00:00:00
Good morning. Good morning.
00:00:02
I still see some people settle in in the
00:00:04
back, but I think we can get started.
00:00:08
Here we go. So welcome. Today,
00:00:11
today's stations is above
00:00:14
building will con multi
00:00:16
region application with telecom stacks
00:00:19
before we get started with some introductions. Let's
00:00:21
kind of warm up the room and we have couple
00:00:24
kind of survey question for you.
00:00:27
Uh Great. You might want to ask this first questions.
00:00:29
This is gonna be really hard because we are gonna need you to show
00:00:32
your hands if you've ever built custom
00:00:34
tooling to manage dependencies
00:00:36
across different environments, be that,
00:00:38
you know, production, staging development,
00:00:40
be that multiple regions, multiple
00:00:43
Aws partitions?
00:00:44
If you've done that, raise your hand shell
00:00:46
scripts count, make files count. All right.
00:00:49
If you wrote your own binaries for that, I love
00:00:51
you, but I'm so sorry.
00:00:54
All right.
00:00:55
Let's do another question. This is a question
00:00:58
I like. If you
00:01:00
consider yourself like platform engineers,
00:01:02
you deploy infrastructures multiple
00:01:04
times across multiple accounts, multiple
00:01:07
regions.
00:01:08
Anyone doing that today?
00:01:09
Yeah. Awesome.
00:01:11
My team, my people.
00:01:13
Um and have you ever heard concepts
00:01:15
such as dry? Do not repeat yourself?
00:01:18
Yeah. And also kind of struggle. How
00:01:20
do I actually, I do that
00:01:23
and looks like we have a healthy
00:01:25
amount of right hand on both sides,
00:01:27
which mean you are on the right sections. I'm
00:01:30
going to introduce myself. Now, my name is
00:01:32
Well, I'm a principal partner, solution architect
00:01:35
at Aws. And here today I'm joined with
00:01:37
my distinguished colleagues, Kim.
00:01:39
My name is Kim. I'm a senior developer advocate at
00:01:41
Hay Corp. We're focused on infrastructure and orchestration,
00:01:43
tooling. So tools like terraform Packer
00:01:45
and Nomad.
00:01:47
So, so we have jam pack again
00:01:49
the day. Um You rest your hands.
00:01:52
So you know what you potentially gonna
00:01:54
learn today
00:01:55
and in case you didn't really raise your
00:01:57
hand on boats, stay tuned because there's a couple
00:01:59
of things that you might learn today as well.
00:02:01
So today we're gonna discuss what are the
00:02:03
use cases for multi environment, multi
00:02:06
econs, multiple regions and et cetera,
00:02:08
gonna also talk about the challenges that
00:02:10
happened with that model.
00:02:12
And then we're gonna talk a little bit about what
00:02:14
is start from stacks
00:02:15
and follow with that. We have a cool demo
00:02:18
and we're gonna wrap up with a couple
00:02:20
more conclusions.
00:02:22
So with that,
00:02:23
um first, I wanna
00:02:25
talk a little bit more about the
00:02:27
use cases. Some of you might
00:02:30
already very familiar with this, but for some,
00:02:32
this is maybe completely new. So stay
00:02:34
tuned, you might hear and learn about a couple of
00:02:36
things.
00:02:38
So when we talk about multi
00:02:39
environments. Actually, there's two types of use
00:02:42
cases. Typically.
00:02:43
The first one is the one I like platform infrastructures.
00:02:46
You deploy some resources typically
00:02:48
like networking layer security
00:02:50
permissions, im roles and etcetera.
00:02:53
And in here, you're really kind of doing it as
00:02:56
consistently across multiple environments
00:02:59
across multiple workloads.
00:03:01
And when you talk about this group,
00:03:03
really one of the key
00:03:07
items that they really care about is this
00:03:09
concept of drive, do not repeat yourself
00:03:11
how you ensure like you're not copy, pasting the same
00:03:13
code over and over and over again.
00:03:16
The second thing really important for these types
00:03:19
of group is that the consistency
00:03:21
because you are really thinking about dealing with
00:03:23
10 hundreds or maybe thousands
00:03:26
of accounts and how you ensure that you have
00:03:28
that consistency because you cannot really
00:03:30
go to each of the accounts that inspect everything.
00:03:34
How are we doing it today? Typically, you have this
00:03:36
potential model like you
00:03:39
see in the screens where you try to
00:03:41
decouple your
00:03:42
configurations, issuing models
00:03:45
and then you have your main deployments of your
00:03:47
root configurations, multiple accounts
00:03:50
and then you have a pipeline that then handles
00:03:53
the deployments across multiple
00:03:55
environments.
00:03:56
Now, a couple of things in here
00:03:59
that I think is key to the challenge
00:04:01
for this group stage management. You
00:04:03
have to deal with that as part of the
00:04:05
orchestration itself.
00:04:07
And the second part is the actual workflow
00:04:09
navigating through the directories ensuring
00:04:12
like the right account has the right variables
00:04:14
and et cetera.
00:04:15
So this is the first types
00:04:17
of the use cases and some of those challenges
00:04:19
that we see today.
00:04:21
How are we solving this today? Um
00:04:23
Aws has a solution called Account Factory for Terra,
00:04:26
which allows you to build a pipeline,
00:04:28
but it's not really something that
00:04:30
um easy to use per se
00:04:33
or you can also use Ginger templates and et cetera,
00:04:35
you name it, there's some solution out there.
00:04:39
When you look at the second workload,
00:04:41
I think a lot of you may have seen something like this as
00:04:43
well. When we say about real applications,
00:04:46
application today can span across
00:04:49
this blurry line between what is called infrastructure
00:04:51
and what's called applications. For example,
00:04:54
you might have a community
00:04:55
clusters that's running your community
00:04:57
workload.
00:04:59
Now
00:05:00
at high level, everything looks straightforward for these types
00:05:02
of workload. But really let's take a look.
00:05:05
Um
00:05:06
Typically you have something like this, you have your PC
00:05:08
as your networking layers
00:05:10
and then you have your cluster.
00:05:12
The cluster also includes an add on.
00:05:14
Now, if we zoom in on this box,
00:05:17
what you will see is that first you
00:05:19
have the cluster that you have to create
00:05:21
and then after that, you have to create the actual
00:05:24
service and add ons.
00:05:26
Now, if you're familiar with how telephone
00:05:28
works, you run telephone plan,
00:05:30
what you're going to see is there's gonna be a lot of
00:05:32
unknown values. For example, for
00:05:34
your add ons, you have to know what is the cluster
00:05:37
on or the name of the cluster
00:05:39
or the idea of that cluster before that
00:05:41
cluster can be exist, you have to have
00:05:43
the VPC first,
00:05:45
which mean like you might have seen a lot of
00:05:47
this known after apply,
00:05:49
you fairly familiar with this model
00:05:51
where in telephone plans, a couple
00:05:53
of things show up with the values. The rest
00:05:55
of it is unknown.
00:05:58
Now, if you delve deep into the
00:06:00
application, same thing because if you have
00:06:02
your parts, you have to have your name space before
00:06:04
you have your name space, you have to have the cluster and
00:06:06
you have to have the authentications to the communities
00:06:09
provider from that cluster as well.
00:06:12
So
00:06:13
if you look at it, you're gonna split this into
00:06:15
multiple accounts, multiple environments, then
00:06:18
suddenly you have a lot of this dependency that's
00:06:20
gonna mapping from one to the
00:06:22
others. Um
00:06:24
What typically customers do today, what
00:06:26
we hear from the customer is that they are going to slice
00:06:29
this into multiple telephone deployments.
00:06:31
First, they're going to deploy the
00:06:33
c the networking layers
00:06:35
and then they have another workspace to deploy
00:06:37
their cluster, followed
00:06:39
by the service add ons and then the pots,
00:06:42
they have to do this because they want to ensure that the
00:06:44
dependency is correctly mapped
00:06:46
between each of the stages.
