AWS Cloud Operations Blog
Your AWS CloudFormation Guide to re:Invent 2017
There are only five weeks left until re:Invent 2017. As in years past, AWS CloudFormation will be there, both behind the scenes deploying infrastructure and front-and-center for break-out sessions, workshops, and developer chats.
Here are a few highlights we’ve pulled from the session catalog, followed by the full list of CloudFormation-focused sessions and workshops to help you plan your week in Las Vegas.
Breakout Sessions
Breakout sessions are the traditional, 60 minute, lecture-style content format.
- DEV317 – Deep Dive on AWS CloudFormation The AWS CloudFormation team guides you through techniques used for creating modular templates and and considerations for governance.
- DEV318 – Learn How Intuit Built a Frictionless Infrastructure Management System Using AWS CloudFormation Intuit shows you how they built a standardized serverless solution using AWS CloudFormation to manage infrastructure as code.
- GPSTEC319 – GPS: Build Once, Deploy Many: Architecting and Building Automated, Reusable Reference Deployments with AWS CloudFormation The AWS Quick Start team shares with you the experience and best practices they’ve gained building over 50 Quick Start reference deployments.
Workshops
Workshops are 2.5 hour, small-scale breakouts where you work in teams to build projects and solve problems on AWS.
- DEV336 – Stack Mastery: Create and Optimize Advanced AWS CloudFormationTemplates Take a real-world architecture from a sandbox template to production-ready reusable code.
- DEV337 – Deploy a Data Lake with AWS CloudFormation You will learn how to build AWS CloudFormation templates using proven methods and best practices to deploy a fully functional data lake architecture.
- SID312 – DevSecOps Capture the Flag Improve your DevSecOps skills in this Capture the Flag style workshop. Earn points by enforcing policy via CloudFormation static analysis.
Other relevant sessions
While the following sessions aren’t CloudFormation specific, they will show you mature patterns for infrastructure management using CloudFormation alongside other AWS services.
- DEV324 – Deep Dive on Advanced Continuous Delivery Techniques Using AWS DevOps Tools
- DEV340 – How Amazon.com Uses AWS Management Tools
- MSC201 – Building end-to-end IT Lifecycle Mgmt & Workflows with AWS Service Catalog
You can log in and reserve seats for any of these sessions now.
In addition, the AWS CloudFormation Developer Advocates will be presenting a series of CloudFormation focused Dev Chats on the Expo floor on Wednesday and Thursday. Stop by the Dev Lounge in the Expo Hall for exact times.
And finally, you can come chat with any of the Management Tools team at the AWS booth all week long.
See you at re:Invent!
AMF301 – Big Data & Analytics for Manufacturing Operations
Manufacturing companies collect vast troves of process data for tracking purposes. Using this data with advanced analytics can optimize operations, saving time and money. In this session, we explore the latest analytics capabilities to support your goals for optimizing the manufacturing plant floor. Learn how to build dashboards that connect to prediction models driven by sensors across manufacturing processes. Learn how to build a data lake on AWS, using services and techniques such as AWS CloudFormation, Amazon EC2, Amazon S3, AWS Identity and Access Management, and AWS Lambda. We also review a reference architecture that supports data ingestion, event rules, analytics, and the use of machine learning for manufacturing analytics.
CMP216 – Use Amazon EC2 Spot Instances to Deploy a Deep Learning Framework on Amazon ECS
Deep learning, an implementation of machine learning, uses neural networks to solve complex problems like computer vision, natural language processing, and recommendations. Deep learning libraries and frameworks enable developers to enhance the capabilities of their applications and projects. In this workshop, learn how to build and deploy a powerful deep learning framework, Apache MXNet, on containers. The portability and resource management benefit of containers enables developers to focus less on infrastructure and more on building. The lab first demonstrates the automation capabilities of AWS CloudFormation to stand up core infrastructure. We also leverage Spot Fleet for the cost benefit of using Spot Instances, especially important for developer environments. Next we create an MXNet container in Docker and deploy it with Amazon ECS. Finally, we explore image classification with MXNet to validate that everything is working as expected.
