Posts

Showing posts from 2018

Quick Introduction to Terraform

IntroductionThere are many tools and frameworks available for provisioning infrastructure on the cloud. One of the most popular cloud agnostic tool is Terraform. It is a vital piece of Infrastructure as a Code Service and could be used to tear up or tear down infrastructure. We will learn about some basic nuances of Terraform in this post. 
Installing Terraform:Terraform could be installed by finding the appropriate package and following instructions. (Refer https://www.terraform.io/intro/getting-started/install.html).  In this post, I will be using Terraform on CentOS.
Getting Started:Let us try to get our hands dirty. Create a directory, 'scripts' and cd into that.
Run 'terraform --version' to confirm if terraform is successfully installed.
Let us create our first terraform file. Terraform files have an extension of .tf.  So, create a file 'first.tf'. Let us create a variable called 'name' and try to print it out.

Note the syntax, the variables should be refer…

AWS - Basic Security Considerations

Image
Often the default Security rules in AWS allow highest level of access and this is undesirable in production system. Principle of Least access is the recommended security approach for any secure system.  This article explains how we can apply some specific Security rules to various resources in AWS.
Access to EC2 instancesDo not provide SSH access to EC2 instances in public subnet, which are exposed to outside world. Rather, create a separate EC2 instance which will act like a Bastion server. Let us call the security group associated with this Bastion server as ‘BastionSG’. 
The ‘BastionSG’ should have a security group which will allow a specific IP or a range of IP in corporate network via SSH for allowing inbound access. Expose SSH from all EC2 instances only from the Bastion server by providing the ‘BastionSG’ as the source Security Group.
Access to VPC By default, a VPC will have a NACL(Network Access control) which allows traffic to all. We can create a custom NACL which will restri…