Session talk presented at Innosoft 2022.11.11 University of Sevilla.
Presented the concept of Infrastructure as Core and its practical approach using Hashicorp Terraform a a tool to provision in the cloud. Examples with AWS are provided in a Guthub repository.
Do any VM's contain a particular indicator of compromise? E.g. Run a YARA signature over all executables on my virtual machines and tell me which ones match.
Listen up, developers. You are not special. Your infrastructure is not a beautiful and unique snowflake. You have the same tech debt as everyone else. This is a talk about a better way to build and manage infrastructure: Terraform Modules. It goes over how to build infrastructure as code, package that code into reusable modules, design clean and flexible APIs for those modules, write automated tests for the modules, and combine multiple modules into an end-to-end techs tack in minutes.
You can find the video here: https://www.youtube.com/watch?v=LVgP63BkhKQ
Container orchestration from theory to practiceDocker, Inc.
"Join Laura Frank and Stephen Day as they explain and examine technical concepts behind container orchestration systems, like distributed consensus, object models, and node topology. These concepts build the foundation of every modern orchestration system, and each technical explanation will be illustrated using SwarmKit and Kubernetes as a real-world example. Gain a deeper understanding of how orchestration systems work in practice and walk away with more insights into your production applications."
Do any VM's contain a particular indicator of compromise? E.g. Run a YARA signature over all executables on my virtual machines and tell me which ones match.
Listen up, developers. You are not special. Your infrastructure is not a beautiful and unique snowflake. You have the same tech debt as everyone else. This is a talk about a better way to build and manage infrastructure: Terraform Modules. It goes over how to build infrastructure as code, package that code into reusable modules, design clean and flexible APIs for those modules, write automated tests for the modules, and combine multiple modules into an end-to-end techs tack in minutes.
You can find the video here: https://www.youtube.com/watch?v=LVgP63BkhKQ
Container orchestration from theory to practiceDocker, Inc.
"Join Laura Frank and Stephen Day as they explain and examine technical concepts behind container orchestration systems, like distributed consensus, object models, and node topology. These concepts build the foundation of every modern orchestration system, and each technical explanation will be illustrated using SwarmKit and Kubernetes as a real-world example. Gain a deeper understanding of how orchestration systems work in practice and walk away with more insights into your production applications."
Higher order infrastructure: from Docker basics to cluster management - Nicol...Codemotion
The container abstraction hit the collective developer mind with great force and created a space of innovation for the distribution, configuration and deployment of cloud based applications. Now that this new model has established itself work is moving towards orchestration and coordination of loosely coupled network services. There is an explosion of tools in this arena at different degrees of stability but the momentum is huge. On the above premise this session we'll give an overview of the orchestration landscape and a (semi)live demo of cluster management using a sample application.
Get hands-on with security features and best practices to protect your containerized services. Learn to push and verify signed images with Docker Content Trust, and collaborate with delegation roles. Intermediate to advanced level Docker experience recommended, participants will be building and pushing with Docker during the workshop.
Led By Docker Security Experts:
Riyaz Faizullabhoy
David Lawrence
Viktor Stanchev
Experience Level: Intermediate to advanced level Docker experience recommended
Speaker: Jacob Aae Mikkelsen
Once you have successfully developped your application in Grails, Ratpack or your other favorite framework, you would like to see it deployed as fast and painless as possible, right?
This talk will cover some of the supporting cast members of a succesful modern infrastructure, that developers can understand and use efficiently, and with good DevOps practices.
Key elements are
Docker
Infrastructure as Code
Container Orchestration
The demo-goods will hopefully be on our side, as this talk includes quite some live demos!
Docker is a key player in the microservices movement and is arguably the leader in containerization technology.
That said, there are many ways to “do Docker”.
Between the leading cloud providers AWS, Azure, and Google; plus other platform stacks like Docker/Swarm, Apache Mesos – DC/OS, and Kubernetes; it can get confusing.In this session, Michele will bring her customer experiences building solutions across most of these platforms – to provide you with the highlights, the architecture topologies, and some perspective on the way she helps her customers choose the right platform for their cloud, on premise or hybrid solutions.
