YAML it Rhymes with Camel

I’ve blogged before about my passion for automation and the use of ARM templating in the Azure world to eradicate the burden of dull and mundane tasks from the daily routine of system administrators for whom I do consulting for.

I loath repetitive tasks, its in this space where subtle differences and inconsistency love to live. Recently I was asked to help out with a simple task, provisioning a couple of EC2 Windows servers in AWS. So in the spirit of infrastructure as code, I thought, there is no better time to try out AWS CloudFormation to describe my EC2 instances . I’ve actually used CloudFormation before in the past, but always describing my stack in JSON. CloudFormation also supports YAML, so challenge accepted and away I went. . .

So what is YAML anyway. . .Yet Another Mark-up Language. Interestingly its described at the official YAML website (https://yaml.org) as a “YAML Ain’t Markup Language” rather,  “human friendly data serialisation standard for all programming languages”.

What attracted me to YAML is its simplicity, there are no curly braces {} just indenting. Its also super easy to read. So if JSON looks a bit to cody for your liking, YAML may be a more palatable alternative.

So how would you get started? As you’d expect AWS have extensive CloudFormation documentation. The AWS::EC2::Instance resource is described here: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-instance.html#cfn-ec2-instance-volumes. You’ll notice that there is a Syntax description for JSON and YAML. The YAML looks like this:

[code language=”javascript”] Type: AWS::EC2::Instance Properties: Affinity: String AvailabilityZone: String BlockDeviceMappings: – EC2 Block Device Mapping CreditSpecification: CreditSpecification DisableApiTermination: Boolean EbsOptimized: Boolean ElasticGpuSpecifications: [ ElasticGpuSpecification, … ] ElasticInferenceAccelerators: – ElasticInferenceAccelerator HostId: String IamInstanceProfile: String ImageId: String InstanceInitiatedShutdownBehavior: String InstanceType: String Ipv6AddressCount: Integer Ipv6Addresses: – IPv6 Address Type KernelId: String KeyName: String LaunchTemplate: LaunchTemplateSpecification LicenseSpecifications: – LicenseSpecification Monitoring: Boolean NetworkInterfaces: – EC2 Network Interface PlacementGroupName: String PrivateIpAddress: String RamdiskId: String SecurityGroupIds: – String SecurityGroups: – String SourceDestCheck: Boolean SsmAssociations: – SSMAssociation SubnetId: String Tags: – Resource Tag Tenancy: String UserData: String Volumes: – EC2 MountPoint AdditionalInfo: String [/code]

With this as a starting point I was quickly able to build a EC2 instance and customise my YAML so as to do some extra things.

If you’ve got this far and YAML is starting to look like it might be the ticket for you, its worth familiarising yourself with the CloudFormation built-in functions. You can use these to do things like assign values to properties that are not available until runtime.

Fn::Base64
Fn::Cidr
Condition Functions
Fn::FindInMap
Fn::GetAtt
Fn::GetAZs
Fn::Join
Fn::Select
Fn::Split
Fn::Sub
Fn::Transform
Ref

The link to the complete Intrinsic Function Reference can be found here: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference.html

With a learning curve of a couple of hours including a bit of googling and messing around I was able to achieve my goal. I built an EC2 instance, applied tagging, installed some Windows features post build via a PowerShell script (downloaded from S3 and launched with AWS::CloudFormation::Init cfn-init.exe), all without having to logon to the server or touch the console. Here is a copy of my YAML. . .

[code language=”javascript”] AWSTemplateFormatVersion: “2010-09-09” Description: CloudFormation Template to deploy an EC2 instance Parameters: Hostname: Type: String Description: Hostname – maximum 15 characters MaxLength: ’15’ LatestAmiId : Type: ‘AWS::SSM::Parameter::Value’ Default: /aws/service/ami-windows-latest/Windows_Server-2019-English-Full-Base InstanceSize: Type: String Description: Instance Size Default: t2.micro AllowedValues: – “t2.micro” – “t2.small” – “t2.medium” AvailabilityZone: Type: String Description: Default AZ AllowedValues: – ap-southeast-2a – ap-southeast-2b – ap-southeast-2c Default: ap-southeast-2a KeyPair: Type: String Description: KeyPair Name Default: jtwo S3BucketName: Default: NotARealBucket Description: S3 bucket containing boot artefacts Type: String # tag values awPurpose: Type: String Description: A plain English description of what the object is for. Default: WindowsServer2019 Domain Controller awChargeTo: Type: String Description: Billing Code for charge back of resource. Default: IT-123 awRegion: Type: String Description: Accolade Wines Region not AWS.  Default: Australia awExpiry: Type: String Description: The date when the resource(s) can be considered for decommissioning. Default: 01-01-2022 awBusinessSegment: Type: String Description: Agency code. Default: ICT awEnvironment: Type: String Description: Specific environment for resource. AllowedValues: – prod – prodServices – nonprod – uat – dev – test awApplication: Type: String Description: A single or multiple word with the name of the application that the infrastructure supports. “JDE”, “AD”, “Apache”, “Utility”, “INFOR”, “PKI”. Default: AD Mappings: SubnetMap: ap-southeast-2a: prodServices: “subnet-idGoesHere” ap-southeast-2b: prodServices: “subnet-idGoesHere” ap-southeast-2c: prodServices: “subnet-idGoesHere” # Resources Resources: # IAM Instance Profile Profile: Type: ‘AWS::IAM::InstanceProfile’ Properties: Roles: – !Ref HostRole Path: / InstanceProfileName: !Join – ” – – ‘instance-profile-‘ – !Ref S3BucketName HostRole: Type: ‘AWS::IAM::Role’ Properties: RoleName: !Join – ” – – ‘role-s3-read-‘ – !Ref S3BucketName Policies: – PolicyDocument: Version: 2012-10-17 Statement: – Action: – ‘s3:GetObject’ Resource: !Join – ” – – ‘arn:aws:s3:::’ – !Ref S3BucketName – ‘/*’ Effect: Allow PolicyName: s3-policy-read Path: / AssumeRolePolicyDocument: Statement: – Action: – ‘sts:AssumeRole’ Principal: Service: – ec2.amazonaws.com Effect: Allow Version: 2012-10-17 # ENI NIC1: Type: AWS::EC2::NetworkInterface Properties: Description: !Sub ‘ENI for EC2 instance: ${Hostname}-${awEnvironment}’ GroupSet: – sg-050cadbf0e159b0ac SubnetId: !FindInMap [SubnetMap, !Ref AvailabilityZone, !Ref awEnvironment] Tags: – Key: Name Value: !Sub ‘${Hostname}-eni’ # EC2 Instance Instance: Type: ‘AWS::EC2::Instance’ Metadata: ‘AWS::CloudFormation::Authentication’: S3AccessCreds: type: S3 buckets: – !Ref S3BucketName roleName: !Ref HostRole ‘AWS::CloudFormation::Init’: configSets: config: – get-files – configure-instance get-files: files: ‘c:\s3-downloads\scripts\Add-WindowsFeature.ps1’: source: https://NotARealBucket.s3.amazonaws.com/scripts/Add-WindowsFeature.ps1 authentication: S3AccessCreds configure-instance: commands: 1-set-powershell-execution-policy: command: >- powershell.exe -Command “Set-ExecutionPolicy UnRestricted -Force” waitAfterCompletion: ‘0’ 2-rename-computer: command: !Join – ” – – >- – powershell.exe -Command “Rename-Computer -Restart -NewName ” – !Ref Hostname waitAfterCompletion: forever 3-install-windows-components: command: >- powershell.exe -Command “c:\s3-downloads\scripts\Add-WindowsFeature.ps1” waitAfterCompletion: ‘0’ Properties: DisableApiTermination: ‘false’ AvailabilityZone: !Sub “${AvailabilityZone}” InstanceInitiatedShutdownBehavior: stop IamInstanceProfile: !Ref Profile ImageId: !Ref LatestAmiId InstanceType: !Sub “${InstanceSize}” KeyName: !Sub “${KeyPair}” UserData: !Base64 ‘Fn::Join’: – ” – – “\n” – “cfn-init.exe ” – ” –stack ” – “Ref”: “AWS::StackId” – ” –resource Instance” – ” –region ” – “Ref”: “AWS::Region” – ” –configsets config” – ” -v \n” – “cfn-signal.exe ” – ” —exit-code 0″ – ” –region ” – “Ref”: “AWS::Region” – ” –resource Instance” – ” –stack ” – “Ref”: “AWS::StackName” – “\n” – “\n” Tags: – Key: Name Value: !Sub “${Hostname}” – Key: awPurpose Value: !Sub “${awPurpose}” – Key: awChargeTo Value: !Sub “${awChargeTo}” – Key: awRegion Value: !Sub “${awRegion}” – Key: awExpiry Value: !Sub “${awExpiry}” – Key: awBusinessSegment Value: !Sub “${awBusinessSegment}” – Key: awEnvironment Value: !Sub “${awEnvironment}” – Key: awApplication Value: !Sub “${awApplication}” NetworkInterfaces: – NetworkInterfaceId: !Ref NIC1 DeviceIndex: 0 Outputs: InstanceId: Description: ‘InstanceId’ Value: !Ref Instance Export: Name: !Sub ‘${Hostname}-${awEnvironment}-InstanceId’ InstancePrivateIP: Description: ‘InstancePrivateIP’ Value: !GetAtt Instance.PrivateIp Export: Name: !Sub ‘${Hostname}-${awEnvironment}-InstancePrivateIP’ [/code]

So my question now is, why doesn’t Azure also support YAML?

Published by Matt Davies

Senior Consultant at cloudstep.io

Leave a Reply

%d bloggers like this: