Follow me:
Listen on:

Day Two Cloud 108: Putting The Dev In DevOps

Episode 108

Play episode

Today’s Day Two Cloud podcast dives into Cloud Development Kits (CDKs), including how CDKs differ from tools such as Terraform, and the selling points for CDKs for infrastructure and development professionals.

Our guest is Michael Levan, Researcher and Consultant at GigaOM.

We discuss:

  • Advantages and drawbacks of CDKs
  • If you’re well-versed in Terraform or another tool, is it a difficult leap to a CDK?
  • The relationship between CDKs and formal programming languages
  • CDKs and code testing
  • CDKs and code repositories
  • How CDKs integrate with CI/CD pipelines
  • More

Sponsor: Zesty

Zesty provides an autonomous cloud experience by leveraging advanced AI technology to manage the cloud for you.
Our AI reacts in real-time to capacity changes and enables companies to maximize cloud efficiency, reduce AWS bill by more than 50%, completely hands-free. It’s cloud on auto-pilot. Find out how to spend less and do more at

Show Links:

@TheNJDevOpsGuy – Michael Levan on Twitter – Michael’s blog

Cloud Dev Engineering – YouTube

Michael Levan on LinkedIn



[00:00:00.210] – Ned
[AD] Zesty provides an autonomous cloud experience by leveraging advanced A.I. technology to manage the cloud for you. Their A.I. reacts in real time to capacity changes and enables companies to maximize cloud efficiency and reduce their AWS bill by more than 50 percent, completely hands free. Cloud on autopilot with Zesty companies can spend less and do more. Check them out at Zesty DOT CO. [/AD] [00:00:32.660] – Ned
Welcome to Day Two Cloud. Today, we are talking about infrastructure as code and cloud development kits with Michael Levan and man, he really he really helped clarify some things for me around what a CDK even is. And maybe he gave me a little push in the ribs to actually start learning a programing language instead of just doing everything in Terraform. What about you, Ethan?

[00:00:55.820] – Ethan
He demystified CDKs for me enormously. Any time I’ve heard in the dev world something about a development kit it just it’s always sounded intimidating to me like, oh, it’s this big, complicated thing. And unless I’ve had years of training and practice as a developer, I’m not going to even understand what this whole development kit thing is. I’m not going to tell you how you’ll get it when you listen. But he really demystified it and made it very straightforward for me to get my head around what a development kit is.

[00:01:19.910] – Ethan
And even not as a full time developer, as an ops infrastructure person, I’m keen to get stuck into a CDK and maybe do something with it.

[00:01:28.250] – Ned
Yeah, it actually drove me to want to use it. So enjoy this episode with Michael Levan.

[00:01:34.610] – Ned
Well, Michael, welcome to Day Two Cloud. Before we get into the tech and the topic of this episode, first I got to talk about your Twitter handle, man, because it is TheNJDevOps guy. You’re leaning hard into both New Jersey and DevOps. Tell me a little more about that.

[00:01:52.100] – Michael
Yeah, it was probably a mistake now that I think about it, because, like, once the once DevOps goes away and it will at some point, everybody can be like, what is this, in 20 years if I’m still on Twitter, and Twitter’s still around. So, yeah. So I think it was just one of those things where I was like, yeah, I’m in DevOps, I’m from New Jersey. It’s like, yeah, it’s, let’s put it together but have probably a mistake.

[00:02:13.710] – Ned
I don’t think so. I think DevOps will be around for for a little while at least, people will know what it is. And ultimately you can change your handle eventually. You know you can.

[00:02:23.720] – Michael
Yeah I have before. But it’s just like like luckily when I did it before I didn’t have like a social media following or anything, it was a little bit easier. But if I do it now, it’s like the amount of time that it’s been said on podcasts and where it’s written it’s like I’m just never going to try to play that game.

[00:02:41.000] – Ned
You’re just locked in. And, you know, once you’re from New Jersey, you’re never not from New Jersey. An important thing to remember.

[00:02:47.990] – Michael
There you go. Absolutely 100 percent and I’m still here.

[00:02:49.690] – Ned
So there you go. All right. Well, we wanted to have you on the show to talk about your adventures in DevOps. So leading back to your Twitter handle and especially around infrastructure as code and using stuff like Terraform and CDKs. So let’s start there. How did you get started with infrastructure as code? Was there like an inciting moment for you? Where you were like, I need IaC in my life.

[00:03:14.380] – Michael
Yeah, I mean, I think that probably the biggest thing was just the simple fact, like, oh, I never liked clicking around a UI. I think probably since my inception in the IT space, I’ve always tried to figure out a way to automate something. I remember like the first thing I probably ever did was to like poll virtual machines and stuff with like Power Shell. And, you know, ever since then it was like, you know, that’s always been from the beginning.

[00:03:42.130] – Michael
And leading up to now, I’ve always been like, how can I not have to click around the UI to do this? Because Number one, it’s very error prone. And number two is it could be a little bit boring. I think writing code is a little bit more fun. So, yeah. So it’s it’s definitely started right at the beginning. And now at this point, I’m pretty much more like I need to. I always want to create repeatable processes, like I never want to be in a situation where three engineers are in a room and they’re all working on the same thing, but they’re doing it a little bit differently.

[00:04:14.590] – Michael
You know, this person’s spinning up in EC2 instance with a public IP address accidentally, this person spinning up and EC2 instance on the default VPC instead of the production VPC like there’s just so many things that could happen that I’m just kind of like, nope, let’s just make it repeatable. Let’s put everything in code. Everybody knows what’s happening. It’s in GitHub right.

[00:04:32.620] – Ethan
I mean, you can make it repeatable process with a UI. You can make a mistake every time it’s repeatable.

[00:04:39.930] – Michael
Yeah, sure. There might be a resume updating event on a Friday night.

[00:04:43.930] – Ethan
But Michael, did you come from a computer science background like so you kind of knew programing and that sort of stuff, or you just kind of figure it out?

[00:04:51.310] – Michael
No. You know, what is actually really funny, like tech was my plan B, and then it ended up being the thing that I’m become very passionate about. When I first graduated high school, I went to a trade school for personal training. I was really into fitness my whole life. I played football, a bunch of different sports and stuff. And so I wanted to be a personal trainer. I did that for about six months. I realized very quickly I did not like it.

