The Digital Cat - Terraformhttps://www.thedigitalcatonline.com/2023-10-16T11:00:00+01:00Adventures of a curious cat in the land of programmingDesign and implement a flexible VPC on AWS2023-10-16T11:00:00+01:002023-10-16T11:00:00+01:00Leonardo Giordanitag:www.thedigitalcatonline.com,2023-10-16:/blog/2023/10/16/design-and-implement-a-flexible-vpc-on-aws/<p> An example of network design with an implementation using AWS VPC</p><p>Designing networks is not an easy task, and while cloud computing removes the hassle (and also a bit the fun) of moving around switches and cables, it left untouched the complexity of planning a good structure. But, what does "good structure" mean?</p><p>I think this is crucial question in engineering. A well-designed (or well-architected) system cannot be defined once and for all, because its nature, structure, and components depend on the requirements. Hence the usual answer: "it depends".</p><p>In this post I want to give an example of some business requirements and of the structure of a network that might satisfy them.</p><p>For the implementation I will work with <a href="https://aws.amazon.com/vpc/">AWS VPC</a>, which has several advantages. First of all, AWS is one of the major cloud providers, and this might help beginners to better understand how it works. Second, most of the components of a VPC are free of charge, which means that anyone can apply the structure I will show without having to pay. The only component that AWS will charge you for is a NAT gateway, but the price is around 0.045 $/hour, which means that with a single dollar you can enjoy a trip on a well-architected VPC for approximately 22 hours. After that time you can always remove the NAT and keep working on the free part of your VPC.</p><h2 id="a-quick-recap-of-ip-and-cidrs-4f94">A quick recap of IP and CIDRs<a class="headerlink" href="#a-quick-recap-of-ip-and-cidrs-4f94" title="Permanent link">¶</a></h2><p>You should be familiar with the IP protocol to use VPC effectively, but if your knowledge is rusty I give you a quick recap.</p><p>IPv4 addresses are made of 32 bits, thus spanning 2<sup>32</sup> values, between 0 and 4,294,967,295 (2<sup>32</sup>-1). To simplify their usage, we split IPv4 addresses into 4 chunks of 8 bits (octets) and convert each into a decimal number which is thus between 0 and 255 (2<sup>8</sup>-1). The classic form of an IPv4 address is thus <code>A.B.C.D</code>, e.g. <code>1.2.3.4</code>, <code>134.32.175.52</code>, <code>255.255.0.0</code>.</p><p>When considering ranges of addresses, giving the first and last address might be tedious and difficult to read. The CIDR notation was introduced to simplify this. A CIDR (Classless Inter-Domain Routing) is expressed in the form <code>A.B.C.D/N</code>, where <code>N</code> is a number of bits between 0 and 32 and represents how many bits of the address remain fixed. A CIDR like <code>134.73.28.196/32</code> represents only the address <code>134.73.28.196</code>, as 32 bits out of 32 are fixed. Conversely, the CIDR <code>0.0.0.0/0</code> represents all IPv4 addresses as 0 bits out of 32 are fixed.</p><p>The range of addresses corresponding to a CIDR is in general not easy to compute manually, but those corresponding to the 4 octets are trivial</p><ul><li>The CIDR <code>A.B.C.D/32</code> corresponds to the address <code>A.B.C.D</code>.</li><li>The CIDR <code>A.B.C.0/24</code> corresponds to the addresses between <code>A.B.C.0</code> and <code>A.B.C.255</code> (255 addresses, 2<sup>32-24</sup> or 2<sup>8</sup>). Here, the first 24 bits (the 3 octets <code>A</code>, <code>B</code>, and <code>C</code>) are fixed.</li><li>The CIDR <code>A.B.0.0/16</code> corresponds to the addresses between <code>A.B.0.0</code> and <code>A.B.255.255</code> (65,536 addresses, 2<sup>32-16</sup> or 2<sup>16</sup>). Here, the first 16 bits (the 2 octets <code>A</code> and <code>B</code>) are fixed.</li><li>The CIDR <code>A.0.0.0/8</code> corresponds to the addresses between <code>A.0.0.0</code> and <code>A.255.255.255</code> (16,777,216 addresses, 2<sup>32-8</sup> or 2<sup>24</sup>). Here, the first 8 bits (the octet <code>A</code>) are fixed.</li></ul><p>Please note that by convention we set the variable octets to 0. The CIDR <code>A.B.C.0/24</code> is exactly the same as the CIDR <code>A.B.C.D/24</code>, as the octet <code>D</code> is not fixed. For this reason it's deceiving and useless to set it. For example, I would never write <code>153.23.95.34/24</code>, as this means all addresses between <code>153.23.95.0</code> and <code>153.23.95.255</code>, so the final <code>34</code> is just misleading. <code>153.23.95.0/24</code> is much better in this case.</p><p>You can use the <a href="https://jodies.de/ipcalc">IP Calculator</a> by Krischan Jodies to explore CIDRs.</p><p>As the number of IPv4 addresses quickly proved to be insufficient we developed IPv6, but in the meantime we also created private network spaces. In IPv4 there are 3 different ranges of addresses that are considered "private", which means that they can be duplicated and that they are not reachable from the Internet. The difference between public and private addresses is the same between "London, UK" (there is only one in the world) and "kitchen" (every house has one).</p><p>The three private ranges in IPv4 are:</p><ul><li><code>192.168.0.0/16</code> - 65536 addresses between <code>192.168.0.0</code> and <code>192.168.255.255</code></li><li><code>172.16.0.0/12</code> - 1,048,576 addresses between <code>172.16.0.0</code> and <code>172.31.255.255</code> (this is not easily computed manually because 12 is not a multiple of 8)</li><li><code>10.0.0.0/8</code> - 16,777,216 addresses between <code>10.0.0.0</code> and <code>10.255.255.255</code></li></ul><p>This means that IP addresses like <code>192.168.6.1</code>, <code>172.17.123.45</code>, and <code>10.34.168.20</code> are all private. Take care of the second range, as it goes from <code>172.16</code> to <code>172.31</code>, so an address like <code>172.32.123.45</code> is definitely public.</p><p>Now that your knowledge of IP addresses has been fully restored we can dive into network design.</p><h2 id="requirements-dd57">Requirements<a class="headerlink" href="#requirements-dd57" title="Permanent link">¶</a></h2><p>As I mentioned in the introduction, the most important part of a system design are requirements, both the present and the future ones.</p><p>If you design a road, it is crucial to understand how many vehicles will travel on it per minute (or per hour, day, month) and the type of vehicle. I'm not an expert of highway engineering, but I'm sure a road for mining trucks has to be different from a cycle lane, and the same is true for a computer system. Surely you want to store information in a database, but the size and the type of it depend on the amount of data you have, the usage pattern, the required reliability, and so on.</p><p>We are designing a network that will host cloud computing resources such as computing instances, databases, load balancers, and so on. I will globally refer to them as <em>resources</em> or <em>instances</em>, without paying to much attention to the concrete nature of each of them. From the networking point of view they are all just a bunch of network cards.</p><p>As an example, we have the following business requirements for a company called ZooSoft:</p><ul><li>There are currently <strong>three main products</strong>: Alligator Accounting, Barracuda Blogging, Coyote CAD.</li><li>There might be <strong>more products</strong> in the future, we are in the first design stages of Dragonfly Draw and Echidna Email.</li><li>We need <strong>four environments</strong> for each product: Live, Staging, Demo, UAT.<ul><li>Live is the application accessed by clients</li><li>Staging is a clone of Live that is used to run extensive pre-release tests and to perform initial support debugging</li><li>Demo runs the application with the same configuration as Live but with fake data, used to showcase the application to new customers</li><li>UAT contains on-demand instances used by developers and QA to test new features</li></ul></li><li>Some data or services are <strong>shared among the products</strong>, and the infrastructure team needs a space where to deploy their tools.</li></ul><h2 id="initial-analysis-c228">Initial analysis<a class="headerlink" href="#initial-analysis-c228" title="Permanent link">¶</a></h2><p>As you see, I highlighted some of the most important points we need to keep in mind.</p><ul><li><strong>There are currently 3 products</strong>. Not a single one, not 1 hundred. It is important to understand this number because we probably want to have separate spaces for each product, with different teams working on each one. If the company had one single product we might expect it to create a new one in the future, but it might not be that urgent to have space to grow. On the other hand, if the company had already 100 products we might want to design things with a completely different approach.</li><li><strong>There might be more products in the future</strong>. Again, it is important to have a good idea of the future requirements, as most of the problems of a system will come when the usage patterns change. It's generally a good idea to leave space for growth, but overdoing it might lead to a waste of resources and ultimately money. Understanding the growth expectation is paramount to find a good balance between inflexibility and waste of resources.</li><li><strong>There are 4 different usage patterns for each application</strong>, each one with its own requirements. The Live environment clearly needs a lot of power and redundancy to provide a stable service for users, while environments like UAT and Demo will certainly have more relaxed parameters in terms of availability or reliability.</li><li><strong>We need space to deploy internal tools</strong> used to monitor the application and to test new solutions. The architecture of the application might change in the future so we need space to try out different structures and products.</li></ul><p>In general, it's a good idea to <strong>isolate anything that doesn't need to be shared</strong> across teams or products, as it reduces the risk of errors and exposes less resources to attacks. In AWS, the concept of account allows us to completely separate environments at the infrastructure level. Resources in separate accounts can still communicate, but this requires a certain amount of work to set up the connection, which ultimately promotes isolation.</p><p>So, the initial idea might be to give each product a different account. However, we also have 4 different environments for each product, and given the relative simplicity involved in the creation of an AWS account it sounds like a good idea to have one of them for each combination of product and environment. AWS provides a tool called <a href="https://aws.amazon.com/controltower/">Control Tower</a> that can greatly simplify the creation and management of accounts, which makes this choice even more reasonable.</p><p>A VPC (Virtual Private Network) is, as the name suggests, a private network that allows different products to use the same IP address pool without clashing, which is not new to anyone is familiar with private IP address spaces. This means that we could easily create in each account a VPC with a CIDR <code>10.0.0.0/8</code> that grants 2<sup>24</sup> (more than 16M) different IP addresses, plenty enough to host instances and databases for any type of application.</p><p>However, it might be useful in the future to connect different VPCs, for example to perform data migrations, and this is done in AWS through <a href="https://docs.aws.amazon.com/vpc/latest/peering/what-is-vpc-peering.html">VPC peering</a>. In simple words, this is a way to create a single network out of two different VPCs, but it can't be done if the two VPCs have overlapping CIDR blocks. This means that while we keep VPCs separate in different accounts, we might also want to assign different CIDRs to each one.</p><p>Avoiding overlap clearly reduces the size of a VPC, so let's have a look at some figures to have an idea of what we can create.</p><p>If we assign to each account a CIDR <code>10.X.0.0/16</code>, with X being a number assigned to the specific account, we can create up to 256 different accounts (from <code>10.0.0.0/16</code> to <code>10.255.0.0/16</code>). Out of an abundance of caution we might reserve the first 10 CIDRs for future use and internal needs, which leaves us with 246 non-overlapping CIDRs (from <code>10.10.0.0/16</code> to <code>10.255.0.0/16</code>). This means that we have space for several combinations of product/environment, for example we might have up to 41 products with 6 environments each or 30 products with 8 environments each (with leftovers).</p><p>Since at the moment we have 3 products with 4 environments each, this choice looks reasonable. At the same time, a <code>/16</code> CIDR grants us space for 2<sup></sup>16 (65536) resources, which again looks more than enough to host a standard web application.</p><h2 id="assignment-plan-3693">Assignment plan<a class="headerlink" href="#assignment-plan-3693" title="Permanent link">¶</a></h2><p>To simplify the schema, let's grant space for 20 products and group CIDRs by environment. This means we will have 20 CIDRs for Live environments, 20 for Staging, and so on. The assignment plan is then</p><div class="code"><div class="content"><div class="highlight"><pre>10.0.0.0/16 reserved
...
10.9.0.0/16 reserved
10.10.0.0/16 alligator-accounting-live
10.11.0.0/16 barracuda-blogging-live
10.12.0.0/16 coyote-cad-live
...
10.30.0.0/16 alligator-accounting-staging
10.31.0.0/16 barracuda-blogging-staging
10.32.0.0/16 coyote-cad-staging
...
10.50.0.0/16 alligator-accounting-demo
10.51.0.0/16 barracuda-blogging-demo
10.52.0.0/16 coyote-cad-demo
...
10.70.0.0/16 alligator-accounting-uat
10.71.0.0/16 barracuda-blogging-uat
10.72.0.0/16 coyote-cad-uat
...
10.250.0.0/16 infrastructure-team
...
10.255.0.0/16 infrastructure-team
</pre></div></div></div><p>As I mentioned, the initial CIDRs are reserved for future use, but we also kept the final 6 CIDRs for the needs of the infrastructure team. Keep in mind that this is only an example and that we are clearly free to change any of these figure to match our needs more closely. Each one of these CIDRs will be assigned to a specific account.</p><p>Should we create new products we will continue with the same pattern, e.g.</p><div class="code"><div class="content"><div class="highlight"><pre>10.0.0.0/16 reserved
...
10.10.0.0/16 alligator-accounting-live
10.11.0.0/16 barracuda-blogging-live
10.12.0.0/16 coyote-cad-live
<span class="hll">10.13.0.0/16 dragonfly-draw-live
</span>...
10.30.0.0/16 alligator-accounting-staging
10.31.0.0/16 barracuda-blogging-staging
10.32.0.0/16 coyote-cad-staging
<span class="hll">10.33.0.0/16 dragonfly-draw-staging
</span>...
10.50.0.0/16 alligator-accounting-demo
10.51.0.0/16 barracuda-blogging-demo
10.52.0.0/16 coyote-cad-demo
<span class="hll">10.53.0.0/16 dragonfly-draw-demo
</span>...
10.70.0.0/16 alligator-accounting-uat
10.71.0.0/16 barracuda-blogging-uat
10.72.0.0/16 coyote-cad-uat
<span class="hll">10.73.0.0/16 dragonfly-draw-uat
</span>...
10.250.0.0/16 infrastructure-team
...
</pre></div></div></div><p>We are planning to use IaC tools to implement this, but it's nevertheless interesting to spot the patterns in this schema that make it easier to debug network connections.</p><p>All environments of a certain type belong to a specific range, so an address like <code>10.15.123.456</code> is definitely in a Live environment. At the same time, IP addresses across the same product have the same final digit in the second part of the address, so if <code>10.12.456.789</code> is a Live instance, the corresponding Staging instance will have an address like <code>10.32.X.Y</code>.</p><p>While this is not crucial, I wouldn't underestimate the value of a regular structure that can give precious information at a glance. While debugging during an emergency things like this might be a blessing.</p><p>The last thing to note is that in this schema the 160 CIDRs between <code>10.90.0.0/16</code> and <code>10.249.0.0/16</code> are not allocated. This might give you a better idea of how wide a <code>10.0.0.0/8</code> network space is! Such accounts can be used to host up to other 8 environments for each product.</p><h2 id="address-space-bad2">Address space<a class="headerlink" href="#address-space-bad2" title="Permanent link">¶</a></h2><p>Let's focus on a single CIDR in the form <code>10.N.0.0/16</code>. As we know this provides 65536 addresses (2<sup>16</sup>) that we need to split into subnets. In AWS, subnets correspond to different Availability Zones, that are "distinct locations within an AWS Region that are engineered to be isolated from failures in other Availability Zones" (from the docs). In other words, they are separate data centres built so that if one blows up the others should be unaffected. I guess this depends on the size of the explosion, but within reason this is the idea.</p><p>So, each account gets 65536 addresses (<code>/16</code>), split into:</p><ul><li>1 public subnet for the NAT gateway to live in (<code>nat</code>).</li><li>3 private subnets for the computing resources (<code>private_a</code>, <code>private_b</code>, <code>private_c</code>).</li><li>3 public subnets for the load balancer (<code>public_a</code>, <code>public_b</code>, <code>public_c</code>).</li><li>1 public subnet for the bastion instance (<code>bastion</code>).</li></ul><p>Now, if you are not familiar with subnets they are the simplest of concepts. You get the address space of a network (say for example <code>10.10.0.0/16</code>, that is the addresses from <code>10.10.0.0</code> to <code>10.10.255.255</code>) and split it into chunks. The fact that each chunk is assigned to a different data centre is an AWS addition and is not part of the definition of subnet in principle. However, the reason behind subnetting is exactly to create small <em>physical</em> networks that are therefore more efficient. If two computers are on the same subnet the routing of IP packets exchanged by them is simpler and thus faster. For similar reasons, and to increase security, it's a good idea to keep your subnets as small as possible.</p><p>In this case, we might create subnets in a <code>/23</code> space (512 addresses each), which looks wide enough to host the web applications of ZooSoft. Before we have a look at the actual figures let me clarify what this means. I assume each application (Alligator Accounting, Barracuda Blogging, and so on) has been containerised, maybe using ECS or EKS, which however means that there are EC2 instances behind the scenes running the containers. If we are using Fargate we do not provide EC2 instances and in that case we might set up our network in a different way.</p><p>EC2 instances are computers, and they all have at least one network interface, which corresponds to an IP address. So, when I say that a subnet contains 512 addresses I mean that in a single subnet I can run up to 507 EC2 instances (remember that AWS reserves some addresses, see <a href="https://docs.aws.amazon.com/vpc/latest/userguide/subnet-sizing.html">https://docs.aws.amazon.com/vpc/latest/userguide/subnet-sizing.html</a>). Assuming instances with 8 GiB of memory each (e.g. <code>m7g.large</code>) and containers that require 1 GiB of memory we can easily host 3042 containers (507*6) leaving 2 GiB for each instance to host newly created containers (for example to run blue-green deployments). These are clearly examples and you have to adapt them to the requirements of your specific application, but I hope you get an idea of how to roughly estimate this sort of quantities.</p><p>Remember that in AWS the difference between public and private networks is only in the gateway they are connected to. Public networks are connected to an Internet Gateway and thus are reachable from Internet, while private networks are either disconnected from Internet or connected with a NAT, which allows them to access Internet but not to be accessed from outside.</p><p>The <code>bastion</code> subnet might or might not be useful. In general, <code>bastion</code> hosts are very secure instances that can be accessed using SSH, and from which you can access the rest of the instances. As from the point of view of security they are a weak point of the whole infrastructure you might not want to have them or replace them with more ephemeral solutions. In any case, I left the network there as an example of a space that hosts tools not directly connected with the application.</p><p>Let's have a deeper look at the figures. A <code>/16</code> space can be split into 128 <code>/23</code> spaces (2<sup>23-16</sup>), but given the list of subnets I showed before we need only 8 of them, which leaves again a lot of space for further expansion, and there are two types of expansion we might consider. One is increasing the number of subnets, the other is increasing the size of subnets themselves. With the amount of space granted by the current size of the networks we have plenty of options to cover both cases. We might reach a good balance between the size of the network and the number of networks increasing the potential size to <code>/21</code> (2048 addresses), which grants us space for 32 subnetworks.</p><p>Here, I show a possible schema for the account <code>alligator-accounting-live</code> that is granted the space <code>10.10.0.0/16</code>.</p><div class="code"><div class="content"><div class="highlight"><pre>NAME CIDR ADDRESSES NUM ADDRESSES
reserved 10.10.0.0/21 (10.10.0.0 - 10.10.7.255) {2048}
nat 10.10.8.0/23 (10.10.8.0 - 10.10.9.255) {512}
expandable to
10.10.8.0/21 (10.10.8.0 - 10.10.15.255) {2048}
PUBLIC
reserved 10.10.16.0/21 (10.10.10.0 - 10.10.15.255) {2048}
reserved 10.10.24.0/21 (10.10.10.0 - 10.10.31.255) {2048}
private-a 10.10.32.0/23 (10.10.32.0 - 10.10.33.255) {512}
expandable to
10.10.32.0/21 (10.10.32.0 - 10.10.39.255) {2048}
private-b 10.10.40.0/23 (10.10.40.0 - 10.10.41.255) {512}
expandable to
10.10.40.0/21 (10.10.40.0 - 10.10.47.255) {2048}
private-c 10.10.48.0/23 (10.10.48.0 - 10.10.49.255) {512}
expandable to
10.10.48.0/21 (10.10.48.0 - 10.10.55.255) {2048}
reserved 10.10.56.0/21 (10.10.56.0 - 10.10.63.255) {2048}
RESERVED PRIVATE 4
reserved 10.10.63.0/21 (10.10.63.0 - 10.10.71.255) {2048}
RESERVED PRIVATE 5
...
