migrating healthcare gov to terraform lessons learned
play

Migrating HealthCare.gov to Terraform: Lessons Learned Christian - PowerPoint PPT Presentation

Dec 03, 2022 •386 likes •958 views

Migrating HealthCare.gov to Terraform: Lessons Learned Christian Monaghan @monaghan_a_gram Cofounder, Nava PBC What is Terraform? A tool for building , changing , and versioning infrastructure Manage cloud providers Infrastructure as Code

  1. Migrating HealthCare.gov to Terraform: Lessons Learned Christian Monaghan @monaghan_a_gram Cofounder, Nava PBC

  2. What is Terraform?

  3. A tool for building , changing , and versioning infrastructure

  4. Manage cloud providers

  5. Infrastructure as Code Declarative syntax ● Source control ● Variable support ●

  6. Execution plans Developer reviews ● plan before proceeding

  7. Resource graph Resources created in ● dependency order

  8. Resource graph Resources created in ● dependency order

  9. Our project history

  10. AWS Cloudformation JSON interface 3,000+ lines for 1 Virtual Private Cloud (VPC) Managing dozens of VPCs

  11. Custom tooling to interact with Cloudformation YAML Custom AWS Config script Cloudformation

  12. Challenges we faced with our existing tooling

  13. Maintaining custom code :( Complex ● Not unit tested ● Limited documentation, quickly out of date ● Increasing bloat ● Hard to understand ● Hard to debug ●

  14. Unable to incorporate manual changes Past examples: Horizontally scale NATs (Network Address Translation) ● Adding a temporary second Elastic Load Balancer ● Scaling down from 3 availability zones to 1 availability zone ● Swap in new Elastic IPs ●

  15. Uncertain client demands Must build atop partially provisioned ● vpc infrastructure Client frequently requesting custom ● architecture changes Client might make manual changes ● that would be unrecoverable in Cloudformation

  16. Proliferating use cases Load testing resources ● Continuous Integration clusters ● Custom monitoring ● Graphite/Graphana ● Nessus scanning clusters ●

  17. We were trying to shoehorn all these new use cases into our existing tooling

  18. Engineering goal

  19. Manage all infrastructure with a single tool that is flexible , extensible , fast , and well-supported

  20. Choosing the right tool

  21. Tools we considered

  22. Chef, Puppet, Ansible, SaltStack These are configuration management tools ● Install and manage software on existing machines ●

  23. Why we chose Terraform Incorporate manual changes ● Declarative syntax, easy to read, understand, extend ● Supports multiple providers ● Separates planning and execution ● Well-supported, open-source ● Modular ●

  24. Some Terraform basics

  25. How it knows what to provision Changes Desired state Actual state required

  26. Desired state looks like this

  27. Actual state looks like this

  28. Prototyping

  29. Greenfield approach State Define Diff Apply Updated

  30. Reverse engineering approach Import Define Diff Apply State

  31. Refactor to use variables Hardcoded Variables

  32. Testing 1. Successfully provision a new VPC 2. Application functional a. Passes health checks b. Passes smoke testing 3. Infrastructure security scan a. AWS Trusted Advisor

  33. End result A configuration file (.tf) that ● represents one complete vpc configuration A state file (.tfstate) that ● represents one existing vpc

  34. Design

  35. How can we design this for reuse? ... AppA Test AppB Test ... AppA Staging AppB Staging ... AppA Prod AppB Prod ... AppA ... AppB ...

  36. Existing design Variable inputs Assemble building blocks Building blocks

  37. Implementation

  38. Build new VPC's & cutover traffic

  39. Learnings

  40. Use shared modules sparingly

  41. Use shared modules sparingly Sharing modules within applications worked well

  42. Use shared modules sparingly Sharing modules across applications did not work well

  43. Use shared modules sparingly Change the Elastic Load Balancer module

  44. Use shared modules sparingly

  45. Use shared modules sparingly co��t���s

  46. Migrating infrastructure in place It's possible, but time consuming

  47. Importing existing state Native terraform import CLI utility ● Only imports one resource at a time ○ Requires manually finding each resource id relevant to a particular vpc ○ Third party open source terraforming CLI ● Imports all resources in a region ○ Cannot narrow scope to a specific vpc ○

