What does Astra actually provide me with?

Astra is a CLI tool that you download and run from your local command line with an included support contract.

Astra guides the user through not only setting up their infrastructure from scratch, but also gives them the tools to interact with their infrastructure. All the while Astra does everything using the most up-to-date best practices, orchestrating everything it does via Terraform and native cloud api calls. Making sure that if you ever need to leave Astra behind, everything is ready for human consumption.

At a high level

When Astra is fully bootstrapped and ready to use you will have:

• A fully functional cloud infrastructure.
• A fully editable repository with all the associated Terraform for that infrastructure.
• The ability to deploy your containerized application with zero downtime.
• The tools to manage application configuration and secrets in a secure manner.
• A networking plan, proper DNS management, and much much more.

What exactly does Astra create and how does it contribute to my overall infrastructure?

We'll focus on AWS since Astra only supports AWS for now.

Here are the biggest areas of software infrastructure that Astra focuses on:

• Container Orchestration
• Security
• Users, Access, & Permission Management
• Networking
• VPN & Internal Access
• Account/Environment Separation
• Telemetry
• Infrastructure as Code
• CI/CD & Distributed Cron

Container Orchestration

Why It Matters

Every company needs a method to deploy their applications quickly, flexibly, and reliably. Containers are table-stakes for anyone working with modern tooling and therefore having a way to easily manage your containers is a must.

While many companies opt for Kubernetes due to its rich ecosystem and popularity, the hidden drawbacks—such as its complexity and the cognitive load it imposes—are often overlooked. Even Kubernetes deployments managed by external providers still necessitate at least one expert to navigate and maintain the system effectively.

Astra's Solution

Astra simplifies the deployment process by automating the setup of AWS Elastic Container Service (ECS), utilizing AWS's serverless platform, Fargate. This approach allows Astra to offer the robust capabilities of complex systems like Kubernetes and other container orchestrators while delegating the system's maintenance and management to AWS.

With Astra, there's no need to manage underlying node pools or navigate through complex overlay networks. Instead, Astra provides a streamlined interface that enables you to deploy your containers effortlessly. Enjoy the advantages of modern container orchestration, such as zero-downtime deployments and self-healing, without the traditional overhead.

Security

Why It Matters

Establishing a robust infrastructure is challenging enough without the added complexity of implementing proper security practices and processes. This can often feel overwhelming, ensuring everything is structured correctly to protect against threats.

Security demands a thorough consideration of everything we develop, ensuring it meets high quality and security standards to prevent potential company-wide breaches.

Astra's Solution

Astra takes security seriously—no compromises. By adopting an opinionated stance, Astra integrates good security practices into your daily routines through simple usage of the product!

Astra provides excellent security features right from the start, making security a seamless aspect of your infrastructure management. Here are some of the security benefits Astra offers:

• Automatic provisioning of renewing TLS certificates for any new service you create.
• Simplified integration with Single Sign-On (SSO) to streamline access control.
• Comprehensive management of permissions and users, ensuring all user actions are logged with CloudWatch.
• Implementation of session timeouts, automatic cleanup, and other processes to enhance security.
• And much more!

Astra's approach ensures that security is not an afterthought but a fundamental part of your infrastructure management, offering peace of mind and robust protection.

Users, Access, & Permission Management

Why It Matters

Without rehashing the previous topic on security, access and permission management is extremely important in any budding infrastructure. As your infrastructure grows you'll want it to grow along with your team. Part of that growth is making sure that everyone has the protection of least-privilege permissions.

As your infrastructure continues to expand you'll find that managing users and permissions becomes more and more cumbersome.

Astra's Solution

Astra attempts to lower the bar of this complexity without skimping on security. Astra allows you to easily set up new users, create new permissions, and assign access in this fashion with ease.

Networking

Why It Matters

The evolution of software-defined networking allowed AWS to simplify networking for many cloud users, making it almost an afterthought. However, those who experienced early success soon discovered that networking complexities would emerge with growth.

