VPC Configuration

As of version 1.1, Asgard can create VPC based Security Groups, Load Balancers, and Auto Scaling Groups. When creating Security Groups you will be able to specify an available VPC for your region. When creating Load Balancers or Auto Scaling Groups you will be able to specify a subnet.

You must add a special tag to any subnets that you want to use in Asgard. Note that subnet configuration must currently be done outside of Asgard. An example tag would look like immutable_metadata={"purpose":"internal","target":"ec2"}. This tag is based on several Netflix conventions. Since tags are often limited, we prefer to use the key "immutable_metadata" with a JSON value for attributes that won't change over the lifetime of an object.

• "purpose" indicates a type of subnet configuration. Purpose is an open ended set of values that are used to describe the configuration of a subnet. The purpose value is what Asgard will display when choosing subnets. Purposes should be unique within an availability zone, and subnets with the same purpose in different zones should have a common configuration.
• "target" determines what kind of AWS object can use the subnet. This allows for partitioning. It is optional and currently has only two valid values ("ec2" and "elb"). If target is unspecified then Asgard will be able to associate both ELBs and ASGs with the subnet.

By convention, Netflix uses these four subnet configurations:

• {"purpose":"external","target":"elb"} - Used to host external ELBs. The goal of splitting these off to a separate subnet is to give the ELB room to scale and ensure that VPC instances and ELB instances are not competing for the same subnet capacity.
• {"purpose":"external","target":"ec2"} - Used to host externally facing instances (e.g. NAT instance, VPC instances with EIPs). These instances can receive traffic from external, non-VPC hosts (e.g. EC2, Internet).
• {"purpose":"internal","target":"ec2"} - Used to host internal instances. Instances on this subnet can communicate externally and can receive inbound communications from corporate/DC systems. These instances cannot receive inbound connections from external, non-VPC hosts (e.g. EC2, Internet).
• {"purpose":"internal","target":"elb"} - Used to host internal ELBs. The goal of splitting these off to a separate subnet is to give the ELB room to scale and ensure that VPC instances and ELB instances are not competing for the same subnet capacity.