|
|
|
|
|
|
by redeux
1034 days ago
|
|
|
I also think about layers when I set up IaC, but I'm more focused on how things connect and relate rather than sticking strictly to the OSI stack model. In my mind, it's all about grouping things that might influence each other. This approach usually leads me to think in three layers: foundation, shared services, and applications. Starting at the bottom, the foundation layer holds the basics like networking, storage, accounts, and permissions. The shared services layer is where I place tools like certificate managers and secret storage. I keep services that interact closely together, while separating those that work more independently. At the top, I lay out the applications. This is where I slot in services like auto-scaling groups, individual server instances, load balancers (depending on whether they're communal or specific), and pods in platforms like Kubernetes. Depending on the complexity of the environment there may be 1 or multiples of each layer. By structuring IaC this way, I find it’s clearer and more intuitive. |
|
|
Global - Things from the AWS global region, notably DNS (DelegationSet and Zone) and IAM
Core - Semi-permanent per-stack resources such as secrets and certificates
Network - Network resources per-stack (ie. VPC & EC2)
Database - Database resources per-stack (i.e. RDS) and rotating secrets (via Lambda)
Application - Application resources per-stack (i.e. ECS)
Breakglass - Resources for breakglass shell access to the DMZ subnets