Aviatrix

 Last weekend was a long one. I got email from Aviatrix and read about it on linkedin. It seemed like an interesting product. I have had hard time understanding networking on various clouds, and even when you understand them, its not easy to set them up. The documentation is not the best in most cases. Below in their own words.

Aviatrix is a cloud native networking company. Unlike any other networking vendors, the Aviatrix software platform understands the cloud provider’s native constructs. This allows us to leverage and control the native constructs directly using the cloud provider’s APIs extending their capabilities and integrating them into our software to provide organizations with turn key solutions accelerating their cloud journey.

They have some free training going on in August, so i went though it and this tool seems to solve the multi cloud networking problems on OCI, GCP, AWS and Azure. Below link can be used to register to their self paced associate course.

https://aviatrix.com/ace-multicloud-networking-training/

 They explained with use cases and it was certainly interesting. I could understand some and some went over my head.But i do know what it does, how and where it will be useful . With that perspective if its need in my career in terms of multi cloud setup, i will certainly use it. 

Devops from scratch

     Let me be honest , i am not a developer and neither is my aspiration to become one. But luckily these days writing code and policies with Yaml and Python makes life easy. Even non developers like me get excited to work on automation. And thank god for devops ! I started my devops journey few years ago when we started to automate in my previous organization. I was not thrilled as i have a mindset of being non developer. But, a push to learn things (for the better) put me on path to learn python, puppet, mcollective, ansible and Atom! And being an IT manager it was amazing to see how much time these tools eventually saved in repetitive work. I did act as scrummaster for one of the projects! 

  Over a weekends many years ago, i put a to do list to learn these. And coming from a perspective of zero on devops, these helped me scale up to an extent.

1. Devops Foundation by Ernest Mueller

2. Learning Python by Joe Marini for quick intro to Python.

3.Python essential training by Bill Weinman 

4. Ansible essential training by Robert Starmer

5. GIT essential training by Kevin Skoglund

 Infact these days if you look for resources , things are available for free online. There is content in youtube for everything and  descriptive blogs. I chanced upon a list of these in my old to do list board. These are certainly boring when you start them, let me be honest. But when you start getting the context , these are really useful from learning and automating prespective.

  

 

Cloud Custodian from scratch

Cloud Custodian is a rules engine for managing public cloud accounts and resources. It allows users to define policies to enable a well managed cloud infrastructure, that's both secure and cost optimized. It consolidates many of the adhoc scripts organizations have into a lightweight and flexible tool, with unified metrics and reporting. It also is flexible enough to be run on Lambda or server or serverless. It allows you to create a endless number of policies and simple queries. The bonus is that its a easy to write and read YAML dsl. When i started to look for information on it, it felt like daunting exercise. I am a non developer, so for me yaml , json seemed like totally out of comfort area. But we all need to start somewhere. So, off i went to google search. It landed me on the custodian home page and some youtube videos.  I watched those videos couple of times and noted the points being made. They were all from the main developer who worked on it in Capitalone. 

Videos to watch to get started:

https://www.youtube.com/watch?v=oY8Nmh6B7P8

https://www.youtube.com/watch?v=ElvHiZU8hRc

Main website link:    https://cloudcustodian.io/

After going though some videos and the actual documents. I went ahead to look for articles on medium. Its a good place to get started and connect with people. Then i added people who wrote those articles on Linkedin. Added myself to github and started watching the project. I did some more research in it. I found link to Manheim who published their repository as they used it. 

Realtime use case like below helped co-relate to it in depth. 

Manheim-c7n-tools

Description of Manheim project

 And with all details, it was time to start practicing few basics. I spun up a VM on my Azure free tier and installed Python and custodian and then the Azure cli. I was now all set to author my first policy and yes, i did succeed as the documentation is quite descriptive. I will use managed identity authentication for Azure VM. Also, authoring some policies is complicated. I am using visual studio as the editor to write these policies. It is going to interesting on how i progress. I had to brush up on Azure and trying to write Yaml. I am feeling fairly confident since i started, it firms my belief that if you are willing to learn you can master anything. 

Getting started with Cloudaware

  I just got access to cloudaware, suffice to say i had read and knew what it does, but really had not much idea on it. The best case to learn anything new is go to the product website and look at their documentation. It asked me to register and i registered with my gmail account. Then it asks on which cloud i want to manage , since i needed for AWS, Azure and GCP , i had   to choose all. 

Cloudaware is a comprehensive SaaS based, modular IT Management platform. While all of Cloudaware capabilities are applicable to non-cloud use cases, platform is specifically designed to address the needs of customers who rely extensively on cloud computing infrastructure from Amazon Web Services, Microsoft Azure and Google Compute Cloud.

I then wanted to link my Azure free subscription on cloudaware. 

• Select App registrations → +New registration.
• Insert the following information for your Azure Application: cloudaware-api-access-test
• Supported account types: Accounts in any organizational directory (Any Azure AD directory - Multitenant)
• Redirect URL: Web - https://cloudaware.com

• Configure Premissions:
• Select the application that you have just created
• Select 'API permissions'. Click +Add a permission.
• Select the tab 'Microsoft APIs'. Select 'Azure Service Management'.

Select 'Delegated permissions' and check the box 'user_impersonation. 

Access Azure Service Management as organization users (preview)'. Click Add permissions.

Select Microsoft Graph.

a.Select APPLICATION / Read directory data

b.Select DELEGATED / Read directory data, Sign in and read user profile (as shown in the screenshot below)

Click +Add a permission to choose one more API: Azure Active Directory Graph.

a.Select APPLICATION / Read directory data

b.Select DELEGATED / Read directory data, Sign in and read user profile (as shown in the screenshot below)

c.Having added APIs, click Grant admin consent for Default Directory to populate them.

Configure Keys

Select 'Certificates & secrets' → +New client secret

Enter the description: ca-api-key

Set the EXPIRES to: Never

Click: Add

Save the secret value in a secure location.

Then continue to follow https://docs.cloudaware.com/#_azure_start_guide

Overall it was a good exercise on RBAC and IAM setup for external application.