Amazon AWS Certified Advanced Networking Specialty – Automation Primer

  • By
  • January 16, 2023
0 Comment

1. Understanding Infrastructure as Code

Hey everyone, and welcome back to the Knowledge Portal video series. Now in today’s lecture, we will be speaking about infrastructure as code. Now, this specific approach of building infrastructure has gained a huge popularity among today’s market. And a lot of organizations are now migrating to infrastructure as a codebased approach. So let’s get go ahead and understand this. So, coming back to the basics, there are two ways in which you can actually build your infrastructure. One is by manually creating the infrastructure. So you manually create a server, everything will be manual and second will be through automation. So when I talk about manual, let’s just see on how it works.

Let’s assume there needs to be an easy to instance. So you got a requirement from a developer which says that an EC two instance is required. So what you do, you go to AWS or whatever cloud provider, you do everything manual. Like you select the operating system. Once you select the operating system, you select the resources like it needs a two GB Ram or a four GB Ram. Once you select the resource, you select in which VPC, what are the firewall settings, and everything will be a manual approach. So tomorrow, again, if a developer needs one more instance, again you log into the cloud provider console, you do everything manually. So that is the manual approach.

Definitely. That manual approach is repetitive and it takes a lot of time. And second is through automation. So what happens in automation is like you write a simple script which launches an easy to instance. So whenever developer requests you for an easy to instance, you just run the script and the EC to instance will be created for you. So this specific approach of automation is a very sturdy approach and this is something which must be implemented, I would say, in most of the organization. So let’s understand this with the example of a single service.

So in many of the organizations, the environment is segregated. Like you have a development environment, you have a staging as well as you have a production. So anything new or any new service that comes up, the infrastructure has to be first built in the development environment.

So you will need some EC two instances you will need a MySQL database, you will need a S three bucket. And there will be some kind of a pipeline that has to be created. Now, in a traditional way, you will be doing everything manual. So in development environment, you launch everything manual. And once the development environment seems to be working, the developer will ask you to do the same or replicate the same setup in staging. So what you do, you go to the staging account, you again create an entire infrastructure which would be a similar application in the staging environment. Now, once the testing and everything is done in staging, again the developer and the Qat will ask you to move everything to production. And now what you’ll do, you move the entire environment. Again you will launch instances, you’ll create a MySQL database, s three bucket, everything manual, and this is just for a single service. So you will understand the efforts that will be needed by a DevOps or by a solutions architect guy to launch this infrastructure for a single service.

But when you talk about big organizations, they actually have like 500 to 600 services and doing things manually actually does not suffice. So you cannot scale this approach. And specifically for a lazy people like me, doing things manually is out of reach. So in order to solve this, what you have is you have an infrastructure as a code. So what you do, you write a template which will launch an infrastructure for you. And from that template, what you do is you launch a development environment. So the entire template of creating EC two instances, databases, s three bucket is written over here and you launch this template in the development environment and everything will be created for you. Now, after a week or two, once the developer will tell to replicate this environment in staging, you don’t really have to worry because you have the template, you go ahead and launch the template and the same infrastructure will be created.

Similarly, after a month, if the QA team asks you to deploy it in production, again, you don’t have to worry, you can directly launch it from the template. So only efforts that you will be needing is in the initial time when you have to create a template, you have to write a code and after that you don’t really have to worry about it. So this is called as the infrastructure as code. I’ll show you a demo so that it will become much more clear to you. So let me open up my item. So, I have a simple infrastructure as code based template, which I have written based on TerraForm.

So what this basically does, it creates a EC two instance based on a specific AMI. This is the Amazon Linux AMI. Then you have a T two micro instance and you have a security group. So if you look into the security group, there are two ports which are present over here. One is for inbound and one is for outbound. So in inbound it is allowing port 22 on this specific IP and outbound it is allowing all the ports for zero, zero, zero. Perfect. So we have written a sample template and this template is based on AWS and it will be launched in the EU with Hyphen one region. Perfect. So this is something that we really wanted. So let’s do one thing, let’s go ahead and deploy the template. So let’s go to TerraForm. And let me just quickly verify if everything seems to be proper, and it is. So I have actually copied the entire template in the EC two instance and what we’ll do is we have a region, let me show you. I have a region, Ireland, and there are no instances which are created over here. So we will be creating our first EC, two instance with the help of infrastructure as a code. Perfect. So since I have my working code ready, what I’ll do is I’ll run a TerraForm plan.

So this template is based on TerraForm which is again a great infrastructure as code platform. So what it is showing is it is actually showing you what exactly will be created in your AWS account. So this seems to be proffered. And I’ll run TerraForm Apply. TerraForm Apply will go ahead and deploy everything that is written in the code to your cloud provider, in our case AWS. So if you’ll see over here, it is creating a security group first. And once the security group will be created, it will create an EC to instance and it will connect the security group to the EC to instance. So it might take a minute for this to be deployed. So you see, it is creating the EC to instance. Till that time, let me show you. There are various platforms which are available for developing infrastructure as a code. TerraForm is one of the very nice ones which I really like. So this is something that we will be using extensively. And we actually have an entire quotes coming up for the TerraForm. So stay tuned.