CON319 – Interstella 8888: CICD for Containers on AWS
Interstella 8888 is an intergalactic trading company that deals in rare resources, but their antiquated monolithic logistics systems are causing the business to lose money. Join this workshop to learn how to set up a CI/CD pipeline for containerized microservices. You’ll get hands-on experience deploying Docker container images using Amazon ECS, AWS CloudFormation, AWS CodeBuild, and AWS CodePipline, automating everything from code check-in to production. AWS credits are provided. Bring your laptop, and have an active AWS account.
DEV317 – Deep Dive on AWS CloudFormation
AWS CloudFormation enables developers and system administrators to harness the power of infrastructure-as-code. As organizations adopt AWS CloudFormation for workload deployments, common patterns emerge and opportunities to streamline deployments become evident. Using AWS CloudFormation support for nested templates, customers can further streamline the creation of new workloads as code through modular reuse. This session guides you through some of the techniques used for creating modular AWS CloudFormation templates, and considerations for design and governance to empower departments and teams to own the architectures.
Managing Infrastructure as Code (IaC) successfully within an organization is a challenge. Regardless of team size, it can turn into a patchwork of solutions causing difficulties collaborating among individuals and teams. Intuit has faced and learned from these challenges, while coordinating among different teams running workloads that provide solutions for different business units. We developed a system that improved our development process for IaC using AWS CloudFormation. In this session, we demonstrate how to move away from an inconsistent development of infrastructure by complementing common development practices with a solution using the serverless technologies from AWS. We walk through our journey and help you discover an approach to assemble a similar solution for your organization.
DEV324 – Deep Dive on Advanced Continuous Delivery Techniques Using AWS DevOps Tools
Continuous delivery (CD) enables teams to be more agile and quickens the pace of innovation. Too often, however, teams adopt CD without putting the right safety mechanisms in place. In this talk, we discuss opportunities for you to transform your software release process into a safer one. We explore various DevOps best practices, showcasing sample applications and code. We discuss how to set up delivery pipelines with nonproduction testing stages, failure cases, rollbacks, machine and Availability Zone redundancy, canary testing and deployments, and monitoring. We’ll use AWS Lambda, AWS CloudFormation, AWS CodePipeline, AWS CodeDeploy, and both Amazon CloudWatch alarms and events.
DEV332 – Using AWS to Achieve Both Autonomy and Governance at 3M
There is a constant tension between empowering teams to be agile through autonomy and enforcing governance policies to maintain regulatory compliance. Hear from Nathan Scott, Senior Consultant at AWS and James Martin, Automation Engineering Manager at 3M on how they have achieved both autonomy and governance through self-service automation tools on AWS. Learn how to avoid pitfalls with building the CI/CD team, right sizing and how to address. This session will also feature a demo from Casey Lee, Chief Architect at Stelligent on the tools used to accomplish this for 3M, including AWS Service Catalog, AWS CloudFormation, AWS CodePipeline and Cloud Custodian, an open source tool for managing AWS accounts.
DEV336 – Stack Mastery: Create and Optimize Advanced AWS CloudFormationTemplates
AWS CloudFormation gives you an easy way to define your infrastructure as code. But are you using it to its full potential? In this workshop, we take real-world architecture from a sandbox template to production-ready reusable code. We start by reviewing an initial template, which you update throughout the session to incorporate AWS CloudFormation features, like nested stacks and intrinsic functions. By the end of this workshop, expect to have a set of AWS CloudFormation templates that demonstrate the same best practices used in AWS Quick Starts.
DEV337 – Deploy a Data Lake with AWS CloudFormation
AWS CloudFormation provides many features to automate the provisioning of infrastructure for all types of complex applications. In this workshop, you will learn how to build AWS CloudFormation templates using proven methods and best practices. You will also deploy a fully functional data lake architecture, which uses AWS services like Amazon RDS and open source components like Apache Zeppelin. The labs will demonstrate the capabilities of AWS CloudFormation to stand up infrastructure in a modular way, walk through the deployment of a complex end-to-end application, and validate that all components of the application are working.
