- Fork this gist.
- Please respond to the prompts below, uploading additional files if necessary.
- Reply back to the email you were sent with the link to your completed gist.
- Describe an application hosted in a public cloud that you’ve been responsible for configuring, maintaining, designing, or deploying. What were some challenges that arose and what tools or processes did you apply to solve them?
I was responsible for maintaining hosted phone systems in the cloud (AWS). A particular issue we had with a critical system was an appropriate failover solution. I designed a redundancy solution by creating a failover server that would replicate the configuration and database of the primary server at regular intervals. This was accomplished by creating private subnets in two seperate VPCs in different availability zones and then using VPC peering with a security group to only allow those to servers to have regular communication with one another.
- Please describe one of the applications of automation that you’re most proud of or excited about that solved a need around a cloud/infrastructure issue or requirement.
In order to enhance security and have more visiblty over network issues, the company that I was working for decided to enable virtual private gateway from the hosted application to the client's location. This required several configurations that were time consuming and there was demand for this particular product which meant that I needed to develop a solution to automate this task.
I wrote a python application using the AWS SDK (Boto3) in order to automate the creation and connection of the vpc, customer gateway (cgw), and VPN gateway. The code was written in a way that any user (given the proper IAM credentials) could run the Python script and plugin the customers public IP address. The remaining configuration was on the on-premise firewall itself.
-
As an example of a project we recently completed, how would you design the infrastructure for a web service that:
- Receives thousands of requests per second
- Should be protected against regional/geographical outages
- Allows for A/B testing of different backends
- Returns highly dynamic data
- Needs to perform some asynchronous tasks interacting with external resources (data imports)
- Needs fairly static data from external db(s) to process each request
I would create a stack that has a NLB in a public subnet with a latency based routing policy. This would have a listner and rule(s) that direct traffic to a target group where a NGINX service (in a private subnet) would verify TLS certificates and route traffic to an application load balancer. The ALB would have listeners and rules that would direct traffic to the needed service and the target group would be a docker cluster that could be scaled by Jenkins slaves with CloudWatch alarms configured.
-
Given the above design, how would you configure the following. Answers can be as detailed as you'd like, or conceptual in nature:
- Deployments of the web service (and potential a/b tests)
- Deployments/Changes to the core infrastructure
I would develop a code pipeline with Jenkins that would alow for CI, unit testing and CD. There would also be a pre-prod and prod stack that you can use for blue/green deployments and a succesful test on a pre-prod enviornment could mean that you could switch alias records in Route 53 (for major deployments).
-
Please diagram the infrastructure stack you'd choose for an environment with the following needs:
- api gateway
- authentication layer/gateway
- some high-throughput services that return fairly static data
- services that require authentication, and could vary in load substantially
Diagram included in gist.