Cloud networking is often overlooked until companies face limitations due to earlier, less informed decisions.

Astra's Solution

Astra anticipates your networking needs for scalability and beyond. By planning your network architecture early, Astra ensures you will have the necessary space and flexibility in your underlying network to support growth and expansion.

Astra organizes your network into large, manageable, and predictable segments, providing not just ample room for expansion but also a clear strategy for it. Each potential requirement is forecasted, with IP address ranges pre-assigned to facilitate smooth scaling. Here's an overview of how Astra structures your network for optimal scalability:

--------- Snippet Subnetting Diagram---------
Amazon VPC Addressable Block [10.0.0.0/8](16,777,214 hosts)
  Production-East1 [10.1.0.0/16](65534 hosts)
    US-East-1-A [10.1.0.0/18](16382 hosts)
      Subnet 1 (Public)  [10.1.0.0/20](4094 hosts)
      Subnet 2 (Private) [10.1.16.0/20]
      Subnet 3 (Spare)   [10.1.32.0/20]
      Subnet 4 (Spare)   [10.1.48.0/20]
    US-East-1-B [10.1.64.0/18]
    ...
    US-East-1-C [10.1.128.0/18]
    ...
    Spare [10.1.192.0/18]
  ...
...
  Production-East2 [10.3.0.0/16](65534 hosts)

This structured approach not only ensures sufficient capacity for growth but also provides a clear blueprint for future expansion. With Astra, every aspect of your network's expansion is already thoughtfully planned and allocated, ensuring you're prepared for whatever comes next.

VPN & Internal Access

Why It Matters

Every company relies on a blend of services that are either intended for internal use only or are external-facing. It's crucial for internal services to remain accessible exclusively within the organization. This security is typically ensured through a VPN solution, which grants access to internal services solely to trusted employees.

However, VPN solutions come with their own set of challenges. They require ongoing maintenance and have historically presented complexities in administration. Plus, it's just one more thing you have to worry about.

Astra's Solution

Astra introduces a dual-strategy solution designed for both immediate ease of use and enduring robustness.

Firstly, Astra offers "Astra Connect", a tool that regulates access to accounts based on security groups. It facilitates temporary connections to internal services, subsequently revoking the access it had granted. This ensures a secure, but flexible, method of accessing internal resources temporarily.

However, Astra Connect is not viewed as a permanent fix. The long-term goal is to keep internal traffic restricted to the internal network. To achieve this, Astra support also offers the implementation of a WireGuard solution like Tailscale. This approach integrates seamlessly with Astra's permissioning system and provides enhanced security for on-premises services, offering a scalable and secure VPN alternative.

Account/Environment Separation

Why It Matters

In the early days of cloud computing, companies often deployed their products within a single account. Initially, this approach seemed effective, but it wasn't long before its limitations became apparent. The crux of the issue lies in the inherent differences between various environments, such as development, staging, and production. Each environment has unique requirements for security, reliability, and usability.

Consequently, blending these environments within a single account made it challenging to manage these distinct needs effectively. For instance, the flexibility and ease of use crucial for a development environment could compromise the stringent security needed in a production environment.

Astra's Solution

Astra is dedicated to adhering to best practices that preemptively address potential challenges.

Recognizing the importance of environment-specific considerations, Astra facilitates the implementation of a multi-account strategy for your cloud infrastructure. This approach allocates a separate account for each environment, with access control and permissions tailored to suit the specific needs of that environment.

By automating the administration, maintenance, and provisioning processes associated with a multi-account strategy, Astra simplifies the complexity of managing distinct environments. This ensures that each environment operates within its optimal parameters, maintaining the necessary balance between security, reliability, and usability.

Astra also divides your Terraform up in a way that is extendible and easy to manage as your team grows larger. The rough layout for your IaC repository will be:

root_directory --> <account/environment> --> <region> --> <team> -> Terraform code.