DEV340 – How Amazon.com Uses AWS Management Tools
Amazon.com enables all of its developers to be productive on AWS by operating across tens-of-thousands of team-owned AWS accounts, all while raising the bar on security, visibility and operational control. Amazon has been able to achieve these seemingly conflicting ideals by automating setup and management of these accounts at scale using AWS Management Tools such as CloudFormation, Config, CloudTrail, CloudWatch and EC2 Systems Manager. In this session, discover more about how Amazon.com built ASAP using AWS Management tools, and understand some of the decisions they made as their usage of AWS evolved over time. You will learn about the design, architecture and implementation that Amazon.com went through as part of this effort.
ENT326 – Oracle Enterprise Solutions on AWS
Oracle enterprise applications and middleware such as E-Business Suite, PeopleSoft, Siebel, and WebLogic are central to many IT departments. They often require complex deployments that can greatly benefit from the flexibility, scalability, and security of the cloud. In this session, we discuss architecture patterns and best practices for migrating these applications to and running these applications on AWS. We cover how to work with Oracle enterprise applications and multiple services including Amazon RDS, AWS Database Migration Service, Amazon Elastic File System, and AWS CloudFormation. As part of this, we show examples of successful customer deployments.
GPSCT308 – GPS: Developing and Deploying at the Speed of Light: Automating Serverless Deployments
Planning on going serverless, but want to manage it using DevOps-style processes? In this interactive session, we discuss the art of automating and managing deployments of serverless applications on AWS. We cover a range of AWS tools such as AWS CodePipeline, AWS CloudFormation, and AWS Serverless Application Model (AWS SAM), to name just a few.
GPSTEC319 – GPS: Build Once, Deploy Many: Architecting and Building Automated, Reusable Reference Deployments with AWS CloudFormation
This session explains how to build reusable, maintainable AWS CloudFormation–based automation for AWS Cloud deployments. We have built over 50 Quick Start reference deployments with partners and customers, and will share this expertise with you. We explore the anatomy of a typical AWS CloudFormation template, dive deep into best practices for building Quick Start automation across Linux and Windows and explore useful design patterns. This expert-level session is for partners interested in building Quick Starts or other AWS CloudFormation–based automation. It requires familiarity with Git, shell scripting, Windows PowerShell, and AWS services like Amazon EC2, Amazon S3 and AWS CloudFormation.
HLC307 – Building a Secure and Healthcare-Compliant Platform for Adopting a Cloud-First Strategy Using AWS
This session provides an overview of how Change Healthcare invested in people, process, and an automation platform to adopt a cloud-first strategy. Starting from building a Cloud Center of Excellence team, they identified the compliance, security, and cost optimization requirements and process required to build a framework. They also embedded healthcare compliance, security, architecture best practices, and customer-specific rules and standards for a managed adoption of the cloud. Change Healthcare is leveraging their Cloud 2.0 framework to rapidly deploy their mission applications into AWS. Come learn how Change Healthcare built a serverless architecture using Amazon ECS, AWS Lambda, AWS CodeDeploy, AWS CodeCommit, AWS CloudFormation, AWS Service Catalog, AWS OpsWorks, AWS Elastic Beanstalk, and other managed services.
LFS307 – Becoming a Dynamic Pharma Marketing Organization Using AWS
Pharmaceutical company processes tend to be slow when dealing with customer-facing applications that contain FDA-validated messages, all while maintaining infrastructure and security standards. In this session, discover how Mylan, a US–based global generic and specialty pharmaceutical company, overcame these obstacles and provided scalable solutions by leveraging AWS DevOps methods that lower time to market, while maintaining robust security and release management practices. During the presentation, learn how Mylan redefined process models such as infrastructure change management to define new security and process models. Additionally, learn how Mylan used services like Amazon S3, Elastic Load Balancing (ELB), and AWS CloudFormation to define these new models.
