And the reality is, I probably don’t. I can’t just go read the whole of cpprefference.com[1]. I also definitely wont go and read all of every C++ Standards Committee paper. Because that would be insane. But what I did do what you also can and should do is read learncpp.com.

Learncpp.com is a well written, concise rendering of the foundational knowledge required to write C++. But many of the concepts can be transferred to programming languages in general. I can confidently say I’m a far better software engineer than I was before I started reading it.

I’m not going to summarise learncpp.com in this article. Instead, I’ll share a list of things that, as an experienced DevOps engineer who’s mostly only ever used Python, were either a brand new concept to me or were a correction to a misunderstanding I had based on some false assumptions I’d made long ago. My hope for this article? I want the inquisitive reader to be the informed reader. To see that there’s so many things readers may not have known about C++ that the authors cover in expertly succinct detail with examples, quizzes and zero condescending tones.

A disclaimer: learncpp is still a working site and the writers are updating it constantly, not only when new cpp standards are released but also just depending on how readers respond to each article, feedback is listened to and new articles are written all the time. So this article may become outdated very quickly but with that in mind, lets treat this like a snapshot in time.

Compile time optimisations and the constexpr keyword

The compiler will try (when configured as such) to optimise as much as it can. There are a lot of optimisation techniques the compiler uses. One such technique is called constant propagation. It’s when the compiler replaces occurrences of a variable that is known to be constant with its value, saving the user time that would otherwise be spent fetching the variable from memory.

Another one of the techniques compilers use is called compile-time evaluation. That is, the compiler will look for any expressions that are evaluatable at compile-time (such as, variables that do not change after their initialisation, const variable declarations and statements that use only constant variables). It will then evaluate those expressions at compile time, replacing anywhere in the code that they appear with their evaluated expression.

Programmers can use the constexpr keyword in a few different ways to tell the compiler that the expression is evaluatable at compile-time (though the compiler has the final say on whether or not it does actually perform the evaluation at compile-time.)

Programmers can force the compiler to evaluate a statement at compile-time. A statement in an initialiser for a constexpr object will force the compiler to evaluate the statement at compile time. This means the statement must also be a constexpr. If it isn’t, the compiler will error.

int main() { 
    constexpr int expr { 7 }; // expr **may** be evaluated at compile time
}

int main() { 
    constexpr int expr { 7 }; // Because variable x is constexpr, expr must
    constexpr int x { expr }; // be evaluted at compile-time
}

Of course coming from an interpreted language, I’ve never considered how optimisations work or what degree of control the user might have over them. The authors of learncpp.com go into more details and cover a few more optimisation techniques used in compilers.

The static keyword does COMPLETELY different things depending on where it is used

Static means a few different things in C++. Static-scope refers to objects that remain in-scope throughout the life of the program when it is run (as opposed to automatic-scope variables which go out of scope as soon as the execution gets past the braced section (block statement) of code inside which the variable was declared.)

int x { 80 };    // x is a global variable. global variables have static-scope 

int main () {
    int y { 100 };    // y has automatic scope
    {
        int z { 120 };    // z also has automatic scope
    }    // z goes out of scope here
}    // y goes out of scope here
// x remains in scope until the program exits

The static keyword can be used to declare a statically scoped variable within a block of code. Doing so will create a static local variable. This variable will exist in memory throughout the life of the program, just like a global variable. The difference is that the static local variable is only accessible from within the block statement. This is useful in functions that are called multiple times where we want an object used in the function to persist between function calls (eg. a unique id number that is incremented every time a function is called.)

The static keyword can also be used in the global namespace (not within any block statements). This will make objects and functions internally linked (as non-const global expressions and functions default to external linkeage). This means the internally linked global variable is only accessible within the translation unit (file) that they are declared in. Externally linked globals on the other hand can be accessed from any translation unit.
There’s so much more under this topic including namespaces, using directives, and inline functions. Chapter 7 is a brilliant read for anyone who finds C++ semantics daunting at first glance.

Templating classes, functions, Aliases - Oh my!

Seeing an unfamiliar symbol in a language can be a bit spooky. You might spend some time ignoring it, hoping it’ll go away. After all, surely those angled brackets are more afraid of you than you are of them. right? Let’s hope so. Angled brackets are used in C++ in templating, both declaring and invoking. lets see my beautiful examples.