Multi-Tenancy is a critical component of any Software as a Service (SaaS) application, which enables one application instance to serve multiple organizations, or tenants. This presentation by Scott Crespo covers the basics of multi-tenant architectures, and how to implement multi-tenancy using Python, Django, and the open-source project known as Django Tenant Schemas.
Cyber Range - An Open-Source Offensive / Defensive Learning Environment on AWS Tom Cappetta
This is the presentation of the SecDevOps-Cuse/CyberRange project. A project which aims to provide security researchers with a bootstrapped solution for building a personal research lab full of vulnerable assets, researcher tools, and well-known technologies like Nessus, Metasploit, FlareVM + many more...
A Hands-on Introduction on Terraform Best Concepts and Best Practices Nebulaworks
At our OC DevOps Meetup, we invited Rami Al-Ghami, a Sr. Software engineer at Workday to deliver a presentation on a Hands-On Terraform Best Concepts and Best Practices.
The software lifecycle does not end when the developer packages their code and makes it ready for deployment. The delivery of this code is an integral part of shipping a product. Infrastructure orchestration and resource configuration should follow a similar lifecycle (and process) to that of the software delivered on it. In this talk, Rami will discuss how to use Terraform to automate your infrastructure and software delivery.
Higher order infrastructure: from Docker basics to cluster management - Nicol...Codemotion
The container abstraction hit the collective developer mind with great force and created a space of innovation for the distribution, configuration and deployment of cloud based applications. Now that this new model has established itself work is moving towards orchestration and coordination of loosely coupled network services. There is an explosion of tools in this arena at different degrees of stability but the momentum is huge. On the above premise this session we'll give an overview of the orchestration landscape and a (semi)live demo of cluster management using a sample application.
Get hands-on with security features and best practices to protect your containerized services. Learn to push and verify signed images with Docker Content Trust, and collaborate with delegation roles. Intermediate to advanced level Docker experience recommended, participants will be building and pushing with Docker during the workshop.
Led By Docker Security Experts:
Riyaz Faizullabhoy
David Lawrence
Viktor Stanchev
Experience Level: Intermediate to advanced level Docker experience recommended
Speaker: Jacob Aae Mikkelsen
Once you have successfully developped your application in Grails, Ratpack or your other favorite framework, you would like to see it deployed as fast and painless as possible, right?
This talk will cover some of the supporting cast members of a succesful modern infrastructure, that developers can understand and use efficiently, and with good DevOps practices.
Key elements are
Docker
Infrastructure as Code
Container Orchestration
The demo-goods will hopefully be on our side, as this talk includes quite some live demos!
Docker is a key player in the microservices movement and is arguably the leader in containerization technology.
That said, there are many ways to “do Docker”.
Between the leading cloud providers AWS, Azure, and Google; plus other platform stacks like Docker/Swarm, Apache Mesos – DC/OS, and Kubernetes; it can get confusing.In this session, Michele will bring her customer experiences building solutions across most of these platforms – to provide you with the highlights, the architecture topologies, and some perspective on the way she helps her customers choose the right platform for their cloud, on premise or hybrid solutions.
Multi-Tenancy is a critical component of any Software as a Service (SaaS) application, which enables one application instance to serve multiple organizations, or tenants. This presentation by Scott Crespo covers the basics of multi-tenant architectures, and how to implement multi-tenancy using Python, Django, and the open-source project known as Django Tenant Schemas.
Cyber Range - An Open-Source Offensive / Defensive Learning Environment on AWS Tom Cappetta
This is the presentation of the SecDevOps-Cuse/CyberRange project. A project which aims to provide security researchers with a bootstrapped solution for building a personal research lab full of vulnerable assets, researcher tools, and well-known technologies like Nessus, Metasploit, FlareVM + many more...
