise their hand for a couple of 100
  • 00:53:20
    accounts. I'm so sorry.
  • 00:53:22
    This is
  • 00:53:23
    an overhead that is gonna be
  • 00:53:25
    hard to work with,
  • 00:53:27
    but it's not impossible if you can
  • 00:53:29
    trust that your code is actually
  • 00:53:32
    the same across all of these.
  • 00:53:34
    And, um,
  • 00:53:35
    well,
  • 00:53:36
    I'm just glad we have uh some tools that work
  • 00:53:39
    with that and work for
  • 00:53:41
    us in that set up,
  • 00:53:45
    which really brings us to our last
  • 00:53:47
    slide. No,
  • 00:53:49
    one more.
  • 00:53:50
    I think,
  • 00:53:51
    I think we have one more slide. Yep. There
  • 00:53:54
    we go. Everything
  • 00:53:57
    that Wally showed you today is actually
  • 00:53:59
    available on github.
  • 00:54:02
    I saw some people take pictures of the code
  • 00:54:04
    that's OK. You don't have to retype it unless
  • 00:54:07
    you really want to.
  • 00:54:08
    It is certainly educational, but you can also just
  • 00:54:10
    uh clone
  • 00:54:11
    the repulsor we have online, has
  • 00:54:13
    all the code in there, it will deploy it for. You
  • 00:54:16
    should probably mention that these resources
  • 00:54:18
    are not free. So if you run it
  • 00:54:20
    in your Aws in your personal AW S account
  • 00:54:23
    that's on you. But at least learning
  • 00:54:26
    is something you can do. At that point,
  • 00:54:29
    we also have like a lot of documentations, a lot
  • 00:54:31
    of this concept that we just introduced to you.
  • 00:54:33
    I know there's a lot of components, deployments,
  • 00:54:36
    the new provider block and et cetera, go
  • 00:54:38
    and check out the documentations to really kind of
  • 00:54:40
    learn more about this and you will soon realize
  • 00:54:42
    like it's really just
  • 00:54:45
    a abstraction layer. You don't have to change the
  • 00:54:47
    way you modify and use your the
  • 00:54:49
    modules today.
  • 00:54:50
    There's also additional tutorials that you can
  • 00:54:52
    take a look in here. So I highly
  • 00:54:54
    encourage you to look at it as well.
  • 00:54:56
    Of course, has Corp team will be in the booth
  • 00:54:59
    if you have any questions hit us on there.
  • 00:55:01
    Um Don't also forget to
  • 00:55:03
    fill in the survey. Um I think
  • 00:55:06
    that conclude the end of the presentations
  • 00:55:08
    again. Really say I want to say really thank
  • 00:55:10
    you so much for staying with us. We're
  • 00:55:13
    gonna be sticking around for a couple more minutes. If you
  • 00:55:15
    address any questions after that, we're gonna be in the hallway,
  • 00:55:17
    Karim. Anything else you want to say? I just want
  • 00:55:19
    to say thank you to the producers for getting
  • 00:55:22
    our technical issues fixed
  • 00:55:23
    as you can see multi-account multi
  • 00:55:25
    region is much easier than
  • 00:55:27
    actually figuring out how to do slides correctly.
  • 00:55:29
    So, thank you.
  • 00:55:31
    All right. Thank you so much. F.
Etiquetas
  • Terraform
  • AWS
  • Multi-region applications
  • Infrastructure as Code
  • Orchestration
  • DevOps
  • Automation
  • HashiCorp
  • Scalability
  • Deployment