In Python, everything is sort of pass by reference and completely untyped. That is, any object can become any type at any time with not so much as a judgmental side-eye from the interpreter. It will happily create a single array of [int, int, char, string, double, whateveryoulike] and allow users to change any of those array items into anything else. I knew going into C++ that this wasn’t the case as I had messed around with statically typed languages like Java and Arduino C before. So if a user were to try to define a function (or class) in C++, the compiler would need to know exactly what types it can expect as function parameters (or class members).

#include <iostream>
#include <string>
void myprintfunc(std::string x) {
    std::cout << "my parameter: " << x << "\n";
}

int main () {
    myprintfunc("spaghetti"); // outputs: "my parameter: spaghetti"
    myprintfunc(8.5); // compile time error: no matching function for parameter of type "float"
}

In the above example, we have a function that can take a string. But what if we wanted to pass it a float? One way to solve this would be to write overloaded functions for each parameter type that users are expected to need. This would quickly become a long and tiresome task. Codebases might have hundreds of functions like this. Each would need overloaded versions for each parameter type. It would also rely on the programmer to know exactly what types are expected and to not mistakenly forget any types.

The neat C++ alternative is to use templating (the spooky, scary angled brackets <>). By using a templated function here, the compiler can be instructed to generate its own overloaded functions as required by the code that calls it.

#include <iostream>
#include <string>

template <typename T>
void myprintfunc(T x) {
    std::cout << "my parameter: " << x << "\n";
}

int main () {
    myprintfunc<int>(8);         // outputs: "my parameter: 8"
    myprintfunc<double>(8.5);    // outputs: "my parameter: 8.5"
    myprintfunc<std::string>(std::string("hello world"));    // outputs: "my parameter: hello world"
}

Behind the scenes, the compiler generates overloaded functions every time the function is called with a new type in <> angled brackets.
In C++20 and newer, the angled brackets can be omitted sometimes if the type can be inferred.

Templating can also be used to create class templates in much the same way. It just allows the user to create objects of that class with any type substituted for T. Templating is used a lot in the standard library (eg. in std::array and std::vector for example). I use templating in all my classes in my Cpp data structures and algorithms library.

Overloading operators (and functions)

Operators in C++ are implemented as functions. The arguments to the operator are the operands that appear on either side of it. Operators can be unary, binary or ternary where they have 1, 2 or 3 arguments (eg. -19 uses the unary - operator to flip the sign of the value, 2+2 uses the binary + operator to add the arguments on either side of it.)[2]

Just like functions, operators can be overloaded to extend their functionality. Lets say for example, we create a new class. If we try to send an instance of that class to the output stream via the << operator, we will get a compilation error because << doesn’t know what to do with our new class. We can overload it to “teach” it how to print to console.

class Myint {
public:
    int m_int {30};
};

std::ostream& operator<< (std::ostream& out, const Myint& myint)
{
    out << myint.m_int;
    return out;    // we have to return std::cout here so we can chain << operators together.
}
}

int main() {
    Myint newint {};
    std::cout << newint;    // prints myint.m_int to console
}

When overloading a binary operator, the 1st parameter is the left operand (what appears on the left side of the operator in normal use) and the 2nd parameter is the right operand. We can overload operators outside any class body (as above) or we would overload operators using member functions (also known as methods). Because member functions 1st argument is always the implicit object (this in C++, self in python, Java and others) we can omit the 1st argument in the definition as we would a member function definition.

I’ve never stopped to consider how operators are implemented in a language before. Since learning about operator overloading in C++, I will always be thinking about this whenever I learn a new language.

the = delete specifier

For a language known for being strict and explicit, there’s actually a lot of ways that C++ allows implicit conversions, promotions, and type inference.

For example, chars can be implicitly converted to integral types. If we have a function that accepts an int parameter, but it is called with a parameter of type char, the char will be implicitly converted into an int so that the function may be used.

If we need to prevent this behavior, we can tell the compiler not to use specific overloads of the function.

// code example from learncpp.com (https://www.learncpp.com/cpp-tutorial/deleting-functions/)
#include <iostream>

void printInt(int x)
{
    std::cout << x << '\n';
}

void printInt(char) = delete; // calls to this function will halt compilation
void printInt(bool) = delete; // calls to this function will halt compilation

int main()
{
    printInt(97);   // okay
    printInt('a');  // compile error: function deleted
    printInt(true); // compile error: function deleted

    return 0;
}

This can be combined with a deleted function template to only allow a specific type to be used.

I like the fine-grained control this gives me as a programmer working in C++. Python type hints are nice, but things like this and constexpr make me feel empowered to write fast code while taking preventative measures against user error.