reserved 10.10.128.0/21 (10.10.128.0 - 10.10.135.255) {2048}
RESERVED PRIVATE 13
public-a 10.10.136.0/23 (10.10.136.0 - 10.10.137.255) {512}
expandable to
10.10.136.0/21 (10.10.136.0 - 10.10.143.255) {2048}
PUBLIC
public-b 10.10.144.0/23 (10.10.144.0 - 10.10.145.255) {512}
expandable to
10.10.144.0/21 (10.10.144.0 - 10.10.151.255) {2048}
PUBLIC
public-c 10.10.152.0/23 (10.10.152.0 - 10.10.153.255) {512}
expandable to
10.10.152.0/21 (10.10.152.0 - 10.10.159.255) {2048}
PUBLIC
reserved 10.10.160.0/21 (10.10.160.0 - 10.10.167.255) {2048}
RESERVED PUBLIC 4
reserved 10.10.168.0/21 (10.10.167.0 - 10.10.175.255) {2048}
RESERVED PUBLIC 5
...
reserved 10.10.232.0/21 (10.10.232.0 - 10.10.239.255) {2048}
RESERVED PUBLIC 13
bastion 10.10.240.0/23(10.10.240.0 - 10.10.241.255) {512}
expandable to
10.10.240.0/21 (10.10.240.0 - 10.10.247.255) {2048}
PUBLIC
reserved 10.10.248.0/21(10.10.248.0 - 10.10.255.255) {2048}
</pre></div></div></div><h2 id="routing-4daa">Routing<a class="headerlink" href="#routing-4daa" title="Permanent link">¶</a></h2><p>Routing of each VPC is very simple:</p><ul><li>All resources in the private subnets will be routed into the NAT to grant them Internet access but to isolate them from outside.</li><li>All resources in the public subnets will be routed into the default Internet Gateway.</li><li>The NAT network has to be public, so it is routed into the default Internet Gateway.</li><li>The bastion subnet is public, so it routed into the default Internet Gateway.</li></ul><p>The NAT is a device that translates internet addresses, hiding the internal ones through some clever hacking of TCP/IP. This means that it has to live in a public network so that it can access the Internet.</p><p>The bastion (if present) is a machine that can be accessed from Internet, so it has to be in a public subnet. It's customary to grant access to the bastion to a specific set of IPs (e.g. the personal IPs of some developers) but this is done through Security Groups.</p><h2 id="relevant-figures-92bd">Relevant figures<a class="headerlink" href="#relevant-figures-92bd" title="Permanent link">¶</a></h2><p>In summary the current design grants us the following:</p><ul><li>246 non-overlapping accounts</li><li>20 different products each with 12 environments</li><li>32 subnets for each account</li><li>512 addresses per subnet, upgradable to 2048 without overlapping</li></ul><h2 id="a-simple-terraform-module-d757">A simple Terraform module<a class="headerlink" href="#a-simple-terraform-module-d757" title="Permanent link">¶</a></h2><p>The following code is a simple Terraform module intended to showcase how to create a well-designed VPC with that tool. I decided to avoid using complex loops or other clever hacks to keep it simple and accessible to anyone might be moving their first steps into AWS, VPC, network design, and Terraform. You are clearly free to build on top of it and to come up with a different or more clever implementation.</p><p>Remember that the NAT is the only resource that is not free of charge, so don't leave it up and running if don't use it. Don't be afraid of creating one and having a look in the AWS console though.</p><p>I assume the following files are all created in the same directory that I will conventionally call <code>modules/vpc</code>.</p><h3 id="vpc-2303">VPC</h3><div class="code"><div class="title"><code>modules/vpc/vpc.tf</code></div><div class="content"><div class="highlight"><pre><span class="kr">resource</span><span class="w"> </span><span class="nc">"aws_vpc"</span><span class="w"> </span><span class="nv">"main"</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="na">cidr_block</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"${var.cidr_prefix}.0.0/16"</span>
<span class="w"> </span><span class="nb">tags</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="na">Name</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nv">var.name</span>
<span class="w"> </span><span class="p">}</span>
<span class="p">}</span>
</pre></div></div></div><div class="code"><div class="title"><code>modules/vpc/variables.tf</code></div><div class="content"><div class="highlight"><pre><span class="kr">variable</span><span class="w"> </span><span class="nv">"cidr_prefix"</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="na">description</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"The first two octets of the CIDR, e.g. 10.10 (will become 10.10.0.0/16)"</span>
<span class="w"> </span><span class="na">type</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="kt">string</span>
<span class="p">}</span>
<span class="kr">variable</span><span class="w"> </span><span class="nv">"name"</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="na">description</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"The name of this VPC and the prefix/tag for its related resources"</span>
<span class="w"> </span><span class="na">type</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="kt">string</span>
<span class="p">}</span>
</pre></div></div></div><p>When you call the module you will have to pass these two variables, e.g.</p><div class="code"><div class="title"><code>alligator-accounting-live/vpc/main.tf</code></div><div class="content"><div class="highlight"><pre><span class="kr">module</span><span class="w"> </span><span class="nv">"vpc"</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="na">source</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"../../modules/vpc"</span>
<span class="w"> </span><span class="na">cidr_prefix</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"10.10"</span>
<span class="w"> </span><span class="na">name</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"alligator-accounting-live"</span>
<span class="p">}</span>
</pre></div></div></div><h3 id="internet-gateway-e563">Internet Gateway </h3><div class="code"><div class="title"><code>modules/vpc/gateway.tf</code></div><div class="content"><div class="highlight"><pre><span class="kr">resource</span><span class="w"> </span><span class="nc">"aws_internet_gateway"</span><span class="w"> </span><span class="nv">"main"</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="na">vpc_id</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nv">aws_vpc.main.id</span>
<span class="w"> </span><span class="nb">tags</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="na">Name</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nv">var.name</span>
<span class="w"> </span><span class="p">}</span>
<span class="p">}</span>
</pre></div></div></div><h3 id="subnets-03e5">Subnets</h3><div class="code"><div class="title"><code>modules/vpc/subnets.tf</code></div><div class="content"><div class="highlight"><pre><span class="kr">resource</span><span class="w"> </span><span class="nc">"aws_subnet"</span><span class="w"> </span><span class="nv">"nat"</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="na">vpc_id</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nv">aws_vpc.main.id</span>
<span class="w"> </span><span class="na">cidr_block</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"${var.cidr_prefix}.8.0/23"</span>
<span class="w"> </span><span class="na">availability_zone</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"eu-west-1a"</span>
<span class="w"> </span><span class="nb">tags</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="na">Name</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"${var.name}-nat"</span>
<span class="w"> </span><span class="p">}</span>
<span class="p">}</span>
<span class="kr">resource</span><span class="w"> </span><span class="nc">"aws_subnet"</span><span class="w"> </span><span class="nv">"private_a"</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="na">vpc_id</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nv">aws_vpc.main.id</span>
<span class="w"> </span><span class="na">cidr_block</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"${var.cidr_prefix}.32.0/23"</span>
<span class="w"> </span><span class="na">availability_zone</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"eu-west-1a"</span>
<span class="w"> </span><span class="nb">tags</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="na">Name</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"${var.name}-private-a"</span>
<span class="w"> </span><span class="na">Tier</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"private"</span>
<span class="w"> </span><span class="p">}</span>
<span class="p">}</span>
<span class="kr">resource</span><span class="w"> </span><span class="nc">"aws_subnet"</span><span class="w"> </span><span class="nv">"private_b"</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="na">vpc_id</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nv">aws_vpc.main.id</span>
<span class="w"> </span><span class="na">cidr_block</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"${var.cidr_prefix}.40.0/23"</span>
<span class="w"> </span><span class="na">availability_zone</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"eu-west-1b"</span>
<span class="w"> </span><span class="nb">tags</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="na">Name</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"${var.name}-private-b"</span>
<span class="w"> </span><span class="na">Tier</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"private"</span>
<span class="w"> </span><span class="p">}</span>
<span class="p">}</span>
<span class="kr">resource</span><span class="w"> </span><span class="nc">"aws_subnet"</span><span class="w"> </span><span class="nv">"private_c"</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="na">vpc_id</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nv">aws_vpc.main.id</span>
<span class="w"> </span><span class="na">cidr_block</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"${var.cidr_prefix}.48.0/23"</span>
<span class="w"> </span><span class="na">availability_zone</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"eu-west-1c"</span>
<span class="w"> </span><span class="nb">tags</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="na">Name</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"${var.name}-private-c"</span>
<span class="w"> </span><span class="na">Tier</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"private"</span>
<span class="w"> </span><span class="p">}</span>
<span class="p">}</span>
<span class="kr">resource</span><span class="w"> </span><span class="nc">"aws_subnet"</span><span class="w"> </span><span class="nv">"public_a"</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="na">vpc_id</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nv">aws_vpc.main.id</span>
<span class="w"> </span><span class="na">cidr_block</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"${var.cidr_prefix}.136.0/23"</span>
<span class="w"> </span><span class="na">availability_zone</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"eu-west-1a"</span>
<span class="w"> </span><span class="na">map_public_ip_on_launch</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="no">true</span>
<span class="w"> </span><span class="nb">tags</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="na">Name</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"${var.name}-public-a"</span>
<span class="w"> </span><span class="na">Tier</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"public"</span>
<span class="w"> </span><span class="p">}</span>
<span class="p">}</span>
<span class="kr">resource</span><span class="w"> </span><span class="nc">"aws_subnet"</span><span class="w"> </span><span class="nv">"public_b"</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="na">vpc_id</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nv">aws_vpc.main.id</span>
<span class="w"> </span><span class="na">cidr_block</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"${var.cidr_prefix}.144.0/23"</span>
<span class="w"> </span><span class="na">availability_zone</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"eu-west-1b"</span>
<span class="w"> </span><span class="na">map_public_ip_on_launch</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="no">true</span>
<span class="w"> </span><span class="nb">tags</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="na">Name</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"${var.name}-public-b"</span>
<span class="w"> </span><span class="na">Tier</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"public"</span>
<span class="w"> </span><span class="p">}</span>
<span class="p">}</span>
<span class="kr">resource</span><span class="w"> </span><span class="nc">"aws_subnet"</span><span class="w"> </span><span class="nv">"public_c"</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="na">vpc_id</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nv">aws_vpc.main.id</span>
<span class="w"> </span><span class="na">cidr_block</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"${var.cidr_prefix}.152.0/23"</span>
<span class="w"> </span><span class="na">availability_zone</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"eu-west-1c"</span>
<span class="w"> </span><span class="na">map_public_ip_on_launch</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="no">true</span>
<span class="w"> </span><span class="nb">tags</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="na">Name</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"${var.name}-public-c"</span>
<span class="w"> </span><span class="na">Tier</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"public"</span>
<span class="w"> </span><span class="p">}</span>
<span class="p">}</span>
<span class="kr">resource</span><span class="w"> </span><span class="nc">"aws_subnet"</span><span class="w"> </span><span class="nv">"bastion"</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="na">vpc_id</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nv">aws_vpc.main.id</span>
<span class="w"> </span><span class="na">cidr_block</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"${var.cidr_prefix}.240.0/23"</span>
<span class="w"> </span><span class="na">availability_zone</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"eu-west-1a"</span>
<span class="w"> </span><span class="na">map_public_ip_on_launch</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="no">true</span>
<span class="w"> </span><span class="nb">tags</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="na">Name</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"${var.name}-bastion"</span>
<span class="w"> </span><span class="na">Tier</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"bastion"</span>
<span class="w"> </span><span class="p">}</span>
<span class="p">}</span>
</pre></div></div></div><p>We need to associate the public subnets with the Internet Gateway.</p><div class="code"><div class="title"><code>modules/vpc/gateway.tf</code></div><div class="content"><div class="highlight"><pre><span class="p">[...]</span>
<span class="kr">resource</span><span class="w"> </span><span class="nc">"aws_route_table"</span><span class="w"> </span><span class="nv">"main"</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="na">vpc_id</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nv">aws_vpc.main.id</span>
<span class="w"> </span><span class="nb">route</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="na">cidr_block</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"0.0.0.0/0"</span>
<span class="w"> </span><span class="na">gateway_id</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nv">aws_internet_gateway.main.id</span>
<span class="w"> </span><span class="p">}</span>
<span class="w"> </span><span class="nb">tags</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="na">Name</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"${var.name} Internet Gateway"</span>
<span class="w"> </span><span class="p">}</span>
<span class="p">}</span>
<span class="kr">resource</span><span class="w"> </span><span class="nc">"aws_route_table_association"</span><span class="w"> </span><span class="nv">"public_a_to_igw"</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="na">subnet_id</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nv">aws_subnet.public_a.id</span>
<span class="w"> </span><span class="na">route_table_id</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nv">aws_route_table.main.id</span>
<span class="p">}</span>
<span class="kr">resource</span><span class="w"> </span><span class="nc">"aws_route_table_association"</span><span class="w"> </span><span class="nv">"public_b_to_igw"</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="na">subnet_id</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nv">aws_subnet.public_b.id</span>
<span class="w"> </span><span class="na">route_table_id</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nv">aws_route_table.main.id</span>
<span class="p">}</span>
<span class="kr">resource</span><span class="w"> </span><span class="nc">"aws_route_table_association"</span><span class="w"> </span><span class="nv">"public_c_to_igw"</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="na">subnet_id</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nv">aws_subnet.public_c.id</span>
<span class="w"> </span><span class="na">route_table_id</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nv">aws_route_table.main.id</span>
<span class="p">}</span>
<span class="kr">resource</span><span class="w"> </span><span class="nc">"aws_route_table_association"</span><span class="w"> </span><span class="nv">"bastion_to_igw"</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="na">subnet_id</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nv">aws_subnet.bastion.id</span>
<span class="w"> </span><span class="na">route_table_id</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nv">aws_route_table.main.id</span>
<span class="p">}</span>
</pre></div></div></div><h3 id="nat-gateway-3743">NAT Gateway</h3><p>We need a NAT to grant private networks access to the Internet.</p><div class="code"><div class="title"><code>modules/vpc/nat.tf</code></div><div class="content"><div class="highlight"><pre><span class="kr">resource</span><span class="w"> </span><span class="nc">"aws_eip"</span><span class="w"> </span><span class="nv">"nat_gateway"</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="na">vpc</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="no">true</span>
<span class="w"> </span><span class="nb">tags</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="na">Name</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nv">var.name</span>
<span class="w"> </span><span class="p">}</span>
<span class="p">}</span>
<span class="kr">resource</span><span class="w"> </span><span class="nc">"aws_route_table_association"</span><span class="w"> </span><span class="nv">"nat_to_igw"</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="na">subnet_id</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nv">aws_subnet.nat.id</span>
<span class="w"> </span><span class="na">route_table_id</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nv">aws_route_table.main.id</span>
<span class="p">}</span>
<span class="kr">resource</span><span class="w"> </span><span class="nc">"aws_nat_gateway"</span><span class="w"> </span><span class="nv">"nat_gateway"</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="na">allocation_id</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nv">aws_eip.nat_gateway.id</span>
<span class="w"> </span><span class="na">subnet_id</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nv">aws_subnet.nat.id</span>
<span class="w"> </span><span class="na">depends_on</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="p">[</span><span class="nv">aws_internet_gateway.main</span><span class="p">]</span>
<span class="w"> </span><span class="nb">tags</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="na">Name</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nv">var.name</span>
<span class="w"> </span><span class="p">}</span>
<span class="p">}</span>
<span class="kr">resource</span><span class="w"> </span><span class="nc">"aws_route_table"</span><span class="w"> </span><span class="nv">"nat_gateway"</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="na">vpc_id</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nv">aws_vpc.main.id</span>
<span class="w"> </span><span class="nb">route</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="na">cidr_block</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"0.0.0.0/0"</span>
<span class="w"> </span><span class="na">nat_gateway_id</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nv">aws_nat_gateway.nat_gateway.id</span>
<span class="w"> </span><span class="p">}</span>
<span class="w"> </span><span class="nb">tags</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="na">Name</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"${var.name} NAT Gateway"</span>
<span class="w"> </span><span class="p">}</span>
<span class="p">}</span>
<span class="kr">resource</span><span class="w"> </span><span class="nc">"aws_route_table_association"</span><span class="w"> </span><span class="nv">"private_a_to_nat"</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="na">subnet_id</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nv">aws_subnet.private_a.id</span>
<span class="w"> </span><span class="na">route_table_id</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nv">aws_route_table.nat_gateway.id</span>
<span class="p">}</span>