A Hands-on Introduction on Terraform Best Concepts and Best Practices Nebulaworks
At our OC DevOps Meetup, we invited Rami Al-Ghami, a Sr. Software engineer at Workday to deliver a presentation on a Hands-On Terraform Best Concepts and Best Practices.
The software lifecycle does not end when the developer packages their code and makes it ready for deployment. The delivery of this code is an integral part of shipping a product. Infrastructure orchestration and resource configuration should follow a similar lifecycle (and process) to that of the software delivered on it. In this talk, Rami will discuss how to use Terraform to automate your infrastructure and software delivery.
dotnetMalaga-2020 Gestión de la configuración en aplicaciones WebPedro J. Molina
Charla impartida en dotnetMalaga el 2022.11.12 en la Facultad de Informática de Málaga.
Gestión de la configuración en aplicaciones Web. Como empaquetar, versionar y configurar nuestro software en un ambiente empresarial para minimizar errores y máximizar la seguridad de operación.
LangDev 2022 Metamodeling on the Web with EssentialPedro J. Molina
Slides for LangDev 2022. Talk.
http://langdevcon.org/
Pedro J. Molina: Essential 2.0 & Meow: Model Editors on the Web
Essential is a Language Workbench and tooling for implementing Model Driven tools on .NET initiated in 2008.
During this time the tool has been adapted to create metamodels, models, templates and model transformation in a complete integrated development environment (IDE). Essential has been used with success to prototype, create and evolve high-quality commercial code-generators.
In the last years, works to migrate Essential to the Web (version 2.0) has been performed to allow using its potential for cloud-based application and in the browser. Quid is one of the first tools created using Essential for Web. Moreover, Essential 2.0 is totally web-based and parsers and model editors has been recreated from scratch into TypeScript to fully embrace the Web platform and provide easy tooling for creating modeling environments on the Web. In this sense, Meow is a companion library for Essential to allow dynamically edit models on the web enforcing an arbitrary Essential Metamodel. Bindings for importing and exporting EMF ECore Models are provided to make it easy to reuse models.
Talk sharing career paths and experiences on Startups, Academia, & Industry to PhD students considering setting up a Startup.
Some advice to my younger self for building a startup.
Talk to Lowcomote's PhD Student on 2021.11.04.
By: Pedro J. Molina PhD. founder at Metadev S.L.
Presentación en Jornada “Ingeniería del Software Dirigida por Modelos en la industria” el 2019-11-25
https://mde-network.github.io/events/mde-industry-day
MDE permite construir aplicaciones de modo estructurado, trazable y repetible. Estas buenas propiedades son ideales para la construcción de software seguro. Las técnicas de generación de código permiten garantizar cumplimento de normativa y forzado de políticas de seguridad. Se ilustran ejemplos industriales de su uso.
Charla impartida del 12 de mayo de 2018 en SuperSEC, Almería, España.
OpenAPI is an the emerging standard for creating, managing and consuming REST APIs. Previously named Swagger, in the last year has been adopted by the Linux Foundation and gained the support of companies like Google, Microsoft, IBM, Paypal, etc. to become a de-facto standard for APIs. In this talk we will review 3 uses cases to apply OpenAPI to enhance and speed-up our developments to create OpenAPI compliant APIs.
Charla impartida en el Sevilla Developers Conference el 18 de febrero de 2017. Introducción a Microservicios, tecnologías, casos de uso y stacks en diversos lenguajes.
Introducción al framework Angular 2 para el desarrollo de aplicaciones Web. Revisión a sus conceptos principales y su alineación con el estándar Web Components.
Charla impartida el 26 de enero de 2017 para SevillaJS.