Copy constructors and deep copy vs shallow copy

Classes have a special kind of constructor called a copy constructor. Even if we don’t define it, the class will have an implicit (default) copy constructor. The copy constructor is invoked whenever an instance of the class is copied. This can be done explicitly when we initialise a new object with another object of the same class. The copy constructor is also called automatically[3] when we pass an object by value and when a function returns an object by value (as opposed to by reference or address).

The thing about the copy constructor is that it defaults to shallow copy. That is, unless we specify our own copy constructor, our class will be copied member-wise and if we have any dynamically allocated members (members that are actually pointers to an object in memory on the heap), the pointer will be copied, not the data that they point to. This saves time but will lead to the data having two copies of an object pointing to the same data. If one object’s destructor is called and it destroys the data it’s pointing to, the copy of the object will be pointing to unallocated memory and using it will lead to undefined behavior.

Deep vs Shallow copies was a concept I was familiar with in theory but had never had to implement in practice. Since reading this section, I implemented deep copy constructors in my data structures library.

L-values, R-values, and temporaries

The way I remember the difference in my head is that L-values are anything that would sit comfortably on the left side of an assignment operator. But the authors of learncpp.com have a better definition.

An lvalue (pronounced “ell-value”, short for “left value” or “locator value”, and sometimes written as “l-value”) is an expression that evaluates to an identifiable object or function (or bit-field).

The importance of l-value expressions may not be apparent until we know what r-values do. An r-value is the opposite of an l-value. An r-value evaluates to a value, not an object. This becomes tricky because some functions (and operators) expect certain arguments to be L-values and others to be r-values. L-values will be implicitly evaluated into the their value to get an r-value. However, r-values cannot be converted into an L-value. The assignment operator = expects an L-value on the left and an r-value on the right, if an L-value is placed on the right, it will be converted into an r-value. The distinction is important because r-values can behave differently in functions to L-values. Ref qualifiers can be used in function definitions to change how functions handle references to L-values and references to r-values.

The given example for this is when using an accessor that provides a reference to a member when the implicit object is an r-value. This is dangerous because when the statement in which the r-value is used is finished, the r-value is destroyed. If there are any remaining pointers or references to the now destroyed r-value object, accessing them will result in undefined behaviour.

#include <iostream>
#include <string>
#include <string_view>

class Thing
{
private:
    std::string m_name{};
public:
    Thing(std::string_view name)
        : m_name {name} 
        {
        }

    const std::string& getName() const {return m_name;} // accessor returns a reference
};

// createThing() returns a Thing by value (which means the returned value is an rvalue)
Thing createThing()
{
    Thing newThing {name};
    return newThing;
}

int main()
{
    // reference becomes dangling when return value of createThing() is destroyed
    const std::string& thingName {createThing().getName()}; 
    std::cout << thingName << '\n'; // undefined behavior
}

Temporary objects (also anonymous objects) are objects that are created in an expression just for the duration of the expression, after which they will be destroyed. When a function returns by value, that means the resulting value will be an r-value. Because the r-value in the above example is a temporary object, when the statement finishes, it is destroyed and thingName becomes dangling.

I know that section was a mouthful. I’m not great at explaining it. Check out chapter 12 for a better explanation and read the rest too because it’s really good.

Array decay (C-style Arrays are not just pointers)

This isn’t actually a C++ thing so much as a fun-fact about C that is brought up. I wrote it down because that’s something I (and many others) learned in uni. C-style arrays are just pointers, right? WRONG! But because doing just about anything to them will turn them into pointers (array decay). Seriously:

In most cases, when a C-style array is used in an expression, the array will be implicitly converted into a pointer to the element type, initialized with the address of the first element (with index 0). Colloquially, this is called array decay (or just decay for short).

Thus, many people have the incorrect belief that arrays and pointers are one and the same in C. And from that, the idea that arrays don’t know how long they are in C. They do. As long as we have a non-decayed array, we can find the length of it, for example, by passing it as an argument to the sizeof() function. In practice this doesn’t help because if we have an undecayed array, we likely defined its length.

Because of this is generally agreed that C-style arrays are totally whack, thus it’s recommended to use the standard library classes std::array and std::vector.
I thought it was a neat piece of information to take back into an C projects I do in the future.

