Differences

This shows you the differences between two versions of the page.

--- access:new_aws_vpc [2016/06/14 23:48]
mjallison
+++ access:new_aws_vpc [2017/03/30 21:46] (current)
mjallison
@@ Line 6: / Line 6: @@
   - Create the VPC
-  - Tag VPC for "class" as "production" or "development", etc.
+     - Name the VPC "ProdNet" or "TestNet", etc. We'll use XNet or XSubnet for examples from here on out.
-  - Create RDS instance
+     - Assign an IPV4 CIDR Block - 10.0.0.0/16
-  - Edit RDS security group to allow for traffic from within the VPC, specific subnet
+     - Set "tennancy" to default
-    - e.g. source 172.30.0.0/16 or use the EC2's security group
+     - Tag VPC for "class" as "access" or "development", etc.
+     - Create at least one subnet in the VPC - Name something resembling the VPC name, e.v. XSubnet.1
+       - Map zones to subnets, suggest the following (Using the Virginia region)
+         - 1a to XSubnet.0
+         - 1b to XSubnet.1
+         - 1c to XSubnet.2
+         - etc.
+     - Create an internet gateway, attach it to the VPC.
+     - Edit the VPC route table
+       - Associate at least 1 subnet with the route table.
+       - For Access, one subnet is enough, generally our instance work has been in zone 1b, so XSubnet.1
+       - Add the internet gateway to the Route Table, with destination 0.0.0.0/
   - Create EC2 instance
-  - Edit the EC2 security group to:
+    - Name the EC2 instance, e.g. 'Production-A', 'Production-B', etc.
-     - allow for all external on 34015 - 0.0.0.0/0
+    - Tag EC2 instance with same tag from VPC
-     - allow for SSH on port 22
+    - Name the EC2 security group to 'XNet-EC2-SG'
+    - Edit the EC2 security group to:
+        - allow for all incoming on 34015 - 0.0.0.0/0
+        - allow for incoming SSH on port 22 - consider filtering to Agtek corp IP and developer's home IP
+        - allow for EFS incoming from within the VPC
+        - allow for MySQL/Aurora incmoing within the VPC
+        - allow for ALL outgoing from the EC2 instance
+  - Create RDS instance
+     - Edit RDS security group to allow for traffic from within the VPC, specific subnet
+        - e.g. source 172.30.0.0/16 or use the EC2's security group
+        - Do not allow any traffic from outside of the VPC
+      - Set RDS backup to low impact time (currently 1AM), retain 5 days worth
+      - Set minor maintenance window to midnight, 30 minutes wide
+      - Set major maintenance window to Saturday evening 6 PM, 30 minutes wide
+  - Create access store EBS, used to hold server code
+    - Currently (3/31/2017) tracks on store.
+    - If possible restore access store from current access store snapshot (otherwise you'll need to do a tar backup later)
+  - Create and EFS store to hold tracks (future)
   - Log into EC2 instance
-  - create mount point for access store on /mnt/access
+    - sudo yum update
-  - Attach access store to EC2 instance
+    - sudo yum install mysql (tools needed for mysql client)
-  - Copy following files
+    - mkdir /mnt/access (create mount point for access store)
-     - /mnt/access/tools/bashrc to ~/.bashrc
+    - Attach access store to EC2 instance via EC2 console
-     - /mnt/access/tools/menu.sh to ~
+    - Attach EFS store to EC2 instance
-     - /mnt/access/tools/agtekaccess to /etc/init.d
+    - Modify /etc/fstab to add the following line ''/dev/sdf    /mnt/access  ext4    defaults        0   0''
-     - /mnt/access/tools/agtektomcat to /etc/init.d
+    - Copy following files
+      - /mnt/access/tools/bashrc to ~/.bashrc
+      - /mnt/access/tools/menu.sh to ~
+      - /mnt/access/tools/agtekaccess to /etc/init.d
+      - /mnt/access/tools/agtektomcat to /etc/init.d
   - Log into old EC2 instance
   - Shutdown (only if migrating!) old server on old EC2-instance

AGTEK R & D Wiki

User Tools

Site Tools

Differences

Page Tools