AWS Configuration for Resiliency

Questions and Answers

What does toggling between Taco Team Server 1 and Taco Team Server 2 indicate?

The deployment is only partially successful.

There is an error in the load balancer configuration.

Both instances are running and responding correctly. (correct)

The servers are undergoing maintenance.

Why is it important to treat the state data with respect?

A corrupt state can lead to severe operational issues. (correct)

State data is optional in Terraform configurations.

It allows you to create new servers automatically.

It avoids the need to read documentation.

What is the purpose of checking the documentation for the AWS provider?

To ensure all resources have been deleted.

To understand the commands for managing cluster scaling.

To avoid using any third-party libraries.

To find arguments and syntax for new resources. (correct)

What is being introduced regarding providers in the next module?

The process of adding another provider and managing versions.

What is suggested about the use of provisioners?

They should probably be avoided.

What is the primary concern with the current architecture setup?

It lacks resiliency.

Why is adding a second availability zone beneficial?

It protects the application from a zone failure.

Which component must be added to ensure both instances are accessible?

Load balancer

What is a single point of failure in this architecture?

Using a single EC2 instance

What is the first step in updating the architecture design?

Determining what new resources need to be added.

What aspect should be maintained even when adding new resources according to John?

Readability of the code

What is the purpose of updating configuration with new resources?

To improve architecture resiliency.

What does adding locals, outputs, and variables contribute to the configuration?

Allows better management of resources.

What is the purpose of adding an application load balancer in the updated architecture?

To serve as a public endpoint and direct traffic

Why is it important to specify an availability zone for each subnet in the new architecture?

To ensure redundancy and fault tolerance

Which resource is not explicitly needed for setting up the application load balancer?

aws_ec2_instance

What is a more dynamic way to specify availability zones for subnets?

Using a data source to get a list of availability zones

What is the recommended approach for moving configuration files in Terraform?

Organizing resources into separate dedicated files

What should be done first when creating new resources for the load balancer?

Add comments to the configuration file

Which documentation resource is mentioned as essential for configuring Terraform resources?

Terraform registry

What is one of the first steps mentioned when using the Terraform AWS Provider?

Understanding how to authenticate to the provider

Which resource is directly responsible for listening to traffic on port 80 for the load balancer?

aws_lb_listener

What file is suggested to rename to 'network.tf' in the restructuring process?

main.tf

Which method is emphasized for gaining information about Terraform resources?

Reading the documentation

What is the primary benefit of splitting resources into separate files?

Enhanced code readability and reusability

In the context of AWS architecture, what does EC2 stand for?

Elastic Compute Cloud

What command should be used to remove a resource from Terraform management without destroying it?

terraform state rm

What happens if you only remove a resource from the configuration without updating the state?

Terraform will destroy the resource on the next apply.

Which command is recommended to ensure a Terraform configuration file is correctly formatted?

terraform fmt

What is a reason WHY to avoid manually editing the state data in Terraform?

It can lead to confused state and resource management.

Which of the following best describes the result of changing the ingress rules for a security group?

It can be updated in place.

What should you check after altering the output for your Terraform resources?

Run terraform validate.

What command allows you to see a summary of changes before applying them in your Terraform configuration?

terraform plan

What is the main purpose of locking state data during operations in Terraform?

To prevent multiple changes that could conflict

When using the terraform apply command, what does the ‑auto‑approve flag do?

Automatically accept changes without a prompt.

Which of the following is NOT a supported remote back end for Terraform state data storage?

Google Cloud SQL

Which of the following is NOT advisable when using Terraform to manage resources?

Directly modifying state files.

What happens when an AWS instance is deleted manually and a plan run is executed in Terraform?

Terraform will plan to create the instance again and update the state data

What should you expect if a resource's availability zone is changed in the configuration?

The resource will be deleted and recreated.

How does Terraform identify the difference between a managed resource and a data source in the state file?

By the mode indicated in the state data

When defining outputs, what should you ensure regarding the output name?

It should not use underscores.

Which command is used to display all resources managed by Terraform?

terraform state list

What command can you use to check the current resources and data sources in your state?

terraform state list

Which option is a best practice when configuring and applying changes in Terraform?

Always run terraform validate before applying.

What could result from removing an entry from the state data while the resource still exists in the target environment?

Terraform will plan to create a new resource in the environment

When Terraform executes a plan run and identifies a missing configuration resource, what action does it take?

It attempts to create the resource in the target environment

What is the purpose of the command terraform state show?

To display detailed information about a resource.

What is indicated by the serial number in Terraform's state file?

The number of updates made to the state data

How should users handle direct modifications to the terraform.tfstate file?

Changes should never be made directly to this file

What is the purpose of workspaces in Terraform?

To allow multiple instances of a deployment with separate states

What command is used to move an item in the state file to a different address?

terraform state mv

What occurs during a plan run if the configuration no longer includes an existing resource?

Terraform will destroy the resource in the target environment

Which element in the state file indicates the specific version of the state data format used?

Metadata section

What is the purpose of the data source as described?

To provide information about availability zones

Which argument can be specified to filter availability zones?

state

What does the names attribute return from the data source?

A list of availability zone names

How is the availability zone referenced in the configuration?

data.aws_availability_zones.available[0]

How should the new variable for subnet blocks be defined?

As a list of strings

Which element in the list is used to reference the second subnet's network?

1

What is the purpose of updating the existing security group for instances after adding a load balancer?