Further reading…

There’s so much more on this website including smart pointers, copy elision, standard library algorithms, and more. These are just the things I took note of as particularly interesting or weird. I hope the inspired reader goes and reads the whole thing. I’d recommend it to any software engineer. C/C++ is the foundation that many other languages build on top of. I’ve been working in software for a few years now and never known that this delightful fountain of knowledge was here all along. Have I “learned” C++? No. I plan to build all my projects in C++ for a little while to get a handle on the language. After that I’ll try my hand at other systems-level languages like Odin or Zig (I think I’ll appreciate them more after I’ve worked in C++ for a while).

Brain-space is a funny thing. There always seems to be more of it hiding around every corner. I managed to fill a lot of knowledge gaps these past 2 months and when the time comes to learn another language, I will be so much better at it for having learned how C/C++ works. Thanks, me from 2 months ago.

[1] Also Hashimoto says he wouldn’t do this in the interview. He explicitly says “I would not do this with C++” so take from that what you will.

[2] operator precedence is another interesting topic I hadn’t thought about before reading. And it’s not just BOMDAS order of operations. Have you ever considered the = assignment operator? It’s a binary operator too and can be overloaded.

[2] if the copy is not elided in compilation.

Measurable Indifference

Following on from my last post, I mentioned that we would be looking to move from Elastic Beanstalk to EC2 spot requests. EB was useful. Initially, it was a great starting point. But after our foray into Elastic Beanstalk to get the website live, I've come to the following conclusion:
EB is for people with new projects that just want to get started and don't much care how anything works or how much it costs[^1].
I’m not pointing fingers because this was me not too long ago. Something I’ve learned since leaving full-time work is that it pays to know how to actually put it together yourself so that you can cut out the bits that you don't need and minimise the costs that you can.

Here’s what I did…

In my last post, we distilled the dizzying morass that was our AWS billing page into 3 distinct actions we can take to reduce our total spending on the website.

• Remove all static IPv4 addresses

• Decommission the Network Load Balancer that was doing nothing but routing https to http and handling the SSL for us

• Move from Elastic Beanstalk to a spot fleet to host the Django app

The last three months of AWS bills has felt like a warm hug from my wallet

Now you might be thinking, “well, yeah of course it costs less, we now have to do all the server management and scaling ourselves!” To which I say the short answer is yes… and no… twice…

Yes, it’s a bit more work: we will need to manage the server configuration now. But that’s good! we want to know exactly what’s running on our instance (instead of vaguely knowing that Django is being used to handle http requests somehow).

And “no”: The whole server configuration can be defined in a single script that gets run every time the server starts. No ongoing management required, just set and forget.

Yes, scaling is something to manage: If we were managing any kind of load on my website, we would have to set up scaling rules.

But “no” because: Until we start seeing the thousands of readers and clients that my mum says I deserve, we can stick to the smallest morsel of compute power that AWS can charge for.

Server Configuration in one file:

First, we switched off the EB which removed all the resources in commissioned including the expensive Load Balancer and the unnesesary static IP addresses.

We then needed to define our own basic VPC. This can be just a standard public VPC with an internet gateway and 3 public subnets, one in each ap-southeast-2 availability zone (we have no backend database so public subnets will do just fine for our purposes).

Next, we moved the server to a spot fleet request (‘fleets’ can be configured to be 1 instance). The request uses a configuration object called a ‘launch template’ containing all our capacity and compute preferences and configuration information.

The spot request will look for the cheapest of any t2.micro, t2.small, t3.micro, or t3.small available in any AZ in ap-southeast-2 and assign it to the appropriate subnet in our VPC. The instance is then automatically given a public IP address by our VPC.

The launch template also includes a "user data" section that is executed every time the server instance starts up. If you’re more familiar with Docker, you can think of the ‘launch template’ as AWS lingo for a dockerfile and the confusingly named "user data" section is an entrypoint script that gets called in your image's dockerfile. The point is, all the code in “user data” gets run. First thing. As soon as our instance is running.
This is very important because spot instances will get interrupted semi-regularly by aws (I've found mine are replaced at least once per day).

Every time our EC2 instance changes, our “user data” should perform the following actions:

1. Find the instance’s public IP address (These first three steps are required because we now have no load balancer and therefore no static IP address to always route traffic to. So whenever a new server is started, we have to directly edit the A record in our DNS settings to tell the internet that the website's host server is now here).

2. Change our Route53 A record to set samjdrew.com to go to this new instance’s public IP.

3. Search our code packages S3 bucket for the latest version of the website and unzip it.

4. Install Python 3.11 and NGINX.

5. In the unzipped source code, activate Django's python venv and install requirements.

6. Configure gunicorn daemon workers to run the Django app.

7. Start gunicorn and NGINX.

8. use certbot-nginx to assign a free SSL certificate and set up https on nginx [²].

