medusa/the_information_nexus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0d85c8653f5c68a4eda5e68328a0570d21be77fb
the_information_nexus/tech_docs/cloud/aws_lab.md
medusa 0d85c8653f Add tech_docs/cloud/aws_lab.md
2025-07-20 22:21:06 -05:00

5.7 KiB
Raw Blame History

The Ultimate CLI Muscle Memory Training Plan

(For Nerds Who Want to Achieve Cloud Networking CLI Mastery Fast)

1. The Setup: Build a Home Lab That Mimics Production

Hardware (Bare Minimum)

  • Proxmox Server (or any hypervisor) Run nested VMs/containers.
  • MicroPC/Raspberry Pi For low-power networking (BGP, VPNs).
  • Spare Laptop As a jump host/terminal.

Software Stack

Tool Purpose Install Command
AWS CLI v2 Cloud-native networking curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" && unzip awscliv2.zip && sudo ./aws/install
Terraform IaC for repeatable labs sudo apt-get install terraform
FRRouting BGP/OSPF practice sudo apt-get install frr
WireGuard VPN tunneling sudo apt-get install wireguard
tcpdump Packet-level debugging sudo apt-get install tcpdump
jq JSON parsing for AWS CLI outputs sudo apt-get install jq
Tmux Terminal multiplexing for drills sudo apt-get install tmux

2. The Drills: Daily CLI Workouts

(30-60 mins/day, designed for muscle memory)

Drill 1: AWS Networking Speed Run (15 mins)

Goal: Automate VPC creation + troubleshoot.

# Create a VPC with Terraform (save as `vpc.tf`)
resource "aws_vpc" "lab" {
  cidr_block = "10.0.0.0/16"
  tags = { Name = "cli-muscle-memory" }
}

# Deploy and debug
terraform init && terraform apply -auto-approve
aws ec2 describe-vpcs --query 'Vpcs[].CidrBlock' | jq
aws ec2 delete-vpc --vpc-id $(aws ec2 describe-vpcs --query 'Vpcs[?Tags[?Key==`Name` && Value==`cli-muscle-memory`]].VpcId' --output text)

Pro Tip: Time yourself. Aim for <2 mins by Day 7.

Drill 2: BGP + VPN Chaos (20 mins)

Goal: Simulate hybrid cloud failures.

  1. Set Up FRRouting (BGP) on a Linux VM: 
    sudo vtysh
configure terminal
router bgp 65001
 neighbor 192.168.1.1 remote-as 65002
 timers bgp 10 30  # Aggressive timers for failure sim
  2. Break It: 
    sudo ifconfig eth0 down  # Kill primary interface
  3. Fix It: 
    show ip bgp summary  # Diagnose
sudo ifconfig eth0 up && sudo systemctl restart frr

Drill 3: Packet Kung Fu (10 mins)

Goal: Diagnose HTTPS failures without logs.

# Capture TLS handshake failures
sudo tcpdump -i any 'tcp port 443 and (tcp-syn|tcp-ack)!=0' -nnvv -w tls.pcap

# Analyze in Wireshark (or CLI):
tshark -r tls.pcap -Y 'ssl.handshake.type == 1'  # Find failed handshakes

Drill 4: Cost-Ops Reflex Training (15 mins)

Goal: Find and nuke wasteful resources.

# Find untagged EC2 instances
aws ec2 describe-instances --query 'Reservations[].Instances[?!not_null(Tags[?Key==`Owner`])].InstanceId' | jq

# Terminate with prejudice
aws ec2 terminate-instances --instance-ids $(aws ec2 describe-instances --query 'Reservations[].Instances[?!not_null(Tags[?Key==`Owner`])].InstanceId' --output text)

# Find idle NAT Gateways
aws ec2 describe-nat-gateways --filter Name=state,Values=available --query 'NatGateways[?NetworkInterfaces[0].Status!=`in-use`].NatGatewayId' | jq

3. The Gauntlet: Weekly Challenges

(Simulate real outages—no Google allowed!)

Challenge 1: "The Silent NACL"

  • Scenario: All traffic to TCP/443 is blocked, but Security Groups are open.
  • Tools Allowed: Only tcpdump, aws ec2 describe-network-acls.
  • Fix Time: <10 mins.

Challenge 2: "BGP Route Leak"

  • Scenario: Your VM cant reach the internet, but ping 8.8.8.8 works.
  • Tools Allowed: vtysh, ip route.
  • Fix Time: <15 mins.

4. Pro Tips for CLI Dominance

  1. Alias Everything: 
    alias aws-vpcs='aws ec2 describe-vpcs --query "Vpcs[*].{ID:VpcId,CIDR:CidrBlock}" --output table'
alias kill-nats='aws ec2 describe-nat-gateways --query "NatGateways[?NetworkInterfaces[0].Status!=\`in-use\`].NatGatewayId" --output text | xargs -I {} aws ec2 delete-nat-gateway --nat-gateway-id {}'
  2. CLI-Only Days:
    • Spend 1 day/week without a GUI (AWS Console, Wireshark, etc.).
  3. Keybindings:
    • Master Ctrl+R (reverse search), Ctrl+A/E (line navigation).

5. Measure Your Progress

Skill Beginner Master
VPC Creation 3+ mins (manual clicks) <60 secs (CLI/Terraform)
BGP Troubleshooting Relies on logs tcpdump + vtysh in <5 mins
Cost Hunting Manual Cost Explorer One-liner to find waste

Final Wisdom

  • Repetition > Theory: Do each drill 3x/week until its boring.
  • Break Things Intentionally: Corrupt BGP tables, drop packets, then fix.
  • Automate Your Punishment: Write scripts that break your lab nightly, forcing you to debug.

Want a ready-to-go Proxmox/K8s lab config? I can share Terraform templates to auto-build breakable environments!