[00:05:14.530] – Michael
So I was like I was like, well, the plan B, you know, my mom was always like, well, there’s all this stuff happening in technology and this and that. I’m like, I’m like, I guess I’ll do that. I’m going to make some money. And yeah, I ended up being like, that’s really what I was passionate about. Yeah.

[00:05:30.190] – Ned
Interesting, do you think there’s anything that transferred over from the personal training or that like physical health mentality over to your passion for tech? Are there some parallels there?

[00:05:42.400] – Michael
Yeah, absolutely. I mean, so Number one, I think physical fitness is very important from a mindset perspective. I’m I’m a firm believer that, like, if I don’t go to the gym for a week versus if I do, my mindset is very different. I’m way less stressed from going to the gym. I’m far more focused, all that stuff. And also, you know, with personal training, like there’s a lot of sales that go into it and there’s a lot of marketing that goes into it because you got to be like, hey, give me ten thousand dollars to make me change your body.

[00:06:12.910] – Michael
Right. And it’s the same thing with technology, especially because I’ve been consulting and selling myself for so long. It’s like, hey, give me X amount of money so I can create this thing for you. So in the soft skills perspective, there’s a lot of overlap for sure.

[00:06:27.490] – Ned
OK, so I think when I look at the the broad spectrum of ops folks and infra folks that I have met, they all seem like they started with a basic scripting background. Does that sort of how you started building up with something like Power Shell or Bash?

[00:06:44.200] – Michael
Yep, absolutely. 100 percent. I mean, I never I mean, I’ve gotten to the point in my career where I’ve had dev roles where I was like creating applications and stuff. But in the beginning, like, I started out in like helpdesk sysadmin type of stuff when I graduated school. So, yeah, it was all about automation and stuff like that. And that’s actually what kept my interest. You know, like like I said, I went into these dev roles and it was cool. But my passion and what I was interested in always went down to like the how do I automate this and how do I make this repeatable process that that’s the type of code that I like to write.

[00:07:20.110] – Ned
OK, so I think some folks see that move from scripting to something like IaC as a big scary thing, because if they don’t have that background in real programing or what they think of as real programing, like, no, I just write a bash script to get something done and that’s it. You know, maybe there’s some error handling. Do ops folks need to become a full stack developer to embrace this stuff, or are they going to be out of a job if they don’t?

[00:07:47.810] – Michael
Good question. I do believe that at this so I’m going to I’m going to throw something very vague and then I’m going to explain it. At this point, everybody needs to be a developer. Now, when I say when I when I say that, I don’t mean you have to go and write the next Twitter or the next Instagram. What I’m saying is you have to be able to write that bash script or that PowerShell script. Right. And, you know, if you think to yourself, oh, but I got to know how to do this in programing that functions are functions, variables are variables.

[00:08:20.630] – Michael
Right. Methods are methods like it’s all the same thing. It’s just the biggest difference is how you’re writing it and what you’re writing it for. That’s really the biggest difference. So if you understand code and you understand like development and programing and stuff, like I said, you don’t have to go and create this whole next Twitter, next Instagram, you just have to understand coding practices. Now in terms of like, you know, will people be out of a job if they don’t understand coding automation?

[00:08:47.730] – Michael
I do believe so. Yeah. Like, you’re I think it’s it’s very difficult right now. If you were to go, if you were to go on LinkedIn and you were to look at DevOps roles or SRE roles or infrastructure engineer roles like even, it’s very difficult to find a job posting right now that does not include something along the lines of must know, at least PowerShell, Bash, yadda, yadda, yadda, Terraform something, something. It’s very difficult not to not find that on a job posting anymore.

[00:09:17.420] – Michael
And so it’s pretty, you know, at this point. Yeah. Everybody definitely needs to know how to code to some extent.

[00:09:24.140] – Ethan
In other words, companies are making the shift. Finally, we’re seeing. Well, so, Michael, my background is networking, which has really lagged behind automation by a few years. Let’s say the tooling wasn’t quite there. The interfaces haven’t been there. And so it’s just been a slower process. And people with more fear because the blast radius, if they get if they get it wrong, is fairly significant.

[00:09:45.500] – Michael

[00:09:45.860] – Ethan
Even so, we’re at a point in industry, as you’re pointing out, where you can’t not know these things come at your infrastructure as code.

[00:09:55.130] – Ethan
Think about how you’re going to hit it with a tool, not logging in clicky, clicky. All the UIs are there. You can, but that’s just not the efficient way to do it. It’s certainly not the repeatable way to do it. And all companies seem to need their people to be able to do to be able to do infrastructure provisioning efficiently.

[00:10:12.350] – Michael
Right? Yeah, no, I absolutely agree with you 100 percent. And even from a networking perspective. Right. Like let’s think about Cisco. Cisco certs for however long they’ve been around, have never had anything around like development and stuff. Now look at Cisco Devnet.

[00:10:27.170] – Ethan

[00:10:27.530] – Michael
They’re implementing Python. They’re implementing Terraform, they’re implementing source control like it’s pretty crazy. We’re seeing this paradigm shift and it’s wild.

[00:10:35.690] – Ethan
Yes. Some people joke that the Devnet programs are basically just python. It’s mostly Python. [inaudible 00:10:42] . But no, you’re exactly right. And there’s there’s even two levels of certs now. They haven’t gone all the way up to the expert level, but they’ve done the the associate and professional level certifications. And from some of the people I’ve talked to who have gone through them, they say it’s rigorous. It’s it’s the real deal, real business. So, yeah, even Cisco is committed, Juniper as well.

[00:11:01.670] – Ethan
They also have a couple of DevOps oriented certifications. So it’s I was going to say it’s coming, but that’s not really true. It’s here. It’s just arriving in different vendors in different ways as they as they sell their products to you.

[00:11:13.670] – Michael
Absolutely. Yeah. And, you know, like even if you think about it, like Ansible has had a ton of modules for like Cisco at F5 and stuff for a really long time. Python, I think, like one of the popular frameworks is like, Nornir. I think maybe I’m pronouncing that right.

[00:11:30.320] – Ethan
Nornir, yeah..

[00:11:30.320] – Michael
Yeah, yeah. So there’s like there’s a bunch of stuff already out there. It’s at least from what I could see, it’s definitely one of the tech spaces that is like lagging behind.