The interested reader can check out the actual code over on my website repo.

Do diagrams help? In my head, it’s simpler than this makes it look.

This is everything we need. And that’s how I’ve left it for the past 3 months. Of course, now and again, I check in on the website as often as my ego prompts me to but it’s been up every time I’ve checked. I half expected there to be some disarray somehow manifesting from my negligence but it looks like we’ve written a good system.

Let’s briefly consider scalability

The magic word of cloud platform engineering - scalability - is a term thrown around so much, you’d think it’s a requirement for any cloud-hosted solution. There’s a section in chapter one of Martin Kleppmann’s Designing Data-Intensive Applications:

[Scalability] is not a one-dimensional label that we can attach to a system: it is meaningless to say “X is scalable” or “Y doesn’t scale.” Rather, discussing scalability means considering questions like “If the system grows in a particular way, what are our options for coping with that growth?” and “How can we add computing resources to handle the additional load?” -

The rest of the section goes on to point out that before we discus scalability, we need to have a way to measure load on the system and the performance of the system. We also need to know what our performance goals for the system are. Do we want the 99.9th percentile to experience webpage load times of less than 1 second? Is that doable? How much work will that take? What about the 99.99th percentile?

In a commercial setting, this makes a lot of sense. Having a way to reduce your cloud spending when traffic is low and only increase when demand for your service goes up is the Great Cloud Dream™. Scaling up and/or out at peak volume periods and scaling back down/in when traffic usually dies down is a neat, effective way to minimise wasted resources and is one of the major selling points of Cloud resources over on-prem. Autoscaling is the sledgehammer approach and is only really appropriate when you’re dealing with unpredictable loads.

Scalability is a tool - or maybe a power-tool, to present a more visual analogy. It can and should be used but only AFTER:

1. Defining how you’ll measure performance and load

2. Using those definitions to define your Service Level Objectives (SLO and SLA if you’re working with a client)

3. Setting up billing alerts (which should be done as soon as you set up any cloud hosting account that’s tied to your wallet)

For this website, there’s no sense in implementing an autoscaling group with a maximum instance count greater than 1 because our 1 instance should be able to handle hundreds of requests per second.
As far as we’re concerned, we can be content in the knowledge that the small handful of clients or employers who bother to click on our website are getting our website.

The left-overs

There were some issues beneath the surface that I haven’t addressed:

• Github actions were broken since moving away from Elastic Beanstalk meant we had to come up with a way of getting my source code onto the server (this was particularly embarrassing for me to ignore for so long as someone who once had DevOps in his job title).

  • This is fixed now. After merging to master, github actions sends a zipped package of the code to an S3 bucket, removes the “-latest” suffix from the old package and appends it to the new one, temporarily scales the spot fleet to 2 instances and then terminates the old instance after 3 minutes. The new instance handles all the server set up and domain redirection as described above and a new version of our website is live about 4 minutes after we merge to master.

• The pages on certifications and experience still haven’t been implemented, which is hilarious for a website that’s supposed to be a portfolio landing page

• we don’t talk about the photography website.

Jumping back into this project after three months, after not thinking about or working on anything Python/Django, I found it daunting trying to remember how Django organises itself. Python/Django has taken a sharp nose-dive in my list of priorities and unfortunately, the website has been in limbo because of that.

I’ll always be intrigued by cloud platforms and automating build systems. However, in my spare time, I’ve been trying to expand into a few new areas that I’m not familiar enough with.

In the past 3 months, I've:

• learned to use Cmake/ninja to build large C projects

• been re-learning C/C++ and assembly

• Learned to draw a triangle in OpenGL

• reading:

  • Martin Kleppmann's Designing Data-Intensive systems and

  • Thorsten Ball’s Writing an Interpreter in Go

• Been working on my own indie game in Godot 4

The point is, everything I learned about django/python and HTML/CSS while throwing this website together this year is buried under several dense layers of unrelated CS stuff that I had to sift through to write this. The Python/Django atrophy has begun and I don’t want to strain myself trying to strengthen those muscles again when it’s no longer a thing I need for my job and I have other priorities preceding it.

This isn’t the post for discussing learning goals and professional growth[³]. I just wanted to wrap up the last outstanding thing I said I’d write about with regards to creating and hosting a website.

Some day I may start measuring data from my nginx access logs and use that data to make a more informed decisions around scaling and traffic. But at the moment, I have other things I’m excited to learn about and the website is up so I’m not fussed.

