Projects

Cloud Cost Monitoring is a Java based service, built with Gradle and shipped into a Docker image. What it does, is polls the AWS Cost Management APIs to get my current spend with AWS, the rate at which my spend with AWS is increasing and what’s my estimated total for the end of the month. It takes the JSON objects that comes back from the APIs and sends them to me via an SNS topic, once a day. There’s plenty of room for enhancements for this project and I hope to implement them some day.

Spot Price Monitoring is similar both in design and concept to Cloud Cost Monitoring. It’s a Java based service, built with Gradle and shipped into a Docker image. Rather than poll my current cloud costs, it polls EC2 for the current Spot pricing for several instance types. Then it sends that data to me via an SNS topic, once a day. I grab the data so if I ever find myself wanting to run something experimental and need a large amount of resources for cheap, I can rely on Spot instances and not need to check AWS for current pricing.

The CodeBuild Terraform module is built just as a simple wrapper around a CodeBuild project. There can be a lot of configuration in a CodeBuild project, so I thought it made sense to wrap all of it into Terraform. I also have some environment specific settings, namely NAT Gateways, configured inside the Terraform code. This ensures the build environments stay private to the outside world, but still maintain Internet connectivity.

The Lambda module is again, just a wrapper around an AWS Lambda function to help save time and reduce errors in terms of manually configuring functions. It gets passed in data for VPC subnets, to support functions being disconnected from the Internet directly and instead having connectivity via NAT Gateways, similar to the CodeBuild projects that are created by the CodeBuild module.

The Identity module is designed to support the provisioning of IAM resources inside of AWS. While the module has yet to receive serious development in this department, today it does support CloudFront Origin Access Identities. These are used so that AWS S3 buckets are not exposed to the public internet and instead just use the OAI to get objects.

The Networking module supports Route 53 based operations today, namely creating Hosted Zones and the Records for those zones. It also supports the provisioning of a CloudFront distribution that’s backed with a TLS certificate, with the certificate coming from a separate module. There’s additional planned features for this module, most likely EC2 security groups being the next big feature and VPCs after that.

The Storage module is a bit of a mess, beyond the S3 bucket that’s needed for the CloudFront distribution. The aim for this module is to support the main means of storing things on AWS, so Object, Block and File share. However, it will need a bit of a refactor for Object and File share, so you can expect to see some blog posts on this in the future!

The Compute module supports launch templates and auto scaling groups on AWS. It will be expanding in the coming months to support scaling options for the auto scaling groups, along with direct EC2 instances and DigitalOcean droplets.

The Databases module, supports the provisioning of RDS instances running MySQL or Postgresql, Aurora instances in either provisioned or serverless mode and Elasticache Redis clusters. As it stands this is coded in a kind of old approach I used, it’s not really a true Terraform module yet, so it’s due a refactor to make it more consumable for my needs.

The Kubernetes module is a pretty fun way of writing Kubernetes manifests inside of HCL. When I said fun, that is probably not my actual opinion reading back. But it was a cool experiment nonetheless! I’m not running any Kubernetes clusters today, but I will probably still uplift this module to the standard of all the others and leave it there.

This module is used with the Networking module, to provision the TLS certificates needed for the CloudFront distribution to support TLS. It will create the certificate along with the DNS records to validate that certificate. I don’t envision this getting any more updates simply because it’s pretty feature complete and just works the way as it is.

The Monitoring module is centered around automating things such as EC2 instance checks and Route 53 health checks. My monitoring system is forever fluid and I am still working towards finding what works for me. I still see value in some basic, is it up checks. In the case of the EC2 instance checks, the instances will reboot if those checks fail, which is often what I do anyway if the system becomes unreachable.

The Security Module is a work in progress that by the end should have AWS WAF V2 and EC2 Security Groups automated. For the WAF, I want to have the option to include it with websites I launch with CloudFront. For Security Groups, I want to standardise after years of custom groups with various rules. I also wish to move towards a world where I solely rely on Tailscale and SSM for access to my machines.