https://abhilash-shettigar.dev Senior DevOps Engineer - Cloud Automation, AWS Solutions, Infrastructure Optimization Tue, 20 Aug 2024 00:00:00 GMT https://validator.w3.org/feed/docs/rss2.html https://github.com/jpmonette/feed en https://abhilash-shettigar.dev/og-image.jpg https://abhilash-shettigar.dev © 2025 Abhilash Shettigar. All rights reserved. https://abhilash-shettigar.dev/blog/2024/08/zero-downtime-cloud-migration https://abhilash-shettigar.dev/blog/2024/08/zero-downtime-cloud-migration Tue, 20 Aug 2024 00:00:00 GMT $ROLLBACK_THRESHOLD" | bc -l) )); then echo "Error rate exceeded threshold. Initiating rollback..." kubectl patch service payment-service -p '{"spec":{"selector":{"version":"blue"}}}' return 1 fi return 0 } ``` ## Results and Metrics The migration delivered exceptional results: ### Performance Improvements - **40% reduction** in response latency - **25% improvement** in throughput capacity - **99.99% uptime** maintained throughout migration ### Cost Optimization - **30% reduction** in monthly infrastructure costs - **50% savings** on data transfer costs - **Better reserved instance** utilization ### Operational Benefits - Unified monitoring and alerting across all services - Standardized deployment pipelines - Improved disaster recovery capabilities ## Lessons Learned ### 1. Planning is Everything The success of this migration was 80% planning and 20% execution. We spent significant time mapping dependencies and understanding data flows. ### 2. Observability is Critical Having comprehensive monitoring during migration allowed us to detect issues before they impacted users: ```yaml # Grafana dashboard configuration dashboard: - title: "Migration Health Dashboard" panels: - title: "Request Success Rate" query: "rate(http_requests_total{status!~'5..'}[5m])" - title: "Database Connection Pool" query: "db_connections_active / db_connections_max" - title: "Message Queue Lag" query: "kafka_consumer_lag_sum" ``` ### 3. Communication is Key We established clear communication channels: - Real-time Slack updates during cutover - Hourly stakeholder briefings - 24/7 on-call rotation for immediate response ## Best Practices for Future Migrations Based on this experience, here are my recommendations: 1. **Start with non-critical services** to validate your migration process 2. **Implement feature flags** to control traffic routing at the application level 3. **Use infrastructure as code** to ensure consistency between environments 4. **Automate everything** - manual processes are error-prone under pressure 5. **Plan for rollback** from day one, not as an afterthought ## Conclusion Zero-downtime cloud migration is achievable with proper planning, robust tooling, and a methodical approach. The key is treating migration as a product development effort with clear requirements, testing phases, and success criteria. The techniques and strategies outlined here can be adapted for various migration scenarios. Whether you're moving between cloud providers or modernizing legacy systems, the principles remain the same: plan thoroughly, automate extensively, and monitor continuously. --- *Have questions about cloud migration strategies? Feel free to [reach out](/contact) - I'd love to discuss your specific migration challenges and share more detailed insights from this project.*]]> abhilashshettigar@gmail.com (Abhilash Shettigar) cloud-migration aws gcp devops infrastructure https://abhilash-shettigar.dev/blog/2024/08/terraform-best-practices https://abhilash-shettigar.dev/blog/2024/08/terraform-best-practices Thu, 15 Aug 2024 00:00:00 GMT = 2 && var.az_count <= 6 error_message = "The az_count must be between 2 and 6." } } variable "common_tags" { description = "Common tags to apply to all resources" type = map(string) default = {} } ``` ```hcl # modules/vpc/outputs.tf output "vpc_id" { description = "ID of the VPC" value = aws_vpc.main.id } output "public_subnet_ids" { description = "IDs of the public subnets" value = aws_subnet.public[*].id } output "private_subnet_ids" { description = "IDs of the private subnets" value = aws_subnet.private[*].id } output "vpc_cidr_block" { description = "CIDR block of the VPC" value = aws_vpc.main.cidr_block } ``` ## Advanced Module Patterns ### 1. Conditional Resource Creation Sometimes you need modules that can create different sets of resources based on input: ```hcl # modules/database/main.tf locals { is_postgres = var.engine == "postgres" is_mysql = var.engine == "mysql" } resource "aws_db_instance" "main" { allocated_storage = var.allocated_storage storage_type = var.storage_type engine = var.engine engine_version = var.engine_version instance_class = var.instance_class db_name = var.database_name username = var.username password = var.password vpc_security_group_ids = var.security_group_ids db_subnet_group_name = aws_db_subnet_group.main.name # Conditional