<span class="kr">resource</span><span class="w"> </span><span class="nc">"aws_route_table_association"</span><span class="w"> </span><span class="nv">"private_b_to_nat"</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="na">subnet_id</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nv">aws_subnet.private_b.id</span>
<span class="w"> </span><span class="na">route_table_id</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nv">aws_route_table.nat_gateway.id</span>
<span class="p">}</span>
<span class="kr">resource</span><span class="w"> </span><span class="nc">"aws_route_table_association"</span><span class="w"> </span><span class="nv">"private_c_to_nat"</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="na">subnet_id</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nv">aws_subnet.private_c.id</span>
<span class="w"> </span><span class="na">route_table_id</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nv">aws_route_table.nat_gateway.id</span>
<span class="p">}</span>
</pre></div></div></div><h2 id="subnet-groups-bcd9">Subnet groups<a class="headerlink" href="#subnet-groups-bcd9" title="Permanent link">¶</a></h2><p>As an optional step, you might want to create <em>subnet groups</em> for RDS. In AWS, you can create RDS instances in public networks out of the box, but if you want to put them in a private network (and <em>you want</em> to put them there) you need to build a subnet group. See <a href="https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html">the documentation</a>.</p><div class="code"><div class="title"><code>modules/vpc/subnets.tf</code></div><div class="content"><div class="highlight"><pre><span class="kr">resource</span><span class="w"> </span><span class="nc">"aws_db_subnet_group"</span><span class="w"> </span><span class="nv">"rds_group"</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="na">name</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"rds_private"</span>
<span class="w"> </span><span class="na">subnet_ids</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="p">[</span>
<span class="w"> </span><span class="nv">aws_subnet.private_a.id</span><span class="p">,</span>
<span class="w"> </span><span class="nv">aws_subnet.private_b.id</span><span class="p">,</span>
<span class="w"> </span><span class="nv">aws_subnet.private_c.id</span>
<span class="w"> </span><span class="p">]</span>
<span class="w"> </span><span class="nb">tags</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="na">Name</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"${var.name} RDS subnet group"</span>
<span class="w"> </span><span class="p">}</span>
<span class="p">}</span>
</pre></div></div></div><h2 id="final-words-9803">Final words<a class="headerlink" href="#final-words-9803" title="Permanent link">¶</a></h2><p>I hope this was a useful and interesting trip into network design. As an example, this might sound trivial and simple compared to what is needed in certain contexts, but it is definitely a good setup that you can build on. I think VPC is often overlooked as it is assumed developers are familiar with networks. As networking is a crucial part of a system and will pop up in other technologies like Docker or Kubernetes, I recommend any mid-level or senior developer to make sure they are familiar with the main concepts of IP. Happy learning!</p><h2 id="feedback-d845">Feedback<a class="headerlink" href="#feedback-d845" title="Permanent link">¶</a></h2><p>Feel free to reach me on <a href="https://twitter.com/thedigicat">Twitter</a> if you have questions. The <a href="https://github.com/TheDigitalCatOnline/blog_source/issues">GitHub issues</a> page is the best place to submit corrections.</p><p>Photo by <a href="https://unsplash.com/@nate_dumlao?utm_content=creditCopyText&utm_medium=referral&utm_source=unsplash">Nathan Dumlao</a> on <a href="https://unsplash.com/photos/kEOLkJksbc8?utm_content=creditCopyText&utm_medium=referral&utm_source=unsplash">Unsplash</a>.</p>AWS Log Insights as CloudWatch metrics with Python and Terraform2021-03-22T17:00:00+01:002021-03-22T17:00:00+01:00Leonardo Giordanitag:www.thedigitalcatonline.com,2021-03-22:/blog/2021/03/22/aws-log-insights-as-cloudwatch-metrics-with-python-and-terraform/<p> A step-by-step report on how to build a Lambda function with Terraform and Python to convert Log Insights queries into CloudWatch metrics</p><p>Recently I started using <a href="https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AnalyzingLogData.html">AWS CloudWatch Log Insights</a> and I find the tool really useful to extract data about the systems I'm running without having to set up dedicated monitoring tools, which come with their own set of permissions, rules, configuration language, and so forth.</p><p>Log Insights allow you to query log outputs with a language based on regular expressions with hints of SQL and to produce tables or graphs of quantities that you need to monitor. For example, the system I am monitoring runs Celery in ECS containers that log received tasks with a line like the following</p><div class="code"><div class="content"><div class="highlight"><pre>16:39:11,156 [32mINFO [0m [34m[celery.worker.strategy][0m [01mReceived task: lib.tasks.lists.trigger_list_log_notification[9b33b464-d4f9-4909-8d4e-1a3134fead97] [0m
</pre></div></div></div><p>In this case the specific function in the system that was triggered is <code>lib.tasks.log_notification</code>, and I'm interested in knowing which functions are called the most, so I can easily count them with</p><div class="code"><div class="content"><div class="highlight"><pre>parse @message /\[celery\.(?<source>[a-z.]+)\].*Received task: (?<task>[a-z._]+)\[/
| filter not isblank(source)
| stats count(*) as number by task
| sort number desc
| limit 9
</pre></div></div></div><p>This gives me a nice table of the top 9 <code>source</code> functions and the number of <code>task</code> submitted for each, and the time frame can be adjusted with the usual CloudWatch controls</p><div class="code"><div class="content"><div class="highlight"><pre>1 lib.tasks.lists.trigger_list_log_notification 4559
2 lib.tasks.notify.notify_recipient 397
3 lib.message._send_mobile_push_notification 353
4 lib.tasks.jobs.check_job_cutoffs 178
5 lib.tasks.notify.check_message_cutoffs 177
6 lib.tasks.notify.check_notification_retry 177
7 lib.tasks.notify.async_list_response 81
8 lib.tasks.hmrc_poll.govtalk_periodic_poll 59
9 lib.tasks.lists.recalculate_list_entry 56
</pre></div></div></div><p>Using time bins, quantities can also be easily plotted. For example, I can process and visualise the number of received tasks with</p><div class="code"><div class="content"><div class="highlight"><pre>parse @message /\[celery\.(?<source>[a-z.]+)\].*Received task: (?<task>[a-z._]+)\[/
| filter not isblank(source)
| stats count(*) by bin(30s)
</pre></div></div></div><p>Unfortunately I quickly discovered an important limitation of Log Insights, that is <strong>queries are not metrics</strong>. Which also immediately implies that I can't set up alarms on those queries. As fun as it is to look at nice plots, I need something automatic that sends me messages or scales up systems in reaction to specific events such as "too many submitted tasks".</p><p>The standard solution to this problem suggested by AWS is to write a Lambda that runs the query and stores the value into a custom CloudWatch metric, which I can then use to satisfy my automation needs. I did it, and in this post I will show you exactly how, using Terraform, Python and Zappa, CloudWatch, and DynamoDB. At the end of the post I will also briefly discuss the cost of the solution.</p><h2 id="the-big-picture-f6bc">The big picture<a class="headerlink" href="#the-big-picture-f6bc" title="Permanent link">¶</a></h2><p>Before I get into the details of the specific tools or solutions that I decided to implement, let me have a look at the bigger picture. The initial idea is very simple: a Lambda function can run a specific Log Insights query and store the results in a custom metric, which can in turn be used to trigger alarms and other actions.</p><p>For a single system I already have 4 or 5 of these queries that I'd like to run, and I have multiple systems, so I'd prefer to have a solution that doesn't require me to deploy and maintain a different Lambda for each query. The maintenance can be clearly automated as well, but such a solution smells of duplicated code miles away, and if there is no specific reason to go down that road I prefer to avoid it.</p><p>Since Log Insights queries are just strings of code, however, we can store them somewhere and then simply loop on all of them within the same Lambda function. To implement this, I created a DynamoDB table and every element contains all the data I need to run each query, such as the log group that I want to investigate and the name of the target metric.</p><h2 id="terraform-a3cb">Terraform<a class="headerlink" href="#terraform-a3cb" title="Permanent link">¶</a></h2><p>In the following sections I will discuss the main components of the solution from the infrastructural point of view, showing how I created them with Terraform. The four main AWS services that I will use are: <a href="https://aws.amazon.com/dynamodb/">DynamoDB</a>, <a href="https://aws.amazon.com/lambda/">Lambda</a>, <a href="https://aws.amazon.com/iam/">IAM</a>, <a href="https://aws.amazon.com/cloudwatch/">CloudWatch</a>.</p><p>I put the bulk of the code in a module so that I can easily create the same structure for multiple AWS accounts. While my current setup is a bit more complicated that that, the structure of the code can be simplified as</p><div class="code"><div class="content"><div class="highlight"><pre>+ common
+ lambda-loginsights2metrics
+ cloudwatch.tf
+ dynamodb.tf
+ iam.tf
+ lambda.tf
+ variables.tf
+ account1
+ lambda-loginsights2metrics
+ main.tf
+ variables.tf
</pre></div></div></div><h3 id="variables-7edf">Variables</h3><p>Since I will refer to them in the following sections, let me show you the four variables I defined for this module.</p><p>First I need to receive the items that I need to store in the DynamoDB table</p><div class="code"><div class="title"><code>common/lambda-loginsights2metrics/variables.tf</code></div><div class="content"><div class="highlight"><pre><span class="kr">variable</span><span class="w"> </span><span class="nv">"items"</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="na">type</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"list"</span>
<span class="w"> </span><span class="na">default</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="p">[]</span>
<span class="p">}</span>
</pre></div></div></div><p>I prefer to have a prefix in front of my components that allows me to duplicate them without clashes</p><div class="code"><div class="title"><code>common/lambda-loginsights2metrics/variables.tf</code></div><div class="content"><div class="highlight"><pre><span class="kr">variable</span><span class="w"> </span><span class="nv">"prefix"</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="na">type</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"string"</span>
<span class="w"> </span><span class="na">default</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"loginsights2metrics"</span>
<span class="p">}</span>
</pre></div></div></div><p>The Lambda function will require a list of security groups that grant access to specific network components</p><div class="code"><div class="title"><code>common/lambda-loginsights2metrics/variables.tf</code></div><div class="content"><div class="highlight"><pre><span class="kr">variable</span><span class="w"> </span><span class="nv">"security_groups"</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="na">type</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"list"</span>
<span class="w"> </span><span class="na">default</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="p">[]</span>
<span class="p">}</span>
</pre></div></div></div><p>Finally, Lambda functions need to be told which VPC subnets they can use to run</p><div class="code"><div class="title"><code>common/lambda-loginsights2metrics/variables.tf</code></div><div class="content"><div class="highlight"><pre><span class="kr">variable</span><span class="w"> </span><span class="nv">"vpc_subnets"</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="na">type</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"list"</span>
<span class="w"> </span><span class="na">default</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="p">[]</span>
<span class="p">}</span>
</pre></div></div></div><h4 id="resources-8ec3">Resources</h4><ul><li><a href="https://www.terraform.io/docs/configuration-0-11/variables.html">Terraform variables</a>.</li><li>An <a href="https://spacelift.io/blog/how-to-use-terraform-variables">in-depth post</a> that explains how to use variables in Terraform, by Sumeet Ninawe</li></ul><h3 id="dynamodb-55e8">DynamoDB</h3><p>Let's start with the corner stone, which is the DynamoDB table that contains data for the queries. As DynamoDB is not a SQL database we don't need to define columns in advance. This clearly might get us into trouble later, so we need to be careful and be consistent when we write items, adding everything is needed by the Lambda code.</p><div class="code"><div class="title"><code>common/lambda-loginsights2metrics/dynamodb.tf</code></div><div class="content"><div class="highlight"><pre><span class="kr">resource</span><span class="w"> </span><span class="nc">"aws_dynamodb_table"</span><span class="w"> </span><span class="nv">"loginsights2metrics"</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="na">name</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"${var.prefix}-items"</span>
<span class="w"> </span><span class="na">billing_mode</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"PAY_PER_REQUEST"</span>
<span class="w"> </span><span class="na">hash_key</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"SlotName"</span>
<span class="w"> </span><span class="nb">attribute</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="na">name</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"SlotName"</span>
<span class="w"> </span><span class="na">type</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"S"</span>
<span class="w"> </span><span class="p">}</span>
<span class="p">}</span>
</pre></div></div></div><p>Speaking of items, I assume I will pass them when I call the module, so here I just need to loop on the input variable <code>items</code></p><div class="code"><div class="title"><code>common/lambda-loginsights2metrics/dynamodb.tf</code></div><div class="content"><div class="highlight"><pre><span class="kr">resource</span><span class="w"> </span><span class="nc">"aws_dynamodb_table_item"</span><span class="w"> </span><span class="nv">"item"</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="na">count</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nf">length</span><span class="p">(</span><span class="nv">var.items</span><span class="p">)</span>
<span class="w"> </span><span class="na">table_name</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nv">aws_dynamodb_table.loginsights2metrics.name</span>
<span class="w"> </span><span class="na">hash_key</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nv">aws_dynamodb_table.loginsights2metrics.hash_key</span>
<span class="w"> </span><span class="na">item</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nf">jsonencode</span><span class="p">(</span><span class="nf">element</span><span class="p">(</span><span class="nv">var.items</span><span class="p">,</span><span class="w"> </span><span class="nv">count.index</span><span class="p">))</span>
<span class="p">}</span>
</pre></div></div></div><p>Since the query is written as a Terraform string and will be read from Python there are two small caveats here. To be consistent with Terraform's syntax we need to escape double quotes in the query, and to avoid fights with Python we need to escape backslashes. So for example a valid query like</p><div class="code"><div class="content"><div class="highlight"><pre>parse @message /\[celery\.(?<source>[a-z.]+)\].*Received task: (?<task>[a-z._]+)\[/
| filter not isblank(source)
| stats count(*) as Value by bin(1m)
</pre></div></div></div><p>will be stored as</p><div class="code"><div class="content"><div class="highlight"><pre>"parse @message /\\[celery\\.(?<source>[a-z.]+)\\].*Received task: (?<task>[a-z._]+)\\[/ | filter not isblank(source) | stats count(*) as Value by bin(1m)"
</pre></div></div></div><p>Another remark is that the Lambda I will write in Python will read data plotted with the name <code>Value</code> on bins of 1 minute, so the query should end with <code>stats X as Value by bin(1m)</code> where <code>X</code> is a specific stat, for example <code>stats count(*) as Value by bin(1m)</code>.</p><p>The reason behind 1 minute is that the maximum standard resolution of CloudWatch metrics is 1 minute. Should you want more you need to have a look at <a href="https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/publishingMetrics.html#high-resolution-metrics">CloudWatch High-Resolution Metrics</a>.</p><h4 id="resources-8ec3">Resources</h4><ul><li><a href="https://aws.amazon.com/dynamodb/">Amazon DynamoDB</a></li><li><a href="https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/dynamodb_table"><code>aws_dynamodb_table</code> documentation</a></li><li><a href="https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/dynamodb_table_item"><code>aws_dynamodb_table_item</code> documentation</a></li></ul><h3 id="iam-part-1-cde2">IAM part 1</h3><p>IAM roles are central in AWS. In this specific case we have the so-called <a href="https://docs.aws.amazon.com/lambda/latest/dg/lambda-intro-execution-role.html">Lambda execution role</a>, which is the IAM role that the Lambda assumes when you run it. In AWS users or services (that is humans or AWS components) <em>assume</em> a role, receiving the permissions connected with it. To assume roles, however, they need to have a specific permission, a so-called <em>trust policy</em>.</p><p>Let's define a trust policy that allows the Lambda service to assume the role that we will define</p><div class="code"><div class="title"><code>common/lambda-loginsights2metrics/iam.tf</code></div><div class="content"><div class="highlight"><pre><span class="kr">data</span><span class="w"> </span><span class="nc">"aws_iam_policy_document"</span><span class="w"> </span><span class="nv">"trust"</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="nb">statement</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="na">actions</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="p">[</span><span class="s2">"sts:AssumeRole"</span><span class="p">]</span>
<span class="w"> </span><span class="nb">principals</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="na">type</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"Service"</span>
<span class="w"> </span><span class="na">identifiers</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="p">[</span>
<span class="w"> </span><span class="s2">"lambda.amazonaws.com"</span>
<span class="w"> </span><span class="p">]</span>
<span class="w"> </span><span class="p">}</span>
<span class="w"> </span><span class="p">}</span>
<span class="p">}</span>
</pre></div></div></div><p>and after that the role in question</p><div class="code"><div class="title"><code>common/lambda-loginsights2metrics/iam.tf</code></div><div class="content"><div class="highlight"><pre><span class="kr">resource</span><span class="w"> </span><span class="nc">"aws_iam_role"</span><span class="w"> </span><span class="nv">"loginsights2metrics"</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="na">name</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nv">var.prefix</span>
<span class="w"> </span><span class="na">assume_role_policy</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nv">data.aws_iam_policy_document.trust.json</span>
<span class="p">}</span>
</pre></div></div></div><p>To run, Lambdas need an initial set of permissions which can be found in the canned policy <code>AWSLambdaVPCAccessExecutionRole</code>. You can see the content of the policy in the IAM console or dumping it with <code>aws iam get-policy</code> and <code>aws iam get-policy-version</code></p><div class="code"><div class="content"><div class="highlight"><pre>$ aws iam get-policy --policy-arn arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole
{
"Policy": {
"PolicyName": "AWSLambdaVPCAccessExecutionRole",
"PolicyId": "ANPAJVTME3YLVNL72YR2K",
"Arn": "arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole",
"Path": "/service-role/",
"DefaultVersionId": "v2",
"AttachmentCount": 0,
"PermissionsBoundaryUsageCount": 0,
"IsAttachable": true,
"Description": "Provides minimum permissions for a Lambda function to execute while accessing a resource within a VPC - create, describe, delete network interfaces and write permissions to CloudWatch Logs. ",
"CreateDate": "2016-02-11T23:15:26Z",
"UpdateDate": "2020-10-15T22:53:03Z"
}
}
$ aws iam get-policy-version --policy-arn arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole --version-id v2
{
"PolicyVersion": {
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
"ec2:CreateNetworkInterface",
"ec2:DescribeNetworkInterfaces",
"ec2:DeleteNetworkInterface",
"ec2:AssignPrivateIpAddresses",
"ec2:UnassignPrivateIpAddresses"
],
"Resource": "*"
}
]
},
"VersionId": "v2",
"IsDefaultVersion": true,
"CreateDate": "2020-10-15T22:53:03Z"
}
}
