# Security groups

## Load balanced

1 for the EC2 instances (applied to the autoscaler).
The instances can be private.
Gateway VPC needed for S3 upload.

1 for the RDS.

1 for the LB.

## Single instances

1 for the EC2 instances (applied to the autoscaler).
The instances need to be public.
No gateway VPC needed - they have internet access.
1 for the RDS.

If using `--database` you don't need to create any SG. Let EB use the default VPC. It will create everything for you.

If not using `--database`:
EC2:

- Create a SG for EC2
  - Should have ingress from all (0.0.0.0:80+443)
  - Should have egress to all (0.0.0.0:all)

RDS:

- Specify the `security_group_ids` with the SG of the EC2 and EB will create the SG for you with this as ingress for the SG you pass in.
- Specify `associate_security_group_ids` to attach a security group to the RDS (if you need to enable public access)

## Commands

Deploy CF

`aws --profile admin cloudformation deploy --template-file ./03-stack-rdsinstance.yaml --stack-name strapi-rds --parameter-overrides StackName=strapi-vpc --tags git=web-dev owner=home project=strapi-elb test=true deployment=cloudformation`

Destroy CF

`aws --profile admin cloudformation delete-stack --stack-name strapi-rds`

Terraform

`gmake plan`
`gmake applu`
`gmake destroy`

EB Single instance

`eb create --single`

with DB

`eb create --single --database`

Deploy code to environment

`apps-awsebcli`

Health check

`eb health`

Open the URL

`eb open`

Terminate

`eb terminate`