Using a non-default VPC with the Zero To Cloud Tutorial

README.md

@@ -10,7 +10,7 @@ We are actively tuning the steps and will post the specific steps here for OSCON
 # Assumptions
 
 * Working in US West (Oregon) aka us-west-2. You’re flexible to do another region, but "Keep it Local" (We’re in Portland after all)
-* We’re performing non destructive operations, so if you have an existing AWS account setup, that will be fine and they won’t conflict. But it might be easier to find instances, etc if using a new region.
+* We’re performing non destructive operations, so if you have an existing AWS account setup, that will be fine and they won’t conflict. But it might be easier to find instances, etc if using a new VPC.  Creating a new VPC isn't required, but we will call out the points to pay attention to if you do.
 * In the case of existing infrastructure, like keys, please follow the instructions closely and do not re-use existing provisioned items. I wouldn’t want to be responsible for opening up a security hole in existing infrastructure.
 * There are plenty of opportunities to lock down these applications at the network layer or the application layer. Or restrict what the instances can do. References will be made to additional security precautions, but they have not all been integrated into this tutorial.
 * This is not a developing for the cloud tutorial, that makes for a great followup. Given enough time, we can talk about it.
@@ -20,19 +20,20 @@ We are actively tuning the steps and will post the specific steps here for OSCON
 
 1. [Sign up for AWS](tutorial/Signup.md)
 2. [Log into AWS Console](tutorial/Login.md)
-3. [Create Key Pair](tutorial/Keypair.md)
-4. [Create Jumphost](tutorial/Jumphost.md)
-5. [Create a role](tutorial/CreateRole.md)
-6. [Create a user](tutorial/CreateUser.md)
-7. [Create Security Group for ELBs](tutorial/SecurityGroups.md)
-8. [Create Foundation AMI](tutorial/FoundationAMI.md)
-9. [Setup Jumphost](tutorial/SshJumphost.md)
-10. [Setup Credentials](tutorial/Credentials.md)
-11. [Build and Bake BaseAMI](tutorial/BaseAMI.md)
-12. [Build and Bake Asgard](tutorial/AsgardBake.md)
-13. [Standup Asgard using Asgard](tutorial/AsgardStandalone.md)
-14. [Build and Bake Edda](tutorial/Edda.md)
-15. [Build and Bake Eureka](tutorial/Eureka.md)
+3. [Create a VPC (Optional)](tutorial/VPCBuild.md)
+4. [Create Key Pair](tutorial/Keypair.md)
+5. [Create Jumphost](tutorial/Jumphost.md)
+6. [Create a role](tutorial/CreateRole.md)
+7. [Create a user](tutorial/CreateUser.md)
+8. [Create Security Group for ELBs](tutorial/SecurityGroups.md)
+9. [Create Foundation AMI](tutorial/FoundationAMI.md)
+10. [Setup Jumphost](tutorial/SshJumphost.md)
+11. [Setup Credentials](tutorial/Credentials.md)
+12. [Build and Bake BaseAMI](tutorial/BaseAMI.md)
+13. [Build and Bake Asgard](tutorial/AsgardBake.md)
+14. [Standup Asgard using Asgard](tutorial/AsgardStandalone.md)
+15. [Build and Bake Edda](tutorial/Edda.md)
+16. [Build and Bake Eureka](tutorial/Eureka.md)
 
 When all done, ilrelevant of how far you get make sure to read the Clean up instructions below, so that you don't get charged for resources that you're not using.
 
@@ -60,8 +61,9 @@ If you accidentally leave our instances running your volumes allocated, the cost
 4. In Asgard, Delete all Applications (these are stored in SimpleDB and miniscule in size)
 5. In the EC2 Console, go to the AMI page and de-register all of the AMIs you created
 6. In the EC2 Console, go to the snapshots section, delete all of the snapshots
+7. In the VPC Console, delete the VPC
 
-FYI, The last two items would normally be cleaned up by Janitor monkey.
+FYI, items 5 and 6 would normally be cleaned up by Janitor monkey.
 
