Infrastructure as A Code (Revision)

The AWS CloudFormation is the core of infrastructure as code for the Amazon cloud computing services. Infrastructure as code can be defined as the process of provisioning as well as managing the organization cloud resources with the help of the templates that is supposed to be both human readable as well as machine readable. Specifically, the Amazon Web Services (AWS) cloud development utilizes the in-built AWS Cloud Formation as its infrastructure as code (Walker & Cerny, 2020). The Cloud Formation helps the users to write details of the resources needed to create the AWS account. Additionally, it enables the user to implement the given description into action in the real world. The most common template utilized in the Amazon web Services (AWS) is the YAML template. A sample snippet of the code is given in figure 1 below;

Figure 1:YAML template snippet

From the figure it is clear that the AWS CloudFormation takes use of this template specifically dealing with creation, updating as well as deleting of the resources in the AWS account based on the description given in the code. This means that, if a new resource is added to the cloud file, the CloudFormation automatically creates the resource in the user AWS account. Either way, if a user updates a certain resource, the CloudFormation automatically updates or replace the old resource in the user AWS account. Also, if a resource is removed from the given template, the CloudFormation will as well remove the same resource from the user AWS account.

The Amazon Virtual Private Cloud (VPC) is an infrastructure service that enables the AWS resources launched in the virtual network defined. It gives the user total control in managing the virtual network resources such as IP addressing, subnets creation and management as well as configuration of the route tables and the network gateways.

The VPC supports both IPv4 and IPv6. This makes it easy to manage and access the resources and the applications (Sandobalin, et al., 2017). This service is essential in the configuration of the VPC network. It functions both in the front end such as accessing the internet as well as the backend such as creation and management of the databases and servers. One of the key functionalities of VPC is advanced security it provides. The security is implemented using layered security strategy, consisting of access controls, security groups with the help of Amazon EC2.

The key VPC networking components include the following;

i Internet gateways. It serves a vital role in facilitating communication between the VPC and the internet. This is achieved in two ways, that is, provision of the target in the given VPC route table for the purpose of internet-routable traffic management as well as performing NAT (network address translation) under properly configured IPv4 addresses. The internet gateways support both the IPv4 and IPv6. Its main strength include it does not rise the availability risks nor bandwidth constraints for the network traffic. Also, it comes as a free package in the user account.

ii Carrier gateways. The carrier gateways in the VPC serves major roles in allowing both the inbound traffic in a specified location as well as the outbound traffic to the ISP internet and the carrier network (Kharche et al., 2020). However, there exists no inbound connection configuration originating from the internet to the Wavelength Zone. It facilitates the connectivity between the telecommunication carrier, the Wavelength zone and all the other devices connected on the telecommunication carrier network. Since it supports IPv4 traffic, it also plays a vital role in the NAT of the carrier IP addresses depending on the network border group. The carrier gateway is created and attached to the VPC. Its configurations involve mounting each of the subnet’s router to the carrier gateway with the help of technologies such as the ACLs.

iii Egress-Only internet gateways. It is important in allowing the outbound communication for the IPv6 traffic originating from the created AWS VPC to the internet. Consequently, it helps in blocking the internet from starting the IPv6 connection while running the user instances. The IPv6 are mostly preferred since they are unique. However, the egress-Only internet gateways can also be configured to support the IPv4 with the help of NAT gateway configurations. This gateway operates as a stateful firewall, as it forwards all the traffic generated from the instances in the subnets to the internet, which is followed by the response back on the same.

iv Dynamic Host Configuration Protocol (DHCP) option sets for the VPC. It is key in the provision of a standard for transferring the configuration data to the specific hosts over the TCP/IP network (Rahman et al., 2019). The options field of the protocol carries important message pertaining the configuration details such as the domain name (custom domain name given by the Amazon provided DNS or any other), ntp servers (the IP addresses of one to four network time protocol servers specifying the Amazon Time Sync Service), the netbios-node-type (can either be 1, 24 or 8 although 2 is the most preffered since it supports the point to point connection), netbios-name-servers (the IP addresses of one to four NetBIOS name servers) as well as the domain name server (the IP addresses of one to four domain name servers, automatically selected as Amazon Provided DNS) data. This feature is automatically created when a VPC is created in the Amazon Web Services cloud however, a user can still configure the DHCP based on own preference.

v Domain Name System (DNS) support for the VPC. Amazon Web Service DNS server just like any other DNS server resolves the names to the respective IP addresses for ease access of the internet resources by the users. The AWS provides the Amazon Route 53 resolver as the default DNS server for the VPC. The DNS servers deals with both public IPv4 address for communication over the internet while the private IPv4 for communication within the network.

vi Network Address Translation (NAT) devices for the VPC. The NAT router or any device is used to enable the instances especially in a private subnet connecting to the internet (Sandobalin, et al., 2017). However, it blocks the internet from starting the instances connection. When the traffic is forwarded to the internet, the NAT address replaces the IP address. Also, the NAT is responsible for translating the addresses back to the IPv4 addresses. Unfortunately, the NAT does not support the IPv6 addresses and the respective traffic.

vii Prefix lists. The prefix list forms part of the CIDR blocks. It is used in the configuration and maintenance of the security groups as well as route tables. It is created from the IP addresses that are mostly used in the network (Morris, 2020). They are later referenced as a set in the security group rules handling several other CIDR blocks. They exist in two types, that is, customer-managed prefix lists and AWS-managed prefix lists.

Based on the numerous strengths of AWS VPC, regions and availability zones there is assured high security, high performance as well as availability of its infrastructure. To achieve such benefits BallotOnline can take advantage of this as follows;

To begin with, BallotOnline organization can take advantage of Amazon EC2 which is hosted in different locations across the world. Those locations are composed of availability zones which are usually the several isolated places per region (Schwarz et al., 2020). Also, the BallotOnline server will utilize the local zones which are useful in the placing the resources. In addition, the organization will utilize the AWS outposts that is good in the provision of the AWS services, the infrastructure and the operating models for virtual storage of the data. The Wavelength zone on the other end, helps in building the applications that are core in the delivery of 5G networks.

Furthermore, BallotOnline organization can take advantage of the available regions feature of AWS. The AWS automatically determines the best region for the organization based on the user requirements defined in Amazon E2C instances. Still under this, the organization can utilize the AWS GovCloud which enables the users to access the specific government resources based on the assigned region.

The Cloud CLI provides the cloud users with type text feature that allow the users to instruct the system to perform specific tasks (Artac et al, 2017). However, the new users are reluctant on this despite being well mastered by the advanced users. Although GUI is attractive and easy to use, the cloud CLI is very powerful in performing technical functionalities. The cloud CLI comes with the following advantages;

To begin with, it uses less resources. The text-based programming nature of CLI takes less very less resources to perform the functionalities. This is very beneficial to the organization as similar functionalities are done with little resources compared to GUI.

Furthermore, it has high precision. With the help of commands, a user can easily target specific location in the system. This requires a great understanding of the command line syntax. This makes the system accurate and has high performance.

Moreover, it minimizes repetitive tasks. CLI command line enables the users to automate some tasks. The automation of tasks prevents the users from performing the similar task in future. The user will just have to write the specific command and the tasks will automate. This is very different in GUI whereby the user has to repeat the similar task since it lacks the automation feature.

In addition, it is used to perform complex tasks. The CLI gives the users the ability to perform the complex tasks that are usually locked in Windows and MacOS (Schwarz et al., 2018). They are locked with the System Integrity Protection (SIP). The CLI bypasses the SIP enabling the user to do the complex system functionalities. It gives the users full control.

BallotOnline organization can therefore utilize the cloud CLI to perform the organization functionalities. Proper utilization of the of cloud CLIs boosts the system performance and cloud deployments. It can utilize the following CLI features to run and manage the system;

First, with the help of gcloud command-line tool the authentication is well managed in the system. BallotOnline organization can utilize the gcloud to not only manage the authentication in the system but also local system configurations and API interactions among others. It gives the user ana ability to perform most common cloud tasks such as creation and management of the VM instances.

Secondly, with the help of libraries the system can perform natural language and related processing. The cloud comes with SDK as well as installable client language libraries. With the help of CLI command a user can manage the libraries for library in natural conventions, authentication control, optimization of the workflow among other core functionalities.

Thirdly, with the help of product-specific tools cloud packages are managed properly. The cloud SDK is composed of various tools that are all controlled with CLI. Some of the key tools include bq, kubectl among others. The tools are used in managing the cloud storage, dataset manipulation, managing the clusters among many others.

Declarative cloud resource definitions refer to a type of CloudFormation whereby the resources with their respective properties are listed (Schwarz et al., 2020). The resources are recorded and stored in the system. The new values can later be added. Similarly, the existing values can be changed based on the user data. Declarative resource definition comes with the following advantages;

To begin with, it improves the usability and/or readability. It is configured with DSL which is very close to a natural processing language making it easier for the non-programmers to easily learn. This makes it more readable and easier to understand to everyone.

Furthermore, it promotes code reuse. The defined resource code can be saved and reused in the future. Additionally, the programmers can code a complete code that can be used in performing other related functionalities.

In addition, it is useful in error recovery. The declarative resource definition can be utilized to specify and correct the errors in the system (Schwarz et al., 2018). It works by stopping at the first error before proceeding to the other possible errors which gives an easier time to troubleshoot.

BallotOnline organization can utilize the declarative cloud resource definition in the creation of highly performing infrastructure definitions. The main advantage of declarative over imperative resource definition is its ability to work with minimal overheads. The correct implementation minimizes the hierarchy complexities, timely and regular updates among other important system functions.

Declarative resource definition assures high level layer based on the user domain information. The layer is customized to solve specific domain problems. This can be illustrated for instance in data operations definition in a database specific domain.

The cloud APIs are powerful tools useful in the automation of system workflows. The automation is achieved through programming with the best programming language. The APIs are used with REST calls as well as the client libraries. Some of the key advantages of API include the following;

First, it leads to effective management of the cloud resources. The management is aided by the management tools APIs (Rahman et al., 2019). Some of those tools are like Cloud Billing API for billing the google cloud accounts, the Cloud Build API for building the cloud images and artifacts, the Deployment Manager API for deployment of complex technical cloud solutions.

Secondly, it helps in scheduling and timing of resources. This is achieved through the Cloud Schedular API for job scheduling, the Cloud Runtime Configuration API for dynamic configurations based on running applications, the Cloud Tasks API for managing the execution of the distributed tasks.

BallotOnline can utilize the Cloud APIS in the management of the cloud resources. Some of the powerful API tools include App Engine Admin API for managing the app engine applications, the OS Login API for accessing the compute engine instances with the help of SSH public keys and respective google accounts, OS Config API for managing the operating system, the Compute Engine API for creation and managing of the virtual machines on the cloud among others. Additionally, they can utilize the Kubernetes Engine API for creation, tunning and management of the Kubernetes based application clusters (Rahman et al., 2019). Also, the Compute Engine Instance Group Updater API can be utilized for updating the created groups instances. The Cloud Functions API can be utilized in the management of user given functions based on the events. Also, they can utilize the Cloud Run API for deployment as well as management of user given images according to the HTTP traffic created.

Also, the BallotOnline users can utilize the storage and database APIs for creation, design and management of databases and their functionalities. Some of the tools to achieve such include the Cloud Bigtable Admin API, the Cloyd Bigtable Data API, the Datastore API, the Cloud Spanner API, the Cloud SQL Administration API, the Cloud Storage API as well as the Storage Transfer API.

The other important cloud APIs that can utilized by the organization include networking APIs for managing the network resources such as the Cloud DNS API, the data analytics APIs for creation and management of queries data such as the BigQuery API, the BigQuery Data Transfer API, the Dataflow API, the Dataproc API, the Cloud Composer API, the Cloud Life Sciences API, the Pub/Sub API and Cloud Healthcare API.

In addition, there are also machine learning APIs. These include AutoML for training the given machine learning models, the Vision API for labelling of images as well as the OCR and landmark detection, the Speech-to-Text API for fast and accurate speech recognition, the Cloud Natural Language API for text structure and sentiment analysis, the Cloud Translation API for translating the given text to the required language, the Diagflow API for supporting chatbots among others (Sandobalin, et al., 2017).

Step 2

The script is useful in running the CLI commands. It supports Python, Perl, Ruby and csh programming languages. For this task Python programming language is selected.

Creating Instance

def main(project, bucket, zone, instance_name, wait=True):

compute = googleapiclient.discovery.build('compute', 'v1')

print('Creating instance.')

operation = create_instance(compute, project, zone, instance_name, bucket)

wait_for_operation(compute, project, zone, operation['name'])

instances = list_instances(compute, project, zone)

print('Instances in project %s and zone %s:' % (project, zone))

for instance in instances:

print(' - ' + instance['name'])

print("""

Instance created.

It will take a minute or two for the instance to complete work.

Check this URL: http://storage.googleapis.com/{}/output.png

Once the image is uploaded press enter to delete the instance.

""".format(bucket))

if wait:

input()

print('Deleting instance.')

operation = delete_instance(compute, project, zone, instance_name)

wait_for_operation(compute, project, zone, operation['name'])

if __name__ == '__main__':

parser = argparse.ArgumentParser(

description=__doc__,

formatter_class=argparse.RawDescriptionHelpFormatter)

parser.add_argument('project_id', help='Your Google Cloud project ID.')

parser.add_argument(

'bucket_name', help='Your Google Cloud Storage bucket name.')

parser.add_argument(

'--zone',

default='us-central1-f',

help='Compute Engine zone to deploy to.')

parser.add_argument(

'--name', default='demo-instance', help='New instance name.')

args = parser.parse_args()

main(args.project_id, args.bucket_name, args.zone, args.name)

Listing Instance

def list_instances(compute, project, zone):

result = compute.instances().list(project=project, zone=zone).execute()

return result['items'] if 'items' in result else None

Running the Instance

python create_instance.py --name [INSTANCE_NAME] --zone [ZONE] [PROJECT_ID] [CLOUD_STORAGE_BUCKET]

Step 3

Creating the EC2 VPC using the e2c create-vpc using the CIDR block 10.0.0.0/16.

Run the command aws create-tags –resources vpc-05f9ca0fd5058e0ea –tags “Key=Name,Value=CLI VPS”

Confirmation in the E2C Dashboard. From the observation both states were available.

Provision of an internet gateway using the command aws ec2 create-tags –resources igw-03eca421cd4ed5988 –tags “Key=Name,Value=CLI IG”.

Confirmation of the gateway ID and details.

Creating tags and attaching the internet gateways using the command aws ec2 attach-internet-gateway –internet-gateway-id igw-03eca421cd4ed5988 –vpc-id vpc-05f9ca0fd5058e0ea.

Confirmation of the attached gateways and its related details on the EC2 dashboard.

Thereafter, I deleted the VPC and the gateway so as to avoid AWS charges.

Describe how using scripting framework like AWS CLI can help BallotOnline in administering its cloud deployment?

Scripting Frameworks like AWS CLI can help BallotOnline in controlling its cloud organization by making robotization which is less tedious than finding and managing an AMI, setting up a VPC physically, and making an Internet Gateway. This would cut a fraction of the time it would take and would save the organization in general in yearly spending utilizing the AWS the executives' console.

Step 4 Lab Report

Created the new stack on the CloudFormation using the designer by dragging the VPC resource to the canvas at the same time assigning it 10.0.0.0/16 as the CIDR block.

Then, I maneuvered the Internet Gateway onto the material and gave it a reliance connection between the VPC and Internet Gateway. This was finished by hauling the earthy-colored dot from the Internet Gateway and joining it to the VPC.

The Internet Gateway was attached by the blue dot to the VPC. The template was validated with the validation template which is located at the top of the screen. I then saved the template to my local desktop.

The stack was provisioned by uploading the template created and saved locally. I renamed it to CCA625-P2-CPW. It now reflected on the dashboard.

The new VPC verification was confirmed by navigating the VPC management console which proved it is available. I also confirmed and verified that the Internet Gateway was attached by navigating to the Internet gateway on the left pane.

I then deleted the CloudFormation stack and VPCs to avoid the AWS charges.

7.0 Conclusion

In conclusion, infrastructure as code is very essential in the organizational set up. It serves a vital role in helping the organization achieve its DevOps main goals which includes automation as well as the self-service in maintain the cloud files. The two parameters are applied in the definition of the required application environments. The Amazon Web Service (AWS) infrastructure as code supports coding, configurations, as well as deleting the existing environments. On the other hand, this toll helps in error reduction, supporting self-service while at the same time removing any form of time-wasting rollbacks (Sandobalin et al., 2017). The most common tools for implementing this platform include Chef, Cloudshell colony, Terraform, Saltsstack among many others. In addition, the platform requires other cloud tools for effective management of the cloud resources. They include Apptio, Opshell and Jamcracker for cloud management. Proper integration and implementation of these tools assures a great performance and improved security for the organization IT assets.

Artac, M., Borovssak, T., Di Nitto, E., Guerriero, M., & Tamburri, D. A. (2017, May). Devops: introducing infrastructure-as-code. In  2017 IEEE/ACM 39th International Conference on Software Engineering Companion (ICSE-C) (pp. 497-498). IEEE.

Kharche, H., Shah, T., & Gautam, T. (2020). Infrastructure as a code-on Demand Infrastructure.  International Research Journal on Advanced Science Hub,  2, 193-197.

Morris, K. (2020).  Infrastructure as Code. O'Reilly Media.

Rahman, A., Farhana, E., & Williams, L. (2020). The ‘as code’activities: development anti-patterns for infrastructure as code.  Empirical Software Engineering,  25(5), 3430-3467.

Rahman, A., Parnin, C., & Williams, L. (2019, May). The seven sins: Security smells in infrastructure as code scripts. In  2019 IEEE/ACM 41st International Conference on Software Engineering (ICSE) (pp. 164-175). IEEE.

Sandobalin, J., Insfran, E., & Abrahao, S. (2017, June). An infrastructure modelling tool for cloud provisioning. In  2017 IEEE International Conference on Services Computing (SCC) (pp. 354-361). IEEE.

Schwarz, J., Steffens, A., & Lichter, H. (2018, September). Code smells in infrastructure as code. In  2018 11th International Conference on the Quality of Information and Communications Technology (QUATIC) (pp. 220-228). IEEE.

Walker, A., & Cerny, T. (2020). On cloud computing infrastructure for existing code-clone detection algorithms.  ACM SIGAPP Applied Computing Review,  20(1), 5-14.