00:06:49
Now, if you imagine that and you have
00:06:51
a project that has like three environments,
00:06:54
then suddenly this metrics start to
00:06:56
grow. Oops, sorry.
00:07:00
And this metrics in here, you can see there's a lot of dependency
00:07:02
from one project or one workspace to
00:07:04
the other workspace. You have to wait for this
00:07:07
development to complete, going
00:07:09
to the productions. After the production
00:07:11
complete, you go to the dr if something
00:07:13
goes wrong, then the dependency issues
00:07:15
in here. It also
00:07:18
mean like if you want to add new environments,
00:07:20
then you have to have to inject
00:07:22
this into this new ordering. You have to
00:07:24
deal with this ordering, not to mention
00:07:26
the time it takes to actually go through it.
00:07:30
So two use cases, platform
00:07:32
resources, workload resources,
00:07:35
edo surface kind of looks different,
00:07:38
right? One is about many cos many
00:07:40
regions, you know, preferred consistencies.
00:07:42
Um you have large target and you have higher
00:07:45
level abstractions. While the others
00:07:47
is workload where you have
00:07:49
a very targeted, you have a specific order,
00:07:51
how you want to deploy your workloads.
00:07:53
Um Regardless
00:07:56
between this platform and the workload
00:07:58
resources, there are still challenges in terms
00:08:00
like how you manage the workflow and the stage
00:08:02
management.
00:08:05
All right,
00:08:06
with that,
00:08:07
we really think about these issues.
00:08:10
It's come to this idea of like
00:08:12
why don't we have a way to declare
00:08:15
the deployments?
00:08:16
You can declare your infrastructure as the code.
00:08:19
But why can't I declare my deployment
00:08:21
as the code as well?
00:08:24
And exactly that's what we're thinking um
00:08:26
in here is that
00:08:28
let's just have this kind of like pseudo code.
00:08:30
As you can see in the screen will say, I want to declare
00:08:32
my deployments, specify the input regions
00:08:35
and then I specify the number of these
00:08:37
instances, for example.
00:08:40
And this is really like what we're
00:08:43
trying to build. And the idea is like, we don't want
00:08:45
to change the existing way you work with Terra,
00:08:47
you're still using the same models. For example,
00:08:49
we don't want to expect you to make any changes
00:08:52
to that. But building
00:08:54
on top of that, we want to have this another layer
00:08:56
of instructions written as a quote
00:08:58
to really allow you to orchestrate
00:09:00
these deployments.
00:09:03
And with that, we're going to introduce you to
00:09:05
telephone stacks. I'm gonna have Karim to talk
00:09:07
a little bit more about this.
00:09:08
Beautiful. Thank you.
00:09:10
So, the important thing is that for the past decade
00:09:13
or so, right. We've tried to isolate
00:09:15
our workspaces. We've tried to make sure everything
00:09:17
is neatly separated. So
00:09:20
when somebody updates DNS records, they
00:09:22
don't actually wipe out the DNS zones,
00:09:24
wipe out VPC and everything,
00:09:27
even though a single apply would probably be
00:09:29
easier. Luckily,
00:09:31
you can still have that isolation with
00:09:34
stacks. You're just able to take it a little bit
00:09:36
further. And
00:09:37
I wanna give credit to our product manager
00:09:39
who came up with the idea of calling this infrastructure
00:09:41
as code as code.
00:09:43
Uh So basically,
00:09:45
you know, go go next level, still
00:09:47
use your own modules. Sorry, your old modules
00:09:50
um keep maintaining them, keep using them,
00:09:52
but add a little bit on top of that.
00:09:54
So with we giving us a clear understanding
00:09:57
of the problem space and workflows
00:10:00
and work flows that may or may not work
00:10:02
for what you need
00:10:04
in the sense of oh it takes human interaction.
00:10:06
Nobody has time for that.
00:10:08
Nobody wants to spend time on that. Nobody wants to wait
00:10:10
for things to be deployed.
00:10:12
Let's have a look at how sta can solve
00:10:14
this. And
00:10:17
so a terraform stack, like
00:10:19
your actual application stack consists
00:10:21
of a couple of different units. And the
00:10:23
first base unit we're gonna be talking about is called
00:10:25
a component
00:10:27
combination of one or more modules,
00:10:29
telephone modules
00:10:31
that define what your stock looks
00:10:33
like from a resource perspective. So
00:10:36
your R DS, your two
00:10:39
whatever else you need and have
00:10:41
combination of networking, computer storage,
00:10:43
you know, everything really
00:10:46
add to that a
00:10:48
deployment.
00:10:49
This unit basically defines
00:10:52
how many times a collection
00:10:54
of modules and a collection of components gets
00:10:56
deployed. And how
00:10:58
goal here is really to repeat the infrastructure
00:11:01
provisioning
00:11:02
and that part of the whole process
00:11:04
while not repeating the code for it. Because
00:11:07
there's no point
00:11:08
also when you repeat code,
00:11:10
you sell yourself up with maintenance
00:11:12
burden because that extra
00:11:14
deployment which has slightly different
00:11:16
code than the other one.
00:11:18
Now basically means you have to go through two RBI cycles.
00:11:22
And I'm a very lazy person. I don't want to read you the SIM code
00:11:24
twice,
00:11:25
but we're not there yet. You know, writing
00:11:27
code is easy,
00:11:29
writing good code is slightly harder,
00:11:31
especially if you need to add the documentation,
00:11:33
which you know,
00:11:35
while trying to enable platform
00:11:37
paradigms,
00:11:38
which kind of means that we want to hand off our best
00:11:40
code to other people.
00:11:42
It's the right documentation for that.
00:11:45
And then you have to invoke it multiple times
00:11:47
in a predictable way.
00:11:50
Doing that manually is not the predictable
00:11:52
way. It's hard, it's it's tedious
00:11:54
and primarily
00:11:57
it's error prone.
00:11:58
So we wanna get away from that
00:12:01
where infrastructure really gets interesting is
00:12:06
when you define the orchestration, part of
00:12:08
that infrastructure, we're not talking
00:12:10
cinetis or nomad
00:12:11
or workload, orchestration. But the actual infrastructure
00:12:14
orchestration, you know, this workspace should be
00:12:16
deployed when that workspace is done with
00:12:18
this resource should be done when that
00:12:20
resource gets fully provisioned.
00:12:23
And when we have things like an are available
00:12:25
that we can use to configure things downstream.
00:12:28
So in the orchestration unit, you to find
00:12:31
the checks and the rules that you need
00:12:33
to get your deployment
00:12:35
out there
00:12:36
and last but not least, of course.
00:12:39
And, and this is one of my favorite
00:12:41
uh features of, of stacks really
00:12:43
is the fur changes.
00:12:45
Sometimes you've got this set up where you make a conflict
00:12:48
change, right? Your plan runs
00:12:50
and telephone will go, there's
00:12:52
27 things that will be known
00:12:54
after apply.
00:12:55
Terefore really makes an effort to retrieve that information,
00:12:57
tries to figure out the relationship of everything.
00:13:01
But it can't always sometimes
00:13:03
takes, you know, 1015 minutes to get
00:13:05
a cluster. If you're doing h databases,
00:13:08
that time goes up.
00:13:10
So at that point, TEIR is blocked
00:13:13
with the first changes, work can
00:13:15
still continue
00:13:17
in the background
00:13:18
and then get back to the main
00:13:20
plan to figure out what needs to be
00:13:22
done until you end up at the
00:13:24
bottom of
00:13:26
our beautiful um
00:13:28
not diagram diagram
00:13:30
which is success. It's time for more
00:13:32
coffee
00:13:35
starts with a simple change.