</pre></div></div></div><p>Attaching a canned policy is just a matter of creating a specific <code>aws_iam_role_policy_attachment</code> resource</p><div class="code"><div class="title"><code>common/lambda-loginsights2metrics/iam.tf</code></div><div class="content"><div class="highlight"><pre><span class="kr">resource</span><span class="w"> </span><span class="nc">"aws_iam_role_policy_attachment"</span><span class="w"> </span><span class="nv">"loginsights2metrics-"</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="na">role</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nv">aws_iam_role.loginsights2metrics.name</span>
<span class="w"> </span><span class="na">policy_arn</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole"</span>
<span class="p">}</span>
</pre></div></div></div><p>Now that we have the IAM role and the basic policy we can assign custom permissions to it. We need to grant the Lambda permissions on other AWS components, namely CloudWatch to run Log Insights queries and to store metrics and DynamoDB to retrieve all the items from the queries table.</p><div class="code"><div class="title"><code>common/lambda-loginsights2metrics/iam.tf</code></div><div class="content"><div class="highlight"><pre><span class="kr">data</span><span class="w"> </span><span class="nc">"aws_iam_policy_document"</span><span class="w"> </span><span class="nv">"loginsights2metrics"</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="nb">statement</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="na">actions</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="p">[</span>
<span class="w"> </span><span class="s2">"cloudwatch:PutMetricData"</span><span class="p">,</span>
<span class="w"> </span><span class="s2">"cloudwatch:PutMetricAlarm"</span><span class="p">,</span>
<span class="w"> </span><span class="s2">"logs:StartQuery"</span><span class="p">,</span>
<span class="w"> </span><span class="s2">"logs:GetQueryResults"</span><span class="p">,</span>
<span class="w"> </span><span class="s2">"logs:GetLogEvents"</span><span class="p">,</span>
<span class="w"> </span><span class="p">]</span>
<span class="w"> </span><span class="na">resources</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="p">[</span><span class="s2">"*"</span><span class="p">]</span>
<span class="w"> </span><span class="p">}</span>
<span class="w"> </span><span class="nb">statement</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="na">actions</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="p">[</span>
<span class="w"> </span><span class="s2">"dynamodb:Scan"</span>
<span class="w"> </span><span class="p">]</span>
<span class="w"> </span><span class="na">resources</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="p">[</span><span class="nv">aws_dynamodb_table.loginsights2metrics.arn</span><span class="p">]</span>
<span class="w"> </span><span class="p">}</span>
<span class="p">}</span>
</pre></div></div></div><p>Through <code>aws_iam_role_policy</code> we can create and assign the policy out of a <code>data</code> structure</p><div class="code"><div class="title"><code>common/lambda-loginsights2metrics/iam.tf</code></div><div class="content"><div class="highlight"><pre><span class="kr">resource</span><span class="w"> </span><span class="nc">"aws_iam_role_policy"</span><span class="w"> </span><span class="nv">"loginsights2metrics"</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="na">name</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nv">var.prefix</span>
<span class="w"> </span><span class="na">role</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nv">aws_iam_role.loginsights2metrics.name</span>
<span class="w"> </span><span class="na">policy</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nv">data.aws_iam_policy_document.loginsights2metrics.json</span>
<span class="p">}</span>
</pre></div></div></div><h4 id="resources-8ec3">Resources</h4><ul><li><a href="https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document"><code>aws_iam_policy_document</code> documentation</a></li><li><a href="https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role"><code>aws_iam_role</code> documentation</a></li><li><a href="https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment"><code>aws_iam_role_policy_attachment</code> documentation</a></li><li><a href="https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy"><code>aws_iam_role_policy</code> documentation</a></li><li><a href="https://docs.aws.amazon.com/cli/latest/reference/iam/get-policy.html">AWS CLI iam get-policy documentation</a></li><li><a href="https://docs.aws.amazon.com/cli/latest/reference/iam/get-policy-version.html">AWS CLI iam get-policy-version documentation</a></li></ul><h3 id="lambda-0ea2">Lambda</h3><p>We can now create the Lambda function container. I do not use Terraform as a deployer, as I think it should be used to define static infrastructure only, so I will use a dummy function here and later deploy the real code using the AWS CLI.</p><p>The dummy function can be easily created with</p><div class="code"><div class="title"><code>common/lambda-loginsights2metrics/lambda.tf</code></div><div class="content"><div class="highlight"><pre><span class="kr">data</span><span class="w"> </span><span class="nc">"archive_file"</span><span class="w"> </span><span class="nv">"dummy"</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="na">type</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"zip"</span>
<span class="w"> </span><span class="na">output_path</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"${path.module}/lambda.zip"</span>
<span class="w"> </span><span class="nb">source</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="na">content</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"dummy"</span>
<span class="w"> </span><span class="na">filename</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"dummy.txt"</span>
<span class="w"> </span><span class="p">}</span>
<span class="p">}</span>
</pre></div></div></div><p>The Lambda function is a bit more complicated. As I mentioned, I'll use Zappa to package the function, so the <code>handler</code> has to be <code>"zappa.handler.lambda_handler"</code>. The IAM role given to the function is the one we defined previously, while <code>memory_size</code> and <code>timeout</code> clearly depend on the specific function. Lambdas should run in private networks, and I won't cover here the steps to create them. The AWS docs contains a lot of details on this topic, e.g. <a href="https://aws.amazon.com/premiumsupport/knowledge-center/internet-access-lambda-function/">https://aws.amazon.com/premiumsupport/knowledge-center/internet-access-lambda-function/</a>.</p><p>The environment variables allow me to inject the name of the DynamoDB table so that I don't need to hardcode it. I also pass another variable, the <a href="https://sentry.io/welcome/">Sentry DSN</a> that I use in my configuration. This is not essential for the problem at hand, but I left it there to show how to pass such values.</p><div class="code"><div class="title"><code>common/lambda-loginsights2metrics/lambda.tf</code></div><div class="content"><div class="highlight"><pre><span class="kr">resource</span><span class="w"> </span><span class="nc">"aws_lambda_function"</span><span class="w"> </span><span class="nv">"loginsights2metrics"</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="na">function_name</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"loginsights2metrics"</span>
<span class="w"> </span><span class="na">handler</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"zappa.handler.lambda_handler"</span>
<span class="w"> </span><span class="na">runtime</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"python3.8"</span>
<span class="w"> </span><span class="na">filename</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nv">data.archive_file.dummy.output_path</span>
<span class="w"> </span><span class="na">role</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nv">aws_iam_role.loginsights2metrics.arn</span>
<span class="w"> </span><span class="na">memory_size</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="m">128</span>
<span class="w"> </span><span class="na">timeout</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="m">300</span>
<span class="w"> </span><span class="nb">vpc_config</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="na">subnet_ids</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nv">var.vpc_subnets</span>
<span class="w"> </span><span class="na">security_group_ids</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nv">var.security_groups</span>
<span class="w"> </span><span class="p">}</span>
<span class="w"> </span><span class="nb">environment</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="nb">variables</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="s2">"SENTRY_DSN"</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"https://XXXXXX:@sentry.io/YYYYYY"</span><span class="p">,</span>
<span class="w"> </span><span class="s2">"DYNAMODB_TABLE"</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nv">aws_dynamodb_table.loginsights2metrics.name</span>
<span class="w"> </span><span class="p">}</span>
<span class="w"> </span><span class="p">}</span>
<span class="w"> </span><span class="nb">lifecycle</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="na">ignore_changes</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="p">[</span><span class="nb">last_modified, filename</span><span class="p">]</span>
<span class="w"> </span><span class="p">}</span>
<span class="p">}</span>
</pre></div></div></div><p>Please note that I instructed Terraform to ignore changes to the two attributes <code>last_modified</code> and <code>filename</code>, and that I haven't used any <code>source_code_hash</code>. This way I can safely apply Terraform to change parameters like <code>memory_size</code> or <code>timeout</code> without affecting what I deployed with the CI.</p><p>Since I want to trigger the function from AWS CloudWatch Events I need to grant the service <code>events.amazonaws.com</code> the <code>lambda:InvokeFunction</code> permission.</p><div class="code"><div class="title"><code>common/lambda-loginsights2metrics/lambda.tf</code></div><div class="content"><div class="highlight"><pre><span class="kr">resource</span><span class="w"> </span><span class="nc">"aws_lambda_permission"</span><span class="w"> </span><span class="nv">"loginsights2metrics"</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="na">statement_id</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"AllowExecutionFromCloudWatch"</span>
<span class="w"> </span><span class="na">action</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"lambda:InvokeFunction"</span>
<span class="w"> </span><span class="na">function_name</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nv">aws_lambda_function.loginsights2metrics.function_name</span>
<span class="w"> </span><span class="na">principal</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"events.amazonaws.com"</span>
<span class="w"> </span><span class="na">source_arn</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nv">aws_cloudwatch_event_rule.rate.arn</span>
<span class="p">}</span>
</pre></div></div></div><h4 id="resources-8ec3">Resources</h4><ul><li><a href="https://registry.terraform.io/providers/hashicorp/archive/latest/docs/data-sources/archive_file"><code>archive_file</code> documentation</a></li><li><a href="https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function"><code>aws_lambda_function</code> documentation</a></li><li><a href="https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission"><code>aws_lambda_permission</code> documentation</a></li></ul><h3 id="iam-part-2-7f1e">IAM part 2</h3><p>Since 2018 Lambdas have a maximum execution time of 15 minutes (900 seconds), which is more than enough for many services, but to be conservative I preferred to leverage Zappa's asynchronous calls and to make the main Lambda call itself for each query. The Lambda doesn't clearly call the same Python function (it's not recursive), but from AWS's point of view we have a Lambda that calls itself, so we need to give it a specific permission to do this.</p><div class="code"><div class="title"><code>common/lambda-loginsights2metrics/iam.tf</code></div><div class="content"><div class="highlight"><pre><span class="kr">data</span><span class="w"> </span><span class="nc">"aws_iam_policy_document"</span><span class="w"> </span><span class="nv">"loginsights2metrics_exec"</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="nb">statement</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="na">actions</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="p">[</span>
<span class="w"> </span><span class="s2">"lambda:InvokeAsync"</span><span class="p">,</span>
<span class="w"> </span><span class="s2">"lambda:InvokeFunction"</span>
<span class="w"> </span><span class="p">]</span>
<span class="w"> </span><span class="na">resources</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="p">[</span><span class="nv">aws_lambda_function.loginsights2metrics.arn</span><span class="p">]</span>
<span class="w"> </span><span class="p">}</span>
<span class="p">}</span>
</pre></div></div></div><p>I could not define this when I defined the rest of the IAM components because this needs the Lambda to be defined, but the resource is in the same file. Terraform doesn't care about which resource we defined first and where we define it as long as there are no loops in the definitions.</p><p>We can now assign the newly created policy document to the IAM role we created previously</p><div class="code"><div class="title"><code>common/lambda-loginsights2metrics/iam.tf</code></div><div class="content"><div class="highlight"><pre><span class="kr">resource</span><span class="w"> </span><span class="nc">"aws_iam_role_policy"</span><span class="w"> </span><span class="nv">"loginsights2metrics_exec"</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="na">name</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"${var.prefix}-exec"</span>
<span class="w"> </span><span class="na">role</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nv">aws_iam_role.loginsights2metrics.name</span>
<span class="w"> </span><span class="na">policy</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nv">data.aws_iam_policy_document.loginsights2metrics_exec.json</span>
<span class="p">}</span>
</pre></div></div></div><h4 id="resources-8ec3">Resources</h4><ul><li><a href="https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document"><code>aws_iam_policy_document</code> documentation</a> documentation")</li><li><a href="https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy"><code>aws_iam_role_policy</code> documentation</a></li></ul><h3 id="cloudwatch-518e">CloudWatch</h3><p>Whenever you need to run Lambdas (or other things) periodically, the standard AWS solution is to use CloudWatch Events, which work as the AWS cron system. CloudWatch Events are made of rules and targets, so first of all I defined a rule that gets triggered every 2 minutes</p><div class="code"><div class="title"><code>common/lambda-loginsights2metrics/cloudwatch.tf</code></div><div class="content"><div class="highlight"><pre><span class="kr">resource</span><span class="w"> </span><span class="nc">"aws_cloudwatch_event_rule"</span><span class="w"> </span><span class="nv">"rate"</span><span class="w"> </span><span class="p">{</span>
<span class="c1"> # Zappa requires the name to match the processing function</span>
<span class="w"> </span><span class="na">name</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"main.loginsights2metrics"</span>
<span class="w"> </span><span class="na">description</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"Trigger Lambda ${var.prefix}"</span>
<span class="w"> </span><span class="na">schedule_expression</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"rate(2 minutes)"</span>
<span class="p">}</span>
</pre></div></div></div><p>Please note that Zappa has a specific requirement for CloudWatch Events, so I left a comment to clarify this to my future self. The second part of the event is the target, which is the Lambda function that we defined in the previous section.</p><div class="code"><div class="title"><code>common/lambda-loginsights2metrics/cloudwatch.tf</code></div><div class="content"><div class="highlight"><pre><span class="kr">resource</span><span class="w"> </span><span class="nc">"aws_cloudwatch_event_target"</span><span class="w"> </span><span class="nv">"lambda"</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="na">rule</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nv">aws_cloudwatch_event_rule.rate.name</span>
<span class="w"> </span><span class="na">target_id</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"${var.prefix}-target"</span>
<span class="w"> </span><span class="na">arn</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nv">aws_lambda_function.loginsights2metrics.arn</span>
<span class="p">}</span>
</pre></div></div></div><h4 id="resources-8ec3">Resources</h4><ul><li><a href="https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_rule"><code>aws_cloudwatch_event_rule</code> documentation</a></li><li><a href="https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_target"><code>aws_cloudwatch_event_target</code> documentation</a></li></ul><h3 id="using-the-module-5d88">Using the module</h3><p>Now the module is finished, so I just need to create some items for the DynamoDB table and to call the module itself</p><div class="code"><div class="title"><code>account1/lambda-loginsights2metrics/main.tf</code></div><div class="content"><div class="highlight"><pre><span class="nb">locals</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="na">items</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="p">[</span>
<span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="s2">"SlotName"</span><span class="w"> </span><span class="o">:</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="s2">"S"</span><span class="w"> </span><span class="o">:</span><span class="w"> </span><span class="s2">"Celery Logs submitted tasks"</span>
<span class="w"> </span><span class="p">},</span>
<span class="w"> </span><span class="s2">"LogGroup"</span><span class="w"> </span><span class="o">:</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="s2">"S"</span><span class="w"> </span><span class="o">:</span><span class="w"> </span><span class="s2">"mycluster/celery"</span><span class="p">,</span>
<span class="w"> </span><span class="p">},</span>
<span class="w"> </span><span class="s2">"ClusterName"</span><span class="w"> </span><span class="o">:</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="s2">"S"</span><span class="w"> </span><span class="o">:</span><span class="w"> </span><span class="s2">"mycluster"</span>
<span class="w"> </span><span class="p">},</span>
<span class="w"> </span><span class="s2">"Query"</span><span class="w"> </span><span class="o">:</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="s2">"S"</span><span class="w"> </span><span class="o">:</span><span class="w"> </span><span class="s2">"parse @message /\\[celery\\.(?<source>[a-z.]+)\\].*Received task: (?<task>[a-z._]+)\\[/ | filter not isblank(source) | stats count(*) as Value by bin(1m)"</span><span class="p">,</span>
<span class="w"> </span><span class="p">},</span>
<span class="w"> </span><span class="s2">"Namespace"</span><span class="w"> </span><span class="o">:</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="s2">"S"</span><span class="w"> </span><span class="o">:</span><span class="w"> </span><span class="s2">"Custom"</span>
<span class="w"> </span><span class="p">},</span>
<span class="w"> </span><span class="s2">"MetricName"</span><span class="w"> </span><span class="o">:</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="s2">"S"</span><span class="w"> </span><span class="o">:</span><span class="w"> </span><span class="s2">"Submitted tasks"</span>
<span class="w"> </span><span class="p">}</span>
<span class="w"> </span><span class="p">},</span>
<span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="s2">"SlotName"</span><span class="w"> </span><span class="o">:</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="s2">"S"</span><span class="w"> </span><span class="o">:</span><span class="w"> </span><span class="s2">"Celery Logs succeeded tasks"</span>
<span class="w"> </span><span class="p">},</span>
<span class="w"> </span><span class="s2">"LogGroup"</span><span class="w"> </span><span class="o">:</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="s2">"S"</span><span class="w"> </span><span class="o">:</span><span class="w"> </span><span class="s2">"mycluster/celery"</span><span class="p">,</span>
<span class="w"> </span><span class="p">},</span>
<span class="w"> </span><span class="s2">"ClusterName"</span><span class="w"> </span><span class="o">:</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="s2">"S"</span><span class="w"> </span><span class="o">:</span><span class="w"> </span><span class="s2">"mycluster"</span>
<span class="w"> </span><span class="p">},</span>
<span class="w"> </span><span class="s2">"Query"</span><span class="w"> </span><span class="o">:</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="s2">"S"</span><span class="w"> </span><span class="o">:</span><span class="w"> </span><span class="s2">"parse @message /\\[celery.(?<source>[a-z\\._]+)].*Task (?<task>[a-z\\._]+)\\[.*\\] (?<event>[a-z]+)/ | filter source = \"app.trace\" | filter event = \"succeeded\" | stats count(*) as Value by bin(1m)"</span><span class="p">,</span>
<span class="w"> </span><span class="p">},</span>
