access:new_aws_vpc
Differences
This shows you the differences between two versions of the page.
| Next revision | Previous revision | ||
|
access:new_aws_vpc [2016/06/11 00:25] mjallison created |
access:new_aws_vpc [2017/03/30 21:46] (current) mjallison |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== How to set up a new VPC in AWS for testing or production ====== | ====== How to set up a new VPC in AWS for testing or production ====== | ||
| + | These instructions indicate how to create a new VPC for an AGTEK Access server. This is | ||
| + | useful for either testing, or migration of an entirely new constellation of server | ||
| + | components. These instructions do not indicate how to add multiple EC2 instances to | ||
| + | the VPC for load balancing or failover error recovery. | ||
| + | - Create the VPC | ||
| + | - Name the VPC "ProdNet" or "TestNet", etc. We'll use XNet or XSubnet for examples from here on out. | ||
| + | - Assign an IPV4 CIDR Block - 10.0.0.0/16 | ||
| + | - Set "tennancy" to default | ||
| + | - Tag VPC for "class" as "access" or "development", etc. | ||
| + | - Create at least one subnet in the VPC - Name something resembling the VPC name, e.v. XSubnet.1 | ||
| + | - Map zones to subnets, suggest the following (Using the Virginia region) | ||
| + | - 1a to XSubnet.0 | ||
| + | - 1b to XSubnet.1 | ||
| + | - 1c to XSubnet.2 | ||
| + | - etc. | ||
| + | - Create an internet gateway, attach it to the VPC. | ||
| + | - Edit the VPC route table | ||
| + | - Associate at least 1 subnet with the route table. | ||
| + | - For Access, one subnet is enough, generally our instance work has been in zone 1b, so XSubnet.1 | ||
| + | - Add the internet gateway to the Route Table, with destination 0.0.0.0/ | ||
| + | - Create EC2 instance | ||
| + | - Name the EC2 instance, e.g. 'Production-A', 'Production-B', etc. | ||
| + | - Tag EC2 instance with same tag from VPC | ||
| + | - Name the EC2 security group to 'XNet-EC2-SG' | ||
| + | - Edit the EC2 security group to: | ||
| + | - allow for all incoming on 34015 - 0.0.0.0/0 | ||
| + | - allow for incoming SSH on port 22 - consider filtering to Agtek corp IP and developer's home IP | ||
| + | - allow for EFS incoming from within the VPC | ||
| + | - allow for MySQL/Aurora incmoing within the VPC | ||
| + | - allow for ALL outgoing from the EC2 instance | ||
| + | - Create RDS instance | ||
| + | - Edit RDS security group to allow for traffic from within the VPC, specific subnet | ||
| + | - e.g. source 172.30.0.0/16 or use the EC2's security group | ||
| + | - Do not allow any traffic from outside of the VPC | ||
| + | - Set RDS backup to low impact time (currently 1AM), retain 5 days worth | ||
| + | - Set minor maintenance window to midnight, 30 minutes wide | ||
| + | - Set major maintenance window to Saturday evening 6 PM, 30 minutes wide | ||
| + | - Create access store EBS, used to hold server code | ||
| + | - Currently (3/31/2017) tracks on store. | ||
| + | - If possible restore access store from current access store snapshot (otherwise you'll need to do a tar backup later) | ||
| + | - Create and EFS store to hold tracks (future) | ||
| + | - Log into EC2 instance | ||
| + | - sudo yum update | ||
| + | - sudo yum install mysql (tools needed for mysql client) | ||
| + | - mkdir /mnt/access (create mount point for access store) | ||
| + | - Attach access store to EC2 instance via EC2 console | ||
| + | - Attach EFS store to EC2 instance | ||
| + | - Modify /etc/fstab to add the following line ''/dev/sdf /mnt/access ext4 defaults 0 0'' | ||
| + | - Copy following files | ||
| + | - /mnt/access/tools/bashrc to ~/.bashrc | ||
| + | - /mnt/access/tools/menu.sh to ~ | ||
| + | - /mnt/access/tools/agtekaccess to /etc/init.d | ||
| + | - /mnt/access/tools/agtektomcat to /etc/init.d | ||
| + | - Log into old EC2 instance | ||
| + | - Shutdown (only if migrating!) old server on old EC2-instance | ||
| + | - Dump old RDS MySQL to /tmp/dump.sql | ||
| + | - Copy /tmp/dump.sql to new EC2 instance | ||
| + | - On new EC2 instance, restore sql via: | ||
| + | - mysql -u access -p -h new-rds-endpoint.rds.amazonaws.com < /tmp/dump.sql | ||
| + | - Connect to MySQL, fix DBHost column in access:customer to be new-rds-endpoint.rd.amazonaws.com | ||
| + | - Assign elastic IP to new EC2 Instance | ||
| + | - Change DNS entry if new elastic IP | ||
| + | - Start server on new EC2 | ||
| + | - Test server | ||
| + | - Monitor server | ||
access/new_aws_vpc.1465604728.txt.gz · Last modified: 2016/06/11 00:25 by mjallison
Page Tools
