Triển khai dự án trên AWS

04/01/2022   AWS
Triển khai dự án trên AWS (staging)
#############################
+ Infrastructure Design Image
++ AWS Account
++ Region
++ Service URL/Basic Auth
++ how to login to the Fargate Container.
1. Get environment variables for this AWS account, and set them in your Terminal. (Same procedure as above.)
2. You need to install AWS CLI version2 and Session Manager plugin for the AWS CLI in your PC.
https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-welcome.html#welcome-versions-v2
3. Run this command.
$ export AWS_ACCESS_KEY_ID=xxxxxxxxxx
$ export AWS_SECRET_ACCESS_KEY=yyyyyyyyyy
$ export AWS_REGION=us-west-2
$ aws ecs list-tasks --cluster plg-stg-api --service-name plg-stg-api
$ aws ecs execute-command --cluster plg-stg-api --container plg-stg-api --interactive --command "/bin/sh" --task <task id>
or
$ aws ecs list-tasks --cluster plg-stg-api --service-name plg-stg-worker
$ aws ecs execute-command --cluster plg-stg-api --container plg-stg-worker --interactive --command "/bin/sh" --task <task id>
+ Deploy Pipeline Image (Frontend)
+ Deploy Pipeline Image (Backend)
#############################
+ IAM
++ How to login to the Fargate Container.
1. Get environment variables for this AWS account, and set them in your Terminal. (Same procedure as above.)
2. You need to install AWS CLI version2 and Session Manager plugin for the AWS CLI in your PC.
https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-welcome.html#welcome-versions-v2
3. Run this command.
$ export AWS_ACCESS_KEY_ID=xxxxxxxxxxxx
$ export AWS_SECRET_ACCESS_KEY=yyyyyyyyyyy
$ export AWS_REGION=us-west-2
$ aws ecs list-tasks --cluster plg-stg-api --service-name plg-stg-api
$ aws ecs execute-command --cluster plg-stg-api --container plg-stg-api --interactive --command "/bin/sh" --task <task id>
or
$ aws ecs list-tasks --cluster plg-stg-api --service-name plg-stg-worker
$ aws ecs execute-command --cluster plg-stg-api --container plg-stg-worker --interactive --command "/bin/sh" --task <task id>
#############################
+ Network
++ VPC
name |
cidr |
---|---|
vpc_plg |
x.x.0.0/16 |
++ Subnet
name |
network address |
description |
---|---|---|
public_us-west-2a_plg |
x.x.1.0/24 |
ALB, NAT Gateway |
public_us-west-2c_plg |
x.x.2.0/24 |
- |
protected_us-west-2a_plg |
x.x.11.0/24 |
ECS |
protected_us-west-2c_plg |
x.x.12.0/24 |
ECS |
private_us-west-2a_plg |
x.x.21.0/24 |
RDS, Elasticache |
private_us-west-2c_plg |
x.x.22.0/24 |
- |
++ NAT Gateway
NAT Gateway ID |
Elastic IP |
Private IP |
---|---|---|
nat- |
|
x.x.1. |
++ VPC EndPoint
service name |
subnets/route tables |
securitygroup |
access policy |
---|---|---|---|
com.amazonaws.us-west-2.ecr.dkr |
protected_us-west-2a |
sg_end_point_plg_stg |
Full |
com.amazonaws.us-west-2.ecr.api |
protected_us-west-2a |
sg_end_point_plg_stg |
Full |
com.amazonaws.us-west-2.s3 |
protected |
|
Full |
com.amazonaws.us-west-2.secretmanager |
protected_us-west-2a |
sg_end_point_plg_stg |
Full |
++ Route Table
name |
routes |
subnet associations |
|
