Final Budget Report: 09/06/2017

As the semester comes to a close, so does my budgeting for this course.

Of the $100 USD credits for Amazon Web Services, I have $79.35.

Looking over the past months, my expenditure has been:
Monthly Report Graph

This can be represented as proportions of the credits, as follows:
Visual Monthly Report

 

In terms of projects, the QwikLabs assignment was for the most of March, Dinostore was during April, and AD-DS has been from the start of May. This is stated in the table below.
Project Billing

The discrepancy between my expenditure and my credits occurs because my expenditure is based upon my billing list which updates more frequently than the credit amount in my account.

The reason for the large cost involved with the Dinostore project is due to my lack of experience with AWS’ RDS, which I accidentally left running for multiple hours and hence the increased charge. This was not the only reason however, as I did often purposefully run RDS during the course of the project.

 

Conclusion
This assignment of budgeting has been beneficial for myself in gaining knowledge and habits for keeping account of my money on the Amazon Web Services platform. These skills will be able to be transferred and utilized within other aspects of my study, future career, and personal life for goals that involve financial oversight.

 

Advertisements

Cloud Computing: Case Studies

The following case studies are from Amazon Web Services’ Customer Success Stories.

Yellow New Zealand Case Study
Yellow New Zealand is a New Zealand based company that originally provided New Zealand homes and businesses with a print book containing residential and business addresses. With the increase of digital technology, Yellow moved to become an internet based company, and in 2015, they moved their business onto the cloud platform, AWS.

The cloud infrastructure manager of Yellow New Zealand, Rob Hayden, states that AWS was chosen as their cloud service provider because of its “industry experience, flexibility of service, enhanced security, and platform maturity.”

Yellow New Zealand employs the use of Amazon Web Services’ AWS CloudFormation, AWS Lambda, Amazon EC2 Container Service, AWS Identity and Access Management, and Amazon ElastiCache in running its business through the cloud. It bases its platform in the Sydney, Australia region (Asia Pacific -Southeast) with its data centre located in Auckland, New Zealand.

The benefits for Yellow New Zealand in moving its business to a cloud service provider such as AWS, are as follows. Firstly. the AWS cloud provider, Yellow New Zealand do not need to spend their time and money on a physical server environment, as that responsibility belongs to AWS. Secondly, Yellow New Zealand desired fast service delivery, which has been able to be implemented as a continuous-delivery model through the adoption of a cloud based environment such as AWS. Thirdly, as Yellow New Zealand is an address business, they desired for a service that provided scaling, while keeping a high quality of delivery. This was able to be resolved through the Amazon ElastiCache mixed with code optimizations, which provided rapid response time, with the rest of the AWS services enabling the needed capacity for the business’ requirements. Finally, the employment of the cloud service provider has provided Yellow New Zealand an environment for the migration of further applications from local infrastructure to cloud infrastructure, which enables Yellow New Zealand the capacity for further growth with reduced costs.

National Instruments Case Study
National Instruments (NI) is a business that was founded in 1976, and is headquartered in Austin, Texas. NI provides technology and technology solutions around the world, in many different industries.

One item of technology that NI provides its customers is a software development environment called LabVIEW. LabVIEW contains a module called FPGA which enables the building of re-programmable silicon chips into applications. One of the limitations of an FPGA design is that it must be compiled before it is deployed, which can be very resource intensive and time intensive. As the company grew, the need for greater infrastructure increased, and the FPGA compilations became more compute intense, which resulted in motivating the NI LabVIEW team to consider cloud computing as a viable resource.

NI’s FPGA team used AWS’s EC2 on-demand instances to host their compilation service. AWS is also able to be used by the team for testing and internal development, and the AWS auto-scaling feature and EC2 Spot instances, all of which assist in reducing computing costs for testing product features. The principle cloud architect at NI stated that the reason for using AWS  as their cloud service provider, was due to the evaluation that “AWS is simpler than other cloud environments, gave [NI teams] more control, and didn’t force [NI teams] to apply updates that would break compatibility.” NI’s teams also determined that they were able to create products through AWS without the need for specialist training or hiring an expert, which results in low expenses for they company.