00:13:37
Maybe you're deploying an EKS cluster,
00:13:39
the workload definition that needs
00:13:42
some add ons some name spaces
00:13:46
in all those results
00:13:48
in delays,
00:13:50
not with terraform sex,
00:13:52
everything just gets provisioned the way
00:13:55
you want it.
00:13:56
I think it be fun to look at how we can
00:13:58
model this
00:14:00
because theory is important.
00:14:02
Applied theory is more fun. Maybe
00:14:04
we'll throw in a life demo.
00:14:06
I think we're gonna do that later on. Yeah, that's gonna
00:14:08
be troublesome.
00:14:10
But so we've got four basic units that
00:14:13
make up from stack.
00:14:15
So if we look back at the two previous examples that,
00:14:17
well, I mentioned
00:14:19
we've got the core of our application. So VPC
00:14:21
CR calculations um regional
00:14:24
cr calculations of course, because
00:14:26
we don't want to interfere with the office VPN that's
00:14:28
also connected.
00:14:30
Um All the out of here, here's some
00:14:32
people chuckling you haven't been there.
00:14:35
Yeah, that's, uh, that's a painful part.
00:14:37
We can do a self help group after that.
00:14:39
Um, routing tables. Of course, don't forget
00:14:41
those internet gateways, everything else that, you
00:14:44
know, well, architected uh, framework
00:14:46
tells you to have in there and, and to make
00:14:48
sure. And I know, you
00:14:50
know, from the way you raise your hand, everyone
00:14:53
here writes very well defined,
00:14:55
very
00:14:56
perfect code. Right. We all
00:14:58
have those colleagues that don't
00:15:00
and that's troublesome.
00:15:02
Uh So, you know, im modules
00:15:05
that define boundaries, so
00:15:07
people can't break things, they shouldn't be able to break.
00:15:11
Um We'll define our access profile,
00:15:13
what else? Um
00:15:15
Things that line up with our organization's
00:15:17
requirements that make the czar happy
00:15:20
that uh end up in you not resulting
00:15:23
in getting a news article published about your company.
00:15:25
The important stuff here,
00:15:28
permission sets. Uh If you're working
00:15:30
with multiple Aws accounts, you should,
00:15:32
if you're not, you should very
00:15:34
important. Uh permission sets will drastically
00:15:37
make that easily uh easier,
00:15:39
not easy. Sorry, security
00:15:41
is never easy,
00:15:42
but it should always be
00:15:45
built in a way that you don't want to say no
00:15:47
to it because that's what your security
00:15:49
team does.
00:15:51
But in our case, we're splitting up our components
00:15:54
in a way that logically makes sense.
00:15:57
This is one way to do it as
00:15:59
well. He pointed out earlier. This is not the only
00:16:01
way usually if
00:16:03
you build infrastructure, it will model the way
00:16:06
your organization works
00:16:07
because that's what we do as engineers, right? We build
00:16:09
stuff that reflects who we are
00:16:12
and how we work, how our organization works.
00:16:16
And so
00:16:18
once you've modeled all your dependencies,
00:16:20
you've got your deployment
00:16:22
networking.
00:16:23
I ma
00:16:24
little bit of extra stuff on there
00:16:27
and we can turn this deployment
00:16:29
into a couple of different deployments
00:16:32
with deployment specific variables
00:16:34
across all three of these
00:16:37
or across kind of things.
00:16:39
Or 100
00:16:43
quick show of hands who here knows how many
00:16:45
regions aws has
00:16:48
26.
00:16:50
It's a good guess
00:16:51
if you're not using the beta regions,
00:16:54
the first question for that would be which
00:16:56
partition are we talking about?
00:16:58
But 26 is good. 29 would also
00:17:00
uh be really good if you do all the beta stuff,
00:17:05
this gets insanely complex when
00:17:07
you do this for every region and sometimes
00:17:09
you have workloads that require that think
00:17:12
gaming uh
00:17:14
not just static assets, static assets is easy,
00:17:16
right? Throw that onto a cloud front
00:17:19
distribution, things get super
00:17:21
super easy there. But actual
00:17:23
stuff that needs to be calculated everywhere
00:17:26
with fail over and everything add
00:17:28
in availability zones.
00:17:30
Yeah, this uh complexity
00:17:33
goes out the door.
00:17:34
Couldn't fit that on this slide or both of these slides
00:17:36
together. So we'll need
00:17:38
orchestration rules for this.
00:17:41
But first let's go back to your uh application
00:17:43
workload example
00:17:44
and
00:17:46
look what we can do there in terms of
00:17:48
modeling it.
00:17:50
So bring in VPC,
00:17:52
which is the easy part,
00:17:55
bring in our heavy hitter, which is our
00:17:57
ECs cluster.
00:17:58
And if you've ever written an
00:18:00
ECs cluster module,
00:18:02
you know, there's about 417
00:18:04
different questions that you're going to be asking yourself
00:18:06
as part of this process
00:18:09
because you want it to be perfect, right?
00:18:11
You want to be doing exactly what you need,
00:18:15
but making it reusable is the hard
00:18:17
part. So we
00:18:19
have a little bit of a separation of dependencies
00:18:21
here going
00:18:23
and we choose to isolate by component
00:18:25
type. But cost
00:18:27
alone, is it right? We need name spaces,
00:18:29
we need add ons for monitoring. I think
00:18:31
you've got the FOPS add on in your
00:18:33
stuff.
00:18:36
We had, we had monitoring role based access.
00:18:38
Of course, we
00:18:39
want to make sure our workloads work
00:18:42
but are properly isolated and easily
00:18:44
distributed.
00:18:47
I'm the kind of engineer that likes to build stuff
00:18:49
that doesn't break at three in the morning because
00:18:51
I really don't operate well at that time,
00:18:54
which means we spend a lot,
00:18:56
I think when we work together, we spend a lot more time
00:18:59
thinking about it than actually building it
00:19:01
because writing code is easy, right? Making
00:19:03
sure it doesn't break is the hard part.
00:19:06
I just want to add one thing as well. Like the way
00:19:08
we want to model these components in here is
00:19:10
to make sure we understand the life cycle of
00:19:12
these resources. So life cycle of
00:19:14
resources that has pretty much the same,
00:19:16
like you can likely deploy
00:19:17
BC and IM roll that could be in the
00:19:20
same components.
00:19:21
But then if you look at this, what
00:19:23
Kim described earlier,
00:19:25
there is a separation between the cluster
00:19:27
and then the Cubin.
00:19:28
Because in order for you to start working on
00:19:30
those CIN resources, you have to have
00:19:32
that cluster ready first. That's why we
00:19:34
kind of try to kind of specialize these
00:19:36
components in here back to you back.
00:19:39
Thank you.
00:19:40
Yeah, I think to, to put this how a friend
00:19:42
of mine once put it to do devops
00:19:45
and to do platform engineering, you have to be
00:19:47
platform engineering, you have to feel platform
00:19:49
engineering deep inside your heart
00:19:51
because only when you understand how your application
00:19:53
pods depend on the name spaces
00:19:55
and everything else. Can you actually model
00:19:57
this in a sensible way
00:19:59
and that's your mindfulness tip for today, be
00:20:01
one with your infrastructure by understanding what
00:20:03
you're doing before you do it
00:20:05
before your cluster gets to be operational.
00:20:08
And just like before you can
00:20:11
package this up for your environment
00:20:13
in any way you need.
00:20:14
And of course, if you've ever deployed
00:20:17
this exact type of setup,
00:20:19
you know, it's gonna break because you cannot
00:20:22
configure a Cuban TIS provider and the home provider
00:20:24
until the EKS cluster is done, which
00:20:27
means you can do the name spaces.
