Skip to main content

Posts

Showing posts with the label Cloud

Deploying and Managing Scalable, Cloud-Based Infrastructure in Azure

This blog post is located over here; Managing Scalable Azure Infrastructure    Here are my notes while the above portfolio is being restored; I...accidentally deleted it while mass cleaning out my Drive and didn't realize for a week. Oops. If anyone has a contact at Google who would like to help, I'm on LinkedIn.  They're messy, but the gold shines through. In Summary (Load Balancing and maintenance); I created two azure load balancers for web app redundancy and speed; this eliminates single points of failure. Health probes let me know if something needs attention.   Distributes web traffic across multiple virtual machines, making it resilient + scalable, maintain performance, and eliminate single points of failure. A health probe makes sure everything is up and operational, and LB rules distribute HTTP traffic. Hands-on experience configuring 2 azure load balancers, a tool that, at it’s base basicness, has multiple components that ensure uptime, optimize web traffi...

Infracost, The Cloud Cost Manager

I nfracost integrates with Infrastructure as Code technologies to check the costs of the infrastructure you're creating or changing, in multiple currencies, multiple cloud platforms, and can integrate with multiple repos and pull requests.  Hooray!   The single-sentence description is 'Shift FinOps Left". Not sure what that means, but let's look at the software itself. The tag policies feature seems similar to the regulations one can set up in Trivy, like I've done over here , to make Terraform code adhere to certain rules. I installed it via chocolatey on Windows 11, using it to check my Azure resources. Don't forget to get the API key as well, it is a lot easier to set up than you think, and used the CLI in the program; here's that documentation (Option 1) . It does not check the free tiers of Azure and uses On-Demand prices by default. This is the output for infracost breakdown ;  You'll notice that it does round down; My cost is 15.41$, and the t...

AWS Infrastructure Composer

 A very brief look. The text says; Drag and drop any CloudFormation resource on a visual canvas Connect and configure enhanced components to automatically build IaC for an application architecture Seamlessly transition between authoring workflows visually with Step Functions Workflow Studio and defining resources with Infrastructure Composer Integrate your browser with your project through “local sync” or use Composer in the AWS Toolkit for Visual Studio Code In 2019 there was a similar tool to build infrastructure that would be converted to code. Nice to know they bought it back. When you enter the Composer, it's a blank space with a background reminiscent to the screen for Cloud Formation. Infrastructure Objects are to the left in a drawer;  I've selected a bucket that I can rename. I went to connect a bucket to a Dynamo DB Table, and it's not available yet. It also lost a bucket somewhere in the ether of the GUI. Ah well. I couldn't find the EC2 instance in the...

Securing Terraform and You, Part 3 -- The Finish Line

9/20: The open source version of Terraform is now OpenTofu   I swear, this is not a recurring series. The problem just -- finally -- got solved. Part 2 is over here . I went back to tfsec after seeing the simple start guide posted here , by Liam Galvin at Ghost Security. There are two aspects of my code:  Allow buckets starting with [word]  deny buckets that don't start with [word].  The initial guide only has "don't allow buckets that are exactly named this", but that's all I needed to actually get going! The problems could have been; The rego file and the terraform file don't play well in the same folder. Having the options in two separate subfolders helped even though there was a command that I used to read both files in the same folder. Trivy ... I don't know. Maybe the metadata setup was incorrect - but if it's set up as comments -- readable by the program but not acknowledged in the rego -- who knows. I can work on that in the future. The code w...

Securing Terraform and You Part 2 -- Trivy by AquaSecurity

9/20: The open source version of Terraform is now  OpenTofu    Part one is over here . This comes as the 3rd tool in a long line of tools I am using to make Terraform (OpenTofu) code consistent. I went back to the Styra Academy courses for OPA Policy Writing. I am a very "Just show me the general idea, and I can probably figure it out", and I am reasonable enough to say that it didn't work this time, and I had to take the slow road. Good start; Trivy told us where it installed; trivy info installed /usr/local/bin/trivy /Users/morganza/Library/Caches/trivy the homebrew package had an outdated version, so I had to install v. 0.40.0 myself and link it to the previously installed 0.18.0 I believe -- See the GitHub discussion here . We are now back to rego, but fortunately, Trivy works as intended when you run it locally with the following command; trivy conf --policy . --namespaces morganza . There was an odd combination of YAML with a bit of rego involved for tfsec -- can ...

