Amazon Cloud - GradedJestRisk/cicd-training GitHub Wiki

Table of Contents

AWS

Overview

Overview:

  • Amazon Web Services
  • provides on-demand cloud computing platforms to individuals, companies and governments, on a paid subscription basis.

EC2

General:

  • Elastic Compute Cloud
  • allowing users to rent virtual computers on which to run their own computer application

Create simple app

Overview:

Create complex app

Overview:

  • create web app in EBS;
  • create redis in EC;
  • create postgres in RDS;
  • create security group on default VPC;
  • assign security group to EBS/EC/RDS.
  • allow containers to know which ports/accounts to use by storing them in environment variable in EBS
  • create access keys in IAM
  • add them to Travis CI as environment variables (AWS_ACCESS_KEY, AWS_SECRET_KEY)
  • add deploy section in .travis.yml
  • trigger build
  • EBS: check instance status and Logs / Last 100 lines
  • get URL and try it
  • modify app and check if redeployed succesfully
Dockerrun.aws.json => Build a docker multi-container images, push them to DockerHub, deploy them to ASW BS 
{
  "AWSEBDockerrunVersion": 2,
  "containerDefinitions": [
    {
      "name": "client",
      "image": "stephengrider/multi-client",
      "hostname": "client",
      "essential": false,
      "memory": 128
    },
    {
      "name": "server",
      "image": "stephengrider/multi-server",
      "hostname": "api",
      "essential": false,
      "memory": 128
    },
    {
      "name": "worker",
      "image": "stephengrider/multi-worker",
      "hostname": "worker",
      "essential": false,
      "memory": 128
    },
    {
      "name": "nginx",
      "image": "stephengrider/multi-nginx",
      "hostname": "nginx",
      "essential": true,
      "portMappings": [
        {
          "hostPort": 80,
          "containerPort": 80
        }
      ],
      "links": ["client", "server"],
      "memory": 128
    }
  ]
}

Clean-up :

  • delete EBS application;
  • RDS: Instance, select and Delete - no final snapshot
  • delete ECS
  • delete 3 security group (multi-docker + rds)
  • delete deployer user

EBS

General:

  • Elastic Bean Stalk
  • an orchestration service for deploying infrastructure which orchestrates various AWS services

Run Docker container

docker-compose.yml file can't be used to run containers, because it contains build instructions, and we don't want to build anymore. EBS delegate container execution to ECS.

Setting environment variable

In instance, Software / Modify, Environment properties:

  • REDIS_HOST / URL (in EC, get primary endpoint, like multi-docker(...)amazonaws.com)
  • REDIS_PORT / 6379
  • PGUSER / postgres
  • PGPASSWORD /
  • PGHOST / URL (in RDS, get primary endpoint, like multi-docker(...).rds.amazonaws.com)
  • PGDATABASE / fibvalues
  • PGPORT / 5432
Apply

ECS

General:

  • Elastic Container Service

Multi-container

General:

  • 1 Docker service = 1 ECS task
  • to describe one service, we'll write one task definition
  • to run several containers, we'll create a Dockerrun.aws.json file
  • this file will contains containers definitions, each container being defined with a tasks definition section
Overview:
  • create Dockerrun.aws.json
  • create new application, with environment's platform is "Multi-container Docker"

Dockerrun.aws.json

Validate here 





Data Services








EC





General:






    

  • Elastic Cache
    • 

  • Redis
    • 

  • good for: scale, maintenance, security
    • 




Create





Steps:









    

  • name (multi-docker-redis)
    • 

  • redis
    • 

  • node type: (cache.)t2.micro
    • 

  • number of replicas: 0
    • 

  • key subnet name
    • 

  • check all subnets
    • 




RDS





General:






    

  • Relational Database Service
    • 

  • Postgres
    • 

  • good for: automatic backups, scale, maintenance, security
    • 




Create





Steps:







    

  • postgres, eligible Free Tier
    • 

  • key instance name (?), username (postgres), password
    • 

  • check public accessibility is no
    • 

  • key database name (fibvalues)
    • 




Security








VPC





Overview:






    

  • Virtual Private Cloud = isolated network zone
    • 

  • a default one is linked to each AWS account
    • 

  • security group =  group of allowed network access rules (firewall)
    • 




Security group





Steps:











    

  • Services / VPC
    • 

  • Security section on left zone
    • 

  • create a security group, let default VPC selected
    • 

  • allow between services : TCP - Port 5432-6379, source = security group
    • 

  • add this security group to EC
    • 

  • add this security group to RDS (Instances, end of page => section Details / Modify - section Network and Security + Continue)
    • 

  • add this security group to EBS ( enter Instance, left: Configuration, section Instances / Modify - check and Apply)
    • 

  • allow for incoming outside traffic : add inbound rules
    • 




IAM





Identity Access Management





Add access key





Steps:







    

  • Left Users, Add user, name (multi-docker-deployer), programatic access, Permissions
    • 

  • Attach existing policy, add all beanstalk
    • 

  • Next review, Create User
    • 

  • Get ID and Secret
    • 




S3





General:
- Simple Storage Service
- provides object storage through a web service interface





AKS





Amazon elastic container Service for Kubernetes

              


           
⚠️ **GitHub.com Fallback** ⚠️