Just one more thing, my old domain mountainbean.online expired this week and my domain registrar wanted me to pay $80 US to renew it which was never going to happen. Thus you may have noticed I’ve moved to samjdrew.com. If the savvy reader has any idea where I can get better domain registrars that don’t hold my domain to ransom every year, please write in and let me know. Feedback is also welcome.

[^1]: I had a whole analogy here where you would ask your mate to by groceries and cook dinner for you but it turns out your mate got kickbacks from the grocery store so he buys you a bunch of stuff you don’t need to run up your grocery bill. It’s a bit cynical and the analogy was not exactly relatable so decided not to force my up-and-coming novella “Stretchy- Legume Steve” upon you.

[²]: It’s worth noting somewhere that I don’t have to ever worry about renewing my certificates. My servers are rebooted around every 2 days and a new certificate is generated each time. (Edit: turns out this is a problem because if I ever go over 5 certificates in a week, certbot stops giving me new certs that week. I’ll have to work in a way to store, access and renew my certs.

[³]: but if it were, it’d be inspirational af.

In the act of procuring cloud infrastructure for my website, I've taken some shortcuts and I thought I'd carefully measured the price of those shortcuts and was willing to pay for them. Despite that, when my budget alerts went off a mere 10 days into the month, I was surprised and also kind of annoyed. How can this be?

So for this dev log, I've decided to have a look at my bills and see what we can do.

Oh boy. I don't know why I bothered spending so much time time tinkering my S3 media file hosting solution. That and most of the other costs related to my website server are dwarfed by this huge, honking Load balancer bill!

Load balancer clearly costs more than any other service. However VPC is unusually High too...

So yeah what's all that for just a micro T3 EC2 box quietly running a Django app that no one but me uses? I see 3 chunky bars evoking my ire.

• Load Balancer

• VPC

• EC2 - Compute

Let's address the Load balancer first.

Balance Deez

I don't see myself as a conspiracy person, but there's a reason AWS tells you "the simplest" way to enable https on your server is by attaching a load balancer. You can see it here in their documentation on the Load Balancer pricing page.

Straight out of the gate, we're spending upwards of $18 per month just to keep the load balancer on 24/7. That's not even considering the LCUs (Capacity units) used. $18/month is already too much and I'll need to take action to fix this (the action is me ripping it out like a weed, in case you were wondering).

Next up is the VPC. What's that charge for?

Well, dear reader, much like a decently priced rental in Brisbane City, public addresses on the internet are in short supply (that is, IPv4 addresses). This makes them valuable. Valuable enough that as of February 2024, Amazon has been charging 0.5 cents per hour for the pleasure of using one. Fast-forward to last month, when I asked Elastic Beanstalk to put my website online. It assumed I was a man of vastly more means than I really am and decided that I must want 3 availability zones each with a public IP address.

I was just a poor developer, trying to find a cheap way to host my website. Now look at me, I have a leak in my bank account of exactly 1.5 cents/hour and I get to think to myself, "boy am I glad my website is highly available".

1.5 cents per hour makes Sam a poor boy

Finally EC2 pricing. There's not much to say.

EC2 charges based on the type of EC2 and data transferred in a given time period. Data transfer is negligible at this stage and the EC2 type is T3-micro, the 2nd cheapest on-demand instance AWS offers. However, there are still some neat little FinOps tricks I can explore here.

Yes, FinOps is a real word

First off, the ALB has to go. There's no sense in my using a Load balancer anyway because my website traffic is featherweight. If that ever changes, I'll scale it up myself. For now paying $18 per month for a fancy server to route https traffic to my single node website is farcical. It's doing nothing but serving the SSL certificate which I can get Nginx to do on the instance for free.

While reconfiguring things, we could reduce our VPC costs by switching to IPv6. This would remove all the IPv4 tolls and our only charges will come from traffic (if we ever break out of free tier). Unfortunately, IPv6 presents a lot of it's own challenges. Namely that neither my home broadband service provider nor my mobile service provider support IPv6. The funny part is that even AWS has spotty IPv6 support! The AWS Instance Connect tool that AWS provides to connect to instances through your browser ALSO doesn't actually support IPv6. Why is any of that relevant? Because practically, yes I can configure and populate an IPv6-only VPC and subnets regardless of whether my ISP or Instance Connect supports IPv6. However, I won't be able to reach them for configuring or debugging my instances because I can't SSH in from home. It seems no one can actually handle the protocol that has been getting "adopted" since 2012.

