Creating single instance with db

eb create --single --database
2020-07-29 15:33:54 +01:00
parent a5bcb9e998
commit b07e4e1b18
5 changed files with 109 additions and 34 deletions
--- a/.ebextensions/04-environment.config
+++ b/.ebextensions/04-environment.config
@@ -5,21 +5,21 @@ option_settings:
    value: true
  - option_name: STRAPI_LOG_LEVEL
    value: debug
-  - option_name: STRAPI_S3_ACCESS_KEY
+  # - option_name: STRAPI_S3_ACCESS_KEY
-    value: AKIA23D4RF6OZWGDKV7W
+  #   value: AKIA23D4RF6OZWGDKV7W
-  - option_name: STRAPI_S3_SECRET_KEY
+  # - option_name: STRAPI_S3_SECRET_KEY
-    value: "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"
+  #   value: "4sb/fxewDGjMYLocjclPCWDm7JTBCYuFBjQAbbBR"
-  - option_name: STRAPI_S3_REGION
+  # - option_name: STRAPI_S3_REGION
-    value: "eu-west-1"
+  #   value: "eu-west-1"
-  - option_name: STRAPI_S3_BUCKET
+  # - option_name: STRAPI_S3_BUCKET
-    value: "elb-example-bucket-cf"
+  #   value: "elb-example-bucket-cf"
-  - option_name: RDS_HOSTNAME
+  # - option_name: RDS_HOSTNAME
-    value: prod-strapi-elb.chgwfe43ss59.eu-west-1.rds.amazonaws.com
+  #   value: prod-strapi-elb.chgwfe43ss59.eu-west-1.rds.amazonaws.com
-  - option_name: RDS_PORT
+  # - option_name: RDS_PORT
-    value: 5432
+  #   value: 5432
-  - option_name: RDS_NAME
+  # - option_name: RDS_NAME
-    value: postgres
+  #   value: postgres
-  - option_name: RDS_USERNAME
+  # - option_name: RDS_USERNAME
-    value: mainuser
+  #   value: mainuser
-  - option_name: RDS_PASSWORD
+  # - option_name: RDS_PASSWORD
-    value: password
+  #   value: password
--- a/documentation/steps.todo
+++ b/documentation/steps.todo
@@ -1,2 +1,31 @@
 Connecting external DB:
-    ☐ Create RDS using TF @important @today
+    ✔ Create RDS using TF @important @today @done (7/28/2020, 11:34:12 PM)
 RDS Config:
    ☐ Try using `associate_security_group_ids` and creating a security group to allow all incoming traffic to the RDS instance.
 Deployments:
    One:
        ✔ Create S3 bucket for strapi s3. @done (7/29/2020, 2:07:55 PM)
        ☐ Deploy TF with additional SG for DB.
        ☐ Have TF produce outputs with everything needed.
        ☐ Redeploy single instance with the EB config file with VPCs created.
    Two:
        ☐ Have SSL enabled for single instance.
    Three:
        ☐ Have SSL enabled for multiple instance.
    Misc:
        ☐ Have the EB instances on the private subnet.
        ☐ Create a Gateway VPC endpoint: <https://docs.aws.amazon.com/vpc/latest/userguide/vpce-gateway.html>.
 Prod Steps:
    ☐ Plan out the posts needed for the series.
    This needs to be done at the same time as writing the site pages.
    ☐ Create everything from scratch
    Strapi:
        ☐ Install from new.
        ☐ Create TF files.
        ☐ Initialise EB environment.
        ☐ Deploy TF.
        ☐ Deploy EB environment for single instance to start.
--- a/infrastructure/main.tf
+++ b/infrastructure/main.tf
@@ -13,10 +13,17 @@ locals {
  }
 }
 # Name
 module "name" {
  source = "git::"
 }
 # Network
 module "vpc" {
-  source = "git::https://github.com/cloudposse/terraform-aws-vpc?ref=tags/0.14.0"
+  source = "git::https://github.com/cloudposse/terraform-aws-vpc.git?ref=tags/0.14.0"
  stage  = var.stage
  name   = var.name
@@ -25,7 +32,7 @@ module "vpc" {
 }
 module "subnets" {
-  source = "git::https://github.com/cloudposse/terraform-aws-dynamic-subnets?ref=tags/0.23.0"
+  source = "git::https://github.com/cloudposse/terraform-aws-dynamic-subnets.git?ref=tags/0.23.0"
  stage  = var.stage
  name   = var.name
@@ -37,6 +44,28 @@ module "subnets" {
  nat_instance_enabled = false
 }
 resource "aws_security_group" "ec2_security_group" {
  name        = "${var.stage}-${var.name}-ec2_sg"
  description = "Security group assigned to the Elastic Scaling group that is applied to the EC2 instances."
  vpc_id      = module.vpc.vpc_id
  ingress {
    description = "HTTP"
    from_port   = 80
    to_port     = 80
    protocol    = "tcp"
    cidr_blocks = [module.vpc.vpc_cidr_block]
  }
  ingress {
    description = "HTTPS"
    from_port   = 443
    to_port     = 443
    protocol    = "tcp"
    cidr_blocks = [module.vpc.vpc_cidr_block]
  }
 }
 # RDS instance
 module "rds_instance" {
@@ -53,12 +82,17 @@ module "rds_instance" {
  engine             = "postgres"
  engine_version     = "12.3"
  instance_class     = "db.t2.micro"
  # security_group_ids	=
  subnet_ids          = module.subnets.public_subnet_ids
  vpc_id              = module.vpc.vpc_id
  publicly_accessible = true
  tags                = local.tags
 }
-# Set maintenance window
+# S3 bucket
-# subnet_ids and vpc_id required
+
-# need a security group for the DB with ingress rule allowing inbound from the autoscaler/EB security group (does a single instance have an SC?) - use 0.0.0.0 for initial creation then change the TF stack with the EB security group once it's created.
+resource "aws_s3_bucket" "static_assets" {
  bucket = "${var.stage}-${var.name}-strapi_uploads"
  acl    = "private"
  tags   = local.tags
 }
--- a/infrastructure/outputs.tf
+++ b/infrastructure/outputs.tf
@@ -0,0 +1,12 @@
 # S3
 output "s3_static_assets" {
  value       = "resource.aws_s3_bucket.static_assets.id"
  description = "Name of the static assets S3 bucket."
 }
 output "s3_static_assets" {
  value       = "resource.aws_s3_bucket.static_assets.arn"
  description = "ARN of the static assets S3 bucket."
 }
--- a/infrastructure/prod-eu-west-1.tfvars
+++ b/infrastructure/prod-eu-west-1.tfvars
@@ -1,5 +1,5 @@
 # module
-name    = "strapi-elb"
+name    = "strapi-eb"
 region  = "eu-west-1"
 stage   = "prod"
 profile = "admin"