[00:11:41.180] – Michael
You know, it’s very difficult to, like, find a networking job. I think right now that’s like you’re going to be doing all this programing, right? Versus like if you look at infrastructure engineer roles and stuff and DevOps roles, it’s like you will be doing all this programing. So, yeah.

[00:11:57.680] – Ned
You WILL. Oh, yeah. In my personal journey using infrastructure as code, I’ve mostly switched over to using terraform for whatever I need to do because initially it was seems simpler and cleaner than CloudFormation and ARM templates. But it was similar enough that I didn’t have to like relearn everything. It was just like, oh, OK. This in this in CloudFormation is equivalent to this Terraform. Is that are you mostly using Terraform for your IAC needs?

[00:12:29.090] – Michael
Yeah, for sure. I mean I’ve, I’ve used CloudFormation, ARM, you know, Puppet and Chef for like configuration management and stuff. But yeah. I mean I think terraform at this point is is definitely the standard for sure. You know, it’s it’s also one of those things as well where I hate to say it, but this is the truth. Right. Almost what’s shifting the direction that we’re going in right now is like what’s sexy, right? Like Terraform is the sexy thing right now, whereas like JSON and CloudFormation is not. There’s also the conversation to be had. And it’s actually funny we’re talking about this because I’m writing a research report on this. On infrastructure as code right now where like, you know, vendor lock in arm templates, CloudFormation, even the AWS CDK right.

[00:13:13.430] – Michael
Like, I don’t I’m not recommending anything to anybody that’s vendor lock in right now because we we don’t and we shouldn’t live in a world where it’s like I’m only going to put everything on Azure and that’s going to be it for the rest of my life. Like, no, like you should be thinking about hybrid cloud with stuff on-prem. You should be thinking about multi-cloud. You know, I’m working on a project right now consulting where I have Lambda functions that are deploying a kubernetes manifest to Google Kubernetes engine.

[00:13:42.620] – Michael
So I’m going across platforms like these are the things that you got to think about. So when you’re thinking about infrastructure as code and when you’re like, hey, should I use arm for everything? Well, here’s the thing.

[00:13:53.360] – Michael
If you’re going cross platform, you’re going to have to rewrite the Terraform code anyways because the providers of the resource are going to be different. But here’s the kicker. Somebody is already going to know HCL, and because they know HCL, they can go and they can write it versus if you just know arm, you’re like, OK, now I got to go learn this CloudFormation, OK? Now I got to go learn Google deployment templates or whatever they’re called.

[00:14:15.870] – Michael
Right. So it’s like, you know, but if you know one thing, it’s much easier to scale out. So yeah, I definitely recommend everything at this point that’s like not vendor locked. Yeah.

[00:14:24.990] – Ethan
Well you don’t think learning terraform and getting into HCL that you don’t think that’s its own sort of vendor lock in. I mean is there a risk learning a domain specific language like that as opposed to something that’s generic, let’s say Python plus libraries.

[00:14:37.470] – Michael
Yeah, I mean there’s always there’s always that debate, right. Like there’s there’s also the debate of. Yeah, you’ve been writing in Java for 20 years, but guess what? Now everybody’s going to go and C#. So it’s like there’s definitely always that debate. But what I will say is I personally believe it’s safer if you know something that can scale across any cloud, any on Prem versus if you just know one arm template or you just know one CloudFormation.

[00:15:04.500] – Michael
Right. I think it’s just a little bit easier to scale out at that point. There always comes a decision where it’s like you got to you got to like go down one path if you’re the same thing with programing. Right. Like, if you’re either going to go with Go where you’re going to go with C# or you’re going to go with Java, you got to pick one and go down it. So yeah.

[00:15:22.230] – Ethan
I only work in zeros and ones so I can avoid vendor lock in.

[00:15:26.580] – Michael
It’s very difficult language.

[00:15:30.650] – Ned
Oh you’re using assembly? You’re locked into assembly language now. It’s binary for me. I think in machine instructions.

[00:15:41.610] – Michael
It’s a valid point, I mean with something like hash, with something like terraform, where it’s cloud agnostic, at least, you know, it can apply to multiple different platforms. If you’re learning a platform specific language, then I mean, some of the concepts, as you alluded to before, in programing, those are all transferable. But the way it’s implemented is going to be different across each platform. So that can make it real difficult.

[00:16:05.610] – Michael
And then there’s the other things about Terraform, too, that like is not vendor vendor lock in in terms of like if you’re just using ARM, or CloudFormation, like, for example, state files, learning about what that state is going to look like versus in somewhere else. Right. Or just learning about how providers work now back end where, you know, there’s like there’s all of these things that you can pick up and you can move across multi-cloud the resources will be different.

[00:16:30.150] – Michael
And how you write them will actually not how you write them, just the resource, but everything else is going to stay the same. I mean, what parameters look like, what variables look like, you know, what TFR files look like, like all these things are going to all be the same. The only difference is going to be the resource and where you’re doing it. So it makes a little bit easier.

[00:16:48.600] – Ned
Right? Well, since HCL is obviously awesome and it’s what we should do, everything in. The reason we wanted to have you on the show is to talk about CDKs, which are something different that are not domain specific language. So what is an advantage of adopting a CDK or a cloud development kit instead of a DSL?

[00:17:10.830] – Michael
So just to give it up at the high level, you know, the only difference between a CDK which stands for cloud development kit or like infrastructure as code. The only difference is its infrastructure as code, but in a general purpose programing language. So instead of being locked in to HCL or to JSON or to YAML, whatever you can choose Python, Go, JavaScript, C#, whatever you want. So this obviously opens a lot of doors for people to, number one, be able to use a language they’re comfortable with and number two. And probably the most important in my opinion, to be able to learn a language. Perfect example here. I know a lot of people that are sysadmins, infrastructure, pros and stuff. They really want to learn programing. Right? They want to learn Python or they want to learn go. But like. They don’t want to go out and build an application or something, so they’re like, how do I learn this code?

[00:18:06.980] – Michael
How do I learn this programing language without doing that? A CDK is perfect. You could literally go into Azure, AWS or GCP wherever and be like, oh, hey, you’re deploying virtual machines. OK, now you can go do it in Python or you can go do it in Go or JavaScript and boom. Now number one, you’re creating automation. And number two, you’re learning a new programing language. There’s like a lot of upside to it, honestly.