<span class="w"> </span><span class="s2">"Namespace"</span><span class="w"> </span><span class="o">:</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="s2">"S"</span><span class="w"> </span><span class="o">:</span><span class="w"> </span><span class="s2">"Custom"</span>
<span class="w"> </span><span class="p">},</span>
<span class="w"> </span><span class="s2">"MetricName"</span><span class="w"> </span><span class="o">:</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="s2">"S"</span><span class="w"> </span><span class="o">:</span><span class="w"> </span><span class="s2">"Succeeded tasks"</span>
<span class="w"> </span><span class="p">}</span>
<span class="w"> </span><span class="p">},</span>
<span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="s2">"SlotName"</span><span class="w"> </span><span class="o">:</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="s2">"S"</span><span class="w"> </span><span class="o">:</span><span class="w"> </span><span class="s2">"Celery Logs retried tasks"</span>
<span class="w"> </span><span class="p">},</span>
<span class="w"> </span><span class="s2">"LogGroup"</span><span class="w"> </span><span class="o">:</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="s2">"S"</span><span class="w"> </span><span class="o">:</span><span class="w"> </span><span class="s2">"mycluster/celery"</span><span class="p">,</span>
<span class="w"> </span><span class="p">},</span>
<span class="w"> </span><span class="s2">"ClusterName"</span><span class="w"> </span><span class="o">:</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="s2">"S"</span><span class="w"> </span><span class="o">:</span><span class="w"> </span><span class="s2">"mycluster"</span>
<span class="w"> </span><span class="p">},</span>
<span class="w"> </span><span class="s2">"Query"</span><span class="w"> </span><span class="o">:</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="s2">"S"</span><span class="w"> </span><span class="o">:</span><span class="w"> </span><span class="s2">"parse @message /\\[celery.(?<source>[a-z\\._]+)].*Task (?<task>[a-z\\._]+)\\[.*\\] (?<event>[a-z]+)/ | filter source = \"app.trace\" | filter event = \"retry\" | stats count(*) as Value by bin(1m)"</span><span class="p">,</span>
<span class="w"> </span><span class="p">},</span>
<span class="w"> </span><span class="s2">"Namespace"</span><span class="w"> </span><span class="o">:</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="s2">"S"</span><span class="w"> </span><span class="o">:</span><span class="w"> </span><span class="s2">"Custom"</span>
<span class="w"> </span><span class="p">},</span>
<span class="w"> </span><span class="s2">"MetricName"</span><span class="w"> </span><span class="o">:</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="s2">"S"</span><span class="w"> </span><span class="o">:</span><span class="w"> </span><span class="s2">"Retried tasks"</span>
<span class="w"> </span><span class="p">}</span>
<span class="w"> </span><span class="p">}</span>
<span class="w"> </span><span class="p">]</span>
<span class="p">}</span>
</pre></div></div></div><p>I need to provide a security group for the Lambda, and in this case I can safely use the default one provided by the VPC</p><div class="code"><div class="title"><code>account1/lambda-loginsights2metrics/main.tf</code></div><div class="content"><div class="highlight"><pre><span class="kr">data</span><span class="w"> </span><span class="nc">"aws_security_group"</span><span class="w"> </span><span class="nv">"default"</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="na">name</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"default"</span>
<span class="w"> </span><span class="na">vpc_id</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nv">var.vpc_id</span>
<span class="p">}</span>
</pre></div></div></div><p>And I can finally call the module</p><div class="code"><div class="title"><code>account1/lambda-loginsights2metrics/main.tf</code></div><div class="content"><div class="highlight"><pre><span class="kr">module</span><span class="w"> </span><span class="nv">"loginsights2metrics"</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="na">source</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"../../common/lambda-loginsights2metrics"</span>
<span class="w"> </span><span class="na">items</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nv">local.items</span>
<span class="w"> </span><span class="na">security_groups</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="p">[</span><span class="nv">data.aws_security_group.default.id</span><span class="p">]</span>
<span class="w"> </span><span class="na">vpc_subnets</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nv">var.vpc_private_subnets</span>
<span class="p">}</span>
</pre></div></div></div><p>Please note that the variable <code>vpc_private_subnets</code> is a list of subnet names that I created in another module.</p><h4 id="resources-8ec3">Resources</h4><ul><li><a href="https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group"><code>aws_security_group</code> documentation</a></li><li><a href="https://www.terraform.io/docs/language/modules/develop/index.html">Creating Terraform modules</a></li></ul><h2 id="python-43d2">Python<a class="headerlink" href="#python-43d2" title="Permanent link">¶</a></h2><p>As I mentioned before, the Python code of the Lambda function is contained in a different repository and deployed with the CI using <a href="https://github.com/zappa/Zappa">Zappa</a>. Given we are interacting with AWS I am clearly using Boto3, the <a href="https://boto3.amazonaws.com/v1/documentation/api/latest/index.html">AWS SDK for Python</a>. The code was developed locally without Zappa's support, to test out the Boto3 functions I wanted to use, then quickly adjusted to be executed in a Lambda.</p><p>I think the code is pretty straightforward, but I left my original comments to be sure everything is clear. </p><div class="code"><div class="content"><div class="highlight"><pre><span class="kn">import</span><span class="w"> </span><span class="nn">os</span>
<span class="kn">import</span><span class="w"> </span><span class="nn">time</span>
<span class="kn">import</span><span class="w"> </span><span class="nn">json</span>
<span class="kn">from</span><span class="w"> </span><span class="nn">datetime</span><span class="w"> </span><span class="kn">import</span> <span class="n">datetime</span><span class="p">,</span> <span class="n">timedelta</span>
<span class="kn">import</span><span class="w"> </span><span class="nn">boto3</span>
<span class="kn">from</span><span class="w"> </span><span class="nn">zappa.asynchronous</span><span class="w"> </span><span class="kn">import</span> <span class="n">task</span>
<span class="c1"># CONFIG</span>
<span class="n">logs</span> <span class="o">=</span> <span class="n">boto3</span><span class="o">.</span><span class="n">client</span><span class="p">(</span><span class="s2">"logs"</span><span class="p">,</span> <span class="n">region_name</span><span class="o">=</span><span class="s2">"eu-west-1"</span><span class="p">)</span>
<span class="n">cw</span> <span class="o">=</span> <span class="n">boto3</span><span class="o">.</span><span class="n">client</span><span class="p">(</span><span class="s2">"cloudwatch"</span><span class="p">,</span> <span class="n">region_name</span><span class="o">=</span><span class="s2">"eu-west-1"</span><span class="p">)</span>
<span class="n">dynamodb</span> <span class="o">=</span> <span class="n">boto3</span><span class="o">.</span><span class="n">resource</span><span class="p">(</span><span class="s2">"dynamodb"</span><span class="p">,</span> <span class="n">region_name</span><span class="o">=</span><span class="s2">"eu-west-1"</span><span class="p">)</span>
<span class="nd">@task</span>
<span class="k">def</span><span class="w"> </span><span class="nf">put_metric_data</span><span class="p">(</span><span class="n">item</span><span class="p">):</span> <span class="callout">3</span>
<span class="n">slot_name</span> <span class="o">=</span> <span class="n">item</span><span class="p">[</span><span class="s2">"SlotName"</span><span class="p">]</span>
<span class="n">log_group</span> <span class="o">=</span> <span class="n">item</span><span class="p">[</span><span class="s2">"LogGroup"</span><span class="p">]</span>
<span class="n">cluster_name</span> <span class="o">=</span> <span class="n">item</span><span class="p">[</span><span class="s2">"ClusterName"</span><span class="p">]</span>
<span class="n">query</span> <span class="o">=</span> <span class="n">item</span><span class="p">[</span><span class="s2">"Query"</span><span class="p">]</span>
<span class="n">namespace</span> <span class="o">=</span> <span class="n">item</span><span class="p">[</span><span class="s2">"Namespace"</span><span class="p">]</span>
<span class="n">metric_name</span> <span class="o">=</span> <span class="n">item</span><span class="p">[</span><span class="s2">"MetricName"</span><span class="p">]</span>
<span class="c1"># This runs the Log Insights query fetching data</span>
<span class="c1"># for the last 15 minutes.</span>
<span class="c1"># As we deal with logs processing it's entirely possible</span>
<span class="c1"># for the metric to be updated, for example because</span>
<span class="c1"># a log was received a bit later.</span>
<span class="c1"># When we put multiple values for the same timestamp</span>
<span class="c1"># in the metric CW can show max, min, avg, and percentiles.</span>
<span class="c1"># Since this is an update of a count we should then always</span>
<span class="c1"># use "max".</span>
<span class="n">start_query_response</span> <span class="o">=</span> <span class="n">logs</span><span class="o">.</span><span class="n">start_query</span><span class="p">(</span> <span class="callout">4</span>
<span class="n">logGroupName</span><span class="o">=</span><span class="n">log_group</span><span class="p">,</span>
<span class="n">startTime</span><span class="o">=</span><span class="nb">int</span><span class="p">((</span><span class="n">datetime</span><span class="o">.</span><span class="n">now</span><span class="p">()</span> <span class="o">-</span> <span class="n">timedelta</span><span class="p">(</span><span class="n">minutes</span><span class="o">=</span><span class="mi">15</span><span class="p">))</span><span class="o">.</span><span class="n">timestamp</span><span class="p">()),</span>
<span class="n">endTime</span><span class="o">=</span><span class="nb">int</span><span class="p">(</span><span class="n">datetime</span><span class="o">.</span><span class="n">now</span><span class="p">()</span><span class="o">.</span><span class="n">timestamp</span><span class="p">()),</span>
<span class="n">queryString</span><span class="o">=</span><span class="n">query</span><span class="p">,</span>
<span class="p">)</span>
<span class="n">query_id</span> <span class="o">=</span> <span class="n">start_query_response</span><span class="p">[</span><span class="s2">"queryId"</span><span class="p">]</span>
<span class="c1"># Just polling the API. 5 seconds seems to be a good</span>
<span class="c1"># compromise between not pestering the API and not paying</span>
<span class="c1"># too much for the Lambda.</span>
<span class="n">response</span> <span class="o">=</span> <span class="kc">None</span>
<span class="k">while</span> <span class="n">response</span> <span class="ow">is</span> <span class="kc">None</span> <span class="ow">or</span> <span class="n">response</span><span class="p">[</span><span class="s2">"status"</span><span class="p">]</span> <span class="o">==</span> <span class="s2">"Running"</span><span class="p">:</span>
<span class="nb">print</span><span class="p">(</span><span class="sa">f</span><span class="s2">"</span><span class="si">{</span><span class="n">slot_name</span><span class="si">}</span><span class="s2">: waiting for query to complete ..."</span><span class="p">)</span>
<span class="n">time</span><span class="o">.</span><span class="n">sleep</span><span class="p">(</span><span class="mi">5</span><span class="p">)</span>
<span class="n">response</span> <span class="o">=</span> <span class="n">logs</span><span class="o">.</span><span class="n">get_query_results</span><span class="p">(</span><span class="n">queryId</span><span class="o">=</span><span class="n">query_id</span><span class="p">)</span>
<span class="c1"># Data comes in a strange format, a dictionary of</span>
<span class="c1"># {"field":name,"value":actual_value}, so this converts</span>
<span class="c1"># it into something that can be accessed through keys</span>
<span class="n">data</span> <span class="o">=</span> <span class="p">[]</span>
<span class="k">for</span> <span class="n">d</span> <span class="ow">in</span> <span class="n">response</span><span class="p">[</span><span class="s2">"results"</span><span class="p">]:</span> <span class="callout">5</span>
<span class="n">sample</span> <span class="o">=</span> <span class="p">{}</span>
<span class="k">for</span> <span class="n">i</span> <span class="ow">in</span> <span class="n">d</span><span class="p">:</span>
<span class="n">field</span> <span class="o">=</span> <span class="n">i</span><span class="p">[</span><span class="s2">"field"</span><span class="p">]</span>
<span class="n">value</span> <span class="o">=</span> <span class="n">i</span><span class="p">[</span><span class="s2">"value"</span><span class="p">]</span>
<span class="n">sample</span><span class="p">[</span><span class="n">field</span><span class="p">]</span> <span class="o">=</span> <span class="n">value</span>
<span class="n">data</span><span class="o">.</span><span class="n">append</span><span class="p">(</span><span class="n">sample</span><span class="p">)</span>
<span class="c1"># Now that we have the data, let's put them into a metric.</span>
<span class="k">for</span> <span class="n">d</span> <span class="ow">in</span> <span class="n">data</span><span class="p">:</span>
<span class="n">timestamp</span> <span class="o">=</span> <span class="n">datetime</span><span class="o">.</span><span class="n">strptime</span><span class="p">(</span><span class="n">d</span><span class="p">[</span><span class="s2">"bin(1m)"</span><span class="p">],</span> <span class="s2">"%Y-%m-</span><span class="si">%d</span><span class="s2"> %H:%M:%S.000"</span><span class="p">)</span>
<span class="n">value</span> <span class="o">=</span> <span class="nb">int</span><span class="p">(</span><span class="n">d</span><span class="p">[</span><span class="s2">"Value"</span><span class="p">])</span>
<span class="nb">print</span><span class="p">(</span><span class="sa">f</span><span class="s2">"</span><span class="si">{</span><span class="n">slot_name</span><span class="si">}</span><span class="s2">: putting </span><span class="si">{</span><span class="n">value</span><span class="si">}</span><span class="s2"> on </span><span class="si">{</span><span class="n">timestamp</span><span class="si">}</span><span class="s2">"</span><span class="p">)</span>
<span class="n">cw</span><span class="o">.</span><span class="n">put_metric_data</span><span class="p">(</span> <span class="callout">6</span>
<span class="n">Namespace</span><span class="o">=</span><span class="n">namespace</span><span class="p">,</span>
<span class="n">MetricData</span><span class="o">=</span><span class="p">[</span>
<span class="p">{</span>
<span class="s2">"MetricName"</span><span class="p">:</span> <span class="n">metric_name</span><span class="p">,</span>
<span class="s2">"Dimensions"</span><span class="p">:</span> <span class="p">[{</span><span class="s2">"Name"</span><span class="p">:</span> <span class="s2">"Cluster"</span><span class="p">,</span> <span class="s2">"Value"</span><span class="p">:</span> <span class="n">cluster_name</span><span class="p">}],</span>
<span class="s2">"Timestamp"</span><span class="p">:</span> <span class="n">timestamp</span><span class="p">,</span>
<span class="s2">"Value"</span><span class="p">:</span> <span class="n">value</span><span class="p">,</span>
<span class="s2">"Unit"</span><span class="p">:</span> <span class="s2">"None"</span><span class="p">,</span>
<span class="p">}</span>
<span class="p">],</span>
<span class="p">)</span>
<span class="k">def</span><span class="w"> </span><span class="nf">loginsights2metrics</span><span class="p">(</span><span class="n">event</span><span class="p">,</span> <span class="n">context</span><span class="p">):</span> <span class="callout">1</span>
<span class="k">with</span> <span class="nb">open</span><span class="p">(</span><span class="s2">"package_info.json"</span><span class="p">,</span> <span class="s2">"r"</span><span class="p">)</span> <span class="k">as</span> <span class="n">f</span><span class="p">:</span>
<span class="n">package_info</span> <span class="o">=</span> <span class="n">json</span><span class="o">.</span><span class="n">load</span><span class="p">(</span><span class="n">f</span><span class="p">)</span>
<span class="n">build_timestamp</span> <span class="o">=</span> <span class="nb">int</span><span class="p">(</span><span class="n">package_info</span><span class="p">[</span><span class="s2">"build_time"</span><span class="p">])</span>
<span class="n">build_datetime</span> <span class="o">=</span> <span class="n">datetime</span><span class="o">.</span><span class="n">fromtimestamp</span><span class="p">(</span><span class="n">build_timestamp</span><span class="p">)</span>
<span class="nb">print</span><span class="p">(</span><span class="s2">"###################################"</span><span class="p">)</span>
<span class="nb">print</span><span class="p">(</span>
<span class="s2">"LogInsights2Metrics - Build date: "</span>
<span class="sa">f</span><span class="s1">'</span><span class="si">{</span><span class="n">build_datetime</span><span class="o">.</span><span class="n">strftime</span><span class="p">(</span><span class="s2">"%Y/%m/</span><span class="si">%d</span><span class="s2"> %H:%M:%S"</span><span class="p">)</span><span class="si">}</span><span class="s1">'</span>
<span class="p">)</span>
<span class="nb">print</span><span class="p">(</span><span class="s2">"###################################"</span><span class="p">)</span>
<span class="nb">print</span><span class="p">(</span><span class="sa">f</span><span class="s1">'Reading task from DynamoDB table </span><span class="si">{</span><span class="n">os</span><span class="o">.</span><span class="n">environ</span><span class="p">[</span><span class="s2">"DYNAMODB_TABLE"</span><span class="p">]</span><span class="si">}</span><span class="s1">'</span><span class="p">)</span>
<span class="n">table</span> <span class="o">=</span> <span class="n">dynamodb</span><span class="o">.</span><span class="n">Table</span><span class="p">(</span><span class="n">os</span><span class="o">.</span><span class="n">environ</span><span class="p">[</span><span class="s2">"DYNAMODB_TABLE"</span><span class="p">])</span>
<span class="c1"># This is the simplest way to get all entries in the table</span>
<span class="c1"># The next loop will asynchronously call `put_metric_data`</span>
<span class="c1"># on each entry.</span>
<span class="n">response</span> <span class="o">=</span> <span class="n">table</span><span class="o">.</span><span class="n">scan</span><span class="p">(</span><span class="n">Select</span><span class="o">=</span><span class="s2">"ALL_ATTRIBUTES"</span><span class="p">)</span> <span class="callout">2</span>
<span class="k">for</span> <span class="n">i</span> <span class="ow">in</span> <span class="n">response</span><span class="p">[</span><span class="s2">"Items"</span><span class="p">]:</span>
<span class="nb">print</span><span class="p">(</span><span class="sa">f</span><span class="s2">"* Processing item </span><span class="si">{</span><span class="n">i</span><span class="p">[</span><span class="s1">'SlotName'</span><span class="p">]</span><span class="si">}</span><span class="s2">"</span><span class="p">)</span>
<span class="n">put_metric_data</span><span class="p">(</span><span class="n">i</span><span class="p">)</span>
</pre></div></div></div><p>So, when the Lambda is executed, the entry point is the function <code>loginsights2metrics</code> <span class="callout">1</span> which queries the DynamoDB table <span class="callout">2</span> and loops over all the items contained in it. The loop executes the function <code>put_metric_data</code> <span class="callout">3</span> which being a Zappa <code>task</code> runs it in a new Lambda invocation. This function runs the Log Insights query <span class="callout">4</span>, adjusts Boto3's output <span class="callout">5</span>, and finally puts the values in the custom metric <span class="callout">6</span>.</p><p>The problem I mention in the comment just before I run <code>logs.start_query</code> is interesting. Log Insights are queries, and since they extract data from logs the result can change between two calls of the same query. This means that, since there is an overlap between calls (we run a query on the last 15 minutes every 2 minutes), the function will put multiple values in the same bin of the metric. This is perfectly normal, and it's the reason why CloudWatch allows you to show the maximum, minimum, average, or various percentiles of the same metric. When it comes to counting events, the number can only increase or stay constant in time, but never decrease, so it's sensible to look at the maximum. This is not true if you are looking at execution times, for example, so pay attention to the nature of the underlying query when you graph the metric.</p><p>The Zappa settings I use for the function are</p><div class="code"><div class="title"><code>zappa_settings.json</code></div><div class="content"><div class="highlight"><pre><span class="p">{</span>