The benefits of using cloud computing for NI are as follows:

  • AWS provides faster auto-scaling than NI’s local scaling process, which reduces the time response to increased workload. This is beneficial to NI as it results in less wait time for their customers.
  • The utilization of AWS’s Amazon EC2 Spot Instances for FPGA development and testing, saves the company 10 times the cost that would have incurred from on-demand testing.
  • The use of the Spot Instances saves NI approximately 85-90% in costs, which results in more investment into product testing and quality.
  • The use of cloud computing has saved NI from increasing their internal infrastructure, a project that would have cost them around $1 million.
  • The use of cloud computing for running testing and development has increased NI’s agility as their test workloads often vary, and AWS’s auto-scaling eliminates the need for unnecessary costs involved with idle servers.

The AWS cloud environment provides NI with the capacity for growth in extending cloud computing to its other development environments, and for exploring and experimenting with different tools and products.

 

Conclusion
Cloud service providers like AWS are able to assist national and international businesses in reducing costs, increasing accessibility, and increasing speed. For Yellow New Zealand, costs were reduced because they didn’t need to build a physical server, the move from a physical address book to one based online increased Yellow New Zealand’s availability and accessibility for its customers, and the use of AWS’s ElastiCache enabled faster response time for their websites. For National Instruments, costs were reduced as Amazon’s storage service meant that they didn’t need to invest in increasing their own server, the accessibility of their products was increased through the use of AWS’ auto-scaling that was faster than their previous version, and the speed for customers was increased due to the reduced wait-time with the auto-scaling service.

References

Comparison of Cloud Computing Service Vendors

The purpose of this analysis is to identify vendors who are offering IaaS public cloud computing services that could be used by New Zealand organizations.

The three vendors being compared are: IBM, Google Cloud Platform, and Amazon Web Services (AWS).

Comparing Technologies:

What are three technologies that these vendors offer?

1.) Storage:
Storage servers are designed to hold data volumes from a company, while keeping the data enabled to be transferred. Storage quality can be considered with five different factors; flexibility, scalability, reliability, availability, and data integrity.

Flexibility of storage is based upon whether the deployment is public, private, of hybrid, and whether the deployment solution is held within a region, or across many regions. [1]

Scalabiltiy of storage is the ability for the server or servers to handle large changes in data volume as the required by the organization.
This can be done by scaling out, which is the process of increasing server number in response to increased data volumes, or scaling out, which is the process of adding more to a single server in response to increased data volumes. [4]

Reliability is a percentage measurement based upon the cloud provider’s promised accuracy of data, and guarantee of transfer delivery of the data. [5]

Availability is a percentage measurement based upon the cloud provider’s promised up-time, with maintenance outages such as updates, and unplanned outages kept in mind. [6]

Data integrity is the ability on the provider to ensure that any data does not become corrupted, and if such a case occurs, the data is able to be fixed.

IBM offer storage services of object storage, file storage, block storage, and mass storage. [2]
Google Cloud Platform offers object storage, file storage, and big data storage. [9] 
AWS offers object storage, file storage, and block storage. However, it contains multiple services of object storage, each designed for different purposes. [10]

2.) Load Balancing
Load balancing is designed to assist with the uptime of a server and the response time of the traffic involved. This is done having the processing and communications of a system shared across multiple servers, thereby reducing the strain from any single server. This is effective in reducing latency, and easing the load on the servers.[7]

IBM offers local load balancing, local and global load balancing, and high availability dedicated load balancers. [7]
Google Cloud Platform offers global load balancing, regional internal load balancing, and regional network load balancing. [12]
AWS
 offers a ‘Classic Load Balancer’ which applies to application and network level information. It also offers an ‘Application Load Balancer’ which applies to application level information that is more advanced than what is required for the Classic Load Balancer. The Classic Load Balancer is able to route traffic across AWS’s ‘EC2 instances’, whereas the Application Load Balancer is able to route traffic and load balance on a single instance.[11]

