Terraform implementation of the Arbor Tech Test
- Use Remote State to allow multiple engineers to work simultaneously
- Use Community modules to simplify/abstract away (particularly vpc config)
- Use tfsec to report and improve security posture, implementing into ci/cd to prevent security flaws being introduced
- Use CI/CD to release tf, running tests (validate/tfsec etc)
- Use multiple AZs with an ALB to allow for a HA setup and failure of at least one AZ
- Application run in private subnets with only load balancer public facing
- Use NAT Gateway to allow application internet access if required
- Use Cloudwatch metric alarms / lifecycle hooks to act when success rates fall and responses times rise (scale up on error rate increase, slowing response times)
- tfdocs to generate documentation
- Remote State Setup
cd remote-state
terraform init
terraform apply
- Project init
terraform init
terraform workspace new dev
terraform plan -var-file=config/dev.tfvar
terraform apply -var-file=config/dev.tfvar
- Running out tf
terraform workspace select dev
terraform plan -var-file=config/dev.tfvars
terraform apply -var-file=config/dev.tfvars
- Code Tidy
- tfsec run - static code analysis for terraform stack
- Add SSL Functionality to ALB - Currently not possible in my sandbox environment
- Autoscaling based upon metrics for Response Time
- Autoscaling based upon metrics for Success Rate - 5xx
- Add all tfsec rules for fix/ignore
- Migration to Containers - Faster scale up
- Load Testing - Not possible against nginx welcome page - Gatling
- github actions ci/cd - Potentially on push to main - apply
4000 schools * 20 classes * 30 peoples = Up to 80,000 registers being submitted around 930am ~ 3 million api calls Potential for use of SQS or other queueing service to reduce write requirements to the database Redis/Memcache to cache reads of class list
No requirements.
Name | Version |
---|---|
aws | 5.6.2 |
Name | Source | Version |
---|---|---|
alb | terraform-aws-modules/alb/aws | 8.7.0 |
asg | terraform-aws-modules/autoscaling/aws | 6.10.0 |
vpc | terraform-aws-modules/vpc/aws | 5.0.0 |
Name | Type |
---|---|
aws_cloudwatch_log_group.vpn_endpoint_logs | resource |
aws_cloudwatch_log_stream.vpn_endpoint_stream | resource |
aws_cloudwatch_metric_alarm.elb_5xx_alarm | resource |
aws_security_group.nginx | resource |
aws_sns_topic.my_topic | resource |
aws_ami.amazon | data source |
Name | Description | Type | Default | Required |
---|---|---|---|---|
environment | Environment | string |
n/a | yes |
private_subnets | A list of private subnets inside the VPC | list(string) |
n/a | yes |
public_subnets | A list of public subnets inside the VPC | list(string) |
n/a | yes |
vpc_cidr | CIDR for VPC | string |
n/a | yes |
Name | Description |
---|---|
load_balancer_dns | n/a |