Update app.py
Browse files
app.py
CHANGED
|
@@ -79,6 +79,138 @@ def generate_terraform_code(prompt_base, detail_level, provider, security_level,
|
|
| 79 |
- If the description includes storage, create secure and complete storage configurations, using all the available options from the provider.
|
| 80 |
- If the description includes compute resources, create the most secure and complete setup using the provider options.
|
| 81 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 82 |
"""
|
| 83 |
response = send_message_to_model(prompt, model_name, temperature, top_p, top_k, max_tokens)
|
| 84 |
return response
|
|
|
|
| 79 |
- If the description includes storage, create secure and complete storage configurations, using all the available options from the provider.
|
| 80 |
- If the description includes compute resources, create the most secure and complete setup using the provider options.
|
| 81 |
|
| 82 |
+
Always create cloud infrastructure with the following considerations:
|
| 83 |
+
|
| 84 |
+
Security:
|
| 85 |
+
|
| 86 |
+
Implement strict security groups/firewalls allowing only necessary ports.
|
| 87 |
+
Configure IAM roles and policies with the principle of least privilege.
|
| 88 |
+
Enable logging and monitoring for all resources.
|
| 89 |
+
Networking:
|
| 90 |
+
|
| 91 |
+
Set up a Virtual Private Cloud (VPC) or equivalent, with public and private subnets.
|
| 92 |
+
Use NAT gateways for internet access in private subnets.
|
| 93 |
+
Configure proper routing tables and internet gateways.
|
| 94 |
+
Automation:
|
| 95 |
+
|
| 96 |
+
Use Infrastructure as Code (IaC) tools like Terraform, CloudFormation, or ARM templates.
|
| 97 |
+
Include automation for updates, scaling, and backups.
|
| 98 |
+
Resilience:
|
| 99 |
+
|
| 100 |
+
Ensure resources are highly available, using multiple availability zones where possible.
|
| 101 |
+
Configure automatic backups and disaster recovery plans.
|
| 102 |
+
Resource Optimization:
|
| 103 |
+
|
| 104 |
+
Choose appropriate instance types and sizes based on the workload.
|
| 105 |
+
Enable resource tagging for cost management and organization.
|
| 106 |
+
Specific Instructions for Cloud Providers:
|
| 107 |
+
|
| 108 |
+
For AWS:
|
| 109 |
+
|
| 110 |
+
Use AWS services like EC2, S3, RDS, and CloudWatch.
|
| 111 |
+
Always select the latest AMI for operating systems.
|
| 112 |
+
Configure CloudTrail for auditing.
|
| 113 |
+
Use Auto Scaling Groups for EC2 instances to ensure high availability.
|
| 114 |
+
For Google Cloud:
|
| 115 |
+
|
| 116 |
+
Use Google Compute Engine for VMs, Cloud Storage, and Cloud Monitoring.
|
| 117 |
+
Set up VPC networks with subnets in multiple regions for high availability.
|
| 118 |
+
Use Google Cloud IAM for access management.
|
| 119 |
+
For Azure:
|
| 120 |
+
|
| 121 |
+
Utilize Azure Virtual Machines, Azure Storage, and Azure Monitor.
|
| 122 |
+
Set up Azure Virtual Networks with subnets and NSGs.
|
| 123 |
+
Use Azure Role-Based Access Control (RBAC) for permissions.
|
| 124 |
+
Never forget to:
|
| 125 |
+
|
| 126 |
+
Configure proper logging and monitoring for observability.
|
| 127 |
+
Include alerts and notifications for critical resource changes.
|
| 128 |
+
Use version control for all IaC files.
|
| 129 |
+
Ensure compliance with the cloud provider’s best practices and guidelines.
|
| 130 |
+
|
| 131 |
+
When creating cloud infrastructure, always adhere to state-of-the-art practices across different cloud providers (AWS, Google Cloud, Azure). Your goal is to ensure the architecture is secure, scalable, resilient, and cost-optimized while maintaining high automation and compliance standards. Follow these detailed instructions:
|
| 132 |
+
|
| 133 |
+
General Best Practices (Applicable to All Providers):
|
| 134 |
+
Security:
|
| 135 |
+
|
| 136 |
+
Implement multi-layered security:
|
| 137 |
+
Use security groups/firewalls to restrict inbound and outbound traffic to the minimum necessary.
|
| 138 |
+
Enforce encryption for data at rest (e.g., EBS volumes, databases) and in transit (e.g., HTTPS, TLS).
|
| 139 |
+
Use secrets management services for sensitive data (e.g., AWS Secrets Manager, Google Secret Manager, Azure Key Vault).
|
| 140 |
+
IAM Policies:
|
| 141 |
+
Define and apply the principle of least privilege (PoLP) to all roles and users.
|
| 142 |
+
Use separate accounts/projects/subscriptions for different environments (e.g., development, testing, production).
|
| 143 |
+
Monitoring and Logging:
|
| 144 |
+
Enable centralized logging (e.g., CloudWatch Logs, Stackdriver Logging, Azure Monitor).
|
| 145 |
+
Set up alerts for unusual activities (e.g., unauthorized access attempts).
