We can't find the internet
Attempting to reconnect
Something went wrong!
Hang in there while we get back on track
Infrastructure IS Code on AWS • Darko Meszaros • YOW! 2020
Learn how to effectively manage AWS infrastructure as code using CloudFormation, CDK, SAM & Terraform. Explore best practices, security & development workflows.
-
Infrastructure as Code (IaC) should be treated like any other application code - version controlled, peer reviewed, and deployed through proper CI/CD pipelines
-
AWS offers multiple IaC tools with different strengths:
- CloudFormation: The original AWS IaC service using YAML/JSON
- AWS CDK: Enables infrastructure definition using programming languages like TypeScript/Python
- SAM: Specialized for serverless applications
- Terraform: Popular third-party tool with multi-cloud support
-
Key best practices:
- Start with IaC early in projects
- Layer applications and separate concerns (frontend/backend/storage)
- Never store secrets or credentials in templates
- Use parameters to make templates reusable across environments
- Implement proper testing (unit tests, integration tests)
- Keep infrastructure code simple and maintainable
-
CDK advantages:
- Leverage existing programming language knowledge
- Built-in testing capabilities
- Higher-level abstractions with sensible defaults
- Generates CloudFormation under the hood
-
Security considerations:
- Use proper secret management tools (Secrets Manager, Parameter Store, HashiCorp Vault)
- Implement proper access controls
- Run security scanning on infrastructure code
- Monitor for exposed credentials
-
Development workflow improvements:
- Local testing capabilities for serverless applications
- Live log streaming
- Built-in linting and validation
- Infrastructure testing frameworks
-
Design patterns and constructs help standardize infrastructure deployment and reduce complexity
-
Infrastructure changes should be predictable, repeatable, and automated - avoid manual clicks in consoles
-
Choose tools based on team expertise and specific use cases rather than following trends
-
Breaking down complex infrastructure into smaller, manageable stacks improves maintainability