Log Sorting with AWS CloudWatch, AWS CloudWatch Insights

 The cool thing is, I was contracted to make these videos in collaboration with CloudAvail Technology Consulting to help people decide which service they wanted to use for their logging - AWS CloudWatch, AWS CloudWatch Insights, DataDog, or New Relic. I'm searching through nginx logs. I have accompanying videos of each service that you can find on the CloudAvail Youtube page; See these links to go to the DataDog and NewRelic posts.   The idea was to be subjective in the videos, but I can be objective on my personal blog.     CloudWatch     The syntax is odd, but easy to grasp. Sort log data by IP addresses, message codes, and status codes. The simplest query system, but not quite robust.   Insights       The syntax has changed - Vastly. I see major SQL influences. You can see that in how the parse function works - in this case, it's often taken pieces of a pre-existing standard - in this case, message - and breaking them into their own c...

Log Sorting With New Relic

 The nifty thing is, I was contracted to make these videos in collaboration with CloudAvail Technology Consulting to help people decide which service they wanted to use for their logging and data visualization - CloudWatch, CloudWatch Insights, DataDog, or New Relic. I'm searching through nginx logs. I have accompanying videos of each service that you can find on the CloudAvail Youtube page; See the following links to go to the CloudWatch , CloudWatch Insights , and DataDog posts.   NewRelic   I expected this to be easier than the previous two and it's rather dense in its information at first glance, although you an adjust it to show real-time analytics.  Documentation is reasonable and concise; One could gather the basics of the syntax quickly. Opening a singular log entry and clicking the elements of it to include or exclude from a new query was very helpful. check out the video for how I did error tracking. The GUI is my favorite; Sleek and modern, and yet i...

Log Sorting With DataDog

The nifty thing is, I was contracted to make these videos in collaboration with CloudAvail Technology Consulting to help people decide which service they wanted to use for their logging - CloudWatch, CloudWatch Insights, DataDog, or New Relic. I'm searching through nginx logs. I have accompanying videos of each service that you can find on the CloudAvail Youtube page; See the following links to go to the CloudWatch , CloudWatch Insights , and NewRelic posts.   The idea was to be subjective in the videos, but I can be objective on my personal blog.     ...There's a lot of information.  And a lot of ways to sort it. What's the difference between Patterns and Transactions? The Live Tail setting is pretty cool. Would be very helpful in making you panic if there was some kind of incident and you got a ton of error logs, but then you can sort by patterns and get a bit more insight into what is failing or being attacked. You can see in my video that I had to ad...

Using AWS Data Migration Service

 Want to share this easily?  Check out the Notion page. By Morgan Lucas (she/her) from this video by Johnny Chivers We use data migration services to, well, migrate data. But why would we want to do this?  Perhaps... We're moving our business to the cloud, and need to shift all of that cold storage we have onsite. We want to use it as a backup in cause our infrastructure is out of commission. We could have information to share with a 3rd party, and instead of giving access to on-site databases, we put it on AWS to share. Nevertheless, let's recap what I've done. Created publicly accessible, password-protected database with Amazon Aurora with PostgreSQL Compatibility to migrate to Amazon Dynamo DB Managed inbound rules of security group to limit access Used open source software HeidiDB to interact with database via a TCP/IP session and specific URL for DB (Not shown here for security)     Connected to Aurora PostgreSQL Database ran queries that deleted and cre...