This division allows you to neatly chunk changes where they belong and enables you to stay organized and subvert the operational hardships of a single Terraform state that controls everything.

Telemetry

Why It Matters

Understanding the performance and behavior of your application is crucial. Without measuring the activities of your application, how can you be certain it's functioning as intended? Telemetry is the toolkit engineers use to verify that their creations are achieving the desired outcomes and to identify when they are not.

Developing a robust system for logs and metrics that serve as effective debugging tools is invaluable. Such a system not only aids in troubleshooting issues but also helps in anticipating problems before they escalate to a critical level.

Astra's Solution

The telemetry marketplace is highly fragmented, and understandably so, given that managing telemetry data is both costly and resource-intensive. Typically, companies face a choice between outsourcing this management or handling it in-house, each option having its significant advantages and disadvantages.

Short Term :: Small Team :: Simple

Astra attempts to make this easier in the short term by providing the following:

• Astra advocates for the adoption of OpenTelemetry which facilitates easy transitions between telemetry tooling.
• By default, Astra configures and utilizes CloudWatch for each service, providing useful dashboards from the outset.
• Astra's service logs command gives you quick access to your logs with basic filtering.

Long Term :: Larger Team :: Balancing expenses

For the long term, the strategy involves determining which approach best suits your organization—managing telemetry in-house or outsourcing it—and selecting an Application Performance Monitoring (APM) solution that aligns with your needs and the trade-offs you're willing to accept.

This decision may lead to Astra facilitating the setup of an internal APM system or integrating your application with one of the numerous third-party providers available, depending on what's most beneficial for your company's specific context.

Infrastructure as Code

Why It Matters

In the modern era of cloud computing, the ability to manage and provision infrastructure through code rather than through manual processes is not just a convenience—it's a necessity. Infrastructure as Code (IaC) allows for the automation of infrastructure deployment, leading to more consistent, reliable, and repeatable environments.

This methodology enables teams to easily manage complex cloud resources, reduce the potential for human error, and significantly speed up the deployment process. Additionally, IaC supports DevOps practices by enabling continuous integration and continuous deployment (CI/CD) pipelines, making it possible to integrate infrastructure changes alongside application development. It also enhances security and compliance by allowing for the codification of compliance policies and the automatic enforcement of these policies at the infrastructure level.

Astra's Solution

Astra leverages the power of Infrastructure as Code in the form of Terraform to streamline and secure the management of cloud resources.

By translating every change made via Astra into your Terraform repository, Astra not only provides transparency into the actions being taken but also offers the flexibility to modify these actions directly. This approach empowers you to gradually transition towards managing a full infrastructure team independently, ensuring that Astra's interventions align with your long-term infrastructure management and development strategies.

CI/CD & Distributed Cron

Why It Matters

In the realm of modern software development—a field I'm deeply invested in, as evidenced by my work on Gofer—the concept of "Distributed Cron" emerges as a crucial component. The realization that bespoke jobs, which cannot be seamlessly integrated into the core product, are necessary, highlights the need for two interrelated systems. One system is tasked with job processing, executing specific actions reliably. The other system focuses on executing code segments to automate and manage aspects of the software development lifecycle.

The success of these systems is vital, yet they are often overlooked or overly complicated by companies until they present significant challenges.

Astra's Solution

Addressing the automation aspect of software development, Astra provides strong support for and pre-configured setups with GitHub Actions. The ease of use and convenience offered by GitHub Actions make it the preferred choice for managing the small, yet significant, snippets of code that automate the software development cycle. This setup not only simplifies automation but also allows for the seamless integration of Astra deployments into these workflows.

The job processing component presents a more complex challenge, necessitating thoughtful software architecture decisions. Astra advocates for simplicity as the initial approach, recommending the development of simple state machines, enhanced by green threads, for products with smaller user bases. This strategy allows for gradual evaluation and adaptation to the product's evolving needs, informed by the market's offerings and the specific demands of the job processing tasks.