Isn't That For Devops.

EC2, ELB, Route53, S3...they stand out on any Software Engineer's resume these days but why should you want to learn these services? As of 2016, AWS had a 45% share of the public cloud infrstructure market, so it might be worth your time.

There are plenty of easier paths to get your pet project up and running such as Heroku, Engine Yard or Google App Engine; but I like to use AWS as my playground for the same reason I make side projects - to learn new skills that will help my career and my day to day easier. Here I'll give you a high level overview of what and how to set things up and a small ansible script that will re-create the network on your account.

The Basics

Setting up your infrastructure will consist of a VPC, a couple of subnets, an IGW, NAT and their routing tables. Breaking it down quickly, your VPC is your private network with an assigned IP range. Your VPC is broken up into subnets each of which get assigned a subset of your VPCs IP range. You'll want to make an IGW and assign your VPC to it. This will give your VPC access to the internet. The NAT similarly will give internet access to private subnets[1] and disallow incoming connections to them. Lastly, and most importantly, are your routing tables. You associate your subnets with a routing table and then you create some routes to allow traffic in and out.

A minimum setup to get a project live and reachable would be 1 VPC, 1 subnet, an IGW and 1 routing table. The IGW is associated to the VPC, and the routing table allows all traffic from the IGW to your 1 subnet.

Note: At this point you only have the network setup, next steps would be to deploy your project to an EC2 instance and tweak its security group to allow specific ports to be used.

Click All The Things

When I first tried to set this up myself I spent a lot of time clicking. So many services and so many configuration pages and options are on every page of AWS it's extremely easy to get lost. The one thing I won't do in this blog is have screenshots of AWS with a step-by-step tutorial...it will be out of date by the time you read it, and it's honestly worth your time to go click all the things. Once you've gotten fairly familiar with the basics of AWS it's better to move on and just automate the setup. Lately I've been enjoying using Ansible for automated infrastructure becuase it was super simple to get started with.

Ansible

Ansible is a simple automation language that can perfectly describe an IT application infrastructure
-Ansible

I'm usually skeptical about a company's elevator pitch, but I have found that ansible is quite simple. There are modules for mostly everything, and when there aren't I can quickly write a script that gets the job done instead.

To create the simple setup we'll be using the Ansible Cloud Modules. Specifically:

  • ec2_vpc_net
  • ec2_vpc_igw
  • ec2_vpc_subnet
  • ec2_vpc_route_table

A sample task in a playbook would like:

- name:  "Create VPC for in AWS"
  ec2_vpc_net:
    profile: "barreeyentos_profile"
    region: "us-west-2"
    state: present
    cidr_block: "10.0.0.0/16"
    name: "barreeyentos_vpc"
    tags: {"Environment": "barreyentos"}
  register: vpc_result

To get the ansible playbook to work you will have to setup a few credentials that allow the creation of AWS resources. The complete step-by-step with the ansible playbook can be found here which is a playbook used to setup a small POC of setting up this blog powered by Ghost.

What I learned

The reason I like playing with and learning AWS is because it makes my day to day easier. As a software engineer I work with large distributed systems and writing code is only half the battle. Making it performant and reliable is more important than making sure the code formatted correctly or named appropriately and to do this I've had to understand the infrastructure the code is being deployed to. Understanding its limits and how it scales is usually faster than trying to micro-optimize algorithms. When PagerDuty wakes me up in the middle of the night because the servers are on fire, I like to have the peace of mind that I won't accidentally delete half of the network by clicking the wrong button. I also enjoy my sleep, so quickly knowing what service to scale up or which machine to add more disk space to is worth the time investment.

  1. Private subnet is a subnet whose routing table is not attached to an IGW, in other words, a subnet that can only be reached from within the VPC. ↩︎