Well okay. I can at least remove the 2 IPv4 addresses that I'm not using. That'll reduce the VPC costs by 1 cent/hour saving me up to $7.44/month (USD btw so that's actually around 14 dollaroos 🦘).

Finally we need to reduce EC2 costs. Savings plans are an option. According to AWS documentation, this would bring the hourly price of my instance down by 22%. However, I've been wanting to try out creating a spot fleet. It's essentially an autoscaling group but the instances are only ever spot instances. I can configure a spot fleet with a desired capacity of only 1 instance. Spot instances can get reclaimed by AWS at any time as other users are willing to pay the on-demand price. However if you have a spot fleet set up, the instance will be replaced automatically (if possible). Looks like this should bring my EC2 instance costs down around by 35%. If my website goes down for a few minutes or hours between spot instances, I'll live.

"...And a very familiar feeling is starting to come over me. I feel like someone is trying to teach me something." - Jeff Winger, Community Episode: Conspiracy Theories and Interior Design

To a seasoned Platform Engineer, I'm sure this is some kindergarten-level course-correction. It's not tricky to point out where I've taken shortcuts. I've done the cloud certification exams, I've heard of these issues before and I've been working in AWS for a few years. That's why I know that these are common problems and where to find the solutions. But I've never actually had to foot the bill for my shortcuts. That's what this little project is for (among other things). Unlike Jeff Winger, I'm here to learn and it's all part of the experience.

Keep an eye out for my next post where I'll go through implementing my cost-saving changes and how much my AWS bill actually changes.

Now look... no one's saying you must only ever use Terminal to get around, but the thought of clicking my mouse that many times just to push to production makes my little DevOps tummy hurt.

The Django tech stack ✨idea✨

Configuring prod data in dev

So this is just so I don't have to muck around setting up and spending money on a DB. Photo details are all stored in SQLite. That gets uploaded with my code to the repo. I then have Github Actions push that to Elastic Beanstalk, as my manager says, "auto-magically". No dev DB/prod DB disparity. It's just my website. For this moment, the data can be the same.
Now what about the photos and any other static files? I should move those to S3.

Firstly, I've set up a bucket with public read access, uploaded my photos there, set up Django to map the media URLs to the s3 bucket. Then I'll sit back and use all the spare time I now have googling ways I could've done it better.

MEDIA_URL = "/photo_files/"
if DJANGO_WEBSITE_ENVIRONMENT == "PROD" or DJANGO_WEBSITE_ENVIRONMENT == "BUILD":
    AWS_STORAGE_BUCKET_NAME = "mountainbean-photos-bucket-shepherds-pie"
    AWS_S3_REGION_NAME = "ap-southeast-2"
    AWS_ACCESS_KEY_ID = getenv("S3_WRITE_USER_ACCESS_KEY")
    AWS_SECRET_ACCESS_KEY = getenv("S3_WRITE_SECRET_ACCESS_KEY")

    AWS_S3_CUSTOM_DOMAIN = f"{AWS_STORAGE_BUCKET_NAME}.s3.amazonaws.com"

    STORAGES = {
        "default": {
            "BACKEND": "storages.backends.s3.S3Storage",
            "OPTIONS": {
                "location": "media"
            },
        },
        "staticfiles": {
            "BACKEND": "storages.backends.s3.S3Storage",
            "OPTIONS": {
                "location": "static"
            }
        }
    }

Using the django_storages library, I've configured the public S3 bucket as a backend with a service role that has write-access permission on the bucket. An admin with access to post a new photo on the website (me) now has permissions to upload to the bucket from the website and that photo can be viewed by any visitor via a url to the photo location in the public bucket.

So what's with the if() statement?

When the website is being hosted by elastic beanstalk, I want Django to give out the correct urls to the photos in the S3 bucket. Likewise, when Github actions is deploying the code (there the environment variable will be BUILD) and running collectstatic, I want django to send the static files to S3, not just collect them into a local directory. However, when I'm just working on this on my machine, I don't want those files going anywhere.

So I set: MEDIA_ROOT = BASE_DIR / "uploads" in my Settings.py and:

if settings.DJANGO_WEBSITE_ENVIRONMENT != "PROD":
    urlpatterns += static(settings.MEDIA_URL,
                          document_root=settings.MEDIA_ROOT)

Map that directory to MEDIA_URL in my root urls.py so Django will send all my uploaded images there when I'm just in localhost.