LFS308 – Building Data Lakes for Life Sciences Organizations
In this chalk talk, we cover the implementation of data lakes for life sciences organizations, such as Amgen and Merck, that are looking to glean new insights from their existing and new clinical data. AWS life sciences solution architects show how to build a data lake on AWS using services and techniques such as AWS CloudFormation, Amazon EC2, Amazon S3, IAM, and AWS Lambda.
MBL308 – Integrating Video in Mobile Apps and Websites
In this session, we will build a highly scalable mobile app, website, and serverless mobile backend architecture that demonstrates on-demand video streaming, adaptive multi-bitrate transcoding, and video content ingestion. We use AWS Lambda and Amazon Elastic Transcoder to automatically convert high resolution videos upon upload, Amazon CloudFront to stream video content to devices using network-aware adaptive multi-bitrate protocols (such as HLS), Amazon Cognito to authenticate users, and AWS Mobile Hub and AWS CloudFormation to automate setting up the required resources.
MCL318 – Deep Dive on Amazon Rekognition Architectures for Image Analysis
Join us for a deep dive on how to use Amazon Rekognition for real world image analysis. Learn how to integrate Amazon Rekognition with other AWS services to make your image libraries searchable. Also learn how to verify user identities by comparing their live image with a reference image, and estimate the satisfaction and sentiment of your customers. We also share best practices around fine-tuning and optimizing your Amazon Rekognition usage and refer to AWS CloudFormation templates.
MSC201 – Building end-to-end IT Lifecycle Mgmt & Workflows with AWS Service Catalog
In this session, you’ll learn how to leverage AWS Service Catalog, AWS Lambda, AWS Config and AWS CloudFormation to create a robust, agile environment while maintaining enterprise standards, controls and workflows. Fannie Mae demonstrates how they are leveraging this solution to integrate with their existing workflows and CMDB/ITSM systems to create an end-to-end automated and agile IT lifecycle and workflow.
SID206 – Best Practices for Managing Security Operation on AWS
To help prevent unexpected access to your AWS resources, it is critical to maintain strong identity and access policies and track, effectively detect, and react to changes. In this session you will learn how to use AWS Identity and Access Management (IAM) to control access to AWS resources and integrate your existing authentication system with IAM. We will cover how to deploy and control AWS infrastructure using code templates, including change management policies with AWS CloudFormation. Further, effectively detecting and reacting to changes in posture or adverse actions requires the ability to monitor and process events. There are several services within AWS that enable this kind of monitoring such as CloudTrail, CloudWatch Events, and the AWS service APIs. We learn how Netflix utilizes a combination of these services to operationalize monitoring of their deployments at scale, and discuss changes made as Netflix’s deployment has grown over the years.
SID312 – DevSecOps Capture the Flag
In this Capture the Flag workshop, we divide groups into teams and work on AWS CloudFormation DevSecOps. The AWS Red Team supplies an AWS DevSecOps Policy that needs to be enforced via CloudFormation static analysis. Participant Blue Teams are provided with an AWS Lambda-based reference architecture to be used to inspect CloudFormation templates against that policy. Interesting items need to be logged, and made visible via ChatOps. Dangerous items need to be logged, and recorded accurately as a template fail. The secondary challenge is building a CloudFormation template to thwart the controls being created by the other Blue teams. Throughout the session your DevSecOps static analysis will be tested by increasingly difficult CloudFormation templates from the AWS Red Team, with accurate detection being rewarded with points. Finally, we test all teams’ protection against every other team’s malicious template to see which Blue team’s static analysis was most effective.