[00:18:29.000] – Ethan
Wait a minute, though. So, you know, well. I think I’m still getting what a development kit is, because you’re saying I can use multiple languages. It just sounds magical because I’m thinking if it’s Python, I look to a vendor who’s written a library for their thing that I can then import that into Python and then call whatever those objects, methods, whatever the library is, functions to do the thing and make it easy for me. But that does not sound like what a CDK is.

[00:18:53.000] – Michael
No. So a CDK is going to be its own framework. So for example, let’s say you’re using the AWS CDK and you’re going to use Python. They have their own framework that they have created their own library, rather. So you wouldn’t be able to, like, go and use somebody else’s library. You have to use the one that’s created.

[00:19:11.690] – Michael
So, yeah, the flip side to this is you can import other libraries. So, for example, let’s say you’re I don’t know, you’re like creating a virtual or an EC2 instance in AWS and you want to be able to output all of the data in like JSON or something. Well, you know, you could use the AWS CDK library, but then you can also import the Jsonify library and then you could export all that and use the Jsonify library and all the functions and the methods inside of that library to be able to manipulate your data so you can use whatever libraries you want, plus whatever the CDK library is.

[00:19:47.180] – Ethan
So the CDK may or may not support my language of choice?

[00:19:51.560] – Michael
Depending on the CDK. Yeah. So for example, I would say right now Pulumi probably has the most language support. HashiCorp CDK, for example. It’s very much an Alpha right now. I think it’s only supporting Python and JavaScript, I want to say, or Typescript, Python and Typescript. That sounds right. Python and TypeScript. Yeah, so so it’s really going to depend on which one you choose. Like AWS CDK supports a bunch of languages. Yeah. Yeah.

[00:20:23.530] – Ethan
All right. I mean, I was misunderstanding because it sounded like the way you’re describing it, the CDK, I could just pick a language and then apply the CDK, and I’m off and running, but the CDK has got to support, you know, whatever the language is. And I can choose within those parameters and. Right. Like you’re saying, popular languages are much more likely to be supported.

[00:20:41.630] – Michael

[00:20:42.620] – Ethan
Which all sounds cool if I’m a developer, but I’m an operations infrastructure human. So why do I care about CDKs?

[00:20:51.470] – Michael
Yeah. So that’s I was actually hoping this was going to come up, so I was thinking about how I was going to phrase this. So I’m going to preface this with something that is kind of valid, but I want to dive into it a little bit more. So let me preface it with this CDKs are very much in the ballpark of developers, people that are already writing Python and Go code and stuff like that. Right. However, there is it’s not just for developers like because this kind of goes back to what we were talking about earlier, where it’s like you don’t have to go create the next Twitter Instagram to write code.

[00:21:29.120] – Michael
You can go and you can write automation code, like Bash and PowerShell and all this stuff to be able to do your daily tasks. The same same rules apply for the CDK. Like you don’t have to go create the next Twitter Instagram to use a CDK. You’re going to be an infrastructure person or you could be, you know, a DevOps person or an SRE or whatever. And maybe you want to learn a new programing language or maybe, you know, you’re already doing all of your automation in Python, for example.

[00:21:54.830] – Michael
So maybe you’re like, oh, maybe I’ll go use a CDK. Why not keep everything a little bit more flush as well? I also think that the CDK, in my opinion, it will be very good for breaking down additional barriers. So let’s say you have an app team and you have like a back end team and you have your infrastructure team and your back end team is writing in Python and then the front end, the DevOps team and infrastructure team is writing and HCL and stuff like that.

[00:22:21.860] – Michael
Well, all this code sitting in GitHub. Right. And this person doesn’t know what this code is and this person doesn’t know what this code is. But if everything is a little bit in Python number one, it makes it a little bit easier for everybody to read. Everybody understand what’s happening if everybody knows how to write in Python number two. You can write tests, and this is what I really love about the CDK, I’m a firm believer of test driven development. So for me, it’s like whatever I can write the same tests that I would if I was writing an application in the CDK.

[00:22:52.080] – Michael
But all the all the testing frameworks, everything’s the same. So that’s like a huge selling point for me, too, is you know what, obviously you can lint your code, you can test your code, you can write tests for security purposes, all of this great stuff where you don’t really have that in something like HCL, although since Terraform zero dot 15, you can now do integration tests and stuff like that. And it’s in beta, but you know, it’s not the same.

[00:23:18.190] – Ned
No, it’s a bit wonky. Yeah, yeah.

[00:23:21.330] – Ethan
The developer kit feels like a toolbox. I crack it open and I got a whole bunch of tools at my disposal that just make it easier to do my job.

[00:23:29.190] – Michael
Yeah, yeah. Anything, anything that you can do in Python or go from like a testing perspective or where you can store the code or how you can deploy the code or where you can run it, like you could do everything the same way. Just because you’re using the CDK doesn’t mean it’s like you can only do infrastructure as code stuff. No, you could still write unit tests and mock tests and integration tests and you can deploy them in Lambda function.

[00:23:51.250] – Michael
You do whatever you want, you know, put them in a docker image if you want to and deploy it to kubernetes. Whatever you want.

[00:23:56.640] – Ethan
Is it fair to say that if you use the cloud developer kit issued by that cloud provider, you’re going to get better support maybe from either from the community or from the cloud vendor themselves?

[00:24:09.650] – Michael
Well, I think CDKs by themselves are still so new that the support specifically for the CDKs may not be there yet. However, on the flip side, the support for the languages are there. It’s much easier to get support for Python than it is for HCL. Yeah, you know, if you’ve got to go on stack overflow or something, so and again, because, you know, with CDK is like just because it’s its own product, it’s still just Python and go and stuff under the hood that you’re writing in. So all the language stuff is still the same.

[00:24:40.160] – Ned
Right. I think something that I want to pull on a little bit is there’s different CDKs and it sounds like you’re using the AWS CDK then you’re really only able to use that to create AWS resources. But if you’re using another CDK, that’s by some sort of like third party vendor. I think you mentioned Pulumi. Now, I might have access to create resources in AWS, Azure or something on Prem. Is that the case?

[00:25:06.590] – Michael
Yes. Yeah, it’s the same thing for like the CloudFormation versus Terraform debtate, you know vendor lock in and all that stuff. It’s the same thing. If you’re using the AWS CDK. It’s just for AWS. But if you’re using Pulumi or the HashiCorp CDK it’s multi-language or multi-cloud, sorry.