3.) Containers
Containers are a form of virtualization technology that are able to run applications, and storage in an isolated environment. Containers store one application and its relevant data that is required for it to run. This form of application packaging is designed to increase infrastructure efficiency, with each container only using the least amount of required resources, and multiple containers able to be run upon a single instance. [13][14][15]

IBM provides a container service that utilizes the open-source ‘Kubernetes’, which assist in deployment, scaling, and management of the container. [16]
Google Cloud Platform provides cluster set-up and management for containers, which are built upon the Kubernetes system. [17]
AWS provides a container service for the management of Docker containers. The containers are designed to use a cluster of EC2 instances, and utilize many other AWS services. [18]

 

Comparing Technology Charges:

What are the charges involved for these technologies?

1.) Storage
Storage pricing is considered for regional storing.

IBM storage is located in the US, which would imply latency issues. The website currently provides pricing information for the US, but not for Australia or New Zealand. However, this doesn’t necessarily imply that Australia doesn’t have an IBM server centre, it simply requires further research and contact to find it.

Object Storage [19]  Per GB per Month
(US Pricing) Regional Resiliency
Storage  0-499.99TB $0.022
Storage  500TB+ $0.020
Data Retrieval No Charge
Class A Operations: PUT, COPY, POST, and LIST Requests ($ per 1,000 Requests) $0.006
Class B Operations: GET and all other Requests ($ per 10,000 Requests) $0.005
Delete Requests No Charge

Google Cloud Platform is set in Singapore, which is the closest location to New Zealand, as Google doesn’t have an Australian region yet. [20]

Object Storage [21] Per GB per Month
 (US Pricing) Regional
Storage $0.020
Data Transfer Free
Class A Operations (per 10,000 operations) $0.050
Class B Operations (per 10,000 operations) $0.004
Free Operations Free

AWS do have a region in Sydney, Australia, and as such, these prices are taken from that location. However, the pricing is still in USD.

Object Storage [22] Per GB per Month
 (US Pricing) Regional
Storage:First 50 TB 0.025
Storage: Next 450 TB 0.024
Storage: Over 500 TB 0.023
Data Transfer  FREE
Class A Operations (per 10,000 operations) $0.0055
Class B Operations (per 10,000 operations) $0.0044
Delete Requests FREE

Conclusion
In terms of regional storage pricing, Google Cloud Platform offer the lowest flat-rate pricing, but are more expensive for their combined costs class A and B operations than AWS. IBM offers the next lowest tiered-pricing for storage, but their class A operations cost almost ten times the amount of the AWS class A operations. In conclusion, I would consider AWS to offer the lowest price for storage overall.

 

2.) Load Balancing

IBM

Load Balancing [23]
Local Load Balancing (Per month) W SSL
250 Connections 49.99 99.99
500 Connections 99.99 199.99
1000 Connections 199.99 139.99
2500 Connections 499.99 999.99
5000 Connections 999.99 1999.99

Google Cloud Platform

Load Balancing [24]
Item Price per Unit (USD) Pricing Unit
First 5 forwarding rules $0.025 Per Hour
Per additional forwarding rule $0.010 Per Hour
Data processed $0.008 Per GB

AWS

Load Balancing [25]
0.0252 per Application Load Balancer-hour (or partial hour)
0.008 per LCU*-hour (or partial hour)
*LCU contains: [25]
25 new connections per second
3000 active connections per minute
2.22MBps (=1 GB per hour)
1000 rule evaluations per second

Conclusion
Comparing load balancing between the different providers is harder than comparing storage as each provider measures load balancing differently. In this instance, the specifications of an organization requiring load-balancing would hold more information in regards to which provider would be most suitable. For a smaller sized business, I would consider the AWS load balancing option to be the most suitable as it is cheaper than Google Cloud Platform’s service, and may not require the same amount of connections that is offered by IBM’s service.

 

3.) Containers

IBM
IBM utilizes the open-source Kubernetes and does not display a charge allocated with this service. [16]

Google Cloud Platform

Container [26]
Item Cost
First 120 build-minutes per day per billing account No charge *
Additional build minutes** $0.0034 / build-minute
* Promotional free tier of 120 free build-minutes per day is subject to change.

**The Google Cloud Platform defines build minute charges as such: “A build-minute is incurred for every minute that a build initiated by Container Builder is in process. Build-minutes are not incurred for the time that a build is queued. Charges are accrued to the billing account associated with the Google Cloud Platform Console project that initiated the build.” [26]

AWS
Amazon Web Services states the following in regards to container pricing: “There is no additional charge for Amazon EC2 Container Service. You pay for AWS resources (e.g. EC2 instances or EBS volumes) you create to store and run your application. You only pay for what you use, as you use it; there are no minimum fees and no upfront commitments.” [27]

Conclusion
In terms of container service options, IBM is an option but does require a separate site which creates more hassle then what is optimal. The Google Cloud Platform charges for the same type of storage offered free by IBM, and hence, would be my last choice. AWS only charges for the resources used by the container, which is something that neither other provider mentioned. However it uses a different form of container than what is offered by IBM and Google Cloud Platform, which may cause difficulties for a business, but that is something that would require further study.

 

Comparing Security Measures:

What security measures are used to ensure the safety of operations and client systems/data?

IBM
IBM’s security measures deal with security, privacy, and compliance. In regards to compliance, their website provides a compliance list with respect to their Bluemix products. [28] In terms of security and privacy from IBM’s position, they provide partnership options for ‘Intrusion Protection Systems’ and ‘Intrusion Detection and Prevention Systems’ with security software, scanning and logging capabilities, and regular updates.[29]  In terms of security and privacy from an organization’s position, security measures such as key generation, privileges and roles, passwords, and session inactivity lockout. [30]

Google Cloud Platform
Google Cloud Platform also has security measures that involve security, privacy, and compliance. Google Cloud Platform’s compliance list involves independent audits of infrastructure, services and operations. [31] In terms of security and privacy from Google Cloud Platform’s position, they hold security and privacy events for raising awareness, have a security team, a privacy team, an internal audit and compliance team. They also assist their customers in vulnerability management, malware prevention, as well as constantly monitoring network traffic for security issues, and processing any incident management. [32] In terms of security and privacy from an organization’s position, Google Cloud Platform provides key encryption and management, [33] Identity and Access Management (IAM) permissions, roles, requests, user management, network firewall maintenance, logging, and penetration testing. [34]

AWS
AWS also contain security measures for security, privacy, and compliance. In terms of AWS’s responsibility, they provide a whitepaper detailing compliance and risk management, [35] they provide detail and best practices for optimal cloud security such as data encryption, monitoring and logging, identity and access control, and available security partners. [36] In terms of an organization’s responsibility, the customer has complete control over their data so it lies within their responsibility to ensure its security and privacy. [37] This can be achieved through key management, roles, permissions, user management, logging, encryption, incident response protocols established, multi-factor authentication, and boundary protection for both network and host levels. [37]

Conclusion
Each provider is concerned about security, privacy, and compliance. The main difference in each provider, is the level of control and responsibility that customer obtains. Google Cloud Platform has most provider-based security measures, which involve task-specific teams and network monitoring, whereas AWS provides the customer with the security solutions but places the responsibility of best practices implementation upon the customer. IBM is a smaller provider and supplies basic security processes such as key management and user passwords, but supply optional delegation of the more complex security issues to security partners.

