===== Technical Requirements =====

AWS Requirements(Everything terraformed):

VPC and subnets:

Setup dedicated subnets across all availability zones in the
region. Public subnets - for Internet facing services
Private subnets - will be used for backend services
DB subnets - used for RDS and other DB as-a-service solutions
Elasticache subnets
intra subnets - private subnets with NO Internet routing

* [] Use trusted/well known terraform modules where possible

DONE

* [] Region eu-west-1. Ranges 10.101.0.0/16 for dev vpc, 10.102.0.0/16 for prod
vpc. DONE

* [] Configure VPC NACL to disallow all ingress traffic and allow on a as needed
basis DONE
* [] Configure VPC NACL to disallow all egress traffic and allow on a as needed basis/
only allowed out via peer to shared vpc
DONE
* [] Configure flow logs on VPC
DONE
* [] log buckets should have logging enabled
DONE
* [] log buckets should enforce https
DONE
* [] log buckets should be encrypted
DONE
* [] log buckets should required MFA to delete
DONE
* [] log buckets should implement versioning
DONE
* [] log buckets should have minimal replication and storage class of Intelligent Tiering
- Deep Archive Access Tier
DONE
* [] Configure subnets NACL to disallow all ingress traffic and allow on a as needed
basis
DONE
* [] Configure subnets NACL to disallow all egress traffic and allow on a as needed
basis
DONE
* [] Configure flow logs on all subnets
DONE

* [] Use a single NATGW for all private subnets

DONE

* [] Use trusted/well known terraform modules where possible

DONE
* [] Configure subnets NACL to disallow all ingress traffic and allow on a as needed
basis
DONE
* [] Configure subnets NACL to disallow all egress traffic and allow on a as needed
basis
DONE
* [] Configure flow logs on all subnets
DONE
* [] Use a single NATGW for all private subnets
DONE
* [] A terraform dedicated AWS account should be created which will be used for further
administrative activities
Not Done - because of my time limitation I didn’t configured it.

===== EKS Requirements(terraform) =====

EKS clusters:
Dev cluster name - dev-****
Prod clustername - prod-****

* [] The cluster should be deployed using the terraform account.

Not DONE – because of my time limitation I didn’t configured it.

* [] Use t3.medium instance types for the EKS nodes. The cluster/s should have initially
2 worker nodes
DONE
* [] Create AWS IAM role aws-eks-{YOURNAME}-prod
DONE
* [] Create aws IAM role aws-eks-{YOURNAME}-dev
DONE
* [] Deploy an EC2 instances which will be called “stepstone" in the public range. Make
sure that the stepstone instance is secure enough(IP based restrictions) DONE
* [] Add your personal account to roles aws-eks-{YOURNAME}-dev and
aws-eks- {YOURNAME}-prod
Done
* [] Deploy the DEV cluster in the private subnets. The cluster must have a single EC2
node, type t3.medium. Make sure that the instances are tagged properly DONE

* [] Deploy the PROD cluster in the private subnets. The cluster must have a single EC2
node, type t3.medium. Make sure that the instances are tagged properly

Done

===== EKS Applications (preferred solution helm) =====

The customer plans to migrate an existing LEMP application to Kubernetes. He would

like to be sure that MySQL could be running in Kubernetes and it will be stable. The
customer would like to be sure that multiple websites could be hosted on the same
cluster so we need to proceed with Ingress controller setup.
* [] Create namespace app1 on the dev cluster
Done
* [] Deploy MySQL with a persistent volume in app1 namespace
DONE
* [] Be ready and prepare instruction that shows mysql failover in case of a crash of a
single Kubernetes node
DONE
* [] Deploy Ingress controller with AWS LB
DONE
* [] Install letsencrypt
Not DONE – because of my time limitation I didn’t configured it.

* [] Provide the hostname of the Load Balancer so we could point demo DNS records to
it. The DNS records will be web-{YOURNAME}.gotoadmins.cloud.
Prepare ingress for app-{YOURNAME}.gotoadmins.cloud , add SSL cert (contact us so
we could configure the necessary DNS records) and make sure
that it could be associated with another domain in the future.
Not DONE –because of my time limitation I didn’t configured it.
* [] Deploy Jenkins in the K8S cluster. The hostname associated with Jenkins should
jenkins-{YOURNAME}.gotoadmins.cloud.
Jenkins should be reachable via HTTPS as well.
DONE
* [] Link Jenkins to your github repository
Not DONE - because of my time limitation I didn’t configured it.

* [] Prepare an example deployment pipeline

Not Done - because of my time limitation I didn’t configured it.
* [] Deploy Prometheus-Grafana monitoring stack
DONE
* [] Deploy Loki central log solution
DONE

Kind regards,