Geographically Diverse Failover in the Cloud

Malleable

Now I’ll make a quick but very practical change to the configuration. What if your web server IP address changes and you need to point your DNS somewhere else? If you refer to Listing 2 again (and Figure 4), you can see this exists in the main.tf file:

records = ["1.2.3.4"]

I’ll quickly change the www record to a different IP address now. Figure 5 shows the abbreviated result of editing main.tf and then running the

$ terraform apply

command again. Terraform uses a tilde character for changes and not a plus or minus for additions or deletions.

Figure 5: Note the tilde character for a change and not a minus for a deletion or a plus for an addition.

Once again I’m prompted for the word yes to continue and apply the change.The outcome is much quicker than before, as Figure 6 shows: et voila!An updated A record will be propagating around the Internet’s name servers.

Figure 6: Terraform has updated the www A record.

Work In Progress

At the start of the article, I mentioned that I wanted to set up a geographically diverse failover between two web servers, which led me to tinker with Terraform and Route 53.

The part of the jigsaw that is still missing isn’t too complex to get working manually but might require some squinting to get slightly more advanced Terraform features working.The Route 53 health check, which Figure 7 demonstrates, will definitely be my first port of call.

Figure 7: A health check determines whether a server is down (from the Terraform website).

This is The End

If simple examples like the DNS config in AWS here don’t pique your interest, then Infrastructure as Code might not be for you. The code is relatively easy to read, extensible, and delivers consistent results that you can depend on. I apply similar techniques to the Security as Code work that I do, which in turn provides a business with a level of comfort that resources are created in a predictable way.

I’d encourage anyone to try Terraform on a cloud platform to see how it might help them in the future. The learning curve, thankfully, isn’t too steep for simple tasks.

The Author

Chris Binnie’s latest book, Linux Server Security: Hack and Defend, shows how hackers launch sophisticated attacks to compromise servers, steal data, and crack complex passwords, so you can learn how to defend against such attacks. In the book, he also shows you how to make your servers invisible, perform penetration testing, and mitigate unwelcome attacks. You can find out more about DevOps, DevSecOps, Containers, and Linux security on his website: https://www.devsecops.cc.