aws-service-catalog-terraform-reference-architecture | Apply Terraform configurations using CloudFormation | Infrastructure Automation library
kandi X-RAY | aws-service-catalog-terraform-reference-architecture Summary
kandi X-RAY | aws-service-catalog-terraform-reference-architecture Summary
This solution requires that a Terraform server be deployed and available. You can use an existing Terraform server, or you can deploy a new Terraform server using the supplied CloudFormation templates. The supplied CloudFormation templates will create a new Amazon Elastic Compute Cloud (Amazon EC2) instance and install Terraform. You can use one Terraform server to target resources across multiple AWS accounts. For the purposes of this paper, we will name the AWS account where the Terraform server resides the “hub account”. Accounts that send requests to the server and contain the provisioned resource will be called “spoke accounts”. For the Terraform server to operate, you must create AWS Identity and Access Management (IAM) roles in each of the spoke accounts and create an AWS Lambda launch function in each desired region of each spoke account. For example, a deployment for 3 accounts that each use us-east-1 and us-east-2 regions will result in 1 Terraform server account, 3 spoke account roles, and 6 Lambda launch functions. The hub account and region containing the Terraform server may also be a spoke account, in which case you must also deploy the IAM role and Lambda launch functions in the hub account and region. The key to the solution is a CloudFormation template that acts as a proxy to Terraform. The CloudFormation template uses a custom resource, implemented via an AWS Lambda function to call the Terraform APIs. The CloudFormation template can then be customized to capture specific parameters and used to create an AWS Service Catalog product. The Terraform files are placed in an Amazon Simple Storage Service (Amazon S3) bucket that can be accessed from AWS Service Catalog in each of the spoke accounts. See the following figure. Once the solution is deployed, end users in each spoke account can launch AWS Service Catalog products. Information about which Terraform file to use, input parameters, and an IAM permission role is passed to the Terraform server from the CloudFormation template. The Terraform server uses this information to manage AWS resources in the originating spoke account. The outputs of the Terraform server are stored in the Amazon S3 Output State Files bucket. The end user has access to this bucket via the AWS Service Catalog GUI or API.
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
- Handle incoming request
- Sends the command to the ExecutionScript
- Sends a HTTP response to the given URL
- Gets the instance ID
- Returns region of given ARN
- Returns a relative ID from an ARN
aws-service-catalog-terraform-reference-architecture Key Features
aws-service-catalog-terraform-reference-architecture Examples and Code Snippets
Community Discussions
Trending Discussions on Infrastructure Automation
QUESTION
I have an RDS DB instance (Aurora PostgreSQL) setup in my AWS account. This was created manually using AWS Console. I now want to create CloudFormation template Yaml for that DB, which I can use to create the DB later if needed. That will also help me replicate the DB in another environment. I would also use that as part of my Infrastructure automation.
...ANSWER
Answered 2020-Jun-05 at 00:59Unfortunately, there is no such functionality provided by AWS.
However, you mean hear about two options that people could wrongfully recommend.
CloudFormer is a template creation beta tool that creates an AWS CloudFormation template from existing AWS resources in your account. You select any supported AWS resources that are running in your account, and CloudFormer creates a template in an Amazon S3 bucket.
Although it sounds good, the tool is no longer maintained and its not reliable (for years in beta).
Importing Existing Resources Into a Stack
Often people mistakenly think that this "generates yaml" for you from existing resources. The truth is that it does not generate template files for you. You have to write your own template which matches your resource exactly, before you can import any resource under control to CloudFormation stack.
Your only options is to manually write the template for the RDS and import it, or look for an external tools that could reverse-engineer yaml templates from existing resources.
QUESTION
I'm struggling to set up a CI process for a web application in Azure. I'm used to deploying built code directly into Web Apps in Azure but decided to use docker this time.
