diff --git a/.ebextensions/07-custom-vpc.config b/.ebextensions/07-custom-vpc.config index c5ff48e..1bcef53 100644 --- a/.ebextensions/07-custom-vpc.config +++ b/.ebextensions/07-custom-vpc.config @@ -3,7 +3,7 @@ option_settings: VPCId: vpc-016efd8cfbcca99a8 Subnets: "subnet-00c0725542e08b1d7,subnet-039fd98ceb88c863c,subnet-0b9fab172a19d818b" # DBSubnets: "subnet-00c0725542e08b1d7,subnet-039fd98ceb88c863c,subnet-0b9fab172a19d818b" - ELBSubnets: "subnet-00c0725542e08b1d7,subnet-039fd98ceb88c863c,subnet-0b9fab172a19d818b" + # ELBSubnets: "subnet-00c0725542e08b1d7,subnet-039fd98ceb88c863c,subnet-0b9fab172a19d818b" aws:autoscaling:launchconfiguration: SecurityGroups: sg-087f33381c535528b # aws:elbv2:loadbalancer: diff --git a/documentation/deployment_commands.md b/documentation/deployment_commands.md new file mode 100644 index 0000000..8b0e476 --- /dev/null +++ b/documentation/deployment_commands.md @@ -0,0 +1,73 @@ +# Security groups + +## Load balanced + +1 for the EC2 instances (applied to the autoscaler). +The instances can be private. +Gateway VPC needed for S3 upload. + +1 for the RDS. + +1 for the LB. + +## Single instances + +1 for the EC2 instances (applied to the autoscaler). +The instances need to be public. +No gateway VPC needed - they have internet access. +1 for the RDS. + +If using `--database` you don't need to create any SG. Let EB use the default VPC. It will create everything for you. + +If not using `--database`: +EC2: + +- Create a SG for EC2 + - Should have ingress from all (0.0.0.0:80+443) + - Should have egress to all (0.0.0.0:all) + +RDS: + +- Specify the `security_group_ids` with the SG of the EC2 and EB will create the SG for you with this as ingress for the SG you pass in. +- Specify `associate_security_group_ids` to attach a security group to the RDS (if you need to enable public access) + +## Commands + +Deploy CF + +`aws --profile admin cloudformation deploy --template-file ./03-stack-rdsinstance.yaml --stack-name strapi-rds --parameter-overrides StackName=strapi-vpc --tags git=web-dev owner=home project=strapi-elb test=true deployment=cloudformation` + +Destroy CF + +`aws --profile admin cloudformation delete-stack --stack-name strapi-rds` + +Terraform + +`gmake plan` +`gmake applu` +`gmake destroy` + +EB Single instance + +`eb create --single` + +with DB + +`eb create --single --database` + +Deploy code to environment + +`apps-awsebcli` + +Health check + +`eb health` + +Open the URL + +`eb open` + +Terminate + +`eb terminate` + diff --git a/documentation/steps.todo b/documentation/steps.todo index a58d6fc..2f28d04 100644 --- a/documentation/steps.todo +++ b/documentation/steps.todo @@ -10,9 +10,9 @@ Email: Deployments: One: ✔ Create S3 bucket for strapi s3. @done (7/29/2020, 2:07:55 PM) - ☐ Deploy TF with additional SG for DB. + ✔ Deploy TF with additional SG for DB. @done (7/30/2020, 3:02:39 AM) ☐ Have TF produce outputs with everything needed. - ☐ Redeploy single instance with the EB config file with VPCs created. + ✔ Redeploy single instance with the EB config file with VPCs created. @done (7/30/2020, 3:02:41 AM) Two: ☐ Have SSL enabled for single instance. Three: @@ -32,3 +32,8 @@ Prod Steps: ☐ Initialise EB environment. ☐ Deploy TF. ☐ Deploy EB environment for single instance to start. + +Today: + ☐ Redeploy with updated config. + ☐ Enable HTTPs for single instance. + ☐ Use S3 to read in secrets. diff --git a/infrastructure/.vscode/settings.json b/infrastructure/.vscode/settings.json new file mode 100644 index 0000000..9e26dfe --- /dev/null +++ b/infrastructure/.vscode/settings.json @@ -0,0 +1 @@ +{} \ No newline at end of file