00:20:29
Are there ways around that? Of course, you could do
00:20:31
something like local exec you could use shell
00:20:34
script,
00:20:36
you could really upset everyone in this room
00:20:38
by going even further down
00:20:41
the road. But really, it's a chicken meat egg problem
00:20:44
and we want to avoid that. So
00:20:47
bring in a couple of deferred changes
00:20:49
and let terraform stacks figure out how this
00:20:51
can go and how the applied
00:20:54
process should go.
00:20:55
Terraform for the past 10 years has spent
00:20:58
time understanding the relationship of your
00:21:01
infrastructure, right?
00:21:02
We do a dynamic reference from one resource
00:21:05
to another. That's a relationship.
00:21:07
The uh that's goes through the graph,
00:21:09
the graph figures out I need to do this first.
00:21:12
Then we can do this
00:21:13
care from sacks, takes that a little
00:21:16
bit further
00:21:18
and then comes the easy part,
00:21:20
Stax figures this out, rinse and repeat three
00:21:23
environments,
00:21:25
different input variables, of course,
00:21:27
different region names,
00:21:29
but all in all same code,
00:21:33
it's a lot of theory. So sorry
00:21:35
for that. I know there's a, there's a lot
00:21:38
we're packing into this.
00:21:39
You know what I'm, I'm super excited for what
00:21:41
comes next
00:21:42
and what comes next
00:21:44
is going to be life. So first
00:21:46
of all, Willie was worried that this
00:21:49
might not work
00:21:50
and I told him it's gonna work because the energy in the
00:21:52
room is gonna be crazy.
00:21:57
So somebody could just go like w well,
00:22:00
all right, see, you know, you can
00:22:02
fill now, I know no pressure,
00:22:04
no pressure.
00:22:06
OK?
00:22:07
We always try not to do too
00:22:09
much of live demos, but I can, I
00:22:11
can just help myself for this.
00:22:14
So we hope that the Wi Fi
00:22:16
is gonna work well.
00:22:18
Um
00:22:18
Yeah. So I think the next part in here.
00:22:21
Oh, sorry. Just the demo.
00:22:23
Switch the screen,
00:22:28
right? Readable all the way in the
00:22:30
back. Yep.
00:22:31
All good in the back. Someone can make thumbs
00:22:33
up. Awesome. Thank you.
00:22:35
All right. So let's go start with
00:22:37
the demo.
00:22:38
We're gonna coming back to a couple of the
00:22:40
theories that Kim mentioned earlier.
00:22:43
But first of all,
00:22:44
I have
00:22:45
three components that I want to demo today.
00:22:48
First, we're gonna look at the infrastructures. Remember
00:22:50
we have iron rolls and stuff like that. Let's
00:22:52
try to replicate that in stacks across
00:22:54
one, multiple accounts and I will try
00:22:56
to kind of scale that across like a dozen
00:22:59
more accounts. And how, how are we gonna do that
00:23:01
without typing too many codes?
00:23:04
So my first part of the demo,
00:23:06
let's kind of get a sense like
00:23:08
what is tax and how that looks like in
00:23:10
your terra
00:23:12
you might see in some files in here that looks
00:23:14
familiar but not really.
00:23:16
Uh First there's the components, the TF stacks,
00:23:19
remember Karin mentioned earlier about the components,
00:23:21
this is like those resources that share
00:23:23
the same life cycles.
00:23:25
And then there's the deployments, deployments that
00:23:27
TF deploy. This is where you're going to orchestrate
00:23:29
the actual telecom
00:23:31
deployments.
00:23:32
Of course, there's outputs providers, variables,
00:23:34
etcetera.
00:23:36
So first let's have a look at
00:23:38
our components.
00:23:40
Now, imagine we're gonna do
00:23:42
this a little bit more simpler. Um I don't
00:23:44
have my PC and stuff like that. I just have an
00:23:46
IM role. I've been tasked with
00:23:48
my team to kind of create a new
00:23:51
I AM role that will be deployed across multiple
00:23:53
accounts.
00:23:54
Well, so you know, that is real,
00:23:56
I'm not doing a video.
00:23:58
So as I mentioned earlier, we have this Im role,
00:24:00
right? So this I am role, I copy
00:24:03
paste from my other talk.
00:24:04
Now you start to see something similar main
00:24:07
outputs and etcetera.
00:24:09
So the IM roll itself is pretty much straightforward.
00:24:11
I just have two IM roll one for what I call
00:24:13
my security scanners.
00:24:16
And the second one is for my
00:24:18
pin scanners.
00:24:19
So imagine like I have maybe two S providers,
00:24:22
I'm going to use, I need to deploy those across multiple accounts.
00:24:25
We're not really gonna dwell into what is this
00:24:27
code is. But yeah, you see the main
00:24:30
outputs and my input variable
00:24:33
very straightforward. Yeah,
00:24:35
so really what I do in my components, I just
00:24:38
model that I want to use this I am role, I want
00:24:40
to deploy this
00:24:41
and then I start to providing the inputs.
00:24:43
As you can see on this line. In here,
00:24:46
the left side is the input variable
00:24:48
on the module.
00:24:49
And then on the right side
00:24:51
is the variables that I will declare
00:24:54
at the stack level. So imagine like
00:24:56
left side is what the actual variable
00:24:58
names in the module
00:25:00
and the right side, which is this part
00:25:02
in here, I mean
00:25:03
is what uh available
00:25:06
at the stack level.
00:25:07
So I specify my source,
00:25:10
my input and then I specify
00:25:12
my providers
00:25:13
because in my I am role, I'm using two providers.
00:25:15
I say I want to use the AWS in random.
00:25:18
So again, I'm specifying on the website,
00:25:20
this is the
00:25:21
AWS provider will be used inside of the
00:25:23
model.
00:25:24
And then on the right side, this is kind of new,
00:25:26
right? We say provider dot
00:25:29
aws dot configurations. So
00:25:31
let's take a deeper look into the provider
00:25:33
block in here to see that what is actually
00:25:36
we doing in here.
00:25:38
So on my provider dot kev
00:25:41
stack, you see again something that kind of familiar,
00:25:43
right? You specify the required
00:25:45
providers, etcetera, etcetera.
00:25:48
But then in here things start to get
00:25:50
a little bit more interesting
00:25:52
one. I have my provider block, but
00:25:54
then I can name it, I call this configuration
00:25:57
and then I have this new conflict block
00:25:59
with the number of regions or the region
00:26:01
I want to deploy to.
00:26:02
And then some of the stuff that you typically
00:26:04
see assume role with web identity
00:26:07
because I'm using SGP
00:26:08
terraform and in sep terraform, I can
00:26:10
assume a role so that I don't have to
00:26:12
hard code the credentials
00:26:15
with that. Also the default tax,
00:26:17
the pro provider
00:26:19
for the like a random and
00:26:21
the local, I'm not doing anything special
00:26:23
in here. So just keep it like that.
00:26:25
So
00:26:27
now the fun part,
00:26:28
how we model the deployment.
00:26:31
So this is very simple example,
00:26:34
I have two accounts, account one and account
00:26:36
two for the first account. I say,
00:26:38
all right, we're gonna deploy to this region.
00:26:41
So I specify the inputs, I'm going to deploy
00:26:43
to region us is one,
00:26:45
this is will be the input to the
00:26:47
provider block. As you remember in here,
00:26:49
I specify the region based on
00:26:52
the far region. So that's how it gets
00:26:54
to the input in here.
00:26:57
Same thing with like the royal arm because
00:26:59
I'm going to deploy this using existing I role
00:27:01
so that she can assume this role also
00:27:04
specify the account ID where the role
00:27:06
will recite.
00:27:07
And then more importantly, this is the two inputs
00:27:10
that we're gonna pass on to the models.
00:27:12
I specify the value of this input in here
00:27:14
as well. Now,
00:27:16
if I have two accounts,
00:27:18
what I can do is that I can
00:27:19
replicate that in the second accounts
00:27:23
in here. Remember, I don't have to copy, paste
00:27:25
that same modules and declare
00:27:27
it again, et cetera. I'm just saying like, hey,
00:27:29
based on the components that I have in here,
00:27:32
replicate this for the second region. For
00:27:34
the second accounts, I have the region
00:27:36
again, I have the role and all of the inputs.
