From f8a6e102f42e7d423a791f29b7623855cc2b2cc1 Mon Sep 17 00:00:00 2001 From: medusa Date: Sun, 20 Jul 2025 22:24:55 -0500 Subject: [PATCH] Update tech_docs/cloud/aws_lab.md --- tech_docs/cloud/aws_lab.md | 150 +++++++++++++++++++++++++++++++++++++ 1 file changed, 150 insertions(+) diff --git a/tech_docs/cloud/aws_lab.md b/tech_docs/cloud/aws_lab.md index 28cc7de..1af3408 100644 --- a/tech_docs/cloud/aws_lab.md +++ b/tech_docs/cloud/aws_lab.md @@ -1,3 +1,153 @@ +Here’s the **ultimate workhorse lab setup** for mastering cloud networking, hybrid environments, and CLI muscle memory—designed by a fellow nerd who values efficiency, realism, and cost-effectiveness. + +--- + +### **🏗️ Lab Architecture Overview** +**Objective**: Simulate a **hybrid cloud enterprise network** with AWS, on-prem, and multi-cloud components—all controllable via CLI. + +#### **Physical Hardware (Bare Minimum)** +| Component | Purpose | Example Specs | +|-------------------------|-------------------------------------------------------------------------|------------------------| +| **Proxmox Server** | Host VMs/LXC containers for networking services | 32GB RAM, 8 cores, NVMe | +| **MicroPC (x2)** | Act as "branch offices" (BGP speakers, VPN endpoints) | Intel NUC, 16GB RAM | +| **Raspberry Pi 4** | Low-power edge device (IoT, DNS, monitoring) | 4GB RAM | +| **Spare Laptop** | Jump host/terminal (running tmux, AWS CLI, Terraform) | Any Linux OS | + +--- + +### **🔥 Core Lab Components** +#### **1. Virtualized AWS Environment** *(No actual AWS bill needed!)* +- **LocalStack** (AWS API emulator) for practicing AWS CLI commands: + ```bash + docker run -d -p 4566:4566 --name localstack localstack/localstack + export AWS_ENDPOINT=http://localhost:4566 + aws ec2 create-vpc --cidr-block 10.0.0.0/16 --endpoint-url $AWS_ENDPOINT + ``` +- **Terraform** to define "fake AWS" resources (VPCs, TGW, Direct Connect). + +#### **2. On-Prem Data Center (Proxmox VMs)** +- **VyOS** (router OS) for BGP/OSPF/VPN: + ```bash + qm create 1000 --memory 2048 --net0 virtio,bridge=vmbr0 --name vyos-router + wget https://downloads.vyos.io/rolling/current/amd64/vyos-rolling-latest.iso + qm importdisk 1000 vyos-rolling-latest.iso local-lvm + qm start 1000 + ``` +- **FreeIPA** for identity management (LDAP, RBAC). + +#### **3. Hybrid Connectivity** +- **WireGuard VPN** between "AWS" (LocalStack) and "on-prem" (VyOS): + ```bash + # On VyOS + set interfaces wireguard wg0 address '10.1.1.1/24' + set interfaces wireguard wg0 peer aws allowed-ips '10.0.0.0/16' + ``` +- **FRRouting** for BGP peering: + ```bash + sudo vtysh + configure terminal + router bgp 65001 + neighbor 10.1.1.2 remote-as 65000 # "AWS" side + network 192.168.1.0/24 + ``` + +#### **4. Observability Stack** +- **Grafana + Prometheus** + **Elasticsearch** for logs/metrics: + ```bash + docker-compose up -d # Uses this compose file: https://gist.github.com/your-repo + ``` +- **NetFlow/sFlow** from VyOS to **ntopng**. + +--- + +### **💻 Daily Drills (CLI Muscle Memory)** +#### **Drill 1: "AWS" Network Build-Out (10 mins)** +```bash +# Using LocalStack + Terraform +terraform apply -target=aws_vpc.prod -auto-approve +aws ec2 describe-route-tables --endpoint-url $AWS_ENDPOINT | jq '.RouteTables[].Routes[]' +``` + +#### **Drill 2: BGP Route Injection (5 mins)** +```bash +# On VyOS +show ip bgp summary # Verify peer +configure terminal +router bgp 65001 + network 192.168.2.0/24 # Add new route +``` + +#### **Drill 3: Packet Capture Debugging (5 mins)** +```bash +# On "branch" MicroPC +sudo tcpdump -i eth0 'host 10.1.1.1 and tcp port 179' -nnvv # BGP packets +``` + +#### **Drill 4: Cost-Ops Reflex (5 mins)** +```bash +# Find untagged "AWS" resources (LocalStack) +aws ec2 describe-instances --endpoint-url $AWS_ENDPOINT \ + --query 'Reservations[].Instances[?!not_null(Tags[?Key==`Owner`])].InstanceId' | jq +``` + +--- + +### **⚙️ Automation & Chaos Engineering** +#### **1. Automated Breakage (Nightly Cron)** +```bash +# Randomly drop BGP peers or VPN tunnels +0 2 * * * sudo vtysh -c "configure terminal" -c "router bgp 65001" -c "neighbor 10.1.1.2 shutdown" +``` + +#### **2. Self-Healing Scripts** +```python +# monitor_bgp.py (runs on Raspberry Pi) +import os +if "Established" not in os.popen("vtysh -c 'show ip bgp summary'").read(): + os.system("vtysh -c 'configure terminal' -c 'router bgp 65001' -c 'neighbor 10.1.1.2 activate'") +``` + +--- + +### **📊 Lab Validation Checklist** +| Test | Command | Expected Result | +|-------------------------------|----------------------------------------------|------------------------------| +| **AWS VPC Reachability** | `ping 10.0.0.1` (from VyOS) | 0% packet loss | +| **BGP Route Propagation** | `show ip route` (on VyOS) | Sees AWS CIDRs | +| **VPN Tunnel Health** | `wg show` | Handshake < 2 mins old | +| **Cost Leak Detection** | `aws ec2 describe-nat-gateways` (LocalStack)| No orphaned NATs | + +--- + +### **🚀 Pro Tips for Nerds** +1. **SSH Config Shortcuts**: + ```bash + # ~/.ssh/config + Host aws-jump + HostName 192.168.1.100 + User ubuntu + IdentityFile ~/.ssh/aws-lab + ``` +2. **Tmux Workflow**: + ```bash + tmux new -s lab + # Split panes: AWS CLI, tcpdump, BGP monitor + ``` +3. **Cheat Sheets**: Print these and tape them to your monitor: + - [AWS CLI Networking Reference](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/ec2/index.html) + - [VyOS BGP Cheat Sheet](https://docs.vyos.io/en/latest/configuration/protocols/bgp.html) + +--- + +### **💡 Why This Lab Wins** +- **Zero AWS Costs**: LocalStack + Terraform simulates AWS without bills. +- **Real Hardware**: MicroPCs/RPi force you to deal with physical limitations. +- **Chaos-Ready**: Automated breakage ensures you’re always troubleshooting. + +**Want the exact Terraform configs/VyOS scripts?** I’ll package them into a GitHub repo for you—just say the word! + +--- + ### **The Ultimate CLI Muscle Memory Training Plan** *(For Nerds Who Want to Achieve Cloud Networking CLI Mastery Fast)*