System Design | Implementation Rule Book

Sunday, June 7, 2020

Terraform : IAC series II

About Terraform:

A declarative language, not a programming language. Which keeps its state recorded when we run again it compares the new and old state.

It gives a consistent way to describe the resources and interact with other resources.

Not good for workflow ,combination of steps…

It creates lock on the same module. This is avoid any mutability, and save from being into a corrupt state.

To make things easier, we have a reusable module (elastic cache, ami finder, rmq cluster etc, s3 replication.)

Module is needed with mutable infrastructure. Modules are like a jar.

Source code :

variables: https://github.com/thetechiehouse/terraform_basic_sample_app_variables

Modular design: https://github.com/thetechiehouse/Terraform_VPC_modular_setup

Terraform : IAC series I

This blog covers the basics of terraform a declarative language for managing infrastructure as code.

Download link:

brew install terraform //mac

choco install terraform //windows // manual :https://www.terraform.io/downloads.html

Editor : Visual Studio code

Install terraform from above location. Check the installed version on terminal

terraform -- version

Sample example 1

create a file main.tf

provider "aws" {
    access_key="XXXXXXXXXX"
    secret_key="xxxxx"
    region="us-east-1"
}
resource "aws_instance" "myfirstec2" {
  ami="ami-09d95fab7fff3776c"
  instance_type="t2.micro"
  tags= {
      Name="The Techie House demo"
  }
}
resource "aws_s3_bucket" "theTechieHouseB" {
  bucket="the-techie-house-first-bucket"
  acl="private"
  tags ={
            Name="The Techie House demo"
  }
}
Commands:

    I. terraform init

    II. terraform plan   // show what it is going to perform

    III. terraform apply  // Going to create infrastructure

    IV. Terraform show  // show the available resources

     V.  terraform destroy // destroy everything

Source code: https://github.com/ORGPRITHVI/Terraform_basic_sample_app_1_ec2_s3

Wednesday, June 3, 2020

AWS Assoiate Notes

VPC:

Egress-only internet gateways:

- allows outbound communication over IPv6 from instances in your VPC to the internet, and prevents the internet from initiating an IPv6 connection with your instances.

*To enable outbound-only internet communication over IPv4, use a NAT gateway instead.

NAT gateway:

- You cannot route traffic to a NAT gateway through a VPC peering connection, a Site-to-Site VPN connection, or AWS Direct Connect. A NAT gateway cannot be used by resources on the other side of these connections.

VPC Flow log

You can create a flow log for a VPC, a subnet, or a network interface. If you create a flow log for a subnet or VPC, each network interface in that subnet or VPC is monitored

Log format : <version> <account-id> <interface-id> <srcaddr> <dstaddr> <srcport> <dstport> <protocol> <packets> <bytes> <start> <end> <action> <log-status>

VPC endpoint services (AWS PrivateLink)

Create your own application in your VPC and configure it as an AWS PrivateLink-powered service (referred to as an endpoint service). Other AWS principals can create a connection from their VPC to your endpoint service using an interface VPC endpoint.

- You can create a flow log for a VPC, a subnet, or a network interface. If you create a flow log for a subnet or VPC, each network interface in that subnet or VPC is monitored

Routing

VPC peering connection route contains Target as pcx-xxxxxx.

VPN connection // Direct Connect connection route contains Target as vgw-xxxxxx.

Gateway endpoint: prefix list ID of the service (pl-xxxxxxxx), and a target with the endpoint ID (vpce-xxxxxxxx);

Redis : supports both replication and clustering