74 lines
1.5 KiB
Markdown
74 lines
1.5 KiB
Markdown
# Security groups
|
|
|
|
## Load balanced
|
|
|
|
1 for the EC2 instances (applied to the autoscaler).
|
|
The instances can be private.
|
|
Gateway VPC needed for S3 upload.
|
|
|
|
1 for the RDS.
|
|
|
|
1 for the LB.
|
|
|
|
## Single instances
|
|
|
|
1 for the EC2 instances (applied to the autoscaler).
|
|
The instances need to be public.
|
|
No gateway VPC needed - they have internet access.
|
|
1 for the RDS.
|
|
|
|
If using `--database` you don't need to create any SG. Let EB use the default VPC. It will create everything for you.
|
|
|
|
If not using `--database`:
|
|
EC2:
|
|
|
|
- Create a SG for EC2
|
|
- Should have ingress from all (0.0.0.0:80+443)
|
|
- Should have egress to all (0.0.0.0:all)
|
|
|
|
RDS:
|
|
|
|
- Specify the `security_group_ids` with the SG of the EC2 and EB will create the SG for you with this as ingress for the SG you pass in.
|
|
- Specify `associate_security_group_ids` to attach a security group to the RDS (if you need to enable public access)
|
|
|
|
## Commands
|
|
|
|
Deploy CF
|
|
|
|
`aws --profile admin cloudformation deploy --template-file ./03-stack-rdsinstance.yaml --stack-name strapi-rds --parameter-overrides StackName=strapi-vpc --tags git=web-dev owner=home project=strapi-elb test=true deployment=cloudformation`
|
|
|
|
Destroy CF
|
|
|
|
`aws --profile admin cloudformation delete-stack --stack-name strapi-rds`
|
|
|
|
Terraform
|
|
|
|
`gmake plan`
|
|
`gmake applu`
|
|
`gmake destroy`
|
|
|
|
EB Single instance
|
|
|
|
`eb create --single`
|
|
|
|
with DB
|
|
|
|
`eb create --single --database`
|
|
|
|
Deploy code to environment
|
|
|
|
`apps-awsebcli`
|
|
|
|
Health check
|
|
|
|
`eb health`
|
|
|
|
Open the URL
|
|
|
|
`eb open`
|
|
|
|
Terminate
|
|
|
|
`eb terminate`
|
|
|