ukhomeoffice / dq-aws-transition Goto Github PK
View Code? Open in Web Editor NEWDQ AWS Transition project tasks and issues
License: MIT License
DQ AWS Transition project tasks and issues
License: MIT License
Confirm application connectivity requirements (current and to-be) so that we can configure the AWS networking.
Connectivity Information: from_port, to_port, protocol, TLS/SSL, Certificate Info,
AWS Config: Network Interfaces, Route Tables, Internet Gateways, DNS, Elastic IP Addresses, VPC Endpoints, NAT, VPC Peering
Required before creating Terraform scripts.
Adopt from a combination of ACP and IPT?
An example template to build an AMI that is published and shared with multiple amazon accounts
we can demonstrate this building our mock application and having it published to both amazon accounts
Confirm application connectivity requirements (current and to-be) so that we can configure the AWS networking.
Connectivity Information: from_port, to_port, protocol, TLS/SSL, Certificate Info,
AWS Config: Network Interfaces, Route Tables, Internet Gateways, DNS, Elastic IP Addresses, VPC Endpoints, NAT, VPC Peering
ACP can offer ELK:
Confirm application connectivity requirements (current and to-be) so that we can configure the AWS networking.
Connectivity Information: from_port, to_port, protocol, TLS/SSL, Certificate Info,
AWS Config: Network Interfaces, Route Tables, Internet Gateways, DNS, Elastic IP Addresses, VPC Endpoints, NAT, VPC Peering
ACP can offer authd vpn profiles:
Goal: define terraform testing
Repo: https://github.com/UKHomeOffice/dq-aws-transition-testing
Trial terraform_validate
Write additional terraform cases
Explore CloudWatch
Confirm application connectivity requirements (current and to-be) so that we can configure the AWS networking.
Connectivity Information: from_port, to_port, protocol, TLS/SSL, Certificate Info,
AWS Config: Network Interfaces, Route Tables, Internet Gateways, DNS, Elastic IP Addresses, VPC Endpoints, NAT, VPC Peering
Confirm application connectivity requirements (current and to-be) so that we can configure the AWS networking.
Connectivity Information: from_port, to_port, protocol, TLS/SSL, Certificate Info,
AWS Config: Network Interfaces, Route Tables, Internet Gateways, DNS, Elastic IP Addresses, VPC Endpoints, NAT, VPC Peering
ACP can offer peering to our Prod/not-prod peering VPCs with two choices/caveats:
We require a mock application that we can use for connectivity testing
Run like:
$ CHECK_ONE=10.0.0.2:80 \
CHECK_ANOTHER=google.com:80 \
LISTEN_FOO=0.0.0.0:80 \
LISTEN_BAR=10.0.0.1:8080 \
./app-name
N.B. specifying not 0.0.0.0
for the listening IP means you'll need to know the IP of the instance. You can not specify a name to listen on.
You can then curl the application (and/or chain many instances of the application to demonstrate a full stack) on any of the listening ports, if any of the CHECKS fail (at runtime) it will return a 500 error, otherwise 200.
it will also return a text HTTP body of:
CHECK_ONE=10.0.0.2:80 [OK]
CHECK_ANOTHER=google.com:80 [FAIL]
The AMI image should set the required environment variables based on the ec2 instance tags assigned to it at runtime
Populate list of VPC for peering.
Variables:
VPCID
VPCOwnerID
PeerVPCID
PeeringRouteID
RouteTableID
VPCPeeringConnectionID
Peering is Active/Active within same AWS account
Peering is Active/Active across AWS accounts
Code cleaned up and ready for review
We should get access to the IPT Terraform scripts and review these to see how much opportunity there is for re-use.
Confirm application connectivity requirements (current and to-be) so that we can configure the AWS networking.
Connectivity Information: from_port, to_port, protocol, TLS/SSL, Certificate Info,
AWS Config: Network Interfaces, Route Tables, Internet Gateways, DNS, Elastic IP Addresses, VPC Endpoints, NAT, VPC Peering
Confirm application connectivity requirements (current and to-be) so that we can configure the AWS networking.