———————————————————————————————————————————
References:

  1. (n.d.) IBM Cloud, IBM. https://www.ibm.com/cloud-computing/products/storage/object-storage/ (Last accessed: 31 May 2017)
  2. (n.d.) (July 2016) IBM Cloud Object Storage System features and benefits. https://public.dhe.ibm.com/common/ssi/ecm/ts/en/tss03183usen/TSS03183USEN.PDF (Last accessed: 31 May 2017)
  3. (n.d.)  Storage Insights: Slicestor Nodes, IBM: IBM Knowledge Center. https://www.ibm.com/support/knowledgecenter/SSQRB8/com.ibm.spectrum.si.doc/mgr_storagesystem_object_slicestor_nodes.html (Last accessed: 31 May 2017)
  4.  Graf, Brian. (17 May 2013). Scalability : Scale-up or Scale-out, What it is and Why You Should Care. https://www.brianjgraf.com/2013/05/17/scalability-scale-up-scale-out-care/ (Last accessed: 2 June 2017)
  5.  Hardiman, Nick. (2 April 2012). Service reliability: Understanding what it means and how to acheive it. http://www.techrepublic.com/blog/the-enterprise-cloud/service-reliability-understanding-what-it-means-and-how-to-achieve-it/ (Last accessed 2 June 2017)
  6.  Carlson, Lauren. (7 June 2011). The Downtime Dilemma: Reliability in the Cloud. http://blog.softwareadvice.com/articles/crm/reliability-in-the-cloud-1060611/ (Last accessed 2 June 2017)
  7. (n.d.) Load Balancing, IBM: IBM Cloud: Bluemix. https://www.ibm.com/cloud-computing/bluemix/load-balancing (Last accessed: 1 June 2017)
  8. (n.d.) Internet of Things, IBM: IBM Cloud: Bluemix. https://www.ibm.com/cloud-computing/bluemix/internet-of-things (Last accessed: 2 June 2017)
  9. (n.d) Choosing a storage option, Google Cloud Platform. https://cloud.google.com/storage-options/ (Last accessed: 3 June 2017)
  10. (n.d.) Cloud Storage with AWS, Amazon Web Services. https://aws.amazon.com/products/storage/?nc2=h_l3_db (Last accessed: 3 June 2017)
  11. (n.d.). Elastic Load Balancing, Amazon Web Services. https://aws.amazon.com/elasticloadbalancing/?nc2=h_l3_n (Last accessed: 3 June 2017)
  12. (n.d.) Load balancing, Google Cloud Platform: Compute Engine: Documentation. https://cloud.google.com/compute/docs/load-balancing/ (Last accessed: 3 June 2017)
  13. (n.d.) What are Containers?, Amazon Web Services. https://aws.amazon.com/containers/ (Last accessed: 3 June 2017)
  14. Shapland, Rob. (February 2016). Cloud Containers — What they are and how they work. http://searchcloudsecurity.techtarget.com/feature/Cloud-containers-what-they-are-and-how-they-work (Last accessed: 3 June 2017)
  15. Perlow, Jason. (21 April 2015) Containers: Fundamental to the cloud’s evolution. http://www.zdnet.com/article/containers-fundamental-to-the-evolution-of-the-cloud/ (Last accessed: 3 June 2017)
  16. (n.d.) Kubernetes. https://kubernetes.io (Last accessed: 3 June 2017)
  17. (n.d.) Container Engine, Google Cloud Platform. https://cloud.google.com/container-engine/ (Last accessed: 3 June 2017)
  18. (n.d.) Amazon EC2 Container Service, Amazon Web Services. https://aws.amazon.com/ecs/?nc2=h_l3_c (Last accessed: 3 June 2017)
  19. (n.d) IBM Cloud Object Storage: Public Services. IBM: Object Storage Public. http://www-03.ibm.com/software/products/en/object-storage-public/#othertab2 (Last accessed: 3 June 2017)
  20. (n.d.) Cloud Location: Google Cloud Platform. https://cloud.google.com/about/locations/#locations (last accessed: 3 June 2017)
  21. (n.d.). Google Cloud Storage Pricing, Google Cloud Platform. https://cloud.google.com/storage/pricing (Last accessed: 4 June 2017)
  22. (n.d.) Amazon S3 Pricing, Amazon Web Services. https://aws.amazon.com/s3/pricing/ (Last accessed: 4 June 2017)
  23. (n.d.) Load Balancing, IBM: Bluemix. https://www.ibm.com/cloud-computing/bluemix/load-balancing (Last accessed: 4 June 2017)
  24. (n,d,) Load Balancing and protocol forwarding, Google Cloud Platform. https://cloud.google.com/compute/pricing#lb (Last accessed: 4 June 2017)
  25. (n.d.) Classic Load Balancer Pricing, Amazon Web Services. https://aws.amazon.com/elasticloadbalancing/classicloadbalancer/pricing/ (Last accessed: 4 June 2017)
  26. (n.d.) Pricing and Quota, Google Cloud Platform. https://cloud.google.com/container-builder/pricing (Last accessed: 4 June 2017)
  27. (n.d.) Amazon EC2 Container Service Pricing, Amazon Web Services. https://aws.amazon.com/ecs/pricing/ (Last accessed: 4 June 2017)
  28. (n.d.) Compliance without complication, IBM Cloud: Bluemix. https://www.ibm.com/cloud-computing/bluemix/compliance (Last accessed: 4 June 2017)
  29. (n.d.) Secure your platform, IBM Cloud: Bluemix. https://www.ibm.com/cloud-computing/bluemix/security-privacy#privacy (Last accessed: 4 June 2017)
  30. (n.d.) Data Security and Privacy Principles for IBM Cloud Services, IBM. http://www-03.ibm.com/software/sla/sladb.nsf/pdf/7745WW2/$file/Z126-7745-WW-2_05-2017_en_US.pdf (Last accessed: 4 June 2017)
  31. (n.d.) Google Cloud Platform Security, Google Cloud Platform. https://cloud.google.com/security/compliance (Last accessed: 4 June 2017)
  32. (n.d.) Google Security Whitepaper, Google Cloud Platform. https://cloud.google.com/security/whitepaper (Last accessed: 4 June 2017)
  33. (n.d.) Cloud Key Management Service, Google Cloud Platform. https://cloud.google.com/kms/ (Last accessed: 4 June 2017)
  34. (n.d.) Google Cloud Platform Security, Google Cloud Platform. https://cloud.google.com/security/ (Last accessed: 4 June 2017)
  35. (May 2017) Amazon Web Services: Risk and Compliance, Amazon Web Services. https://d0.awsstatic.com/whitepapers/compliance/AWS_Risk_and_Compliance_Whitepaper.pdf (Last accessed: 5 June 2017)
  36. (n.d.) AWS Cloud Security, Amazon Web Services. https://aws.amazon.com/security/ (Last accessed: 5 June 2017)
  37. (November 2016) AWS Well-Architected Framework, Amazon Web Services.  https://d0.awsstatic.com/whitepapers/architecture/AWS_Well-Architected_Framework.pdf (Last accessed: 5 June 2017)