parameters based on engine family = local.is_postgres ? "postgres${split(".", var.engine_version)[0]}" : "mysql${split(".", var.engine_version)[0]}" # PostgreSQL specific settings dynamic "restore_to_point_in_time" { for_each = local.is_postgres && var.restore_from_snapshot ? [1] : [] content { source_db_instance_identifier = var.source_db_instance_identifier restore_time = var.restore_time } } # MySQL specific settings character_set_name = local.is_mysql ? var.character_set_name : null backup_retention_period = var.backup_retention_period backup_window = var.backup_window maintenance_window = var.maintenance_window skip_final_snapshot = var.skip_final_snapshot deletion_protection = var.deletion_protection tags = merge(var.common_tags, { Name = var.database_name }) } ``` ### 2. Module Composition Build complex infrastructure by composing simpler modules: ```hcl # environments/production/main.tf module "vpc" { source = "../../modules/vpc" vpc_name = "${var.environment}-vpc" cidr_block = var.vpc_cidr_block az_count = 3 create_internet_gateway = true create_public_subnets = true create_private_subnets = true create_nat_gateways = true common_tags = local.common_tags } module "eks_cluster" { source = "../../modules/eks" cluster_name = "${var.environment}-cluster" cluster_version = "1.28" vpc_id = module.vpc.vpc_id subnet_ids = concat(module.vpc.public_subnet_ids, module.vpc.private_subnet_ids) node_groups = { general = { desired_capacity = 2 max_capacity = 10 min_capacity = 1 instance_types = ["t3.medium"] } compute = { desired_capacity = 0 max_capacity = 50 min_capacity = 0 instance_types = ["c5.large", "c5.xlarge"] labels = { workload-type = "compute-intensive" } taints = [ { key = "compute-intensive" value = "true" effect = "NO_SCHEDULE" } ] } } common_tags = local.common_tags } module "rds_cluster" { source = "../../modules/rds-cluster" cluster_identifier = "${var.environment}-db-cluster" engine = "aurora-postgresql" engine_version = "15.4" vpc_id = module.vpc.vpc_id subnet_ids = module.vpc.private_subnet_ids master_username = var.db_username master_password = var.db_password instance_count = var.db_instance_count instance_class = var.db_instance_class backup_retention_period = 7 preferred_backup_window = "03:00-04:00" common_tags = local.common_tags } ``` ## Testing Your Modules ### 1. Unit Testing with Terratest ```go // test/vpc_test.go package test import ( "testing" "github.com/gruntwork-io/terratest/modules/terraform" "github.com/stretchr/testify/assert" ) func TestVPCModule(t *testing.T) { terraformOptions := &terraform.Options{ TerraformDir: "../modules/vpc", Vars: map[string]interface{}{ "vpc_name": "test-vpc", "cidr_block": "10.0.0.0/16", "az_count": 2, }, NoColor: true, } defer terraform.Destroy(t, terraformOptions) terraform.InitAndApply(t, terraformOptions) vpcId := terraform.Output(t, terraformOptions, "vpc_id") assert.NotEmpty(t, vpcId) publicSubnetIds := terraform.OutputList(t, terraformOptions, "public_subnet_ids") assert.Len(t, publicSubnetIds, 2) } ``` ### 2. Validation with Pre-commit Hooks ```yaml # .pre-commit-config.yaml repos: - repo: https://github.com/antonbabenko/pre-commit-terraform rev: v1.81.0 hooks: - id: terraform_fmt - id: terraform_validate - id: terraform_docs - id: terraform_tflint - id: terraform_tfsec - id: terraform_checkov ``` ### 3. Integration Testing ```bash #!/bin/bash # scripts/test-module.sh set -e MODULE_DIR="$1" TEST_DIR="test-environments" if [ -z "$MODULE_DIR" ]; then echo "Usage: $0 " exit 1 fi echo "Testing module: $MODULE_DIR" # Create test environment mkdir -p "$TEST_DIR" cat > "$TEST_DIR/main.tf" << EOF module "test" { source = "../$MODULE_DIR" # Test-specific variables $(cat test-fixtures/variables.tf) } output "test_outputs" { value = module.test } EOF cd "$TEST_DIR" # Initialize and validate terraform init terraform validate terraform plan # Apply and test terraform apply -auto-approve # Run post-deployment tests if [ -f "../test-fixtures/verify.sh" ]; then ../test-fixtures/verify.sh fi # Cleanup terraform destroy -auto-approve cd .. rm -rf "$TEST_DIR" echo "Module test completed successfully" ``` ## Module Versioning and Release Strategy ### 1. Semantic Versioning Use semantic versioning for your modules: ```hcl # Using specific version module "vpc" { source = "github.com/company/terraform-modules//vpc?ref=v1.2.0" vpc_name = "production-vpc" cidr_block = "10.0.0.0/16" } # Using version constraints module "eks" { source = "github.com/company/terraform-modules//eks?ref=~>2.0" cluster_name = "production-cluster" } ``` ### 2. Automated Release Pipeline ```yaml # .github/workflows/release.yml name: Release on: push: tags: - 'v*' jobs: test: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - name: Setup Terraform uses: hashicorp/setup-terraform@v2 - name: Run tests run: | for module in modules/*/; do cd "$module" terraform init terraform validate