Adding latest

2020-11-19 19:39:06 +00:00
parent c4dd5c1463
commit d87f7117d1
4 changed files with 82 additions and 3 deletions
--- a/.ebextensions/07-custom-vpc.config
+++ b/.ebextensions/07-custom-vpc.config
@@ -3,7 +3,7 @@ option_settings:
    VPCId: vpc-016efd8cfbcca99a8
    Subnets: "subnet-00c0725542e08b1d7,subnet-039fd98ceb88c863c,subnet-0b9fab172a19d818b"
    # DBSubnets: "subnet-00c0725542e08b1d7,subnet-039fd98ceb88c863c,subnet-0b9fab172a19d818b"
-    ELBSubnets: "subnet-00c0725542e08b1d7,subnet-039fd98ceb88c863c,subnet-0b9fab172a19d818b"
+    # ELBSubnets: "subnet-00c0725542e08b1d7,subnet-039fd98ceb88c863c,subnet-0b9fab172a19d818b"
  aws:autoscaling:launchconfiguration:
    SecurityGroups: sg-087f33381c535528b
  #   aws:elbv2:loadbalancer:
--- a/documentation/deployment_commands.md
+++ b/documentation/deployment_commands.md
@@ -0,0 +1,73 @@
+# Security groups
+
+## Load balanced
+
+1 for the EC2 instances (applied to the autoscaler).
+The instances can be private.
+Gateway VPC needed for S3 upload.
+
+1 for the RDS.
+
+1 for the LB.
+
+## Single instances
+
+1 for the EC2 instances (applied to the autoscaler).
+The instances need to be public.
+No gateway VPC needed - they have internet access.
+1 for the RDS.
+
+If using `--database` you don't need to create any SG. Let EB use the default VPC. It will create everything for you.
+
+If not using `--database`:
+EC2:
+
+- Create a SG for EC2
+  - Should have ingress from all (0.0.0.0:80+443)
+  - Should have egress to all (0.0.0.0:all)
+
+RDS:
+
+- Specify the `security_group_ids` with the SG of the EC2 and EB will create the SG for you with this as ingress for the SG you pass in.
+- Specify `associate_security_group_ids` to attach a security group to the RDS (if you need to enable public access)
+
+## Commands
+
+Deploy CF
+
+`aws --profile admin cloudformation deploy --template-file ./03-stack-rdsinstance.yaml --stack-name strapi-rds --parameter-overrides StackName=strapi-vpc --tags git=web-dev owner=home project=strapi-elb test=true deployment=cloudformation`
+
+Destroy CF
+
+`aws --profile admin cloudformation delete-stack --stack-name strapi-rds`
+
+Terraform
+
+`gmake plan`
+`gmake applu`
+`gmake destroy`
+
+EB Single instance
+
+`eb create --single`
+
+with DB
+
+`eb create --single --database`
+
+Deploy code to environment
+
+`apps-awsebcli`
+
+Health check
+
+`eb health`
+
+Open the URL
+
+`eb open`
+
+Terminate
+
+`eb terminate`
+
--- a/documentation/steps.todo
+++ b/documentation/steps.todo
@@ -10,9 +10,9 @@ Email:
 Deployments:
    One:
        ✔ Create S3 bucket for strapi s3. @done (7/29/2020, 2:07:55 PM)
-        ☐ Deploy TF with additional SG for DB.
+        ✔ Deploy TF with additional SG for DB. @done (7/30/2020, 3:02:39 AM)
        ☐ Have TF produce outputs with everything needed.
-        ☐ Redeploy single instance with the EB config file with VPCs created.
+        ✔ Redeploy single instance with the EB config file with VPCs created. @done (7/30/2020, 3:02:41 AM)
    Two:
        ☐ Have SSL enabled for single instance.
    Three:
@@ -32,3 +32,8 @@ Prod Steps:
        ☐ Initialise EB environment.
        ☐ Deploy TF.
        ☐ Deploy EB environment for single instance to start.
+
+Today:
+    ☐ Redeploy with updated config.
+    ☐ Enable HTTPs for single instance.
+    ☐ Use S3 to read in secrets.
--- a/infrastructure/.vscode/settings.json
+++ b/infrastructure/.vscode/settings.json
@@ -0,0 +1 @@
+{}