This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
access:new_aws_vpc [2016/06/14 23:48] mjallison |
access:new_aws_vpc [2017/03/30 21:46] (current) mjallison |
||
---|---|---|---|
Line 6: | Line 6: | ||
- Create the VPC | - Create the VPC | ||
- | - Tag VPC for "class" as "production" or "development", etc. | + | - Name the VPC "ProdNet" or "TestNet", etc. We'll use XNet or XSubnet for examples from here on out. |
- | - Create RDS instance | + | - Assign an IPV4 CIDR Block - 10.0.0.0/16 |
- | - Edit RDS security group to allow for traffic from within the VPC, specific subnet | + | - Set "tennancy" to default |
- | - e.g. source 172.30.0.0/16 or use the EC2's security group | + | - Tag VPC for "class" as "access" or "development", etc. |
+ | - Create at least one subnet in the VPC - Name something resembling the VPC name, e.v. XSubnet.1 | ||
+ | - Map zones to subnets, suggest the following (Using the Virginia region) | ||
+ | - 1a to XSubnet.0 | ||
+ | - 1b to XSubnet.1 | ||
+ | - 1c to XSubnet.2 | ||
+ | - etc. | ||
+ | - Create an internet gateway, attach it to the VPC. | ||
+ | - Edit the VPC route table | ||
+ | - Associate at least 1 subnet with the route table. | ||
+ | - For Access, one subnet is enough, generally our instance work has been in zone 1b, so XSubnet.1 | ||
+ | - Add the internet gateway to the Route Table, with destination 0.0.0.0/ | ||
- Create EC2 instance | - Create EC2 instance | ||
- | - Edit the EC2 security group to: | + | - Name the EC2 instance, e.g. 'Production-A', 'Production-B', etc. |
- | - allow for all external on 34015 - 0.0.0.0/0 | + | - Tag EC2 instance with same tag from VPC |
- | - allow for SSH on port 22 | + | - Name the EC2 security group to 'XNet-EC2-SG' |
+ | - Edit the EC2 security group to: | ||
+ | - allow for all incoming on 34015 - 0.0.0.0/0 | ||
+ | - allow for incoming SSH on port 22 - consider filtering to Agtek corp IP and developer's home IP | ||
+ | - allow for EFS incoming from within the VPC | ||
+ | - allow for MySQL/Aurora incmoing within the VPC | ||
+ | - allow for ALL outgoing from the EC2 instance | ||
+ | - Create RDS instance | ||
+ | - Edit RDS security group to allow for traffic from within the VPC, specific subnet | ||
+ | - e.g. source 172.30.0.0/16 or use the EC2's security group | ||
+ | - Do not allow any traffic from outside of the VPC | ||
+ | - Set RDS backup to low impact time (currently 1AM), retain 5 days worth | ||
+ | - Set minor maintenance window to midnight, 30 minutes wide | ||
+ | - Set major maintenance window to Saturday evening 6 PM, 30 minutes wide | ||
+ | - Create access store EBS, used to hold server code | ||
+ | - Currently (3/31/2017) tracks on store. | ||
+ | - If possible restore access store from current access store snapshot (otherwise you'll need to do a tar backup later) | ||
+ | - Create and EFS store to hold tracks (future) | ||
- Log into EC2 instance | - Log into EC2 instance | ||
- | - create mount point for access store on /mnt/access | + | - sudo yum update |
- | - Attach access store to EC2 instance | + | - sudo yum install mysql (tools needed for mysql client) |
- | - Copy following files | + | - mkdir /mnt/access (create mount point for access store) |
- | - /mnt/access/tools/bashrc to ~/.bashrc | + | - Attach access store to EC2 instance via EC2 console |
- | - /mnt/access/tools/menu.sh to ~ | + | - Attach EFS store to EC2 instance |
- | - /mnt/access/tools/agtekaccess to /etc/init.d | + | - Modify /etc/fstab to add the following line ''/dev/sdf /mnt/access ext4 defaults 0 0'' |
- | - /mnt/access/tools/agtektomcat to /etc/init.d | + | - Copy following files |
+ | - /mnt/access/tools/bashrc to ~/.bashrc | ||
+ | - /mnt/access/tools/menu.sh to ~ | ||
+ | - /mnt/access/tools/agtekaccess to /etc/init.d | ||
+ | - /mnt/access/tools/agtektomcat to /etc/init.d | ||
- Log into old EC2 instance | - Log into old EC2 instance | ||
- Shutdown (only if migrating!) old server on old EC2-instance | - Shutdown (only if migrating!) old server on old EC2-instance |