Skip to main content

Providers

What is a provider?

The Provider is the first step to start on SleakOps after you've created your company. As well as in every case, when someone wants to start up its infrastructure it needs to decide which one of all the cloud infrastructure providers to use based on different pros and cons that each one has. Here, we are talking exactly about that, a provider is the cloud provider that you want, it can be AWS, Azure or GCP.

Next to this, you have to create the provider so SleakOps need access to this provider through credentials. This starts the process of generating different infrastructure resources and services that are needed to replicate the Architecture Reference Schema presented for that Cloud Provider. In this case, we will describe the construction of the presented AWS Reference Architecture.

Account Security: In this account, we will keep all the users who have access to this provider.

Account Management: This account is designed to maintain internal services that are used for the maintenance of the application, whether shared across accounts or not. Example: Sentry.

Account Development: This account is for maintaining the different stages of your application before it goes into production.

Account Production: This account is intended for your application to be installed in a production environment, isolated from the rest of your application's stages.

Building process and required resources

craftech-reference-architecture

The first thing that we see in the architecture is the distribution of three Accounts (mgt, dev and prod), following the creation flow, these are the resources that are initially created. Once the Accounts are up, we set to each one of them what we call Network Module, it contains a lot of different AWS services that are used to make the network connections inside accounts, it's extensive so let's dive in on what it creates:

  • Virtual Private Cloud (VPC) : Needed because inside it is where we build our infrastructure and a big part of its connections.
  • Internet Gateway (IGW) : The door of the VPC that allows us to access the resources inside it.
  • Elastic IP (Eip) : The IP related to the Internet Gateway.
  • Route Tables : As you can assume by analyzing the schema, we make three, the Public, the Private and the Persistence Route Tables.
  • Subnets : Similar to Route Tables. We create a Public Subnet, a Private Subnet and a Persistence Subnet. After this, the subnets are associated with their respective Route Tables via a Route Table Association .
  • Route : It's applied on network traffic resources like an Internet Gateway and a NatGateway, for Public and Private Route Tables respectively. Specifies a route in a Route Table within a VPC.
  • NatGateway : Allow resources on a private subnet to connect to services outside of the VPC, but negate traffic into this subnet.

Now we establish the connection between the accounts with VPC Peering connections , in the mgt account we use a Network Peering Connection that works as the Requester while in the other accounts we need the Network Peering Accepter. All these cases need a Route for the traffic.

When generating these connections we also create the Pritunl VPN on mgt. For this, we use an EC2 instance that contains the VPN Server and configure three Security Group Rules to the Security Group to regulate the traffic.

Another difference between the networking on these organizations is that on the 'prod' account we also create a HostedZone.