What is IaaS, PaaS and SaaS in Microsoft Azure?

Taswar Bhatti January 9, 2023 No Comments

Fundamentals are the building blocks of fun.Mikhail Baryshnikov

Continuing on towards our learning cloud computing and Microsoft Azure, lets go over what is IaaS, PaaS and SaaS in Microsoft Azure?.

Definitions

IaaS

IaaS (Infrastructure as a Service) : refers to the delivery of computing resources, such as servers, storage and networking, over the internet. This allows companies to rent, rather than own, the infrastructure that they need to run their applications and services. Examples of IaaS Cloud providers include Microsoft Azure, Amazon Web Services (AWS) and Google Cloud Platform, etc.

Restaurant Analogy

If we use a restaurant analogy then IaaS can be compared to a restaurant that rents out its kitchen space to different chefs. The chefs can come in, use the kitchen’s equipment (such as ovens, stoves, and utensils) to cook their own dishes, and serve them to their customers. The restaurant provides the infrastructure (kitchen space and equipment) and the chef provides the recipe and cooks the dishes.

IaaS Advantages:

Agility. Applications can be made accessible quickly, removed and decommisioned whenever needed.
No CapEx. There is no up-front costs.
Consumption-based model. Organizations pay only for what they use and operate under an Operational Expenditure (OpEx) model.
Flexibility. IaaS is the most flexible cloud service because you have control to configure and manage the hardware running your application.
Management. The shared responsibility model applies; the user manages and maintains the services they have provisioned, and the cloud provider manages and maintains the cloud infrastructure.
Skills. No deep technical skills are required to deploy, use, and gain the benefits of a public cloud. Organizations can use the skills and expertise of the cloud provider to ensure workloads are secure, safe, and highly available.
Cloud benefits. Organizations can use the skills and expertise of the cloud provider to ensure workloads are made secure and highly available.

PaaS

PaaS (Platform as a Service): builds on top of IaaS by providing a platform for developers to create and run their applications, without having to manage the underlying infrastructure. PaaS providers typically offer a range of tools and services for building, testing, deploying and scaling applications. Examples in Microsoft Azure includes, Azure Active Directory, Azure SQL Server, Azure HDInsight, etc. Other similar platform of PaaS includes Heroku, Salesforce Lightning Platform and Google App Engine.

Restaurant Analogy

Again with a restaurant analogy PaaS (Platform as a Service) can be compared to a restaurant that not only rents out its kitchen space, but also provides the chefs with a pre-made menu and a team of sous chefs to assist them. The chefs can still create and serve their own dishes, but they don’t have to worry about managing the kitchen or creating the menu. The restaurant provides the platform (kitchen space, equipment, menu, and assistance) and the chef provides the recipe and cooks the dishes.

PaaS Advantages:

Agility. PaaS is more agile than IaaS, and users don’t need to configure servers for running applications.
No CapEx. Users have no up-front costs.
Consumption-based model. Users pay only for what they use, and operate under an OpEx model.
Skills. No deep technical skills are required to deploy, use, and gain the benefits of PaaS. Most servies are easily configurable through the internet/web interface or SDK.
Cloud benefits. Users can take advantage of the skills and expertise of the cloud provider to ensure that their workloads are made secure and highly available. In addition, users can gain access to more cutting-edge development tools. They can then apply these tools across an application’s lifecycle.
Productivity. Users can focus on application development only, because the cloud provider handles all platform management. Working with distributed teams as services is easier because the platform is accessed over the internet. You can make the platform available globally more easily.

PaaS Disadvantage

Platform limitations. There can be some limitations to a cloud platform that might affect how an application runs. When you’re evaluating which PaaS platform is best suited for a workload, be sure to consider any limitations in this area. Example: Certain modules/plugins for the services may not be provided out of the box. Plus customers usually cannot load/plug their custom modules or plugins into the service. E.g a database plugin that you may rely on is not supported in the PaaS service.

SaaS

SaaS (Software as a Service) is the most common and widely used cloud computing service model. It refers to the delivery of software applications over the internet, typically on a subscription basis. SaaS applications are typically accessed through a web browser, and the provider is responsible for managing the infrastructure and ensuring that the software is always up-to-date. Examples of SaaS include Microsoft Office 365, Salesforce, and Zoom.

Restaurant Analogy

Continue with a restaurant analogy SaaS (Software as a Service) can be compared to a restaurant that not only rents out its kitchen space, provides the chefs with a pre-made menu and assistance but also provides the dishes to the customers. The customers can come in and order from a set menu, and the restaurant takes care of everything from cooking the dishes to serving them. The restaurant provides the software (dishes) and the customer just orders and consumes them.

SaaS Advantages:

Agility. Users can provide staff with access to the latest software quickly and easily.
No CapEx. Users have no up-front costs.
Pay-as-you-go pricing model. Users pay for the software they use on a subscription model, typically monthly or yearly, regardless of how much they use the software.
Skills. No deep technical skills are required to deploy, use, and gain the benefits of SaaS.
Flexibility. Users can access the same application data from anywhere.

SaaS Disadvantage

Software limitations. There can be some limitations to a software application that might affect how users work. Because you’re using as-is software, you don’t have direct control of features. When you’re evaluating which SaaS platform is best suited for a workload, be sure to consider any business needs and software limitations.

Additionaly if we look a diagram of a pizza restaurant it would look something like below:

pizza-as-a-service

Conclusion

In this section we learned about IaaS, PaaS and SaaS and what they stand for in Microsoft Azure. In the upcoming sections we will go deeper into Azure subscriptions, managemnt groups, resources and region. Stay tuned.

Additional Resources

Here is a list of resources that may be helpful as you continue to explore Microsoft Azure.

Align requirements with cloud types and service models in Azure (https://docs.microsoft.com/en-us/learn/modules/align-requirements-in-azure/)
What is infrastructure as a service (IaaS)? (https://azure.microsoft.com/overview/what-is-iaas/)
What is platform as a service (PaaS)? (https://azure.microsoft.com/overview/what-is-paas/)
What is software as a service (SaaS)? (https://azure.microsoft.com/overview/what-is-saas/)
Serverless computing (https://azure.microsoft.com/overview/serverless-computing/)
Azure Marketplace (microsoft.com) (https://azuremarketplace.microsoft.com/)
Azure free account FAQ (https://azure.microsoft.com/free/free-account-faq/)
Create an Azure account (https://docs.microsoft.com/en-us/learn/modules/create-an-azure-account/)

Excercise

Question 1

Cloud computing is the delivery of computing services using a pay-as-you-go pricing model.Which of the following statements are true of the pay-as-you-go pricing model?

Select all options that apply.

A. You can immediately stop paying for resources that are no longer needed.
B. You rent compute power and storage from someone else’s datacenter.
C. You must pay a fixed fee in advance for all Cloud services.
D. You rent physical hardware such as compute power and storage and maintain them within your own datacenter.

Question 2

Cloud Computing provides several benefits over a physical environment. Which of the following are benefits of cloud computing?

Select all options that apply.

A. Full control
B. Agility
C. Elasticity
D. High availability

Question 3

Which of the following options is not defined as a type of cloud deployment model?

A. Distributed cloud
B. Public cloud
C. Hybrid cloud
D. Private cloud

Question 4

Cloud computing provides computing services over the internet using a pay-as-you-go pricing model. With this model you typically only pay for the cloud services you use. Which of the following are benefits of the pay-as-you-go pricing model?

Select all that apply.

A. Lower operating costs.
B. You can run your infrastructure more efficiently.
C. You can scale as your business needs to change.

Question 5

True or False?
The Azure Portal updates continuously and requires no downtime for maintenance activities.

A. True
B. False

Azure

azure, microsoft

What is Microsoft Azure cloud computing?

Taswar Bhatti January 2, 2023 No Comments

Our industry does not respect tradition – it only respects innovation Satya Nadella

I wanted to start writing about Cloud Computing and I thought it would be best to start with Microsoft Azure which I have been using for many years now. The series can be used by Digital Native or Startup on how to use Cloud Computing, we will go through Microsoft Azure and what it offers to us as a Startup or Digital Native company. But to start with lets ask ourselves a silly question? What is Cloud Computing?

Digital Native Definition

If you are wondering what is Digital Native, its basically a company that got started/born in the cloud, there was no on-prem for it. Think for example Uber, Allbrids, AirBnB, etc

What is Cloud Computing?

Cloud computing is a model for delivering computing services—including servers, storage, databases, networking, software, analytics, and intelligence—over the Internet (the cloud). It allows users to access these services remotely, rather than having to maintain their own infrastructure or purchase and install software on their own computers.