  48. Lock resources to a particular terraform version

  49. Terraform needs to be managed in CI/CD Otherwise: Risk losing internet connection in mid-apply ● No record of who changed what when ● Developers bump versions unintentionally ●

  50. Semantically version modules with git tags Good Bad

  51. Terraform utilities

  52. terraforming Export existing AWS resources to Terraform

  53. tfenv Terraform version manager inspired by rbenv TODO: screenshot

  54. terraform fmt Before After

  55. terraform-docs Generate docs from terraform modules

  56. Thank you @monaghan_a_gram

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Lessons Learned Lessons Learned From From Lessons Learned Lessons Learned From From

Lessons Learned Lessons Learned From From Lessons Learned Lessons Learned From From

Protg 2006, July 26th, Stanford I R I S A C 1 R E C Saint-Cyr Lessons Learned Lessons Learned From From Lessons Learned Lessons Learned From From Ontology Ontology Design Design Ontology Ontology Design Design Jean Andr B

371 views • 12 slides
The NSX Terraform Provider The NSX Terraform provider gives the NSX administrator a way to

The NSX Terraform Provider The NSX Terraform provider gives the NSX administrator a way to

The NSX Terraform Provider The NSX Terraform provider gives the NSX administrator a way to automate NSX to provide virtualized networking and security services using both ESXi and KVM based hypervisor hosts as well as container networking and

1.68k views • 150 slides
Migrating to Vitess at (Slack) Scale Michael Demmer Percona Live - April 2018 This is a

Migrating to Vitess at (Slack) Scale Michael Demmer Percona Live - April 2018 This is a

Migrating to Vitess at (Slack) Scale Michael Demmer Percona Live - April 2018 This is a (brief) story of how Slack's databases work today, why we're migrating to Vitess, and some lessons we've learned along the way. Michael Demmer Senior

1.18k views • 58 slides
Migrating to Vitess at (Slack) Scale Michael Demmer Percona Live Europe 2017 This is a (brief)

Migrating to Vitess at (Slack) Scale Michael Demmer Percona Live Europe 2017 This is a (brief)

Migrating to Vitess at (Slack) Scale Michael Demmer Percona Live Europe 2017 This is a (brief) story of how Slack's databases work today, why we're migrating to Vitess, and some lessons we've learned along the way. Michael Demmer Senior

526 views • 51 slides
Healthcare Fraud and Abuse in a Tougher Enforcement Environment presents Lessons Learned From

Healthcare Fraud and Abuse in a Tougher Enforcement Environment presents Lessons Learned From

Healthcare Fraud and Abuse in a Tougher Enforcement Environment presents Lessons Learned From Recent DOJ/HHS Fraud Investigations, presents L L d F R t DOJ/HHS F d I ti ti Prosecutions and Settlements A Live 90-Minute

822 views • 65 slides
Top 10 Lessons Learned From First to Second Generation Transactions Involving Physicians and

Top 10 Lessons Learned From First to Second Generation Transactions Involving Physicians and

Top 10 Lessons Learned From First to Second Generation Transactions Involving Physicians and Health Systems AHLA Healthcare Transactions Conference Nashville, TN May 10-11, 2018 Max Reiboldt, CPA R. Michael Barry, Esq. Coker Group Arnall

735 views • 57 slides
Hospital Cultural Competency as a Systematic Organizational Intervention: Lessons Learned from

Hospital Cultural Competency as a Systematic Organizational Intervention: Lessons Learned from

Hospital Cultural Competency as a Systematic Organizational Intervention: Lessons Learned from the National Center for Healthcare Leadership (NCHL) Diversity Demonstration Project Robert Weech-Maldonado Department of Health Services

396 views • 12 slides
Scale-Up, Spread, and Sustainment of Tele-Collaborative Care: Lessons Learned from a

Scale-Up, Spread, and Sustainment of Tele-Collaborative Care: Lessons Learned from a

