Managing AWS instances in one tap @ SKaaS
Hi, Tech readers welcome to another tech article of SKaaS. At SKaaS we are building the “Next generation skills platform” for that a robust & tested solution is required. Development team at SkaaS follows the agile methodology to develop the skill enable platform. So, everyday we are evolving with our product and our requirement changes.
Maintaining the best industry practices helps us to grow & develop complex products. We have dozens of micro services to manage our tech stack. All of these micro services are being used for the SKaaS platform hosted at www.skaas.guru & some other internal products.
AWS is amazon trademark. Used for representational purpose.
So, It is very important for DevOps team to segregate the production & development environment. Our tech stack runs on AWS managed services which includes — S3, EC2 Instance, Lambda, DynamoDB, Cloudfront etc. As our product is growing our tech stack is expanding rapidly. Managing instances that run different micro services for production & development environment is getting cumbersome. To tackle that we have developed a solution to manage instances.
Our primary idea was to develop a solution which give us easy way to start & stop instances, automate instance start & stop process, give us some reminder about unused instances, track instance start & stop process and most importantly mapping instance IP to domain address.
The fastest & simplest way to start working on this was to create a serverless application which will manage the instance state & a front end solution for DevOps, Product Management team to take action according to the requirement.
Server-less concept with lambda function
Our python team members developed a Lambda function which automates instance start & stop process, again it also can be changed manually. But for front end solution we need micro services data i.e. Instance Status, Server IP/Domain, Co-related front end domains etc.
Our nodeJS team members developed the solution of notifying the instance status changes & reminder services for unused instances. By far all these serverless Lambda functions are connected through API gateway to talk with each other.
Technically we have almost everything to manage our instances. But having GUI will ease the way of doing work. As the title suggests we decided to have a front end solution which is accessible in our fingertip. Yes, you guessed it right!! A smartphone — An application from where we can see our micro services data, manage instance state, related front end urls and get notification for status changes, reminders etc.
Our react team members built the hybrid solution on top of react native. The application workflow has some server & local authentication method.
1. Local Authentication 2. Getting Instance Status 3. Internet Error Handling
From API gateway we are getting the instance data you can see in the above screenshots. Also our application actions are based on instance state which is very critical so handling error like no internet is quite important.
Instance State & Data. *Date used here are representational
We have separate tabs just because of not confusing with production & development environment. Both have similar UI. It shows instance data & we can take action from the dropdown panel.
But accidentally stopping any server is a big mistake. So, We have an option to alert our team members before taking any action. Remember instance take time to start & stop hence we are doing all these task asynchronously.
So, this is the brief introduction of our tech stack, how we manage, how we are developing products and most importantly we are evolving every day.
Till then stay happy & keep hustling!
Platform Engineering Lead | Product Owner | Transforming Businesses with Innovative Cloud Solutions
5 年Hi Arghyadeep - Thanks for sharing details. I totally agree to your viewpoints and makes sense to have customised solutions for your use case. Using Federated login - no need to create/manage IAM user/credentials for any users. AWS Security Token Service (STS) enables you to have longer federated access to your AWS resources by increasing the maximum CLI/API session duration to up to 12 hours for an IAM role. Then user can just enable Mobile OS additional Security feature of fingerprint scan to control access to mobile app. Just 1 QQ - reactJS consumes APIs exposed via API gateway to display the data dynamically on front end. When user launches app , JS gets downloaded on user’s local cache and JS then then http GET call to API endpoint. (e.g. https://d-numh1z56v6.execute-api.us-west-1.amazonaws.com). How do you manage/control access (security) to your api gateway endpoint? Do you use resources based access policies on it ? BR Omkar
Senior Software Engineer @Xoxoday
5 年Hi, Omkar - Iam not discarding your view. Whatever you have said its a very straight forward solution. Here Iam saying we have implemented something in different way to match our requirements beyond the features of aws app. Mainly we just don't wanted to create more iam users because if somehow any of the credentials are compromised it can effect the service directly and also we need to manage the access to each different Iam user based on the requirement continuously. Not its not an web app, its an android app built on top of react native. It has fingerprint as local authentication. Regarding mapping - It shows associated backend server to front end urls. Like this backend server (127.0.0.0) is associated with this front end url (https://example.com). This is our custom requirement. See, I am not saying aws app is not capable of or not required. Out of all the features we require 5-6 features that are available in the aws app but additionally we need few more features that customised to internal requirment. For ec2 terminate option is there.
Platform Engineering Lead | Product Owner | Transforming Businesses with Innovative Cloud Solutions
5 年Hi Arghyadeep - Not to take away credit of your team. - For EC2 , Aws mobile app supports only stop/start Instance actions. It doesn’t support terminate action if i am not mistaken. - didn’t really understand the local login part ? Yours is not really a mobile app but a web app so i assume you are using Aws Cognito user pool/identity pools to generate STS ? Aws mobile app supports login via Root/IAM account, Federation or Access key. Also , we can always create segregation of ownership of resources via IAM roles/policies based on resource Tags. e.g. Dev IAM role with IAM policy attached to allow Ec2 instances start/stop actions on the instances with Tag Key = Env , Tag Key Value = Dev”. - whats Instance IP to domain mapping ? You mean Route53 A record associated with Instance IP ? BR Omkar
Platform Engineering Lead | Product Owner | Transforming Businesses with Innovative Cloud Solutions
5 年There’s already “AWS Console” Mobile app on AppStore provided by AWS. Currently, It supports 8-10 services including EC2. Just wondering if there’s anything additional in your app ?