With cloud computing, you can access and use shared computing resources such as servers, storage, and applications through the Internet. The resources are owned and maintained by a cloud provider (some examples Microsoft Azure, Amazon AWS, Google Cloud, etc), which makes them available to you on demand, and you only pay for what you use. Think of it like electricity if you leave your light on, the electric company will charge you, but if you turn it off there is no charge for it.

There are several benefits Cloud computing provides, including:

Cost savings: Users only pay for the resources they use, and can scale up or down as needed, rather than having to invest in and maintain expensive infrastructure.
Flexibility: Cloud computing allows users to access a wide range of services and easily scale up or down as their needs change, rather than being limited by the capabilities of their own infrastructure.
Collaboration: Cloud computing makes it easy for users to collaborate on projects, as they can access the same tools and resources from anywhere with an Internet connection.
Reliability: Cloud providers generally have robust infrastructure and offer service level agreements (SLAs) to ensure uptime.
Security: Cloud providers often have advanced security measures in place to protect users’ data, such as firewalls, intrusion detection systems, and encryption.

What types of cloud computing are there?

There are four main types of cloud computing: public, private, multicloud and hybrid.

Public cloud – This type of cloud is owned and operated by a third-party cloud provider, which makes the resources available to the public over the Internet. Customers pay for what they use no CapEx cost only OpEx, and the provider is responsible for managing the infrastructure and ensuring that it is always available and performing optimally.
Private cloud – This type of cloud is owned and operated by a single organization, and the resources are not shared with any other organizations. A private cloud can be physically located on-premises or off-premises, and it can be managed by the organization itself or by a third-party provider.
Hybrid cloud – This type of cloud combines elements of both public and private clouds, allowing an organization to use the resources that are most suitable for each workload. For example, an organization might use a public cloud for development and testing, and a private cloud for production workloads that require a higher level of security and compliance.
Multi cloud – This type of cloud combines elements of multiple cloud providers, allowing an organization to use the resources that may expand mutliple cloud providers or even running different workload on different providers. For example, a company may have its SAS offering that a customr can choose which cloud provider they wish to use. An example would be ElasticSearch as a service, where one can choose which cloud provider you wish to launch their solution. Another example could be an organization may run majority of their service in one provider but also have a pilot light or warm standby environment ready to lauch in another cloud provider for fail safe issues. Yet another one can be an organization running their main database in one provider but their other workloads in another cloud provider, could be due to data residency or just pricing. The variations of things all depends on the business need.

Pilot Light Definition

The term pilot light is often used to describe a Disaster Recovery scenario in which a minimal version of an environment is always running in the cloud.

Pros and Cons

Each type of cloud has its own benefits and trade-offs, and organizations can choose the type that best fits their needs. How do we know which one to choose, below you can see the benefits and trade-offs of the three types of cloud computing as follows:

Public cloud:

Benefits: Low cost, no upfront investment, pay-as-you-go pricing, scalability, and reliability
Trade-offs: Reduced control and security, potential compliance issues

Private cloud:

Benefits: Greater control and security, tailored infrastructure, potential cost savings for large organizations
Trade-offs: Higher upfront investment, more complex to set up and manage, may require specialized skills and resources

Hybrid cloud:

Benefits: Flexibility, ability to use the best resources for each workload, potential cost savings
Trade-offs: More complex to set up and manage, may require specialized skills and resources, potential security and compliance issues

Multi cloud:

Benefits: You are not locked into just one vendor, if any issue happens at on vendor downtime your system can still be up since another vendor would mostly likley not be affected.
Trade-offs: The most complex of all, and not to mention the pricing it will be the most expensive due to the fact most of the time you will not be able to take advantage of the services most cloud provider provides, e.g Functions as a service, etc. You will also need to have IT people who are well versed in multiple cloud providers and those people are hard to come by.

I also wanted to mention that there are three main types of cloud computing: infrastructure as a service (IaaS), platform as a service (PaaS), and software as a service (SaaS). We will go over this more in details later but let's first go over a fundamental thing about cloud computing called Shared Responsbility Model.

What is Shared Responsbility Model?

In cloud computing, the concept of shared responsibility refers to the way that responsibilities are divided between the cloud provider and the customer for the operation and maintenance of the cloud environment.

The cloud provider is responsible for the infrastructure and hardware, as well as for the availability, performance, and security of the underlying cloud services. The customer, on the other hand, is responsible for managing and securing their applications, data, and operating system, as well as for complying with any relevant laws and regulations.

This model of shared responsibility is designed to allow customers to take advantage of the benefits of cloud computing while still maintaining control over their own applications and data. It is important for customers to understand their responsibilities and to ensure that they are properly fulfilling them in order to effectively use and secure their cloud environment.

The specifics of the shared responsibility model can vary depending on the type of cloud service being used and the specific terms of the service agreement. It is important for customers to carefully review the service agreement and to understand the specific responsibilities that are being shared in their particular cloud environment.

Additional resources on Microsoft Shared Responsbility are below:

Microsoft Learn Shared Responsibility and additional resources at Microsoft Learn Shared Responsibility Whitepaper

Conclusion

What we learned today was what really defines cloud computing, what are the types of cloud computing, their pros and cons and also shared responsbilit. I will go more into details of IaaS, PaaS and SaaS the models that Cloud Computing offers.

Excercise

Question 1

Which cloud approach is used by organizations to take full advantage of on-premises technology investments and allows data and applications to be shared between two environments?

A. Public cloud
B. Private cloud
C. Hybrid cloud
D. On-premises datacenter

Question 2

Your company has hundreds of servers hosted in their on-premises environment. The company plan to migrate some of the servers to an Azure pay-as-you-go-subscription. Which of the given expenditure model would you suggest in this case?

A. Public cloud
B. Azure Reservations
C. Operating expenditure
D. Capital expenditure

Question 3

You have an on-premises network that contains 100 servers. You need to recommend a solution that provides additional resources to your users. The solution must minimize capital and operational expenditure costs.

What should you include in the recommendation?

A. a complete migration to the public cloud
B. an additional data center
C. a private cloud
D. a hybrid cloud

Question 4

You plan to migrate several servers from an on-premises network to Azure. What is an advantage of using a public cloud service for the servers over an on-premises network?

A. The public cloud is owned by the public, NOT a private corporation
B. The public cloud is a crowd-sourcing solution that provides corporations with the ability to enhance the cloud
C. All public cloud resources can be freely accessed by every member of the public
D. The public cloud is a shared entity whereby multiple corporations each use a portion of the resources in the cloud

Question 5

In which type of cloud model are all the hardware resources owned by a third-party and shared between multiple tenants?

A. private
B. hybrid
C. public

Azure

azure, startups

Numerical Types in Rust with VSCode

Taswar Bhatti September 28, 2021 No Comments

I wanted to talk about basic types in Rust. Lets begin with Numerical Types in Rust, since Rust is a statically typed language, which means that it must know the types of all variables at compile time. I will talk about number types that are built into the language.

Numerical Types

Numerical values are divided into Integer Types and Floating-point type. A simple numerical type can be signed integer types or unsigned integer types.

Signed integer types start with i instead of u

Integer Data types are listed below:

i8 : The 8-bit signed integer type.
i16 : The 16-bit signed integer type.
i32 : The 32-bit signed integer type.
i64 : The 64-bit signed integer type.
u8 : The 8-bit unsigned integer type.
u16 : The 16-bit unsigned integer type.
u32 : The 32-bit unsigned integer type.
u64 : The 64-bit unsigned integer type.
isize : The pointer-sized signed integer type.
usize : The pointer-sized unsigned integer type.

Type	MAX	MIN
i8	127	-128
i16	32767	-32768
i32	2147483647	-2147483648
i64	9223372036854775807	-9223372036854775808
i128	170141183460469231731687303715884105727	-170141183460469231731687303715884105728
u8	0	255
u16	0	65535
u32	0	4294967295
u64	0	18446744073709551615
u128	0	340282366920938463463374607431768211455

let a = 100; // The default integer type in Rust is i32
let b: i8 = -128; //explicitly telling it will be an i8 type
let x = 2i8; // Equals to `let x: i8 = 2;` personally I don't like this way of, I prefer the previous statement rather

1

2

3

let a = 100; // The default integer type in Rust is i32

let b: i8 = -128; //explicitly telling it will be an i8 type

let x = 2i8; // Equals to `let x: i8 = 2;` personally I don't like this way of, I prefer the previous statement rather

Floating Point data types are simplier, there is only 2 types.

f32 : The 32-bit floating point type.
64 : The 64-bit floating point type.

let x = 1.5; // The default float type in Rust is f64
let y: f32 = 2.0; // setting default to f32

1 2	let x = 1.5; // The default float type in Rust is f64 let y: f32 = 2.0; // setting default to f32

Summary

This was a short intro to the numerical values and the limits of each value in Rust.