To allow traffic only from addresses within the VPC

Which attribute must be set to false when configuring a public-facing load balancer?

internal

What is one change made when adding the second subnet configuration?

Changing the availability zone to 1

What is done to differentiate the second instance for web pages?

Changing the echo command message

What happens if the terraform state data is manually altered?

It may lead to unexpected behavior

What is the primary reason for using a data source in this context?

To reduce manual input errors

Which of the following is the correct identifier for an AWS instance resource in Terraform state data?

EC2 instance ID

When updating subnet configurations, what is essential to reference?

The availability zone names

What is the function of the 'aws_lb_listener' in Terraform configuration?

To handle incoming traffic on a specified port and protocol

Which command is used in Terraform to apply the updated configuration to the environment?

terraform apply

What is the correct format for defining the CIDR block list in the new variable?

[10.0.0.0/24, 10.0.1.0/24]

What optimization can be made for adding multiple subnets?

Implementing looping constructs

When adding a load balancer, which of the following properties must be included in the configuration?

target_group_arn

How does Terraform determine what changes need to be made to the deployed environment?

By querying the deployment environment and comparing with state data

Which AWS resource was primarily copied to create the second EC2 instance?

Existing EC2 instance

For what reason might a second security group be created?

To permit port 80 traffic from anywhere

What is the significance of the ingress block in a security group definition?

It allows traffic coming into the security group

What value should the 'enable_deletion_protection' property have when configuring resources that might need to be easily deleted?

false

Which of the following correctly describes a load balancer type in the configuration?

application

What is the purpose of the tags argument in load balancer configuration?

To categorize and manage resources effectively

What must be included in the subnets argument while configuring a load balancer?

A list of subnet IDs

What should be done when creating a new security group for a load balancer?

Copy parameters from an existing group and modify them

Study Notes

Updating Configuration for Resiliency

• Updated architecture for production deployment, moving from a single EC2 instance to a more resilient design with two availability zones, two instances, and a load balancer.
• Two separate subnets in distinct availability zones, providing fault tolerance.
• Two identical EC2 instances, one per subnet, for redundancy.
• Application Load Balancer for routing traffic to instances.
• Configuration files reorganized in network.tf, load_balancer.tf, and instances.tf for modularity.

Adding New Resources

• Used aws_availability_zones data source to dynamically retrieve AZs, avoiding hardcoding values.
• Required resources: aws_lb (Load Balancer), aws_lb_target_group, aws_lb_listener, aws_lb_target_group_attachment.
• Added placeholders for load balancer resources in load_balancer.tf.
• Migrated instance configuration and aws_ssm_parameter data source to instances.tf.

Utilizing Documentation

• Emphasized using HashiCorp provider documentation (developer.hashicorp.com/terraform, registry.terraform.io).
• Used relevant AWS documentation, especially for accessing details of specific aws provider resources like aws_availability_zone and aws_lb.
• Utilized example usage and parameter/attribute references to ensure accurate resource configurations.
• Sourced, copied, and adapted example code from documentation instead of reinventing.

Network and Instance Configuration

• Modified subnet resources to include availability_zone using the dynamically obtained data from aws_availability_zones data source.
• Modified vpc_public_subnets_cider_block variable to a list of strings to support multiple CIDR blocks.
• Updated subnet configurations to use appropriate elements from the list.
• Created a secondary subnet, route table association, and EC2 instance within the network.tf and instances.tf files.

Load Balancer Resources

• Updated and copied loadbalancer resource from documentation.
• Specified globo_web_alb as the load balancer name.
• Defined application load balancer type and false for internal.
• Changed the security group list to nginx_alb_sg.
• Added subnet IDs to the subnets list using .id attribute.
• Added and configured aws_lb_target_group, aws_lb_listener, and aws_lb_target_group_attachment resources referencing the load balancer and target group.
• Configured target_group_attachment resource IDs for each EC2 instance.

Working with State Data

• State data maps configuration to the deployment environment, managing resource changes and deletion.
• Storage format is JSON, not to be manually altered.
• Terraform commands (terraform state list, show, mv, rm) to interact safely instead of directly editing the state file.
• Maintaining Terraform's configuration as the primary source of truth.
• Using Terraform to automatically manage changes from configuration to the target environment.

Deploying the Updated Architecture

• Performed configuration validation (terraform validate) before applying changes.
• Applied updates to the target environment (terraform apply).
• Fixed name error related to underscores in load balancer, correcting the name to use hyphens.

Updating Outputs

• Updated output to display aws_alb_public_dns instead of aws_instance.

• Obtained load balancer DNS using terraform state show aws_lb.nginx and adjusted output accordingly.

• Summary of Key Concepts*

• Resiliency: Adding multiple availability zones, instances, and a load balancer to enhance the system's resistance to failures.

• Modularity: Structuring configuration files (network.tf, load_balancer.tf, instances.tf) for improved organization and potential reuse.

• Dynamic Data: Leveraging aws_availability_zones for dynamic data retrieval, which avoids hard-coding.

• Documentation: Using and referencing the official Terraform and AWS provider documentation for accurate resource definitions.

• Terraform State: Understanding how Terraform state maps configuration to the deployment environment and managing the state via commands.

Description

This quiz covers key concepts of updating AWS configurations for enhanced resiliency in production environments. It includes topics such as utilizing multiple availability zones, load balancing, and modular configuration files. Test your knowledge on managing resources efficiently in AWS.