Forem: Mariam Adedeji

Secrets Management for Platforms: AWS Secrets Manager vs Parameter Store

Mariam Adedeji — Thu, 27 Nov 2025 23:43:47 +0000

When building platforms on AWS, one of the most important decisions is how to store and manage secrets-things like database passwords, API tokens, and sensitive configuration. AWS offers two main tools for this: Secrets Manager and Parameter Store. They look similar at first, but they solve slightly different problems. Choosing the right one can simplify your platform, reduce cost, and improve security.

Secrets Manager in Simple Terms

Secrets Manager is built specifically for highly sensitive secrets. Its biggest advantage is that it can automatically rotate secrets for services like RDS, Redshift, DocumentDB, and any custom integration you build with Lambda. It also has strong auditing and supports cross-region and cross-account setups out of the box.

The downside is cost. You pay for each secret, each API call, and each rotation. This adds up quickly, especially for large platform teams managing dozens or hundreds of credentials.

Use Secrets Manager when your secrets change often, when rotation matters, or when the secret is critical to your production systems.

Parameter Store in Simple Terms

Parameter Store is more general-purpose. It is great for application configuration, environment variables, feature flags, and low-sensitivity secrets. It uses a simple folder-like path system, which makes organisation easy. It also integrates nicely with EC2, Lambda, ECS, CodeBuild, and CI/CD pipelines.

The biggest advantage is price. The standard tier is free, and many teams use it heavily without paying anything.

The limitation is that Parameter Store doesn't rotate secrets on its own, and its throughput is lower unless you upgrade to Advanced parameters. If you need rotation, you must write your own automation.

So Which One Should You Use?

Use Secrets Manager when the secret is highly sensitive or needs rotation.
Use Parameter Store for configs and secrets that rarely change.

Most platform teams end up using both. Secrets Manager handles core secrets like database credentials or third-party API keys. Parameter Store handles things like service endpoints (/prod/api/base_url) or operational settings (/dev/user-service/timeout). This hybrid approach gives strong security where needed and a low-cost configuration everywhere else.

Best Practices & Recommendations

Keep things encrypted, even for non-sensitive values.
Add a clear naming structure for all your parameters and secrets, as this prevents confusion across environments.
Cache values inside applications instead of calling AWS on every request.
And give your app runtime roles read-only access while keeping write and update permissions restricted to only allowed users or platforms.

Final Thoughts

Secrets Manager and Parameter Store are not competitors, but they complement each other. Secrets Manager shines when security and rotation matter. Parameter Store shines when you want a simple and organised configuration without high cost. Together, they form a clean and effective secrets management strategy for AWS platforms.

If you found this article helpful, please leave a like or comment and share it with others. If you have any questions, feel free to ask in the comments section.

[Boost]

Mariam Adedeji — Mon, 01 Sep 2025 12:45:59 +0000

Mariam Adedeji

Aug 30 '25

Top 10 AWS Services Every Developer Should Know in 2025

#aws #cloudcomputing #developers #devops

Comments 1

3 min read

Top 10 AWS Services Every Developer Should Know in 2025

Mariam Adedeji — Sat, 30 Aug 2025 23:33:06 +0000

In 2025, Amazon Web Services (AWS) remains the dominant provider in cloud computing. With hundreds of services available, it can feel overwhelming to decide which ones you should focus on as a developer. The truth is, you don’t need to know everything. Mastering a core set of AWS services gives you the foundation to build scalable, secure, and cost-effective applications.

In this article, we’ll cover the 10 AWS services every developer should know, what they do, why they matter, and how you can start using them today.

1. Amazon EC2 (Elastic Compute Cloud)

What it is: Virtual servers in the cloud.
Why it matters: EC2 remains the backbone of many applications that require full control over the operating system, custom runtimes, or complex workloads.
Example use case: Hosting APIs, batch processing, or running monolith applications.

2. AWS Lambda

What it is: A serverless compute service that runs code without provisioning servers.
Why it matters: Ideal for event-driven apps, microservices, and pay-per-execution workloads.
Example use case: Automatically process images uploaded to S3 or run lightweight APIs.

3. Amazon S3 (Simple Storage Service)

What it is: Highly scalable object storage for files, images, logs, backups, and more.
Why it matters: Nearly every AWS application touches S3 at some point.
Example use case: Store user uploads, serve static websites, or maintain data lakes.

4. Amazon RDS (Relational Database Service)

What it is: Managed relational databases (PostgreSQL, MySQL, SQL Server, etc).
Why it matters: Saves developers from handling backups, patches, and scaling headaches.
Example use case: Powering transactional apps like e-commerce or banking systems.

5. Amazon DynamoDB

What it is: A fully managed NoSQL database with millisecond response times.
Why it matters: Perfect for apps that require scale, reliability, and near-zero latency.
Example use case: Gaming leaderboards, IoT device data, or session stores.

6. Amazon API Gateway

What it is: Fully managed service for creating, publishing, and managing APIs.
Why it matters: Provides a quick way to expose serverless functions or microservices securely.
Example use case: Backend for mobile apps, IoT APIs, or REST/GraphQL endpoints.

7. Amazon CloudFront

What it is: A Content Delivery Network (CDN) for fast and secure global content delivery.
Why it matters: Reduces latency by serving content from edge locations worldwide.
Example use case: Accelerating website content, APIs, or video streaming.

8. AWS IAM (Identity and Access Management)

What it is: Service for managing user access, roles, and permissions.
Why it matters: Security in AWS starts with IAM. Without proper roles and policies, you risk major vulnerabilities.
Example use case: Developers having least-privilege access to deploy only what they need.

9. Amazon CloudWatch

What it is: Monitoring and observability service for logs, metrics, and alarms.
Why it matters: You can’t fix what you can’t measure. CloudWatch helps you monitor app performance and costs.
Example use case: Tracking API latency, logging Lambda errors, or setting alerts for high CPU usage.

10. Amazon ECS / EKS (Containers on AWS)

What it is:

ECS (Elastic Container Service): AWS-managed container orchestration.
EKS (Elastic Kubernetes Service): Fully managed Kubernetes on AWS.

Why it matters: Containers dominate modern application deployments. AWS provides managed services to scale them easily.
Example use case: Running microservices, CI/CD pipelines, or scalable backend APIs.

Final Thoughts

If you’re just starting, begin with EC2, S3, Lambda, and IAM. They’re simple to learn and power a surprising range of applications. As you grow, add RDS, DynamoDB, and API Gateway to your toolkit. For developers looking toward large-scale or production-ready systems, CloudFront, CloudWatch, and containers (ECS/EKS) are essential.

If you found this article helpful, please leave a like or comment, and share it with others. If you have any questions, feel free to ask in the comments section.

Managing AWS EKS with Terraform

Mariam Adedeji — Thu, 07 Nov 2024 09:43:05 +0000

In this tutorial, we'll learn how to use Terraform to manage an AWS Elastic Kubernetes Service (EKS) cluster.

What is Terraform?

Terraform is an Infrastructure-as-Code (IaC) tool that enables you to define and provision infrastructure resources using a declarative configuration language.

Why Use Terraform for AWS EKS?

Infrastructure-as-Code: Automate and version control your infrastructure.
Scalability: Easily scale your EKS cluster with Terraform configurations.
Efficiency: Provision of multiple AWS services with a single tool.

Prerequisites

Terraform - Installed on your local machine. You can set it up following this guide
AWS Account – You’ll need an AWS account to access the AWS EKS and some other services. If you don’t have one, sign up here.
AWS CLI: Installed and configured with your AWS credentials.
kubectl: Installed to manage your EKS cluster from your machine.

Create Your Terraform Project Directory
Define the AWS Provider
Define the VPC and Networking Resources
Define the EKS Cluster
Create EKS Worker Nodes
Apply the Terraform Configuration
Configure kubectl to Access the EKS Cluster
Deploy an Application Using Terraform
Clean Up

Now, let’s get to it!

