Skip to content

liukeyu-spring2021/prod

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

23 Commits
.gitignore
.gitignore
 
 
README.md
README.md
 
 
main.tf
main.tf
 
 
vars.tf
vars.tf
 
 

Repository files navigation

infrastructure

Repository for AWS Infrastructure

Credential:

  • no secrets set up in secrets
  • export AWS_PROFILE in local machine to use the credential

Instructions for setting up infrastructure using Terraform:

  • docs
  • Install Terraform:
    • curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo apt-key add -
    • sudo apt-add-repository "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main"
    • sudo apt-get update && sudo apt-get install terraform
  • Verify the installation
    • terraform -help
  • Initialize the directory
    • terraform init && terraform plan
  • Format and validate the configuration
    • terraform fmt
    • terraform validate
  • Create infrastructure
    • terraform apply
  • Inspect state
    • terraform show
  • Destroy Infrastructure
    • terraform destroy

Demo commands:

  • build vpc:
    • go to /VPCs/0x/
    • export AWS_PROFILE=prod //for dev: export AWS_PROFILE=dev
    • terraform init && terraform plan
    • terraform apply
    • terraform destroy
  • build all resources:
    • cd modules/services
    • export AWS_PROFILE=prod
    • alias t=terraform
    • t init && t plan -var 'env=prod'
    • t apply -var 'env=prod'//for dev: t apply -var 'env=dev'

Policy:

  • CodeDeploy-EC2-S3 - CodeDeployEC2ServiceRole
    • get object from s3 bukcet
  • GH-Upload-To-S3 - cicd
    • get/put object from s3 bucket
  • GH-Code-Deploy - cicd
  • gh-ec2-ami - ghactions

SSL:

  1. prepare ssl: get private key and CSR
sudo openssl genrsa -out private.key 2048 # generate the private key
sudo openssl req -new -key private.key -out csr.pem # generate CSR based on the Private Key
  1. activate on namecheap
  2. set up CNAME in DNS, in my case: it's in aws route53
  3. install ssl: import in aws certificate manager
  1. Set up in load balancer: two options
  • Load Balancers menu >> Listeners >> View/edit certificates
  • Command:
aws elb set-load-balancer-listener-ssl-certificate --load-balancer-name my-loadbalancer --load-balancer-port 443 --ssl-certificate-id arn:aws:iam::123456789012:server-certificate/certificate_object_name

Parameter my-loadbalancer is the name of your load balancer.

About

No description, website, or topics provided.

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages