diff --git a/tech_docs/cloud/aws_lab.md b/tech_docs/cloud/aws_lab.md new file mode 100644 index 0000000..28cc7de --- /dev/null +++ b/tech_docs/cloud/aws_lab.md @@ -0,0 +1,137 @@ +### **The Ultimate CLI Muscle Memory Training Plan** +*(For Nerds Who Want to Achieve Cloud Networking CLI Mastery Fast)* + +--- + +### **1. The Setup: Build a Home Lab That Mimics Production** +#### **Hardware (Bare Minimum)** +- **Proxmox Server** (or any hypervisor) – Run nested VMs/containers. +- **MicroPC/Raspberry Pi** – For low-power networking (BGP, VPNs). +- **Spare Laptop** – As a jump host/terminal. + +#### **Software Stack** +| Tool | Purpose | Install Command | +|--------------------|------------------------------------------|------------------------------------------| +| **AWS CLI v2** | Cloud-native networking | `curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" && unzip awscliv2.zip && sudo ./aws/install` | +| **Terraform** | IaC for repeatable labs | `sudo apt-get install terraform` | +| **FRRouting** | BGP/OSPF practice | `sudo apt-get install frr` | +| **WireGuard** | VPN tunneling | `sudo apt-get install wireguard` | +| **tcpdump** | Packet-level debugging | `sudo apt-get install tcpdump` | +| **jq** | JSON parsing for AWS CLI outputs | `sudo apt-get install jq` | +| **Tmux** | Terminal multiplexing for drills | `sudo apt-get install tmux` | + +--- + +### **2. The Drills: Daily CLI Workouts** +*(30-60 mins/day, designed for muscle memory)* + +#### **Drill 1: AWS Networking Speed Run (15 mins)** +**Goal**: Automate VPC creation + troubleshoot. +```bash +# Create a VPC with Terraform (save as `vpc.tf`) +resource "aws_vpc" "lab" { + cidr_block = "10.0.0.0/16" + tags = { Name = "cli-muscle-memory" } +} + +# Deploy and debug +terraform init && terraform apply -auto-approve +aws ec2 describe-vpcs --query 'Vpcs[].CidrBlock' | jq +aws ec2 delete-vpc --vpc-id $(aws ec2 describe-vpcs --query 'Vpcs[?Tags[?Key==`Name` && Value==`cli-muscle-memory`]].VpcId' --output text) +``` +**Pro Tip**: Time yourself. Aim for <2 mins by Day 7. + +--- + +#### **Drill 2: BGP + VPN Chaos (20 mins)** +**Goal**: Simulate hybrid cloud failures. +1. **Set Up FRRouting (BGP) on a Linux VM**: + ```bash + sudo vtysh + configure terminal + router bgp 65001 + neighbor 192.168.1.1 remote-as 65002 + timers bgp 10 30 # Aggressive timers for failure sim + ``` +2. **Break It**: + ```bash + sudo ifconfig eth0 down # Kill primary interface + ``` +3. **Fix It**: + ```bash + show ip bgp summary # Diagnose + sudo ifconfig eth0 up && sudo systemctl restart frr + ``` + +--- + +#### **Drill 3: Packet Kung Fu (10 mins)** +**Goal**: Diagnose HTTPS failures without logs. +```bash +# Capture TLS handshake failures +sudo tcpdump -i any 'tcp port 443 and (tcp-syn|tcp-ack)!=0' -nnvv -w tls.pcap + +# Analyze in Wireshark (or CLI): +tshark -r tls.pcap -Y 'ssl.handshake.type == 1' # Find failed handshakes +``` + +--- + +#### **Drill 4: Cost-Ops Reflex Training (15 mins)** +**Goal**: Find and nuke wasteful resources. +```bash +# Find untagged EC2 instances +aws ec2 describe-instances --query 'Reservations[].Instances[?!not_null(Tags[?Key==`Owner`])].InstanceId' | jq + +# Terminate with prejudice +aws ec2 terminate-instances --instance-ids $(aws ec2 describe-instances --query 'Reservations[].Instances[?!not_null(Tags[?Key==`Owner`])].InstanceId' --output text) + +# Find idle NAT Gateways +aws ec2 describe-nat-gateways --filter Name=state,Values=available --query 'NatGateways[?NetworkInterfaces[0].Status!=`in-use`].NatGatewayId' | jq +``` + +--- + +### **3. The Gauntlet: Weekly Challenges** +*(Simulate real outages—no Google allowed!)* + +#### **Challenge 1: "The Silent NACL"** +- **Scenario**: All traffic to `TCP/443` is blocked, but Security Groups are open. +- **Tools Allowed**: Only `tcpdump`, `aws ec2 describe-network-acls`. +- **Fix Time**: <10 mins. + +#### **Challenge 2: "BGP Route Leak"** +- **Scenario**: Your VM can’t reach the internet, but `ping 8.8.8.8` works. +- **Tools Allowed**: `vtysh`, `ip route`. +- **Fix Time**: <15 mins. + +--- + +### **4. Pro Tips for CLI Dominance** +1. **Alias Everything**: + ```bash + alias aws-vpcs='aws ec2 describe-vpcs --query "Vpcs[*].{ID:VpcId,CIDR:CidrBlock}" --output table' + alias kill-nats='aws ec2 describe-nat-gateways --query "NatGateways[?NetworkInterfaces[0].Status!=\`in-use\`].NatGatewayId" --output text | xargs -I {} aws ec2 delete-nat-gateway --nat-gateway-id {}' + ``` +2. **CLI-Only Days**: + - Spend 1 day/week **without a GUI** (AWS Console, Wireshark, etc.). +3. **Keybindings**: + - Master `Ctrl+R` (reverse search), `Ctrl+A/E` (line navigation). + +--- + +### **5. Measure Your Progress** +| **Skill** | **Beginner** | **Master** | +|-------------------------|-----------------------------------|-----------------------------------------| +| **VPC Creation** | 3+ mins (manual clicks) | <60 secs (CLI/Terraform) | +| **BGP Troubleshooting** | Relies on logs | `tcpdump + vtysh` in <5 mins | +| **Cost Hunting** | Manual Cost Explorer | One-liner to find waste | + +--- + +### **Final Wisdom** +- **Repetition > Theory**: Do each drill **3x/week** until it’s boring. +- **Break Things Intentionally**: Corrupt BGP tables, drop packets, then fix. +- **Automate Your Punishment**: Write scripts that **break your lab nightly**, forcing you to debug. + +**Want a ready-to-go Proxmox/K8s lab config?** I can share Terraform templates to auto-build breakable environments! \ No newline at end of file