00:27:39
So now I have two deployments
00:27:41
and if I want to, I think Kim already
00:27:43
mentioned about orchestration, like maybe you
00:27:45
are too lazy. You don't want to like review across
00:27:48
hundreds of accounts.
00:27:49
What you can do is that you can also
00:27:51
like I prefer the term optimized
00:27:53
workflow optimized. Yes, not lazy
00:27:56
optimizing. Exactly.
00:27:57
And what you can do is that you can set
00:28:00
up orchestration rules to say, hey,
00:28:02
let's approve our plan because I trust
00:28:04
you. And in this case, the conditions
00:28:06
say if the context of the operation
00:28:08
is planned,
00:28:09
we will also approve it.
00:28:11
I can also be more specific.
00:28:14
For example, I can say
00:28:16
if this is special account
00:28:18
that I know is maybe part of lower environments,
00:28:21
then I will also prove based on certain
00:28:23
contexts where in this
00:28:25
case, the context is that is
00:28:27
the plan and the deployment name
00:28:29
is account number one.
00:28:32
All right. So we see how
00:28:34
we model the component,
00:28:37
we see how the provider is being declared
00:28:39
in here
00:28:40
and we see what's the deployment looks like.
00:28:43
So let's now jump to the
00:28:45
telephone
00:28:46
and see how we actually going to
00:28:49
use it.
00:28:50
So I already pre log into my HEP,
00:28:52
I have my project Hep
00:28:54
Tefo in here and I have my project
00:28:57
called Rent 24
00:29:00
right? And then I'm
00:29:02
gonna go ahead and create a new stack.
00:29:06
So with stack, I'm connecting to a repository.
00:29:09
So connect to
00:29:10
github and I will
00:29:12
use my repo in here.
00:29:15
Uh We call that infra one. So
00:29:17
can help me use that.
00:29:19
I can choose whether I want to trigger this based
00:29:22
on tech or branch for. Now,
00:29:24
you're going to use the branch. I'm gonna use my
00:29:26
develop branch.
00:29:28
Go ahead and create the stack.
00:29:34
All right, I just create my stack. So what do you
00:29:36
see on the screen right? Now,
00:29:37
you see on the top
00:29:39
stack will start to fetch that
00:29:41
configurations from the repository.
00:29:44
And then underneath that this deployment
00:29:46
roll out in here, this is where we're gonna see
00:29:48
the actual deployments.
00:29:50
So now let's go ahead and try
00:29:52
to look at the configuration itself.
00:29:57
OK? So I'm
00:29:59
double clicking into the actual configurations.
00:30:02
Now, I can see. All right, this is the source
00:30:04
of my commit,
00:30:05
uh which I do a couple of hours ago
00:30:07
and then I'll see that two accounts,
00:30:09
remember we have in the code earlier,
00:30:12
account one and account two. Now that is showing
00:30:14
up in here as the deployments.
00:30:16
So the deployment name
00:30:18
in here is really pretty much
00:30:20
uh replica of this deployment
00:30:23
in here, account one and account two.
00:30:27
All right now looks like I have some actions
00:30:29
in here. Let's take a look
00:30:31
first on account one, I
00:30:33
can see that term from stack
00:30:35
as able to perform
00:30:37
the plan. Here's my inputs.
00:30:39
This input is again based on that
00:30:41
same deployment block that I declared
00:30:43
earlier. And here's the plan
00:30:46
output,
00:30:47
we not gonna really go too much into it, but
00:30:49
this is the output of the plan.
00:30:51
So I'm pretty much ok with this.
00:30:54
I want to go ahead
00:30:55
and I approve the plan.
00:30:58
Right. Right. So first one
00:31:00
is done, remember because I don't set the orchestration
00:31:02
rule. So it's still asking me for approving
00:31:05
the plan. Same thing with the second one, I can
00:31:07
go ahead and now I'm going to dip a little
00:31:09
bit deeper into the actual
00:31:12
uh deployments itself. So this
00:31:14
is for account number two,
00:31:15
again, similar inputs and
00:31:18
the plan,
00:31:19
I'm happy with this. I'm gonna go ahead and
00:31:21
approve the plan
00:31:23
here. I can also see the timeline like
00:31:25
when this configuration is fetched.
00:31:28
Um And then who is approving
00:31:30
this configuration as well? So from like single
00:31:32
panel glass, I can see all of that.
00:31:36
All right.
00:31:37
So
00:31:39
it's just an iron roll. So it's very fast. I can
00:31:41
see immediately in here, count one and count
00:31:43
two is showing up.
00:31:45
And if I go and look at this deployment
00:31:47
in here, I can see the first
00:31:50
telephone will do the plan finish with that,
00:31:52
apply the configurations and then
00:31:54
it will run another plan to ensure
00:31:56
that everything converts. There is no Dr and
00:31:58
etcetera and I can see that in
00:32:00
here as well.
00:32:02
Now, this is cool if
00:32:04
I have maybe one or two accounts,
00:32:07
I can model it like this.
00:32:09
But what if I have do end of accounts?
00:32:11
Right. Hundreds anyone in here
00:32:14
have maybe a couple of 100 accounts. Raise your hand
00:32:16
perhaps. Yep. I see a couple in the audience.
00:32:18
So now let's take a look at the second
00:32:21
model.
00:32:22
So suppose that I have
00:32:24
maybe a dozen of accounts
00:32:26
that I want to deploy
00:32:28
and I model it using AWS organization.
00:32:31
So it's based on the ou structures, organizational
00:32:33
units, right?
00:32:36
Um On my second demo,
00:32:38
everything looks the same, my components, nothing
00:32:40
changed is exactly the same copy. I'm still
00:32:42
using the same I roll and everything else.
00:32:46
My deployment
00:32:47
now things get a little bit more interesting. I can use
00:32:49
local. So I'm going to use local, specify
00:32:51
the regions and etcetera,
00:32:53
but also specifying like at this map
00:32:55
of ou for depth and productions
00:32:58
and then have like a list of accounts for each
00:33:00
of them. If I want,
00:33:02
I can actually push this to HP as
00:33:04
a variable sets and have that variable
00:33:06
set driven by like a data source
00:33:09
from AWS organizations
00:33:11
for simplicity. I'm just going to put it in the map
00:33:13
in here. So we don't have too many components to look
00:33:15
at. So
00:33:17
let's look at how I model my deployment.
00:33:19
This is what I really like about stack is
00:33:21
the flexibility
00:33:23
here. I say my input is the region
00:33:26
and then I have
00:33:28
several accounts is a list
00:33:30
that I derive from this local
00:33:33
ou de. If you look at in here,
00:33:35
this is the O DEV and the list of
00:33:37
the accounts,
00:33:40
the rest looks very much the same. But how
00:33:42
we actually using these accounts, let's
00:33:45
take a look at our providers.
00:33:48
So
00:33:49
what's really cool with that is that I can
00:33:51
now start to use more expression
00:33:53
in my provider.
00:33:55
So what I do in here, I use four loops each.
00:33:59
So for that list of the accounts
00:34:02
pass from the deployment, right?
00:34:04
For the o for example,
00:34:06
I'm looping the provider
00:34:08
and then I specify the region.
00:34:10
And that allows me to have like a more expressive
00:34:13
way to specify the role on. Essentially
00:34:16
if I want, I can maybe double click on this and
00:34:18
say like it's not only a single
00:34:20
list but maybe a complex map where
00:34:22
I have like four
00:34:23
for the accounts and then also
00:34:26
for the region for example.
00:34:27
But for simplicity, I just keep it as is like
00:34:29
this. Now, let's
00:34:32
take a look again how this works inside
00:34:34
of the stack.