[00:25:21.560] – Ned
Multi-cloud yeah.

[00:25:22.110] – Michael
And multi-language.

[00:25:26.840] – Ned
OK, so I can write in the language I know or want to know and I can write it to the target, the platform where I want to actually create things. And now I’ve I don’t have to learn a new language necessarily if I’m already a developer. But I think it’s something that really resonated with me that you said earlier was if I’m an infrastructure person, I’ve always wanted to learn programing. I’ve I want to learn more about Python or go.

[00:25:50.660] – Ned
But I didn’t have something that I could grab on to a project that could propel me forward. Here’s an opportunity to do something that’s actually part of my day job, which is maintaining or spinning up infrastructure. And I’m going to do it with the programing language that I wanted to learn. Here’s a perfect opportunity to do that. I actually have something that’s relevant to my job as opposed to, oh, you know, I’m just going to write an application for like a bookstore or something.

[00:26:16.790] – Ned
Even though I don’t work in a bookstore, I don’t own a bookstore. But that’s like that’s the getting started project that that’s given to me. So that that this resonates with me a lot more.

[00:26:26.780] – Ethan
You can create a really big AWS bill so fast now Ned.

[00:26:37.220] – Ned
Cloud enables stupid at scale. We know that.

[00:26:46.910] – Michael
That’s very cool.

[00:26:47.570] – Ned
One of the things that I’ve struggled with when it comes to infrastructure as code is dealing with custom objects or custom resources. To give two quick examples. If you’re in terraform and you want to codify a group of resources together, you typically use a module, right? And that’s, you know, just those resources are defined in basically a separate Terraform configuration that’s invoked by your main configuration. Arm uses nested templates so you can just reference a separate template. I know in CloudFormation you can have Lambda create custom objects for you, but all of those are very leaky abstractions.

[00:27:26.310] – Michael

[00:27:27.170] – Ned
When it comes to the CDK, can I actually create just an object that’s composed of all these resources and reference that object without having to worry about all the stuff in the background?

[00:27:38.180] – Michael
Yeah. So the way that I would think about it is let’s say you have a front-end application, you have a backend application, maybe have some type of middleware application.

[00:27:48.440] – Michael
You wouldn’t put, you know, the front end code in the same file as the backend code. You wouldn’t put the front end application in the same repository as you would the backend application. So I like to think of the CDK the same way. You know, let’s say, for example, I have a repository that I’m, I don’t know, spinning up just like a basic dev environment or like a VPC, a couple of EC2 instances, some security groups. IAM. All that stuff. Right. Maybe I’ll have that in the same repository because it’s technically part of the same application.

[00:28:27.020] – Michael
But I’m going to split it up into like it’s own separate directories, its own separate dependencies, all of that stuff. So I think of I think of the CDK very much more from like an application perspective than I do an infrastructure perspective. And that might not be correct. Like, that’s just my way of thinking about it, because just with my dev background, it’s just makes more sense for me to think about it that way. Yeah. And that’s like one big reason why, like, you know, with Terraform modules, for example, I probably don’t use them as much as I should because it’s very like it’s just like a wonky way of like in the same thing with like the arm nested templates.

[00:29:02.420] – Michael
And so it’s like it’s just yeah. It’s it’s too much.

[00:29:11.470] – Ned
[AD] We pause this Day Two Cloud podcast for an important message from one of our sponsors. Cloud is hard, predicting cloud costs is even harder. What you need is a friend to help out. What you need is Zesty. Zesty uses AI to proactively adapt cloud resources to real time application needs without human intervention. Now, I know. I know. A.I. is a term that gets thrown around a lot. There’s a lot of hype and a lot of disillusionment. And that is because vendors try to get A.I. to do everything instead of the thing that A.I. is actually good at.

[00:29:52.880] – Ned
And that thing is monitoring and optimizing repetitive and identifiable events. Guess what cloud cost optimization is? A problem of monitoring and optimizing repetitive and identifiable events. Zesty is using real deal A.I. in the way it was intended. Zesty’s technology leverages A.I. analysis and autonomous actions based on real time cloud data streams to automatically purchase and sell AWS commitments or in much plainer English, Zesty looks at the real time data from your cloud resources and then makes smart purchasing decisions to save you money.

[00:30:36.110] – Ned
And you don’t have to do anything. There’s probably some alarm bells going off in your head. You just handed Zesty an unlimited credit card and permission to use it. That’s scary. Fortunately, Zesty offers a buy back guarantee for any overprovisioned commitment. You’re not going to get stuck with a pile of reserved instances you don’t need due to a glitch in The Matrix. That’s because Zesty makes money when you save money. That’s right. Their fee is based on the savings they provided to you.

[00:31:10.970] – Ned
If you’re not saving money, Zesty isn’t making money. That’s what we call friends, aligned interests. The result is an average savings of fifty percent on EC2 and a mere two minutes to on board your account. If you’d like a friend who saves you time and money, go to and book a demo that’s to book a demo and put your cloud cost optimization on autopilot. Now back to the episode. [/AD] [00:31:42.540] – Ethan
Michael, we talked about testing code and you mentioned that CDKs enable that, just make it easier for you to do testing. Can you maybe give us an example or dive into that in a little more detail as we get different kinds of testing? How does it, how does a CDK enable me to do that, that testing, which again, thinking about it like from a networking perspective, man, there’s things you want to know are correct or valid in your environment, both before and after a test.

[00:32:06.240] – Ethan
And anyway, we have those parameters all over the place. So give a sense.

[00:32:10.470] – Michael
Yeah, for sure. So I think a good place to start with this is just like general infrastructure as code testing. So and then we’ll move into CDK. So with infrastructure as code testing. So a lot of people aren’t doing this, but they very much should be. You know, I have a buddy that’s an SRE at Microsoft, and none of the Terraform that they write is not tested. Everything is tested. So, you know, the thing that I think about is infrastructure as code.

[00:32:38.730] – Michael
It’s just code. Right. It should be thought of the same way as application code. Like you’re not going to put an application into an environment, whether it’s dev, UAT, staging production, without properly testing it. Right. Without running an integration test. Like, is everything working the way that it’s supposed to without running a unit test, making sure just not a very high level that it all works? A mock test, right. Actually implementing it.

