The need for cloud computing has increased significantly amongst businesses. The reliability, scalability and performance of cloud services, such as AWS, GCP, Azure, etc. have garnered much attention by companies looking to expand and grow their services. As a part of my journey to develop my skills as a software engineer, I have decided to develop my cloud engineering skills. From my research and community suggestions, it was brought to my attention that the Cloud Resume Challenge is a great place to start. This is a reflection of how I tackled the cloud resume challenge and what I have learnt so far. The resume can be found at ==https://resume.joshdefreitas.info/==
Getting Started 🎯
Choosing a Cloud Platform
The challenge proposes instructions from the three most in demand and used cloud service providers: GCP, AWS and Azure. I decided to go with AWS because it has the most market share, offers the most comprehensive list of services and is the most widedly adopted cloud platform.
Creating AWS Accounts
To get started, I created a root account on AWS, which would allow me to make use of AWS free tier for the duration of this challenge and future projects. I also craete an IAM user which I will use to manage the resources for this challenge.
Securing my AWS accounts
To enhance security, I created a group with necessary operational permissions and applied that to my IAM user account. Not only will this allow me to follow best practices of increasing accountability and separation of roles and duties, but also enhances the security by reducing attack surfaces and following the principle of least privilege.
I chose to create an IAM user instead of setting up an AWS Identity Center user because I will be using these accounts for the purpose of enhancing my skills and I will have no use for SSO or connecting to an AD account. However, IAM users will need greater control over their access ID keys, which are needed for managing the AWS console remotely, interacting with the AWS api, as well as, using the AWS CLI locally. To mediate this and further enhance secuity, I opted to use a third party AWS credential manager, aws-vault. ‘aws-vault’ manages AWS credentials and uses temporary credentials, courtesy AWS STS, when interacting with the AWS CLI. Finally, I enable MFA to both my root account and IAM user account.
1. Certification
At the time of writing this, I do not possess the cloud practitioner certification as recommended by the challenge because I plan to take it in the near future. I have done the cloud solution architect course on simplilearn which gave me the necessary foundation and familiarity around AWS services to pursue this challenge. I intend to update this post and the cloud resume when I achieve AWS certification.
2. HTML
The challenge requires the resume be written in HTML. I modified this clean HTML template by Thomas Hardy, adding and removing HTML where necessary.
3. CSS
The template has a css document to style the html. I added, removed and modified the CSS until I was satisfied with the design of the resume.
4. Static Website
The html dnd css files were uploaded to an S3 bucket and deployed as a static website.
5. HTTPS
To enable HTTPS, a CloudFront distribution was created. Permissions were added to the bucket to allow the distribution to access it. ACM was used to create a wildcard public TLS certificate for any subdomain for my registered domain: *.joshdefreitas.info. The certificate was applied to the CloudFront distribution.
6. DNS
Earlier this year, I purchased the domain joshdefreitas.info on Namecheap. I used Namecheap’s BasicDNS as a DNS resolution provider for other external sites. However to make use of the seamless integration and enhanced performance and reliability of AWS cloud services, I decide to migrate to Route53 for DNS resolution.
I created a hosted zone within Route53 for my apex domain. I added CNAME records for my blog, my website and my photography site to this hosted zone. Finally, I added ALIAS A records for the www. subdomain as well as for resume. for my resume. Route53 allowed me to route traffic from an ALIAS A record directly to CloudFront distribution within the same region, during the creation of the record.
Note: All my sites load faster, due to Route53 extensive global network infrastructure and advanced DNS features.