 # TODO
 

tutorial/AsgardStandalone.md

@@ -42,24 +42,26 @@ You should be viewing us-west-2, if not use the pull down at the top of page to
 1. Navigate to _ELB | Elastic Load Balancer_
 2. Click "Create New Load Balancer"
 3. Choose "asgard" as the Application
-4. Type (or select) "elb-http-public" in the "Security Group" text box
-5. Change "Health Check"’s Healthy Threshold to “5”
-6. Click "Create New Load Balancer"
-7. It’ll be named "asgard--frontend"
+4. If you created a new VPC, select "Create 'zerotocloud' VPC ELB" under VPC
+5. Type (or select) "elb-http-public" in the "Security Group" text box
+6. Change "Health Check"’s Healthy Threshold to “5”
+7. Click "Create New Load Balancer"
+8. It’ll be named "asgard--frontend"
 
 ## Create Auto Scaling Group (ASG)
 
 1. Navigate Cluster, via _Cluster | Auto Scaling Groups_
 2. Click "Create New Auto Scaling Group"
 3. Select "asgard" as the Application
 4. Set "Min", “Max” and “Desired Capacity” to 1
-5. Type "asgard--frontend" in "Load Balancer" field.
-6. In "AMI Image ID", start to type asgard. Select the baked version of Asgard. When building and baking with unique version numbers, it becomes more obvious which version you're choosing.
-7. Ensure "SSH Key" is "zerotocloud"
-8. Set "Security Group" to “asgard”
-9. Set "IAM Instance Profile" to “jumphost”. When following these instructions for other Applications, they might not use an "IAM Instance Profile" since they don't require a Role.
-10. Click "Create New Auto Scaling Group"
-11. A Launch Configuration will implicitly be created, and an instance will start booting. Expect a message like "Launch Config 'asgard-20140718181745' has been created. Auto Scaling Group 'asgard' has been created."
+5. If you created a new VPC, select "Launch 'zerotocloud' VPC instances" under VPC
+6. Type "asgard--frontend" in "Load Balancer" field.  Be sure to select the right load balancer, you won't be able to edit this later.
+7. In "AMI Image ID", start to type asgard. Select the baked version of Asgard. When building and baking with unique version numbers, it becomes more obvious which version you're choosing.
+8. Ensure "SSH Key" is "zerotocloud"
+9. Set "Security Group" to “asgard”
+10. Set "IAM Instance Profile" to “jumphost”. When following these instructions for other Applications, they might not use an "IAM Instance Profile" since they don't require a Role.
+11. Click "Create New Auto Scaling Group"
+12. A Launch Configuration will implicitly be created, and an instance will start booting. Expect a message like "Launch Config 'asgard-20140718181745' has been created. Auto Scaling Group 'asgard' has been created."
 
 Technically an ASG can be heterogenous with regards to the AMI being used. 
 Meaning, that a different Launch Configuration can be used in the future, causing some instances to be created with different AMIs. 

tutorial/Jumphost.md

@@ -9,11 +9,12 @@ In some VPC scenarios where instances do not have public IPs, a jumphost is almo
 
 1. Locate your Amazon Machine Image (AMI) at <a href="http://cloud-images.ubuntu.com/locator/ec2/" target="_blank">http://cloud-images.ubuntu.com/locator/ec2/</a>.  On the page's search box, type in "trusty amd64 us-west-2 ebs-ssd" and select the AMI ID.  The AMI ID will look like “[ami-ddaed3ed](https://console.aws.amazon.com/ec2/home?region=us-west-2#launchAmi=ami-ddaed3ed)”. Do not select the HVM version. And ebs version would work, but we are choosing an ssh ebs volume for speed. ![](images/Ubuntu_Amazon_EC2_AMI_Finder.png)
 2. Clicking on the AMI ID hyperlink will take you to an AWS page.
-3. Select the "m3.xlarge" checkbox. Click “Review and Launch”. ![](images/Choose_Instance_Type.png)
-4. There will be a warning about Security. This can be changed now or later, in a security group which defaults to something like launch-wizard-1. As a reminder, it’s just SSH and you have the only PEM file. You may also see a message about not being in the free tier.  You can ignore these warnings.  Click Launch. ![](images/review-launch.png)
-5. A dialog will appear to ask about the key pair. Used the one created in Step 3 called zerotocloud. Check the "I acknowledge…" checkbox.  Click “Launch Instances”. ![](images/select-ssh-key-pair.png)
-6. On the following page, there will be a "Your instance is now launching" section.  Immediately after "The following instance launch has been initiated:" is your instance id. Click that link. ![](images/launch-status.png)
-7. The page should show your instance selected. It’ll start in "Pending".  Once started, look in the “Description” tab at the bottom of the page.  On the right hand side, save the value for the for the “Public DNS” field.
+3. Select the "m3.xlarge" checkbox. Click “Configure Instance Details”. ![](images/Choose_Instance_Type.png)
+4. Select "zerotocloud" in the Network dropdown list. Click “Public IP” checkbox to ensure you get access from your laptop. Click "Review and Launch".  ![](images/configure_instance_details.png)
+5. There will be a warning about Security. This can be changed now or later, in a security group which defaults to something like launch-wizard-1. As a reminder, it’s just SSH and you have the only PEM file. You may also see a message about not being in the free tier.  You can ignore these warnings.  Click Launch. ![](images/review-launch.png)
+6. A dialog will appear to ask about the key pair. Used the one created in Step 3 called zerotocloud. Check the "I acknowledge…" checkbox.  Click “Launch Instances”. ![](images/select-ssh-key-pair.png)
+7. On the following page, there will be a "Your instance is now launching" section.  Immediately after "The following instance launch has been initiated:" is your instance id. Click that link. ![](images/launch-status.png)
+8. The page should show your instance selected. It’ll start in "Pending".  Once started, look in the “Description” tab at the bottom of the page.  On the right hand side, save the value for the for the “Public DNS” field.
 
