System Design in GCP WAF with Terraform

Transcript

1. None
2. None

3. Guaranteeing System Design in GCP WAF with Terraform

4. Cloud Infrastructure Engineer @google Site Reliability Engineering & Chaos Engineering

   Advocate @yurynino www.yurynino.com Yury Niño Roa

5. WAF Well Architecture Framework New version including design Design System

   Design Why is it important? Creativity Make them with Creativity Cognitive process Terraform Infrastructure as Code Since the design Agenda Topics www.yurynino.com .

6. Design - Creativity Cognitive Process 01

7. Designing is more than Designing Your brain does more while

   you are Designing When we are designing software, we are mentally trying to execute the code to predict what will happen.. The part of brain used to do creations is called the WORKING MEMORY. www.yurynino.com .

8. Creativity is not just for Creating Art While you are

   designing … you are creating You do not need to be a genius … it is about solving problems The desire to create is one of the deepest yearnings of the human soul ...

9. Confusion is part of Designing Design architectures might scare us

   … www.yurynino.com .

10. My invitation today! is: “Use your Long Term Memory” While

    you are designing IaC Yop :) www.yurynino.com .

11. WAF - CAF Well - Cloud Architected Framework 02

12. System Design Design Patterns, Practices and Principles Industry Solutions Design

    Principle Best Practice Industry Guided Path Operational Excellence Security, Privacy & Compliance Reliability Cost Optimization Performance Optimization Cloud Architecture Framework

13. Well Architected Framework Other Versions www.yurynino.com .

14. Cloud Architecture Framework Recommendations & Best Practices Cloud Architecture Framework

    provides recommendations, principles and best practices to help cloud practitioners to design and operate a cloud topology that's secure, efficient, resilient, high-performing, and cost-effective. Design Operational Excellence Security Reliability Cost Optimization Performance Optimization www.yurynino.com .

15. How to use Architected Framework Can be used ... …

    as a guide to understanding various aspects of the architecture. … as highlights to evaluate if you're currently doing or planning to do it in your existing solution. … as a set of design questions that are meant to guide a migration. … as a checklist to apply common best practice recommendations. www.yurynino.com .

16. 03 System Design Why is it important?

17. Why a new pillar? Do we have a new thing

    in which to think? Design has always been important! Eureka! That moment for creating! How to define the architecture: • Components • Modules • Interfaces • Data Define how to satisfy specified system requirements … How to solve a problem! www.yurynino.com .

18. Why a new pillar? To design/create a robust system Google

    recommends ... … as a guide to understanding various aspects of the architecture ... • Clearly document your application requirements. • Decouple your applications to reduce system complexity. • Use managed services where possible to minimize overhead. www.yurynino.com .

19. Principles … Practices … Patterns Secondary headline / 1 line

    max. Delete if slide title is 2 lines. Design Principle: • An abstract, fundamental, platform-independent piece of advice • Example: “Systems and procedures must be designed for recovery from disaster scenarios such as data loss or regional outages.” Design Practice: • A proven application of one or more backups • Example: Data backup with periodic restore testing. Multi-regional deployment with periodic failover testing. www.yurynino.com .

20. Principles … Patterns … Path Secondary headline / 1 line

    max. Delete if slide title is 2 lines. Design Pattern: • A deployment of best practices to address a specific use case • Example: Back up on-prem databases to Cloud Storage. Industry Guided Path: • Pointer to a collection of industry-relevant content in addition to Architecture framework best practices. www.yurynino.com .

21. There is a saying in the software design industry: “Good,

    Fast, Cheap” Pick two Larry Wall www.yurynino.com .

22. 04 Terraform Use Infrastructure as Code from the beginning

23. Select proper geographic regions Manage Cloud Resources Choose and manage

    compute https://cloud.google.com/architecture/framework/system-design System Design focus on ... Design your network infrastructure Analyze data and Optimize Implement Machine Learning

24. Google provides examples in Terraform

25. Google provides examples in Terraform

26. Landing Zone in AWS or Azure

27. ▪ Deploy over multiple regions. ▪ Consider geographic proximity. ▪

    Select according on available services. ▪ Compare pricing of major resources. ▪ Support sustainability. Select proper Geographic Regions To design a robust system Google recommends ...

28. ▪ Use a simple folder structure. ▪ Assign labels to

    support billing. ▪ Avoid creating large number of labels. ▪ Anonymize information in project names. ▪ Automate project creation. ▪ Reach compliance and audit regularly. Manage Cloud Resources To reach best practices Google recommend using labels and tags ...

29. ▪ Choose a compute platform. ▪ Evaluate serverless options. ▪

    Design for scaling. ▪ Consider that Kubernetes is not tricky. ▪ Test networking decisions. Choose Manage Compute Make the proper decision for migrating ...

30. CODE EDITOR How to create Design factories? module "project-factory" {

    source = "terraform-google-modules/project-factory/google" version = "~> 10.1" name = "pf-test-1" random_project_id = true org_id = "1234567890" usage_bucket_name = "pf-test-1-usage-report-bucket" usage_bucket_prefix = "pf/test/1/integration" billing_account = "ABCDEF-ABCDEF-ABCDEF" svpc_host_project_id = "shared_vpc_host_name" https://github.com/terraform-google-modules/terraform-google-project-factory

31. CODE EDITOR How to secure Design factories? module "projects_iam_bindings" {

    source = "terraform-google-modules/iam/google ..." version = "~> 6.4" projects = ["project-123456", "project-9876543"] bindings = { "roles/storage.admin" = [ "group:[email protected]", "user:[email protected]", ] "roles/compute.networkAdmin" = [ https://github.com/terraform-google-modules/terraform-google-iam

32. CODE EDITOR How to organize Design factories? module "org-policy" {

    source = "terraform-google-modules/org-policy ..." version = "~> 3.0.2" constraint = "constraints/serviceuser.services" policy_type = "list" organization_id = "123456789" enforce = true exclude_folders = ["folders/fdr1-id", "folders/fdr2-id"] exclude_projects = ["project3", "project4"] } https://github.com/terraform-google-modules/terraform-google-org-policy

33. Thank You [email protected] | learn.hashicorp.com | discuss.hashicorp.com www.yurynino.com .