Scale-Up, Spread, and Sustainment of Tele-Collaborative Care: Lessons Learned from a Model-Guided, Mixed Methods Analysis Mark S. Bauer, MD VA Center for Healthcare Organization & Implementation Research (CHOIR) & the VA QUERI for

422 views • 17 slides
On Moving Mountains: Lessons for Migrating Data and Content for your Next Drupal Project

On Moving Mountains: Lessons for Migrating Data and Content for your Next Drupal Project

On Moving Mountains: Lessons for Migrating Data and Content for your Next Drupal Project Drupalcamp NJ February 2, 2019 We build better websites for the greater good. Message Agency is a social enterprise that helps nonprofits use

340 views • 18 slides
Digital I&C Lessons learned across industries Dr. John Thomas MIT Experiences across

Digital I&C Lessons learned across industries Dr. John Thomas MIT Experiences across

Digital I&C Lessons learned across industries Dr. John Thomas MIT Experiences across industries (Automotive, Aviation, Space Systems, Chemical, Oil & Gas, Nuclear Power, Defense, Healthcare, Medical Devices, Weapon Systems, etc.)

245 views • 11 slides
Institutionalizing Lessons Learned October 25, 2006 Loren Plisco Region II Background

Institutionalizing Lessons Learned October 25, 2006 Loren Plisco Region II Background

Institutionalizing Lessons Learned October 25, 2006 Loren Plisco Region II Background SEP 2002 Davis-Besse Lessons Learned Task Force AUG 2004 - Effectiveness Review Lessons Learned Task Force JAN 2005 - EDO Charters

269 views • 22 slides
Migrating Legacy.com Migrating a top 50 most visited site in the U.S. onto Drupal - Legacy.com

Migrating Legacy.com Migrating a top 50 most visited site in the U.S. onto Drupal - Legacy.com

Migrating Legacy.com Migrating a top 50 most visited site in the U.S. onto Drupal - Legacy.com Case Study Migrating Legacy.com Jordan Ryan Product Owner Ankur Gupta Lead Developer Bassam Ismail Front-end Lakshmi Narasimhan RESTful

458 views • 45 slides
OSHA Lessons Learned Adam Fries OSHA Compliance Officer February 13, 2018 OSHA Lessons Learned

OSHA Lessons Learned Adam Fries OSHA Compliance Officer February 13, 2018 OSHA Lessons Learned

OSHA Lessons Learned Adam Fries OSHA Compliance Officer February 13, 2018 OSHA Lessons Learned Jobsite Safety and Health Inspections/Audits better known as; PAPER WORK You hate it, Your safety director requires it, OSHA loves it, Does it

926 views • 35 slides
3/8/2019 Epidemiology, Risk Factors, and Outcomes of Pediatric PVD: LESSONS learned from the

3/8/2019 Epidemiology, Risk Factors, and Outcomes of Pediatric PVD: LESSONS learned from the

3/8/2019 Epidemiology, Risk Factors, and Outcomes of Pediatric PVD: LESSONS learned from the Spanish Registry: Lessons Learned from the Registries o Is It possible (and worthy) to do a national registry? Lessons learned from the o

1.16k views • 43 slides
DEBUGGING LESSONS LEARNED WHILE DEBUGGING LESSONS LEARNED WHILE FIXING NETBSD FIXING NETBSD

DEBUGGING LESSONS LEARNED WHILE DEBUGGING LESSONS LEARNED WHILE FIXING NETBSD FIXING NETBSD

DEBUGGING LESSONS LEARNED WHILE DEBUGGING LESSONS LEARNED WHILE FIXING NETBSD FIXING NETBSD ABOUT ME ABOUT ME maya@NetBSD.org coypu@sdf.org NetBSD/pkgsrc for the last 3 years THIS TALK THIS TALK Mix of a bunch of bugs Not solo work

695 views • 31 slides
A Campus-wide Committee on Disability and Access: Accomplishments and Lessons Learned Jessica

A Campus-wide Committee on Disability and Access: Accomplishments and Lessons Learned Jessica