00:34:36
So for that, actually, I already uh
00:34:39
configured the Infra two in here.
00:34:42
I don't have any deployment I can see on the
00:34:44
bottom still empty.
00:34:46
Let's go ahead and fetch it.
00:34:51
All right. Gonna take a couple of seconds for it to
00:34:53
fetch
00:34:57
and here we go. So gonna
00:34:59
go ahead and look at the configurations.
00:35:05
Yeah, wi a little bit slow. But um they should
00:35:07
show up
00:35:10
right
00:35:11
now stacks that to pull those
00:35:13
same configurations
00:35:15
that you see earlier in the screen.
00:35:17
And now my deployment is obstructed
00:35:20
at the O level. So I have like a DEA
00:35:22
ou and production ou. So
00:35:24
earlier, you see like a hyper con one account two and etcetera.
00:35:27
Why? Because I'm an impro guy, the way
00:35:29
I'm looking at the consistency of my deployment
00:35:31
is based on certain ou like what's in the
00:35:33
DEV, what's in the product, for example.
00:35:36
So if I look at my deaf or you,
00:35:40
like, first I have the same inputs,
00:35:42
like say all of these accounts, I want
00:35:44
to go through and then what's the
00:35:46
value for that? Because for de
00:35:48
the fin up scanner is not running,
00:35:50
but the security scandal still runs.
00:35:53
And what I can see in here is that stack will automatically
00:35:56
using that for each to render
00:35:59
the deployment of my IM role across
00:36:01
multiple target accounts. So I can
00:36:03
see this is for account number one,
00:36:05
the second account
00:36:07
and the third one,
00:36:09
I'm happy with that. I go ahead and approve the plan
00:36:12
and stock will automatically go
00:36:14
and then start deploying across those accounts
00:36:17
can do the same for the second one. So I want to just go ahead
00:36:19
and again, you see a different list
00:36:21
because I have a different list for my o depth
00:36:23
and productions. Again, I'm gonna go ahead
00:36:26
and profit.
00:36:29
All right. So with that, that allows me
00:36:31
to really model my deployment for
00:36:33
multi account, multi regions in the infrastructure
00:36:36
platform by using a single,
00:36:38
like a components and just like a two
00:36:40
deployment script.
00:36:42
Now, the last thing I want to do for the
00:36:44
demo, I think we are a little bit short on time.
00:36:46
So try to keep this one
00:36:48
fast is that second
00:36:51
model that
00:36:53
mentions the coon
00:36:54
applications.
00:36:56
So how we do that? Right? First,
00:36:58
we have a couple of components like the PC
00:37:00
components. Of course, you have to have the network
00:37:03
and then you have your
00:37:04
S component here. So hopefully, by now you start
00:37:06
to get familiar with how this works.
00:37:08
Um I want to do it multi
00:37:11
region so I can actually do for
00:37:13
each in the component as well. Again,
00:37:15
this is really where the flexibility of
00:37:17
se that you typically do
00:37:19
really surfacing again inside of the components
00:37:22
deployments and also on the providers.
00:37:25
So, but just this one
00:37:27
single line in here are basically telling the
00:37:29
stacks and the component, this component
00:37:31
in here actually gonna span across multiple regions.
00:37:35
And then I specify the inputs such as
00:37:37
PP C and etc.
00:37:40
What's really interesting in here if you pay attention
00:37:43
to this part,
00:37:45
this component is actually taking dependency
00:37:47
from the PC earlier. So
00:37:49
this PC has to be created first
00:37:52
and then the
00:37:52
S will take the dependency of PC
00:37:55
from the PC components.
00:37:57
And same thing with my say
00:37:59
cit resources like our,
00:38:00
it's gonna take the
00:38:02
S component first followed by the
00:38:04
add on and etcetera.
00:38:06
So you can see in here like we are building a dependency
00:38:08
within the components as well. And we'll see
00:38:11
how terraform stack will actually
00:38:13
map mapping those dependency.
00:38:17
We're not going to go and look into each of these sub
00:38:19
module. But really this is like your regular
00:38:22
PC models, your ES
00:38:24
and etcetera. Nothing really special in
00:38:26
here. A me
00:38:29
as you probably know, deploying a CS cluster,
00:38:31
take 20 minutes. I'm not going to
00:38:33
wait and have you sitting in here waiting for
00:38:35
me for that. So we
00:38:37
are like a little bit cheap um
00:38:39
so far.
00:38:40
So I just push that configuration, I take
00:38:43
this recording to kind of just speed
00:38:45
up, right? You can see in here that
00:38:47
I have two deployment for development
00:38:49
and product.
00:38:50
My depth is already done a couple
00:38:52
couple of hours ago. So I'm not going to see any
00:38:55
changes in here, but for the productions,
00:38:57
I can see that there is this a new plan
00:38:59
that's coming up.
00:39:01
So let's take a look at this plan value
00:39:03
and see what's the result.
00:39:06
Now you can see in here like ST start to
00:39:08
model the components first, the
00:39:10
VPC and the
00:39:11
EKS. Not only that you can see like
00:39:13
you are able to actually do full plan
00:39:16
for the S and also the VPC.
00:39:19
But there are other components such as the community
00:39:22
resources that still called divert.
00:39:24
Notice this in here, there's a line called divert.
00:39:27
And that's because again, if you remember
00:39:30
all of those components, a lot of this value
00:39:32
is still unknown at the time, the
00:39:34
telephone running it.
00:39:36
So
00:39:37
te from stack is smart enough to say we're gonna
00:39:39
wait and still the other resources
00:39:41
is fully deployed. And then we run
00:39:43
again, the plan automatically, you don't have to do
00:39:45
anything, you can grab a coffee or something. And
00:39:48
after that, it will come back to you and say, hey,
00:39:50
well, I see all of this is all taste. All the
00:39:52
full dependency are you to
00:39:54
go ahead and that.
00:39:55
So I'm gonna hit a probe in
00:39:57
here. That's just to build the first part
00:39:59
of the component, the P PC and the cluster
00:40:02
again, we're gonna speed up this recording in
00:40:04
here. Um
00:40:05
You're gonna see that the P PC resources
00:40:08
will be created magically.
00:40:10
And then after that,
00:40:11
there we go, that's the P PC part right
00:40:14
after P PC is done, the EKS cluster
00:40:16
can be a planned and uh approved
00:40:19
as well without any additional dependency
00:40:21
from you.
00:40:22
So you can see in here telephone stack, go ahead
00:40:24
and start creating the ECs cluster
00:40:28
following that. Um
00:40:30
After the cluster completed this again, takes
00:40:32
maybe 1015 minutes, we're going to
00:40:34
fast forward this recording. And
00:40:36
magically you will see the S cluster is done
00:40:39
then the other components such as the communities
00:40:42
cluster now can be fully planned.
00:40:44
Now, what the chart from stack
00:40:46
will do for you is that it gives you another
00:40:48
converged plan. So I can click in here.
00:40:51
Now, I can see the full plan because
00:40:54
I have my detail of my PC, I have
00:40:56
detail of my S clusters and everything else.
00:40:58
So if I go and click deeper into,
00:41:00
for example, other components
00:41:02
outside of the cluster, and you can see in here
00:41:05
for my coin,
00:41:06
I can see the actual full plan output.
00:41:09
What's this resources
00:41:11
will do? And
00:41:14
if I'm feeling good with this because this is production,
00:41:16
I really wanna making sure I look at all
00:41:19
of this plan review and then approve
00:41:21
it right
00:41:23
by doing that. Now, I can start to complete
00:41:25
the deployments. And I can see in here
00:41:28
all of the history of the
00:41:30
uh the changes.
00:41:32
And after this is completed,
00:41:35
later on, ST will also do additional
00:41:37
convergence in order to
00:41:39
ensure like everything
00:41:42
done correctly. So there is no drip and
00:41:44
et cetera.
