AWS EMEA Solutions Architect Hiring Assignment
Author: Sebastiaan Verbeek.
In the subsequent paragraphs, I will play the role of a freelancer that helps an imagined customer that has not used AWS before. The customer is encountering issues when trying to launch the web application outlined in the CloudFormation Stack attached with this assignment.
Re: answer to your query on 17-4-2020
Hi John,
Thank you for considering me to work on this project. Like we discussed over the phone, I received the export of your present AWS solution in the CloudFormation Stack format (.yaml). AWS is a huge platform so I can understand the difficulties you're having in creating the best possible solution.
Solution to make the website operational
Steps to get a working solution
I've reproduced your error in my AWS account. I've provided you with a new configuration that's sufficient to get you back on your feet. Here are the concrete steps you and your team should take right now:
- Configure the AWS CLI by following the installation instructions in the official AWS documentation
- Download the attachments and extract them to a folder
- Modify the variables in the deploy.sh script for your environment
- Execute deploy.sh
Explanation for the working solution
sv aws $ diff aws-sa-cloudformation-v20190724-TROUBLESHOOTED.yaml aws-sa-cloudformation-v20190724.yaml
155c155
< Subnets: [!Ref 'PublicSubnetA']
---
> Subnets: [!Ref 'PublicSubnetB']
165c165
< Target: HTTP:80/demo.html
---
> Target: TCP:443
178,183d177
< SecurityGroupIngress:
< - Description: Accessible by the internet
< CidrIp: 0.0.0.0/0
< FromPort: 80
< IpProtocol: tcp
< ToPort: 80
195,200d188
< SecurityGroupIngress:
< - Description: Accessible by SASGELB
< FromPort: 80
< IpProtocol: tcp
< SourceSecurityGroupId: !Ref 'SASGELB'
< ToPort: 80
- There should be a load balancer node in the availability zone of an instance to pass the health check. If an instance is considered healthy, then the load balancer routes traffic to an instance.
- Any non-200 response code by a load balancer results in an unhealthy instance.
- The load balancer security group should allow internet traffic to access the load balancer DNS hostname.
- The application security group should allow traffic by the load balancer security group to route traffic to the application.
Short term changes to improve availability, security, reliability, performance and cost before production
Before launching your web service, I'd like to talk you through some proposals based on my AWS expertise. These proposals are based on the AWS Cloud Best Practices. Each proposal improves a subset of availability, security, reliability, performance and cost.
1. Instantiating compute resources by using the golden image pattern
- Starting early with a delivery or deployment pipeline will shorten overall lead time. After every commit, an image is built and ready for deployment. This image can be used for creating extra copies of your application, and these extra copies can be used for creating new instances.
- In this proposal, there has already been accounted for launching the new deployment by an Auto Scaling group. The benefit of using Auto Scaling is that you can adjust the instances based on demand. Having the right amount of instances reduces cost because you can shutdown any idle instances.
- Scaling up instances as traffic increases availability, because the system is designed for creating extra resources on demand.
- Replacing instances that have become faulty increases reliability, because the ability of the system to recover from outages has increased by the ability to replace instances.
- During development and testing, you can use on-demand instances, where you only pay for what you use.
2. De-couple stateless and stateful components
- To de-couple stateless and stateful components, move any data that should persist longer than a session in the local file system to a dedicated instance.
- In this proposal, that dedicated instance is a database instance.
- The database instance can either be maintained by your team or maintained by AWS.
- Now, replacing any application instance will not lose any data, which will increase reliability.
- Any application or database instances can be scaled up and down based on demand, thus removing bottlenecks, thus increasing availability.
3. Improve security by enabling secure sessions using SSL and stricter networking policies
- Any application should implement secure sessions. This increases security by protecting communication.
4. Serve content using a content delivery network
- A content delivery network (CDN) increases performance by delivering content more quickly and efficiently to your customers.
- A CDN also mitigates any surge in traffic (DDOS), thus increasing security.
- AWS CloudFront can serve static content from an S3 bucket, like demo.html, thus reducing cost.
- AWS CloudFront can also serve dynamic content by the origin web server.
- AWS CodeDeploy integrates with S3 and with the origin web server, so you can easily extend your delivery or deployment pipeline.