For a long time I saw the A Cloud Guru challenges, and hoped to be able to do one of them someday.
A couple of months ago a new one come along:
As part of the AWS Community Builders I try to learn all I can about AWS, and recently I got very interested in Redis (RedisConf 2021 had a lot to do with it), so this challenge was everything I was interested on.
The time had finally come.
It was hard. I am finishing with just a day to spare. I had to make time, and learn a lot to be able to finish it.
It was everything I hoped for! I had fun, a challenge and a chance to learn.
I can't recommend it enough. If you are able, do it. But is not for the faint of heart. You need to put your heart and mind to it to be able to finish it.
Good thing we have the official ACloudGuru Discord server to get in touch and get help. Don't fail to join (it's free) to get help (and help others) in this and other challenges.
What did I learn:
- I made my first Terraform 1.0 project.
- Used Default Tags for the first time.
- Learn a lot about making full VPCs in Terraform, functions, variables, counts.
- Experimented with AWS Subnets "best practice" permissions (and how NOT to implement them).
- How to create Elasticache with Terraform.
- The use of BridgeCrew Checkov to validate the security and best practices of your Terraform IaC.
- The use of Redis as Cache.
While the "normal" execution time for 10 requests without cache is over 25 seconds, once we have Elasticache doing the caching the first request takes little over 5 seconds, and the others 0.003 seconds or less each!
Depending on your workload the improvement gain could be enormous! And it is easy to do and maintain, as Elasticache is a managed service!
Of course, I feel there are tons of ways to improve the exercise:
- I would love to make the Terraform templates again. I think I can reorganize them and rename the resources to make it clearer and easier to maintain.
- I think I could improve the Python code. Make it more "bulletproof".
- About it, adding credentials to Redis is important. Ok, the security group and subnet prevents the access to other parties, but credentials sounds like a good idea.
- I did the configuration of the web server manually. I was afraid (with reason) I wouldn't finish on time if I used cloud-init (started but didn't finish it). I was right. But I would like to finish that.
- Or do it with Ansible.
- And do the IaC part with Pulumi (I have just attended a webinar about it and liked it a lot).
I love the Cloud, and I love this age where so much tools and learning opportunities are available.
And we can always make our systems (and our knowledge about how to build them) better!
You can find the code and actual run results HERE. Any questions are welcome.
PS. A big thanks to David Thomas for setting up this great challenge!