[00:33:01.170] – Michael
Yep, it works. Destroying it. You’re not going to you’re not going to deploy an application without doing all of these things, nor should you with infrastructure as code for perfect example, I write tests in go for terraform. So I’ll write like a basic mock test or an integration test where it’s like, all right, test, test that everything looks the way it’s supposed to plan it out, apply. It looks good? All right now destroy the resources. Right. So I think infrastructure as code testing in general should always be thought of that way. It shouldn’t just be. I’m going to put a thousand lines of code in my terraform and just create all of this stuff and kind of walk away and hope for the best, like it shouldn’t, shouldn’t do that ever in any environment.

[00:33:48.600] – Ethan
Again, I’m still at this philosophical level, but you’re saying you should know the result you’re expecting and have tests, then compare what is actually produced with what you think should have been produced.

[00:33:58.890] – Michael
Exactly. Yeah. Yeah. And, you know, like, I very much compare this with, like, you know, life stuff as well. I’m not just going to go get car insurance and be like, I wonder what’s going to happen at the end of the month. How much is it going to be? What does it actually cover? You know, it’s the same thing with, like, your your code, right? Like with your infrastructure.

[00:34:14.700] – Michael
Like, you shouldn’t you shouldn’t just throw stuff out there and be like, I wonder what’s going to happen at the end. Like not like you should always know what’s going to happen in one way or another. Now, infrastructure as code testing. It’s obviously not as easy like, you know, if you want to do any type of Terraform testing, you got to know Go, which makes it a little bit difficult. But with the CDK, it makes it so much easier because all of the language specific testing, libraries and frameworks, you know, all of the linters and everything, like everything that’s built, either built into the language for testing or somebody created a library for it.

[00:34:55.410] – Michael
You can use all of those frameworks and all those libraries. So you really don’t have to think too much about it when it comes to CDK, which is nice. And, you know, even like from a networking perspective, I mean, I would even say, like, you know. Let’s say, for example, you got 10 Cisco routers and you got an IOS config and you want to be able to deploy it at scale to 10 of these routers.

[00:35:18.770] – Michael
Once it deploys to those routers, then the typical approach is to go in and make sure that everything’s working, yada yada. Wouldn’t it be nice to know if it’s working before it all deployed and then you got to go in and then you’ve got to wipe out the IOS config and then you got to figure it out and then redeployed and then this isn’t working and then rip it out. And it’s just like, you know, but if you can test it in the beginning and kind of have a conceptual understanding of what should be happening, I think it just makes everybody’s life much easier.

[00:35:45.550] – Ned
Right. I think you sort of alluded to two things when it comes to infrastructure as code testing, especially with terraform. One, it doesn’t have the built in tools in HCL to do that unit and integration testing. So I think the tool you might be referencing is TerraTest?

[00:36:00.530] – Michael
Yes TerraTest. Yup.

[00:36:01.450] – Ned
Yeah. So that uses Go to do the testing of terraform code and it’s just. Yeah. The other thing is when you’re dealing with infrastructure, you’re dealing with real resources like 10 Cisco routers, where running that update against those live machines can have pretty catastrophic consequences.

[00:36:22.430] – Ned
So your testing suite needs to be able to do some sort of mock up or virtual environments where it tests those changes and does some sort of verification that what you intended is what’s actually going to happen on those devices.

[00:36:36.800] – Ethan
I don’t know Ned. Sometimes the business just needs to be reminded how important the network is. If you take it away to show your value, that’s worth it.

[00:36:47.150] – Ned
Yeah, right up till you get that pink slip.

[00:36:51.140] – Michael
Either that or job security. You’ll get you fix it properly. Yeah, no, I mean, it’s yeah, you’re absolutely right. And by the way, yes, I was referring to TerraTest. My apologies. I like I always forget. I always just like default to the language. But yes TerraTest is the framework that I’m referring to when I’m talking about Go. Yeah. So I mean, even you know, one of the things too that comes to mind is let’s say you got again, let’s say 10 Cisco routers.

[00:37:18.140] – Michael
Right. You know, and you’ve got an IOS config. Well, at this point, you kind of got an IOS config that like either you’re passing around or it’s in one place. People are going somewhere to get to it, maybe on some router or whatever in a lab environment. But like, you could take that IOS config and say, like, put it up into GitHub and now everybody on the team in different countries, if it’s a global organization and stuff like everybody has access to and everybody can see what’s happening and, you know, you could run certain tests against that and it opens up doors.

[00:37:47.000] – Ethan
Yeah, I’ve talked to people that have done have taken this approach, Michael, and they’ll it won’t even be the entire config. It will be portions of a config that do specific things within the network. Here’s our BGP standard. Here’s our here’s how we do NTP and and so on.

[00:38:01.790] – Ethan
And they’ll even I interviewed a couple of guys. Their, their whole thing was to to break it down by device per function. And then they had basically a matrix of code that would live in GitHub. And their, they had glue code that would, based on what it was that they were deploying and where they were deploying it to, would pull the entire thing they needed to push together based on that matrix that they that they’d created. It was quite elaborate, but gave them an incredible amount of flexibility.

[00:38:30.590] – Ethan
And they ended up there. They didn’t start with that. But that is ultimately where they ended up with that level of complexity that gave them that flexibility to think about infrastructures as code in this broken out way. Very cool.

[00:38:42.830] – Michael
Yeah. Yeah, no, it’s pretty cool, man. I see a lot of really cool stuff happening in the networking space around, like, you know, turning it a little bit more devy. And it’s something like really, really cool stuff out there for sure. I’m definitely excited to see where that space goes. One hundred percent.

[00:38:59.330] – Ned
I’m glad we’re talking about code repositories because that’s actually where I wanted to go next in terms of using CDK when I organized my IAC code, it’s usually in a separate repository from the application code that’s going to be running on the infrastructure, I’m provisioning. And I’ve seen some people combine it together in the same repo, but they’re going be in separate directories, different deployment processes, all that kind of jazz. Does that change at all when you’re using a CDK because now you’re using the same language, or do the two still live pretty independently?

[00:39:31.400] – Michael
Yeah, I mean, I think it’s you know, you don’t put you don’t put different jobs into the same repository. Like, I wouldn’t put back end code in the same in the same exact repository as front end code. Same thing with the CDK. I wouldn’t put like, you know, backend Flask app with the CDK that’s deploying my kubernetes cluster. I wouldn’t put that in the same repository. But in terms of like deployments and stuff, I mean, that could also be very much the same as well.