terraform fmt -check cd ../../ done release: needs: test runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - name: Generate changelog run: | # Generate changelog from commits git log --pretty=format:"* %s" $(git describe --tags --abbrev=0 HEAD^)..HEAD > CHANGELOG.md - name: Create release uses: actions/create-release@v1 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: tag_name: ${{ github.ref }} release_name: Release ${{ github.ref }} body_path: CHANGELOG.md ``` ## Monitoring and Cost Optimization ### 1. Built-in Cost Tracking ```hcl # modules/common/locals.tf locals { common_tags = merge(var.common_tags, { Environment = var.environment Project = var.project_name ManagedBy = "terraform" CreatedDate = formatdate("YYYY-MM-DD", timestamp()) # Cost allocation tags CostCenter = var.cost_center Owner = var.owner_email }) } ``` ### 2. Resource Tagging Strategy ```hcl # Automatic tagging for cost allocation resource "aws_instance" "main" { # ... other configuration tags = merge(local.common_tags, { Name = "${var.service_name}-${var.environment}" Service = var.service_name Component = var.component_name # Automated cost tracking "cost:project" = var.project_name "cost:environment" = var.environment "cost:team" = var.team_name }) volume_tags = merge(local.common_tags, { Name = "${var.service_name}-${var.environment}-volume" }) } ``` ## Real-World Example: Microservices Platform Module Here's a complete example of a production-ready module that creates a microservices platform: ```hcl # modules/microservices-platform/main.tf module "vpc" { source = "../vpc" vpc_name = var.platform_name cidr_block = var.vpc_cidr_block az_count = var.availability_zone_count create_internet_gateway = true create_public_subnets = true create_private_subnets = true create_nat_gateways = var.create_nat_gateways common_tags = local.common_tags } module "eks_cluster" { source = "../eks" cluster_name = "${var.platform_name}-cluster" cluster_version = var.kubernetes_version vpc_id = module.vpc.vpc_id subnet_ids = module.vpc.private_subnet_ids node_groups = var.node_groups # Enable necessary add-ons cluster_addons = { coredns = { addon_version = var.coredns_version } kube-proxy = { addon_version = var.kube_proxy_version } vpc-cni = { addon_version = var.vpc_cni_version } aws-ebs-csi-driver = { addon_version = var.ebs_csi_version } } common_tags = local.common_tags } # Application Load Balancer for ingress module "alb" { source = "../alb" name = "${var.platform_name}-alb" vpc_id = module.vpc.vpc_id subnets = module.vpc.public_subnet_ids enable_cross_zone_load_balancing = true enable_http2 = true # Security groups security_groups = [aws_security_group.alb.id] common_tags = local.common_tags } # RDS for shared databases module "rds_cluster" { count = var.create_shared_database ? 1 : 0 source = "../rds-cluster" cluster_identifier = "${var.platform_name}-shared-db" engine = var.database_engine engine_version = var.database_engine_version vpc_id = module.vpc.vpc_id subnet_ids = module.vpc.private_subnet_ids master_username = var.database_username master_password = random_password.database_password.result instance_count = var.database_instance_count instance_class = var.database_instance_class backup_retention_period = var.database_backup_retention_period preferred_backup_window = var.database_backup_window common_tags = local.common_tags } # ElastiCache for shared caching module "elasticache" { count = var.create_shared_cache ? 1 : 0 source = "../elasticache" cluster_id = "${var.platform_name}-cache" engine = "redis" node_type = var.cache_node_type num_cache_nodes = var.cache_node_count vpc_id = module.vpc.vpc_id subnet_ids = module.vpc.private_subnet_ids common_tags = local.common_tags } ``` ## Conclusion Building reusable Terraform modules is both an art and a science. The key principles I've learned through years of infrastructure management are: 1. **Start simple** - Begin with basic modules and evolve them based on real needs 2. **Think in interfaces** - Design clear input/output contracts 3. **Test everything** - Automated testing catches issues before they reach production 4. **Version carefully** - Use semantic versioning and maintain backward compatibility 5. **Document thoroughly** - Good documentation is as important as good code These practices have helped me reduce infrastructure deployment time from weeks to hours, while maintaining high reliability and security standards. Whether you're just starting with Terraform or looking to improve existing infrastructure, focusing on modularity will pay dividends in the long run. --- *Want to see more examples or discuss specific module patterns? [Get in touch](/contact) - I'm always happy to share experiences and learn from others in the infrastructure community.*]]> abhilashshettigar@gmail.com (Abhilash Shettigar) terraform infrastructure-as-code aws devops automation