<span class="w"> </span><span class="nt">"main"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="nt">"app_module"</span><span class="p">:</span><span class="w"> </span><span class="s2">"main"</span><span class="p">,</span>
<span class="w"> </span><span class="nt">"app_function"</span><span class="p">:</span><span class="w"> </span><span class="s2">"main.loginsights2metrics"</span><span class="p">,</span>
<span class="w"> </span><span class="nt">"runtime"</span><span class="p">:</span><span class="w"> </span><span class="s2">"python3.8"</span><span class="p">,</span>
<span class="w"> </span><span class="nt">"log_level"</span><span class="p">:</span><span class="w"> </span><span class="s2">"WARNING"</span><span class="p">,</span>
<span class="w"> </span><span class="nt">"xray_tracing"</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="p">,</span>
<span class="w"> </span><span class="nt">"exception_handler"</span><span class="p">:</span><span class="w"> </span><span class="s2">"zappa_sentry.unhandled_exceptions"</span>
<span class="w"> </span><span class="p">}</span>
<span class="p">}</span>
</pre></div></div></div><p>And the requirements are</p><div class="code"><div class="title"><code>requirements.txt</code></div><div class="content"><div class="highlight"><pre>zappa
zappa-sentry
</pre></div></div></div><p>Please note that as I mentioned before <code>zappa-sentry</code> is not a strict requirement for this solution.</p><p>The code can be packaged and deployed with a simple bash script like</p><div class="code"><div class="content"><div class="highlight"><pre><span class="ch">#!/bin/bash</span>
<span class="nv">VENV_DIRECTORY</span><span class="o">=</span>venv
<span class="nv">LAMBDA_PACKAGE</span><span class="o">=</span>lambda.zip
<span class="nv">REGION</span><span class="o">=</span>eu-west-1
<span class="nv">FUNCTION_NAME</span><span class="o">=</span>loginsights2metrics
<span class="k">if</span><span class="w"> </span><span class="o">[[</span><span class="w"> </span>-d<span class="w"> </span><span class="si">${</span><span class="nv">VENV_DIRECTORY</span><span class="si">}</span><span class="w"> </span><span class="o">]]</span><span class="p">;</span><span class="w"> </span><span class="k">then</span><span class="w"> </span>rm<span class="w"> </span>-fR<span class="w"> </span><span class="si">${</span><span class="nv">VENV_DIRECTORY</span><span class="si">}</span><span class="p">;</span><span class="w"> </span><span class="k">fi</span>
<span class="k">if</span><span class="w"> </span><span class="o">[[</span><span class="w"> </span>-f<span class="w"> </span><span class="si">${</span><span class="nv">LAMBDA_PACKAGE</span><span class="si">}</span><span class="w"> </span><span class="o">]]</span><span class="p">;</span><span class="w"> </span><span class="k">then</span><span class="w"> </span>rm<span class="w"> </span>-fR<span class="w"> </span><span class="si">${</span><span class="nv">LAMBDA_PACKAGE</span><span class="si">}</span><span class="p">;</span><span class="w"> </span><span class="k">fi</span>
python<span class="w"> </span>-m<span class="w"> </span>venv<span class="w"> </span><span class="si">${</span><span class="nv">VENV_DIRECTORY</span><span class="si">}</span>
<span class="nb">source</span><span class="w"> </span><span class="si">${</span><span class="nv">VENV_DIRECTORY</span><span class="si">}</span>/bin/activate
pip<span class="w"> </span>install<span class="w"> </span>-r<span class="w"> </span>requirements.txt
zappa<span class="w"> </span>package<span class="w"> </span>main<span class="w"> </span>-o<span class="w"> </span><span class="si">${</span><span class="nv">LAMBDA_PACKAGE</span><span class="si">}</span>
rm<span class="w"> </span>-fR<span class="w"> </span><span class="si">${</span><span class="nv">VENV_DIRECTORY</span><span class="si">}</span>
aws<span class="w"> </span>--region<span class="o">=</span><span class="si">${</span><span class="nv">REGION</span><span class="si">}</span><span class="w"> </span>lambda<span class="w"> </span>update-function-code<span class="w"> </span>--function-name<span class="w"> </span><span class="si">${</span><span class="nv">FUNCTION_NAME</span><span class="si">}</span><span class="w"> </span>--zip-file<span class="w"> </span><span class="s2">"fileb://</span><span class="si">${</span><span class="nv">LAMBDA_PACKAGE</span><span class="si">}</span><span class="s2">"</span>
</pre></div></div></div><h2 id="costs-dbe1">Costs<a class="headerlink" href="#costs-dbe1" title="Permanent link">¶</a></h2><p>I will follow here the <a href="https://aws.amazon.com/lambda/pricing/">AWS guide on Lambda pricing</a> and the calculations published in 2018 by my colleague João Neves on <a href="https://silvaneves.org/how-much-does-a-lambda-cost.html">his blog</a>.</p><p>I assume the following:</p><ul><li>The Lambda runs 4 queries, so we have 5 invocations (1 for the main Lambda and 4 asynchronous tasks)</li><li>Each invocation runs for 5 seconds. The current average time of each invocation in my AWS accounts is 4.6 seconds</li><li>I run the Lambda every 2 minutes</li></ul><p>Requests: <code>5 invocations/event * 30 events/hour * 24 hours/day * 31 days/month = 111600 requests</code></p><p>Duration: <code>0.128 GB/request * 111600 requests * 5 seconds = 71424 GB-second</code></p><p>Total: <code>$0.20 * 111600 / 10^6 + $0.0000166667 * 71424 ~= $1.22/month</code></p><p>As you can see, for applications like this it's extremely convenient to use a serverless solution like Lambda functions.</p><h2 id="feedback-d845">Feedback<a class="headerlink" href="#feedback-d845" title="Permanent link">¶</a></h2><p>Feel free to reach me on <a href="https://twitter.com/thedigicat">Twitter</a> if you have questions. The <a href="https://github.com/TheDigitalCatOnline/blog_source/issues">GitHub issues</a> page is the best place to submit corrections.</p>Emacs Configuration for Python/JavaScript, Terraform and blogging2020-07-18T15:30:00+01:002020-07-18T15:30:00+01:00Leonardo Giordanitag:www.thedigitalcatonline.com,2020-07-18:/blog/2020/07/18/emacs-configuration-for-python-javascript-terraform-and-blogging/<p>A step-by-step analysis of the Emacs configuration that I use to write Python/JavaScript/Terraform code and posts for the blog</p><p>(image from https://commons.wikimedia.org/wiki/File:Gnu-listen-half.jpg)</p>
<p>I have been an Emacs user for a long time. There is no specific reason why I started using Emacs: it was available in the RedHat 6.0 distribution that I found in a magazine in 1999, and with which I started my journey in the open source world. It was mentioned in some Linux guide I read at the time, so it became my editor.</p>
<p>I'm not into flame wars, in particular about editors. If I don't like a software/operating system/language/whatever, I just don't use it, and at the same time I'm not scared to test alternatives, even though I'm not actively looking to replace tools that work. Admittedly, at the time I didn't properly configure my Emacs for years, in particular because the C language support was very good out of the box, and that was what I needed, so when I started programming in Python not everything was optimal.</p>
<p>One day a new colleague showed me <a href="https://www.sublimetext.com/">Sublime Text</a> and PyCharm. I don't like IDEs that much, they are too integrated, so the PyCharm wasn't very attractive, but Sublime Text is a very good editor, it's fast and has a lot of features (multiple cursors blew my mind when I first discovered them) and so it became my editor of choice for some years. In time, however I started growing increasingly dissatisfied with it, and with some alternatives that I tested like Atom. The main reason is that modern editor rely too much on the mouse: many people are happy with this, in particular because they use trackpads, but I honestly can't get use to them, and I simply don't want to take my hands off the keyboards while I code because I want to change tab, reorganise the screen, open a file, and so on.</p>
<p>So I went back to Emacs, and started from scratch to configure it in order to match my needs. In this post I want to describe what I did, so that newcomers might be helped to setup their own editor. Emacs is incredibly customisable, and this is one of its main strengths, but a proper setup takes time. Please don't consider configuring your editor a waste of time. If you are a programmer, the editor is your main tool, and you have to take care of it: like any other editor, Emacs has pros and cons, and a proper setup minimises the impact of the shortcomings on your daily work.</p>
<h2 id="requirements">Requirements<a class="headerlink" href="#requirements" title="Permanent link">¶</a></h2>
<p>As always, the choice of tools and their configuration depends on the requirements, so these are the ones I have at the moment.</p>
<ul>
<li>I need to create <strong>keyboard shortcuts</strong> for everything I do often in the editor, I should be able to work without the mouse</li>
<li><strong>Multiple cursors</strong> are a very useful feature and I am used to have them, so there should be an implementation similar to the one I found in Sublime Text</li>
<li><strong>Python</strong>/<strong>JavaScript</strong>/<strong>Terraform</strong> syntax highlighting and formatting/linting</li>
<li>As I have some projects written with React, <strong>JSX</strong> syntax highlighting is also needed</li>
<li><strong>Markdown</strong> syntax highlighting with spell-checking for my blogger activity</li>
</ul>
<h2 id="preamble">Preamble<a class="headerlink" href="#preamble" title="Permanent link">¶</a></h2>
<p>The Emacs configuration file is <code>~/.emacs</code>, and when you install the editor you might get a default minimal version of it. Whenever part of the configuration is changed from the menus, Emacs writes the changes in the .emacs, using the <code>custom-set-variables</code> function. That file also contains the list of packages that I have installed, so I moved the <code>custom-set-variables</code> invocation to a separate file, <code>.emacs-custom</code>. This way Emacs doesn't have to change the main file whenever I install or remove a package and when I customise the face (colours and fonts).</p>
<p>For packages, I'm using the standard <a href="https://melpa.org/#/getting-started">MELPA configuration</a></p>
<div class="highlight"><pre><span></span><code><span class="c1">;; Added by Package.el. This must come before configurations of</span>
<span class="c1">;; installed packages. Don't delete this line. If you don't want it,</span>
<span class="c1">;; just comment it out by adding a semicolon to the start of the line.</span>
<span class="c1">;; You may delete these explanatory comments.</span>
<span class="p">(</span><span class="nv">package-initialize</span><span class="p">)</span>
<span class="p">(</span><span class="k">setq</span><span class="w"> </span><span class="nv">custom-file</span><span class="w"> </span><span class="s">"~/.emacs-custom"</span><span class="p">)</span>
<span class="p">(</span><span class="nb">load</span><span class="w"> </span><span class="nv">custom-file</span><span class="p">)</span>
<span class="c1">;; Load package system and add MELPA repository.</span>
<span class="p">(</span><span class="nb">require</span><span class="w"> </span><span class="ss">'package</span><span class="p">)</span>
<span class="p">(</span><span class="nv">add-to-list</span>
<span class="w"> </span><span class="ss">'package-archives</span>
<span class="w"> </span><span class="c1">;; '("melpa" . "https://stable.melpa.org/packages/") ; many packages won't show if using stable</span>
<span class="w"> </span><span class="o">'</span><span class="p">(</span><span class="s">"melpa"</span><span class="w"> </span><span class="o">.</span><span class="w"> </span><span class="s">"https://melpa.milkbox.net/packages/"</span><span class="p">)</span>
<span class="w"> </span><span class="no">t</span><span class="p">)</span>
</code></pre></div>
<h2 id="global-settings">Global settings<a class="headerlink" href="#global-settings" title="Permanent link">¶</a></h2>
<p>In Emacs you can define new functions and assign them to key combinations, and this is usually a major part of the setup. As I often need to work on the configuration file, at least initially, the first function I defined is one that allows me to quickly open the <code>.emacs</code> file. In the comments I'm following <a href="https://www.emacswiki.org/emacs/EmacsKeyNotation">Emacs key notation</a></p>
<div class="highlight"><pre><span></span><code><span class="c1">;; Open .emacs with C-x c</span>
<span class="p">(</span><span class="nb">defun</span><span class="w"> </span><span class="nv">dotemacs</span><span class="w"> </span><span class="p">()</span><span class="w"> </span><span class="p">(</span><span class="nv">interactive</span><span class="p">)</span><span class="w"> </span><span class="p">(</span><span class="nv">switch-to-buffer</span><span class="w"> </span><span class="p">(</span><span class="nv">find-file-noselect</span><span class="w"> </span><span class="s">"~/.emacs"</span><span class="p">)))</span>
<span class="p">(</span><span class="nv">global-set-key</span><span class="w"> </span><span class="p">(</span><span class="nv">kbd</span><span class="w"> </span><span class="s">"C-x c"</span><span class="p">)</span><span class="w"> </span><span class="ss">'dotemacs</span><span class="p">)</span>
</code></pre></div>
<p>I like the <a href="https://www.emacswiki.org/emacs/VisualLineMode">visual line mode</a> to wraps long lines</p>
<div class="highlight"><pre><span></span><code><span class="c1">;; Visual line mode everywhere, please</span>
<span class="p">(</span><span class="nv">global-visual-line-mode</span><span class="w"> </span><span class="no">t</span><span class="p">)</span>
</code></pre></div>
<p>I also want to always see <a href="http://ergoemacs.org/emacs/emacs_line_number_mode.html">line numbers</a></p>
<div class="highlight"><pre><span></span><code><span class="c1">;; Display line numbers</span>
<span class="p">(</span><span class="nv">global-display-line-numbers-mode</span><span class="p">)</span>
</code></pre></div>
<p>I use <code>C-End</code> a lot to reach the end of the file, but often I press <code>C-<next></code> (<code>Ctrl-PgDown</code>) by mistake. That is by default associated with <code>scroll-left</code> which is disabled, but Emacs opens a buffer to warn me. I don't want that, so I just unset the key combination</p>
<div class="highlight"><pre><span></span><code><span class="c1">;; I keep pressing C-next by mistake...</span>
<span class="p">(</span><span class="nv">global-unset-key</span><span class="w"> </span><span class="p">(</span><span class="nv">kbd</span><span class="w"> </span><span class="s">"C-<next>"</span><span class="p">))</span>
</code></pre></div>
<p>I might not be a purist here. I used <code>M-w</code> and <code>C-y</code> for many years, but I also use other software during my day, and now the <code>Ctrl-c/x/v</code> combinations are universally implemented. It's really hard to remap my brain every time I go back to Emacs, so I prefer to remap Emacs. Welcome <a href="https://www.emacswiki.org/emacs/CuaMode">Cua Mode</a>, which also maps <code>undo</code> to <code>C-z</code></p>
<div class="highlight"><pre><span></span><code><span class="c1">;; Set C-c, C-x, C-v just to be in sync with the rest of the world</span>
<span class="p">(</span><span class="nv">cua-mode</span><span class="w"> </span><span class="no">t</span><span class="p">)</span>
</code></pre></div>
<p>I like Emacs to highlight the <a href="https://www.emacswiki.org/emacs/ShowParenMode">matching parenthesis</a> whenever I'm on an opening or closing one. Please note that the word "parenthesis" here refers to what are more generally called <a href="https://en.wikipedia.org/wiki/Bracket">brackets</a> in English, which includes parentheses or round brackets <code>()</code>, curly brackets or curly braces <code>{}</code>, and square brackets <code>[]</code></p>
<div class="highlight"><pre><span></span><code><span class="c1">;; Show the matching parenthesis</span>
<span class="p">(</span><span class="nv">show-paren-mode</span><span class="w"> </span><span class="mi">1</span><span class="p">)</span>
</code></pre></div>
<p>Speaking of brackets, I like to have a way to automatically match the opened ones. This is good in Lisp because there are more parentheses than words, but also in other languages like Python when dealing with complex data structures. Long story short, I mapped <code>C-]</code> to the auto-closing feature called <code>syntactic-close</code> (installed as a package)</p>
<div class="highlight"><pre><span></span><code><span class="c1">;; Syntactic close</span>
<span class="c1">;; https://github.com/emacs-berlin/syntactic-close</span>
<span class="p">(</span><span class="nv">global-set-key</span><span class="w"> </span><span class="p">(</span><span class="nv">kbd</span><span class="w"> </span><span class="s">"C-]"</span><span class="p">)</span><span class="w"> </span><span class="ss">'syntactic-close</span><span class="p">)</span>
</code></pre></div>
<p>Minibuffer is a very important part of Emacs, not only when you open files but also when running commands. I like the Ivy completion, so I installed it with MELPA and activate it. I want to have a quick access to the commands that I run previously (history), but since <code><down></code> and <code><up></code> are already used to navigate the suggestions I mapped the history functions to their Shift version. </p>
<div class="highlight"><pre><span></span><code><span class="c1">;; Ivy completion</span>
<span class="c1">;; https://github.com/abo-abo/swiper</span>
<span class="p">(</span><span class="nv">ivy-mode</span><span class="w"> </span><span class="mi">1</span><span class="p">)</span>
<span class="p">(</span><span class="nv">define-key</span><span class="w"> </span><span class="nv">ivy-minibuffer-map</span><span class="w"> </span><span class="p">(</span><span class="nv">kbd</span><span class="w"> </span><span class="s">"S-<up>"</span><span class="p">)</span><span class="w"> </span><span class="nf">#'</span><span class="nv">ivy-previous-history-element</span><span class="p">)</span>
<span class="p">(</span><span class="nv">define-key</span><span class="w"> </span><span class="nv">ivy-minibuffer-map</span><span class="w"> </span><span class="p">(</span><span class="nv">kbd</span><span class="w"> </span><span class="s">"S-<down>"</span><span class="p">)</span><span class="w"> </span><span class="nf">#'</span><span class="nv">ivy-next-history-element</span><span class="p">)</span>
</code></pre></div>
<p>The standard behaviour of <code>C-Del</code> in Emacs is far too greedy for me. I'm used to have a combination that deletes all spaces if I'm on a space, and the word if I'm on a word, so I found this</p>
<div class="highlight"><pre><span></span><code><span class="c1">;; https://stackoverflow.com/questions/17958397/emacs-delete-whitespaces-or-a-word</span>
<span class="p">(</span><span class="nb">defun</span><span class="w"> </span><span class="nv">kill-whitespace-or-word</span><span class="w"> </span><span class="p">()</span>
<span class="w"> </span><span class="p">(</span><span class="nv">interactive</span><span class="p">)</span>
<span class="w"> </span><span class="p">(</span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="nv">looking-at</span><span class="w"> </span><span class="s">"[ \t\n]"</span><span class="p">)</span>
<span class="w"> </span><span class="p">(</span><span class="k">let</span><span class="w"> </span><span class="p">((</span><span class="nv">p</span><span class="w"> </span><span class="p">(</span><span class="nv">point</span><span class="p">)))</span>
<span class="w"> </span><span class="p">(</span><span class="nv">re-search-forward</span><span class="w"> </span><span class="s">"[^ \t\n]"</span><span class="w"> </span><span class="no">nil</span><span class="w"> </span><span class="ss">:no-error</span><span class="p">)</span>
<span class="w"> </span><span class="p">(</span><span class="nv">backward-char</span><span class="p">)</span>
<span class="w"> </span><span class="p">(</span><span class="nv">kill-region</span><span class="w"> </span><span class="nv">p</span><span class="w"> </span><span class="p">(</span><span class="nv">point</span><span class="p">)))</span>
<span class="w"> </span><span class="p">(</span><span class="nv">kill-word</span><span class="w"> </span><span class="mi">1</span><span class="p">)))</span>
<span class="p">(</span><span class="nv">global-set-key</span><span class="w"> </span><span class="p">(</span><span class="nv">kbd</span><span class="w"> </span><span class="s">"C-<delete>"</span><span class="p">)</span><span class="w"> </span><span class="ss">'kill-whitespace-or-word</span><span class="p">)</span>
</code></pre></div>
<p>Last, as I have a rotating wallpaper with screenshots from my favourite films I like to see them behind the editor and the terminal, so I enable a little bit of transparency. I like this to be callable as an interactive function as I might want to remove the transparency, for example when sharing the screen, as that way the text might be easier to read.</p>
<div class="highlight"><pre><span></span><code><span class="c1">;; Set transparency of emacs</span>
<span class="c1">;; https://www.emacswiki.org/emacs/TransparentEmacs</span>
<span class="p">(</span><span class="nb">defun</span><span class="w"> </span><span class="nv">transparency</span><span class="w"> </span><span class="p">(</span><span class="nv">value</span><span class="p">)</span>