SID317 – Automating Security and Compliance Testing of Infrastructure-as-Code for DevSecOps
Infrastructure-as-Code (IaC) has emerged as an essential element of organizational DevOps practices. Tools such as AWS CloudFormation and Terraform allow software-defined infrastructure to be deployed quickly and repeatably to AWS. But the agility of CI/CD pipelines also creates new challenges in infrastructure security hardening. How do you ensure that your CloudFormation templates meet your organization’s security, compliance, and governance needs before you deploy them? How do you deploy infrastructure securely to production environments, and monitor the security posture on a continuous basis? And how do you do this repeatedly without hitting a speed bump? This session provides a foundation for how to bring proven software hardening practices into the world of infrastructure deployment. We discuss how to build security and compliance tests for infrastructure analogous to unit tests for application code, and showcase how security, compliance and governance testing fit in a modern CI/CD pipeline. Session Sponsored by: Dome9
SID327 – How Zocdoc Achieved Security and Compliance at Scale With Infrastructure as Code
In less than 12 months, Zocdoc became a cloud-first organization, diversifying their tech stack and liberating data to help drive rapid product innovation. Brian Lozada, CISO at Zocdoc, and Zhen Wang, Director of Engineering, provide an overview on how their teams recognized that infrastructure as code was the most effective approach for their security policies to scale across their AWS infrastructure. They leveraged tools such as AWS CloudFormation, hardened AMIs, and hardened containers. The use of DevSecOps within Zocdoc has enhanced data protection with the use of AWS services such as AWS KMS and AWS CloudHSM and auditing capabilities, and event-based policy enforcement with Amazon Elasticsearch Service and Amazon CloudWatch, all built on top of AWS.
SID347 – Securely Automating DevOps on AWS
In some organizations, the theme of “can’t we all just get along” accurately describes the relationship between DevOps and network security. DevOps operates at a rapid and dynamic pace, taking advantage of the cloud to create and deploy. Security teams exercise industry best practices of policy change control to eliminate potential security holes. Inevitably, deployment challenges arise. In this session, you learn how to automate the deployment of next-generation security to protect DevOps environments on AWS. Topics covered include “touchless” deployment of a fully-configured firewall using AWS CloudFormation templates and AWS Lambda, consuming AWS tags to execute commitless policy updates, using Amazon CloudWatch and Elastic Load Balancing to deliver scalability and resiliency. Come and learn about the next generation of security, operating at the speed of the cloud. Session sponsored by Palo Alto Networks
SPL09 – Launching and Managing a Web Application with AWS CloudFormation
In this lab, you will learn how to use AWS CloudFormation to provision and update a web application with a number of supporting AWS products and services, including Auto Scaling groups, Amazon Elastic Compute Cloud (EC2) instances, and Elastic Load Balancing.
WIN309 – How to Optimize AWS Architectures for SharePoint Deployments
AWS can help you rapidly deploy and scale your Microsoft SharePoint environment to help you collaborate more efficiently and cost-effectively. This session reviews architectural considerations for building a SharePoint deployment on AWS, best practices to ensure optimal performance, how to leverage multiple Availability Zones for high availability and disaster recovery, and how to integrate with Active Directory. We also look at new Quick Start guides, AWS CloudFormation templates, and other tools that dramatically reduce the time to deployment. Our Windows experts discuss the best ways to deploy and run SharePoint on AWS.
WIN312 – Deploying .NET Application CI/CD Pipelines on AWS In this session, we look at the AWS services that customers are using to build and deploy Microsoft-based solutions that use technologies like Windows, .NET, SQL Server, and PowerShell. We start by showing you how to build a Windows-based CI/CD pipeline on AWS using AWS CodeDeploy, AWS CodePipeline, AWS CloudFormation, and PowerShell using an AWS Quick Start. With new integrations, such as the AWS Tools for VSTS, you have more options than ever. We also cover best practices for creating templates that let you automatically deploy ready-to-use Windows products by using services and tools like AWS CloudFormation, PowerShell, and Git. Our .NET experts discuss the best practices for implementing a .NET CI/CD pipeline with AWS services.
About the Author
Chuck Meyer is a Senior Developer Advocate for AWS CloudFormation based in New York. He spends his time working with both external and internal development teams to constantly improve the developer experience for CloudFormation users. He’s a live music true believer and spends as much time as possible playing bass and watching bands.