A Serverless Application on AWS

  By Morgan Lucas, From Adrian Cantrill’s More Than Certified / GitHub . Find the Notion Page HERE . Pictured: Someone who would get use out of the app. Technologies used: AWS, Lambda, Step Functions, API Gateway, S3, SNS & SES. What Is This?: A small app for pets to both you for cuddles that will send an alert to a phone and an email address. Both points of contact must be opted into first. Stage 1 I register 4 objects - Two email addresses (sending messages, receiving messages) and 2 phone numbers (one to receive SMS [text messages], and an origination number. Stage 2 I used CloudFormation (again, our old friend) to create an IAM role that email_reminder_lambda uses to interact with other AWS services. Really beats searching through the policies! In the Lambda console, I create a function that uses Python 3.9 rundown and use the LambdaRole created via CloudFormation. There are multiple entries called some variation of LambdaRole, so look for the one with SES/SNS and C...

Using Dynamic Blocks in Terraform

9/20/2023: The open source version of Terraform is now  OpenTofu     Want to read it with nice formatting? Check out the Notion page. Continuing from the post about Modules , let's look at Dynamic Blocks. What are Dynamic Blocks? It's a way to construct dynamically repeatable nested blocks in Terraform code. Think about using for_each - This is often used to make individual resources with a value to iterate over. Is This a Dynamic Block? I’ve done something like this, but it involved the multiple function (*) and a stand-in variable ${var.ex} . network_interface_ids = ["${element(azurerm_network_interface.CA-NetInt.*.id, 01)}"] The index (01) was the number of network_interface_ids one would want. Was that unknowingly a dynamic block, or something else? By all means, comment what you think. Apparently, It Wasn’t resource "aws_elastic_beanstalk_environment" "tfenvtest" { name = "tf-test-name" application ...

Using Terraform and AWS Cloud9

Wanted to try Cloud9 but didn't feel like making an EC2 instance in the GUI. So I made a Terraform file instead, remade a default VPC, and it took 20 minutes of troubleshooting. #AWS — Morgan (@runtcpip) February 1, 2022 9/20/2023: The open source version of Terraform is now  OpenTofu     👉🏾 Find the Notion page of this post here , if it's easier for you. It certainly looks nicer!   Setup: An EC2 instance A reference to the default VPC, which I had to remake, as I had deleted mine.    Downloading Terraform into Cloud9: Instructions here . Done and Done. Now, How About Using It? The kicker (or blessing) is that Cloud9 doesn't auto save, like I’ve set my VSCode up to do. Had to do a lot of manual saving, but it wasn’t a struggle. The lock file is created, but I don't see it in my file system to the left until resources have been pushed, so I made a simple bucket to try it out. Because this instance is attached to my AWS account, I suppose anything I m...

Building AWS Infrastructure with Python (+ Learning the Code)

Follow along with more DevOps stuff! It's not only CloudFormation and YAML we can use to build infrastructure in AWS - The ever-popular Python is here. I like how the docs say it should take around 6 minutes, and I'm here on maybe...minute 34 waiting for packages to finish installing. I'm sure it doesn't account for setup, but for a while, I was concerned I had misconfigured something. No, there are just a ton of packages to download.   Node.js had to not only open Powershell, but update my chocolatey and some VS Code components. Importing Python packages happens in consoles/terminals . You have to import them each session.  So, I open a terminal in VS Code to install this Pipenv Virtual Environment Package in theory. The hardest part is always installing Python packages, as I never remember what command works in Windows Terminal.  It's never pip install or apt-get, but 'python -m pip install [package], when you are not in the Python prompt. Now, into the cmd ...

Working With Terraform Modules for AWS

9/20/2023: The open source version of Terraform is now  OpenTofu  Terraform (now OpenTofu) for AWS is somewhat clearer than Terraform for Azure - easier to grasp than YAML and it's finicky formatting. After pushing some DevOps Terraform (TF) configurations live to AWS, I wondered if I could push a static webpage. Situation - Why Would You Use This? To quickly spin up the front-end for a simple webpage that might take user input after attaching it to back end services that accept and hold the data.  What Other Options Are There? I've documented hosting static webpages through Azure before on here through various methods - The process is somewhat intensive and relies strongly on interconnected systems. GitHub to host the code Azure Webapps to take the code and display it Another option would be using Netlify,  but that works best for truly single-page apps like this . It looks like it has different pages to the untrained eye, but it's only one. Task - How Is It Done? ...

