DEV Community: Hamza Nasir

Accessing RDS from phpadmin Container

Hamza Nasir — Fri, 30 Aug 2024 15:03:49 +0000

I Built an AWS LAB to access RDS from phpadmin container.

Here's a breakdown of my recent AWS project:

𝗩𝗣𝗖 𝗦𝗲𝘁𝘂𝗽: I configured a VPC with two Availability Zones to enhance fault tolerance. Within each zone, I created both public and private subnets, even though initially only one zone was required. This decision was made with future scalability in mind.
𝗥𝗗𝗦 𝗗𝗲𝗽𝗹𝗼𝘆𝗺𝗲𝗻𝘁:MySQL RDS instance was created and placed in the private subnet of Zone 1 to isolate the database from public internet access.
𝗘𝗖𝗦 𝗦𝗲𝗿𝘃𝗶𝗰𝗲 𝗖𝗿𝗲𝗮𝘁𝗶𝗼𝗻: Given the free tier benefits, I opted for an EC2 launch type for my ECS service and attaching with the public subnet of same AZ where the database is placed.
𝗣𝗛𝗣𝗔𝗱𝗺𝗶𝗻 𝗖𝗼𝗻𝘁𝗮𝗶𝗻𝗲𝗿 𝗧𝗮𝘀𝗸: I defined a task for a PHPAdmin container, specifying parameters such as CPU, memory, port mappings, and the Docker image. This task was then run on the ECS machines.
𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗚𝗿𝗼𝘂𝗽 𝗖𝗼𝗻𝗳𝗶𝗴𝘂𝗿𝗮𝘁𝗶𝗼𝗻: I adjusted the VPC security group to permit traffic from the ECS to enable communication. ECS machine's security group was configured to accept incoming connections from my local machine.

𝗢𝘂𝘁𝗰𝗼𝗺𝗲: Successful implementation of the above steps allowed me to access my RDS instance's dashboard through the PHPAdmin container

Implementing an AWS Client VPN Solution

Hamza Nasir — Fri, 30 Aug 2024 15:00:46 +0000

Implement a secure AWS Client VPN solution, aimed at providing seamless, secure remote access to resources within a Virtual Private Cloud (VPC). This project involved several complex steps, from setting up authentication mechanisms to configuring VPN endpoints and managing certificates. Here’s a detailed breakdown of the approach I took, the tools and services I utilized, and the knowledge I gained throughout the process.

Architecting a Secure Network Environment
The primary objective was to create a secure network environment that allowed authorized users to connect to the internal resources of the VPC securely. To achieve this, I began by defining the architecture of the VPN solution and identifying the key AWS services required for the implementation.

Establishing AWS Directory Service for User Authentication
One of the critical components of the VPN setup was establishing a reliable user authentication mechanism. I opted for AWS Directory Service, which offers a managed, scalable directory solution that integrates seamlessly with AWS Client VPN. I created a new directory and configured it to manage user identities, leveraging Active Directory's existing security protocols.

Managing Certificate Authorities and Configuring AWS Certificate Manager
Secure communication over a VPN requires proper management of certificates to authenticate and encrypt connections. To manage this aspect, I used AWS Certificate Manager (ACM) to create and manage public and private certificates needed for the VPN endpoint and clients.

Additionally, I utilized easy-rsa CLI, an easy-to-use command-line tool, to create a private certificate authority (CA). This step involved generating server and client certificates and keys, which were later imported into AWS Certificate Manager. Managing certificates in this way ensured that all data transmitted through the VPN was encrypted, protecting it from unauthorized access or interception.

Configuring AWS VPN Endpoints
The next critical step was configuring the VPN endpoints. I created an AWS Client VPN endpoint within the VPC, which served as the gateway for remote clients to connect securely to the internal network. This configuration involved defining the CIDR range for the VPN clients, associating the endpoint with the appropriate subnets, and attaching the security groups to control traffic flow.

Once the VPN endpoint was configured, I ensured that routing was correctly set up to allow traffic from VPN clients to reach the necessary VPC resources. I also configured authorization rules to define which clients could access specific network resources, based on user identity and group membership in the AWS Directory Service.

Deploying VPN Clients
With the VPN endpoint in place, the next step was to deploy VPN clients. I created and distributed configuration files to authorized users, allowing them to connect to the VPN using compatible client applications. These configuration files contained all necessary details, such as the endpoint address, authentication method, and client certificates.

To streamline the deployment process, I provided step-by-step instructions for users on how to install and configure the VPN client software, ensuring that they could securely connect to the VPC without any technical difficulties.

Building a Pipeline-as-Code Infrastructure in Jenkins: A Learning Journey

Hamza Nasir — Fri, 30 Aug 2024 14:42:56 +0000

Recently, I completed a comprehensive project focused on building a pipeline-as-code infrastructure in Jenkins. This was an exciting endeavour that involved a wide range of DevOps tools and practices to create a streamlined, automated development and deployment process. Here's a closer look at the key steps I took and the technologies I utilized to bring this project to life.

Deploying Infrastructure with Terraform on AWS
The first step was to set up the underlying infrastructure on AWS using Terraform, an Infrastructure as Code (IaC) tool. Terraform allowed me to define and provision the infrastructure in a consistent, automated way, ensuring that all resources were deployed and managed efficiently. By writing reusable and version-controlled Terraform configurations, I automated the creation of resources such as EC2 instances, VPCs, subnets, security groups, and S3 buckets.

This approach not only saved time but also reduced human errors, providing a solid and repeatable infrastructure foundation for the project.