Along with that, there are other platforms also available like AWS cloud formation which allows you to do similar things. Now, one of the difference between cloud formation and TerraForm is that cloud formation is vendor specific. Like it is only for AWS, you cannot use this for other cloud providers. However, TerraForm can be used for other cloud providers as well. And this is the reason why this is really great. Perfect. So now coming back, you will see our TerraForm template has completed and it says that there are two resources which are created. So let’s do one thing. Let me just refresh the EC to console. And now you see our first EC, two instances created with the name IAC and it has a security group. Let me just open up the security group and in the inbound you will see we have one inbound rule which is created and in the outbound you have one outbound rule which is also created. So now, if I want to create the same instance in some different region, the only thing that I have to do is I have to specify the region over here and then it will create the same easy to instance in a different region as well. So this is the very high level overview about infrastructure as a code. So let’s come back to our PowerPoint presentation.

So, there are various benefits of running infrastructure as a code. One is the reusable code. So if you develop a three tire based architecture, you don’t really have to write the code again. Because in Internet there are a lot of people who have actually written the code related to three tire based architecture, based on TerraForm or based on cloud formation. So what you can do is you can just copy their code and you can launch your infrastructure based on that. You really have to write the entire code again. That is one very big advantage. Second advantage is that you can manage infrastructure via source control so you can actually commit your code in git so you will have a proper source control. And second is? Third is you can enable collaboration and if you have multiple solutions architect within your organization, everyone can collaborate and write a comprehensive infrastructure as a code. Any will be discussed. Thing more about this in the relevant section.

2. Creating VPC with CloudFormation

Hey everyone and welcome back. In today’s video we’ll be discussing about how we can create a VPC with the help of cloud formation. So in today’s video, our main focus would be to design a minimal template which would be required for the deployment of basic VPC within the AWS console. Now, I have already now I already have a template for the VPC. So I already have a sample template which can create a VPC. So this is how the template looks like. So what we’ll be doing is we’ll be first deploying this template in cloud formation. We’ll look whether it gets deployed or not. And once that happens, then we’ll understand about each and every resource and each and every parameter which is present within the template.

So let’s get started. So if you look into this specific file, this is a very simple template based on cloud formation for creation of VPC. So before we go ahead and discuss more about it, let’s go ahead and deploy this VR cloud Formation now I will buy Cloud Formation console. So this is the new GUI that they have launched. So what we’ll do is we’ll create a first stack. Now, before we do a creation of first stack, let’s go to the VPC and let’s quickly verify what are the VPCs which are available over here. So there are two VPCs which are available. One is 170 216 and second is 172 31. So these are the two V PCs which are available. However, if you look into the template, our CIDR block is 10770 00:16. So this is the cidi block with which the VPC should be created.

So now let’s do one thing, let’s click on Create Stack. Now within this there are a few options which are available like you can use a sample template, you can make use of designer. Also you can also specify the S three URL where your template might be stored. What we’ll do, we’ll click on upload a template file because my template file is stored in my laptop currently and I’ll click on choose file and I’ll select the appropriate file. So this is my file name which is CFC one YML. And once you have done that, you can click on Next. Now you’ll have to give a stack name, let’s say as demo VPC. I’ll go ahead and I’ll do a Next. I’ll leave things as default for the timing. I’ll do a Next and let me go a bit down. Let’s go ahead and create a stack. So currently a stack creation is in process.

So if you look into the status, the status says creating progress. So it would just take us some moment of time before the VPC gets created. Great. So now you see it says the Create complete status. So that basically means that the resource has been created. Now if you typically go to VPC now and let me quickly do a refresh, you would see a VPC with the name of CF, VPC which is created and it has the Cidi block of 10770 00:16 which was defined within the template. So now let’s do one thing, let’s go ahead and understand more about Tinplating. So this is basically a YAML based template. Now again, there are two ways in which you can design your template. One would be based on JSON and second is based on YAML. Now, YAML is something which is preferred because it is easier to write. Also it is quite easy to go through. So now within this template, in the first line we have an AWS template format version which says 2010 90 Nine.

Now, this AWS template format version basically specifies the version of template being used. So as of now in cloud formation this is the only valid value that can be associated over here. Now, what happens is that in case AWS decides to release the new format version, then you would have to change this specific value. Now again, if it’s a new format version, then there’ll be certain additional capabilities and in order to take advantage of that additional capabilities, you’ll have to switch to the latest format version. Now, currently, since we don’t have any other format version, this is the value that we need to put over here. Now the second important part over here is the description where we are just specifying what is the description here.

And the important part over here is the resource. Now, resource is basically you can say it as a container which basically states that all the resource that you create, it goes under the resource section of the template. Now, if you take a close look into the template, you would see that resource is on the left and any other thing that you define over here it is bit on the right hand side. So this basically signifies that my VPC is under the resources. So this is one important part to remember. So let’s do one thing, let me open the template here so that it becomes easier for us to understand. So I have increased the font size. So we have been discussing till here, we already know that any resource that we typically create, it should go under the resource. And this is the reason why all of these parameters and key value pair are there under the resources over here.