Business Bonus: AWS Outage (12/7/2021)

  There was an AWS outage a few days ago; You were probably impacted in one way or another. If any of my appliances would ever e-mail me, I think I'd die of shock. Every thing from Disney+ to McDonalds was affected, as US-East-1 was US-East-None for a few hours. Even Amazon delivery drivers and warehouse workers couldn't complete their breakneck, no bathroom, tasks. My Alexa couldn't reach AWS. "Guess I better attach it to the new hotspot..." I thought, before moving on with my day and not doing that. Turns out, my hotspot wasn't the issue.

Get in CloudFormation; A Timeline learning IaC for AWS

  Want to share this page easily?  Here's a Notion Page .   A big shoutout to Pluralsight for their free weekend, and James Millar for a great introductory course . For the longest time, I couldn't see how people found this easy, but this helped. (Why did we make up so many programming languages that only work based upon the correct formatting of spaces and tabs? Readability is important, but when you're just beginning, how I learn, I'm interested in 'it works' first and 'it's pretty' second).   The (paid) project: Create an Instance that has basic security rules from a security group it's in. The most difficult part was learning the tool and the formatting. This was much easier in Terraform (Now OpenTofu) for AWS, but this time we wanted to use CloudFormation.   The Numbers: Resources Created: At least 11 VPC MacOSImageID* MacOSInstanceKeyName* InternetGateway PublicInternetRoute VPCGatewayAttachment PublicInternetRouteTable PublicSubnet01 P...

Deploying Docker Containers in AWS and Wandering Around Clusters

  Or, at least learning more about each. And self-learning is the important part, right? And welcome back to not only AWS, but Docker as well. This is a bit of an older post, as I have more experience with Terraform's containerized environments in Azure over AWS. Instructions There is a Console First Run Wizard, here . I have an exceedingly vague idea of what this means in full. Cluster is essentially the pack of what you need to run something. Bing (Yes, Bing), says it's a 'logical grouping of tasks or services'. So 'containers' are the 'physical' grouping, if we consider 'physical = code'. We can define a service, which allows us to run and maintain a specified number of simultaneous instances of a task definition. It sounds a little like a limited pool of IP addresses. This is the free tier, AWS only gives us one. The instructions emphasize Elastic Load Balancing...which took me a while to realize and find. And now the...

Totally Terraform (Or, Adding a revenue stream with Terraform DevOps Cloud Engineer Proceedures to A Company) [Updated March 2022]

 Want to share this post easily? Here's a Notion page !   9/20: Terraform is now  OpenTofu   I got to teach myself Terraform, but that's what this entire blog is about; Teaching myself things and hoping for work sometimes to make money and being employed by multiple people. Especially when that means adding a revenue stream. You can be the next one! Anyway, what do I like about Terraform? A lot. Including all the troubleshooting and digging into new things. The Numbers on What Was Made: Project : 1 Resources created : 7 Virtual Machine Network Interface Virtual Network Security Rule attached to Security Group Security Group (with outputs) Subnet Public IP address Many of these resources are attached to each other - The Network Interface is attached to the Virtual Machine, and they’re both in a Security Group which has Security Rules attached to it. The Virtual Network is attached to the Subnet, and the Public IP address is attached to the Network Security Gr...

Azure Networking Options - Core Cloud Services

I have done a lot of AWS things on here. Time to give Azure some attention. After all, since employers don't think Cisco or COMPTIA certifications are important, maybe Microsoft ones are? First, let's really think about why these are the two biggest cloud services providers in the world: They've been doing internet things for a long time. Amazon launched in 1995 , a virtual bookstore. Microsoft, well, you know.  They've lived, breathed, and frankly, created, infrastructure that we use today, that they're selling to us today. Of course the Store of Everything and the Company of Everything would encourage us to put everything in their hands. Also: Azure has a lot less silly names for modules. Important. I appreciate straightforwardness. I said 'a lot less', not '100% sensible names' Microsoft has a clear set of Azure Fundamentals that anyone can interact with. Let's talk about networking basics, basically to say, again, ...