Rust, VSCode

rust, rustlang, vscode

Functions in Rust with VSCode

Taswar Bhatti September 21, 2021 No Comments

Continuting on from where we left off, in this post I will refactor my code to use a function such that I can reuse my code later on. I will showcase how to write Functions in Rust with VSCode.

Intro

If we look at our previous post we have a very simple main function and it is just getting user input and then it outputs it with the println method. Its not one of the most elegant code but we we taking baby steps here. As a preview of our code code, it looks like below.

use std::io::stdin;
fn main() {
    let mut name = String::new();
    println!("Please enter your name >");
    stdin().read_line(&mut name).expect("Failed input");
    println!("Hello {}", name);
}

1

2

3

4

5

6

7

use std::io::stdin;

fn main() {

let mut name = String::new();

println!("Please enter your name >");

stdin().read_line(&mut name).expect("Failed input");

println!("Hello {}", name);

}

Now we would like to extract the read_line into its own function, the way we will do it is like below, I will explain in details after the code sample.

use std::io::stdin;

fn get_name() -> String {
    let mut name = String::new();    
    stdin()
    .read_line(&mut name)
    .expect("Failed input");
    name.trim().to_string()
}

fn main() {    
    println!("Please enter your name: ");
    let name = get_name();
    println!("Hello {}", name);
}

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

use std::io::stdin;

fn get_name() -> String {

let mut name = String::new();

stdin()

.read_line(&mut name)

.expect("Failed input");

name.trim().to_string()

}

fn main() {

println!("Please enter your name: ");

let name = get_name();

println!("Hello {}", name);

}

What I have done is create a function with the fn keyword and named it get_name, afterwards you see a -> character which tells the function that it will be returning a String.

You do not need a return statement in Rust the last value in the function acts as a return value

I have also called the trim function, the only issue is it returns a str rather than a String so I have to call to_string() in order to convert it back to String.

pub fn trim(&self) -> &str
Returns a string slice with leading and trailing whitespace removed.

If we run the program we will see this kind of output.

$ cargo run -q
Please enter your name: 
Taswar
Hello Taswar

1

2

3

4

$ cargo run -q

Please enter your name:

Taswar

Hello Taswar

Now I dont know if you are like me, but I don’t like the output of this code, the input readline is right after the print statement. I would like to have the input right at the first line where it states “Pleaes enter your name:”. Let’s try to modify our code so that we can get the input in the same line.

use std::io::stdin;
use std::io::{self, Write};

fn get_name() -> String {
    let mut name = String::new();    
    stdin()
    .read_line(&mut name)
    .expect("Failed input");
    name.trim().to_string()
}

fn main() {    
    print!("Please enter your name: ");
    io::stdout().flush().unwrap();

    let name = get_name();
    println!("Hello {}", name);
}

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

use std::io::stdin;

use std::io::{self, Write};

fn get_name() -> String {

let mut name = String::new();

stdin()

.read_line(&mut name)

.expect("Failed input");

name.trim().to_string()

}

fn main() {

print!("Please enter your name: ");

io::stdout().flush().unwrap();

let name = get_name();

println!("Hello {}", name);

}

What you see is I have first imported std::io::{self, Write};. So what this does is it imports std::io; and also use std::io::Write;. Therefore we can use the call for io::stdout().flush().unwrap();, since we imported std::io also.

Now if we run the program, we will get the code formatted in the way we want to.

$ cargo run -q
Please enter your name: Taswar
Hello Taswar

1

2

3

$ cargo run -q

Please enter your name: Taswar

Hello Taswar

Summary

So we have seen how to refactor our code into a function and in our next section lets build on this concept but change it to a game as simple as Rock, Paper, Scissors.

Rust, VSCode

rust, rustlang, vscode

Capturing User Input in Rust with VSCode

Taswar Bhatti September 15, 2021 No Comments

In this post we are going to take our baby steps in learning Rust and the simple example of a hello world would not just cut it. We will now introduce how to Capturing User Input in Rust.

Intro

To get started we will use our trusty cargo package manager again to create a new project for us. If you have not used cargo yet, please look back at my previous post on how to setup cargo.

$cargo new hellouser

1	$cargo new hellouser

This will create a file system looking like below.

.
├── Cargo.lock
├── Cargo.toml
├── src
│   └── main.rs
└── target
    ├── CACHEDIR.TAG
    ├── debug
    └── rls

1

2

3

4

5

6

7

8

9

.

├── Cargo.lock

├── Cargo.toml

├── src

│ └── main.rs

└── target

├── CACHEDIR.TAG

├── debug

└── rls

We will open the main.rs file and modify it. We will add a variable to hold the value of the username. One thing to remember is Rust variables default to being immutable. Once an immutable variable is assigned, you cannot change the value stored in the variable. There is also a way to explicity to make a variable as mutable and you will need to use the mut keyword for that. So lets try to add a varible named “name” like the code below.

fn main() {
    let mut name = String::new();
    println!("Please enter your name>");
}

1

2

3

4

fn main() {

let mut name = String::new();

println!("Please enter your name>");

}

As you can see above we have defined a variable using the let keyword and we have also defined it as mut so that is is mutable i.e change its value after creation.

You may have also noticed something as in String::new, this is how you defined a String which is a growable, heap-allocated data structure. There is also a type in Rust called str which is an immutable fixed-length UTF-8 bytes of dynamic length string somewhere in memory. If you come from a C++ or C programming lang you can think of String like std::string and str as char*, if that helps.

Getting input from terminal

Now onto how to capture input, inorder to get input one has to use the stdin library of Rust. Rust provides terminal input functions in std::io::stdin. There is a read_line function in stdin, and we need to use the use keyword to import the functionality into our program. Below is how our Rust program will look like.

use std::io::stdin;
fn main() {
    let mut name = String::new();
    println!("Please enter your name >");
    stdin().read_line(&mut name).expect("Failed input");
    println!("Hello {}", name);
}

1

2

3

4

5

6

7

use std::io::stdin;

fn main() {

let mut name = String::new();

println!("Please enter your name >");

stdin().read_line(&mut name).expect("Failed input");

println!("Hello {}", name);

}

So what we have done here is we are using the stdin() whcih returns an object granting access to the Standard Input. Afterwards we have called the read_line method passing in a Borrow variable with the & sign which allows changes to be made to the variable by the function. In this case we have passed in name as a Borrow variable, which creates a reference to the variable. (I will cover Borrow in later topics).

Afterwards we also have an expect function which if the program crashes Rust returns a Result object, basically you are checking that the function worked by calling expect. Lastly we are using placeholders to print the value of name. Now lets try to run the program.

$ cargo run
    Finished dev [unoptimized + debuginfo] target(s) in 0.00s
     Running `target/debug/hellouser`
Please enter your name >
Taswar
Hello Taswar
&nbsp;

1

2

3

4

5

6

7

$ cargo run

Finished dev [unoptimized + debuginfo] target(s) in 0.00s

Running `target/debug/hellouser`

Please enter your name >

Taswar

Hello Taswar

As you can see above I have enter my name “Taswar” and it outputs “Hello Taswar” with a newline aftewards. We can use the trim function in String to remove it but for that I will cover in the next section of how to write a function around the input.

Summary

In this post we learned how to read user input in a terminal in Rust, in the next section we will refactor and cover how to write functions in Rust.

Rust, VSCode

rust, rust lang, vscode

Writing and Running Intergration Tests with Rust in VSCode

Taswar Bhatti September 8, 2021 No Comments

In this post I will go over how to write Unit test for your Rust application. We will continue with where we left off with the hello world program and see what Rust has to offer us in unit testing. Note: I will be Writing and Running Intergration Tests with Rust in VSCode.

Creating Rust test directory

#install the pre req
$ mkdir tests
$ touch tests/hello_tests.rs

1

2

3

#install the pre req

$ mkdir tests

$ touch tests/hello_tests.rs

Our directory would look something like below.

.
├── Cargo.lock
├── Cargo.toml
├── src
│   └── main.rs
├── target
│   ├── CACHEDIR.TAG
│   ├── debug
│   └── rls
└── tests
    └── hello_tests.rs

5 directories, 5 files

1

2

3

4

5

6

7

8

9

10

11

12

13

.

├── Cargo.lock

├── Cargo.toml

├── src

│ └── main.rs

├── target

│ ├── CACHEDIR.TAG

│ ├── debug

│ └── rls

└── tests

└── hello_tests.rs

5 directories, 5 files

In our hellow_tests.rs file we will add the code like below, if you are coming from a C# or Java background, Rust also uses Attribute for test so it will look quite familiar, using # tag followed by [test] brackets. We are using assert! just to pass this test.

#[test]
fn test_hello_output() {
  assert!(true);
}

1

2

3

4

#[test]

fn test_hello_output() {

assert!(true);

}

To run the test we can run the cargo test command like below.

