Bringing software development practices to your infrastructure

#DEVOPSDAYS Bringing software development practices to your infrastructure @jennapederson

Fun Fact I once had the phrase “automated test fanatic” on my business card. @jennapederson

The awesomeness of Infrastructure as Code @jennapederson

wo on m e s k r my ac n hi (or account or region) @jennapederson

Infrastructure as Code IS Code @jennapederson

Different Types of Testing Agenda Using the right type at the right time Using Test Driven Development Build what you need and only what you need Testing Your Infrastructure Directly Making sure it was created correctly and hasn’t drifted Using a CI/CD Pipeline Run tests in the real world and isolate issues quicker @jennapederson

Why Test Infrastructure? The cloud makes it easier and quicker to provision infrastructure, but there is complexity with that scale. @jennapederson

Slow + Expensive Manual Tests Failing Fast Balance fast and cheap tests with more expensive tests that are closer to the real infrastructure and production environment. System Tests Integration Tests Contract Tests Unit Tests Fast + Cheap

If you’re TDDing your application code, why not do the same for your infrastructure code? @jennapederson

Benefits of TDD Reduced defect rates Improve the overall design Focused on requirements Focused on small chunks Serves as documentation @jennapederson

Confidence! @jennapederson

The Flow RED REFACTOR 3. Make it better

Write a failing test GREEN GREEN
Write only enough code to make it pass

What is a Unit Test? Exercises a small part of your application, one unit, and verifies that it’s correct. Isolated from other resources and external APIs, reducing the scope and the number of variables that can affect the results. @jennapederson

Unit Testing Infrastructure Code Code. Not infrastructure. @jennapederson

A unit test checks: If a resource will be created with the correct configuration The correct number of resources will be created Dependencies between resources are correct Interpolated values are correct @jennapederson

Why unit tests? Cheap to write, cheap to run Get feedback early on to shorten the feedback loop between changes Serves as documentation Can be run in your CI/CD tool @jennapederson

Demo S3 + CDK + Jest @jennapederson

How do we go from code to infrastructure?

What is an Integration Test? Tests the interactions across different units or modules, or in the case of infrastructure testing, across cloud resources. Verifies your provisioned cloud resources are created and configured as you expect them to be. Gives you confidence in infrastructure at scale and at velocity. @jennapederson

Chef InSpec Open-source framework to test and audit cloud resources IN the cloud Tests are written with a DSL Can be used across teams Test resources that are managed manually or with code Ensures requirements are met at every stage of the SDLC @jennapederson

Demo EC2 + RDS + CDK + InSpec @jennapederson

Detecting Drift Use InSpec to compare the desired state with the actual state of your cloud resources. Can be used against any resources, regardless of how they are managed. @jennapederson

Without CI/CD Development @jennapederson Test Staging Production

With CI/CD Development @jennapederson Test Staging Production

Wrapping Up Infrastructure code is like any other code, treat it as such. Testing is never done, even once you reach production. It’s cheaper to detect broken code early. @jennapederson

Thank you! @jennapederson /in/jennapederson jennapederson https://jenna.link/hq7 Feedback