Security
Evolution of the Custom Cloud: Part 2 "Building the Cloud"
In part 1 we covered our Architecture for the Custom Cloud.
In my previous blog series, Evolution of a Custom Cloud, I went over how our base design for a custom cloud has improved and how we setup our current VPC network architecture.
In my previous blog series, Evolution of a Custom Cloud, I went over how our base design for a custom cloud has improved and how we setup our current VPC network architecture.
The current design combines high availability in multiple AZ’s, while allowing for a DMZ and private network. See the below diagram.
While this design is flexible and fits most of our client’s needs, it was being constructed by hand. With the many different parts, the process is prone to errors and can takes several hours to build and test. We needed a better way to create our Clouds.
Enter AWS CloudFormation. CloudFormation uses JSON and user input to define new AWS resources. It then will instantiate the resources automatically and consistently every time it is run.
There are several advantages to using AWS CloudFormation.
-
CloudFormation logs the creation process, keeping track of errors or warnings.
-
You can update a cloud formation json file and upload it to perform an update to an existing environment. When you do this, it keeps track of changes and if an error occurs, it can roll back to the old version.
-
Cleaning up a test or dev environment is as simple as deleting the CloudFormation. Once done, all resources it manages are also deleted.
-
Consistent and less error prone.
-
Takes about 2 minutes to do what previously took several hours.
Below is a copy of the json file we have been testing to generate a VPC.
*This currently only runs in the US-WEST-2 region, but can easily be modified to run in any region.