$ cargo test
   Compiling hello v0.1.0 (/home/taswar/hello)
    Finished test [unoptimized + debuginfo] target(s) in 1.51s
     Running unittests (target/debug/deps/hello-b89e93aae08f04d4)

running 0 tests

test result: ok. 0 passed; 0 failed; 0 ignored; 0 measured; 0 filtered out; finished in 0.00s

     Running tests/hello_tests.rs (target/debug/deps/hello_tests-8e52de7efe492fbd)

running 1 test
test test_hello_output ... ok

test result: ok. 1 passed; 0 failed; 0 ignored; 0 measured; 0 filtered out; finished in 0.00s

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

$ cargo test

Compiling hello v0.1.0 (/home/taswar/hello)

Finished test [unoptimized + debuginfo] target(s) in 1.51s

Running unittests (target/debug/deps/hello-b89e93aae08f04d4)

running 0 tests

test result: ok. 0 passed; 0 failed; 0 ignored; 0 measured; 0 filtered out; finished in 0.00s

Running tests/hello_tests.rs (target/debug/deps/hello_tests-8e52de7efe492fbd)

running 1 test

test test_hello_output ... ok

test result: ok. 1 passed; 0 failed; 0 ignored; 0 measured; 0 filtered out; finished in 0.00s

If you remember we had our program output a simple println statement with Hello, world!, so our test needs to check the output of our program. In order to do so we will introduce a new cargo package into your system.

Lets modify our project dependency and use crate assert_cmd to find the program in our crate directory.

Adding development dependency to Cargo.toml

Open the file Cargo.toml and add the dev dependency like below.

[package]
name = "hello"
version = "0.1.0"
edition = "2021"

# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html

[dependencies]

[dev-dependencies]
assert_cmd = "1"

1

2

3

4

5

6

7

8

9

10

11

[package]

name = "hello"

version = "0.1.0"

edition = "2021"

# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html

[dependencies]

[dev-dependencies]

assert_cmd = "1"

Now we will need to modify our hellow_tests.rs file we will add the usage of the assert_cmd package.

use assert_cmd::Command;

#[test]
fn test_hello_output() {
    let mut program = Command::cargo_bin("hello").unwrap();
    program.assert().success().stdout("Hello, world!");
}

1

2

3

4

5

6

7

use assert_cmd::Command;

#[test]

fn test_hello_output() {

let mut program = Command::cargo_bin("hello").unwrap();

program.assert().success().stdout("Hello, world!");

}

Above you will see that I am using assert_cmd and have changed some of the code to use the Command library. In the above code you will also see I am using a strange variable naming “let mut”. You may wonder what that is?

let mut what is that?

So variables in Rust are immutable by default, and require the mut keyword to be made mutable here. I am also using cargo_bin so that it can automatically find the output of the hello world program.

Unwrap what is that?

You also see I am calling a function called unwrap, so unwrap() is used here to handle the errors quickly in our test. It can be used on any function that returns Result or Option (Option is also an enum). If the function returns an Ok(value), you will get the value. If the function returns an Err(error), the program/test will panic. In our case if it does not find the hello program it will be in panic mode.

Next I have used assert with success to find out the command was successful and trying to match the Hello, world! output. If we run this test we will see that it will fail.

$ cargo test
    Finished test [unoptimized + debuginfo] target(s) in 0.03s
     Running unittests (target/debug/deps/hello-06d7198787a084e0)

running 0 tests

test result: ok. 0 passed; 0 failed; 0 ignored; 0 measured; 0 filtered out; finished in 0.00s

     Running tests/hello_tests.rs (target/debug/deps/hello_tests-5abafa31ab2a94f9)

running 1 test
test test_hello_output ... ok

test result: ok. 1 passed; 0 failed; 0 ignored; 0 measured; 0 filtered out; finished in 0.00s

taswar@IST11-800491469:~/hello$ cargo test
    Finished test [unoptimized + debuginfo] target(s) in 0.02s
     Running unittests (target/debug/deps/hello-06d7198787a084e0)

running 0 tests

test result: ok. 0 passed; 0 failed; 0 ignored; 0 measured; 0 filtered out; finished in 0.00s

     Running tests/hello_tests.rs (target/debug/deps/hello_tests-5abafa31ab2a94f9)

running 1 test
test test_hello_output ... FAILED

failures:

---- test_hello_output stdout ----
thread 'test_hello_output' panicked at 'Unexpected stdout, failed diff original var
├── original: Hello, world!
├── diff: 
└── var as str: Hello, world!

command=`"/home/taswar/hello/target/debug/hello"`
code=0
stdout=```"Hello, world!\n"```
stderr=```""```
', /home/taswar/.cargo/registry/src/github.com-1ecc6299db9ec823/assert_cmd-1.0.8/src/assert.rs:124:9
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace


failures:
    test_hello_output

test result: FAILED. 0 passed; 1 failed; 0 ignored; 0 measured; 0 filtered out; finished in 0.00s

error: test failed, to rerun pass '--test hello_tests'

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

$ cargo test

Finished test [unoptimized + debuginfo] target(s) in 0.03s

Running unittests (target/debug/deps/hello-06d7198787a084e0)

running 0 tests

test result: ok. 0 passed; 0 failed; 0 ignored; 0 measured; 0 filtered out; finished in 0.00s

Running tests/hello_tests.rs (target/debug/deps/hello_tests-5abafa31ab2a94f9)

running 1 test

test test_hello_output ... ok

test result: ok. 1 passed; 0 failed; 0 ignored; 0 measured; 0 filtered out; finished in 0.00s

taswar@IST11-800491469:~/hello$ cargo test

Finished test [unoptimized + debuginfo] target(s) in 0.02s

Running unittests (target/debug/deps/hello-06d7198787a084e0)

running 0 tests

test result: ok. 0 passed; 0 failed; 0 ignored; 0 measured; 0 filtered out; finished in 0.00s

Running tests/hello_tests.rs (target/debug/deps/hello_tests-5abafa31ab2a94f9)

running 1 test

test test_hello_output ... FAILED

failures:

---- test_hello_output stdout ----

thread 'test_hello_output' panicked at 'Unexpected stdout, failed diff original var

├── original: Hello, world!

├── diff:

└── var as str: Hello, world!

command=`"/home/taswar/hello/target/debug/hello"`

code=0

stdout=```"Hello, world!\n"```

stderr=```""```

', /home/taswar/.cargo/registry/src/github.com-1ecc6299db9ec823/assert_cmd-1.0.8/src/assert.rs:124:9

note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

failures:

test_hello_output

test result: FAILED. 0 passed; 1 failed; 0 ignored; 0 measured; 0 filtered out; finished in 0.00s

error: test failed, to rerun pass '--test hello_tests'

One may wonder what is wrong with it, so basically what we are missing is the newline character in our test \n in our stdout, so lets modify our test code and add the newline character.

use assert_cmd::Command;

#[test]
fn test_hello_output() {
    let mut program = Command::cargo_bin("hello").unwrap();
    program.assert().success().stdout("Hello, world!\n");
}

1

2

3

4

5

6

7

use assert_cmd::Command;

#[test]

fn test_hello_output() {

let mut program = Command::cargo_bin("hello").unwrap();

program.assert().success().stdout("Hello, world!\n");

}

Now the output of our test should be passing.

cargo test
   Compiling hello v0.1.0 (/home/taswar/hello)
    Finished test [unoptimized + debuginfo] target(s) in 1.39s
     Running unittests (target/debug/deps/hello-06d7198787a084e0)

running 0 tests

test result: ok. 0 passed; 0 failed; 0 ignored; 0 measured; 0 filtered out; finished in 0.00s

     Running tests/hello_tests.rs (target/debug/deps/hello_tests-5abafa31ab2a94f9)

running 1 test
test test_hello_output ... ok

test result: ok. 1 passed; 0 failed; 0 ignored; 0 measured; 0 filtered out; finished in 0.00s

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

cargo test

Compiling hello v0.1.0 (/home/taswar/hello)

Finished test [unoptimized + debuginfo] target(s) in 1.39s

Running unittests (target/debug/deps/hello-06d7198787a084e0)

running 0 tests

test result: ok. 0 passed; 0 failed; 0 ignored; 0 measured; 0 filtered out; finished in 0.00s

Running tests/hello_tests.rs (target/debug/deps/hello_tests-5abafa31ab2a94f9)

running 1 test

test test_hello_output ... ok

test result: ok. 1 passed; 0 failed; 0 ignored; 0 measured; 0 filtered out; finished in 0.00s

Summary

I understand the fact that this is a very brittle test checking the output of our program to match a certain string. The idea of this is for you to learn how to write simple unit test in Rust and how the ecosystem works. I hope this helps in your journey, we will continue on our learning Rust journey to write simple unix/linux command line tools and built upon that.

