When I first signed up for AWS back in early 2014 their portal had far far fewer services than you see today. EC2, VPCs and S3s were already there but the likes of Lambda and ECS were still to come (albeit later that same year).

One of the very first patterns I used then, as now, is the “VPC with Public and Private Subnets” which is possibly the Hello World of VPC configurations. Each time I wanted to set something up, I had to reach for the documentation; the route tables, the gateways and the NAT were all configured point-and-click style in the portal. It is perhaps no surprise that more than once I launched EC2s in the wrong subnet and wondered why I was unable to ssh into them !

The strong and understandable temptation for any individual or organisation when provisioning cloud services is to just use the portal(s). However, for all but a simple POC, I would strongly advocate it is better to invest the time to learn what is needed to programmatically script your cloud deployments. Whether it's Cloud Formation (AWS), ARM Templates (Azure) or Terraform (cloud agnostic) makes no difference. Please ... pick one method that allows you to automate this process.

My personal preference is for Terraform, not least because a) I don't want to be tied into the technology of a single CSP (and neither should you) and b) Terraform can actually be used for non-cloud deployments as well. It's extremely versatile and, when combined with Hashicorp Vault, it goes an extremely long way to help you make sure you are able to repeatedly deploy your assets in a consistent and secure way.

So for now, whilst my original AWS VPC notes still sit on the shelf behind me, it's the Terraform provider docs that I refer to the most these days. In the future I aim to detail the process of how I've combined Terraform with Bitbucket Pipelines to implement blue / green deployments into an S3 bucket which is then fronted by Cloud Front.

There is quite a good chance that static versions of this site will have been implemented using the blue / green deployment process below ;- ...