Connectivity Information: from_port, to_port, protocol, TLS/SSL, Certificate Info,
AWS Config: Network Interfaces, Route Tables, Internet Gateways, DNS, Elastic IP Addresses, VPC Endpoints, NAT, VPC Peering
Confirm application connectivity requirements (current and to-be) so that we can configure the AWS networking.
Connectivity Information: from_port, to_port, protocol, TLS/SSL, Certificate Info,
AWS Config: Network Interfaces, Route Tables, Internet Gateways, DNS, Elastic IP Addresses, VPC Endpoints, NAT, VPC Peering
ACP can provide ingress + TLS termination and we could route all traffic via them
ACP can also if we do need external presence provide delegation to our Route53 DNS
This will detail the order by which we will transition the existing digital services to AWS, along with the supporting dependencies.
Confirm application connectivity requirements (current and to-be) so that we can configure the AWS networking.
Connectivity Information: from_port, to_port, protocol, TLS/SSL, Certificate Info,
AWS Config: Network Interfaces, Route Tables, Internet Gateways, DNS, Elastic IP Addresses, VPC Endpoints, NAT, VPC Peering
Confirm application connectivity requirements (current and to-be) so that we can configure the AWS networking.
Connectivity Information: from_port, to_port, protocol, TLS/SSL, Certificate Info,
AWS Config: Network Interfaces, Route Tables, Internet Gateways, DNS, Elastic IP Addresses, VPC Endpoints, NAT, VPC Peering
Continuation from #38
Contents:
Explain our design principles
Covering:
An overview of how we will achieve the required assurance to gain Authority To Operate.
This will follow an iterative approach.
Overview of the CI/CD process and what requirements/expectations this places on the development teams to get their code through the process and into Production.
Setup routing between multiple VPCs within the same account and test connectivity using EC2 instances.
Routing works between all dedicated VPCs defined above
Routing up/up between 3 VPC
Code cleanup for review
Confirm application connectivity requirements (current and to-be) so that we can configure the AWS networking.
Connectivity Information: from_port, to_port, protocol, TLS/SSL, Certificate Info,
AWS Config: Network Interfaces, Route Tables, Internet Gateways, DNS, Elastic IP Addresses, VPC Endpoints, NAT, VPC Peering
Confirm application connectivity requirements (current and to-be) so that we can configure the AWS networking.
Connectivity Information: from_port, to_port, protocol, TLS/SSL, Certificate Info,
AWS Config: Network Interfaces, Route Tables, Internet Gateways, DNS, Elastic IP Addresses, VPC Endpoints, NAT, VPC Peering
ACP can offer Sysdig:
Confirm application connectivity requirements (current and to-be) so that we can configure the AWS networking.
Connectivity Information: from_port, to_port, protocol, TLS/SSL, Certificate Info,
AWS Config: Network Interfaces, Route Tables, Internet Gateways, DNS, Elastic IP Addresses, VPC Endpoints, NAT, VPC Peering
Investigate proxy options:
HAProxy
NGINX
and
Routing Table
NAT Gateway
NAT Instance
ELB
VPN instances
AWS Marketplace VPN device
Traffic traverse between dedicated VPCs successfully
Analyse Proxy options
Analyse NAT GW and NAT instance
Analyse ELB
Analyse VPN instance solution
Analyse AWS Marketplace Virtual Router solution
Functional example of VPC peering with Proxy server and mock app working.
s3 configurable haproxy config
packer+ansible haproxy image build
Composable ec2 architecture of:
IN_TEST
that sets machine types to nano and all images to nanon
times - deployed to each accountComposable acp/kubernetes architecture of:
(other repos for tech spikes created ad-hoc as required)
Customise the standard Aker Systems Security Management Plan for the project.
Confirm changes to existing S4, Maytech and ACL ingest scripts/processes
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.