User Tools

Site Tools


access:new_aws_vpc

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
access:new_aws_vpc [2016/06/14 23:48]
mjallison
access:new_aws_vpc [2017/03/30 21:46] (current)
mjallison
Line 6: Line 6:
  
   - Create the VPC   - Create the VPC
-  ​- Tag VPC for "​class"​ as "production" or "​development",​ etc. +     - Name the VPC "​ProdNet"​ or "​TestNet",​ etc. We'll use XNet or XSubnet for examples from here on out. 
-  - Create ​RDS instance +     - Assign an IPV4 CIDR Block - 10.0.0.0/​16 
-  Edit RDS security group to allow for traffic from within ​the VPC, specific ​subnet +     - Set "​tennancy"​ to default 
-    e.g. source 172.30.0.0/16 or use the EC2's security group+     - Tag VPC for "​class"​ as "access" or "​development",​ etc. 
 +     ​- Create ​at least one subnet in the VPC - Name something resembling the VPC name, e.v. XSubnet.1 
 +       ​Map zones to subnets, suggest the following (Using the Virginia region) 
 +         - 1a to XSubnet.0 
 +         - 1b to XSubnet.1 
 +         - 1c to XSubnet.2 
 +         - etc.  
 +     - Create an internet gateway, attach it to the VPC
 +     - Edit the VPC route table 
 +       - Associate at least 1 subnet with the route table.  
 +       - For Accessone subnet ​is enough, generally our instance work has been in zone 1b, so XSubnet.1 
 +       ​Add the internet gateway to the Route Table, with destination 0.0.0.0/ 
   - Create EC2 instance   - Create EC2 instance
-  ​- Edit the EC2 security group to: +    - Name the EC2 instance, e.g. '​Production-A',​ '​Production-B',​ etc. 
-     ​- allow for all external ​on 34015 - 0.0.0.0/0  +    - Tag EC2 instance with same tag from VPC 
-     ​- allow for SSH on port 22+    - Name the EC2 security group to '​XNet-EC2-SG'​ 
 +    ​- Edit the EC2 security group to: 
 +        - allow for all incoming ​on 34015 - 0.0.0.0/0  
 +        - allow for incoming ​SSH on port 22 - consider filtering to Agtek corp IP and developer'​s home IP 
 +        - allow for EFS incoming from within the VPC 
 +        - allow for MySQL/​Aurora incmoing within the VPC 
 +        - allow for ALL outgoing from the EC2 instance 
 +  - Create RDS instance 
 +     - Edit RDS security group to allow for traffic from within the VPC, specific subnet 
 +        - e.g. source 172.30.0.0/​16 or use the EC2's security group 
 +        - Do not allow any traffic from outside of the VPC 
 +      - Set RDS backup to low impact time (currently 1AM), retain 5 days worth 
 +      - Set minor maintenance window to midnight, 30 minutes wide 
 +      - Set major maintenance window to Saturday evening 6 PM, 30 minutes wide 
 +  - Create access store EBS, used to hold server code 
 +    - Currently (3/31/2017) tracks on store. 
 +    - If possible restore access store from current access store snapshot (otherwise you'll need to do a tar backup later) 
 +  - Create and EFS store to hold tracks (future)
   - Log into EC2 instance   - Log into EC2 instance
-  ​- create mount point for access store on /mnt/access +    ​sudo yum update 
-  - Attach access store to EC2 instance +    - sudo yum install mysql (tools needed for mysql client) 
-  - Copy following files +    - mkdir /mnt/access (create mount point for access store 
-     ​- /​mnt/​access/​tools/​bashrc to ~/.bashrc +    - Attach access store to EC2 instance ​via EC2 console 
-     ​- /​mnt/​access/​tools/​menu.sh to ~ +    - Attach EFS store to EC2 instance 
-     ​- /​mnt/​access/​tools/​agtekaccess to /​etc/​init.d +    - Modify /etc/fstab to add the following line ''/​dev/​sdf ​   /​mnt/​access ​ ext4    defaults ​       0   ​0''​ 
-     ​- /​mnt/​access/​tools/​agtektomcat to /etc/init.d+    ​- Copy following files 
 +      - /​mnt/​access/​tools/​bashrc to ~/.bashrc 
 +      - /​mnt/​access/​tools/​menu.sh to ~ 
 +      - /​mnt/​access/​tools/​agtekaccess to /​etc/​init.d 
 +      - /​mnt/​access/​tools/​agtektomcat to /etc/init.d
   - Log into old EC2 instance   - Log into old EC2 instance
   - Shutdown (only if migrating!) old server on old EC2-instance   - Shutdown (only if migrating!) old server on old EC2-instance
access/new_aws_vpc.1465948082.txt.gz · Last modified: 2016/06/14 23:48 by mjallison