 
 # Production

tutorial/SecurityGroups.md

@@ -8,8 +8,8 @@ In this tutorial, we're going to be creating our per-application security groups
 1. View <a href="https://console.aws.amazon.com/ec2/v2/home?region=us-west-2#SecurityGroups:" target="_blank">Security Groups</a> page.  Which can also be accessed from the _Services | EC2 | Security Groups_.
 2. Click "Create Security Group". ![](images/security-groups.png)
 3. Set "Security group name" to “elb-http-public”.
-4. Set "Description" to “Public HTTP for ELBs”. ![](images/create-security-group.png)
-5. Leave VPC alone
+4. Set "Description" to “Public HTTP for ELBs”.
+5. Select the zerotocloud VPC in the "VPC" dropdown. ![](images/create-security-group.png)
 6. Click "Add Rule". Select "HTTP" under the Type column. Ensure "Source" shows Anywhere. ![](images/create-security-group-rule.png)
 7. Click "Create". ![](images/create-security-group-final.png)
 

tutorial/VPCBuild.md

@@ -0,0 +1,12 @@
+# Step 3 - Create a new VPC (OPTIONAL)
+
+A VPC is a set of isolated resources within the public AWS cloud.  Resources launched here will share specific subnets and other characteristics.  Asgard can support creating resourses in specific VPCs using a set of tags in JSON format.  For more information you can read about VPC Configuration on the <a href="https://github.com/Netflix/asgard/wiki/VPC-Configuration">Asgard wiki.  
+
+1. Browse to the <a href="https://console.aws.amazon.com/vpc/home?region=us-west-2" target="_blank">VPC Dashboard of the AWS Console</a>.
+2. Click 'Start VPC Wizard'. ![](images/vpc-start-wizard.png)
+3. Click 'Select' on Step 1 to create a new VPC with a Public Subnet.
+4. Name your VPC 'zerotocloud' and click 'Create VPC' ![](images/vpc-create-vpc.png)
+5. Click 'OK' on the success screen.  Note the vpc-id of your 'zerotocloud' VPC, we will need this as we move on.  The VPC ID will look like 'vpc-8706f8e2'.
+6. Browse to the <a href="https://console.aws.amazon.com/vpc/home?region=us-west-2#subnets:" target="_blank">Subnets section of the VPC Dashboard</a>.  Select the Public subnet that matches the vpc-id of your 'zerotocloud' VPC and click on the 'Tags' tab.![](images/vpc-subnet-select.png)
+7. Label the subnet with the magic tags, you can also rename your Public subnet here if you like.  The Key is 'immutable_metadata' and the Value is this JSON block '{"purpose":"zerotocloud"}'.  Click 'Save' to create the Tag. ![](images/vpc-subnet-tagged.png)
+8. Click 'Modify Auto-Assign Public IP', check the 'Enable auto-assign' checkbox in the popup window and click 'Save'.![](images/vpc-subnet-pubip.png)