00:41:45
So the final thing after all of these resources
00:41:48
is completed,
00:41:49
they will see that the staff will
00:41:51
do the final plan just to give
00:41:53
you an idea about the final
00:41:55
result of it,
00:41:58
right? So you see here, say, all right, we're done,
00:42:00
we apply successfully. Let's look
00:42:02
at the plan 1.3 which is
00:42:04
like a final convergence. Let's just do
00:42:06
a final drift, making sure nothing is breaking.
00:42:09
There's no new resources get introduced,
00:42:11
there's no drift and etcetera.
00:42:15
All right. And then you will see
00:42:17
very shortly in here
00:42:20
that after that's completed um
00:42:22
that's gonna conclude uh part of my demo.
00:42:26
OK?
00:42:28
I'm gonna cut this just to save some time.
00:42:31
Um
00:42:32
Let's move back to the presentation.
00:42:38
All right,
00:42:39
let's do a quick recap.
00:42:42
So apart from
00:42:44
a little bit issue early in the beginning,
00:42:46
what do you see?
00:42:48
So you see in here that is
00:42:50
very powerful in a way
00:42:52
for you to represent the deployment
00:42:55
in the declarative way.
00:42:57
For example, you can see that you
00:42:59
don't need to repeat those infrastructures for
00:43:01
like a platform resources, right?
00:43:04
I can declare it once and then I can have
00:43:06
multiple of these stacks at scale
00:43:08
from like one or two dozen
00:43:11
and 10 to hundreds and etcetera.
00:43:14
But beyond that,
00:43:16
Kim, I think you also see something very
00:43:18
interesting in here, right?
00:43:20
There's a couple of interesting things that you get
00:43:22
to see if we can briefly go back to the previous
00:43:24
slide. There's one thing that's worth pointing out
00:43:26
to add to what you said earlier.
00:43:28
We predefined four account studies,
00:43:30
right, hard coded in their not
00:43:32
dynamic
00:43:34
works for a demo, but it's probably not
00:43:36
gonna be what you have in production.
00:43:39
As I mentioned, you can pull those
00:43:41
details from a variable set which you
00:43:43
can fill with terraform.
00:43:45
So you can use the Terraform enterprise provider for
00:43:47
HTP Terraform
00:43:48
populate your variable sets with the
00:43:50
output of a data source. So you could take,
00:43:53
for example, as we talked about earlier, all the AWS
00:43:55
regions get a dynamic list of
00:43:57
that or retrieve
00:43:59
availability zones
00:44:01
or account I DS, anything
00:44:03
that you really need,
00:44:04
that you need to be reliable and that probably
00:44:07
should not be done by human copy, pasting
00:44:09
things from left to right.
00:44:11
You can just fill up, fill in dynamically
00:44:15
and that is a waterfront
00:44:17
if we go to the next slide. Thank you.
00:44:21
That's gonna be easier.
00:44:23
So we've got a stack.
00:44:25
We've orchestrated the deployment of our EKS cluster.
00:44:28
Each cluster is networking. Each cluster is
00:44:30
all the add ons all the configurations and everything
00:44:32
in there altogether.
00:44:34
This is 18 components in total across
00:44:36
three environments
00:44:38
that we map to de fraud,
00:44:40
disaster recovery.
00:44:43
But really
00:44:44
the reason we map it 23 is because
00:44:46
that's the screen is safe we have and it could be way
00:44:48
way more
00:44:50
uh which really brings us to the last part
00:44:53
of our presentation
00:44:56
care from stacks, gives you a lot
00:44:59
of operational efficiency gains.
00:45:01
Biggest thing I think
00:45:03
the biggest core tenant I see
00:45:05
is the scalability.
00:45:08
We do all of this with a few lines
00:45:10
of code.
00:45:11
It's a super set to the modules you already have.
00:45:14
If you know how to write terraform, you know how to write
00:45:16
a stack configuration.
00:45:19
It's,
00:45:19
it's really that simple.
00:45:21
It's actually harder for us to connect to a screen
00:45:24
than to write a new Stax
00:45:26
configuration
00:45:27
as you can see from the live demo, which I want
00:45:29
to point out actually worked. Um and
00:45:32
the only part we skipped through was the things that
00:45:34
take longer
00:45:36
operational efficiency is important, right?
00:45:39
We don't want to spend
00:45:41
time debugging because debugging takes
00:45:43
way too much time. It's error prone. And
00:45:46
if we didn't figure out the first time, it's going to take
00:45:48
us longer the second time.
00:45:52
So scalability
00:45:55
and the ability to just spin up
00:45:57
new regions,
00:45:59
be that a
00:46:00
full region, be that parts
00:46:02
of a region, be that an actual
00:46:05
new partition?
00:46:06
These are these are important and
00:46:09
the conflict structures around that in in
00:46:11
tele fromm sacks allow you to very rapidly
00:46:13
do that uh and repeat
00:46:16
your infrastructure without repeating your code
00:46:19
improved visibility. This is
00:46:21
one that I really care about. This goes beautifully
00:46:23
with the HP terraform explorer
00:46:26
just being able to see what your
00:46:28
terraform infrastructure and landscape and
00:46:30
and you know, cloud real estate really
00:46:32
is doing.
00:46:34
Are you using outdated modules? Are you using
00:46:36
outdated providers? How do you deal
00:46:38
with that kind of drift?
00:46:40
What gets a lot easier when everything is orchestrated
00:46:42
in this way you saw? Well, you define a
00:46:44
couple of different providers. So we know,
00:46:47
for example, um the base
00:46:49
version of all the AWS stuff is gonna be 5.7
00:46:52
for the provider.
00:46:53
And that's incredibly important because
00:46:56
that predictability lowers
00:46:58
the maintenance burden.
00:47:00
Then of course, consolidation
00:47:03
the F changes allow us
00:47:05
to work with configuration in a more streamlined
00:47:07
way no longer
00:47:09
need to wait for everything to work out
00:47:12
and you can make events, make changes based
00:47:14
on events
00:47:17
and that's nice. I like those orchestration rules.
00:47:19
The other thing I want to point out as well, like I think
00:47:21
I mentioned earlier is that you have a single
00:47:24
pane of glass of the entire deployments.
00:47:27
You're not looking at different workspaces,
00:47:29
different pipelines and et cetera, everything
00:47:32
is actually abstracted into one single
00:47:34
user interface within the stacks
00:47:36
itself. So there everybody
00:47:38
in the team has the full feasibility like
00:47:41
we are deploying to multiple or use multiple
00:47:43
regions and et cetera.
00:47:45
And it's so easy for you to just adding
00:47:47
a new regions or new accounts
00:47:49
without having to like duplicate a lot of codes
00:47:51
which is can be also very error
00:47:54
prone by itself.
00:47:56
If you remember at the beginning, we asked who here
00:47:58
built custom tooling and we have built a couple of shell
00:48:00
scripts, all
00:48:02
those approaches are valid, right? It's, it's
00:48:04
never about the technology because we always
00:48:06
had the technology to do multi-account,
00:48:09
multi region deployments,
00:48:11
care from sex, just streamlines it and makes it a lot
00:48:13
easier
00:48:15
putting you in a position where you don't need to maintain
00:48:17
that tooling, which I think is important
00:48:19
because ultimately,
00:48:21
when you think about modern applications,
00:48:23
you know, standard application has between
00:48:25
30 100 secrets,
00:48:28
you need to deal with different
00:48:30
uh legal concerns. GDPR
00:48:32
in Europe in is two,
00:48:35
all the stuff that you have uh going on here
00:48:37
and all the beautiful acronyms that take
00:48:39
you away from having fun stuff,
00:48:41
you know, like actually experimenting
00:48:43
uh with the infrastructure.