Rust, VSCode

rust, vscode

Learning Rust with VSCode

Taswar Bhatti September 1, 2021 No Comments

I recently started to look into Rust and found it quite interesting and fun to work with, reminded me of working a bit like go and C lang. Thus I though it would be good to go through a blog series on of learning Rust with VSCode.

I will be using WSL Ubuntu 20.04.3 LTS for my development. If you are not using WSL yet, it allows you to have a linux terminal right inside of your windows desktop. Windows Subsystem for Linux 2) allows users to run a Linux VM inside windows and gives a near native Linux experience.

Installing Rust

Lets install Rust in your Ubuntu environment.

#install the pre req
$ sudo apt install build-essential 

#Install Rust select 1 and Proceed with installation (default)
$ curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh

1

2

3

4

5

#install the pre req

$ sudo apt install build-essential

#Install Rust select 1 and Proceed with installation (default)

$ curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh

The output of the command would look like below.

info: downloading installer

Welcome to Rust!

This will download and install the official compiler for the Rust
programming language, and its package manager, Cargo.

Rustup metadata and toolchains will be installed into the Rustup
home directory, located at:

  /home/taswar/.rustup

This can be modified with the RUSTUP_HOME environment variable.

The Cargo home directory located at:

  /home/taswar/.cargo

This can be modified with the CARGO_HOME environment variable.

The cargo, rustc, rustup and other commands will be added to
Cargo's bin directory, located at:

  /home/taswar/.cargo/bin

This path will then be added to your PATH environment variable by
modifying the profile files located at:

  /home/taswar/.profile
  /home/taswar/.bashrc

You can uninstall at any time with rustup self uninstall and
these changes will be reverted.

Current installation options:


   default host triple: x86_64-unknown-linux-gnu
     default toolchain: stable (default)
               profile: default
  modify PATH variable: yes

1) Proceed with installation (default)
2) Customize installation
3) Cancel installation
>1

info: profile set to 'default'
info: default host triple is x86_64-unknown-linux-gnu
info: syncing channel updates for 'stable-x86_64-unknown-linux-gnu'
info: latest update on 2022-01-20, rust version 1.58.1 (db9d1b20b 2022-01-20)
info: downloading component 'cargo'
info: downloading component 'clippy'
info: downloading component 'rust-docs'
 18.9 MiB /  18.9 MiB (100 %)  10.2 MiB/s in  1s ETA:  0s
info: downloading component 'rust-std'
 25.0 MiB /  25.0 MiB (100 %)  10.4 MiB/s in  2s ETA:  0s
info: downloading component 'rustc'
 53.2 MiB /  53.2 MiB (100 %)  10.2 MiB/s in  6s ETA:  0s
info: downloading component 'rustfmt'
info: installing component 'cargo'
info: installing component 'clippy'
info: installing component 'rust-docs'
 18.9 MiB /  18.9 MiB (100 %)   6.1 MiB/s in  3s ETA:  0s
info: installing component 'rust-std'
 25.0 MiB /  25.0 MiB (100 %)   8.8 MiB/s in  2s ETA:  0s
info: installing component 'rustc'
 53.2 MiB /  53.2 MiB (100 %)   9.2 MiB/s in  5s ETA:  0s
info: installing component 'rustfmt'
info: default toolchain set to 'stable-x86_64-unknown-linux-gnu'

  stable-x86_64-unknown-linux-gnu installed - rustc 1.58.1 (db9d1b20b 2022-01-20)


Rust is installed now. Great!

To get started you may need to restart your current shell.
This would reload your PATH environment variable to include
Cargo's bin directory ($HOME/.cargo/bin).

To configure your current shell, run:
source $HOME/.cargo/env

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

info: downloading installer

Welcome to Rust!

This will download and install the official compiler for the Rust

programming language, and its package manager, Cargo.

Rustup metadata and toolchains will be installed into the Rustup

home directory, located at:

/home/taswar/.rustup

This can be modified with the RUSTUP_HOME environment variable.

The Cargo home directory located at:

/home/taswar/.cargo

This can be modified with the CARGO_HOME environment variable.

The cargo, rustc, rustup and other commands will be added to

Cargo's bin directory, located at:

/home/taswar/.cargo/bin

This path will then be added to your PATH environment variable by

modifying the profile files located at:

/home/taswar/.profile

/home/taswar/.bashrc

You can uninstall at any time with rustup self uninstall and

these changes will be reverted.

Current installation options:

default host triple: x86_64-unknown-linux-gnu

default toolchain: stable (default)

profile: default

modify PATH variable: yes

1) Proceed with installation (default)

2) Customize installation

3) Cancel installation

>1

info: profile set to 'default'

info: default host triple is x86_64-unknown-linux-gnu

info: syncing channel updates for 'stable-x86_64-unknown-linux-gnu'

info: latest update on 2022-01-20, rust version 1.58.1 (db9d1b20b 2022-01-20)

info: downloading component 'cargo'

info: downloading component 'clippy'

info: downloading component 'rust-docs'

18.9 MiB / 18.9 MiB (100 %) 10.2 MiB/s in 1s ETA: 0s

info: downloading component 'rust-std'

25.0 MiB / 25.0 MiB (100 %) 10.4 MiB/s in 2s ETA: 0s

info: downloading component 'rustc'

53.2 MiB / 53.2 MiB (100 %) 10.2 MiB/s in 6s ETA: 0s

info: downloading component 'rustfmt'

info: installing component 'cargo'

info: installing component 'clippy'

info: installing component 'rust-docs'

18.9 MiB / 18.9 MiB (100 %) 6.1 MiB/s in 3s ETA: 0s

info: installing component 'rust-std'

25.0 MiB / 25.0 MiB (100 %) 8.8 MiB/s in 2s ETA: 0s

info: installing component 'rustc'

53.2 MiB / 53.2 MiB (100 %) 9.2 MiB/s in 5s ETA: 0s

info: installing component 'rustfmt'

info: default toolchain set to 'stable-x86_64-unknown-linux-gnu'

stable-x86_64-unknown-linux-gnu installed - rustc 1.58.1 (db9d1b20b 2022-01-20)

Rust is installed now. Great!

To get started you may need to restart your current shell.

This would reload your PATH environment variable to include

Cargo's bin directory ($HOME/.cargo/bin).

To configure your current shell, run:

source $HOME/.cargo/env

To verify your install try this command

$ source $HOME/.cargo/env
$ rustc --version
rustc 1.58.1 (db9d1b20b 2022-01-20)

1

2

3

$ source $HOME/.cargo/env

$ rustc --version

rustc 1.58.1 (db9d1b20b 2022-01-20)

Before we jump into VSCode, lets just try to create a simple hello world first in the most basic way without cargo (rust build manager, like npm).

Simple Hello World

Open a file and call it hello.rs and paste the code into it. You can use nano or vi or vim.

fn main() {
  println!("Hello, world!");
}

1

2

3

fn main() {

println!("Hello, world!");

}

We can then compile with rustc and it will create an executable that your computer can execute/

$ rustc hello.rs
$ ./hello
Hello, world!

1

2

3

$ rustc hello.rs

$ ./hello

Hello, world!

Creating and Running a Project with Cargo

Lets create a new project with cargo. You may wonder what is cargo. Cargo is the Rust package manager. Cargo downloads your Rust package’s dependencies, compiles your packages, makes distributable packages, and uploads them to crates.io, the Rust community’s package registry. We will execute on your shell prompt like below and look inside the directory.

$ cargo new hello
     Created binary (application) `hello` package
#it creates a directory called hello
#lets take a look inside the dir
$ cd hello
$ tree
.
├── Cargo.toml
└── src
    └── main.rs

1 directory, 2 files

1

2

3

4

5

6

7

8

9

10

11

12

$ cargo new hello

Created binary (application) `hello` package

#it creates a directory called hello

#lets take a look inside the dir

$ cd hello

$ tree

.

├── Cargo.toml

└── src

└── main.rs

1 directory, 2 files

What is this Cargo.toml

Cargo.toml is a configuration file for the project. The extension .toml stands for Tom’s Obvious, Minimal Language. Lets take a look at the file

$ cat Cargo.toml
[package]
name = "hello"
version = "0.1.0"
edition = "2021"

# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html

[dependencies]

1

2

3

4

5

6

7

8

9

$ cat Cargo.toml

[package]

name = "hello"

version = "0.1.0"

edition = "2021"

# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html

[dependencies]

We also have the main.rs file, let’s take a look inside that file also, we will see that it looks similar to our hello world from before. Cargo has created a hello world sample for us.

$ cat src/main.rs
fn main() {
    println!("Hello, world!");
}

1

2

3

4

$ cat src/main.rs

fn main() {

println!("Hello, world!");

}

This time rather than using rustc to compile the program, we will use cargo run to compile the source code and run it in one command:

$ cargo run
   Compiling hello v0.1.0 (/home/taswar/hello)
    Finished dev [unoptimized + debuginfo] target(s) in 0.64s
     Running `target/debug/hello`
Hello, world!

