Infrastructure Unification

A customer with infrastructure in AWS and Rackspace decided to consolidate their infrastructure to a single provider, AWS. As part of the consolidation effort I was tasked with three subprojects:

Stand up several infrastructure-centric services

• Central Authentication - research, develop, and deploy a central authentication solution for EC2 instances based on AWS SimpleAD and SSSD

• Bastion/VPN - implement CloudFormation templates and Chef cookbooks for deploying bastion instances and OpenVPN with support for multi-factor authentication

• Logging Pipeline - enhance the existing logging pipeline automation to: push logs to S3 for long-term storage, capture and process AWS specific logs (CloudTrail & CloudWatch), migrate servers from Lumberjack to Filebeat

Miscellaneous infrastructure automation updates

This primarily included developing CloudFormation templates, and updating Chef cookbooks to handle provisioning and configuring the various servers/services that had previously been running in Rackspace. In numerous cases a server, for example a Redis server, was replaced with an equivalent AWS service and so the task at hand involved replacing a Chef cookbook with a CloudFormation template.

RDS migrations

• review several bare metal MySQL and PostgreSQL database clusters and document their configurations
• evaluate RDS as a replacement for their database clusters with a focus on performance testing
• develop and test a migration plan for each database cluster that minimized downtime
• implement CloudFormation templates for standing up and configuring each database cluster on RDS
• assist with the production migrations
• help implement a disaster recovery (DR) solution; this included developing an AWS Lambda function that migrates database snapshots to a DR region