Step 1 — Create Your Terraform Project Directory

We’ll need to create a project directory where all our Terraform configuration files will live.

mkdir terraform-eks
cd terraform-eks

Step 2 — Define the AWS Provider (main.tf)

Create main.tf file and add the following configuration:

provider "aws" {
  region = "eu-west-2"
}

Here, we make Terraform use AWS as the provider and define the region in eu-west-2, but you can choose a region closer to your desired location.

Step 3 — Define the VPC and Networking Resources (network.tf)

AWS EKS requires a Virtual Private Cloud (VPC) and subnets to run.

Add the following configuration to the network.tf file. This will create a VPC, subnets, an internet gateway and route tables for your EKS cluster.

data "aws_availability_zones" "available" {}

resource "aws_vpc" "eks_vpc" {
  cidr_block = "10.0.0.0/16"  # IP range for the VPC
}

resource "aws_subnet" "eks_subnet" {
  count                   = 2
  vpc_id                  = aws_vpc.eks_vpc.id
  cidr_block              = cidrsubnet(aws_vpc.eks_vpc.cidr_block, 8, count.index)
  availability_zone       = element(data.aws_availability_zones.available.names, count.index)
  map_public_ip_on_launch = true  # Enable auto-assign public IP
}

resource "aws_internet_gateway" "eks_igw" {
  vpc_id = aws_vpc.eks_vpc.id
}

resource "aws_route_table" "eks_route_table" {
  vpc_id = aws_vpc.eks_vpc.id

  route {
    cidr_block = "0.0.0.0/0"
    gateway_id = aws_internet_gateway.eks_igw.id
  }
}

resource "aws_route_table_association" "eks_route_table_assoc" {
  count         = 2  # Associates the route table with each subnet
  subnet_id     = element(aws_subnet.eks_subnet.*.id, count.index)
  route_table_id = aws_route_table.eks_route_table.id
}

Step 4 — Define the EKS Cluster (eks.tf)

Now, let's create the EKS cluster itself, along with the required IAM role to manage the cluster. Create an eks.tf file and add the following configuration to it.

resource "aws_iam_role" "eks_role" {
  name = "eks-role"
  assume_role_policy = jsonencode({
    Version = "2012-10-17"
    Statement = [
      {
        Action = "sts:AssumeRole"
        Effect = "Allow"
        Principal = {
          Service = ["eks.amazonaws.com", "ec2.amazonaws.com"]
        }
      }
    ]
  })
}

resource "aws_iam_role_policy_attachment" "eks_policy" {
  role       = aws_iam_role.eks_role.name
  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy"
}

resource "aws_iam_role_policy_attachment" "eks_node_policy" {
  role       = aws_iam_role.eks_role.name
  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy"
}

resource "aws_iam_role_policy_attachment" "eks_cni_policy" {
  role       = aws_iam_role.eks_role.name
  policy_arn = "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy"
}

resource "aws_iam_role_policy_attachment" "eks_ec2_policy" {
  role       = aws_iam_role.eks_role.name
  policy_arn = "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
}

resource "aws_eks_cluster" "eks_cluster" {
  name     = "eks-cluster"
  role_arn = aws_iam_role.eks_role.arn

  vpc_config {
    subnet_ids = aws_subnet.eks_subnet[*].id
  }
}

The EKS cluster needs an IAM role that grants it permissions to manage AWS services. Therefore, we attach eks_role with the necessary policies to EKS.
We also create an EKS cluster using aws_eks_cluster and specify the VPC subnets created earlier.

Step 5 — Create EKS Worker Nodes (eks-workers.tf)

Create eks-workers.tf file and add the following configuration. This will create a node group that will scale between 1 to 3 nodes.

resource "aws_eks_node_group" "node_group" {
  cluster_name    = aws_eks_cluster.eks_cluster.name
  node_group_name = "eks-node-group"
  node_role_arn   = aws_iam_role.eks_role.arn
  subnet_ids      = aws_subnet.eks_subnet[*].id

  scaling_config {
    desired_size = 2  # Initial number of nodes
    max_size     = 3  # Maximum number of nodes
    min_size     = 1  # Minimum number of nodes
  }

  instance_types = ["t3.medium"]  # Type of EC2 instances for worker nodes
}

We define an EKS node group, which is a set of EC2 instances (worker nodes) that run the Kubernetes workloads.
The node group can scale between 1 and 3 nodes, depending on your workload's demand.

Step 6 — Apply the Terraform Configuration

Initialize Terraform to download the necessary plugins for AWS:

terraform init

Before applying, it’s best practice to see the changes Terraform plans to make in our infrastructure. You can achieve this with the following command:

terraform plan

Once the planning looks good, you can apply the configuration to create the EKS cluster and its resources with the following command:

terraform apply

Confirm with yes when prompted.

Now, Terraform has created the EKS cluster, VPC, subnets, worker nodes and IAM roles based on the configurations we've written.

If you check your AWS console, your EKS cluster should be up and running!

Step 7 — Configure kubectl to Access the EKS Cluster

To manage the EKS cluster, we need to configure kubectl. This can be done using the AWS CLI.

Run the following command to configure your local kubectl to communicate with the EKS cluster.

aws eks --region eu-west-2 update-kubeconfig --name eks-cluster

Then run the following command to confirm that you have access to the EKS cluster by listing Kubernetes services.

kubectl get svc

Step 8 — Deploy an Application Using Terraform (deploy-nginx.tf)

Now, let’s deploy a simple Nginx application to the EKS cluster using the Kubernetes provider in Terraform.

First, create a deploy-nginx.tf file and define the Kubernetes provider.

provider "kubernetes" {
  host                   = aws_eks_cluster.eks_cluster.endpoint
  cluster_ca_certificate = base64decode(aws_eks_cluster.eks_cluster.certificate_authority.0.data)
  token                  = data.aws_eks_cluster_auth.eks_auth.token
}

data "aws_eks_cluster_auth" "eks_auth" {
  name = aws_eks_cluster.eks_cluster.name
}

Then add the following configuration to deploy-nginx.tf to define the Nginx pod and expose it via a Kubernetes service:

resource "kubernetes_pod" "nginx" {
  metadata {
    name = "nginx"
    labels = {
      app = "nginx"
    }
  }

  spec {
    container {
      name  = "nginx"
      image = "nginx:latest"

      resources {
        limits = {
          cpu    = "0.5"
          memory = "512Mi"
        }
        requests = {
          cpu    = "0.25"
          memory = "256Mi"
        }
      }
    }
  }
}

resource "kubernetes_service" "nginx_service" {
  metadata {
    name = "nginx-service"
  }

  spec {
    selector = {
      app = "nginx"
    }
    port {
      port = 80
      target_port = 80
    }
    type = "LoadBalancer"
  }
}

The Kubernetes Pod defines an Nginx pod in the EKS cluster.
The Kubernetes Service exposes the Nginx pod as a LoadBalancer service so that it can be accessed publicly.

With deploy-nginx.tf properly configured, you can now deploy it to your EKS cluster using the following commands:

terraform plan

terraform apply

Once the deployment is complete, you can check that the Nginx pod and service are running in your cluster with:

kubectl get pods

kubectl get svc

Step 9 — Clean Up (Optional)

If you no longer need all these resources, you can destroy them all to avoid unnecessary charges. To do that, run the following command:

terraform destroy

In summary, we now have a working EKS cluster on AWS managed through Terraform. We set up the necessary VPC, created an EKS cluster with worker nodes, configured kubectl, and deployed an Nginx application.

Link to code

If you’ve found this article helpful, please leave a like or a comment. If you have any questions, please let me know in the comment section.

Deploying a Serverless Function with AWS Lambda

Mariam Adedeji — Sun, 29 Sep 2024 21:35:43 +0000

In this tutorial, you will learn how to create a simple AWS Lambda function using JavaScript to handle HTTP requests.

First off, what is Serveless?

Serverless computing allows you to run code without provisioning or managing servers. It basically allows you to focus on coding and forget about infrastructure. AWS Lambda is one of the most popular services for running serverless functions.