Running the CloudFormer Template

This blog post follows on from the previous post: Adjusting the CloudFormer Template

After the first stack creation of the CloudFormer template, the rollback errors provide information on what needs to be adjusted in the JSON script.

The following list contains the ‘CREATE_FAIL’ events, and my method in resolving these errors.

Adjustments to the CF Template

  • FAIL: dbsubnetdefaultvpc91a918f5; Some input subnets (subnet-1ab50b43, subnet-93532cf7) are invalid.
    • Attempting to remove from the JSON script:
      “SubnetIds”: [
      “subnet-1ab50b43”,
      “subnet-93532cf7”
      ]
    • The first attempt was unsuccessful, so attempting to delete the entire subnet:
      “dbsubnetdefaultvpc91a918f5”: {
      “Type”: “AWS::RDS::DBSubnetGroup”,
      “Properties”: {
      “SubnetIds”: [
      “subnet-1ab50b43”,
      “subnet-93532cf7”
      ]
      “DBSubnetGroupDescription”: “Created from the RDS Management Console”,
      } },
    • This was successful

 

  • FAIL: Route4, Route1; Exactly one of [GatewayId, NatGatewayId, InstanceId, VpcPeeringConnectionId, NetworkInterfaceId, EgressOnlyInternetGatewayId] must be specified and not empty.
    • Attempting to remove from the JSON script, routes 4 and 1:
      “route4”: {
      “Type”: “AWS::EC2::Route”,
      “Properties”: {
      “DestinationCidrBlock”: “0.0.0.0/0”,
      “RouteTableId”: {
      “Ref”: “rtbdbb390bf”
      }}},

      “route1”: {
      “Type”: “AWS::EC2::Route”,
      “Properties”: {
      “DestinationCidrBlock”: “0.0.0.0/0”,
      “RouteTableId”: {
      “Ref”: “rtb40ad8e24”
      }}},

    • This was successful

 

  • FAIL: Route 5, Route 2; Exactly one of DestinationCidrBlock and DestinationIpv6CidrBlock must be specified and not empty.
    • Inserting “DestinationCidrBlock”: “0.0.0.0/0”, into Properties for Route2 in the JSON script.
    • Inserting “DestinationCidrBlock”: “10.0.0.0/19”, into properties for Route 5 in the JSON script (This relates to subnet cidr 1A)
    • This was successful

 

  • FAIL: Route 5, Route 2; The Gateway ID (vpce-20e01049) does not exist.
    • Attempting to delete both routes from the JSON script:
      “route2”: {
      “Type”: “AWS::EC2::Route”,
      “Properties”: {
      “DestinationCidrBlock”: “0.0.0.0/0”,
      “RouteTableId”: {
      “Ref”: “rtb40ad8e24”
      },
      “GatewayId”: “vpce-20e01049”
      }},

      “route5”: {
      “Type”: “AWS::EC2::Route”,
      “Properties”: {
      “DestinationCidrBlock”: “10.0.0.0/19”,
      “RouteTableId”: {
      “Ref”: “rtbdbb390bf”
      },
      “GatewayId”: “vpce-20e01049”
      }},

    • This was successful

 

  • FAIL: lcADDSScenario3RDGWStack1USE0PZ69GKRQRDGWLaunchConfiguration1QJ9NVFDQSTXX;
    Invalid IamInstanceProfile: AD-DS-Scenario-3-RDGWStack-1USE0PZ69GKRQ-RDGWHostProfile-CLZHHC4VKEC1

    • Attempting to delete section from JSON script (line 269) … LaunchConfiguration… object:
      “IamInstanceProfile”: “AD-DS-Scenario-3-RDGWStack-1USE0PZ69GKRQ-RDGWHostProfile-CLZHHC4VKEC1”,
    • This was successful

 

After resolving all of these errors, my CloudFormer template was able to create a stack without any rollbacks.

037 CFTemplate Complete

Although I am pleased that I managed to enable the stack to reach the status of ‘CREATE_COMPLETE’, due to the large amount of script deleted, I am uncertain as to whether my script still runs as it was originally designed.

When I run my template though the AWS template designer, the following diagram is displayed.
038 CFTemplate DesignerTemplate

This diagram does not look the same as the sample diagram found in the Microsoft Quick Start guide for ‘Scenario 3’, shown below.
Figure for Scenario 3

My next step then, is to compare the two diagrams to determine the discrepancies between my stack template and the sample template.

Adjusting the CloudFormer Template

Once the AWS CloudFormer template has been created, it needs to be run through the AWS CloudFormation ‘Create Stack’ option. This has been done by copying the CloudFormer JSON script into the Notebook++ program, and then uploading the Notebook++ file during the ‘Select Template’ portion of the Stack creation settings.

000 Upload File

Once, the template has been chosen, it requires a name, and the option of a tag. For my stacks, they have been numbered in regards to how many iterations of the script I have run through ‘Create Stack’.

010 NewReview

During the creation process of the stack, the created events can be viewed.

005 Create_In_Progress

The initial template stack contains errors that cause the creation process to rollback, and fail to complete the stack’s creation.