<span class="w"> </span><span class="s">"Sets the transparency of the frame window. 0=transparent/100=opaque"</span>
<span class="w"> </span><span class="p">(</span><span class="nv">interactive</span><span class="w"> </span><span class="s">"nTransparency Value 0 - 100 opaque:"</span><span class="p">)</span>
<span class="w"> </span><span class="p">(</span><span class="nv">set-frame-parameter</span><span class="w"> </span><span class="p">(</span><span class="nv">selected-frame</span><span class="p">)</span><span class="w"> </span><span class="ss">'alpha</span><span class="w"> </span><span class="nv">value</span><span class="p">))</span>
<span class="p">(</span><span class="nv">set-frame-parameter</span><span class="w"> </span><span class="p">(</span><span class="nv">selected-frame</span><span class="p">)</span><span class="w"> </span><span class="ss">'alpha</span><span class="w"> </span><span class="ss">'90</span><span class="p">)</span>
</code></pre></div>
<h2 id="keyboard-mapping">Keyboard mapping<a class="headerlink" href="#keyboard-mapping" title="Permanent link">¶</a></h2>
<p>I'm an Italian native speaker, so I often write texts in that language for my personal blog or for other reasons. In Italian, we use the accented letters à, è, é, ì, ò, ù a lot ("is" is just "è", "why" and "because" are "perché", almost all future tenses end with an accented letter, and so on), so I like to have a proper mapping. Emacs has a very powerful mode for Latin alphabet <a href="https://en.wikipedia.org/wiki/Diacritic">diacritics</a>, which is <code>latin-postfix</code>, where you can write "è" typing <code>e</code> followed by backticks, so that was my first choice. While this is very powerful, and allows me to input almost everything I need also for other languages like German, on the long run I found it very difficult to use efficiently.</p>
<p>First of all, I'm used to the Italian keymap, I know it by heart as I know the English keyboard mapping, so I tend to press keys that are supposed to insert the accented letters directly. Moreover, other software like the browser work with a system keyboard mapping (that Emacs ignores), so again, I need to rewire my brain every time I go back to the editor. Last, <code>latin-postfix</code> is far too generic and has mappings for letters like ą or ę which are created typing "a," which is a combination that we have every time we type a comma in Italian given that almost all words end in a vowel. This forces me to type "a,," whenever I need "a,", which is far too different from the normal system I'm used to.</p>
<p>The input method <code>italian-keyboard</code> unfortunately doesn't map very well on a standard modern English keyboard, so I decided to just write my own mapping using the <a href="http://web.mit.edu/Emacs/source/emacs/lisp/international/quail.el">quail</a> system, which is unsurprisingly not very well documented. I'm sorry to say it, but multilingual input has been and still is one of the great forgotten and messy topics in computer science, in particular in the open source world. Let's not even mention Chinese and other languages not based on an alphabet.</p>
<div class="highlight"><pre><span></span><code><span class="c1">; Define a proper mapping for the Italian keyboard over the English one</span>
<span class="p">(</span><span class="nv">quail-define-package</span>
<span class="w"> </span><span class="s">"italian-english-keyboard"</span><span class="w"> </span><span class="s">"Latin-1"</span><span class="w"> </span><span class="s">"IT@"</span><span class="w"> </span><span class="no">t</span>
<span class="w"> </span><span class="s">"Italian (Italiano) input method for modern English keyboards"</span>
<span class="w"> </span><span class="no">nil</span><span class="w"> </span><span class="no">t</span><span class="w"> </span><span class="no">t</span><span class="w"> </span><span class="no">t</span><span class="w"> </span><span class="no">t</span><span class="w"> </span><span class="no">nil</span><span class="w"> </span><span class="no">nil</span><span class="w"> </span><span class="no">nil</span><span class="w"> </span><span class="no">nil</span><span class="w"> </span><span class="no">nil</span><span class="w"> </span><span class="no">t</span><span class="p">)</span>
<span class="c1">;; \| 1! 2" 3£ 4$ 5% 6& 7/ 8( 9) 0= '? ì^</span>
<span class="c1">;; qQ wW eE rR tT yY uU iI oO pP èé +*</span>
<span class="c1">;; aA sS dD fF gG hH jJ kK lL òç à° ù§</span>
<span class="c1">;; <> zZ xX cC vV bB nN mM ,; .: -_</span>
<span class="c1">;; èè -> È Originally CapsLock+è</span>
<span class="c1">;; àà -> # Originally AltGr+à</span>
<span class="c1">;; òò -> @ Originally AltGr+ò</span>
<span class="c1">;; ìì -> ~ Originally AltGr+ì</span>
<span class="p">(</span><span class="nv">quail-define-rules</span>
<span class="w"> </span><span class="p">(</span><span class="s">"`"</span><span class="w"> </span><span class="nv">?\\</span><span class="p">)</span><span class="w"> </span><span class="p">(</span><span class="s">"¬"</span><span class="w"> </span><span class="nv">?|)</span>
<span class="nv"> ("^" ?&)</span>
<span class="nv"> ("&" ?/)</span>
<span class="nv"> ("*" ?\()</span>
<span class="nv"> ("(" ?\))</span>
<span class="nv"> (")" ?=)</span>
<span class="nv"> ("-" ?') ("_" ??)</span>
<span class="nv"> ("=" ?ì) ("+" ?^) ("==" ?~)</span>
<span class="nv"> ("[" ?è) ("{" ?é) ("[[" ?È)</span>
<span class="nv"> ("]" ?+) ("}" ?*)</span>
<span class="nv"> (";" ?ò) (":" ?ç) (";;" ?@)</span>
<span class="nv"> ("'" ?à) ("@" ?\°) ("''" ?#)</span>
<span class="nv"> ("#" ?ù) ("~" ?§)</span>
<span class="nv"> ("\\" ?<) ("|</span><span class="s">" ?>)</span>
<span class="s"> ("</span><span class="nb"><</span><span class="s">" ?\;)</span>
<span class="s"> ("</span><span class="nb">></span><span class="s">" ?:)</span>
<span class="s"> ("</span><span class="nb">/</span><span class="s">" ?-) ("</span><span class="nv">?</span><span class="err">"</span><span class="w"> </span><span class="nv">?_</span><span class="p">)</span>
<span class="p">)</span>
</code></pre></div>
<p>The standard Italian keyboard allows to input <code>È</code> activating CapsLock, pressing the key for <code>è</code> and deactivating CapsLock. This because <code>Shift-è</code> inputs <code>é</code>. I always found that system incredibly awkward, not to mention that it is impossible (as far as I understand) to create such a combination using quail, so I mapped it to <code>èè</code>, since that combination doesn't exist in Italian.</p>
<p>Another issue is that the Italian keyboard makes use of the right Alt key (AltGr) to input third level characters like <code>#</code>, <code>@</code>, and <code>~</code>. Again, I don't know if and how I can express these in quail so I went for a slight variation of that. Instead of typing AltGr+à for <code>#</code> I will type <code>àà</code> and so on. This is not a perfect mapping, but considering that I don't use those character that much when writing notes or blog posts I can accept it.</p>
<h2 id="lines-and-regions">Lines and regions<a class="headerlink" href="#lines-and-regions" title="Permanent link">¶</a></h2>
<p>This section is about shortcuts to interact with lines and regions. First of all something that comments the regions I highlighted or just the line I'm on. This is a good example of something that Emacs doesn't provide out of the box, maybe surprisingly, but that is easily implemented. OK, "easily" might be an overstatement, but this function is a good starting point if you want to learn how <a href="https://www.gnu.org/software/emacs/manual/html_node/elisp/">Emacs Lisp</a> works. If you are not interested you can just copy and paste it and call it a day</p>
<div class="highlight"><pre><span></span><code><span class="c1">;; Define C-/ to comment and uncomment regions and lines</span>
<span class="p">(</span><span class="nb">defun</span><span class="w"> </span><span class="nv">comment-or-uncomment-line-or-region</span><span class="w"> </span><span class="p">()</span>
<span class="w"> </span><span class="s">"Comments or uncomments the region or the current line if there's no active region."</span>
<span class="w"> </span><span class="p">(</span><span class="nv">interactive</span><span class="p">)</span>
<span class="w"> </span><span class="p">(</span><span class="k">let</span><span class="w"> </span><span class="p">(</span><span class="nv">beg</span><span class="w"> </span><span class="nv">end</span><span class="p">)</span>
<span class="w"> </span><span class="p">(</span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="nv">region-active-p</span><span class="p">)</span>
<span class="w"> </span><span class="p">(</span><span class="k">setq</span><span class="w"> </span><span class="nv">beg</span><span class="w"> </span><span class="p">(</span><span class="nv">region-beginning</span><span class="p">)</span><span class="w"> </span><span class="nv">end</span><span class="w"> </span><span class="p">(</span><span class="nv">region-end</span><span class="p">))</span>
<span class="w"> </span><span class="p">(</span><span class="k">setq</span><span class="w"> </span><span class="nv">beg</span><span class="w"> </span><span class="p">(</span><span class="nv">line-beginning-position</span><span class="p">)</span><span class="w"> </span><span class="nv">end</span><span class="w"> </span><span class="p">(</span><span class="nv">line-end-position</span><span class="p">)))</span>
<span class="w"> </span><span class="p">(</span><span class="nv">comment-or-uncomment-region</span><span class="w"> </span><span class="nv">beg</span><span class="w"> </span><span class="nv">end</span><span class="p">)</span>
<span class="w"> </span><span class="p">(</span><span class="nv">next-line</span><span class="p">)))</span>
<span class="p">(</span><span class="nv">global-set-key</span><span class="w"> </span><span class="p">(</span><span class="nv">kbd</span><span class="w"> </span><span class="s">"C-/"</span><span class="p">)</span><span class="w"> </span><span class="ss">'comment-or-uncomment-line-or-region</span><span class="p">)</span>
</code></pre></div>
<p>I want to be able to move up and down lines or regions using <code>Ctrl-Shift-up/down</code>, that is to <a href="https://github.com/rejeep/drag-stuff.el">drag stuff</a></p>
<div class="highlight"><pre><span></span><code><span class="c1">;; Drag-stuff - Drag lines and regions</span>
<span class="p">(</span><span class="nv">drag-stuff-global-mode</span><span class="w"> </span><span class="mi">1</span><span class="p">)</span>
<span class="c1">;; Use C-S-up/down</span>
<span class="p">(</span><span class="k">setq</span><span class="w"> </span><span class="nv">drag-stuff-modifier</span><span class="w"> </span><span class="o">'</span><span class="p">(</span><span class="nv">control</span><span class="w"> </span><span class="nv">shift</span><span class="p">))</span>
<span class="p">(</span><span class="nv">define-key</span><span class="w"> </span><span class="nv">drag-stuff-mode-map</span><span class="w"> </span><span class="p">(</span><span class="nv">drag-stuff--kbd</span><span class="w"> </span><span class="ss">'up</span><span class="p">)</span><span class="w"> </span><span class="ss">'drag-stuff-up</span><span class="p">)</span>
<span class="p">(</span><span class="nv">define-key</span><span class="w"> </span><span class="nv">drag-stuff-mode-map</span><span class="w"> </span><span class="p">(</span><span class="nv">drag-stuff--kbd</span><span class="w"> </span><span class="ss">'down</span><span class="p">)</span><span class="w"> </span><span class="ss">'drag-stuff-down</span><span class="p">)</span>
</code></pre></div>
<p>I also want to be able to duplicate the current line or region with <code>Ctrl-Shift-d</code>. This function is a mixture of several solutions I found on Internet, and I'm not 100% satisfied with it, as when I duplicate a region it also duplicates the last line of the region itself, even though the line is not highlighted. Again, it might be surprising that Emacs doesn't provide a solution out-of-the-box, but this way I can implement the behaviour I prefer. The fact that I'm not able to implement the exact behaviour (yet!) is part of the game, I think.</p>
<div class="highlight"><pre><span></span><code><span class="c1">;; Duplicate line with C-S-d</span>
<span class="p">(</span><span class="nb">defun</span><span class="w"> </span><span class="nv">duplicate-current-line-or-region</span><span class="w"> </span><span class="p">(</span><span class="nv">arg</span><span class="p">)</span>
<span class="w"> </span><span class="s">"Duplicates the current line or region ARG times.</span>
<span class="s">If there's no region, the current line will be duplicated. However, if</span>
<span class="s">there's a region, all lines that region covers will be duplicated."</span>
<span class="w"> </span><span class="p">(</span><span class="nv">interactive</span><span class="w"> </span><span class="s">"p"</span><span class="p">)</span>
<span class="w"> </span><span class="p">(</span><span class="k">let</span><span class="w"> </span><span class="p">(</span><span class="nv">beg</span><span class="w"> </span><span class="nv">end</span><span class="w"> </span><span class="p">(</span><span class="nv">origin</span><span class="w"> </span><span class="p">(</span><span class="nv">point</span><span class="p">)))</span>
<span class="w"> </span><span class="p">(</span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="nb">and</span><span class="w"> </span><span class="nv">mark-active</span><span class="w"> </span><span class="p">(</span><span class="nb">></span><span class="w"> </span><span class="p">(</span><span class="nv">point</span><span class="p">)</span><span class="w"> </span><span class="p">(</span><span class="nv">mark</span><span class="p">)))</span>
<span class="w"> </span><span class="p">(</span><span class="nv">exchange-point-and-mark</span><span class="p">))</span>
<span class="w"> </span><span class="p">(</span><span class="k">setq</span><span class="w"> </span><span class="nv">beg</span><span class="w"> </span><span class="p">(</span><span class="nv">line-beginning-position</span><span class="p">))</span>
<span class="w"> </span><span class="p">(</span><span class="k">if</span><span class="w"> </span><span class="nv">mark-active</span>
<span class="w"> </span><span class="p">(</span><span class="nv">exchange-point-and-mark</span><span class="p">))</span>
<span class="w"> </span><span class="p">(</span><span class="k">setq</span><span class="w"> </span><span class="nv">end</span><span class="w"> </span><span class="p">(</span><span class="nv">line-end-position</span><span class="p">))</span>
<span class="w"> </span><span class="p">(</span><span class="k">let</span><span class="w"> </span><span class="p">((</span><span class="nv">region</span><span class="w"> </span><span class="p">(</span><span class="nv">buffer-substring-no-properties</span><span class="w"> </span><span class="nv">beg</span><span class="w"> </span><span class="nv">end</span><span class="p">)))</span>
<span class="w"> </span><span class="p">(</span><span class="nb">dotimes</span><span class="w"> </span><span class="p">(</span><span class="nv">i</span><span class="w"> </span><span class="nv">arg</span><span class="p">)</span>
<span class="w"> </span><span class="p">(</span><span class="nv">goto-char</span><span class="w"> </span><span class="nv">end</span><span class="p">)</span>
<span class="w"> </span><span class="p">(</span><span class="nv">newline</span><span class="p">)</span>
<span class="w"> </span><span class="p">(</span><span class="nv">insert</span><span class="w"> </span><span class="nv">region</span><span class="p">)</span>
<span class="w"> </span><span class="p">(</span><span class="k">setq</span><span class="w"> </span><span class="nv">end</span><span class="w"> </span><span class="p">(</span><span class="nv">point</span><span class="p">)))</span>
<span class="w"> </span><span class="p">(</span><span class="nv">goto-char</span><span class="w"> </span><span class="p">(</span><span class="nb">+</span><span class="w"> </span><span class="nv">origin</span><span class="w"> </span><span class="p">(</span><span class="nb">*</span><span class="w"> </span><span class="p">(</span><span class="nb">length</span><span class="w"> </span><span class="nv">region</span><span class="p">)</span><span class="w"> </span><span class="nv">arg</span><span class="p">)</span><span class="w"> </span><span class="nv">arg</span><span class="p">)))))</span>
<span class="p">(</span><span class="nv">global-set-key</span><span class="w"> </span><span class="p">(</span><span class="nv">kbd</span><span class="w"> </span><span class="s">"C-S-d"</span><span class="p">)</span><span class="w"> </span><span class="ss">'duplicate-current-line-or-region</span><span class="p">)</span>
</code></pre></div>
<p>Multiple cursors! Emacs has an implementation of <a href="https://github.com/magnars/multiple-cursors.el">multiple cursors</a>, that is slightly different from the Sublime Text one, but that can be customised to my needs. Most notably, multiple cursors don't work perfectly with some parts of the editor like <code>TAB</code> for indentation, which is not automatically applied to all of them. So, this part of the setup is not perfect, but it's definitely usable and effective.</p>
<p><code>Ctrl-d</code> creates a second cursor on the next repetition of the current word, <code>Ctrl-c Ctrl-d</code> marks all the repetitions in the text, <code>Ctrl-Alt-up/down</code> add a new cursor on the previous/following line, and last <code>Ctrl-Alt-d</code> marks all the lines in a region</p>
<div class="highlight"><pre><span></span><code><span class="c1">;; Multiple cursors</span>
<span class="p">(</span><span class="nv">global-set-key</span><span class="w"> </span><span class="p">(</span><span class="nv">kbd</span><span class="w"> </span><span class="s">"C-d"</span><span class="p">)</span><span class="w"> </span><span class="ss">'mc/mark-next-like-this-word</span><span class="p">)</span>
<span class="p">(</span><span class="nv">global-set-key</span><span class="w"> </span><span class="p">(</span><span class="nv">kbd</span><span class="w"> </span><span class="s">"C-c C-d"</span><span class="p">)</span><span class="w"> </span><span class="ss">'mc/mark-all-words-like-this</span><span class="p">)</span>
<span class="p">(</span><span class="nv">global-set-key</span><span class="w"> </span><span class="p">(</span><span class="nv">kbd</span><span class="w"> </span><span class="s">"C-M-<up>"</span><span class="p">)</span><span class="w"> </span><span class="ss">'mc/mark-previous-lines</span><span class="p">)</span>
<span class="p">(</span><span class="nv">global-set-key</span><span class="w"> </span><span class="p">(</span><span class="nv">kbd</span><span class="w"> </span><span class="s">"C-M-<down>"</span><span class="p">)</span><span class="w"> </span><span class="ss">'mc/mark-next-lines</span><span class="p">)</span>
<span class="p">(</span><span class="nv">global-set-key</span><span class="w"> </span><span class="p">(</span><span class="nv">kbd</span><span class="w"> </span><span class="s">"C-M-d"</span><span class="p">)</span><span class="w"> </span><span class="ss">'mc/edit-lines</span><span class="p">)</span>
</code></pre></div>
<p>How many times do I need to highlight the whole buffer? More than I imagined, so I defined the classic <code>Ctrl-a</code> shortcut</p>
<div class="highlight"><pre><span></span><code><span class="c1">;; C-a marks the whole buffer</span>
<span class="p">(</span><span class="nv">global-set-key</span><span class="w"> </span><span class="p">(</span><span class="nv">kbd</span><span class="w"> </span><span class="s">"C-a"</span><span class="p">)</span><span class="w"> </span><span class="ss">'mark-whole-buffer</span><span class="p">)</span>
</code></pre></div>
<h2 id="windows-and-buffers">Windows and buffers<a class="headerlink" href="#windows-and-buffers" title="Permanent link">¶</a></h2>
<p>As everyone else, when I code I need to keep multiple files open, and often to have them side-by-side. Emacs provides out of the box the window split shortcuts <code>Ctrl-2</code> (horizontal split) and <code>Ctrl-3</code> (vertical split), but I need a shortcut to quickly move between them. Enter <a href="https://www.emacswiki.org/emacs/WindMove">Windmove</a>, which by default uses <code>Shift-<arrow></code> combinations, which I instead want to keep for highlighting regions, so I remapped it to <code>Alt-<arrow></code></p>
<div class="highlight"><pre><span></span><code><span class="c1">;; Windmove - move between windows use ALT</span>
<span class="p">(</span><span class="nv">windmove-default-keybindings</span><span class="w"> </span><span class="ss">'meta</span><span class="p">)</span>
<span class="c1">;; Unset Shift-arrow keybindings</span>
<span class="p">(</span><span class="nv">global-unset-key</span><span class="w"> </span><span class="p">(</span><span class="nb">vector</span><span class="w"> </span><span class="p">(</span><span class="nb">list</span><span class="w"> </span><span class="ss">'shift</span><span class="w"> </span><span class="ss">'left</span><span class="p">)))</span>
<span class="p">(</span><span class="nv">global-unset-key</span><span class="w"> </span><span class="p">(</span><span class="nb">vector</span><span class="w"> </span><span class="p">(</span><span class="nb">list</span><span class="w"> </span><span class="ss">'shift</span><span class="w"> </span><span class="ss">'right</span><span class="p">)))</span>
