Direct Connect with VPN backup

The problem A common AWS connectivity design is to have a direct connect (DX) connection with a VPN backup. There are some routing concerns to consider when implementing this design to make sure that traffic prefers the DX circuit and only uses the backup VPN path if the DX is unavailable. Traffic from AWS transit gateway (TGW) will always prefer the direct connect gateway (DXGW) path, but traffic in the other direction (to AWS) is dependent on the customer gateway (CGW) routing policy....

April 27, 2021 · 3 min · Jason Lavoie
Multi-region dual-stack TGW/DXGW design

Where AWS IPv6 networking fails

Introduction AWS has made much progress over the years with IPv6 support. From S3, EC2, Cloudfront, Route53, and EC2 support back in 2016, to more recent updates to NLB and the EC2 API, I’ve appreciated every advancement and patiently waited for the next. Unfortunately, there are still pieces missing that prevent me from making full use of IPv6 in my employer’s current environment. Existing architecture The architecture is modeled after one of AWS’s recommended connectivity designs....

April 15, 2021 · 4 min · Jason Lavoie
GitHub Drift Success

Terraform Drift Detection with GitHub Actions

The Problem A common issue with infrastructure as code, is that it is often possible for someone to go in after deployment and manually change things. I still want to preserve the ability for the infrastructure folks to go in and make emergency changes, but I also want to discourage this practice as much as possible. To this end, I’ve been using a pattern where any “out of band” changes are alerted to the rest of the team....

September 15, 2020 · 3 min · Jason Lavoie