fuzzbucket
The fuzzbucket
API and fuzzbucket-client
command line tool are intended to
work together to provide humans with a simplified means to perform
"CRUD"-like
operations on ephemeral EC2 instances ("boxes") in a managed VPC.
Additionally, there is a periodic function that will terminate stale boxes.
is this for me?
Maybe.
If you are comfortable with direct access to EC2 via AWS authz for the purpose
of managing instances launched from arbitrary AMIs with anything remotely
resembling complex networking needs, then fuzzbucket
is probably not a good
fit.
If you need your EC2 instances to be running for more than a few hours/days by
default, then fuzzbucket
is probably not what you need.
usage
When working with a deployed fuzzbucket
API, the fuzzbucket-client
may be
used to do all the things:
pip install fuzzbucket-client
fuzzbucket-client --help
As described in this help text, the client tool requires configuration of the
API URL via the following environment variable:
export FUZZBUCKET_URL='https://fuzzbucket.example.com/prod'
If you have access to the API provisioning tooling and resources, this value
is printed at the end of deployment and also available via the
serverless
/sls
tool with npx sls info --stage prod
.
:warning: Without having the serverless
/sls
tooling and necessary AWS
access, you must get this value from someone who does.
Exactly how you choose to manage this environment variable is up to you, such as
by including it in your shell configuration (~/.bashrc
, ~/.zshrc
) or by
using a tool like direnv.
development
Prerequisites for development are:
The just
tool may be installed via brew
on macOS and other ways,
too. Similarly, the yarn
tool may
be installed via brew
on macOS and other ways,
too. The hatch
tool may be
installed via pip
.
Once these prerequisites are available, the default workflow is nearly identical
to what is captured in the github workflow:
just deps
just lint
just test
deployment
Deploying the fuzzbucket
API requires AWS credentials with rights to
create all of the resources managed by the serverless
framework and
additional resources defined in the serverless config.
prerequisites
Define a YAML config file and environment variable to use it via
serverless.yml
, e.g.:
cp -v ./default-config.yml ./my-config.yml
export FUZZBUCKET_CONFIG_prod='my-config.yml'
The copied content of ./default-config.yml
contains
comments about the structure and meaning of the file.
NOTE: Existing deployments may be using a config format and environment
variable of the form that uses the word "custom", e.g.
FUZZBUCKET_CUSTOM_prod=custom-mine.yml
. This format is no longer supported and must be
migrated to the new format via the lint-config
script:
hatch run lint-config ./custom-mine.yml >my-config.yml
export FUZZBUCKET_CONFIG_prod='my-config.yml'
optional IAM role customization
If the IAM role used by the lambda functions requires customization, this may be
done by defining a YAML file and environment variable, e.g.:
cp -v ./default-iam-role-statements.yml ./my-iam-role-statements.yml
export FUZZBUCKET_IAM_ROLE_STATEMENTS_prod='my-iam-role-statements.yml'
optional CloudFormation resource customization
If the CloudFormation resources managed via serverless.yml
require
customization, this may be done by defining a YAML file and environment
variable, e.g.:
cp -v ./default-resources.yml ./my-resources.yml
export FUZZBUCKET_RESOURCES_prod='my-resources.yml'
combined config and customizations
As each of the config and customization files is merged via a distinct top-level
key, they may all be combined and managed as a single file, e.g.:
cat \
./my-config.yml \
<(echo) \
./my-iam-role-statements.yml \
<(echo) \
./my-resources.yml | tee ./combo-config.yml
export FUZZBUCKET_CONFIG_prod='combo-config.yml'
export FUZZBUCKET_RESOURCES_prod='combo-config.yml'
export FUZZBUCKET_IAM_ROLE_STATEMENTS_prod='combo-config.yml'
management lifecycle
Prior to deployment, one's config file should be checked via the lint-config
script:
hatch run lint-config --diff ./path-to-config.yml
hatch run lint-config --write ./path-to-config.yml
The just deploy
target will run the necessary serverless
command to create
the whole shebang.
just deploy
just deploy prod us-west-2
These commands are expected to be re-run as needed, such as after modifying the
YAML config described in the prerequisites section above.
changelog
Please see the CHANGELOG.
license
Please see the LICENSE.