Here at Foreground, we prefer to understand a candidate's technical experience and analysis skills before proceeding with portions of our recruiting process. We believe that the exercise below will illustrate a candidate's approach to working with technologies and methodologies that may be commonly used in our teams at Foreground.
- This exercise should not take you more than one to two hours to complete. If your solution is taking longer, that's okay—be honest and let us know how long it took and why you think it took that long.
- Be as thorough as you wish.
- All exercises are to be performed as if you were on the job.
- We use terraform to manage our cloud infrastructure on AWS. Provide your exercise files as valid terraform code.
- We'd expect to see the specific resources defined in the
terraform/development/devops-recruiting-exercisedirectory and any shared modules interraform/modulesdirectory, but we are open to other approaches if you can justify your reasoning. - You are free to use whatever development environment you wish. We use Visual Studio Code with the official Hashicorp Terraform extension to help with formatting.
- You may submit your response by forking this repository and opening a pull request. You can then send that link to the pull request to the recruiter you are working with.
There are no right or wrong answers. We are deliberately offering creative freedom and interpretation to all candidates who are completing this exercise. You would receive similar tasks on the job and would be given similar latitude with how you approach the problem and deliver business insights.
- Use this repository to kickstart your project.
- Fork or download this repository.
- KISS, but do not sacrifice security.
- Install the terraform CLI: Instructions
- Use the terraform CLI to test your changes using
terraform plan - (Optional) You can use the AWS Free Tier to create the resources in this exercise if you wish. Make sure you remain within the free tier limits so that you are not charged. Foreground is not responsible for any charges you may incur doing this exercise.
- (Optional) You can use the Terraform Cloud to create the pipeline and connection to AWS if you wish. Make sure you remain within the free tier limits so that you are not charged. Foreground is not responsible for any charges you may incur doing this exercise.
- Complete the following steps in your fork and open a pull request.
Goal: Create a VPC and the associated networking to be able to launch an EC2 instance
- We only need 1 availability zone.
- No NATs are required.
- All instances launched in this VPC will be given an auto-assigned public IP address.
Goal: Launch an EC2 instance in the VPC created in the previous step.
- Use the previously created VPC outputs as inputs to the EC2 resource.
- Launch the default Amazon Linux 2 AMI for whatever region you set up in the previous step.
- Add a security group to this instance that allows the following and denys anything else:
- Allow ports 80 and 443 from the world
- Allow port 22 from only 1.1.1.1 and 8.8.8.8
Goal: Create an S3 bucket and only allow the EC2 instance created in the previous step to read and write (but not delete or list) information to that bucket.
- The S3 bucket is setup with the relevant properties and permissions.
- Create an IAM role for the EC2 instance created in the previous step.
- Assign an instance role to that instance and assure that role has permissions to read and write (only) to that s3 bucket.
- Show a working example by hooking all this up to a Terraform Cloud account and a Amazon Web Services account. Both providers have free tiers.
- Consider scenarios where we may wish to deploy this infrastructure across different environments (i.e. stage, test, production) and what approach you might take to enable this.