<span class="p">(</span><span class="nv">global-unset-key</span><span class="w"> </span><span class="p">(</span><span class="nb">vector</span><span class="w"> </span><span class="p">(</span><span class="nb">list</span><span class="w"> </span><span class="ss">'shift</span><span class="w"> </span><span class="ss">'up</span><span class="p">)))</span>
<span class="p">(</span><span class="nv">global-unset-key</span><span class="w"> </span><span class="p">(</span><span class="nb">vector</span><span class="w"> </span><span class="p">(</span><span class="nb">list</span><span class="w"> </span><span class="ss">'shift</span><span class="w"> </span><span class="ss">'down</span><span class="p">)))</span>
</code></pre></div>
<p>Next I need to move between buffers (open files not currently visible) Emacs used buffers also for its own internal logs, and all those buffers have a name surrounded by <code>*</code>, so I filter them out when I move through open files</p>
<div class="highlight"><pre><span></span><code><span class="c1">;; Skip system buffers when cycling</span>
<span class="p">(</span><span class="nv">set-frame-parameter</span><span class="w"> </span><span class="p">(</span><span class="nv">selected-frame</span><span class="p">)</span><span class="w"> </span><span class="ss">'buffer-predicate</span>
<span class="w"> </span><span class="p">(</span><span class="k">lambda</span><span class="w"> </span><span class="p">(</span><span class="nv">buf</span><span class="p">)</span><span class="w"> </span><span class="p">(</span><span class="nb">not</span><span class="w"> </span><span class="p">(</span><span class="nv">string-match-p</span><span class="w"> </span><span class="s">"^*"</span><span class="w"> </span><span class="p">(</span><span class="nv">buffer-name</span><span class="w"> </span><span class="nv">buf</span><span class="p">)))))</span>
</code></pre></div>
<p>To move between buffers I map <code>previous-buffer</code> and <code>next-buffer</code> to <code>Ctrl-Super-left/right</code> (Super here is my left Win key, which is between Ctrl and Alt)</p>
<div class="highlight"><pre><span></span><code><span class="c1">;; Map previous and next buffer to C-s-</span>
<span class="p">(</span><span class="nv">global-set-key</span><span class="w"> </span><span class="p">(</span><span class="nv">kbd</span><span class="w"> </span><span class="s">"C-s-<left>"</span><span class="p">)</span><span class="w"> </span><span class="ss">'previous-buffer</span><span class="p">)</span>
<span class="p">(</span><span class="nv">global-set-key</span><span class="w"> </span><span class="p">(</span><span class="nv">kbd</span><span class="w"> </span><span class="s">"C-s-<right>"</span><span class="p">)</span><span class="w"> </span><span class="ss">'next-buffer</span><span class="p">)</span>
</code></pre></div>
<p>Oh, I love the <a href="https://github.com/roman/golden-ratio.el">golden ratio mode</a> that splits window giving more space to the current one </p>
<div class="highlight"><pre><span></span><code><span class="c1">;; Golden ratio mode</span>
<span class="p">(</span><span class="nb">require</span><span class="w"> </span><span class="ss">'golden-ratio</span><span class="p">)</span>
<span class="p">(</span><span class="nv">golden-ratio-mode</span><span class="w"> </span><span class="mi">1</span><span class="p">)</span>
</code></pre></div>
<h2 id="spell-checking">Spell checking<a class="headerlink" href="#spell-checking" title="Permanent link">¶</a></h2>
<p>When I will learn how to properly spell <code>inconceivably</code> and <code>counter-intuitive</code> I might get rid of this. In the meanwhile a good spell check is a blessing from heaven. I haven't used function keys that much so far, and since I'm used to the standard Sublime Text mapping <code>F6</code> I reused that.</p>
<div class="highlight"><pre><span></span><code><span class="c1">;; Spell check</span>
<span class="p">(</span><span class="nv">global-set-key</span><span class="w"> </span><span class="p">(</span><span class="nv">kbd</span><span class="w"> </span><span class="s">"<f6>"</span><span class="p">)</span><span class="w"> </span><span class="ss">'flyspell-mode</span><span class="p">)</span>
<span class="c1">;; Spell check with hunspell</span>
<span class="p">(</span><span class="nb">when</span><span class="w"> </span><span class="p">(</span><span class="nv">executable-find</span><span class="w"> </span><span class="s">"hunspell"</span><span class="p">)</span>
<span class="w"> </span><span class="p">(</span><span class="nv">setq-default</span><span class="w"> </span><span class="nv">ispell-program-name</span><span class="w"> </span><span class="s">"hunspell"</span><span class="p">)</span>
<span class="w"> </span><span class="p">(</span><span class="k">setq</span><span class="w"> </span><span class="nv">ispell-really-hunspell</span><span class="w"> </span><span class="no">t</span><span class="p">))</span>
</code></pre></div>
<p>By the way, I misspell simpler words all the time, no need to get into inconceivably counter-intuitive words. And I'm sure there will be typos in this text, no matter how many times I check and read it =)</p>
<h2 id="python-development">Python development<a class="headerlink" href="#python-development" title="Permanent link">¶</a></h2>
<p>At last, let's get into development! Emacs has a very good package for Python, called <a href="https://elpy.readthedocs.io/en/latest/">Elpy</a>.</p>
<div class="highlight"><pre><span></span><code><span class="c1">;; Enable Elpy for Python development</span>
<span class="c1">;; https://elpy.readthedocs.io/en/latest/</span>
<span class="p">(</span><span class="k">setq</span><span class="w"> </span><span class="nv">elpy-rpc-python-command</span><span class="w"> </span><span class="s">"python3"</span><span class="p">)</span>
<span class="p">(</span><span class="nv">elpy-enable</span><span class="p">)</span>
</code></pre></div>
<p>There are some adjustment needed to prevent the mode to override the Windmove and other binding</p>
<div class="highlight"><pre><span></span><code><span class="c1">;; Prevent Elpy from overriding Windmove shortcuts</span>
<span class="p">(</span><span class="nv">eval-after-load</span><span class="w"> </span><span class="s">"elpy"</span>
<span class="w"> </span><span class="o">'</span><span class="p">(</span><span class="nv">cl-dolist</span><span class="w"> </span><span class="p">(</span><span class="nv">key</span><span class="w"> </span><span class="o">'</span><span class="p">(</span><span class="s">"M-<up>"</span><span class="w"> </span><span class="s">"M-<down>"</span><span class="w"> </span><span class="s">"M-<left>"</span><span class="w"> </span><span class="s">"M-<right>"</span><span class="p">))</span>
<span class="w"> </span><span class="p">(</span><span class="nv">define-key</span><span class="w"> </span><span class="nv">elpy-mode-map</span><span class="w"> </span><span class="p">(</span><span class="nv">kbd</span><span class="w"> </span><span class="nv">key</span><span class="p">)</span><span class="w"> </span><span class="no">nil</span><span class="p">)))</span>
<span class="c1">;; Prevent Elpy from overriding standard cursor movements</span>
<span class="p">(</span><span class="nv">eval-after-load</span><span class="w"> </span><span class="s">"elpy"</span>
<span class="w"> </span><span class="o">'</span><span class="p">(</span><span class="nv">cl-dolist</span><span class="w"> </span><span class="p">(</span><span class="nv">key</span><span class="w"> </span><span class="o">'</span><span class="p">(</span><span class="s">"C-<left>"</span><span class="w"> </span><span class="s">"C-<right>"</span><span class="p">))</span>
<span class="w"> </span><span class="p">(</span><span class="nv">define-key</span><span class="w"> </span><span class="nv">elpy-mode-map</span><span class="w"> </span><span class="p">(</span><span class="nv">kbd</span><span class="w"> </span><span class="nv">key</span><span class="p">)</span><span class="w"> </span><span class="no">nil</span><span class="p">)))</span>
</code></pre></div>
<p>Since I use <a href="https://github.com/psf/black">black</a> to format Python code I run it on save. Plus I have a shortcut to fix the syntax in the buffer at any time. Since the syntax document is PEP8 <code>C-8</code> is a nice combination.</p>
<div class="highlight"><pre><span></span><code><span class="c1">;; Run black on save</span>
<span class="p">(</span><span class="nv">add-hook</span><span class="w"> </span><span class="ss">'elpy-mode-hook</span><span class="w"> </span><span class="p">(</span><span class="k">lambda</span><span class="w"> </span><span class="p">()</span>
<span class="w"> </span><span class="p">(</span><span class="nv">add-hook</span><span class="w"> </span><span class="ss">'before-save-hook</span><span class="w"> </span><span class="ss">'elpy-black-fix-code</span><span class="w"> </span><span class="no">nil</span><span class="w"> </span><span class="no">t</span><span class="p">)))</span>
<span class="c1">;; Set C-8 to format Python code</span>
<span class="p">(</span><span class="nv">global-set-key</span><span class="w"> </span><span class="p">(</span><span class="nv">kbd</span><span class="w"> </span><span class="s">"C-8"</span><span class="p">)</span><span class="w"> </span><span class="ss">'elpy-black-fix-code</span><span class="p">)</span>
</code></pre></div>
<h2 id="javascript-development">JavaScript development<a class="headerlink" href="#javascript-development" title="Permanent link">¶</a></h2>
<p>Let's go full-stack and add some JavaScript and JSX to the recipe. The <a href="https://github.com/felipeochoa/rjsx-mode">rjsx-mode</a> is perfect for React development and similar things</p>
<div class="highlight"><pre><span></span><code><span class="c1">;; JSX</span>
<span class="c1">;;https://github.com/felipeochoa/rjsx-mode</span>
<span class="p">(</span><span class="nv">add-to-list</span><span class="w"> </span><span class="ss">'auto-mode-alist</span><span class="w"> </span><span class="o">'</span><span class="p">(</span><span class="s">"\\.js\\'"</span><span class="w"> </span><span class="o">.</span><span class="w"> </span><span class="nv">rjsx-mode</span><span class="p">))</span>
<span class="c1">;; Don't override my beloved multiple cursors</span>
<span class="p">(</span><span class="nv">with-eval-after-load</span><span class="w"> </span><span class="ss">'rjsx-mode</span>
<span class="w"> </span><span class="p">(</span><span class="nv">define-key</span><span class="w"> </span><span class="nv">rjsx-mode-map</span><span class="w"> </span><span class="p">(</span><span class="nv">kbd</span><span class="w"> </span><span class="s">"C-d"</span><span class="p">)</span><span class="w"> </span><span class="no">nil</span><span class="p">))</span>
</code></pre></div>
<p>As I will install Node.js modules locally in <code>node_modules</code> I want code formatters and other tools to run the binaries stored there</p>
<div class="highlight"><pre><span></span><code><span class="c1">;; Use binaries in node_modules</span>
<span class="c1">;; https://github.com/codesuki/add-node-modules-path</span>
<span class="p">(</span><span class="nv">add-hook</span><span class="w"> </span><span class="ss">'js2-mode-hook</span><span class="w"> </span><span class="ss">'add-node-modules-path</span><span class="p">)</span>
</code></pre></div>
<p>And also JS need to be beautified, at least when I have to read and understand it. I use <a href="https://prettier.io/">prettier</a> and <a href="https://github.com/prettier/prettier-emacs">prettier-emacs</a></p>
<div class="highlight"><pre><span></span><code><span class="c1">;; Pretty JS code</span>
<span class="c1">;; https://github.com/prettier/prettier-emacs</span>
<span class="p">(</span><span class="nb">require</span><span class="w"> </span><span class="ss">'prettier-js</span><span class="p">)</span>
<span class="p">(</span><span class="nv">add-hook</span><span class="w"> </span><span class="ss">'js2-mode-hook</span><span class="w"> </span><span class="ss">'prettier-js-mode</span><span class="p">)</span>
</code></pre></div>
<h2 id="other-languages">Other languages<a class="headerlink" href="#other-languages" title="Permanent link">¶</a></h2>
<p>Other languages I use are less demanding in term of customisation (generally because they are simpler or less general-purpose). The <a href="https://github.com/emacsorphanage/terraform-mode">Terraform mode</a> automatically fixes the syntax of the file on save</p>
<div class="highlight"><pre><span></span><code><span class="c1">;; Terraform</span>
<span class="c1">;; https://github.com/emacsorphanage/terraform-mode</span>
<span class="p">(</span><span class="nb">require</span><span class="w"> </span><span class="ss">'terraform-mode</span><span class="p">)</span>
<span class="p">(</span><span class="nv">add-to-list</span><span class="w"> </span><span class="ss">'auto-mode-alist</span><span class="w"> </span><span class="o">'</span><span class="p">(</span><span class="s">"\\.tf\\'"</span><span class="w"> </span><span class="o">.</span><span class="w"> </span><span class="nv">terraform-mode</span><span class="p">))</span>
<span class="p">(</span><span class="nv">add-hook</span><span class="w"> </span><span class="ss">'terraform-mode-hook</span><span class="w"> </span><span class="nf">#'</span><span class="nv">terraform-format-on-save-mode</span><span class="p">)</span>
<span class="c1">;; YAML</span>
<span class="p">(</span><span class="nb">require</span><span class="w"> </span><span class="ss">'yaml-mode</span><span class="p">)</span>
<span class="p">(</span><span class="nv">add-to-list</span><span class="w"> </span><span class="ss">'auto-mode-alist</span><span class="w"> </span><span class="o">'</span><span class="p">(</span><span class="s">"\\.ya?ml\\'"</span><span class="w"> </span><span class="o">.</span><span class="w"> </span><span class="nv">yaml-mode</span><span class="p">))</span>
</code></pre></div>
<h2 id="files-and-projects">Files and projects<a class="headerlink" href="#files-and-projects" title="Permanent link">¶</a></h2>
<p>My setup is still a work in progress here, I'm testing <a href="https://docs.projectile.mx/projectile/usage.html">Projectile</a>, <a href="https://github.com/raxod502/prescient.el">Prescient</a>, and <a href="https://github.com/Alexander-Miller/treemacs">Treemacs</a>. So far, only Projectile made it to the configuration file, but I'm not using it that much yet. I think I might use a good sidebar with Git integration through colours and icons, but I still have to find something I feel comfortable with.</p>
<div class="highlight"><pre><span></span><code><span class="c1">;; Projectile</span>
<span class="c1">;; https://docs.projectile.mx/projectile/usage.html</span>
<span class="p">(</span><span class="nb">require</span><span class="w"> </span><span class="ss">'projectile</span><span class="p">)</span>
<span class="p">(</span><span class="nv">define-key</span><span class="w"> </span><span class="nv">projectile-mode-map</span><span class="w"> </span><span class="p">(</span><span class="nv">kbd</span><span class="w"> </span><span class="s">"s-p"</span><span class="p">)</span><span class="w"> </span><span class="ss">'projectile-command-map</span><span class="p">)</span>
<span class="p">(</span><span class="nv">projectile-mode</span><span class="w"> </span><span class="mi">+1</span><span class="p">)</span>
<span class="p">(</span><span class="k">setq</span><span class="w"> </span><span class="nv">projectile-completion-system</span><span class="w"> </span><span class="ss">'ivy</span><span class="p">)</span>
</code></pre></div>
<h2 id="the-custom-file">The custom file<a class="headerlink" href="#the-custom-file" title="Permanent link">¶</a></h2>
<p>As I mentioned when I discussed the preamble the file <code>.emacs-custom</code> contains the customisation of variables and faces, and this is what I have</p>
<div class="highlight"><pre><span></span><code><span class="p">(</span><span class="nv">custom-set-variables</span>
<span class="w"> </span><span class="c1">;; custom-set-variables was added by Custom.</span>
<span class="w"> </span><span class="c1">;; If you edit it by hand, you could mess it up, so be careful.</span>
<span class="w"> </span><span class="c1">;; Your init file should contain only one such instance.</span>
<span class="w"> </span><span class="c1">;; If there is more than one, they won't work right.</span>
<span class="w"> </span><span class="o">'</span><span class="p">(</span><span class="nv">ansi-color-faces-vector</span>
<span class="w"> </span><span class="nv">[default</span><span class="w"> </span><span class="nv">default</span><span class="w"> </span><span class="nv">default</span><span class="w"> </span><span class="nv">italic</span><span class="w"> </span><span class="nv">underline</span><span class="w"> </span><span class="nv">success</span><span class="w"> </span><span class="kt">warning</span><span class="w"> </span><span class="nv">error]</span><span class="p">)</span>
<span class="w"> </span><span class="o">'</span><span class="p">(</span><span class="nv">custom-enabled-themes</span><span class="w"> </span><span class="p">(</span><span class="k">quote</span><span class="w"> </span><span class="p">(</span><span class="nv">tango-dark</span><span class="p">)))</span>
<span class="w"> </span><span class="o">'</span><span class="p">(</span><span class="nv">default-input-method</span><span class="w"> </span><span class="p">(</span><span class="k">quote</span><span class="w"> </span><span class="nv">italian-english-keyboard</span><span class="p">))</span>
<span class="w"> </span><span class="o">'</span><span class="p">(</span><span class="nv">inhibit-startup-screen</span><span class="w"> </span><span class="no">t</span><span class="p">)</span>
<span class="w"> </span><span class="o">'</span><span class="p">(</span><span class="nv">js-indent-level</span><span class="w"> </span><span class="mi">2</span><span class="p">)</span>
<span class="w"> </span><span class="o">'</span><span class="p">(</span><span class="nv">package-selected-packages</span>
<span class="w"> </span><span class="p">(</span><span class="k">quote</span>
<span class="w"> </span><span class="p">(</span><span class="nv">syntactic-close</span><span class="w"> </span><span class="nv">ivy</span><span class="w"> </span><span class="nv">projectile</span><span class="w"> </span><span class="nv">rjsx-mode</span><span class="w"> </span><span class="nv">js2-mode</span><span class="w"> </span><span class="nv">golden-ratio</span>
<span class="w"> </span><span class="nv">add-node-modules-path</span><span class="w"> </span><span class="nv">prettier-js</span><span class="w"> </span><span class="nv">tide</span><span class="w"> </span><span class="nv">elpy</span><span class="w"> </span><span class="nv">jinja2-mode</span><span class="w"> </span><span class="nv">drag-stuff</span>
<span class="w"> </span><span class="nv">markdown-mode</span><span class="w"> </span><span class="nv">fcitx</span><span class="w"> </span><span class="nv">command-log-mode</span><span class="w"> </span><span class="nv">yaml-mode</span><span class="w"> </span><span class="nv">terraform-mode</span><span class="w"> </span><span class="nv">multiple-cursors</span><span class="p">))))</span>
<span class="p">(</span><span class="nv">custom-set-faces</span>
<span class="w"> </span><span class="c1">;; custom-set-faces was added by Custom.</span>
<span class="w"> </span><span class="c1">;; If you edit it by hand, you could mess it up, so be careful.</span>
<span class="w"> </span><span class="c1">;; Your init file should contain only one such instance.</span>
<span class="w"> </span><span class="c1">;; If there is more than one, they won't work right.</span>
<span class="w"> </span><span class="o">'</span><span class="p">(</span><span class="nv">flymake-error</span><span class="w"> </span><span class="p">((</span><span class="no">t</span><span class="w"> </span><span class="p">(</span><span class="ss">:foreground</span><span class="w"> </span><span class="s">"orange red"</span><span class="w"> </span><span class="ss">:background</span><span class="w"> </span><span class="s">"yellow"</span><span class="p">))))</span>
<span class="w"> </span><span class="o">'</span><span class="p">(</span><span class="nv">js2-external-variable</span><span class="w"> </span><span class="p">((</span><span class="no">t</span><span class="w"> </span><span class="p">(</span><span class="ss">:foreground</span><span class="w"> </span><span class="s">"orange red"</span><span class="w"> </span><span class="ss">:background</span><span class="w"> </span><span class="s">"yellow"</span><span class="p">)))))</span>
</code></pre></div>
<p>As you can see I have a default theme <code>tango-dark</code>. The default alternate input method activated by <code>C-\</code> is the one I defined previously, <code>italian-english-keyboard</code>. JavaScript uses 2 spaces for indentation, and last I changed some colours to make errors in Python and JavaScript stand out very clearly.</p>
<h2 id="final-words">Final words<a class="headerlink" href="#final-words" title="Permanent link">¶</a></h2>
<p>Any configuration is a work in progress, as it changes with the personal preferences and the requirements, but this has been my configuration for a while now, so it seems pretty stable. I hope this might help whoever wants to try emacs or who is already using it but struggles to properly configure it. Happy coding!</p>
<h2 id="feedback">Feedback<a class="headerlink" href="#feedback" title="Permanent link">¶</a></h2>
<p>Feel free to reach me on <a href="https://twitter.com/thedigicat">Twitter</a> if you have questions. The <a href="https://github.com/TheDigitalCatOnline/blog_source/issues">GitHub issues</a> page is the best place to submit corrections.</p>