One of the most powerful opportunities that a well-run Cloud Foundation offers is to give developers a new cloud account by the snap of a finger. When I work with customers and explain to them the concept of Cloud Sandbox Environments, the most common reaction I get is “Do we even need this?” Well, a cloud sandbox for developers is one of those things that you truly only know you need once you’ve experienced it.
In this post I’m going to show you an actual (non-fictional) example how having not only one, but two developer cloud sandboxes for different cloud platforms at the snap of a finger made my life a lot easier. Essentially I just want to serve 5
terabytes megabytes worth of static files...
Setting up a Cloud Sandbox
I was quickly slapping together a small angular application to help one of our customers write a service catalog for integration into the service marketplace: a live-preview editor that renders a catalog and the parameter forms side-by-side. You can find this and a link to the source code on our product feedback board.
So I had this up and running quickly, and now I just wanted to throw this tool up on a cloud storage bucket, sent them the link and be done with it. I’ve recently done a bit of work with Google Cloud Storage (GCS) and had the command for gsutil cp ... right in my head, so I quickly created a new GCP project in meshStack, and no more than 60 seconds later I was copying that angular tool over to a new cloud storage bucket.
But ... duh! Accessing the file on the public URL at
https://storage.googleapis.com/main.js and obviously that gives me a HTTP 404.
Okay, can I fix this quickly? I’m in a hurry and have other stuff to do. So like everyone that hasn’t lived under a rock the past ten years I go to stackoverflow, and find an answer saying as much as RTFM. Nope, not gonna do that, clock’s ticking!
Manage all Accounts - across all Clouds!
Having large numbers of accounts with multiple cloud providers requires an airtight management solution: The creation, administration, security configuration and deprovisioning has to be easy and transparent.
While I really like Google Cloud, the root of the problem here is that GCS wants to host my bucket at a relative path instead of hosting on its own domain like
https://unipipe-catalog-preview.storage.googleapis.com. Now, I could figure out if I can fix that, but I also know that AWS S3 gives buckets their own domain. So, let’s ditch GCP and go to AWS instead. Yay, multi-cloud FTW! (Sorry GCP, but I promise we’re still good friends).
A few seconds later I have my AWS account ready to sign in. Magic! Since I already had a meshProject that had the GCP project in it, meshStack derived a desired state for the new AWS Account with an AWS IAM Role for my user, AWS SSO + AWS CLI integration. I could have literally not created that AWS Account any faster on the cloud console.
Alright, create a bucket with a public access policy,
aws s3 cp unipipe-preview s3://unipipe-catalog-preview --recursive on the cli aaaand done!
Cloud Sandboxes Empower Engineers to Build
As I hope I could convey in this post, the ability to move fast and
break things getting things done is important to empower developers to do their jobs. Having one cloud at your fingertips is cool, having any cloud available at the snap of a finger (or: api call) is pure magic.
Unfortunately, that type of power is not available to most developers today. Only few organizations have a “time to cloud” measured in minutes - most often, it takes weeks or days at best. In IT we focus on making the hard things easy, but tend to forget that doing so sometimes makes the easy things unnecessarily hard. If you haven’t watched the “I just want to serve 5 terabytes” video I mentioned earlier above - you’re in for a good laugh.
Cloud Foundations Provide Cloud Sandboxes
Mind you, most of the ceremony involved in setting up a new application on the cloud have their purpose and place. They’re not designed out of evil spirit. But building a cloud foundation right, we can establish a clear Shared Responsibility Model, trust our engineers to make the right calls about the Cloud Zones they want to put their applications into and then empower them with access to the infrastructure they need. Having the right controls in place like automated landing zone enforcement and cost management, enables us to have a lot of agility and control at the same time.
If empowering engineers to build a better future sounds like something you want to work on - and you’d fancy a workplace that gives you the freedom to get stuff done - we’re hiring!