Infrastructure Unification
A customer with infrastructure in AWS and Rackspace decided to consolidate their infrastructure to a single provider, AWS. As part of the consolidation effort I was tasked with three subprojects:
Stand up several infrastructure-centric services
-
Central Authentication - research, develop, and deploy a central authentication solution for EC2 instances based on AWS SimpleAD and SSSD
-
Bastion/VPN - implement CloudFormation templates and Chef cookbooks for deploying bastion instances and OpenVPN with support for multi-factor authentication
-
Logging Pipeline - enhance the existing logging pipeline automation to: push logs to S3 for long-term storage, capture and process AWS specific logs (CloudTrail & CloudWatch), migrate servers from Lumberjack to Filebeat
Miscellaneous infrastructure automation updates
This primarily included developing CloudFormation templates, and updating Chef cookbooks to handle provisioning and configuring the various servers/services that had previously been running in Rackspace. In numerous cases a server, for example a Redis server, was replaced with an equivalent AWS service and so the task at hand involved replacing a Chef cookbook with a CloudFormation template.
RDS migrations
- review several bare metal MySQL and PostgreSQL database clusters and document their configurations
- evaluate RDS as a replacement for their database clusters with a focus on performance testing
- develop and test a migration plan for each database cluster that minimized downtime
- implement CloudFormation templates for standing up and configuring each database cluster on RDS
- assist with the production migrations
- help implement a disaster recovery (DR) solution; this included developing an AWS Lambda function that migrates database snapshots to a DR region