In the build pipeline, I build the docker images and push them to an Azure Container Registry, tagged with the latest build number. In the release pipeline (which has DEV, TEST and PROD), I need to deploy those images to the Web Apps of each environment. There are 2 relevant tasks available in Azure releases: "Azure App Service deploy" and "Azure Web App for Containers". Neither of these allow the image source for the Web App to be set to Azure Conntainer Registry. Instead they take custom registry/repository names and set the image source in the Web App to Private Registry, which then requires login and password. I'm also deploying all Azure resources using ARM templates so I don't like the idea of configuring credentials when the 2 resources (the Registry and the Web App) are integrated already. Ideally, I would be able to set the Web App to use the repository and tag in Azure Container Registry that I specify in the release. I even tried to manually configure the Web Apps first with specific repositories and tags, and then tried to change the tags used by the Web Apps with the release (with the tasks I mentioned) but it didn't work. The tags stay the same.
Another option I considered was to configure all Web Apps to specific and permanent repositories and tags (e.g. "dev-latest") from the start (which doesn't fit well with ARM deployments since the containers need to exist in the Registry before the Web Apps can be configured so my infrastructure automation is incomplete), enable "Continuous Deployment" in the Web Apps and then tag the latest pushed repositories accordingly in the release so they would be picked up by Web Apps. I could not find a reasoble way to add tags to existing repositories in the Registry.
What is Azure best practice for CI with containerised web apps? How do people actually build their containers and then deploy them to each environment?
...ANSWER
Answered 2020-Mar-16 at 08:59Just set up a CI pipeline for building an image and pushing it to a container registry.
You could then use both Azure App Service deploy and Azure Web App for Containers task to handle the deploy.
The Azure WebApp Container task similar to other built-in Azure tasks, requires an Azure service connection as an input. The Azure service connection stores the credentials to connect from Azure Pipelines or Azure DevOps Server to Azure.
I'm also deploying all Azure resources using ARM templates so I don't like the idea of configuring credentials when the 2 resources (the Registry and the Web App)
You could also be able to Deploy Azure Web App for Containers with ARM and Azure DevOps.
How do people actually build their containers and then deploy them to each environment?
Kindly take a look at below blogs and official doc which may be helpful:
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install aws-service-catalog-terraform-reference-architecture
AWS S3 Console
AWS Command Line Interface (CLI)
Choose the Clone or download button
Choose Download ZIP
Unzip the file into a folder
Open file Explorer to the top directory of your local git repo Leave it open, we will use it in a moment
Sign in to the AWS Console and navigate to the S3 console. https://s3.console.aws.amazon.com/s3/home
Choose the Create bucket button. Use the default settings for creating this bucket. See step 6 in the linked instructions concerning default S3 permissions.
Enter scterraform-[YOUR-ACCOUNT-ID] for the Bucket Name
Verify the region.
Choose Next
On the Properties page choose Next
On the Set permissions page choose Next
On the Review page choose Create Bucket
Choose the scterraform-[YOUR-ACCOUNT-ID]
Choose the Upload button
Use the file explorer opened earlier to drag over the following folders
TerraformScripts
TerraformCustomResourceHandler
Choose Upload
Clone the repository to your local computer
Create a S3 bucket to host the installation content aws s3 mb s3://scterraform-[YOUR-ACCOUNT-ID]
Copy the following files to the bucket maintaining the file structure: aws s3 sync ./TerraformCustomResourceHandler/bin/ s3://scterraform-[YOUR-ACCOUNT-ID]/TerraformCustomResourceHandler/bin/ aws s3 sync ./ServiceCatalogSamples/ s3://scterraform-[YOUR-ACCOUNT-ID]/TerraformCustomResourceHandler/bin/ aws s3 sync ./TerraformScripts/ s3://scterraform-[YOUR-ACCOUNT-ID]/TerraformScripts/
For each spoke account, you’ll need to enable communication with the hub account by creating an executing role with a trust relationship back to the hub account. Then, create a Lambda launch function in each desired region within the spoke account. Finally, add each spoke account to the SNS topic that queues requests for the spoke account. The supplied CloudFormation stacks will provision these roles and Lambda functions.
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page
