The FP Complete AWS Foundation
A modular, composable, extensible, framework for building secure, highly scalable platforms on AWS. The framework leverages established best practices, modern tools and paradigms, supports the ops developer who needs to move fast while maintaining stability, and does not forget how to support your legacy apps.
This project aims to be..
- an extensible framework for the ops developer under (multiple dimensions of) pressure
- a highly-scalable and flexible implementation of modern distributed systems architecture and paradigms
- focused on security, maintainability, repeatability, reliability, and simple but powerful workflows
- a way for ops to deal with the ever-evolving nature of the ops-landscape, while also continuing to support the legacy apps of yesteryear
- an example, a reference stack for the ops developer to use in building their own platform
Tools for Relevant Problems
In pursuit of those goals, the reusable modules documented here form a platform by leveraging the following tools:
- Terraform - Orchestrates resources in the cloud, declarative expression at the core of ops (network, node, cluster, service)
- Packer - Creates pre-baked VM images for nodes in our network (with the tools we need)
- Amazon Auto-Scaling Groups
- Robust platforms must be self-healing.
- Docker - Many services/applications run on the platform will do so as docker containers (but not all, legacy apps are easily supported).
- Consul, consul-template, consulkv - For service discovery, distributed key/value store, and simplifed automation and orchestration in the distributed system.
- Vault - Managing secrets, short-lived credentials, and TLS certificates, and auditing access to them all.
- Kubernetes - Scheduling and resource management for containers.
- Nomad - Task scheduling for containers, linux executables, and java applications.
- Saltstack, saltstack-formulas, fpco-salt-formula, bootstrap-salt-formula - Simple and sane configuration management for nodes at runtime, fault-tolerant (masterless) highly-expressive, and highly-scalable, with optional remote execution to boot.
As the collection of modules is composable into an endless array of possibilities, there is no explicit requirement to use all of these tools, you can just as easily use the IAM management modules and nothing else, or build a more complete stack with these modules.