Proposed solution leveraging HashiCorp products
Our proposed design-pattern diagram is based on immutable infrastructure, using a combination of containers and Packer generated AMIs.
Key concepts and properties of the designed solution
High-available clusters: Clustered components deployed on a Multi-AZ AWS design.
Self-healing components: The stack can detect a component failure and therefore launch instance replacement.
Reproducible Infrastructure: Terraform & Puppet allow us to provision from-scratch the solution as many times we would like in a matter of minutes.
Immutable: Packer provides us with EC2 and Docker images, which are previously tested for rolling upgrades.
Why?” and “How?” we opted for HashiCorp products
When we explore new technologies and how these can make a positive impact on our customer’s operations across multiple environments or Multi-Region setups, our Proof of Concept process aims to tick several boxes.
Here is why we have chosen to integrate HashiCorp technologies within our solution ecosystem:
Terraform help our team to collaborate, Validate and Provision Infrastructure across multiple providers. It allows us to write, test and provision infrastructure even if you run a hybrid setup. Terraform is becoming the industry-standard for Infrastructure as Code, and it is boosting our DevOps team’s agility, productivity.
As AWS Advanced Consulting Partners, our Customers’ transition to AWS is powered by Terraform, allowing them to version-control their AWS infrastructure while provisioning environments of any size programmatically within minutes.
Vault allows us to securely store secrets and encrypting in-transit data. It currently provides us with a secure, reliable and centralized system which can also be seamlessly integrated with 3rd party Authentication providers such as Okta.
Our Customer’s secrets diversity (passwords, API Keys, SSH access keys, Database credentials, etc.) are centrally stored and secure with Vault, instead of wide-spreading secrets across your infrastructure (i.e.: filesystems property files, Configuration management tools, etc.).
We also use Vault to generate OTP (One Time Passwords) to validate SSH-Keys to safely and securely log in to our Bastion host instances.
Consul provides us with Service Discovery, Failure Detection, Key-Value store capabilities to connect our micro-services. These connections are securely achieved with Vault acting as Secrets Storage across Multi-Region, Multi-Datacenter implementation.
Packer shapes our immutable-infrastructure approach, whether we require building Amazon AMI’ EC2 instances or Docker containers.
As AWS Advanced Consulting partners, we often face challenges to react fast on unexpected computing demand near real-time and because modelling desired a state of configuration of EC2 components from scratch can take time, there are advantages to boost provisioning times using AutoScaling off EC2 AMIs pre-baked using Packer.