-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #2 from alvo254/dev
[pipeline, readme & sad.md]
- Loading branch information
Showing
3 changed files
with
339 additions
and
68 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,12 +1,77 @@ | ||
| # cloudific | ||
|
|
||
| [Monitoring & Security ] | ||
| Regarding the Previous Architecture On May 31, 2024, the backend experienced a 3-hour downtime due to unresponsiveness, which impacted the business. After further investigation, it was determined that the issue was caused by a DDoS attack (IP flooding) on the backend ECS service . The client requires a robust monitoring and alerting system with built-in security features such as a firewall and authentication, without relying on third-party monitoring/security tools due to budget constraints. As a DevOps/Cloud/Solutions specialist, how would you create an observability solution with security measures in place within the infrastructure to meet their objectives? Please ensure the following points are addressed: | ||
|
|
||
| Timeline: 1 week (flexible if necessary, but aim to complete within the estimated time) | ||
| *[IMPORTANT]* Architecture Diagram: A detailed architecture diagram is crucial. | ||
| *[IMPORTANT]* Proposed Solutions: Clearly state the solutions and explain why they are effective. Outline the changes that will enhance monitoring and security within the infrastructure. *[IMPORTANT]* Threat Mapping Diagram: Provide a threat mapping diagram in the architecture. | ||
| *[GOOD TO HAVE]* Infrastructure as Code: Use infrastructure as code to create AWS resources. | ||
| *[GOOD TO HAVE]* CI/CD Integration: Implement CI/CD pipelines to deploy resources. | ||
| *[IMPORTANT]* Version Control: Store the code in GitHub or any other version control system. | ||
| *[GOOD TO HAVE]* Network Flow Diagram: Include a network flow diagram. | ||
| # cloudific Secure Cloud Monitor Project | ||
|
|
||
| ## Overview | ||
|
|
||
| The cloudific Secure Cloud Monitor Monitor project is designed to enhance the security and monitoring capabilities of cloud infrastructure on AWS. It aims to provide a robust, scalable, and cost-effective observability framework, incorporating AWS-native services and Aviatrix for advanced network security. This initiative addresses the need for improved resilience and threat management following a DDoS attack that highlighted vulnerabilities in the existing setup. | ||
|
|
||
| ## Components | ||
|
|
||
| - **Amazon ECS**: Container management service that supports Docker containers. | ||
| - **Amazon CloudWatch**: Monitoring service for AWS cloud resources and applications. | ||
| - **AWS WAF and Shield**: Services providing protection against DDoS attacks and other web exploits. | ||
| - **AWS IAM**: Manages access to AWS services and resources securely. | ||
| - **AWS VPC**: Isolates cloud resources with virtual networking environment. | ||
| - **AWS ALB**: Automatically distributes incoming application traffic across multiple targets. | ||
| - **Amazon GuardDuty**: Threat detection service that continuously monitors malicious or unauthorized behavior. | ||
| - **AWS Config**: Service that enables you to assess, audit, and evaluate the configurations of AWS resources. | ||
| - **AWS CloudTrail**: Service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. | ||
| - **AWS Systems Manager**: Helps you manage your AWS resources. | ||
| - **Aviatrix**: Cloud network platform with enhanced security and multi-cloud network visibility. | ||
|
|
||
| ## Prerequisites | ||
|
|
||
| Before you begin, ensure you have the following: | ||
|
|
||
| - An AWS account with appropriate permissions to create the necessary resources. | ||
| - Terraform installed on your machine. Visit Terraform's website for download instructions. | ||
| - Configure your AWS CLI with credentials that have necessary permissions. | ||
|
|
||
| ## Repository Structure | ||
|
|
||
| - **/modules**: Contains all Terraform configuration files. | ||
| - **/.github/workflows**: Contains scripts for CI/CD integration and other automation tasks. | ||
| - **/SAD.md**: Documentation files and additional resources. | ||
| - **main.tf**: main file for infrastructure provisioning. | ||
| - **provisioners.tf**: provisioning. | ||
|
|
||
| ## Setup Instructions | ||
|
|
||
| 1. **Clone the Repository**: | ||
|
|
||
| `git clone https://github.com/alvo254/cloudific.git cd cloudific` | ||
|
|
||
| 2. **Initialize Terraform**: In the root directory and run the initialization command. This will download all necessary Terraform providers. | ||
|
|
||
| `terraform init` | ||
|
|
||
| 3. **Configure AWS Credentials**: Make sure your AWS credentials are configured by setting up the AWS CLI or by setting environment variables: | ||
|
|
||
| `export AWS_ACCESS_KEY_ID="your-access-key-id" export AWS_SECRET_ACCESS_KEY="your-secret-access-key" export AWS_DEFAULT_REGION="us-east-1"` | ||
|
|
||
| 4. **Plan the Deployment**: Check the execution plan to see the resources Terraform plans to create: | ||
|
|
||
| `terraform plan` | ||
|
|
||
| 5. **Apply the Configuration**: Deploy your infrastructure: | ||
| `terraform apply` | ||
|
|
||
| When prompted, type `yes` to proceed with the creation of resources. | ||
|
|
||
| 6. **Verify Deployment**: After Terraform successfully applies the configuration, verify that all resources are created and functioning as expected in the AWS Management Console. | ||
|
|
||
| ## CI/CD Integration | ||
|
|
||
| This project uses GitHub Actions for CI/CD. The workflows located in the `.github/workflows` directory facilitate the automation of build, test, and deployment processes. | ||
|
|
||
| - Review and adapt the pipeline scripts as necessary. | ||
| - Ensure all environment variables and secrets are configured in your GitHub repository settings. | ||
|
|
||
| ## Maintenance and Monitoring | ||
|
|
||
| - Regularly update and review AWS CloudWatch for insights. | ||
| - Set CloudWatch alarms to notify on critical issues. | ||
| - Use AWS Config for continuous compliance monitoring. | ||
|
|
||
| ## Documentation and Training | ||
|
|
||
| - Keep all project documentation updated within the `sad.md` solutions architect document. |
Oops, something went wrong.