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...Globus
The U.S. Geological Survey (USGS) has made substantial investments in meeting evolving scientific, technical, and policy driven demands on storing, managing, and delivering data. As these demands continue to grow in complexity and scale, the USGS must continue to explore innovative solutions to improve its management, curation, sharing, delivering, and preservation approaches for large-scale research data. Supporting these needs, the USGS has partnered with the University of Chicago-Globus to research and develop advanced repository components and workflows leveraging its current investment in Globus. The primary outcome of this partnership includes the development of a prototype enterprise repository, driven by USGS Data Release requirements, through exploration and implementation of the entire suite of the Globus platform offerings, including Globus Flow, Globus Auth, Globus Transfer, and Globus Search. This presentation will provide insights into this research partnership, introduce the unique requirements and challenges being addressed and provide relevant project progress.
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Shahin Sheidaei
Games are powerful teaching tools, fostering hands-on engagement and fun. But they require careful consideration to succeed. Join me to explore factors in running and selecting games, ensuring they serve as effective teaching tools. Learn to maintain focus on learning objectives while playing, and how to measure the ROI of gaming in education. Discover strategies for pitching gaming to leadership. This session offers insights, tips, and examples for coaches, team leads, and enterprise leaders seeking to teach from simple to complex concepts.
Check out the webinar slides to learn more about how XfilesPro transforms Salesforce document management by leveraging its world-class applications. For more details, please connect with sales@xfilespro.com
If you want to watch the on-demand webinar, please click here: https://www.xfilespro.com/webinars/salesforce-document-management-2-0-smarter-faster-better/
How Recreation Management Software Can Streamline Your Operations.pptxwottaspaceseo
Recreation management software streamlines operations by automating key tasks such as scheduling, registration, and payment processing, reducing manual workload and errors. It provides centralized management of facilities, classes, and events, ensuring efficient resource allocation and facility usage. The software offers user-friendly online portals for easy access to bookings and program information, enhancing customer experience. Real-time reporting and data analytics deliver insights into attendance and preferences, aiding in strategic decision-making. Additionally, effective communication tools keep participants and staff informed with timely updates. Overall, recreation management software enhances efficiency, improves service delivery, and boosts customer satisfaction.
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...informapgpstrackings
Keep tabs on your field staff effortlessly with Informap Technology Centre LLC. Real-time tracking, task assignment, and smart features for efficient management. Request a live demo today!
For more details, visit us : https://informapuae.com/field-staff-tracking/
How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?XfilesPro
Worried about document security while sharing them in Salesforce? Fret no more! Here are the top-notch security standards XfilesPro upholds to ensure strong security for your Salesforce documents while sharing with internal or external people.
To learn more, read the blog: https://www.xfilespro.com/how-does-xfilespro-make-document-sharing-secure-and-seamless-in-salesforce/
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Globus
Large Language Models (LLMs) are currently the center of attention in the tech world, particularly for their potential to advance research. In this presentation, we'll explore a straightforward and effective method for quickly initiating inference runs on supercomputers using the vLLM tool with Globus Compute, specifically on the Polaris system at ALCF. We'll begin by briefly discussing the popularity and applications of LLMs in various fields. Following this, we will introduce the vLLM tool, and explain how it integrates with Globus Compute to efficiently manage LLM operations on Polaris. Attendees will learn the practical aspects of setting up and remotely triggering LLMs from local machines, focusing on ease of use and efficiency. This talk is ideal for researchers and practitioners looking to leverage the power of LLMs in their work, offering a clear guide to harnessing supercomputing resources for quick and effective LLM inference.
Software Engineering, Software Consulting, Tech Lead.
Spring Boot, Spring Cloud, Spring Core, Spring JDBC, Spring Security,
Spring Transaction, Spring MVC,
Log4j, REST/SOAP WEB-SERVICES.
We describe the deployment and use of Globus Compute for remote computation. This content is aimed at researchers who wish to compute on remote resources using a unified programming interface, as well as system administrators who will deploy and operate Globus Compute services on their research computing infrastructure.
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoamtakuyayamamoto1800
In this slide, we show the simulation example and the way to compile this solver.
