In this series of blog posts I will describe methods of combining AWS Lambda, CloudFormation, and CloudTrail with Infoblox Cloud Platform Appliances running inside an AWS VPC to automate Infoblox provisioning without any API calls ever leaving the AWS environment. This will enable full DNS and IP address management automation even when using the native AWS provisioning tools. Infoblox has the ability to automatically create DNS records for AWS EC2 instances on a scheduled basis using the vDiscovery feature but this process allows on-demand provisioning for a wide range of AWS objects and services and can allow for more customization of the naming and addressing scheme at the cost of some additional effort in scripting and customization.
The number of orchestration and provisioning tools available to a person deploying infrastructure to cloud platforms is almost endless. Many, if not all of those can be integrated into an Infoblox environment using the Infoblox APIs in order to provide automated IP address, DNS, and DHCP provisioning. This is typically a simple process, either using pre-built modules or by adding API calls to the provisioning playbooks. There are plenty of pre-built modules available, such as those for Chef (https://supermarket.chef.io/cookbooks/infoblox) and ServiceNow Orchestration (https://docs.servicenow.com/administer/orchestration_activities/concept/c_InfobloxDDIActivityPack.ht…).
There are a few examples where this automation of Infoblox DDI in the provisioning process isn’t so simple. A great example is in an Amazon Web Services environment where provisioning is done through the native AWS tools. This could be through the web console or through CloudFormation, AWS’ native orchestration tool. In this case there has traditionally been no way to add those API calls out to the Infoblox environment as AWS does not have the ability to make outbound API calls from the web console or CloudFormation.
AWS Lambda is a relatively new (2014) feature in the AWS platform. Lambda allows an administrator to run code within the AWS platform in response to events in other AWS functions. Lambda dynamically creates an infrastructure environment within milliseconds, runs a code snippet (Python, node.js, or Java), then shuts down that dynamically created environment automatically. The great thing about Lambda is that it is metered in 100 millisecond increments. This means running code on-demand is very inexpensive when the code is small and quick and there’s no requirement to maintain any other infrastructure like an EC2 instance with an operating system. AWS Lambda just recently added the ability to make network connections into an AWS VPC which enables the techniques I’ll demonstrate.
This is the environment that I’ll be configuring over the next few posts.