Now, under resources you have my VPC. Now, this is something that you can change and you can give whatever name that you have. And under this you have defined a type and the type is AWS EC to VPC. Now, this type is extremely important because this basically determines what exactly needs to be created. So basically cloud formation would look into the type. So it will look into the template. First it will look into the resources, then it will see, all right, there is a resource which is defined of type AWS EC to VPC. And then all of these properties which we have defined over here. These properties basically belong or is associated with this type.

Now, if you put the properties of a different type over here, then your cloud formation template will not work perfectly. So let’s do one thing. Let me copy this type over here and I’ll just paste it in Google. Now, within Google you see the first documentation link that you see over here. Let’s see. Now on the left hand side within the EC Two, you see there are a lot of types which are available. So if you want to create an elastic IP, then you need to use the type of AWS, EC Two, EIP and so on. So these are all the types which are available for EC two. Now, if you click on DynamoDB, let’s say you want to create a DynamoDB table, then you need to make use of the Dynamo DB type here. All right? Now since basically we are making use of VPC because we want to create a VPC, we’ll use the VPC type over here. All right?

So this is what the type is all about. Now, associated with each type there are certain properties. Now these properties are basically present within the documentation also. So within the documentation you’ll see that for the type of AWS EC to VPC you have certain properties which are allowed. Now these are the properties. First is the CIDR block, second is the enabled DNS support. You have enabled DNS hostname instance tenancy and tags. So this is a JSON template. So we have already discussed that there are two ways in which you can define cloud formation. One is JSON and second is YAML. Now, YAML is much more easier to write and this is what we are creating now associated with each properties. If you want to understand, say CIDR block in detail, you can click here and AWS will take you down and it will give you the more detailed information.

So it says CIDR block and it has required yes. So that basically means that if you define a type of AW 62 VPC, then this specific CIDR block is mandatory that you need to put. You cannot ignore that. All right? However, for the second you see enable DNS support required no. So even if you do not put this, that is fine, it is not a mandatory field. So this is how you can go ahead and read the documentation and see what are the properties which are associated with a given type and whether the properties are required or not.

So within the properties, the first thing that we have defined is the CIDR block which is 10770 00:16. We have defined the instance tenancy as default and then we have defined tags over here. Now, within the tag we have a tag call as name. The name is CF VPC and we have a second tag which is Environment. And the environment is demo. So basically if I quickly have to show you on how exactly this might look like. Now, I’m in my VPC that was created and if you look into the tags over here, you will see you have the environment as demo and the name as CFC CFPP. Now, since CF VPC is the value associated with the name, you should be able to see over here because here you are doing a filter by the name.

Comments
* The most recent comment are at the top

Interesting posts

The Growing Demand for IT Certifications in the Fintech Industry

The fintech industry is experiencing an unprecedented boom, driven by the relentless pace of technological innovation and the increasing integration of financial services with digital platforms. As the lines between finance and technology blur, the need for highly skilled professionals who can navigate both worlds is greater than ever. One of the most effective ways… Read More »

CompTIA Security+ vs. CEH: Entry-Level Cybersecurity Certifications Compared

In today’s digital world, cybersecurity is no longer just a technical concern; it’s a critical business priority. With cyber threats evolving rapidly, organizations of all sizes are seeking skilled professionals to protect their digital assets. For those looking to break into the cybersecurity field, earning a certification is a great way to validate your skills… Read More »

The Evolving Role of ITIL: What’s New in ITIL 4 Managing Professional Transition Exam?

If you’ve been in the IT service management (ITSM) world for a while, you’ve probably heard of ITIL – the framework that’s been guiding IT professionals in delivering high-quality services for decades. The Information Technology Infrastructure Library (ITIL) has evolved significantly over the years, and its latest iteration, ITIL 4, marks a substantial shift in… Read More »

SASE and Zero Trust: How New Security Architectures are Shaping Cisco’s CyberOps Certification

As cybersecurity threats become increasingly sophisticated and pervasive, traditional security models are proving inadequate for today’s complex digital environments. To address these challenges, modern security frameworks such as SASE (Secure Access Service Edge) and Zero Trust are revolutionizing how organizations protect their networks and data. Recognizing the shift towards these advanced security architectures, Cisco has… Read More »

CompTIA’s CASP+ (CAS-004) Gets Tougher: What’s New in Advanced Security Practitioner Certification?

The cybersecurity landscape is constantly evolving, and with it, the certifications that validate the expertise of security professionals must adapt to address new challenges and technologies. CompTIA’s CASP+ (CompTIA Advanced Security Practitioner) certification has long been a hallmark of advanced knowledge in cybersecurity, distinguishing those who are capable of designing, implementing, and managing enterprise-level security… Read More »

Azure DevOps Engineer Expert Certification: What’s Changed in the New AZ-400 Exam Blueprint?

The cloud landscape is evolving at a breakneck pace, and with it, the certifications that validate an IT professional’s skills. One such certification is the Microsoft Certified: DevOps Engineer Expert, which is validated through the AZ-400 exam. This exam has undergone significant changes to reflect the latest trends, tools, and methodologies in the DevOps world.… Read More »

img