3.5 KiB
To Do
Immediate
Merge the CF templates into one, make sure all the importing and other snippets are documented.
- Create single instance deployment + https (document)
- For https: use letsencrypt to generate ssl, configure the eb config to use this.
- Final git branch for each version of the app (load balanced https/http, single http/https).
- Terraform it all up (excluding single + https).
Long term
Use codebuild to update strapi Use circle CI instead
Cloudformation template to deploy an S3 bucket
Documentation
Summarise the flow -> VPC, internet gateway, attachment + route tables, subnets etc. Mention the nat gateway but show how it can be replaced with security groups. Document each individual resource needed bullet point and link to the git repo for the TF/CF templates.
Running Notes
Various deployments:
-
Single instance with EBCLI
-
Load balanced with EBCLI
-
Single instance with terraform
-
Load balanced with terraform
HTTP + HTTPS
Single instance with terraform isn't possible with HTTPS - this is because you can't edit Resources or Files (and the other advanced EB configs). A workaround would be to create a docker image.
Single instance with EBCLI isn't possible with HTTPS if you're using Certificate Manager to generate the certificates - this is because you need to edit the nginx proxy config locally on the instance to allow https. You don't have access to the private certificate with Cerficiate Manager. One solution would be to generate your SSL using letsencrypt - then configure the instance with this.
Another solution would be to use Docker and build a custom image. In this image you could install and configure nginx, (using lets encrypt as multistage build to get your certificate).
HTTPS for load balanced environment just requires pointing a domain to the EB endpoint. You can tell the load balancer to forward 443 in the security group without using it.
For final deployment - use an EC2 instance (deploy with TF).
Other
Work: Can we use APIGateway + Fargate to run an API containerised?
Fargate documentation: https://aws.amazon.com/fargate/. Fargate option in ECS terraform: https://www.terraform.io/docs/providers/aws/r/ecs_service.html#launch_type. Lambda vs Fargate differences: https://www.learnaws.org/2019/09/14/deep-dive-aws-fargate/. Fargate vs EC2 pricing: https://www.reddit.com/r/aws/comments/8reem9/fargate_t2small_cost_comparison_dollar_to_dollar/. Reddit thread on using API Gateway + Fargate: https://www.reddit.com/r/aws/comments/bgqz4g/can_api_gateway_route_to_a_container_in_fargate/. Using API Gateway + Private endpoints (in a VPC): https://aws.amazon.com/blogs/compute/introducing-amazon-api-gateway-private-endpoints/.
Fargate is just running containers serverless - but it isn't a direct replacement to lambda. The spin up times can be long, but if you need to run a task on a schedule and this doesn't matter, you can save money and time as you don't need to manage and run an EC2 instance for docker containers. It's not ideal for tasks that need to be running 24/7.
Have a seperate repos for Terraform + Ansible. Split them inside by project. One central place for all TF and Ansible will make things easier to reference from later.
Generate SSH keys for EC2. Provision EC2 using TF - set SG to allow SSH from your IP. Configure EC2 with an Ansible playbook.
Single options
- Dockerise it + run on EC2/ECS/Fargate
- Use EBCLI + Config options for https. Generate SSL using lets encrypt. Using certbot with docker: https://certbot.eff.org/docs/install.html#running-with-docker