In this solver, the Helmholtz equation can be solved by helmholtzFoam. Also, the Helmholtz equation with uniformly dispersed bubbles can be simulated by helmholtzBubbleFoam.
Cyaniclab : Software Development Agency Portfolio.pdfCyanic lab
CyanicLab, an offshore custom software development company based in Sweden,India, Finland, is your go-to partner for startup development and innovative web design solutions. Our expert team specializes in crafting cutting-edge software tailored to meet the unique needs of startups and established enterprises alike. From conceptualization to execution, we offer comprehensive services including web and mobile app development, UI/UX design, and ongoing software maintenance. Ready to elevate your business? Contact CyanicLab today and let us propel your vision to success with our top-notch IT solutions.
Experience our free, in-depth three-part Tendenci Platform Corporate Membership Management workshop series! In Session 1 on May 14th, 2024, we began with an Introduction and Setup, mastering the configuration of your Corporate Membership Module settings to establish membership types, applications, and more. Then, on May 16th, 2024, in Session 2, we focused on binding individual members to a Corporate Membership and Corporate Reps, teaching you how to add individual members and assign Corporate Representatives to manage dues, renewals, and associated members. Finally, on May 28th, 2024, in Session 3, we covered questions and concerns, addressing any queries or issues you may have.
For more Tendenci AMS events, check out www.tendenci.com/events
Multiple Your Crypto Portfolio with the Innovative Features of Advanced Crypt...Hivelance Technology
Cryptocurrency trading bots are computer programs designed to automate buying, selling, and managing cryptocurrency transactions. These bots utilize advanced algorithms and machine learning techniques to analyze market data, identify trading opportunities, and execute trades on behalf of their users. By automating the decision-making process, crypto trading bots can react to market changes faster than human traders
Hivelance, a leading provider of cryptocurrency trading bot development services, stands out as the premier choice for crypto traders and developers. Hivelance boasts a team of seasoned cryptocurrency experts and software engineers who deeply understand the crypto market and the latest trends in automated trading, Hivelance leverages the latest technologies and tools in the industry, including advanced AI and machine learning algorithms, to create highly efficient and adaptable crypto trading bots
Code reviews are vital for ensuring good code quality. They serve as one of our last lines of defense against bugs and subpar code reaching production.
Yet, they often turn into annoying tasks riddled with frustration, hostility, unclear feedback and lack of standards. How can we improve this crucial process?
In this session we will cover:
- The Art of Effective Code Reviews
- Streamlining the Review Process
- Elevating Reviews with Automated Tools
By the end of this presentation, you'll have the knowledge on how to organize and improve your code review proces
Quarkus Hidden and Forbidden ExtensionsMax Andersen
Quarkus has a vast extension ecosystem and is known for its subsonic and subatomic feature set. Some of these features are not as well known, and some extensions are less talked about, but that does not make them less interesting - quite the opposite.
Come join this talk to see some tips and tricks for using Quarkus and some of the lesser known features, extensions and development techniques.
Globus Connect Server Deep Dive - GlobusWorld 2024Globus
We explore the Globus Connect Server (GCS) architecture and experiment with advanced configuration options and use cases. This content is targeted at system administrators who are familiar with GCS and currently operate—or are planning to operate—broader deployments at their institution.
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...Globus
The Earth System Grid Federation (ESGF) is a global network of data servers that archives and distributes the planet’s largest collection of Earth system model output for thousands of climate and environmental scientists worldwide. Many of these petabyte-scale data archives are located in proximity to large high-performance computing (HPC) or cloud computing resources, but the primary workflow for data users consists of transferring data, and applying computations on a different system. As a part of the ESGF 2.0 US project (funded by the United States Department of Energy Office of Science), we developed pre-defined data workflows, which can be run on-demand, capable of applying many data reduction and data analysis to the large ESGF data archives, transferring only the resultant analysis (ex. visualizations, smaller data files). In this talk, we will showcase a few of these workflows, highlighting how Globus Flows can be used for petabyte-scale climate analysis.
