Cloud Resume Challenge

Andrew DavisAndrew Davis
6 min read

You can find my deployed website here. Also, my github repo here.

  1. Overview of the Challenge:

    The Cloud Resume Challenge was created by Forrest Brazel. The task is "simply" to host a website in AWS with a visitor counter. In doing so, you will learn about the following:

    • AWS Cloud Practitioner Certification

    • HTML, CSS, JavaScript, Python

    • S3

    • CDN

    • DNS

    • Database

    • API

    • Serverless (lambda)

    • Testing

    • Cloud security (IAM, Policies, Certificates)

    • DevOps principles (source control, infrastructure-as-code, CI/CD - Github Actions)

After spending several months away from the job market due to some unforeseen challenges - including a bout with COVID-19 - I recently found myself with the time and energy to dive back into my true passion: cloud technology. While my career has primarily involved leading cloud development and operations teams, I’ve always kept "hands on with tech". I run multiple virtualized services at home (like Nextcloud, splunk, grafana, zabbix, Home Assistant, Solaris, Docker etc) and manage over 90 devices/servers around the house along with along with a fairly complex network with VLAN's, VPN's and 10G fiber. Technology has never been just a job - it’s a way of life - and the Cloud Resume Challenge has been great to reinforce my skills using the AWS cloud.

If you want to learn more about the challenge and explore other stories, be sure to visit: https://cloudresumechallenge.dev/

  1. Tools Used:
    While I have linux machines, my main PC is Windows so that's what I used for this challenge. I used MS Visual Studio to do my coding and push to GitHub. To make things easier, I installed AWS Vault, AWS SAM CLI and Python locally. This enabled me to secure my credentials and run CloudFormation as well as test my Lambdas/api.

    eg
    pytest

    sam build
    aws-vault exec Andrew --no-session -- sam deploy
    aws-vault exec Andrew -- aws s3 ls
    aws-vault exec Andrew --no-session -- aws s3 sync .\www s3://andrewdavis-crc-website

  2. Gotchas and Learnings:

    • I completed and passed my AWS Certified Cloud Practitioner Exam (CCP) after I did the challenge. As I learn best by doing this was the right way for me. Stephane Maarek's Udemy CCP course is the gold standard with over a 1M students and 4.7 ranking. Tutorials Dojo has great CCP test exams that reflected the real exam

    • CloudFront can only access certificates in the US East (N. Virginia) Region (us-east-1) and you can not specify the region in the cloudformation for the cert., it uses wherever your stack is :( I wanted my stack in Sydney, and so I ended up doing this step separately.

    • Don't delete your Rout53 entry and think you can just recreate it in cloudformation...it will have different nameservers from the registered domain. I found this out when my cert creation DNS validation waited forever.

    • Browser console/web developer tools (eg. ctrl-shift-I in Firefox) make stepping through JS and debugging easy.

    • Browser addon like http request maker is great for testing the api (get/put)

    • CloudWatch was really useful for sending debug info to from my lambda's - esp. when working through CORS and restricting origin to just my domain (which I achieved in python in my lambda).

    • Start building you cloudformation early, do not wait until step 12 (ie. use the UI for a step, but then delete it and do it in cloudformation YAML).

    • Remember to invalidate your cloudfront cache when you make changes to the S3 hosted files.

    • CloudFormation/IaC is cool - but it is not-foolproof eg. creating a bucket policy when one already exists will cause the stack to fail but you can modify an existing cloudfront distribution. I often found myself deleting the stack in the GUI and starting again.

    • My original CICD had the tests of the API/lambda/DB running before the deploy - that worked as I added the tests last after I had run the cloudformation and created the resources. I realised this would not work in reality as for a fresh install, pipe had not run to create these resources. I really should have been doing tests as I coded and started from a fresh slate each run and I would have detected this earlier.

    • Running the stack failed if it made no changes - and this also meant it would not run the test section...I handled this with a check for return code "1" (ie no change to the aws components.) - which to me is a pass.

      sam deploy --template-file template.yaml --stack-name crc --capabilities CAPABILITY_IAM || if [ $? -eq 1 ]; then echo "No changes to deploy"; exit 0; else exit 1; fi

    • There are still some manual steps...for example, the api link changes when the API is created...and this needs to be reflected in the index.js which is a manual change.
      https://kcvvhh0798.execute-api.ap-southeast-2.amazonaws.com/Prod/updatecount

  3. What I'd Do Differently Next Time:

    • Starting with AWS CloudFormation for infrastructure as code instead of using the GUI can save time and provide better management and repeatability. Next time, I'd do some discovery about the service in the GUI then create it straight away using cloudformation.

  4. Unexpected Benefits and Insights:

    • ".link" domain was only $5USD to buy on aws

    • The aws free tier is great - though I did spend a few bucks testing out some services for the domain and my practice for the Cloud Practitioner cert.

    • Doing things in chunks and applying problem solving and debugging code & tools were key to my learning - along with a healthy dose of chatgpt to expand on some of the more cryptic errors :)

    • Lambda's are easier to configure, modify, test and are way less niche than I thought.

  5. Advice for Future Participants:

    • Make sure you set up 2FA for root and your IAM users

    • While this is on the "free" tier and will cost you less than <$1 a month, make sure you set up cost management and email alerts just in case !

    • Clean up after yourself. Delete unused services and buckets.

    • Don't be afraid to delete it all and start again if you get into a mess ! This is one great advantage of creating the cloudformation yaml as you go.

  6. Next Steps in My Cloud Journey:

    • Monitoring and Observability - Expand on my use of Amazon Cloudwatch and SNS integrated to SMS my Zabbix monitoring system

    • AWS Solution Architect or similar

    • PMP (I am most of the way through studying this and it is painful - archaic and divorced from modern devops practices - but I'll complete it as I am sure there is some value in there)

0
Subscribe to my newsletter

Read articles from Andrew Davis directly inside your inbox. Subscribe to the newsletter, and don't miss out.

#Learning #CloudResumeChallnge

Written by

Andrew Davis
Andrew Davis