1

2

3

4

5

$ cargo run

Compiling hello v0.1.0 (/home/taswar/hello)

Finished dev [unoptimized + debuginfo] target(s) in 0.64s

Running `target/debug/hello`

Hello, world!

The first three lines are information about what Cargo is doing. We can also use cargo run -q to make the output to be quiet.

What about VSCode?

So we can just type code . in your terminal it will launch vscode for us and we can then go into the extension section and install rust and rust-analyzer.

Install Rust Extension

rust-extension-vscode

Run Rust in VSCode

If you install rust analyzer then you will see the Run and Debug command ontop of your code where you can click on the run command to run Rust like below.

Run_Rust_In_VSCode

Here is the output that will show on your terminal.

Output_Rust_Terminal

Summary

So here is a quick summary of how to get Rust to run with vscode, in the next sections I will go through more learning of Rust and how to have fun with it.

Rust, VSCode

rust, rust lang, vscode

Using AWS CDK to create IAM roles with C#

Taswar Bhatti April 20, 2021 No Comments

In this section we will talk about Identity and Access Management – IAM in short. I will show you an example of using AWS CDK to create IAM roles with C# and extending our current solution so that an IAM Role is ready with the correct permission to use. We will mainly focus on IAM Role and Policy. But first….

What is IAM?

AWS Identity and Access Management (IAM) enables you to manage access to AWS services and resources securely. Using IAM, you can create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources. IAM can help securely control individual and group access to your AWS resources. You can create and manage user identities, or IAM users, roles, policies and grant permissions for them to access the resources you wish to give permission to.

Additional things IAM Allows

Manage IAM users and their access – You can create users in IAM, assign them individual security credentials (in other words, access keys, passwords, and multi-factor authentication devices), or request temporary security credentials to provide users access to AWS services and resources. You can manage permissions in order to control which operations a user can perform.
Manage IAM roles and their permissions – You can create roles in IAM and manage permissions to control which operations can be performed by the entity, or AWS service, that assumes the role. You can also define which entity is allowed to assume the role. In addition, you can use service-linked roles to delegate permissions to AWS services that create and manage AWS resources on your behalf.
Manage federated users and their permissions – You can enable identity federation to allow existing identities (users, groups, and roles) in your enterprise to access the AWS Management Console, call AWS APIs, and access resources, without the need to create an IAM user for each identity. Use any identity management solution that supports SAML 2.0, or use one of our federation samples (AWS Console SSO or API federation).

(Additional information at: https://aws.amazon.com/iam/)

IAM Roles

In our case we wish to grant our applications that will run on an Amazon EC2 instances access to AWS resources. This is where IAM roles comes into play and allow you to delegate access to users or services, IAM Roles are intended to be assumable by anyone who needs it including IAM users, AWS services including machines and applications in our case. One can assume a role to obtain temporary security credentials that can be used to make AWS API calls. Note that IAM roles are not associated with a specific user or group, instead a trusted entities assume the roles, such as IAM users, applications, or AWS services. The best part of IAM Role is that you don’t have to share long-term credentials or define permissions for each entity that requires access to a resource. Isn’t that cool?

IAM Policy

Now that we understand an IAM Role, but how do we write rules etc for that role? This is where IAM Policy comes in, a policy is an object with identity or resource, defining their permissions one can also associate with 1-N Roles of a policy. Best practices is to use multiple policy since they are free. AWS IAM evaluates the policies when an IAM principal (a user, role, or group) makes a request. Permissions in the policies attached to the entity determine whether the request is allowed or denied. Policies are writting in json format, and one tip is when you are reading a policy always use the EPRAC format to evaluate it.

E is for Effect of the policy
P is for Principle of the policy (a user, role, or group)
R is for Resources of the policy (a service etc)
A is for Action of the policy (Allow or deny)
C is for Conditions of the policy, matching some condition ip address or require MFA etc

(For more info read: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html)

Two types of policies

There are two types of policies one is managed policy and also an inline policy.

Managed Policy – has a name and can be attach to multiple users, group or roles. Think shareable policy, AWS has predefined policy in the system already that one can use.
Inline Policy – a policy that is embedded in an IAM identity (a user, role, or group) only, you cannot share it.

Show me some code now please

Sorry to bore you with all the details but those roles and policy are important and when things don’t work they could be culprits of them. But in any case we will be adding IAM to our solution now, check out the diagram below. You will notice that IAM is outside our VPC, since IAM is a global service it will be out side and we will attach the role inside to the EC2 machine in our later post.

AWS CDK IAM Role

Now our stack we will look like this now

using Amazon.CDK;
using Amazon.CDK.AWS.EC2;
using Amazon.CDK.AWS.IAM;
using Amazon.CDK.AWS.RDS;
using Amazon.CDK.AWS.SSM;

namespace CdkIAMSample
{
    public class CdkIAMSampleStack : Stack
    {
        internal CdkIAMSampleStack(Construct scope, string id, IStackProps props = null) : base(scope, id, props)
        {
            var vpc = new Vpc(this, "MyVpcSample", new VpcProps
            {
                Cidr = "10.0.0.0/16",
                MaxAzs = 2,
                SubnetConfiguration = new ISubnetConfiguration[]
                {
                    new SubnetConfiguration
                    {
                        CidrMask = 24,
                        SubnetType = SubnetType.PUBLIC,
                        Name = "MyPublicSubnet"
                    },
                    new SubnetConfiguration
                    {
                        CidrMask = 24,
                        SubnetType = SubnetType.PRIVATE,
                        Name = "MyPrivateSubnet"
                    }
                }
            });

            // Create the database
            const int dbPort = 1433;
            
            var db = new DatabaseInstance(this, "DB", new DatabaseInstanceProps
            {
                Vpc = vpc,
                VpcSubnets = new SubnetSelection{ SubnetType = SubnetType.PRIVATE },
                Engine = DatabaseInstanceEngine.SqlServerEx(new SqlServerExInstanceEngineProps { Version = SqlServerEngineVersion.VER_14 }),
                InstanceType = InstanceType.Of(InstanceClass.BURSTABLE2, InstanceSize.MICRO),
                Port = dbPort,
                InstanceIdentifier = "MyDbInstance",
                BackupRetention = Duration.Seconds(0) //not a good idea in prod, for sample it's ok
            });

            _ = new StringParameter(this, "DbSecretsParameter", new StringParameterProps
            {
                Description = "This is the dev env db secret name",
                ParameterName = "/myvpcsampledev/dbsecretsname",
                StringValue = db.Secret.SecretName
            });


            //Create the IAM role
            var appRole = new Role(this, "InstanceRole", new RoleProps
            {
                AssumedBy = new ServicePrincipal("ec2.amazonaws.com"),
                ManagedPolicies = new[]
                {
                    ManagedPolicy.FromAwsManagedPolicyName("AmazonSSMManagedInstanceCore"),
                    ManagedPolicy.FromAwsManagedPolicyName("service-role/AWSCodeDeployRole")
                }
            });

            //attach an inline policy
            appRole.AddToPolicy(new PolicyStatement(new PolicyStatementProps
            {
                Effect = Effect.ALLOW,
                Actions = new[] { "ssm:GetParametersByPath" },
                Resources = new[]
                {
                    Arn.Format(new ArnComponents
                    {
                        Service = "ssm",
                        Resource = "parameter",
                        ResourceName = "myvpcsampledev/*"
                    }, this)
                }
            }));

            //grant the read to the app Role
            db.Secret.GrantRead(appRole);
        }
    }
}

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

using Amazon.CDK;

using Amazon.CDK.AWS.EC2;

using Amazon.CDK.AWS.IAM;

using Amazon.CDK.AWS.RDS;

using Amazon.CDK.AWS.SSM;

namespace CdkIAMSample

{

public class CdkIAMSampleStack : Stack

{

internal CdkIAMSampleStack(Construct scope, string id, IStackProps props = null) : base(scope, id, props)

{

var vpc = new Vpc(this, "MyVpcSample", new VpcProps

{

Cidr = "10.0.0.0/16",

MaxAzs = 2,

SubnetConfiguration = new ISubnetConfiguration[]

{

new SubnetConfiguration

{

CidrMask = 24,

SubnetType = SubnetType.PUBLIC,

Name = "MyPublicSubnet"

},

new SubnetConfiguration

{

CidrMask = 24,

SubnetType = SubnetType.PRIVATE,

Name = "MyPrivateSubnet"

}

});