006 Rollback Error

The method used in removing the errors, was to find the first ‘CREATE_FAILED’ event for the stack, and attempt to solve this event failure based upon the information provided in the right-hand column of the event.

For my first CloudFormer script, came across the following problems, which I attempted to solve.

Adjusting the CF Script

  • DestinationCidrBlock Empty
    • For each event fail that referenced this error, I sourced the IPs and their respective Cidr from the initial Microsoft ‘Scenario 3’ stack creation settings, and placed them into their corresponding Routes based upon the route description.
  • Missing NetworkInterfaceID
  • Unresolved Dependencies
    • The unresolved dependencies were specific to two different routes. As I couldn’t determine a resolution to this error, I saved a copy of each of the routes, then deleted them.

These errors comprised the bulk of my event failures, and throughout each iteration of the stack, more errors would evolve. Most of these errors were derived from the network interface JSON script that I had added to the CloudFormer script. I eventually came to conclusion, with the help of others, that I should re-attempt the Microsoft Quick-Start ‘Scenario 3’ template through CloudFormation and Cloudformer, which would provide me with a clean template to work upon again.

The persuasive reason behind this action was the knowledge that this project was not intended to focus on the intricacies of the JSON script, which I had been doing in my attempts to successfully fix my first CloudFormer script.

Introduction to Active Directory Domain Services

This next project involves using AWS’s CloudFormation service in building an active directory (AD), and also deploying and automating it.

Amazon CloudFormation service is described as “a service that helps you model and set up your Amazon Web Services resources so that you can spend less time managing those resources and more time focusing on your applications”.
Hence, it is an applicable service for deploying and automating an AD. –What is AWS CloudFormation

The specific CloudFormation template that will be used for this project is the ‘Microsoft Active Directory Quick Start: AD DS with AWS Directory Service on the AWS Cloud’, which is scenario 3.
Quick Start Options

The template is designed to provide the following architecture:
Figure for Scenario 3

The purpose for this project is to redesign the template so that it is simplified, improved, optimized, and personalized.

Resolving Bills in AWS

Over the past week, I have been keeping a close eye on my AWS billing log so as to determine which services have charging me without my knowledge.

On the 14/4/2017, I received an EC2 alarm that I was able to determine that it came from the EBS service. To my knowledge, that was the cause of credit expenditure, so I shut it down.

However, I received another alarm notification on the 17/4/2017, this time in regards to my RDS budget.
Billing Alarm 17_4

This concerned me, as I had removed my instances from being Multi-AZ enabled, which meant that I was running them from the free tier. To gain more understanding, I looked through the billing specifics for the RDS service.
RDS N Vir Bill 17_4 2237

What I determined, was that my instances were being charged under the North Virginia region. Due to my assumption that they were running completely within the free-tier conditions, I was not using best practices, and was keeping my instances running while not in use. I had not considered that my decision to have them backed up in another region would invoke a fee.

My next move, was to snapshot and delete my main instance. I chose not to delete the replica immediately, as in my previous experience with backing up and restoring instances, I had found the replica to be more difficult to re-establish during the restoration process.

I checked my bills the next morning to find that the running replica instance was still charging my account. I then proceeded to take a snapshot of the instance, then delete it. My concern for unnecessary charges took precedence over the increased difficulty for restoration. The following screenshot shows the billing amount for the RDS service in North Virginia.

RDS N Vir Bill 18_4 0933 RDS Closed NVR

Billing amount at 09:33am 18/04/2017

I then took another screenshot later in the day to check whether there was any increase in the billing amount.

RDS N Vir Bill 18_4 1145 RDS Closed NVR

Billing amount at 11:45am 18/04/2017

The lack of increase confirmed that it was the two running instances that were causing my credit to be charged.

Just in case there were any other expenditures that were increasing my bill, I also checked the overall billing amount during the course of the day, Once at 11:45am and once at 01:25pm. I saw no increase in the overall budget. This meant that I had managed to resolve all of the unnecessary expenditures.