The catch

I have one manual step left. When I make a commit or merge to master (triggering my Github workflow) I have to remember to copy my uploads folder to the public S3 bucket under the media key.
Lastly, I should address the issue of uploading my full-size images to the web. I've just shifted the problem from my repo to the S3 bucket. I still have very large JPEGs in my public S3 bucket that I (and any other visitor) will be requesting every time I visit my site.
AWS gives you a free 100GB of data transfer out of S3 per month. But if I'm not careful, my big fat JPEGs might use that up quickly. I'll look at resizing uploads next...

I've been working on a photography website as a project to force myself to actually learn Django. I enjoy coding and I love taking shitty photos but I've never deigned to host my own work anywhere other than Instagram. By setting a project for myself like this, not only do I hope I become less sucky at working with Django, a necessary skill in my particular role at my workplace, one ancillary outcome is that I get to host my photos somewhere more permanently.

The progenitor website starting page

It has three views.

• Starting page: Shows the three most recent photos

• All photos: Shows all uploaded photos

• Photo detail: Displays a single image with white margins

That's all it does right now. The photos are currently placeholders, They are my photos and they will appear in the final product but these particular photos are jpegs that have undergone at least 2x rounds of edits (jpeg's lossy compression gets applied for every edit + save). To be honest, they look fine to me but I'll want make sure the final product looks as good as I can make it. All static files (like the photos) are hosted locally for now. The plan is to put them in an S3 and get Django or Nginx to fetch them.

Photo detail view

Resourcing

Deciding on hosting raises some conflicting feelings. I want to take advantage of my somewhat working knowledge of AWS systems... but I also don't want to over-engineer this site that will likely only be visited by myself, my wife and a handful of job recruiters that actually vet me. I've never actually done this before either. So I'm not taking any shortcuts, nor am I jumping into architectures I have absolutely no business using.

Resourcing initial ✨idea✨

This is the basic plan. Chuck it on a tiny EC2. SQLite database to hold all the photo details including the S3 key (so it knows where to reach for it in the S3 bucket). The S3 bucket is just a regular bucket with public access blocked. I'll need to allow the server to access the photos on it via API key. Lets flesh this out a bit.

Resourcing ideal version 1

So I'm just using SQLite. This is a file-base database system. No need for a dedicated server which simplifies deployment drastically. The drawback here is that it's not quite as fast as a dedicated DB server like Postgres or MySQL would be. So I might have some delays in fetch times as the website grows. However, at this scale I think this will be fine. Similarly, hosting my photos on an S3 bucket means no need to spin up an additional private server. S3 is by far the cheapest option for file storage (probably) and the drawbacks are outweighed at this stage by my chief desires to spend no money and do no work.

First Deployment

My Django website's Elastic Beanstalk environment overview

Alright, I'm cheating. I'm using a barebone Elastic beanstalk application to spin up my EC2 in an "autoscaling group" of 1 instance, no DB, no VPC, no security groups. Just what is needed. In defence of my laziness, this is all I need at this stage. I wanted it live. It's now live (almost)

Deployment Woes

Right off the bat I ran into some problems getting a response from the EC2 instance deployed by elastic beanstalk. After re-deploying 4 times, re-checking my configuration each time, I was fed up. I've been working in AWS too long to get stuck at first deployment. Let's diagnose.

Elastic beanstalk is telling me it's deployed the EC2, added an EIP and added the EC2 to the environment. Good... So what's wrong? The problem is that AWS is getting no responses from the instance. Not just from the Nginx server, but from the whole instance. That tells me it's not connected to the internet. Lets check the instance settings.

Django website app EC2 instance Networking tab

Seeeeems fine... I didn't set any VPC settings so Elastic Beanstalk has taken care of all that for me. Let's look at the VPC and see if it has an Internet gateway.

Internet gateway generated by Elastic Beanstalk

Okay... is it routed?

Route table generated by Elastic Beanstalk

So that's weird right? There should be a route there for outbound packages (anything not going to 172.31.0.0/16). But there's not. Elastic Beanstalk generated everything I asked and then some, but stopped short of actually connecting the VPC to the internet. Let's add it in manually.

Route table with added route out to the internet gateway

I'll cut to the chase. That solved the issue. With my instance now connected to the internet, Elastic Beanstalk is getting responses and I'm able to connect on the default domain it's given me.

I'll leave it there for today

Literally best website you've ever seen

After adding the DNS entries for my domain and sorting out SSL, my site is officially on the web. I'm putting out my dirty html for the world to see. Instead of S3 hosting the images, the Nginx server on the EC2 is currently serving the sample images I loaded in with the code. I have many tasks left to do, but for today, this is enough.