// Create the database

const int dbPort = 1433;

var db = new DatabaseInstance(this, "DB", new DatabaseInstanceProps

{

Vpc = vpc,

VpcSubnets = new SubnetSelection{ SubnetType = SubnetType.PRIVATE },

Engine = DatabaseInstanceEngine.SqlServerEx(new SqlServerExInstanceEngineProps { Version = SqlServerEngineVersion.VER_14 }),

InstanceType = InstanceType.Of(InstanceClass.BURSTABLE2, InstanceSize.MICRO),

Port = dbPort,

InstanceIdentifier = "MyDbInstance",

BackupRetention = Duration.Seconds(0) //not a good idea in prod, for sample it's ok

});

_ = new StringParameter(this, "DbSecretsParameter", new StringParameterProps

{

Description = "This is the dev env db secret name",

ParameterName = "/myvpcsampledev/dbsecretsname",

StringValue = db.Secret.SecretName

});

//Create the IAM role

var appRole = new Role(this, "InstanceRole", new RoleProps

{

AssumedBy = new ServicePrincipal("ec2.amazonaws.com"),

ManagedPolicies = new[]

{

ManagedPolicy.FromAwsManagedPolicyName("AmazonSSMManagedInstanceCore"),

ManagedPolicy.FromAwsManagedPolicyName("service-role/AWSCodeDeployRole")

}

});

//attach an inline policy

appRole.AddToPolicy(new PolicyStatement(new PolicyStatementProps

{

Effect = Effect.ALLOW,

Actions = new[] { "ssm:GetParametersByPath" },

Resources = new[]

{

Arn.Format(new ArnComponents

{

Service = "ssm",

Resource = "parameter",

ResourceName = "myvpcsampledev/*"

}, this)

}

}));

//grant the read to the app Role

db.Secret.GrantRead(appRole);

}

Build and Deploy

We will again use our good old trusty cdk to deploy the solution.

$dotnet build src
$cdk deploy

1 2	$dotnet build src $cdk deploy

If we check our console we can go to IAM and look at Roles and search for Instance in the search box. You will see something like this depending on your stack name etc.

Cdk Instance Role Generated

If we go into the role you look at the permission we will see an inline policy also attached to the role.

Cdk Instance Role Policy Genearted

Challenges

How do we add/create a managed policy using the CDK?
How do we add a principle to our policy using the CDK?
How do we add a condition to our policy using the CDK?

Summary

I know its a bit boring and dry for IAM but trust me its an important building block of AWS, we went through knowing more about Roles and Policy and how to use AWS CDK to create IAM roles with C#. In our next section I will cover how to create auto scaling groups for our EC2 machines.

Source code: https://github.com/taswar/AWSCDKSamples/tree/main/CdkIAMSample

.NET, AWS, CDK

aws, C#, cdk, iam

Using AWS CDK Parameter Store with C#

Taswar Bhatti April 15, 2021 No Comments

In this section we will talk about Parameter Store what it is and why we would want to use it? I will show you an example of using AWS CDK Parameter Store with C# and extending our current solution.

What is Parameter Store

AWS Parameter Store is actually a capability of AWS Systems Manager. The AWS Parameter store provides secure, hierarchical storage for configuration data management and secrets management. One can store data such as database connection strings, passwords, Amazon Machine Image (AMI) IDs, or even license codes as parameter values. There is also one additional advantage in parameter store where you can store values as plain text or encrypted data since it is also integrated with Secret Manager.
For more info on Parameter Store you can view the AWS Documentation (https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-parameter-store.html)

Why would I want to use it?

From our previous deployment using CDK we saw that the db secret was stored in secret manager but it was a random string that was created something along the line of DBSecretB45K907. When we have multiple environment let’s say staging, testing and prod it will be hard to tell which one is which, since the dbsecrets will all have some random characters in their name, this is where Parameter comes and help. We can store the values in a path like format. e.g /myvpcsampledev/dbsecretsname. Now whenever we need to get the value of the dbsecret in our dev environment we can just refer to parameter store which will in turn use the Secret Manager. Make sense?

There are also additional advantages of Parameter Store

Store configuration data and encrypted strings in hierarchies and track versions.
Use a secure, scalable, hosted secrets management service with no servers to manage.
Improve your security posture by separating your data from your code.
Control and audit access at granular levels.
Store parameters reliably because Parameter Store is hosted in multiple Availability Zones in an AWS Region.

Now I hope you are sold on the idea 🙂 Let’s see how we use it in our CDK code to use Parameter store, later on we will use the same store to get the values.

Side note

Tier: Parameter Store provides two parameter tiers – standard and advanced. While standard tier lets you store up to 10,000 parameters and 4 KB per parameter in value size, advanced tier lets you store up to 100,000 parameters, 8 KB per parameter in value size and allows you to add policies to parameters.

Show me the code

Before showing the nitty gritty details of the code. Let’s see a diagram of what we are building and what we have added.

CDK ParameterStore

As you may wonder the parameter store and secret manager are not in your VPC. The reason is Parameter Store and Secret Manager are global services where they are hosted in multiple regions so think of it as a service you are consuming just like S3 etc rather than having everything inside your VPC. Now let’s look at the code and see what we will add to our Stack.

using Amazon.CDK;
using Amazon.CDK.AWS.EC2;
using Amazon.CDK.AWS.RDS;
using Amazon.CDK.AWS.SSM;

namespace CdkRDSParameterSample
{
    public class CdkRDSParameterSampleStack : Stack
    {
        internal CdkRDSParameterSampleStack(Construct scope, string id, IStackProps props = null) : base(scope, id, props)
        {
            var vpc = new Vpc(this, "MyVpcSample", new VpcProps
            {
                Cidr = "10.0.0.0/16",
                MaxAzs = 2,
                SubnetConfiguration = new ISubnetConfiguration[]
                {
                    new SubnetConfiguration
                    {
                        CidrMask = 24,
                        SubnetType = SubnetType.PUBLIC,
                        Name = "MyPublicSubnet"
                    },
                    new SubnetConfiguration
                    {
                        CidrMask = 24,
                        SubnetType = SubnetType.PRIVATE,
                        Name = "MyPrivateSubnet"
                    }
                }
            });

            const int dbPort = 1433;
            
            var db = new DatabaseInstance(this, "DB", new DatabaseInstanceProps
            {
                Vpc = vpc,
                VpcSubnets = new SubnetSelection{ SubnetType = SubnetType.PRIVATE },
                Engine = DatabaseInstanceEngine.SqlServerEx(new SqlServerExInstanceEngineProps { Version = SqlServerEngineVersion.VER_14 }),
                InstanceType = InstanceType.Of(InstanceClass.BURSTABLE2, InstanceSize.MICRO),
                Port = dbPort,
                InstanceIdentifier = "MyDbInstance",
                BackupRetention = Duration.Seconds(0) //not a good idea in prod, for sample it's ok
            });

            _ = new StringParameter(this, "DbSecretsParameter", new StringParameterProps
            {
                Description = "This is the dev env db secret name",
                ParameterName = "/myvpcsampledev/dbsecretsname",
                StringValue = db.Secret.SecretName
            });
        }
    }
}

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

using Amazon.CDK;

using Amazon.CDK.AWS.EC2;

using Amazon.CDK.AWS.RDS;

using Amazon.CDK.AWS.SSM;

namespace CdkRDSParameterSample

{

public class CdkRDSParameterSampleStack : Stack

{

internal CdkRDSParameterSampleStack(Construct scope, string id, IStackProps props = null) : base(scope, id, props)

{

var vpc = new Vpc(this, "MyVpcSample", new VpcProps

{

Cidr = "10.0.0.0/16",

MaxAzs = 2,

SubnetConfiguration = new ISubnetConfiguration[]

{

new SubnetConfiguration

{

CidrMask = 24,

SubnetType = SubnetType.PUBLIC,

Name = "MyPublicSubnet"

},

new SubnetConfiguration

{

CidrMask = 24,

SubnetType = SubnetType.PRIVATE,

Name = "MyPrivateSubnet"

}

});

const int dbPort = 1433;

var db = new DatabaseInstance(this, "DB", new DatabaseInstanceProps

{

Vpc = vpc,

VpcSubnets = new SubnetSelection{ SubnetType = SubnetType.PRIVATE },

Engine = DatabaseInstanceEngine.SqlServerEx(new SqlServerExInstanceEngineProps { Version = SqlServerEngineVersion.VER_14 }),

InstanceType = InstanceType.Of(InstanceClass.BURSTABLE2, InstanceSize.MICRO),

Port = dbPort,

InstanceIdentifier = "MyDbInstance",

BackupRetention = Duration.Seconds(0) //not a good idea in prod, for sample it's ok

});

_ = new StringParameter(this, "DbSecretsParameter", new StringParameterProps

{

Description = "This is the dev env db secret name",

ParameterName = "/myvpcsampledev/dbsecretsname",

StringValue = db.Secret.SecretName

});

}

Note: ParameterName always starts with a / in front of it.