Configuring Jenkins for CI/CD
With the infrastructure in place, I configured Jenkins to serve as the core CI/CD tool. Jenkins was set up to automate the build, test, and deployment processes. To achieve this, I integrated Jenkins with several essential tools:

Maven was used as the build automation tool, handling dependencies, compiling code, and packaging the application.
Git was integrated to enable seamless version control and source code management.
OpenJDK was installed to ensure compatibility with Java-based applications.

Setting Up SonarQube for Code Quality Analysis
To maintain and improve code quality, I integrated SonarQube into the Jenkins pipeline. SonarQube is a powerful tool that performs static code analysis, identifying code smells, bugs, and security vulnerabilities early in the development process. By configuring SonarQube as part of the CI/CD pipeline, I ensured that every build was automatically analyzed, providing actionable feedback to the development team to continuously improve code quality.

Creating a Robust Pipeline-as-Code Workflow
One of the highlights of this project was creating a pipeline-as-code workflow in Jenkins. This involved writing Jenkinsfiles, which are declarative or scripted files that define the entire CI/CD process as code. By using Jenkinsfiles, I was able to:

Version control the CI/CD pipeline, allowing for better collaboration and transparency.
Make the pipeline more flexible and adaptable to changes in requirements or infrastructure.
Implement complex workflows with stages for building, testing, and deploying the application.

The pipeline-as-code approach made it easier to manage and maintain the CI/CD process, reducing the risk of configuration drift and making it simpler to replicate the pipeline in different environments.

Reflecting on the Journey
This project was a challenging but immensely rewarding experience. It required learning new tools, troubleshooting unexpected issues, and continuously iterating on the setup to achieve the desired outcome. Along the way, I gained deeper insights into the best practices for building scalable, maintainable, and efficient CI/CD pipelines.

If you have any questions about this project or would like to learn more about any specific aspect of it, feel free to leave a comment. I'm always happy to share what I’ve learned and help others on their DevOps journey!

AWS CI/CD Pipeline for Node.js Application

Hamza Nasir — Fri, 30 Aug 2024 14:32:15 +0000

Successfully implemented an AWS CI/CD pipeline! 🚀
I have gained hands-on experience with Elastic Beanstalk, AWS CodeBuild, and AWS CodePipeline. Here's a project overview:

𝗚𝗶𝘁 𝗥𝗲𝗽𝗼𝘀𝗶𝘁𝗼𝗿𝘆 𝗦𝗲𝘁𝘂𝗽:
-Forked Node.js app repo to GitHub
-Cloned repo locally using Git Bash
-Development and Testing:
-Made changes to app.js
-Committed changes using Git (add, commit, push)
𝗘𝗹𝗮𝘀𝘁𝗶𝗰 𝗕𝗲𝗮𝗻𝘀𝘁𝗮𝗹𝗸 𝗖𝗼𝗻𝗳𝗶𝗴𝘂𝗿𝗮𝘁𝗶𝗼𝗻:
-Created application and environment
-Selected Node.js platform
-Configured network settings (VPC, subnet)
𝗔𝗪𝗦 𝗖𝗼𝗱𝗲𝗕𝘂𝗶𝗹𝗱 𝗦𝗲𝘁𝘂𝗽:
-Created build project
-Connected GitHub repo via OAuth
-Used Amazon Linux as the operating system
-Created a build spec file
𝐀𝐖𝐒 𝐂𝐨𝐝𝐞𝐏𝐢𝐩𝐞𝐥𝐢𝐧𝐞 𝐒𝐞𝐭𝐮𝐩:
-Created pipeline with Source, Build, and Deploy stages
-Integrated GitHub, CodeBuild, and Elastic Beanstalk
-Added a Review stage for enhanced quality control

Looking forward to applying these skills to future projects and automating deployments!

Kubernetes Volumes

Hamza Nasir — Wed, 28 Aug 2024 14:50:14 +0000

While studying Kubernetes, I found the section on Volumes a bit confusing. As it is crucial, I delved into it and simplified it as much as possible. I want to share the following concepts and hope it will be helpful for others learning about Kubernetes as well.

𝗪𝗵𝗮𝘁 𝗶𝘀 𝗩𝗼𝗹𝘂𝗺𝗲 𝗶𝗻 𝗞𝘂𝗯𝗲𝗿𝗻𝗲𝘁𝗲𝘀?
At its core, a volume is a directory, possibly with some data in it, which is accessible to the containers in a pod. Multiple types of volumes can be used. i.e. (AWS-EBS, Azure Disk).

𝗪𝗵𝗮𝘁 𝗶𝘀 𝗦𝘁𝗼𝗿𝗴𝗮𝗖𝗟𝗮𝘀𝘀?
StorageClass in Kubernetes is a blueprint that tells the system how to provide storage for your applications automatically. It simplifies the process by managing the type and creation of storage behind the scenes.

𝗪𝗵𝗮𝘁 𝗶𝘀 𝗣𝗲𝗿𝘀𝗶𝘀𝘁𝗲𝗻𝘁 𝗩𝗼𝗹𝘂𝗺𝗲?
Persistent volume (PV) is a piece of storage in the cluster that has been provisioned by an administrator or dynamically provisioned using Storage Classes. It is a resource in the cluster just like a node is a cluster resource.

𝗪𝗵𝗮𝘁 𝗶𝘀 𝗮 𝗣𝗲𝗿𝘀𝗶𝘀𝘁𝗲𝗻𝘁 𝗩𝗼𝗹𝘂𝗺𝗲 𝗖𝗹𝗮𝗶𝗺?
A PersistentVolumeClaim (PVC) is a request for storage by a user. It is similar to a Pod. Pods consume node resources and PVCs consume PV resources. Pods can request specific levels of resources (CPU and Memory). Claims can request specific size and access modes (e.g., they can be mounted ReadWriteOnce, ReadOnlyMany, ReadWriteMany, or ReadWriteOncePod, see AccessModes)