/spi

Primary LanguageHCL

NetSPI - DevOps Screening Test

Through AWS console, provision an Elastic IP. Assign a tag “Project” with value “NetSPI_EIP” to it. Once it's available, write a Terraform code to implement following infrastructure resources:

  • S3 bucket with private access permissions
  • EFS volume
  • An EC2 instance with SSH access
  • All required resources like VPC, Subnets, Security Groups etc. to provision above mentioned resources

These resources should fulfil following requirements:

  • An elastic IP provisioned in the step #1 should be assigned to the provisioned EC2 instance for its public IP
  • An EFS volume should be mounted on the EC2 instance at /data/test while it boots up
  • One should be able to write data to mounted EFS volume
  • One should be able to write data to the provisioned S3 bucket (No AWS credentials should be stored/set on the EC2 instance)
  • Terraform should display S3 Bucket ID, EFS volume ID, EC2 instance ID, Security Group ID, Subnet ID as part of output generated by Terraform apply command

Deployment and validation instructions

Note: The instructions below assume that you have created an elastic ip with the tag “Project” with value “NetSPI_EIP”, as well as the terraform CLI installed and correctly configured to work with AWS. See the tutorial here for help getting started.

  • Clone the repository.
git clone git@github.com:NetSPI/devops-assignment.git
cd devops-assignment
  • Initialize terraform and review the plan.
terraform init
terraform plan
  • Apply the plan.
terraform apply --auto-approve
  • Wait a few moments for the resource creation to complete, then observe the outputs.
Outputs:

ec2_instance_id = "i-06427abcb8c316123"
ec2_sg_id = "sg-052486c2ca7809123"
efs_sg_id = "sg-0df3a2b0b19266123"
efs_volume_id = "fs-09c48c2162b977123"
elastic_ip = "3.14.159.26"
s3_bucket_id = "netspi-screening-abc123"
subnet_id = "subnet-0199ab1758b03123"
  • Connect to the new machine.
ssh -i ssh/foo.pem ec2-user@{{ elastic_ip_public_address }}

Note: In the ssh command above, substitute the public IP address of the elastic IP you created as part of pre-setup. For example: ssh ec2-user@1.2.3.4

Validate S3

dd if=/dev/zero of=~/test bs=1024 count=1024
aws s3 cp ./test s3://netspi-screening-abc123
aws s3 ls s3://netspi-screening-abc123/
  • Observe that the test file is present: 2023-03-24 01:23:37 10485760 test

Validate EFS

dd if=/dev/zero of=/data/test/file bs=1024 count=10240
ls -al /data/test/
  • Verify the file was created.
-rw-rw-r-- 1 ec2-user ec2-user 104857600 Mar 24 13:44 file

  • Open the EFS console in a web browser. After some time, observe that the "Total size" is now 10MB.

  • Once validation is complete, review the destroy plan and destroy the resources.

tf destroy