Table of Contents

The Unit

I always felt that Univeristy was a bit of a pain in the worst possible way. When you go to University, you expect to learn something new as you go through the course. However, having a lot of past experience made my studies... boring. Not that anything being taught was bad, it was just boring, and I felt like I could be extending myself beyond the unit in a way thats practical. So, me being me, I decided to make things interesting by exploring other ways to complete the assignments for Swinburne's cloud computing unit.

During the 2nd assignment, I had to restart the entire thing because Voclabs, (the way students access AWS in the AWS academy course), was unreliable and "broke". I'm still not sure in what way it broke, it just didn't allow me to set up a security group or something like that. So, I thought it would be fun to automate the whole thing so that way if Voclabs broke again, I could just automate the deployment process and get back to where I was.

AWS, and Golang

The Assignment

For the record, all of this was done before I knew about CloudFormation! Obviously, you wouldn't do ANY of this in a real production scenario! But, for assignment 1b, the second one for the unit, we had to create the following VPC setup to deploy some PHP website using the AWS user interface. Here are the specific objectives:

1. Create a secure Virtual Private Cloud (VPC) with subnets, routing tables and security groups.
2. Control access to and from your VPC via an Internet Gateway.
3. Modify the provided PHP code to create a website that stores meta-data information about photos uploaded to S3 in a MySQL database managed by Amazon RDS. The website should enable the user to search for and display photos using meta-data.
4. Deploy and test your PHP web site on an Apache web server running on an EC2 virtual machin instance.
5. Add an additional layer of security by applying a Network ACL to the public subnet that hosts your web server.

Because all the code was given to me (as this is a cloud computing unit, not software development one), I won't go over what the website looks like or anything like that because I lost the screenshots .

Infrastructure for assignment 1b

Why Golang?

Why not?

The Final Code

The final code created was... not great for obvious reasons. Firstly, making modifications to the Go script such as changing a name of a subnet, password for a database, etc., was very finicky to do in Go. This is because you can't justedit the name like you can in the UI, you have to check if the name is correct, and then either change it, or leave it. As a result, the Go code has a LOT of if statements, and so I decided to just manually delete whatever was incorrectly created, and then have the script re-create it when needed.

One thing I really liked about the code when compared to the AWS user interface is that the Go LSP gives you a list of all the things you can include in a service with great documentation. This is WAY better than scrolling down the huge wall of text that is AWS and finding the specific checkbox that you need. Instead, you can see a nicely formatted list of all the options you have to deploy a service, and what they do. Here is an example for the CreateDBInstanceInput struct, which is used to create a new RDS instance of course: rds#CreateDBInstanceInput .

The overhead of using a typed language like Go made the code huge, resulting in more than 800 lines of code in total! When creating a Network ACL in the AWS interface, its generally simple to do. You just create a NACL and append a few rules to it as needed. However, in Golang (and CloudFormation), you can't just do that! You have to first create a NetworkACL resource, and then all the rules seperately. It makes sense why, its just something that I like to point out when comparing the point-and-click adventure to the automation approach.

(Obvious) Mistakes Made

Every time you make a change to the Go code, you will have to delete the thing changed for its changes to be reloaded. Its not that I couldn't check for new changes and apply them programatically, its that the code was becoming frustrating to work with quickly. In hindsight, I could have had a file called services.go which has all of the Input structs which are passed into their respective Create methods (such as how CreateDBInstanceInput is passed into CreateDBInstance() ), that way I could split up my configuration from the actual deployment and felt more comfortable with spamming if statements everywhere.

At the end of the day, this was a learning experience , not something I would unironically do in a prod scenario. This experience was extremely helpful for my next assignment, where I used CloudFormation instead! While I would assume that the Go AWS sdk is great for uploading images to S3 buckets for example, I don't think it is really that good for automating the deployment of something.

Using Cloud Formation Instead

Infrastructure for Assignment 2 - load balancers, NATs, auto scaling groups, etc.

What a breath of freash air.

I always think back and wonder why the hell I didn't just start out with CloudFormation? The ability to quickly modify the name of a subnet much, much easier, without having to write millions of lines of code to re-create what had already been done is great. Similar to what I'd done using using Go, cloud formation was really a matter of going to the AWS docs and seeing what parameters I needed for each service.

While there is significantly more complexity to this deployment with the included load balancers, auto scaling groups, and even a lambda function, it was still very easy to do using CloudFormation. The requirements of the infrastructure are as follows:

1. Create IAM roles to enable EC2, Lambda, and S3 to interact with each other.
2. Restrict access to S3 using S3 bucket policy.
3. Create a lambda function.
4. Create a custom AMI.
5. Create a launch template based on your custom AMI.
6. Create an auto scaling group across multiple Availability Zones with policies for scaling up and down.
7. Create an elastic load balancer to distribute service requests.
8. Access control and traffic limitations by using AWS NACLs

Conclusion

If all I wanted to do for my computer science degree is get a plain old high distinction, then I would have just done it the simple way. Instead, I belived that was boring and tried to automate the deployment for 2 of the assignments. While it meant I had to work significantly harder to achieve the same result as everyone else, I believe that these projects allowed me to teach me far more about AWS that I would have without them.