As you can see above we have just added a string parameter and we have used the db.Secret.SecretName as a StringValue inside of Parameter Store. What is left is for us to build and deploy the solution just like our previous solution with dotnet and cdk.

$ dotnet build src
$ cdk deploy

1 2	$ dotnet build src $ cdk deploy

Once deployed lets look at the console to see how it would look like. Navigate to your CloudFormation screen on AWS Console, click on resources tab and from there find the Parameter store created link. Click on the link and you should be redirected to parameter store and you should see something like below.

ParameterStoreDbSecret

Challenges

What happens when you change the parameter type to an encrypted (secure) string. Can you use SecretString?
What about SimpleValue, what are the differences?
What about StringListValue, what are the differences?
Can we use pattern matching for the ParameterName? (Hint: look at AllowedPattern)
What other attributes can we store in the parameter store for our db object we created

Summary

In the above example we saw how to use Parameter store with our CDK code, in the next section we will cover IAM roles and how we will use them to attach roles to our EC2 machine and database, think of it as a glue to allow security and access permission.

Source code (https://github.com/taswar/AWSCDKSamples/tree/main/CdkRDSParameterSample)

.NET, AWS, C#, CDK

cdk, csharp

Using AWS CDK to create RDS Database Instance with C#

Taswar Bhatti April 12, 2021 No Comments

Now that we have learned how to create a VPC with C# using AWS CDK, let’s talk about how do we create RDS Database Instance with C# using AWS CDK.

What is Amazon RDS?

Amazon Relational Database Service (Amazon RDS) in simple terms is easy to set up, operate, and scale relational database. It provides cost-efficient and resizable capacity while automating time-consuming administration tasks such as hardware provisioning, database setup, patching and backups. When we use Amazon RDS, we can set up, operate, and scale a relational database in the cloud. Amazon RDS also supports several different database engines, including PostgreSQL, MySQL, Oracle, and Microsoft SQL Server.

What do we plan to build?

We will be using Microsoft SQL Server instance in the example below, you can use any other RDS instance of your choice also, but I thought SQL Server would be ideal for .NET developer. Supported Databases include MariaDB, Microsoft SQLServer, Postgres, MySQL and Oracle. For more information refer to (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.DBInstanceClass.html#Concepts.DBInstanceClass.Support)

The architectural diagram below shows that we will place our primary database instance in Availability Zone A inside the private subnet. Amazon RDS requires at least two Availability Zones for fault tolerance, but since we are using Microsoft SQL Server Express engine it doesn’t create a secondary instance.

VPC-subnet-RDS

Tip: When deploying an application in production environment always create a secondary Amazon RDS DB instance in another Availability Zone.

Where is the code

We will first need to use Nuget to install Amazon.CDK.AWS.RDS package. We can either use Visual Studio or the command line to install it into our project. Make sure to have the latest version of it.

PM> Install-Package Amazon.CDK.AWS.RDS

1	PM> Install-Package Amazon.CDK.AWS.RDS

Once installed you can add this code into your Stack class file. In our code based it will be CdkRDSSampleStack.cs.

using Amazon.CDK;
using Amazon.CDK.AWS.EC2;
using Amazon.CDK.AWS.RDS;

namespace CdkRDSSample
{
    public class CdkRDSSampleStack : Stack
    {
        internal CdkRDSSampleStack(Construct scope, string id, IStackProps props = null) : base(scope, id, props)
        {
            var vpc = new Vpc(this, "MyVpcSample", new VpcProps
            {
                Cidr = "10.0.0.0/16",
                MaxAzs = 2,
                SubnetConfiguration = new ISubnetConfiguration[]
                {
                    new SubnetConfiguration
                    {
                        CidrMask = 24,
                        SubnetType = SubnetType.PUBLIC,
                        Name = "MyPublicSubnet"
                    },
                    new SubnetConfiguration
                    {
                        CidrMask = 24,
                        SubnetType = SubnetType.PRIVATE,
                        Name = "MyPrivateSubnet"
                    }
                }
            });

            const int dbPort = 1433;
            
            var db = new DatabaseInstance(this, "DB", new DatabaseInstanceProps
            {
                Vpc = vpc,
                VpcSubnets = new SubnetSelection{ SubnetType = SubnetType.PRIVATE },
                Engine = DatabaseInstanceEngine.SqlServerEx(new SqlServerExInstanceEngineProps { Version = SqlServerEngineVersion.VER_14 }),
                InstanceType = InstanceType.Of(InstanceClass.BURSTABLE2, InstanceSize.MICRO),
                Port = dbPort,
                InstanceIdentifier = "MyDbInstance",
                BackupRetention = Duration.Seconds(0) //not a good idea in prod, for this sample code it's ok
            });
        }
    }
}

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

using Amazon.CDK;

using Amazon.CDK.AWS.EC2;

using Amazon.CDK.AWS.RDS;

namespace CdkRDSSample

{

public class CdkRDSSampleStack : Stack

{

internal CdkRDSSampleStack(Construct scope, string id, IStackProps props = null) : base(scope, id, props)

{

var vpc = new Vpc(this, "MyVpcSample", new VpcProps

{

Cidr = "10.0.0.0/16",

MaxAzs = 2,

SubnetConfiguration = new ISubnetConfiguration[]

{

new SubnetConfiguration

{

CidrMask = 24,

SubnetType = SubnetType.PUBLIC,

Name = "MyPublicSubnet"

},

new SubnetConfiguration

{

CidrMask = 24,

SubnetType = SubnetType.PRIVATE,

Name = "MyPrivateSubnet"

}

});

const int dbPort = 1433;

var db = new DatabaseInstance(this, "DB", new DatabaseInstanceProps

{

Vpc = vpc,

VpcSubnets = new SubnetSelection{ SubnetType = SubnetType.PRIVATE },

Engine = DatabaseInstanceEngine.SqlServerEx(new SqlServerExInstanceEngineProps { Version = SqlServerEngineVersion.VER_14 }),

InstanceType = InstanceType.Of(InstanceClass.BURSTABLE2, InstanceSize.MICRO),

Port = dbPort,

InstanceIdentifier = "MyDbInstance",

BackupRetention = Duration.Seconds(0) //not a good idea in prod, for this sample code it's ok

});

}

In order for us to deploy this code we will again use the command line with cdk to deploy it. You may wonder where will the login and password be for the database, we will talk about that shortly. Remember to have your aws login pre-configured or else cdk deploy will fail, refer to the previous Creating VPC for additional information.

$ dotnet build src
$ cdk deploy

1 2	$ dotnet build src $ cdk deploy

Viewing your information in the AWS Console

Once the cdk process is finished we can login to our AWS console to see what has been deployed so far. Go into the cloudformation section and we should see that our stack should have a CREATE_COMPLETE status like below.

RDS-stack-created

We can then go into the Resource section of the stack and see that our DBSecret for the database has been created and it is actually using AWS SecretManager that contains the details of the login and password. We can also go to our database section in RDS and see our instance is up and running. We will not be able to connect to it from our desktop since it is in a private network and public connection accessibility is set to No.

RDS-SQLServer-MyInstance

Challenges

What if you try to use a different database engine, e.g MariaDB or Postgres what would you change in your code?
What happens when you change the current SQLServer to another version?
The current machine is not powerful for sqlserver. what other instance type are supported to run this?

Summary

This shows how we can easily use AWS CDK to create RDS Database Instance with C#, in the next part we will go over System Manager Parameter Store that one can use to store configurations.

Source code: (https://github.com/taswar/AWSCDKSamples/tree/main/CdkRDSSample)

.NET, AWS, C#, CDK

aws, C#, cdk, csharp

Definitions

IaaS Advantages:

PaaS Advantages:

PaaS Disadvantage

SaaS Advantages:

SaaS Disadvantage

Conclusion

Excercise

What is Cloud Computing?

What types of cloud computing are there?

Pros and Cons

What is Shared Responsbility Model?

Conclusion

Excercise

Numerical Types

Summary

Intro

Summary

Intro

Getting input from terminal

Summary

Creating Rust test directory

Adding development dependency to Cargo.toml

let mut what is that?

Unwrap what is that?

Summary

Installing Rust

Simple Hello World

Creating and Running a Project with Cargo

What is this Cargo.toml

What about VSCode?

Install Rust Extension

Run Rust in VSCode

Summary

What is IAM?

Additional things IAM Allows

IAM Roles

IAM Policy

Two types of policies

Show me some code now please

Build and Deploy

Challenges

Summary

What is Parameter Store

Why would I want to use it?

Side note

Show me the code

Challenges

Summary

What is Amazon RDS?

What do we plan to build?

Where is the code

Viewing your information in the AWS Console

Challenges

Summary

Opinions are my own and not the views of my employer

LinkedIn

My Book

Archives