web-development/strapi-elb
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

updating notes

Browse Source
This commit is contained in:
dtomlinson
2020-05-01 19:44:21 +01:00
parent aaae536003
commit 16058e296d
2 changed files with 11 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
tempnotes.md
View File

@@ -153,15 +153,13 @@ Default ports:
`aws --profile admin cloudformation deploy --template-file ./02-stack-vpc.yaml --stack-name strapi-vpc --tags git=web-dev owner=home project=strapi-elb test=true deployment=cloudformation`
`aws --profile admin cloudformation deploy --template-file ./02-stack-vpc.yaml --stack-name new-temp-vpc --tags git=web-dev owner=home project=strapi-elb test=true deployment=cloudformation`
`aws --profile admin cloudformation deploy --template-file ./03-stack-rdsinstance.yaml --stack-name strapi-rds --parameter-overrides StackName=strapi-vpc`
`aws --profile admin cloudformation deploy --template-file ./03-stack-rdsinstance.yaml --stack-name strapi-rds --parameter-overrides StackName=strapi-vpc --tags git=web-dev owner=home project=strapi-elb test=true deployment=cloudformation`
### delete
`aws --profile admin cloudformation delete-stack --stack-name temp-vpc`
`aws --profile admin cloudformation delete-stack --stack-name strapi-vpc`
`aws --profile admin cloudformation delete-stack --stack-name new-temp-vpc`
`aws --profile admin cloudformation delete-stack --stack-name strapi-rds`
`aws --profile admin cloudformation delete-stack --stack-name temp`
@@ -204,3 +202,9 @@ This security group should be set in `aws:elbv2:loadbalancer` under
Additional security groups (in addition to the default one created by ELB) for the EC2 instances are defined in `aws:autoscaling:launchconfiguration` under `SecurityGroups`
A security group will be created for you. You can ammend this (add 443 for https for example) by using `.config` file and creating a `AWS::EC2::SecurityGroupIngress` resource. (see 06-https.config)
Security group rule to allow instances in the same security group to talk to one another: <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/security-group-rules-reference.html#sg-rules-other-instances>.
LB SG: inbound/outbound 80/443 0.0.0.0/0
Scaling SG: inbound 80/443 from LBSG
DB SG: inbound 5432 from Scaling SG + home ip

2
todo.md
View File

@@ -125,3 +125,5 @@ Show how to create private + public subnets as in <https://github.com/awsdocs/el
If you use private subnets, the nat gateway is not cheap - £30 a month. You dont need the nat gateway, you can achieve the same thing with security groups (block all incoming) (explained <https://www.reddit.com/r/aws/comments/75bjei/private_subnets_nats_vs_simply_only_allowing/>). Advantage to NAT is all outgoing requests to the internet come from a single IP.
Summarise the flow -> VPC, internet gateway, attachment + route tables, subnets etc. Mention the nat gateway but show how it can be replaced with security groups.
Merge the CF templates into one, make sure all the importing and other s nippets are documented.