---|---|---|---|
destination |
target |
||
public_plg |
0.0.0.0/0 |
internet-gw |
public_us-west-2a public_us-west-2c |
x.x.0.0/16 |
local |
||
protected_plg |
0.0.0.0/0 |
nat-gw |
protected_us-west-2a protected_us-west-2c |
|
vpc-endpoint
|
||
x.x.0.0/16 |
local |
||
private_plg |
x.x.0.0/16 |
local |
private_us-west-2a private_us-west-2c |
++ SecurityGroup
name |
in bound |
out bound |
||||||
---|---|---|---|---|---|---|---|---|
type |
protocol |
port |
source |
type |
protocol |
port |
destination |
|
sg_alb_backend_plg_stg |
HTTPS |
TCP |
443 |
0.0.0.0/0 |
ALL Traffic |
ALL |
ALL |
0.0.0.0/0 |
HTTP |
TCP |
80 |
0.0.0.0/0 |
|
|
|
|
|
sg_backend_plg_stg |
HTTP |
TCP |
80 |
sg_alb_api_nt_stg |
HTTP |
TCP |
80 |
0.0.0.0/0 |
|
HTTPS |
TCP |
443 |
0.0.0.0/0 |
||||
Custom TCP |
TCP |
587 |
0.0.0.0/0 |
|||||
Custom TCP |
TCP |
6379 |
x.x.0.0/16 |
|||||
PostgreSQL |
TCP |
5432 |
x.x.0.0/16 |
|||||
sg_cache_plg_stg |
Custom TCP |
TCP |
6379 |
sg_api_plg_stg |
ALL Traffic |
ALL |
ALL |
0.0.0.0/0 |
Custom TCP |
TCP |
6379 |
sg_bastion_plg_stg |
|
||||
sg_rds_plg_stg |
PostgreSQL |
TCP |
5432 |
sg_api_plg_stg |
ALL Traffic |
ALL |
ALL |
0.0.0.0/0 |
PostgreSQL |
TCP |
5432 |
sg_bastion_plg_stg |
|
||||
sg_bastion_plg_stg |
Custom TCP |
TCP |
60101 |
0.0.0.0/0 |
SSH |
TCP |
22 |
0.0.0.0/0 |
|
HTTP |
TCP |
80 |
0.0.0.0/0 |
||||
HTTPS |
TCP |
443 |
0.0.0.0/0 |
|||||
Custom TCP |
TCP |
6379 |
x.x.0.0/16 |
|||||
PostgreSQL |
TCP |
5432 |
x.x.0.0/16 |
|||||
sg_end_point_plg_stg |
HTTPS |
TCP |
443 |
x.x.0.0/16 |
ALL Traffic |
ALL |
ALL |
0.0.0.0/0 |
+ VPC EndPoint
service name |
subnets/route tables |
securitygroup |
access policy |
endpoint type |
---|---|---|---|---|
com.amazonaws.us-west-2.ecr.dkr |
protected_us-west-2a |
sg_end_point_plg_stg |
Full |
Interface |
com.amazonaws.us-west-2.ecr.api |
protected_us-west-2a |
sg_end_point_plg_stg |
Full |
Interface |
com.amazonaws.us-west-2.secretmanager |
protected_us-west-2a |
sg_end_point_plg_stg |
Full |
Interface |
com.amazonaws.us-west-2.s3 |
protected |
None |
Full |
Gateway |
#############################
+ ACM
domain name |
region |
validation method |
additional domain |
---|---|---|---|
stg.plg-work.net |
us-west-2 |
DNS validation |
*.stg.plg-work.net |
stg.plg-work.net |
us-east-1 |
DNS validation |
*.stg.plg-work.net |
++ ALB
+++ api
Name |
CNAME |
DNS |
AvailavilityZone |
SecurityGroup |
Target Group |
---|---|---|---|---|---|
alb-backend-plg-stg |
|
|
us-west-2a |
sg_alb_backend_plg_stg |
api-blue-plg-stg / api-green-plg-stg |
+++ listener
load balancer listener protocol |
load balancer listner port |
instance listener protol |
instance listener port |
certificate / ACM |
---|---|---|---|---|
HTTPS |
443 |
HTTP |
80 |
ACM: stg.plg-work.net |
HTTP |
80 |
HTTP |
80 |
- |
#############################
+ ECR
name |
URI |
scan on push |
tag immutability |
---|---|---|---|
plg-stg |
|
Enabled |
Disabled |
#############################
+ ECS
++ Cluster
name |
description |
---|---|
plg-stg-api |
|
Service
name |
Task Definition |
Desired tasks |