00:48:46
Getting that overview and getting all of
00:48:48
this locked in
00:48:49
is very nice. So I definitely
00:48:51
encourage you to, to think about this
00:48:54
a little more
00:48:55
and I think we didn't talk about it here, but
00:48:58
at hashi com a couple of months ago, we announced
00:49:00
a change requests
00:49:02
for your workspaces. So
00:49:04
when you're doing large deployments, you see
00:49:07
somebody using older providers,
00:49:09
you could go in and fix that, but that puts
00:49:11
the maintenance burden on you,
00:49:14
make sure that team knows that they need
00:49:16
to fix it.
00:49:17
And now you're sharing that burden,
00:49:19
you're both investing in making your infrastructure
00:49:22
much better and, and
00:49:25
more reliable and more
00:49:27
joyful to maintain. I almost
00:49:29
want to say.
00:49:30
So I know like everything you saw
00:49:32
earlier today is part of the
00:49:35
terra form stacks that's also available
00:49:37
in uh HEP cloud platform
00:49:39
or HCPK. Why don't you talk
00:49:41
a little bit about what is Hep?
00:49:43
So HCP is, is really
00:49:46
a streamlined way to get all
00:49:48
your infrastructure needs solved.
00:49:50
Uh Obviously, that's a marketing
00:49:52
approach. But if you think about it from the left
00:49:54
to the right side,
00:49:56
infrastructure is code to deploy your
00:49:58
resources to configure your servers to
00:50:00
do everything around that
00:50:02
bring in Packer. So when you boot
00:50:04
up your two instances and your
00:50:06
EKS instances, your A I already
00:50:08
have the right agents and configurations
00:50:11
pre installed.
00:50:13
Uh Way point. Of course, we talk
00:50:15
a lot about platform engineering. We talk
00:50:17
a lot about building really, really
00:50:19
cool stuff.
00:50:21
But we also know when you're building anything
00:50:23
that has a word cluster in it, there's gonna be
00:50:25
50 100 maybe 200 configuration
00:50:28
options.
00:50:29
Many of us understand that but not
00:50:31
everyone in our organization does.
00:50:33
With way point, we can expose ways
00:50:36
that have
00:50:37
way less knobs and way less levers
00:50:40
to fill in when you use a module like that,
00:50:42
making it drastically easier for somebody
00:50:44
to consume your work
00:50:47
in a much more sensible way.
00:50:49
And then of course,
00:50:50
if you don't want to deploy
00:50:52
s you need to run workloads that are not
00:50:54
containerized, you need to run stuff
00:50:56
in different ways. Think job
00:50:59
application legacy. If
00:51:01
um if you're lucky to work for one of the financial
00:51:03
institutions that still use FORTRAN,
00:51:06
uh congrats on job security
00:51:08
nomad would probably
00:51:11
be a good solution for that because
00:51:13
containerizing a FORTRAN application is not
00:51:16
what you want to be spending your time on.
00:51:18
We know this because we had a colleague, try out
00:51:22
rest in peace.
00:51:25
He's now a sheep farmer
00:51:26
anyway, uh
00:51:27
moving on. So um
00:51:29
our infrastructure portfolio
00:51:32
really
00:51:33
really helps you with the whole life cycle,
00:51:35
but it's not the whole part, of course, is also
00:51:38
a large security component.
00:51:39
So as you build your deployments, think
00:51:42
about how you get secrets into things.
00:51:44
Think about your secrets management, your certificate
00:51:46
management
00:51:48
vault, I think is a really great approach
00:51:50
for that, especially when you pair it with
00:51:52
stacks and get things and secrets
00:51:54
in and credentials in at the
00:51:56
last possible minute with the
00:51:58
strongest limitations that you can define.
00:52:04
But all of this is really a journey.
00:52:06
Uh We've been around for 10 plus years.
00:52:08
We've seen our customers go through these journeys.
00:52:11
It's, it's not something that happens overnight, right?
00:52:13
Even if you pick up stacks right now, it's not
00:52:15
a silver bullet, it's not gonna solve all your problems
00:52:19
in six lines of code because you will have
00:52:21
to think more about your infrastructure.
00:52:24
So it will be a journey for you too.
00:52:26
But that's OK.
00:52:27
You don't have to do it alone. We've got
00:52:30
ideas, tutorials, blueprints
00:52:32
everything around this on our website,
00:52:34
on developer dot Has co.com
00:52:36
that you can download and see what we've
00:52:39
learned over a year. So you don't have to learn
00:52:41
it the painful way.
00:52:44
Then when you get to the standardizing phase,
00:52:46
you're enabling yourself to get more into
00:52:48
the whole platform engineering aspect,
00:52:50
you're enabling your teams to consume
00:52:53
your work.
00:52:55
And I think that
00:52:56
that's where the fun starts
00:52:58
because ultimately you get to the scaling part, right?
00:53:01
Doing a single stack across
00:53:03
a couple of regions, very cool. Doing a single
00:53:05
stack across a couple of regions
00:53:07
with a couple of environments also cool.
00:53:10
But if we're talking less than 100. Yeah. Come
00:53:12
on, rookie numbers. Right. Let's go big.
00:53:16
Let's add a couple of 100 accounts. I saw somebody
00:53:18
raise their hand for a couple of 100
00:53:20
accounts. I'm so sorry.
00:53:22
This is
00:53:23
an overhead that is gonna be
00:53:25
hard to work with,
00:53:27
but it's not impossible if you can
00:53:29
trust that your code is actually
00:53:32
the same across all of these.
00:53:34
And, um,
00:53:35
well,
00:53:36
I'm just glad we have uh some tools that work
00:53:39
with that and work for
00:53:41
us in that set up,
00:53:45
which really brings us to our last
00:53:47
slide. No,
00:53:49
one more.
00:53:50
I think,
00:53:51
I think we have one more slide. Yep. There
00:53:54
we go. Everything
00:53:57
that Wally showed you today is actually
00:53:59
available on github.
00:54:02
I saw some people take pictures of the code
00:54:04
that's OK. You don't have to retype it unless
00:54:07
you really want to.
00:54:08
It is certainly educational, but you can also just
00:54:10
uh clone
00:54:11
the repulsor we have online, has
00:54:13
all the code in there, it will deploy it for. You
00:54:16
should probably mention that these resources
00:54:18
are not free. So if you run it
00:54:20
in your Aws in your personal AW S account
00:54:23
that's on you. But at least learning
00:54:26
is something you can do. At that point,
00:54:29
we also have like a lot of documentations, a lot
00:54:31
of this concept that we just introduced to you.
00:54:33
I know there's a lot of components, deployments,
00:54:36
the new provider block and et cetera, go
00:54:38
and check out the documentations to really kind of
00:54:40
learn more about this and you will soon realize
00:54:42
like it's really just
00:54:45
a abstraction layer. You don't have to change the
00:54:47
way you modify and use your the
00:54:49
modules today.
00:54:50
There's also additional tutorials that you can
00:54:52
take a look in here. So I highly
00:54:54
encourage you to look at it as well.
00:54:56
Of course, has Corp team will be in the booth
00:54:59
if you have any questions hit us on there.
00:55:01
Um Don't also forget to
00:55:03
fill in the survey. Um I think
00:55:06
that conclude the end of the presentations
00:55:08
again. Really say I want to say really thank
00:55:10
you so much for staying with us. We're
00:55:13
gonna be sticking around for a couple more minutes. If you
00:55:15
address any questions after that, we're gonna be in the hallway,
00:55:17
Karim. Anything else you want to say? I just want
00:55:19
to say thank you to the producers for getting
00:55:22
our technical issues fixed
00:55:23
as you can see multi-account multi
00:55:25
region is much easier than
00:55:27
actually figuring out how to do slides correctly.
00:55:29
So, thank you.
00:55:31
All right. Thank you so much. F.
