Updates to VPC-in-a-Box

In case you aren’t familiar with the offering, VPC-in-a-Box is Foghorn’s best practice VPC design for Amazon Web Services; customized for client workloads, and delivered as re-usable, versionable code.  We’ve been delivering and iterating this service since 2014, and have improved the offering over the years.  We first added reverse proxy with a slick autoscaling squid proxy option.  Later we added S3 endpoints, cross region VPN connectivity, and NAT Gateways to replace our custom HA NAT server configuration.  For the first several years the offering was available exclusively via Cloudformation templates.

This year we’ve extended the offering to Terraform, and included VPC-in-a-box code as a free module for FogOps customers.  In addition, we’ve added tons of configurability around supernet and subnet sizing, all available via parameters. No custom coding needed, which means that clients who elect to standardize on our VPC module can rely on Foghorn to maintain the code, and benefit from future enhancements to the module.

The goal of this offering is to eliminate the ongoing management of one more piece of infrastructure that is not a business differentiator for our clients.  In order to make sure the offering lives up to this goal, Foghorn is continually tweaking the configuration, ensuring two main things:

  1. The design represents best practice for the current features available at Amazon Web Services.  As new features are introduced, we constantly evaluate the features, determine whether we should change our recommendations on best practice, and modify if necessary.  Since our modules are versioned, customers can upgrade at their leisure.
  2. The code is compliant with the most recent version and features of the Infrastructure as Code tool of choice.  As CloudFormation features are released, we update our code. Likewise with Terraform, we ensure that our modules are fully tested with every new release.

My favorite new feature is Terraform Workspaces.  Stay tuned for a post in the near future, where I’ll walk through how we are using workspaces to help DevOps and SRE teams to leverage a single code base to manage multiple environments, ensuring that staging looks like production, and DR looks like both of them!

Ryan’s favorite feature is the ability to simply set the count of NAT gateways desired.  If you select only 2 NAT gateways, but launch private subnets into 3 availability zones, all will get a route to a NAT gateway, preferring the NAT gateway in the same AZ if available.

Learn more about VPC in a box here.

 

Posted in General

Leave a Reply

Your email address will not be published. Required fields are marked *

*