Launch type |
Platform version |
---|---|---|---|---|
plg-stg-api |
plg-stg-api:* |
2 |
FARGATE |
1.4.0 |
#############################
+ RDS
++ rds aurora PostgreSQL
item |
value |
---|---|
Engine |
PostgreSQL 12.10 |
Aurora Engine Version |
- |
InstanceType |
db.t4g.medium |
Write Endpoint |
plg-stg.cluster-ckqtez2yfydu.us-west-2.rds.amazonaws.com |
Read Endpoint |
plg-stg.cluster-ro-ckqtez2yfydu.us-west-2.rds.amazonaws.com |
Port |
5432 |
database |
ntstgdb |
username / password |
00. Credentials |
rds cluster parametergroup
item |
value |
---|---|
autovacuum_vacuum_threshold |
200 |
log_autovacuum_min_duration |
0 |
rds db parametergroup
item |
value |
---|---|
application_name |
plg |
rds.log_retention_period |
10080 |
lc_messages |
C |
log_min_duration_statement |
500 |
log_filename |
postgresql.log.%Y-%m-%d |
#############################
+ Elasticache
++ redis
item |
value |
---|---|
Engine |
Redis 6.2.5 |
InstanceType |
cache.t3.micro |
Nuber of Nodes |
1 |
Primary Endpoint |
redis-plg-stg.jhvvyl.ng.0001.usw2.cache.amazonaws.com |
Reader Endpoint |
redis-plg-stg-ro.jhvvyl.ng.0001.usw2.cache.amazonaws.com |
Port |
6379 |
++ cache parametergroup
item |
value |
---|---|
"activerehashing" |
"yes" |
#############################
+ S3
++ bucket
name |
region |
bucket url |
versioning |
lifecycle rule |
acl |
cors |
bucket policy |
---|---|---|---|---|---|---|---|
bucket-plg-stg-private |
us-west-2 |
https://bucket-plg-stg-private.s3.amazonaws.com/ |
none |
none |
private |
none |
none |
|
us-west-2 |
|
none |
none |
private |
none |
1{ 2 "Version": "2012-10-17", 3 "Statement": [ 4 { 5 "Sid": "RestrictBucketAccess", 6 "Effect": "Allow", 7 "Principal": { 8 "AWS": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity XXXXXXXXXXXXXXXX" 9 }, 10 "Action": "s3:GetObject", 11 "Resource": "arn:aws:s3:::bucket-plg-stg-admin-restrict-access-bucket/*" 12 } 13 ] 14} |
developer-tools-bucket-plg-stg |
us-west-2 |
https://developer-tools-bucket-plg-stg.s3.amazonaws.com/ |
none |
none |
private |
none |
none |
#############################
+ EC2
++ bastion
item |
value |
---|---|
Name |
plg-stg-bastion |
OS |
Amazon Linux 2 |
Instance Type |
t3a.nano |
ssh user |
ec2-user |
ssh port |
|
ssh key |
00. Credentials |
Elastic IP |
|
IAM Role |
AllowEc2AccessBastion |
SecurityGroup |
sg_bastion_plg_stg |
#############################
+ SES
++ domains
item |
value |
---|---|
region |
us-west-2 |
domain |
stg.plg-work.net |
DKIM |
enable |
Email Receive |
none |
SMTP Endpoint |
https://email-smtp.us-west-2.amazonaws.com/ |
SMTP Port |
587 |
#############################
smtp credentials
user name |
credentials |
policy |
---|---|---|
ses-smtp-user-plg-stg |
00. Credentials |
1{ 2 "Version": "2012-10-17", 3 "Statement": [ 4 { 5 "Sid": "", 6 "Effect": "Allow", 7 "Action": [ 8 "ses:SendRawEmail", 9 "ses:SendEmail" 10 ], 11 "Resource": "*", 12 } 13 ] 14} |
#############################


TƯ VẤN MIỄN PHÍ
XÂY DỰNG ỨNG DỤNG & WEBSITE
Bài viết cùng chủ đề
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |