Table of contents
Last week, I attended the DeveloperWeek conference in Oakland, CA. You’ve likely heard of the industry's largest live virtual expo, but in case you haven’t, DeveloperWeek is a two day conference for developers, devops engineers, and product managers. Last year, I gave a talk on Building Applications with Infrastructure as Code. This year, I was asked to do a demo at the Akamai booth that showcases our new VPC product. So I thought, why not combine my IaC talk with this new product? So that’s what we did.
The DevWeek conference is different from a lot of other conferences in the industry because it’s focused on tooling and showcases a broad range of vendors. If you’re looking to learn about new tools and upcoming tech, this is the place to go.
The folks who stopped by our booth were a mixed bag. On one hand, we had a lot of students stop by who were looking to speak to recruiters. We also had people stop by our booth who had never heard of Akamai. This is common. We also had DevOps experts who were curious about server configurations and had detailed technical questions. There was a broad spectrum of knowledge among the crowd.
Lessons from the Farmer’s Market Analogy
My favorite talk at DeveloperWeek was by Billy Thompson on avoiding vendor lock in, something I have struggled with in the past. He started with an analogy of a Farmer’s Market. Billy loves the farmer’s market, and the variety of vegetables sold. He goes to all of the stalls and chooses his favorite in-season vegetables at the best cost. What would it be like if he only went to one stand at the farmer’s market and skipped over the other 30 farmers that are there every week? He would be missing out on the diversity of the other farmers, missing out on things that maybe that one farmer didn’t offer, or could possibly be getting the same vegetables at a cheaper cost.
That’s similar to how cloud computing is nowadays. People have this tunnel vision and think that cloud is spelled AWS, GCP, or AZURE. However, there are more than 20 different cloud providers that offer many of the same services. We, as cloud engineers, need to make good decisions that better serve ourselves and our business needs.
Instead of choosing a cloud provider because of its name, there’s a huge benefit in choosing multiple cloud providers whose features suit each of your individual needs. You can pick the things you like from each one just like choosing the vegetables from each farmer that look the best and are in season, all at the right price.
Billy had the audience do an exercise called the Bare Bones Approach. Think of your application. Strip it down to the bare bones. Then, add one layer of supporting functionality at a time. In this approach, you start by identifying the essential, fundamental needs of your application without any preconceived notions or preferences for certain technologies or providers. By doing so, you ensure that each layer of functionality added is purposefully chosen to meet your needs, rather than being influenced by external factors that may not align with the application's objectives. This approach leads to a more tailored, efficient, and effective use of technology that is directly aligned with the application's requirements. This different design philosophy allows for portability. It’s not about fixing something that’s not broken. It’s about fine-tuning your needs and making sure your cloud services meet those exact requirements.
The VPC Terraform Demo
Alright, now back to our demo. I did a demo with Austin Gil, a fellow dev advocate on my team.
We started by explaining the concept of a Virtual Private Cloud (VPC), which is a secure, isolated section of the cloud where you can launch resources within a virtual network you define. This setup offers several benefits, including enhanced security by isolating your computing resources, greater control over your network environment, such as IP address ranges and network gateways, and the ability to create a hybrid environment that extends your on-premise network to the cloud. We also touched on the principles of Infrastructure as Code (IaC) using Terraform, highlighting how it enables the automation and efficient management of infrastructure through code.
To bring our discussion on Virtual Private Clouds (VPC) and Infrastructure as Code (IaC) to life, we demonstrated the deployment of two distinct setups involving two databases.
Our first setup functioned without the confines of a VPC, serving as a baseline to highlight the comparative advantages. Our second setup was deployed within the secure boundaries of a VPC, providing a clear, real-world illustration of the enhanced security and network isolation a VPC can provide. This setup was particularly effective in showcasing how a VPC can safeguard against unauthorized access and maintain the integrity of an internal network.
As I mentioned earlier, we used Terraform for defining and provisioning infrastructure. Terraform configuration files are written in HCL, HashiCorp Configuration Language. Other cloud providers like AWS commonly use JSON or YAML. If you’re not familiar with HCL, there are plenty of code registries on the Terraform site to learn from. We deployed two databases with similar configurations, differing primarily in their network settings. The first database was deployed in a standard cloud environment without VPC protections, while the second was securely nestled within a VPC, showcasing the added layer of security and isolation. Both applications connected to these databases were designed to display a Pokémon database, providing a simple but effective way to demonstrate the functionality.
This allowed us to show that access to the databases starkly differed; the database in the non-VPC environment was readily accessible, illustrating a potential security vulnerability. In contrast, the database within the VPC remained inaccessible from the outside, effectively demonstrating the VPC's role in network isolation and protection of sensitive data.
The functionality of both versions of the application is identical. Each version displays a Pokémon database. However, because we’ve set the second database up using VPC to secure the database, we can only see the full details of the application accessing the first database.
When we try to access the second app, we can’t see the database, instead getting an error. Good. We’ve successfully prevented a bad actor from accessing private information.
This demo was our simple way of demonstrating how implementing network isolation layers can protect your application data. In this example, we separated different parts of the network to prevent unauthorized access to the Pokémon database. But this can translate to larger scale operations, like DevOps environments, or compliance requirements.
In a DevOps setup, you may have multiple environments such as development, staging, and production. Each environment requires distinct network configurations and access controls. By leveraging VPCs, you can create separate environments within isolated network boundaries. This ensures that changes made in one environment do not affect others and allows for granular control over network policies. With regards to compliance and regulatory requirements, industries such as healthcare, finance, and government are subject to stringent compliance regulations regarding data privacy and security. Using VPCs with isolation layers helps organizations adhere to these requirements by segregating sensitive data and workloads from the rest of the network. For instance, you might isolate personally identifiable information (PII) in dedicated subnets with encryption and access controls enforced at the network level. The concept of isolation layers can be used for applications across most sectors.
To try out our demo on your own, head to GitHub.
We only had 15 minutes for the demo, and there’s so much more we could have talked about, like deploying a VPC and dynamically adding subnets using Terraform.
Well, there you have it. It was another successful DeveloperWeek and I hope to be back next year to learn more from the rest of the tech community.
Thanks for reading! For all things cloud, follow me by clicking the follow button at the top of this page, subscribe to my newsletter below, and follow me on Twitter!