Let’s start by highlighting all the steps needed and then explaining them in detail below:

Set up AWS Lambda function
Write a JavaScript function
Set Up an API Gateway Trigger
Test Serverless Function
(Optional) Monitor and Scale

Prerequisites

AWS Account – You’ll need an AWS account to access the AWS Lambda service. If you don’t have one, sign up here.
A Basic Understanding of JavaScript – We'll be writing a simple JS function.
Some Coffee ☕ – To keep things fun, of course!

Step 1 — Set Up AWS Lambda

1) Login to AWS Console:
Go to the AWS Management Console and sign in.

2) Navigate to Lambda:

In the search bar, type "Lambda" and select Lambda.
Click Create function.

3) Create a New Lambda Function:

Select Author from scratch.
For the Function name, enter myServerlessFunction.
For the Runtime, choose Node.js 20.x (for JavaScript support).
Leave other options as default.
Click Create Function.

You should now have a basic Lambda function ready to be customized!

Step 2 - Write Your JavaScript Function

By default, AWS Lambda creates a template function. Let’s modify it to respond to HTTP requests.

1) Edit the Code:
In the Code tab, you’ll see a file named index.mjs. Replace the code with the following:

export const handler = async (event) => {
    const name = event.queryStringParameters?.name || 'World';

    const response = {
        statusCode: 200,
        body: JSON.stringify({
            message: `Hello, ${name}! Welcome to Serverless.`,
        }),
    };

    return response;
};

What this does:

Event object: This contains request data. Here, we are reading query parameters (e.g., ?name=John).
Response: It returns a 200 status with a JSON body containing a greeting message.

2) Deploy the Function: Click Deploy to save and publish your function changes.

Step 3 - Set Up an API Gateway Trigger

To make your Lambda function accessible over HTTP, we’ll use AWS API Gateway.

1) Add API Gateway Trigger:

Scroll to the Function 0verview section and click Add trigger.
From the dropdown, select API Gateway.
Choose Create a new API.
For API Type, select HTTP API.
For Security, choose Open.
Leave the defaults for Additional settings and click Add.

2) Get the API URL: After adding the trigger, you will see the API Gateway URL. Copy this URL, you will use it to call your function.

Step 4 - Test Your Serverless Function

With everything set up, let’s test your function.

1) Open a Web Browser or Postman: Use the API Gateway URL you copied earlier. Test the function by appending the name query parameter to the URL:

https://your-api-url?name=John

2) Result: If everything is working, you should get a response like:

If you omit the name query parameter, you should get the default:

Step 5 - (Optional) Monitor and Scale

AWS Lambda automatically scales based on the number of requests. You don’t need to worry about managing infrastructure, but you can monitor your function’s performance.

Go to the Monitoring tab: Inside your Lambda function dashboard, you’ll see metrics such as invocation count, duration, errors, etc.

Yay! That’s it! You can extend this function to do practically anything, like querying databases, processing files, or integrating with other AWS services.

If you’ve found this article helpful, please leave a like or a comment. If you have any questions or constructive feedback, please let me know in the comment section.

AWS Cost Management and Optimization: Tips and Tools for Monitoring and Reducing Your AWS Costs

Mariam Adedeji — Thu, 23 May 2024 19:09:39 +0000

Managing and optimizing AWS costs is an important aspect of using AWS services effectively. Given the extensive range of services and pricing models available, understanding how to monitor, control, and reduce costs can save your organization significant amounts of money. This article covers everything you need to know about AWS cost management and optimization, including practical tips, tools, and best practices.

Understanding AWS Cost Structure

Before I proceed with cost management, it's important to understand the fundamental components of AWS costs. AWS charges you based on the following primary categories:

Compute Costs: These include charges for EC2 instances, Lambda functions, and other compute services. Compute costs are typically billed based on the instance type, usage duration, and some other features like Elastic IP addresses and data transfer.
Storage Costs: Storage costs are associated with services like Amazon S3, EBS volumes, and other storage solutions. These costs vary based on the amount of data stored, the storage class used, and the frequency of data access.
Data Transfer Costs: Data transfer charges occur when data is transferred between AWS services, across regions, or out to the internet. Understanding data transfer pricing is vital for optimizing costs, especially for applications with significant data movement.
Other Service Costs: AWS offers a lot of services like RDS, DynamoDB, CloudFront, and many more. Each service has its own pricing model, and the costs can add up depending on usage patterns and service configurations.

AWS provides detailed cost breakdowns in the AWS Billing and Cost Management console, where you can see your usage and charges categorized by service, region, account and cost. This visibility is critical for effective cost management.

Setting Up AWS Budgets

AWS Budgets allows you to set custom cost and usage budgets which helps you monitor and control your spending. Setting up budgets involves a few straightforward steps:

Create a Budget: Navigate to the AWS Budgets dashboard and click on "Create a budget". You can choose from cost budget, usage budget, savings plans or reservation budget. Define your budget parameters, such as the name, scope, budgeted amount and the period (e.g. monthly, quarterly, etc).
Configure Alerts: To stay informed, set up alerts that notify you when your costs or usage exceed certain thresholds. These alerts can be sent via email, SNS or Chatbot to ensure you are always aware of your spending patterns and can take corrective actions promptly.

Monitoring Costs with AWS Cost Explorer

AWS Cost Explorer is a powerful tool for visualizing and analyzing your AWS costs. It offers several features to help you understand and manage your spending:

Explore Your Data: Access AWS Cost Explorer from the Billing and Cost Management console. You can filter and group your data by various dimensions: service, usage type, region, and tags. This flexibility allows you to drill down into specific areas and identify cost drivers.
Create Reports: Create custom reports to track your costs and usage over time. These reports can be saved and scheduled for regular review, providing ongoing insights into your spending patterns.
Forecast Costs: Cost Explorer's forecasting feature helps predict future costs based on historical data. This predictive capability enables better budget planning and resource allocation.

Using AWS Trusted Advisor

AWS Trusted Advisor provides real-time guidance to help you provision your resources according to AWS best practices. It covers several areas, including cost optimization, security, fault tolerance, and performance improvement:

Access Trusted Advisor: Access the AWS Trusted Advisor console to review cost optimization recommendations. These recommendations often include actions like deleting unused resources, resizing instances and using cheaper pricing options.
Implement Recommendations: Follow the suggestions provided by Trusted Advisor to reduce costs. This might involve stopping underused instances, optimizing storage, or adjusting configurations to align with usage patterns.

Using AWS Cost Anomaly Detection

This helps to identify unexpected increases in your costs and provides an additional layer of financial oversight:

Create an Anomaly Monitor: In the AWS Cost Management console, select "Cost Anomaly Detection". Create an anomaly monitor and specify the scope (e.g. linked account, cost category, etc). This monitor continuously scans your cost data for anomalies and highlights any unexpected spending.
Set Up Notifications: Configure alerts to notify you of anomalies via email, chatbot or SNS. These notifications ensure that any unexpected cost spikes are promptly addressed and prevent budget overruns.

Implementing Tagging Strategies

Tagging resources is essential for cost allocation and management. A well-defined tagging strategy helps in organizing resources and tracking costs effectively:

Define a Tagging Policy: Establish a consistent tagging strategy for all resources. Common tags include Environment (e.g. production, staging, development), Project, and Department. Clear tagging policies ensure that resources are easily identifiable and associated costs can be accurately allocated.
Apply Tags: Apply tags to all AWS resources. AWS Tag Editor allows for bulk tagging, making it easier to manage large numbers of resources. Consistent tagging practices facilitate detailed cost analysis and reporting.
Use Cost Allocation Tags: Enable cost allocation tags in the Billing and Cost Management console. These tags allow you to break down costs by specific tags in your reports and provide deeper insights into how different projects or departments are consuming resources.

Optimizing EC2 Costs

EC2 instances are often a major contributor to AWS costs. Several strategies can help optimize EC2 expenses:

Right-Sizing Instances: Regularly review and adjust the size of your instances to match your workload requirements. Overprovisioning can lead to unnecessary costs, while underprovisioning can impact performance. Use AWS Compute Optimizer recommendations for right-sizing instances based on usage patterns.
Use Spot Instances: Take advantage of EC2 Spot Instances for non-critical workloads. Spot Instances can save up to 90% compared to On-Demand prices which makes them an excellent option for batch processing, big data analytics, and other flexible tasks.
Purchase Reserved Instances (RIs): For long-term, stable workloads, purchasing Reserved Instances can provide significant discounts over On-Demand prices. Evaluate your usage patterns and consider a combination of Standard and Convertible RIs to balance savings and flexibility.
Implement Auto Scaling: Use Auto Scaling to automatically adjust the number of instances based on demand. This ensures that you only pay for the capacity you need and reduces costs during periods of low demand.

Managing S3 Storage Costs

Amazon S3 provides several options for reducing storage costs:

Use the Right Storage Class: Choose appropriate S3 storage classes based on your access patterns. Options include S3 Standard for frequently accessed data, S3 Intelligent-Tiering for automatically optimizing storage costs and S3 Glacier for long-term archival storage.
Lifecycle Policies: Implement lifecycle policies to automatically transition objects to cheaper storage classes or delete them after a certain period. Lifecycle policies help manage data retention and optimize storage costs over time.
Monitor Storage Metrics: Use the S3 Storage Lens group to gain insights into your storage usage and trends. Storage Lens provides detailed metrics and actionable recommendations to optimize your storage footprint.

Optimizing RDS Costs

Amazon RDS offers several optimization strategies to reduce database costs:

Use RDS Reserved Instances: Purchase RDS Reserved Instances for long-term database workloads. Reserved Instances provide significant discounts compared to On-Demand pricing, making them ideal for stable and predictable workloads.
Right-Sizing: Regularly review and adjust the instance size and storage of your RDS instances. Right-sizing ensures that your database instances are appropriately scaled to meet performance requirements without incurring unnecessary costs.
Use Aurora Serverless: Consider Aurora Serverless for variable workloads. Aurora Serverless automatically adjusts capacity based on demand thereby providing cost savings for workloads with fluctuating usage patterns.

Cost optimization is an ongoing process. Regularly reviewing your AWS usage and costs, and implementing best practices ensures that you remain efficient and cost-effective. By following these tips, you can effectively manage and optimize your AWS costs which guarantees you get the most value from your cloud investment. This approach to cost management will help you maintain control over your spending and continuously improve the efficiency of your AWS environment.

Looking Back On 2021 - A Year In Review

Mariam Adedeji — Fri, 31 Dec 2021 16:15:36 +0000

A life they say is full of sweet and bitter moments and I'm grateful my sweet moments outweigh the bitter ones even though the pandemic made things a lot more difficult.

I started this year thinking of transitioning from web development into cloud engineering and although it has not been a bed of roses, I'm really glad I took the leap. Thanks to my friends and the communities I joined that make the journey worthwhile. Y'all are the best!

The Good

Got selected to participate in SheCodeAfrica (SCA) Cloud School.
Got featured in Business Insider about the growth of open source in Nigeria.
Got serious with writing technical articles. My articles have gotten more than 20,000 views on Dev🎉🎉. Thanks to all my readers!
Awarded the top 7 author of the week on Dev.
Awarded the top Node author of the week on Dev.
Got a full-time role as a Software Engineer.
Got three technical writing gigs from international companies. Oh my my!🤩
Volunteered and got selected for SCA cloud school Person of Contact.
Interviewed with a few FAANG(MANGA, now :)) companies. I'm going to write about this another time.
Volunteered and got selected for SCA summer Code Camp Person of Contact (POC).
Got enrolled into the Udacity Cloud DevOps Nanodegree through an IA scholarship.
Received good reviews on my articles (one of the best wins)💃.

Aced two out of three DevOps interviews. Got an offer from one of them🔥.
Left a toxic workplace.
Completed my National Youth Service Corps (NYSC).
Improved my mental health.
Passed the AWS Cloud Practitioner exam🎉.
Got a lot of swags from different companies (the sweetest).
Got selected as a Runner-up for the 2021 GitHub actions hackathon on Dev🔥🔥.
Successfully transitioned from web development to cloud engineering.
Made new and amazing friends.

The Bad

Burnout. I was doing a lot of things together, a full time role with two writing gigs and a Udacity course were just too much for me to handle. I had to drop the writing gigs at some point.
Got a rejection from one of the two DevOps interviews I thought I aced.
Turned down the opportunity to speak at two events due to imposter syndrome and lack of preparation time. I hope to do more public speaking next year.
My social life was a mess and I hope to fix it next year.

In summary, I’m happy for my growth, even with the obstacles and challenges. I hope things get much better next year.

Thank you for reading and wishing you all the very best in 2022!

Automating Terraform With Github Actions

Mariam Adedeji — Fri, 03 Dec 2021 18:35:36 +0000

My Workflow

A project to demonstrate how to automate terraform workflow with Github Actions.

Login to your AWS account and generate AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY.
After that, login to your Terraform Cloud account. Create a new workspace and select API-driven workflow.
Then navigate to the Variables tab and click on Add variable. Add AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY with their respective values.
From your Terraform Cloud User Settings, click on Tokens and generate an API token named GitHub Actions.
Add the token to your Github repository as a secret. Name the secret TF_API_TOKEN.
Clone and open your Github repo on your code editor.
Checkout to a new branch with git checkout -b <branch-name>.
Add your changes with git add . and commit the changes with a message using git commit -m "<commit-message>".
Then push your changes with git push.
Go back to the Github repository and generate a pull request from the new branch. You can view the status of the job through the pull request created, Actions tab or the Terraform Cloud workspace.
Then merge the pull request.

Submission Category:

DIY Deployments

Yaml File or Link to Code

mariehposa / terraform-automation

Terraform Automation

A project to demonstrate how to automate terraform workflow with Github Actions.

Github Actions after creating a pull request
Github Actions after Merging to main branch

Getting Started

These instructions will get you a copy of the project up and running on your local machine for development purpose.

Prerequisites

To get started with this project you need a basic knowledge of the following.

Version Control (Git)
Terraform
AWS

Automating Terraform with Github Actions

Login to your AWS account and generate AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY.
After that, login to your Terraform Cloud account. Create a new workspace and select API-driven workflow.
Then navigate to the Variables tab and click on Add variable. Add AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY with their respective values.
From your Terraform Cloud User Settings, click on Tokens and generate an API token named GitHub Actions.
Add the token to your Github repository as a…

View on GitHub

How To Set Up Continuous Integration And Deployment With CircleCI

Mariam Adedeji — Mon, 29 Nov 2021 19:15:00 +0000

In this tutorial, I will be demonstrating how to set up continuous integration and continuous deployment with CircleCI. At the end of this article, you would have deployed a Node application to Heroku and have subsequent builds automatically deployed on successful testing via CircleCI.

What is CircleCI and why should you use it?

CircleCI is a platform for continuous integration and continuous deployment which is used by developers to automate testing, building and deployment of applications. It is free and has a strong community, so finding support is not a problem. CircleCI is also easily configured and I hope to prove this with this article, so please, read on ☺️.

Prerequisites

If you’d like to follow along with this tutorial, please make sure the following requirements are met:

A running Node app with its tests passing. If you don’t have one, you can fork this project and follow its documentation to set it up.
A CircleCI account. You can sign up here.
A Heroku app. You can sign up here for the account and follow this tutorial to create a Heroku app.

Now, let’s get started!

The first step will be to log in to your CircleCI account. Successful login should display your account dashboard.

Before we do any actual work, let’s connect the Node app to CircleCI.

On the left sidebar, click on Projects, then click on the Setup project button for the Node app.

Select Write your own using our starter config.yml template for the config.yml file and click on Let's Go

Then select Node as a sample config for the project, and click on Commit and Run.

Go to the Node app GitHub repo and merge the pull request from CircleCI.

Now we need to add HEROKU_APP_NAME and HEROKU_API_KEY to the project environment variables so that CircleCI can connect to the Heroku app.

HEROKU_APP_NAME is the name of your Heroku app. I named mine circleci-test-ma.

HEROKU_API_KEY is your Heroku account API key.

To get your HEROKU_API_KEY, go to your Heroku Dashboard, click on Account Settings, then scroll down to the API Key section and click on Reveal to copy your API key.

Now, navigate back to the CircleCI dashboard. Click on the Project Settings for the Node app, and then click on Environment Variables.

On the Environment Variables page, create two variables named HEROKU_APP_NAME and HEROKU_API_KEY and give them their respective values as gotten from your Heroku dashboard.

Go back to the Node app on your editor. Remove the default configuration inside the config.yml file(config from CircleCI) and replace it with the following config.

version: 2.1
orbs:
  node: circleci/node@1.1.6
  heroku: circleci/heroku@0.0.10
workflows:
  heroku_deploy:
    jobs:
      - build
      - heroku/deploy-via-git:  
          requires:
            - build
          filters:
            branches:
              only: main
jobs:
  build:
    docker:
      - image: circleci/node:10.16.0
    steps:
      - checkout
      - restore_cache:
          key: dependency-cache-{{ checksum "package.json" }}
      - run:
          name: Install dependencies
          command: npm install
      - save_cache:
          key: dependency-cache-{{ checksum "package.json" }}
          paths:
            - ./node_modules
      - run:
          name: Run test
          command: npm test

Let’s take a minute to break down this config file.

version: 2.1

version 2.1 is used to have access to orbs.

orbs:
  node: circleci/node@1.1.6
  heroku: circleci/heroku@0.0.10

orbs enable us to integrate with software just with a single line of code. For example, we made use of JavaScript, that is why we use an orb that points to that with circleci/node@1.1.6. The orb circleci/heroku@0.0.10 points to Heroku since we’re also using that for deployment.

workflows:
  heroku_deploy:
    jobs:
      - build
      - heroku/deploy-via-git:  
          requires:
            - build
          filters:
            branches:
              only: main

workflow specifies how jobs should be run. Here, we made the build run before deploying to Heroku. heroku/deploy-via-git is used to deploy changes from GitHub to Heroku. require is used inside heroku/deploy-via-git to delay deployment until the build is done. The filters block is used to specify the main branch for deployment.

jobs:
  build:
    docker:
      - image: circleci/node:10.16.0
    steps:
      - checkout
      - restore_cache:
          key: dependency-cache-{{ checksum "package.json" }}
      - run:
          name: Install dependencies
          command: npm install
      - save_cache:
          key: dependency-cache-{{ checksum "package.json" }}
          paths:
            - ./node_modules
      - run:
          name: Run test
          command: npm test

jobs are typically a series of steps. Here we use restore_cache to restore the dependencies that were installed in the previous builds. Then we run npm install to install new dependencies and cache them too to prevent having to re-install. We then run the npm test command to run the unit tests.

Commit the changes and push to GitHub. You can check the build on CircleCI, it should return Success, depending on whether your Node app passes all tests (you should be fine if you simply clone the repo and made no changes).

You can also check out the deployed version of the Node app on your Heroku dashboard.

That’s it! At this point, any changes you make to the project should get deployed as soon as they are pushed to the branch we specified in the config file. It’s always advisable to do sanity checks, so make sure to push a small change and see it deployed!

If you found this article helpful, please leave a heart or a comment. If you have any questions, please let me know in the comment section.

Also, don’t forget to follow me for more articles. Thank you.

Hosting a Static Website with Amazon S3

Mariam Adedeji — Sat, 26 Jun 2021 21:30:43 +0000

In this article, I’d like to demonstrate how you can deploy a static website with AWS by uploading your website content into S3 bucket, configuring your bucket for website hosting and speeding up content delivery using AWS CloudFront.

First of all, let me explain some of the terminologies.

What is Amazon S3?

Amazon S3 (Simple Storage Service) is a service offered by AWS for object storage through a web service interface. It can be used to store or retrieve any amount of data such as documents, images, videos, etc.
S3 bucket is a resource in Amazon S3. It is a container where files and folders can be uploaded.

What is Amazon CloudFront?

Amazon CloudFront is a content delivery network (CDN) service offered by AWS. It is used to speed up content delivery and can be integrated with Amazon S3.

Benefits of using AWS S3 bucket

Each object can contain up to 5TB of data.
A resource can only be accessed by the owner until permission is granted to others which makes it more secure.
It is cheap.
You can enable Multi-Factor Authentication (MFA) delete on an S3 bucket to prevent accidental deletions and unintentional data loss.

Prerequisites

If you’d like to follow this tutorial, please make sure the following requirements are met.

AWS account. You can sign up here and follow this tutorial in setting it up.
A static website. If you don’t have one, you can clone this demo project.

Create an S3 bucket
Upload web files to S3 bucket
Secure S3 bucket through IAM policies
Configure S3 bucket
Serve content from S3 bucket with CloudFront

Now, let’s get into it!

Step 1 — Create an S3 bucket

You will need to create an S3 bucket to put your website’s files and folders.

To do this, login into your AWS management console and click on Services on the top navbar. From the Services drop-down, select S3 from the Storage section. This should display the S3 dashboard.

From the S3 dashboard, click on Create bucket. Give the bucket a unique name, the name you choose must be globally unique (for best practice, attach your AWS account ID to the name).

Next, choose your preferred AWS Region from the drop-down.

Under Block Public Access settings for this bucket section, uncheck the Block all public access checkbox and accept the acknowledgement. This is done to make the bucket accessible to the public because you are going to host a website in it.

Click on disable for Bucket Versioning.

You can also Add tag to the bucket for easy identification.

Under Default encryption section, click on disable for Server-side encryption.

Then click on Create bucket.

Step 2 — Upload web files to S3 bucket

After creating the bucket, you need to upload your website’s files and folders into it.

From the S3 dashboard, click on the name of the bucket you just created.

On the Objects tab, you can see that the bucket is currently empty, click on the Upload button.

This should take you to the Upload page. Click Add files to add the website files and use Add folder to add the website folders.

Note: The whole website folder shouldn’t be added at once. Instead, add its content one after the other. For example, with the demo project linked up top, I uploaded my signup.html as a file, signup.js as a file, css as a folder and img as a folder.

After the necessary files and folders have been added, scroll down and click on Upload.

The uploading should be done in a few minutes depending on your network and content size. Also, please do not close the tab while the upload process is going on.

Step 3 — Secure S3 bucket through IAM policies

Now you need to add some policies to secure your bucket.

From the S3 dashboard, click on the name of the bucket, then click on Permissions tab. Scroll down to the Bucket policy section and click on its Edit button.

Add the following bucket policy to it and make sure to replace bucket-name with the name of your bucket.



{
"Version":"2012-10-17",
"Statement":[
 {
   "Sid":"AddPerm",
   "Effect":"Allow",
   "Principal": "*",
   "Action":["s3:GetObject"],
   "Resource":["arn:aws:s3:::bucket-name/*"]
 }
]
}

Then scroll down and click on Save changes.

This should change the bucket access to public, as shown below.

Step 4 — Configure S3 bucket

You need to specify the default page and error page for your website.

From the S3 dashboard, click on the name of the bucket, then click on the Properties tab.

Scroll down to the Static website hosting section and click on its Edit button.

Select Enable for Static website hosting.

Also, select Host a static website for the Hosting type.

Enter the file for your Index document and Error document. The Error document is optional. I used signup.html for both Index document and Error document.

Scroll down and click on Save Changes.

After saving, If you click on the bucket website endpoint, it would display your website.

Step 5 — Serve content from S3 bucket with CloudFront

From the Services drop-down, scroll down to Networking & Content Delivery section and click on CloudFront. This should take you to the CloudFront dashboard.

Click on Create Distribution. On Select a delivery method for your content page, click on Get Started under the Web section.

Under the Origin Settings section, click on the Origin Domain Name field and select the S3 bucket you created earlier. In the Origin Path field, enter / to indicate root level.

For Restrict Bucket Access, select Yes.

For Origin Access Identity, select Create a New Identity.

For Grant Read Permissions on Bucket, select Yes, Update Bucket Policy.

Scroll down to the Default Cache Behavior Settings section. For Viewer Protocol Policy, select Redirect HTTP to HTTPS.

Next, scroll down to the Distribution Settings section. Inside the Default Root Object field, enter the filename at the root level, which should be your landing page. I used signup.html as my Default Root Object.

Leave the rest of the options as default and click on Create Distribution.

Now, you can see the distribution you created from the CloudFront dashboard. It might take a few minutes for it to be deployed.

After the CloudFront distribution has been deployed, copy the URL from the Domain Name column and paste it into your browser. Yay!🎉 That’s it!

Now, you can access your website with:

CloudFront domain name e.g d3450i4qtm1w2p.cloudfront.net
Website endpoint e.g http://demo-95581515414.s3-website-us-east-1.amazonaws.com
S3 object URL e.g https://demo-95581515414.s3.us-east-1.amazonaws.com/signup.html

You should now know how to host a static website with Amazon S3 and speed up the content delivery using AWS CloudFront. Even though you had to go through a few steps, you did it and you're awesome!

If you’ve found this article helpful, please leave a heart or a comment. If you have any questions or constructive feedback, please let me know in the comment section.

Also, don’t forget to follow me for more articles. Thank you!

How to deploy an application to AWS EC2 Instance using Terraform and Ansible.

Mariam Adedeji — Wed, 21 Apr 2021 22:46:55 +0000

I had an opportunity to work on this recently, and had to combine different tutorials and articles before I was able to set this up successfully.

So, I’m writing this article in hopes that it will make someone’s work easier and make things clearer for beginners who wish to learn this.

What is Infrastructure as Code?

Infrastructure as Code (IaC) is the process of setting up and managing cloud infrastructure through machine-readable files as opposed to manually setting up the required infrastructure.

After the files have been written, you run them using IaC tools to build and configure the cloud infrastructure. Needless to say, this is a much more palatable and easier process than manual setup.

IaC tools include; Terraform, Ansible, Chef, AWS cloud formation, Puppet, Vagrant, and many others.

Benefits of Infrastructure as Code

With IaC, infrastructure configuration and setup is much faster: all you do is run a script.
Scripts can be easily reused at any time.
It is also easier to make small modifications between different but similar setups.
It increases site reliability.
It reduces the possibility of errors in infrastructure set up.

In this tutorial, you will learn how to provision a server(AWS EC2) for a React app using Terraform and then configure them with necessary packages using Ansible.

Let’s start by highlighting all the steps needed and then explaining them in detail below:

Configure AWS CLI and AWS vault
Create a Key-pair for the server
Dockerize a React app
Provision the server using terraform
Create a security group for the server
Configure the server using Ansible

My folder structure

Prerequisites

If you’d like to follow this tutorial, please make sure the following requirements are met before doing so.

AWS account. You can create one here if you haven't already, and follow this tutorial in setting it up.
AWS CLI and AWS vault.
Docker and Dockerhub account.
Terraform
Ansible
A demo React app. You can create one with this tutorial.

Now, let’s get to it!

Step 1 — Configure AWS CLI and AWS vault

We’ll need to create a user on our AWS account to be able to configure the AWS CLI.

To do this, login to your AWS account, go to Services, then click on IAM. Click on User, then Add a user. Type in a Username, then select Programmatic access for AWS access type.

Next, we’ll need to create a group for our user. Click on Create group and give it Administrator access. You can add Tags (optional), click Next to review the user details and then click on Create user.

After this, a new screen would be displayed to download the user security credentials. Click on Download.csv.

Now, go back to the terminal and run the following command:



aws configure

Add the user Access key ID and Secret Access Key as prompted. Then enter your preferred AWS region and Output.

Run the following command and make sure to replace username with the user created previously from the AWS console.



aws-vault add <username>

Add the user Access key ID and Secret Access Key as prompted. This is done to store your AWS credentials in your machine local keystore.

Then run the following command to authenticate yourself for a session.



aws-vault exec <username>

Step 2 — Create a Key-pair for the server

We need a key pair to run our instance.

To create one, go to your AWS console, select EC2 from Services drop-down, click on Key pairs, then click on Create key pair button.

Enter a Name for your key, select pem for openSSH or ppk for Putty and then click on Create key pair.

Download the key and move it to your machine’s .ssh folder. For Ubuntu and MacOS, this will most likely be ~/.ssh

Step 3 — Dockerize the app

In the root directory of the react-app folder, create a Dockerfile and add the following lines:



FROM node:12.18.3

LABEL version="1.0"

LABEL description="This is the base docker image for my React app"

LABEL maintainer="abc@mail.com"

WORKDIR /usr/src/app

COPY ["package.json", "yarn.lock", "./"]

RUN yarn

COPY . .

EXPOSE 3000

CMD ["yarn", "start"]

Here is an overview of the commands:
FROM defines the image we’re using for our container. In this context, we’re using node:12.18.3
LABEL indicates the version, description and maintainer of the Dockerfile.
WORKDIR sets the working directory for the app, and create it if the directory did not exists.
COPY is used to copy file(s) from one destination to another. The last path is always the destination to copy the file(s) to.
RUN defines the command to be run by Docker. I used yarn here because I installed my React app with yarn, you can change yours to npm if it’s more applicable.
EXPOSE tells docker which port it should listen to when running the container.
CMD defines the command to start the container. I used yarn start as specified from my React app’s start script, you should make sure yours also correlates to your app’s start script.

Now, you need to build a docker image from the Dockerfile. To achieve this, run the following command in the root directory of the react-app folder:



docker build -t <image-name> .

Make sure you replace image-name with the app’s image name.

Now, run the following command to spin up a container from the image.



docker run -it -p 3000:3000 <image-name>

Go to http://localhost:3000 on your browser to view the app.

Go back to your terminal and add a tag to the image using:



docker tag <image-name> <docker_hub_username>/<repo-name>:<tag-name>

Be sure to replace all variables with appropriate values.

Next, login to your DockerHub account from your terminal using:



Docker login

Add your username and password as prompted.

Then run the following command to push the image to Dockerhub.



docker push <docker_hub_username>/<repo-name>:<tag-name>

Once that is done, you should see your docker image in the repo created.

Step 4 — Provision the server using terraform

In the root directory of the project folder, create a folder called terraform. Inside the terraform folder, create a new folder and call it frontend. We’ll be adding all the config files for our frontend in here. Next, create a file called main.tf inside the frontend folder.

Put the following code inside the main.tf file.



provider "aws" {
    region = "us-east-1"
}

variable "name" {
    description = "Name the instance on deploy"
}

resource "aws_instance" "admin_frontend" {
    ami = "ami-042e8287309f5df03"
    instance_type = "t2.micro"
    key_name = "admin"

    tags = {
            Name = var.name
    }
}

Here, we’re creating an AWS ec2 instance using ubuntu server image (ami-042e8287309f5df03), t2.micro as our instance type and admin as the name of the key-pair we created earlier. Make sure you replace region, ami, instance_type, and key.name with values from your setup.

In your terminal, cd into the frontend folder and run the following command to initialize a working directory containing terraform configuration files.



terraform init

After that, run the following command to verify that you've set it up correctly.



terraform plan

It will later prompt for a value, enter the instance name, frontend.

Next, run the following command to spin up your ec2 instance.



terraform apply

This should also prompt for a value, enter the instance name as frontend again and at the next prompt, enter yes to confirm.

Now, if you check your running instances on the AWS console, it should be there.

Step 5 — Create a security group for the server

Now we need to create a security group for our frontend instance.

Go to AWS console, select EC2 from Services dropdown, then click on Security groups. Click on Create security group, then add Security group name and Description.

Scroll down to the Inbound rules, and click Add rule. Select HTTP for Type and Anywhere for Source. Once that’s done, create yet another inbound rule with Type as All TCP and Anywhere for Source. Create a last inbound rule with SSH as Type and My IP for Source. This makes a total of three inbound rules

Leave the Outbound rule as All traffic for Type and 0.0.0.0/0 for Destination. Then click on Create security group. You can read this article if you’re interested in learning more about security groups.

Now, go back to the frontend instance and attach the security group created to it. To do this, select the frontend instance, then Actions > Security > Change security groups > click on the search field and choose the security group, remove the default security group, then Save.

Now, you can try and ssh into your server using the following command:



ssh -i "~/.ssh/<your_KeyPair>.pem" <ec2-user>@<public_IPv4_DNS>

Make sure to replace ec2-user with AMI username, public_IPv4_DNS with the instance public domain name, and your_KeyPair with your key file name.

Step 6 — Configure the server using Ansible

Now that we have our instance running, we need to install the necessary packages using Ansible. Before we do that, let’s add some settings to our ansible config file.

Go to your terminal and run the following command to open up the config file. I use vim but feel free to use any editor of your choice.



sudo vim /home/<username>/.ansible.cfg

Be sure to replace username with your own username.

Then insert the following, making sure to replace your_KeyPair with your key name.



[defaults]
host_key_checking = False
private_key_file=~/.ssh/<your_KeyPair>.pem
inventory=/etc/ansible/hosts
remote_user = ubuntu

[ssh_connection]
control_path=%(directory)s/%%h-%%r
control_path_dir=~/.ansible/cp
#pipelining = True
scp_if_ssh = True

Now save and exit.

We also need to add our host into the ansible host file. To achieve that, open the ansible hosts file by running the following command:



sudo vim /etc/ansible/hosts

Then add these lines to the file. Make sure to replace ec2-user with AMI username, public_IPv4_DNS with the instance public domain name, and your_KeyPair with your key name.



[frontend]                                                                                                                                                                                                                                                                                         ec2-user@public_IPv4_DNS ansible_ssh_private_key_file=~/.ssh/your_KeyPair.pem

Save and exit.

Now, make sure your managed node can be reached by pinging it using the following command:



sudo ansible all -m ping

If it cannot be reached, then you may have connectivity issues that need some debugging. If you get a green blob of json however, then you’re good to go.

Now, go to the root of your project folder, create a folder and call it ansible. Inside this ansible folder, create a file and call it provision_frontend.yaml

Add the following lines into the provision_frontend.yaml file



---
- hosts: frontend
  become: yes
  become_method: sudo

  tasks:

  - name: Install pip
    apt:
      update_cache: yes
      name: python3-pip

  - name: Install aptitude using apt
    apt: name=aptitude state=latest update_cache=yes force_apt_get=yes

  - name: Install required system packages
    apt: name={{ item }} state=latest update_cache=yes
    loop: [ 'apt-transport-https', 'ca-certificates', 'curl', 'software-properties-common', 'python3-pip', 'virtualenv', 'python3-setuptools']

  - name: Add Docker GPG apt Key
    apt_key:
      url: https://download.docker.com/linux/ubuntu/gpg
      state: present

  - name: Add Docker Repository
    apt_repository:
      repo: deb https://download.docker.com/linux/ubuntu bionic stable
      state: present

  - name: Update apt and install docker-ce
    apt: update_cache=yes name=docker-ce state=latest

  - name: install docker-py
    pip: name=docker-py

  - name: enable Docker services
    service:
      name: "docker"
      state: started
      enabled: yes

  - name: Check if container is running
    shell: docker ps

  - name: run docker image
    shell: docker run -dit --name <repo-name> -p 3000:3000 <docker_hub_username>/<repo-name>:<tag-name>

  - name: show running images
    shell: docker images

Make sure to edit the shell command for running docker image, to match your setup.

Then save.

hosts defines the host upon which commands in a playbook operate.
become_method sets to root user.
package is for installing packages.
service is for controlling services on remote hosts.
shell is for running commands.

In the terminal, navigate to the ansible folder and run the playbook using the following command:



ansible-playbook provision_frontend.yaml

Now, open your browser and enter the public address of the instance with 3000 at the end.

Yay! That’s it! This might have been a lot, but I hope it was able to help you along in your journey.

If you would like to set up CI/CD for your app using Jenkins, you can check out one of my other articles here.

If you’ve found this article helpful, please leave a heart or a comment. If you have any questions or constructive feedback, please let me know in the comment section.
Also, don’t forget to follow me for more articles. Thank you!

How to create VPC, Subnets, Route tables, Security groups and Instances using AWS CLI

Mariam Adedeji — Tue, 30 Mar 2021 15:24:07 +0000

In this article, I will demonstrate how you can create a VPC, subnets, route tables, security groups and instances without leaving the terminal. After that, we'll install Apache on the instance, but, this is optional.

Create a VPC
Create public and private subnets
Create internet gateway for the VPC
Create an elastic IP address for NAT gateway
Create a NAT gateway
Create a route table for each subnet
Create routes
Associate route table to subnet
Create a security group for the VPC
Create Key-pair
Run an instance
Start the instance

Prerequisites

AWS account. You can sign up here and follow this tutorial in setting it up.
AWS CLI. You can set it up using this tutorial and configure it using this article.

If you have those two set up, then you’re good to go. Now, let’s get started!

Step 1 — Create a VPC

VPC (Virtual Private Cloud) is a secure and isolated private cloud hosted within a public cloud environment. With VPC, you can set up subnets, IP ranges, and also define rules for your services.

To create a VPC, open up your terminal and enter the following command:



aws ec2 create-vpc --cidr-block 10.0.0.0/16

Your terminal should respond with a bunch of information about this new VPC you’ve just created. Part of this information should be the VPC id.

You can decide to add a tag to your VPC to easily identify it once you start having multiple VPCs, to do this, run the command below:



aws ec2 create-tags --resources <vpc-id> --tags Key=<tag-key>,Value=<tag-value>

cidr stands for Classless Inter-Domain Routing.

Step 2 - Create public and private subnets

Subnet (Subnetwork) splits large networks into a group of smaller interconnected networks in order to reduce traffic congestion and increase routing efficiency.

We are going to create two subnets, a private and public subnet, then attach a tag to each one to differentiate between them.

To create the public subnet, run the following command:



aws ec2 create-subnet --vpc-id <vpc-id> --cidr-block 10.0.1.0/24

Again, your terminal should respond with information about the subnet you’ve just made. Pick out the subnet id and add a tag to it just as we’ve done for the VPC itself:



aws ec2 create-tags --resources <subnet-id> --tags Key=<tag-key>,Value=<tag-value>

And for the private subnet:



aws ec2 create-subnet --vpc-id <vpc-id> --cidr-block 10.0.2.0/24

And for the tag:



aws ec2 create-tags --resources <subnet-id> --tags Key=<tag-key>,Value=<tag-value>

It’s also important to mention here that the commands for creating public and private subnets only differ in the --cidr-block parameter, so be sure to pay attention to that as well.

Step 3 - Create internet gateway for the VPC

Internet gateway (IGW) is simply used to connect a VPC to the internet so that the VPC resources can access the internet and be accessed over the internet.

To create an internet gateway, use the following command:



aws ec2 create-internet-gateway

If you want, you can add a tag to the internet gateway you’ve just created the way we’ve done it for all other resources:



aws ec2 create-tags --resources <internet-gateway-id> --tags Key=<tag-key>,Value=<tag-value>

Then attach the internet gateway to the VPC.



aws ec2 attach-internet-gateway --internet-gateway-id <internet-gateway-id> --vpc-id <vpc-id>

Step 4 - Create an elastic IP address for NAT gateway

An elastic IP address is a reserved IPv4 public address that can be assigned to an instance in order to enable communication with the internet.

In order for us to create a NAT gateway, we’ll need an elastic IP address. Run the following command to create an elastic IP address.



aws ec2 allocate-address --domain vpc

Step 5 - Create a NAT gateway

A NAT (Network Address Translation) Gateway is used to enable instances in a private subnet to connect to the internet or other AWS services but prevents the internet from connecting to those instances.

To create a NAT gateway, we need to add the public subnet in which the NAT gateway will reside and also associate the elastic IP address with the NAT gateway. Run the following command to create a NAT gateway.



aws ec2 create-nat-gateway --subnet-id <public-subnet-id> --allocation-id <elastic-ip-address-id>

Then add a tag to the NAT gateway.



aws ec2 create-tags --resources <nat-gateway-id> --tags Key=<tag-key>,Value=<tag-value>

Step 6 - Create a route table for each subnet

A route table contains a set of rules that is used to determine where the network traffic from the subnets or internet gateway will be directed.

Now, we need two route tables, one for each subnet. The route tables would be created the same way but different tags would be used for each of them.



aws ec2 create-route-table --vpc-id <vpc-id>

Add a tag to each of the route tables.

You can tag the first route table as public.



aws ec2 create-tags --resources <first-route-table-id> --tags Key=<tag-key>,Value=<tag-value>

Then tag the second route table as private.



aws ec2 create-tags --resources <second-route-table-id> --tags Key=<tag-key>,Value=<tag-value>

Step 7 - Create routes

We’ll now be creating routes for the previously created route tables.

We’ll first attach the route table created for the public subnet to the internet gateway. The route matches all IPv4 traffic (0.0.0.0/0) and routes it to the specified Internet gateway.



aws ec2 create-route --route-table-id <public-route-table-id> --destination-cidr-block 0.0.0.0/0 --gateway-id <internet-gateway-id>

Then attach the route table created for the private subnet to the NAT gateway. The route matches all IPv4 traffic (0.0.0.0/0) and routes it to the specified NAT gateway.



aws ec2 create-route --route-table-id <private-route-table-id> --destination-cidr-block 0.0.0.0/0 --gateway-id <nat-gateway-id>

Step 8 - Associate route table to subnet

Associate the public route table to the public subnet.



aws ec2 associate-route-table --route-table-id <public-route-table-id> --subnet-id <public-subnet-id>

Associate the private route table to the private subnet.



aws ec2 associate-route-table --route-table-id <private-route-table-id> --subnet-id <private-subnet-id>

Step 9 - Create a security group for the VPC

Security groups serve as a virtual firewall for instances to control incoming and outgoing traffic. Inbound rules control the incoming traffic to the instance, and outbound rules control the outgoing traffic from the instance.

We can create a security group with the following command:



aws ec2 create-security-group --group-name <security-group-name> --description "<description>" --vpc-id <vpc-id>

Add a tag to the security group.



aws ec2 create-tags --resources <security-group-id> --tags Key=<tag-key>,Value=<tag-value>

Then we specify rules for the security group created. port 80 allows inbound HTTP access from all IPv4 addresses and port 22 allows inbound SSH access to instances from IPv4 IP addresses in your network.



aws ec2 authorize-security-group-ingress --group-id <security-group-id> --protocol tcp --port 22 --cidr 0.0.0.0/0



aws ec2 authorize-security-group-ingress --group-id <security-group-id> --protocol tcp --port 80 --cidr 0.0.0.0/0

Step 10 - Create Key-pair

Before we can run an instance, we need a key-pair. Run the following command to create a key pair. cli-keyPair is the name of the key and can be changed to any name. --output text is used to pipe your private key directly into a file.



aws ec2 create-key-pair --key-name cli-keyPair --query 'KeyMaterial' --output text > cli-keyPair.pem

If you’re using PowerShell, run the following command instead.



aws ec2 create-key-pair --key-name cli-keyPair --query 'KeyMaterial' --output text | out-file -encoding ascii -filepath cli-keyPair.pem

Run the following command to protect your key.



chmod 400 cli-keyPair.pem

Step 11 - Run an instance

An ec2 instance is simply a virtual server in Amazon's Elastic Compute Cloud (EC2) used for running applications on Amazon web services infrastructure.

Let’s create an instance with the following command.



aws ec2 run-instances --image-id ami-0533f2ba8a1995cf9 --instance-type t2.micro --count 1 --subnet-id <public-subnet-id> --security-group-ids <security-group-id> --associate-public-ip-address --key-name cli-keyPair

Add a tag to the instance created.



aws ec2 create-tags --resources <instance-id> --tags Key=<tag-key>,Value=<tag-value>

Before we can print the instance public DNS name, we have to enable the DNS hostname for the VPC. From the AWS console, go to VPC, click on Your VPCs, select the VPC you created from AWS CLI and click on Actions. From the dropdown, click on Edit DNS hostnames. Directly under DNS hostnames, select Enable and click on Save changes.

Print out the instance public dns name with the following command:



aws ec2 describe-instances --instance-ids <instance-id> --query 'Reservations[].Instances[].PublicDnsName'

ami-0533f2ba8a1995cf9 is the AMI id used in launching the instance.
t2.micro is the instance type. You can read more about it here.
--count is used to specify the number of instances to launch.

Step 12 - Start instance



ssh -i "cli-keyPair.pem" ec2-user@<instance-public-dns-name>

ec2-user is the AMI username.

[Optional]
After login in, install the Apache web server using:



sudo yum install httpd -y

Start the web server with the following command:



sudo service httpd start

Now, let’s move into the Apache default root folder and create index.html



cd /var/www/html

Write into the index.html folder using any text editor of your choice. I'll be using vim.



sudo vim index.html

Enter any text.



<h1>Hello there!</h1>

Open http://public_ipv4_dns or http://public_ipv4 on your browser to verify it.

You can learn more AWS CLI commands from this guide.

If you found this article helpful, please leave a heart or a comment. If you have any questions, please let me know in the comment section.

Also, don’t forget to follow me for more articles. Thank you.

Forem: Mariam Adedeji

Secrets Management for Platforms: AWS Secrets Manager vs Parameter Store

Secrets Manager in Simple Terms

Parameter Store in Simple Terms

So Which One Should You Use?

Best Practices & Recommendations

Final Thoughts

[Boost]

Top 10 AWS Services Every Developer Should Know in 2025

Top 10 AWS Services Every Developer Should Know in 2025

1. Amazon EC2 (Elastic Compute Cloud)

2. AWS Lambda

3. Amazon S3 (Simple Storage Service)

4. Amazon RDS (Relational Database Service)

5. Amazon DynamoDB

6. Amazon API Gateway

7. Amazon CloudFront

8. AWS IAM (Identity and Access Management)

9. Amazon CloudWatch

10. Amazon ECS / EKS (Containers on AWS)

Final Thoughts

Managing AWS EKS with Terraform

What is Terraform?

Why Use Terraform for AWS EKS?

Prerequisites

Table of Contents

Step 1 — Create Your Terraform Project Directory

Step 2 — Define the AWS Provider (main.tf)

Step 3 — Define the VPC and Networking Resources (network.tf)

Step 4 — Define the EKS Cluster (eks.tf)

Step 5 — Create EKS Worker Nodes (eks-workers.tf)

Step 6 — Apply the Terraform Configuration

Step 7 — Configure kubectl to Access the EKS Cluster

Step 8 — Deploy an Application Using Terraform (deploy-nginx.tf)

Step 9 — Clean Up (Optional)

Deploying a Serverless Function with AWS Lambda

First off, what is Serveless?

Prerequisites

Step 1 — Set Up AWS Lambda

Step 2 - Write Your JavaScript Function

Step 3 - Set Up an API Gateway Trigger

Step 4 - Test Your Serverless Function

Step 5 - (Optional) Monitor and Scale

AWS Cost Management and Optimization: Tips and Tools for Monitoring and Reducing Your AWS Costs

Understanding AWS Cost Structure

Setting Up AWS Budgets

Monitoring Costs with AWS Cost Explorer

Using AWS Trusted Advisor

Using AWS Cost Anomaly Detection

Implementing Tagging Strategies

Optimizing EC2 Costs

Managing S3 Storage Costs

Optimizing RDS Costs

Looking Back On 2021 - A Year In Review

The Good

The Bad

Automating Terraform With Github Actions

My Workflow

Submission Category:

Yaml File or Link to Code

mariehposa / terraform-automation

Terraform Automation

Getting Started

Prerequisites

Automating Terraform with Github Actions

How To Set Up Continuous Integration And Deployment With CircleCI

What is CircleCI and why should you use it?

Prerequisites

Hosting a Static Website with Amazon S3

What is Amazon S3?

What is Amazon CloudFront?

Benefits of using AWS S3 bucket

Prerequisites

Table of Contents

Step 1 — Create an S3 bucket

Step 2 — Upload web files to S3 bucket

Step 3 — Secure S3 bucket through IAM policies

Step 4 — Configure S3 bucket

Step 5 — Serve content from S3 bucket with CloudFront

How to deploy an application to AWS EC2 Instance using Terraform and Ansible.