A Campus-wide Committee on Disability and Access: Accomplishments and Lessons Learned Jessica Sniatecki (Healthcare Studies) Algernon Kelley (Chemistry) The College at Brockport, SUNY CDA Origins Disability Studies Faculty Learning

177 views • 17 slides
Tom Jirsk Milan ermk, Pavel eleda Motivation Brace yourself, IoT is coming. Large

Tom Jirsk Milan ermk, Pavel eleda Motivation Brace yourself, IoT is coming. Large

On Information Value of Top N Statistics INTERNATIONAL CONFERENCE ON IT CONVERGENCE AND SECURITY 2016 Wednesday 28 th September, 2016 Tom Jirsk Milan ermk, Pavel eleda Motivation Brace yourself, IoT is coming. Large volume of

418 views • 14 slides
How to participate in RIR Policy Development Processes Louie Lee ASO Address

How to participate in RIR Policy Development Processes Louie Lee ASO Address

How to participate in RIR Policy Development Processes Louie Lee ASO Address Council ICANN 35 Buenos Aires, Argen8na 24 June 2015 How to participate in RIR Policy Development Processes

333 views • 17 slides
Center Jason Acord Systems Engineer 2 Secondary backup storage ( onsite) Backup Backup copy

Center Jason Acord Systems Engineer 2 Secondary backup storage ( onsite) Backup Backup copy

Protection for the Modern Data Center Jason Acord Systems Engineer 2 Secondary backup storage ( onsite) Backup Backup copy Production Primary 1 Secondary backup 3 storage backup storage storage (offsite) 4 Offsite tape copy 1 Use

467 views • 22 slides
Internet Initiative Japan Inc. Corporate Overview February and March 2015 TSE1:3774

Internet Initiative Japan Inc. Corporate Overview February and March 2015 TSE1:3774

Internet Initiative Japan Inc. Corporate Overview February and March 2015 TSE1:3774 NASDAQ:IIJI Key Investment Highlights Pioneer and Top IP Engineering Company in Japan Shifted from ISP to Total Network Solution Provider Target

398 views • 35 slides
A Flight Delay Reporting and Analysis Platform Through Secure Information Sharing Guney Guner,

A Flight Delay Reporting and Analysis Platform Through Secure Information Sharing Guney Guner,

A Flight Delay Reporting and Analysis Platform Through Secure Information Sharing Guney Guner, Baris Baspinar, Emre Koyuncu , Gokhan Inalhan, Massimiliano Zanin, Vaishali Mirchandani, Alberto Enrich Gonzalez, Julio Cesar Triana Castillo,

808 views • 26 slides
A Spectral Approach Towards Analyzing Air Traffic Network Disruptions (Li et al., ATM2019) Two

A Spectral Approach Towards Analyzing Air Traffic Network Disruptions (Li et al., ATM2019) Two

A Spectral Approach Towards Analyzing Air Traffic Network Disruptions (Li et al., ATM2019) Two knowledge gaps: high delay high delay correlation correlation How do we distinguish BOS delays: 90 min BOS delays: 10 min unexpected spatial

357 views • 3 slides
2018 Interconnection Process Enhancements (IPE) Meeting September 17, 2018 10:00 a.m. 4:00

2018 Interconnection Process Enhancements (IPE) Meeting September 17, 2018 10:00 a.m. 4:00

2018 Interconnection Process Enhancements (IPE) Meeting September 17, 2018 10:00 a.m. 4:00 p.m. (Pacific Time) CAISO Public CAISO Public Agenda Time Item Speaker 10:00 - 10:10 Stakeholder Process and Schedule Jody Cross 10:10 -

596 views • 31 slides
Content Delivery Network Interconnection Footprint versus Capabilities exchange Bastiaan Wissingh

Content Delivery Network Interconnection Footprint versus Capabilities exchange Bastiaan Wissingh

Content Delivery Network Interconnection Footprint versus Capabilities exchange Bastiaan Wissingh Master education System and Network Engineering July 05, 2012 1 Agenda Introduction Research Questions Footprint and Capabilities

743 views • 18 slides

More recommend