|
| 146 |
+
Networking:
|
| 147 |
+
|
| 148 |
+
Create VPCs or equivalent for isolated networking environments.
|
| 149 |
+
Design subnets (public/private) based on the application’s accessibility needs.
|
| 150 |
+
Use NAT Gateways for private subnet instances to access the internet securely.
|
| 151 |
+
Apply Network Access Control Lists (ACLs) to provide an additional layer of security.
|
| 152 |
+
Implement VPC Peering, VPN, or Direct Connect for secure on-premises connectivity.
|
| 153 |
+
Automation and IaC:
|
| 154 |
+
|
| 155 |
+
Use Terraform for declaring all cloud resources, ensuring infrastructure is version-controlled and repeatable.
|
| 156 |
+
Apply modular design in Terraform for reusability and maintainability.
|
| 157 |
+
Use remote state storage (e.g., S3 with state locking via DynamoDB, Google Cloud Storage with versioning) for state management.
|
| 158 |
+
Integrate CI/CD pipelines for automatic deployment and validation of infrastructure code.
|
| 159 |
+
Resilience and High Availability:
|
| 160 |
+
|
| 161 |
+
Design for multi-region and multi-availability zone deployments for critical applications.
|
| 162 |
+
Implement load balancers (e.g., ALB, Cloud Load Balancer, Azure Load Balancer) to distribute traffic across multiple instances.
|
| 163 |
+
Use Auto Scaling Groups or equivalent to handle variable traffic loads automatically.
|
| 164 |
+
Set up disaster recovery strategies, including backups and failover mechanisms.
|
| 165 |
+
Cost Optimization:
|
| 166 |
+
|
| 167 |
+
Tag all resources for cost tracking and management.
|
| 168 |
+
Use Reserved Instances or Savings Plans for predictable workloads.
|
| 169 |
+
Enable idle resource management (e.g., stopping unused instances, rightsizing underutilized resources).
|
| 170 |
+
Compliance and Governance:
|
| 171 |
+
|
| 172 |
+
Implement policies and guardrails using services like AWS Config, Google Organization Policies, and Azure Policy.
|
| 173 |
+
Use audit logs to ensure traceability of actions.
|
| 174 |
+
Regularly conduct compliance checks and audits.
|
| 175 |
+
AWS-Specific Best Practices:
|
| 176 |
+
Compute:
|
| 177 |
+
Use EC2 Auto Scaling Groups for dynamic scaling.
|
| 178 |
+
Leverage Lambda for serverless applications to reduce costs and increase scalability.
|
| 179 |
+
Storage:
|
| 180 |
+
Use S3 with lifecycle policies for automatic transition of data between storage classes.
|
| 181 |
+
Enable S3 Bucket Versioning and MFA Delete for data protection.
|
| 182 |
+
Database:
|
| 183 |
+
Use RDS Multi-AZ for high availability.
|
| 184 |
+
Leverage Aurora for managed relational databases with built-in replication.
|
| 185 |
+
Networking:
|
| 186 |
+
Configure VPC Flow Logs for network traffic analysis.
|
| 187 |
+
Use CloudFront for CDN and enhanced security with AWS Shield.
|
| 188 |
+
Google Cloud-Specific Best Practices:
|
| 189 |
+
Compute:
|
| 190 |
+
Use Managed Instance Groups for high availability and scaling.
|
| 191 |
+
Leverage Cloud Functions or Cloud Run for serverless deployments.
|
| 192 |
+
Storage:
|
| 193 |
+
Enable Bucket Versioning and use Nearline/Coldline storage classes for cost efficiency.
|
| 194 |
+
Set up Data Loss Prevention (DLP) to safeguard sensitive data.
|
| 195 |
+
Networking:
|
| 196 |
+
Use Cloud NAT for private instance internet access.
|
| 197 |
+
Implement VPC Service Controls for enhanced data security.
|
| 198 |
+
Monitoring:
|
| 199 |
+
Set up Stackdriver Monitoring with custom metrics and dashboards.
|
| 200 |
+
Azure-Specific Best Practices:
|
| 201 |
+
Compute:
|
| 202 |
+
Use Virtual Machine Scale Sets for scalable VMs.
|
| 203 |
+
Leverage Azure Functions for event-driven, serverless applications.
|
| 204 |
+
Storage:
|
| 205 |
+
Use Azure Blob Storage with Soft Delete enabled for accidental recovery.
|
| 206 |
+
Implement Storage Account Firewalls and VNET Service Endpoints.
|
| 207 |
+
Networking:
|
| 208 |
+
Configure NSGs (Network Security Groups) with detailed inbound/outbound rules.
|
| 209 |
+
Use Azure Bastion for secure RDP/SSH connectivity.
|
| 210 |
+
Monitoring:
|
| 211 |
+
Enable Azure Monitor with Log Analytics for resource insights.
|
| 212 |
+
Set up Application Insights for performance monitoring.
|
| 213 |
+
|
| 214 |
"""
|
| 215 |
response = send_message_to_model(prompt, model_name, temperature, top_p, top_k, max_tokens)
|
| 216 |
return response
|