CloudFormation模板:作为代码持续测试基础架构
[英]CloudFormation templates: continuous testing for infrastructure as a code
问题描述
On the project we use some of AWS services like AWS Lambda, EC2, AWS API Gateway, ElastiCache, etc. Also we have CloudFormation template which describes whole our infrastructure. 
在项目中,我们使用AWS Lambda,EC2,AWS API Gateway,ElastiCache等AWS服务。此外,我们还提供了CloudFormation模板,该模板描述了我们的整个基础架构。 As the project is developed we begin to use some new AWS services or change configuration of some which are already used. 随着项目的开发,我们开始使用一些新的AWS服务或更改已经使用的一些服务的配置。 Also with that we should to keep our CloudFormation template up to date. 同样,我们应该保持CloudFormation模板的最新状态。
And here we face with issue that we need to be sure that our CloudFormation template is valid, correct and that we can use it for creation of infrastructure if it will be needed. 在这里,我们面临的问题是,我们需要确保我们的CloudFormation模板是有效的,正确的,并且如果需要,我们可以使用它来创建基础架构。 In such case we need something like continuous testing for our template. 在这种情况下,我们需要对模板进行连续测试。 Which approaches are more appropriate for that? 哪种方法更适合?
Should we configure automatic creation of stack from our CloudFormation template as part of continuous integration process and to track template changes in our repository? 我们是否应该从CloudFormation模板配置自动创建堆栈,作为持续集成过程的一部分,并跟踪我们存储库中的模板更改? Or there are better solutions? 还是有更好的解决方案?
2 个解决方案
解决方案1
3 2018-10-05 11:39:38
We have been using cfn-python-lint as a precursor to building. 我们一直使用cfn-python-lint作为构建的前身。 Should this fail, we do not build. 如果这失败了,我们就不会建立。 Rules provided in cfn-python-lint are a lot more comprehensive than aws cloudformation validate-template and in addition, it gives you some good practices rules and it also gives you a framework to write your own rules (which we use for governance). cfn-python-lint中提供的规则比aws cloudformation validate-template更全面,此外,它为您提供了一些良好的实践规则,它还为您提供了编写自己的规则(我们用于治理)的框架。
Additionally, we don't build on feature branches, we build only master. 另外,我们不构建功能分支,我们只构建master。 We gives devs an environment to play with where they can run the pipelines that we would normally run on master and in dev/staging/prod. 我们为开发人员提供了一个环境,可以运行我们通常在master和dev / staging / prod上运行的管道。 This is a completely separate account where they have just about full reign. 这是一个完全独立的帐户,他们几乎完全统治。 This obviously isn't fool proof as our sandbox area may not reflect what's in dev/staging/prod since people play with it, but it's helped us a lot. 这显然不是万无一失的,因为我们的沙盒区域可能无法反映dev / staging / prod中的内容,因为人们玩它,但它帮助了我们很多。
解决方案2
1 2018-10-05 11:27:42
You can do some simple validation of CloudFormation templates using the aws cloudformation validate-template CLI command . 您可以使用aws cloudformation validate-template CLI命令对aws cloudformation validate-template模板进行一些简单验证。 This is roughly the equivalent of static code analysis for other languages: it checks things like parameter name typos and that the template is syntactically valid JSON/YAML; 这大致相当于其他语言的静态代码分析:它检查参数名称拼写错误以及模板在语法上有效的JSON / YAML; but is quite limited in terms of what validation it can perform. 但就其可以执行的验证而言,它是非常有限的。
As that article says, the only sure-fire way to check that a CloudFormation template will create resources the way you want/expect it to is to try it, and that does indeed mean creating stacks as part of your CI and testing process. 正如那篇文章所说,检查CloudFormation模板将以您希望/期望的方式创建资源的唯一确定方法是尝试它,这确实意味着创建堆栈作为CI和测试过程的一部分。 Since this can be slow in the case of some resources and expensive in the case of others, you may want to limit the commits on which the full stack-creation testing is performed. 由于在某些资源的情况下这可能很慢而在其他资源的情况下可能很昂贵,因此您可能希望限制执行完整堆栈创建测试的提交。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.