Can Two walk together, except they be agreed? [Amos 3:3]
Last week Amazon announced third-party resource support for AWS CloudFormation.
Here at DoiT International, we work with both AWS and Google Cloud and we love to automate things. AWS CloudFormation is a great tool if you are an AWS customer, but now nowadays many companies are using multiple cloud providers. So we thought to ourselves, why not try to create some Google Kubernetes Engine clusters using CloudFormation as a proof of concept for customers interested in infrastructure-as-a-code for multi-cloud environments?
A good walkthrough of how to develop custom resources can be found in the walkthrough for CloudFormation CLI and in this blog post. I’ll try to focus on some issues that I encountered during the development.
We will be using the Kubernetes Engine API to launch new clusters. You will need to create a service account and grant it the appropriate roles using the following command:
gcloud projects add-iam-policy-binding my-project —-member serviceAccount:[email protected] —-role roles/iam.serviceAccountUser —-role roles/container.admin
Go to the IAM console > Service Account Key and download the key in a form of JSON file. Copy the content of the JSON and head to the AWS Secret Manager console. Create a new, plain text secret, and paste the content of the file.
In order to use the secret manager API in your code, you will need to use AmazonWebServicesClientProxy.
Keep in mind that for local testing using SAM, you will need to replace the line:
getSecretValueResult = clientProxy.injectCredentialsAndInvoke(getSecretValueRequest, client::getSecretValue);
getSecretValueResult = client.getSecretValue(getSecretValueRequest);
The API call to create the cluster will return immediately, while the cluster creation will take around 2–3 minutes, we would like to monitor the progress and return only when the cluster creation succeeded (or failed). Therefore, we are using the CallbackContext to report the creation status.
Once you understand how to develop custom resources for creating a cluster, it should be pretty easy to add other operations such as list delete and update. You can use the code to create your own custom resources for other Google Cloud services.
You can find the code here.