medusa/the_information_nexus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update tech_docs/cloud/aws_lab.md

Browse Source
This commit is contained in:
medusa
2025-07-20 22:24:55 -05:00
parent 0d85c8653f
commit f8a6e102f4
1 changed files with 150 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

150
tech_docs/cloud/aws_lab.md
View File

@@ -1,3 +1,153 @@
Heres the **ultimate workhorse lab setup** for mastering cloud networking, hybrid environments, and CLI muscle memory—designed by a fellow nerd who values efficiency, realism, and cost-effectiveness.
---
### **🏗️ Lab Architecture Overview**
**Objective**: Simulate a **hybrid cloud enterprise network** with AWS, on-prem, and multi-cloud components—all controllable via CLI.
#### **Physical Hardware (Bare Minimum)**
| Component | Purpose | Example Specs |
|-------------------------|-------------------------------------------------------------------------|------------------------|
| **Proxmox Server** | Host VMs/LXC containers for networking services | 32GB RAM, 8 cores, NVMe |
| **MicroPC (x2)** | Act as "branch offices" (BGP speakers, VPN endpoints) | Intel NUC, 16GB RAM |
| **Raspberry Pi 4** | Low-power edge device (IoT, DNS, monitoring) | 4GB RAM |
| **Spare Laptop** | Jump host/terminal (running tmux, AWS CLI, Terraform) | Any Linux OS |
---
### **🔥 Core Lab Components**
#### **1. Virtualized AWS Environment** *(No actual AWS bill needed!)*
- **LocalStack** (AWS API emulator) for practicing AWS CLI commands:
```bash
docker run -d -p 4566:4566 --name localstack localstack/localstack
export AWS_ENDPOINT=http://localhost:4566
aws ec2 create-vpc --cidr-block 10.0.0.0/16 --endpoint-url $AWS_ENDPOINT
```
- **Terraform** to define "fake AWS" resources (VPCs, TGW, Direct Connect).
#### **2. On-Prem Data Center (Proxmox VMs)**
- **VyOS** (router OS) for BGP/OSPF/VPN:
```bash
qm create 1000 --memory 2048 --net0 virtio,bridge=vmbr0 --name vyos-router
wget https://downloads.vyos.io/rolling/current/amd64/vyos-rolling-latest.iso
qm importdisk 1000 vyos-rolling-latest.iso local-lvm
qm start 1000
```
- **FreeIPA** for identity management (LDAP, RBAC).
#### **3. Hybrid Connectivity**
- **WireGuard VPN** between "AWS" (LocalStack) and "on-prem" (VyOS):
```bash
# On VyOS
set interfaces wireguard wg0 address '10.1.1.1/24'
set interfaces wireguard wg0 peer aws allowed-ips '10.0.0.0/16'
```
- **FRRouting** for BGP peering:
```bash
sudo vtysh
configure terminal
router bgp 65001
neighbor 10.1.1.2 remote-as 65000 # "AWS" side
network 192.168.1.0/24
```
#### **4. Observability Stack**
- **Grafana + Prometheus** + **Elasticsearch** for logs/metrics:
```bash
docker-compose up -d # Uses this compose file: https://gist.github.com/your-repo
```
- **NetFlow/sFlow** from VyOS to **ntopng**.
---
### **💻 Daily Drills (CLI Muscle Memory)**
#### **Drill 1: "AWS" Network Build-Out (10 mins)**
```bash
# Using LocalStack + Terraform
terraform apply -target=aws_vpc.prod -auto-approve
aws ec2 describe-route-tables --endpoint-url $AWS_ENDPOINT | jq '.RouteTables[].Routes[]'
```
#### **Drill 2: BGP Route Injection (5 mins)**
```bash
# On VyOS
show ip bgp summary # Verify peer
configure terminal
router bgp 65001
network 192.168.2.0/24 # Add new route
```
#### **Drill 3: Packet Capture Debugging (5 mins)**
```bash
# On "branch" MicroPC
sudo tcpdump -i eth0 'host 10.1.1.1 and tcp port 179' -nnvv # BGP packets
```
#### **Drill 4: Cost-Ops Reflex (5 mins)**
```bash
# Find untagged "AWS" resources (LocalStack)
aws ec2 describe-instances --endpoint-url $AWS_ENDPOINT \
--query 'Reservations[].Instances[?!not_null(Tags[?Key==`Owner`])].InstanceId' | jq
```
---
### **⚙️ Automation & Chaos Engineering**
#### **1. Automated Breakage (Nightly Cron)**
```bash
# Randomly drop BGP peers or VPN tunnels
0 2 * * * sudo vtysh -c "configure terminal" -c "router bgp 65001" -c "neighbor 10.1.1.2 shutdown"
```
#### **2. Self-Healing Scripts**
```python
# monitor_bgp.py (runs on Raspberry Pi)
import os
if "Established" not in os.popen("vtysh -c 'show ip bgp summary'").read():
os.system("vtysh -c 'configure terminal' -c 'router bgp 65001' -c 'neighbor 10.1.1.2 activate'")
```
---
### **📊 Lab Validation Checklist**
| Test | Command | Expected Result |
|-------------------------------|----------------------------------------------|------------------------------|
| **AWS VPC Reachability** | `ping 10.0.0.1` (from VyOS) | 0% packet loss |
| **BGP Route Propagation** | `show ip route` (on VyOS) | Sees AWS CIDRs |
| **VPN Tunnel Health** | `wg show` | Handshake < 2 mins old |
| **Cost Leak Detection** | `aws ec2 describe-nat-gateways` (LocalStack)| No orphaned NATs |
---
### **🚀 Pro Tips for Nerds**
1. **SSH Config Shortcuts**:
```bash
# ~/.ssh/config
Host aws-jump
HostName 192.168.1.100
User ubuntu
IdentityFile ~/.ssh/aws-lab
```
2. **Tmux Workflow**:
```bash
tmux new -s lab
# Split panes: AWS CLI, tcpdump, BGP monitor
```
3. **Cheat Sheets**: Print these and tape them to your monitor:
- [AWS CLI Networking Reference](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/ec2/index.html)
- [VyOS BGP Cheat Sheet](https://docs.vyos.io/en/latest/configuration/protocols/bgp.html)
---
### **💡 Why This Lab Wins**
- **Zero AWS Costs**: LocalStack + Terraform simulates AWS without bills.
- **Real Hardware**: MicroPCs/RPi force you to deal with physical limitations.
- **Chaos-Ready**: Automated breakage ensures youre always troubleshooting.
**Want the exact Terraform configs/VyOS scripts?** Ill package them into a GitHub repo for you—just say the word!
---
### **The Ultimate CLI Muscle Memory Training Plan**
*(For Nerds Who Want to Achieve Cloud Networking CLI Mastery Fast)*