[00:39:56.360] – Michael
Like if you’re using GitHub actions, for example, to deploy your application. Yeah. Use GitHub actions to deploy your CDK code or use it to deploy your IaC code deployed for all that stuff. Yeah, I think like the deployment process and all that. You should never have to, like, use this CI/CD vendor for infrastructure as code in this CI/CD vendor for application, unless you got something like real specific, like, you know, you’re using something like Bitrise to deploy to like mobile CI/CD and stuff like that. But that’s a very few and far between.

[00:40:28.420] – Ned
Is there a build portion of the CDK code that you’re writing? Because I know usually with IaC. There’s not really a build process. There’s just take that code and deploy it. So is there something with CDK where you’re actually running a build that creates some artifacts?

[00:40:45.900] – Michael
Well, I would say, like even for IaC code like there there is the. I would say there’s definitely could be the need of, say, creating an artifact for it, maybe saving that in JFrog’s artifactory or something like that, and then using that artifact in your CD process, if the if the infrastructure code isn’t changing. So like, for example, let’s say you’re you’re specifying your VPC for a dev network and you’re like, this isn’t going to change.

[00:41:12.980] – Michael
You could build an artifact out of it and then use that artifact in your CD pipeline, just deploy it out. And I would say probably the same rules apply for like CDK. However, typically in the CI or the build process, that’s where you’re testing. So you’re doing your unit testing box testing and stuff like that. So if you’re if you are running tests, which you should be, then, yes, there’s definitely going to be the CIA process for that for sure.

[00:41:38.060] – Ned
OK, OK. And when you’re using a CDK, let’s say you’re using the AWS CDK, does that spit out CloudFormation code at the end?

[00:41:46.350] – Michael
It does. Yeah. OK, yeah. So so what’s really cool about it and even the HashiCorp CDK as well, you’re writing it in whatever language, but at the end there is a template. Right. It’s spitting out some like Terraform configuration for HashiCorp or if you’re using the AWS CDK, it’s spinning out like a CloudFormation template in or the CloudFormation stack and stuff like that. So, yeah, so it is using that stuff on the back end, but you don’t ever have to touch it or anything.

[00:42:16.460] – Ned
OK, so it’s generating the code that then another tool would use to actually do the deployment.

[00:42:22.610] – Michael
Yes, OK. So it’s really all infrastructure is code at the end of the day. Yeah.

[00:42:28.280] – Ned
It’s just the difference between you writing that YAML or JSON versus having your code generate that YAML.

[00:42:36.380] – Michael
Yes. And I think it makes sense, like from an ease of use perspective. I don’t know about you guys, but I don’t want to sit there and write JSON all day. I don’t know. I just don’t want to. It’s not fun. It’s not interesting.

[00:42:46.180] – Ethan
Happy to consume it, don’t want to write it. Yeah, exactly.

[00:42:49.730] – Michael
So, you know, using something like the CDK, it it takes it takes away that that frustration, you know, even with YAML, like I, I don’t know which one I’d prefer to use.

[00:43:00.320] – Ethan
I’d rather write JSON than YAML man. But the YAML’s not my friend either. Yeah.

[00:43:04.220] – Michael
Yeah exactly. I’d probably prefer to write JSON, it’s a little bit easier for me conceptually to read a key value pair like, but with YAML, for example. Like some people don’t like white space based languages and that’s why some people don’t like Python, you know. So if you’re if you if your platform is just YAML, like people might just not choose you just because of that, I guess, especially if an engineer is making a decision.

[00:43:29.690] – Ethan
Dude, That’s my experience. Just hacking around with Kubernetes. It’s like, why? What is wrong? Oh, whitespace. Got it.

[00:43:34.910] – Ned
I think that’s why I don’t like white space languages. Every time I tried to learn Python, that’s the thing that’s that’s pushed back on me so hard. It was like, oh, I got the spacing wrong. Why can’t the spacing just be right? And when I but I mean, mountains of JSON doesn’t help either. When I first started with cloud formation and this was many years ago, so pre support for YAML, it was just JSON and you were writing it straight and there were barely any functions in cloud formation and there was no loops, nothing like that.

[00:44:06.470] – Ned
So you need three instances of that resource. You’re going to copy and paste that three times, and I hope you got your commas in the right place.

[00:44:13.910] – Michael
Yeah, yeah. And that’s such a huge thing. And it’s like I think that’s a huge thing for the CDK as well. I mean, you guys hit the nail on the head like YAML white spaces. JSON, you have a comma here. Is it formatted properly?

[00:44:26.240] – Michael
All that like that’s enough for like whiskey o’clock to like start at 10:00 a.m. because it’s like I don’t want to deal with it, you know. But, you know, if you’re doing it in a language that you’re a little bit more comfortable with, it makes things a little bit easier. Now, no CDKs are supporting this, but I do hope that CDK start to support things like Bash and PowerShell and stuff like that. I think that it’ll make the adoption for infrastructure folks a little bit easier as well.

[00:44:53.420] – Ned
Speaking of infrastructure folks and what they’re writing in, I think the most popular tool right now is probably VS Code. For everyone who is writing any kind of code and I know there’s extensions and linters for something like HCL. Do those do the extensions for Python and Go all understand the CDKs and what’s expected in there?

[00:45:16.730] – Michael
Yeah, absolutely. 100 percent because, yeah, at the end of the day you’re just you’re just writing it in the programing language like nothing is different. Like the CDK isn’t like all you need to do this in Python because it’s a CDK like not something like that. It’s just you just care about the language.

[00:45:31.370] – Michael
That’s a yeah. The only difference is you have to use the library like the AWS CDK library or the Pulumi library for Python, stuff like that. Yeah. Like, like a good example of this is Pulumi. Let’s say you’re using Pulumi, Python and Azure. There’s going to be a specific Python library for Azure that Pulumi wrote, that’s the only difference, but the rest of the language is 100 percent the same.

[00:45:58.820] – Ned
OK, OK, it sounds like we should talk to Pulumi at some point.

