Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Converting W&B Endpoint from Public to Private #319

Closed
flamarion opened this issue Jan 6, 2025 · 0 comments · May be fixed by #325
Closed

Converting W&B Endpoint from Public to Private #319

flamarion opened this issue Jan 6, 2025 · 0 comments · May be fixed by #325
Assignees
@sanster23

Comments

@flamarion
Copy link
Contributor

flamarion commented Jan 6, 2025
edited
Loading

Objective:

Provide a solution for converting a publicly exposed W&B endpoint deployed using the W&B AWS Terraform Module to a private endpoint within the customer’s cloud environment. The conversion must ensure minimal disruption to existing resources (DB, Bucket...) and no Terraform state drift after the change.

Current Behavior:

Requirements:

  1. Enable Conversion to Private Endpoint:
  • Provide a mechanism to reconfigure the W&B endpoint from public to private without disrupting the existing resources.
  1. Assumptions for the Customer Environment:
  • Private DNS Zone is available.
  • Private Network is set up to support an internal load balancer (preferably an ALB).
  • All clients are properly configured to access W&B through the private endpoint.
  1. Use SSL/TLS with ACM Certificates (to be confirmed):
  • Ensure the internal ALB terminates SSL/TLS using a certificate issued by AWS Certificate Manager (ACM).
    • Create a new one or using an exiting.
  • Requirements for the certificate:
    • It must match the private DNS name of the W&B endpoint.
    • It must be issued and available in the same AWS region as the ALB.
    • Ensure the DNS configuration properly resolves the private DNS name to the ALB’s internal IP address.
    • Traffic between the clients and the internal ALB must be encrypted using the ACM certificate.
  1. Avoid Terraform State Drift:
  • If the implementation uses only Terraform, ensure that the changes are managed entirely through Terraform to avoid manual configurations.
  • If external tools/scripts are needed, they must prevent Terraform from reverting changes after the execution.
  • Scripts should be developed in Golang if applicable.
  1. Flexibility:
  • Preference is given to a Terraform-only solution.
  • If a Terraform-only solution is not feasible, provide a well-documented procedure that includes external scripts.
  1. Testing:
  • Test the conversion process thoroughly in an isolated environment.
  • Validate that the endpoint becomes private, the ACM certificate is applied correctly, and all clients can access the endpoint without disruptions.

Deliverables:

  1. Solution Implementation:
  • A Terraform-only implementation OR
  • A procedure detailing the conversion process with necessary scripts (preferably in Golang).
  1. Documentation:
  • Clear and detailed documentation on how to execute the conversion.
  • Include prerequisites, step-by-step instructions, and expected outcomes.
  1. Testing Instructions (goot to have):
  • Steps to validate the solution in a test environment.
  • Verification checklist to ensure the endpoint is private, SSL/TLS is configured with the ACM certificate, and the system is fully functional.
  1. Avoid Terraform Drift:
  • Ensure that all changes made by the solution remain consistent with the Terraform state.

References:
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sanster23 sanster23

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: Add module to migrate from public dns to private setting wandb/terraform-aws-wandb
2 participants
@sanster23 @flamarion