web-development/strapi-elb
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

working config

Browse Source
This commit is contained in:
dtomlinson
2020-05-01 02:59:59 +01:00
parent 3fc49078ab
commit c97321790b
4 changed files with 33 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
todo.md
View File

@@ -114,6 +114,14 @@ Create the security group for the EC2 instances
Add this security group to Outputs
Reference it in RDS security group
Summarise the VPC creation - VPC is created, internet gateway is created (and route table) and is added to the VPC for internet access. Controlling what can and cannot go in/out to the internet is done with security groups.
Check ssh? - Can ssh if you apply it to the EC2 SG you create.
Multiple security groups get squashed to determine what is and isn't allowed: <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-security-groups.html>.
Show how to create private + public subnets as in <https://github.com/awsdocs/elastic-beanstalk-samples/blob/master/cfn-templates/vpc-privatepublic.yaml>. You need a nat gateway to allow private subnets to go out to the internet, but back in. How is this different to using security groups?
If you use private subnets, the nat gateway is not cheap - £30 a month. You dont need the nat gateway, you can achieve the same thing with security groups (block all incoming) (explained <https://www.reddit.com/r/aws/comments/75bjei/private_subnets_nats_vs_simply_only_allowing/>). Advantage to NAT is all outgoing requests to the internet come from a single IP.
Summarise the flow -> VPC, internet gateway, attachment + route tables, subnets etc. Mention the nat gateway but show how it can be replaced with security groups.