Jesse Cotton | San Diego, CA |

Infrastructure Unification

Role: Cloud Engineer
Technologies: Amazon Web Services (AWS), Chef, CloudFormation, OpenVPN, RDS, SimpleAD

A customer with infrastructure in AWS and Rackspace decided to consolidate their infrastructure to a single provider, AWS. As part of the consolidation effort I was tasked with three subprojects:

Stand up several infrastructure-centric services

  • Central Authentication - research, develop, and deploy a central authentication solution for EC2 instances based on AWS SimpleAD and SSSD

  • Bastion/VPN - implement CloudFormation templates and Chef cookbooks for deploying bastion instances and OpenVPN with support for multi-factor authentication

  • Logging Pipeline - enhance the existing logging pipeline automation to: push logs to S3 for long-term storage, capture and process AWS specific logs (CloudTrail & CloudWatch), migrate servers from Lumberjack to Filebeat

Miscellaneous infrastructure automation updates

This primarily included developing CloudFormation templates, and updating Chef cookbooks to handle provisioning and configuring the various servers/services that had previously been running in Rackspace. In numerous cases a server, for example a Redis server, was replaced with an equivalent AWS service and so the task at hand involved replacing a Chef cookbook with a CloudFormation template.

RDS migrations

  • review several bare metal MySQL and PostgreSQL database clusters and document their configurations
  • evaluate RDS as a replacement for their database clusters with a focus on performance testing
  • develop and test a migration plan for each database cluster that minimized downtime
  • implement CloudFormation templates for standing up and configuring each database cluster on RDS
  • assist with the production migrations
  • help implement a disaster recovery (DR) solution; this included developing an AWS Lambda function that migrates database snapshots to a DR region