3. Agenda
▪ Infrastructure as Code
▪ Immutable Infrastructure
▪ Cloud Providers and AWS
▪ Terraform
▪ Installation & Software Prerequisites
▪ Resources & Dependencies
▪ Execution Plans
▪ Industrial examples
▪ Best practices
▪ Exercises on AWS + Terraform
4. Get the material
1. Go to: https://github.com/metadevpro/terraform-aws-training
2. Clone the code examples:
git clone git@github.com:metadevpro/terraform-aws-training.git
3. Get credentials for an AWS account
5. Infrastructure as Code
Engineering Practice to define Infrastructure as code and configuration.
Main Properties:
▪ Repeatable
▪ Can be Versioned (with standard source code tools like git or hg)
▪ Robust
▪ Can be Automated
6. Immutable Infrastructure
Traditional Approach: PatchingServers
▪ Few items
▪ Named as pets
▪ Manual patching
▪ State unknown over time
▪ Improved by Ansible or Chef for automation
New Approachon scale: Immutable Infrastructure
▪ No patching. Managed as bacteria
▪ Destroy and recreate
▪ Well know-state
▪ Apply all security patches for better safety
8. Amazon Web Services
The first provider: inventors of the cloud (EC2, S3)
Leading innovationon cloud: AWS Lambda,Fargate, etc.
Very complete offeringof services.
Many Data-Centersaround the world.
Price competitive. Leaders and growingyear by year.
12. Hashi Configuration Language (HCL)
Terraform uses *.tf files.
Simple Configuration DSL to describeResources and Desired State.
Similar to JSON syntax, but rich in expressiveness.
Samples:
resource "aws_instance" "web" {
ami = "ami-a1b2c3d4"
instance_type = "t2.micro"
}
resource "heroku_app" "app1" {
name = "my-cool-app"
region = "us"
config_vars = {
FOOBAR = "baz"
}
buildpacks = [
"heroku/go", "heroku/node"
]
}
13. Terraform: Resources
A Resource represent aconcrete (vendor-specific) Cloud Service we can
manipulate.
Resources has a well-knowtype with properties we must configure.
Resources are exposed and managed byProviders.
Examples:
aws-instance Represents a machine in AWS EC2 Service.
azurerm_virtual_machine Represents a virtual machine in Azure.
google_compute_instance Represents a virtual machine in Google Cloud.
14. Terraform: Providers
A Provider is a driver implementing the communication and automation
for an specific Cloud Provider.
Each provider expose more or less Resource types dependingon the offeringof
the CloudVendor, and the supportof the current Provider version.
Examples: Google,Github or Digital Ocean
See list of providers here: https://registry.terraform.io/browse/providers
19. Sample one
Exercise 01
Create afirst Virtual Machine
▪ Setup credentials access to AWS
▪ Deploy on AWS in Paris Data Center
▪ Prefix with your name to avoid collisions
▪ Retrieve output public IP
▪ Use SSH Key to connect to the machine
$ ssh –i paris-keys.pem ec2-user@<ip>
ec-instance security-group
20. Terraform: Dependences
▪ Resources has dependences
▪ Forming a directed graph of resources
▪ Provision should follow a given order
▪ Deprovisining the reverse order
ec-instance
public-ip
esb-storage
vpc
dns
security group
load-balancing-group
rds-aurora-db
$ terraform graph http://www.webgraphviz.com/
21. Terraform: Desired State
Desired State: The ideal state described by the configuration (immutable).
Current State: The actual state in the infrastructure. Changes over time.
Services can be down. Provisioning can fail or lack or permissions.
Differences: The plan to add/remove/changes resources to achieve the
Desired State based in the Current State.
22. Terraform: State Management
Terraform uses:
▪ terraform.tfstate file to store last state know of a given infrastructure and
▪ terraform.tfstate.backup file to store the previous version.
There is service provide by Terraform athttps://app.terraform.io
to store the state in a shared central repository to be shared in a team.
