From bae738ad98badc43fd19163de1f8c2ef50bce463 Mon Sep 17 00:00:00 2001 From: dtomlinson Date: Sat, 2 May 2020 23:21:07 +0100 Subject: [PATCH] updating VPC config --- .ebextensions/07-custom-vpc.config | 14 +++++++------- tempnotes.md | 16 ++++++++++++++-- todo.md | 13 +++++++------ 3 files changed, 28 insertions(+), 15 deletions(-) diff --git a/.ebextensions/07-custom-vpc.config b/.ebextensions/07-custom-vpc.config index 3b378bd..16a7580 100644 --- a/.ebextensions/07-custom-vpc.config +++ b/.ebextensions/07-custom-vpc.config @@ -1,14 +1,14 @@ option_settings: aws:ec2:vpc: - VPCId: vpc-07df912622bfdc48a - Subnets: "subnet-03c544d77a48b38fa,subnet-0751a04eea405768f,subnet-0d68cb85c21c13de1" - DBSubnets: "subnet-03c544d77a48b38fa,subnet-0751a04eea405768f,subnet-0d68cb85c21c13de1" - ELBSubnets: "subnet-03c544d77a48b38fa,subnet-0751a04eea405768f,subnet-0d68cb85c21c13de1" + VPCId: vpc-02f98fa754899162c + Subnets: "subnet-0b17872a2b9315fad,subnet-0342e8a0a77b30e23,subnet-0eacb84d238279a58" + DBSubnets: "subnet-0b17872a2b9315fad,subnet-0342e8a0a77b30e23,subnet-0eacb84d238279a58" + ELBSubnets: "subnet-0b17872a2b9315fad,subnet-0342e8a0a77b30e23,subnet-0eacb84d238279a58" aws:autoscaling:launchconfiguration: - SecurityGroups: sg-059ede4dab74687be + SecurityGroups: sg-07a97fc88ba143f26 aws:elbv2:loadbalancer: - ManagedSecurityGroup: sg-03c3f52febaffb517 - SecurityGroups: sg-03c3f52febaffb517 + ManagedSecurityGroup: sg-0e6f91df2ed07050a + SecurityGroups: sg-0e6f91df2ed07050a aws:autoscaling:asg: MinSize: 1 MaxSize: 4 diff --git a/tempnotes.md b/tempnotes.md index 3928829..285adbb 100644 --- a/tempnotes.md +++ b/tempnotes.md @@ -177,10 +177,22 @@ Using `jq` for formatting: ## Adding SSL to ELB +You should generate an SSL Certificate in Certificate Manager for your domain. To do this you will need to create a CNAME record to verify you have access to the DNS settings. + +At the same time you should create a CNAME record that maps your subdomain () to the DNS name AWS has given your load balancer (). + ### With load balancer -- Generate the SSL cert in Certificate Manager for your domain -- Configure the load balancer listener +A load balancer is not free! It costs ~£15 a month. + +- Configure the load balancer listener in a EB `.config` file: + +```yaml +option_settings: + aws:elbv2:listener:443: + Protocol: HTTPS + SSLCertificateArns: arn:aws:acm:eu-west-1:745437999005:certificate/218876af-7f8d-4022-97af-ad982aa540bc +``` Good repo for examples: diff --git a/todo.md b/todo.md index ad911bf..f256659 100644 --- a/todo.md +++ b/todo.md @@ -110,14 +110,8 @@ Enable HTTPS Codebuild -Create the security group for the EC2 instances -Add this security group to Outputs -Reference it in RDS security group - Summarise the VPC creation - VPC is created, internet gateway is created (and route table) and is added to the VPC for internet access. Controlling what can and cannot go in/out to the internet is done with security groups. -Check ssh? - Can ssh if you apply it to the EC2 SG you create. - Multiple security groups get squashed to determine what is and isn't allowed: . Show how to create private + public subnets as in . You need a nat gateway to allow private subnets to go out to the internet, but back in. How is this different to using security groups? @@ -127,3 +121,10 @@ If you use private subnets, the nat gateway is not cheap - £30 a month. You don Summarise the flow -> VPC, internet gateway, attachment + route tables, subnets etc. Mention the nat gateway but show how it can be replaced with security groups. Merge the CF templates into one, make sure all the importing and other s nippets are documented. + + +- Sort this page + documentation out +- Change ELB to EB +- Once documented and happy, create single CF Template +- Create single instance deployment + https (document) +- Terraform it all up