Infrastructure IS Code on AWS • Darko Meszaros • YOW! 2020

Learn how to effectively manage AWS infrastructure as code using CloudFormation, CDK, SAM & Terraform. Explore best practices, security & development workflows.

Key takeaways
  • Infrastructure as Code (IaC) should be treated like any other application code - version controlled, peer reviewed, and deployed through proper CI/CD pipelines

  • AWS offers multiple IaC tools with different strengths:

    • CloudFormation: The original AWS IaC service using YAML/JSON
    • AWS CDK: Enables infrastructure definition using programming languages like TypeScript/Python
    • SAM: Specialized for serverless applications
    • Terraform: Popular third-party tool with multi-cloud support
  • Key best practices:

    • Start with IaC early in projects
    • Layer applications and separate concerns (frontend/backend/storage)
    • Never store secrets or credentials in templates
    • Use parameters to make templates reusable across environments
    • Implement proper testing (unit tests, integration tests)
    • Keep infrastructure code simple and maintainable
  • CDK advantages:

    • Leverage existing programming language knowledge
    • Built-in testing capabilities
    • Higher-level abstractions with sensible defaults
    • Generates CloudFormation under the hood
  • Security considerations:

    • Use proper secret management tools (Secrets Manager, Parameter Store, HashiCorp Vault)
    • Implement proper access controls
    • Run security scanning on infrastructure code
    • Monitor for exposed credentials
  • Development workflow improvements:

    • Local testing capabilities for serverless applications
    • Live log streaming
    • Built-in linting and validation
    • Infrastructure testing frameworks
  • Design patterns and constructs help standardize infrastructure deployment and reduce complexity

  • Infrastructure changes should be predictable, repeatable, and automated - avoid manual clicks in consoles

  • Choose tools based on team expertise and specific use cases rather than following trends

  • Breaking down complex infrastructure into smaller, manageable stacks improves maintainability