updating VPC config

.ebextensions/07-custom-vpc.config

@@ -1,14 +1,14 @@
 option_settings:
   aws:ec2:vpc:
-    VPCId: vpc-07df912622bfdc48a
+    VPCId: vpc-02f98fa754899162c
-    Subnets: "subnet-03c544d77a48b38fa,subnet-0751a04eea405768f,subnet-0d68cb85c21c13de1"
+    Subnets: "subnet-0b17872a2b9315fad,subnet-0342e8a0a77b30e23,subnet-0eacb84d238279a58"
-    DBSubnets: "subnet-03c544d77a48b38fa,subnet-0751a04eea405768f,subnet-0d68cb85c21c13de1"
+    DBSubnets: "subnet-0b17872a2b9315fad,subnet-0342e8a0a77b30e23,subnet-0eacb84d238279a58"
-    ELBSubnets: "subnet-03c544d77a48b38fa,subnet-0751a04eea405768f,subnet-0d68cb85c21c13de1"
+    ELBSubnets: "subnet-0b17872a2b9315fad,subnet-0342e8a0a77b30e23,subnet-0eacb84d238279a58"
   aws:autoscaling:launchconfiguration:
-    SecurityGroups: sg-059ede4dab74687be
+    SecurityGroups: sg-07a97fc88ba143f26
   aws:elbv2:loadbalancer:
-    ManagedSecurityGroup: sg-03c3f52febaffb517
+    ManagedSecurityGroup: sg-0e6f91df2ed07050a
-    SecurityGroups: sg-03c3f52febaffb517
+    SecurityGroups: sg-0e6f91df2ed07050a
   aws:autoscaling:asg:
     MinSize: 1
     MaxSize: 4

tempnotes.md

@@ -177,10 +177,22 @@ Using `jq` for formatting:
 
 ## Adding SSL to ELB
 
+You should generate an SSL Certificate in Certificate Manager for your domain. To do this you will need to create a CNAME record to verify you have access to the DNS settings.
+
+At the same time you should create a CNAME record that maps your subdomain (<strapi.panaetius.co.uk>) to the DNS name AWS has given your load balancer (<awseb-AWSEB-68CXGV0UTROU-1492520139.eu-west-1.elb.amazonaws.com>).
+
 ### With load balancer
 
-- Generate the SSL cert in Certificate Manager for your domain
+A load balancer is not free! It costs ~£15 a month.
-- Configure the load balancer listener
+
+- Configure the load balancer listener in a EB `.config` file:
+
+```yaml
+option_settings:
+  aws:elbv2:listener:443:
+    Protocol: HTTPS
+    SSLCertificateArns: arn:aws:acm:eu-west-1:745437999005:certificate/218876af-7f8d-4022-97af-ad982aa540bc
+```
 
 Good repo for examples: <https://github.com/awsdocs/elastic-beanstalk-samples>
 

todo.md

@@ -110,14 +110,8 @@ Enable HTTPS
 
 Codebuild
 
-Create the security group for the EC2 instances
-Add this security group to Outputs
-Reference it in RDS security group
-
 Summarise the VPC creation - VPC is created, internet gateway is created (and route table) and is added to the VPC for internet access. Controlling what can and cannot go in/out to the internet is done with security groups.
 
-Check ssh? - Can ssh if you apply it to the EC2 SG you create.
-
 Multiple security groups get squashed to determine what is and isn't allowed: <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-security-groups.html>.
 
 Show how to create private + public subnets as in <https://github.com/awsdocs/elastic-beanstalk-samples/blob/master/cfn-templates/vpc-privatepublic.yaml>. You need a nat gateway to allow private subnets to go out to the internet, but back in. How is this different to using security groups?
@@ -127,3 +121,10 @@ If you use private subnets, the nat gateway is not cheap - £30 a month. You don
 Summarise the flow -> VPC, internet gateway, attachment + route tables, subnets etc. Mention the nat gateway but show how it can be replaced with security groups.
 
 Merge the CF templates into one, make sure all the importing and other s nippets are documented.
+
+
+- Sort this page + documentation out
+- Change ELB to EB
+- Once documented and happy, create single CF Template
+- Create single instance deployment + https (document)
+- Terraform it all up