For example: to prevent two provisionoperations at the same time.
24. Terraform: Execution Plans
Sample:
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# aws_instance.machine01 will be created
+ resource "aws_instance" "machine01" {
+ ami = "ami-007fae589fdf6e955"
+ arn = (known after apply)
+ associate_public_ip_address = true
+ get_password_data = false
+ instance_type = "t2.micro"
+ ipv6_addresses = (known after apply)
+ key_name = "paris-keys"
+ security_groups = (known after apply)
+ source_dest_check = true
+ subnet_id = (known after apply)
…
25. Create a static Web-site
Exercise 02
Create astatic web-site withS3
▪ Create a public bucket
▪ Upload html files and make it public
▪ Use the provided URL to access the web-site
S3-bucket iam-policy
26. Remote provisioners
Exercise 03
Provision aMachine
▪ Apply software updates: sudo yum update -y
▪ Install Docker
▪ Launch a container for a web app
aws-instance security-group
provision 1
provision 2
27. Terraform: Modules
Modules
▪ allows to create reusable
assets to be share between
projects
▪ Hides complexity(VPC creation
example)
▪ Registry for publicModules
https://registry.terraform.io/modules
/terraform-aws-
modules/vpc/aws/2.21.0
module "vpc" {
source = "git@github.com:terraform-
aws-modules/terraform-aws-vpc.git"
name = "${var.vpc_name}"
cidr = "172.29.208.0/20"
private_subnets = [
"172.29.208.0/24",
"172.29.209.0/24",
"172.29.210.0/24" ]
enable_nat_gateway = true
}
28. Terraform: Industrial Examples
Samples
1. E2E Tests scenarios for an Online University using Azure
in Spain
2. Dev/Staging/Prod environments for a mobile fintech app
in UK using AWS
3. Setup a private CI server in the cloud with Teamcity
30. Immutable Infrastructure
AWS
VPC 10.10.0.0/16
Subnet no-internet
10.10.51.0/24
Subnet db
10.10.21.0/24
Subnet private
10.10.1.0/24
Subnet public
10.10.11.0/24
Avaliability Zone 1 eu-west-2a Avaliability Zone 2 eu-west-2b
Router VPN Gateway
Customer
Gateway
VPN
Connection
Subnet no-internet
10.10.52.0/24
Subnet db
10.10.22.0/24
Subnet private
10.10.2.0/24
Subnet public
10.10.12.0/24
db
rabbitmq
services
nginx
services
db
rabbitmq
nginx
batch batch
3rd-party
Avaliability Zone 3 eu-west-2c
Subnet no-internet
10.10.53.0/24
Subnet db
10.10.23.0/24
Subnet private
10.10.3.0/24
Subnet public
10.10.13.0/24
services
db
rabbitmq
nginx
batch
31. Private CI Server
Exercise 04
Provision aPrivateTeamcityforContinuous Integration
▪ On the Cloud
▪ Usable for free for private projects till 100 projects
aws-instance
docker-compose
teamcity
security-group
32. Best Practices
▪Build your Terraform Scripts incrementally
▪Test them frequently
▪Encapsulate repeated blocks as modules
▪Incorporate existing infrastructure with terraformimport
▪Use variables to parametrize regions, AMIs, environment
prefix, etc.
▪Do notstore sensible credentials in repositories (inject later
as ENV vars)
▪Use provisioners (non declarative) as a last resort (prefer
packed images AMI) See Packer https://packer.io
33. Alternatives
Pulumi
https://www.pulumi.com
Infrastructure as Code. Imperative(uses JS), not declarative.
Compatible with (reuse) Terraformprovisioners.
AWSCloud Formation
https://aws.amazon.com/es/cloudformation
Provides templates(JSON/YAML based) to create resourcesin AWS. AWS only.
Azure Resource Manager
https://docs.microsoft.com/es-es/azure/azure-resource-manager/templates/overview
Similartemplate approach to Cloud Formation for Azure only (JSON based).