Why not, after all I link my github in my CV, I'd like to prove that even if I don't know the proper attributes of ami data block of the top of my head, I'm pretty familiar with it. The assumtion is that you have credentials configured either with aws CLI or in env.

swap-key.sh

Yeee this is a public facing repo, I'd like to not leak the access key by accident, so this is a simple bash script to replace the credentials in local ~/.aws/credentials

networking

Setup VPC, cheap NAT (shoutout AndrewGuenther/fck-nat) and openvpn. You control VPC CIDR, how many subnets to create, whether to force them into one AZ (cheaper traffic) and if you want to set the VPN address, you get SSH keys to instances, networking and VPN based on OpenVPN marketplace AMI. Also it contains ansible stuff. Say you need a devbox with some of the tools you can connect to with vscode/ssh and use as a sortof swiss army knife. So now there is option to create a devbox instance and then you can go and manually run ansible once it is up. ansible-playbook -i devbox devbox.yaml -v. Tested against the Paris and garbage internet, takes around 11 minutes. Also, there is a thing in ansible to run some basic config on all instances created via create_instance variable. ansible-playbook -i instances host.yaml -v

Inputs

Name	Description	Type	Default	Required
create_devbox	Whether to create and configure devbox	bool	true	no
create_instance	Create number of instances in private subnet	number	3	no
devbox_type	Size of devbox to create	string	"t3.medium"	no
force_one_zone	If true, all subnets will by default force instances to live in single AZ. Useful to cut cost	bool	false	no
number_of_subnets	Number of subnets to create in the VPC, the last one will be public, with autoassigned public ips	number	8	no
vpc_cidr	CIDR of VPC to be created in the format x.x.x.x/x	string	"10.0.0.0/16"	no
vpn_url	If set, will be passed to VPN to set as VPN address	string	""	no

Outputs

Name	Description
devbox_ip	IP of devbox that can be configured with ansible
devbox_pem_path	Path to devbox instance key
instances_ips	IPS of instances created in vpcs
instances_to_monitor_id	List of instances to create for the sake of monitoring
private_subnets	List of private subnets ids
public_subnets	Public subnet ID
vpc_cidr	CIDR of created VPC
vpc_id	ID of created VPC
vpn_ip	VPN instance IP
vpn_password	Password generated for VPN admin
vpn_webui	Address to VPN admin panel

eks

A happy attempt to set up EKS cluster. It will build the cluster with a self managed node group using the official module. Check the readme there for more details, it is wild

Outputs

Name	Description
cluster_name	Cluster name
oidc_provider_arn	OIDC ARN to be use with IRSA stuff

eks-cluster-config

Configure supporting services that would technically work only on EKS.

cluster-config

Configure supporting services that would technically work on any cluster running in AWS (like kOps). Currently works with:

• Nginx ingress controller

an-app

A helmchart that can be deployed for testing purposes. It roughly is helm init . with a few tweaks

cloudwatch-slack-notifications

Lambda implementation with all things around it like ecr and sns queue to handle cloudwatch notifications and send them to slack. You will need to have a var file with the value for slack hook, this is confidential thing

Inputs

Name	Description	Type	Default	Required
name	Base name used for few things, like ecr repo, lambda or SNS	string	"alert-notifier"	no
slack_hook	Slack webhook to push messages to	string	n/a	yes

Outputs

Name	Description
sns_topic_arn	SNS topic ARN, to be used with cloudwatch definitions

monitoring-deployments

Actual references to monitoring modules. The idea is to connect the thing in monitoring-modules like cpu monitoring with objects like instances in networking outputs. This is also the place that refers to SNS from cloudwatch-slack-notifications

monitoring-modules

A bunch of cloudwatch rules to catch various rules, like ec2 instance monitoring stuff