[00:46:04.010] – Michael
Pulumi’s good. Yeah. Yeah, they got some really cool stuff going on. Arguably, they’re they’re still depending on terraform for a lot of their stuff. They’re still depending on Terraform providers and stuff like that. But they, they sort of are their own separate entity. But yeah, they are still depending on like Terraform providers and stuff for a lot of their resources.

[00:46:24.660] – Ethan
Yeah. You make it sound like it’s really just like using any library. So if I’m in a code editor that’s aware I’ve got hints and I’ve got, you know, all that kind of stuff that’s there that gives me knowledge about the library, even if I don’t know everything that the library can do for me.

[00:46:40.460] – Michael

[00:46:40.850] – Ethan
OK, well, are there any anything weird drawbacks, gotchas that I should be aware of when using a CDK?

[00:46:47.630] – Michael
No, I mean, the biggest the biggest thing to just keep in mind is that some CDKs support, some languages, some don’t, you know, is just pretty much it.

[00:46:55.820] – Ethan
And if I’ve got the match with my language and I can bring it into my IDE or code editor of Choice, it’s going to behave the same. I’m going to have the tooling that I’m used to using in my editing environment is going to function the same. It’s I guess that’s it’s all advantage. It feels like

[00:47:09.050] – Michael
Yeah, everything’s 100 percent the same. Like whether you want to use VS code, whether you want to use Goland for Go code, whether you want to use PyCharm for Python, whether you want to use you know.

[00:47:20.780] – Ethan
I do, I love PyCharm.

[00:47:22.520] – Michael
I love PyCharm too. Yeah. You know, whether you whatever you want to use, it doesn’t matter.

[00:47:27.770] – Ned
Wow OK, if someone wanted to get started on using a CDK, they may be a little already familiar with ARM templates or cloud formation or whatever infrastructure as code tool they’re using today. What would be some good resources for them to get started and feel free to plug your own stuff?

[00:47:44.870] – Michael
Yeah. So yeah, I’ll, I’ll keep my plugs a little bit short, but yeah. My YouTube and stuff. I have a bunch of blogs and stuff out there for all that good stuff. But you know, a lot of these vendors, they, the documentation is pretty solid, like Pulumi’s documentation is pretty solid, AWS and their documentation is always a little. But it’s all right, you know, like, you know HashiCorp’s documentation is always really awesome.

[00:48:15.020] – Michael
So they’re what they have for the CDK right now. Again, it’s still very much alpha. I’d call it. That documentation is there. So, yeah, I mean, I would say, you know, that’s one place, but that’s only half the battle or. 30 percent of the battle, actually, 70 percent of the battle is learning the language. So you’re going to want to go out to your your Pluralsight or your CBT nuggets or whatever you Udemy, Udemy, however you pronounce it and and pick whatever course you want to watch from there and stuff like that.

[00:48:47.820] – Michael
See how all those, all that stuff is really out there. But 70 percent of the battle arguably is learning the language because the CDK it’s like. Really, the only thing that it is, is this is a library, they’re just giving you a library to go use for whatever cloud. But you’ve got to if you don’t know the programing language, you’re you’re not going to be able to use the CDK so.

[00:49:09.540] – Ned
Well, even if you don’t plug it, I will plug it that you have an excellent YouTube channel with some really good videos on using the CDK. I watched some of them yesterday as preparation for this and it’s just well explained, well produced, good audio, which, you know, I’m always persnickety about. So if folks are looking for that, we will include links in the show notes. Is there what’s the name of your YouTube channel if someone just wants to plug it into Google?

[00:49:35.940] – Michael
Yeah, I think you could just look up Michael Levan and it’ll pop up, I think, like the URL is slash cloud dev engineering. And then you’ll just see a banner says infrastructure as software, which is maybe even something we could talk about to about the difference between IaC and IaS. But yeah. So those are a few different places for sure.

[00:49:56.040] – Ned
Gotcha. Awesome. Sometimes we ask our guests to summarize the episode with some key takeaways. Do you have any key takeaways you’d like to share with listeners?

[00:50:05.850] – Michael
Yeah, absolutely. So I think probably falls under two or three. The first one is you don’t have to be a developer to use a CDK and you don’t want to be a developer to go learn Python and Go and stuff, go learn it. It’s super fun. You know, you don’t have to, again, be the you could be either a networking or you can be an infrastructure or whatever the case may be. You could still use these programing languages and stuff as well.

[00:50:30.480] – Michael
And then the third thing is try to make everything as repeatable as possible. I feel like that’s a large thing from an engineering perspective. But you also have to think about it from a business perspective wherever you’re working, like once you understand the business its much easier to do your job. And at the end of the day, all businesses want something that’s repeatable and they want something that’s going to be a little bit faster and a little bit more efficient.

[00:50:52.440] – Michael
And doing that. You know, doing your job from an automation perspective is is typically far more efficient and reusable than just clicking around the UI and stuff so.

[00:51:03.030] – Ned
Stay out of the UI people!

[00:51:04.950] – Michael
Yeah, don’t go in the UI.

[00:51:05.750] – Ned
Awesome. Well, Michael Levan, thank you so much for being a guest today on Day Two Cloud.

[00:51:14.010] – Michael
Absolutely. Thank you so much for having me, guys. Really appreciate it.

[00:51:16.740] – Ned
You bet. And hey, listeners out there, virtual high fives to you for tuning in. If you’ve got suggestions for future shows, you know what? We’d love to hear them. You can hit either of us up on Twitter at Day Two Cloud show. Or you can fill out the form on my fancy and brand new website, Ned in the cloud dot com.

[00:51:34.320] – Ned
Did you know Packet Pusher’s has a weekly newsletter? It’s true. It’s true. We do. It’s called Human Infrastructure Magazine. You are the infrastructure and it’s loaded with the best stuff we found on the Internet. Plus our own features, feature articles and commentary. It’s free and it does not suck.

[00:51:50.010] – Ned
So that’s a good thing. You can get the next issue via Packet Pushers dot net newsletter until next time. Just remember, cloud is what happens while IT is making other plans.

More from this show

Day Two Cloud 180: Understanding AWS EC2 At The Edge

On today's Day Two Cloud podcast, we speak with Jan Hofmeyr, a VP within Amazon Web Services (AWS). This show was recorded at AWS re:Invent 2022 in Las Vegas, and we discuss EC2 at the edge, AWS Outposts and how local zones work, connecting Outposts to...

Episode 108