I have an existing environment which I used for Development, which was setup using the AWS console, the Web Interface. I would like to create a new environment based off this configuration for Production or Staging.
How can I extract or use the Development configuration as a template, and manipulate it in order to create a new Production environment?
Manually creating the environment as before, would be error prone, also undocumented.
I would prefer to extract the current config using the AWS CLI or similiar and then manipulate the config:
Rename where applicable
Remove irrelevant configurations, such as the default VPC.
My current configuration from what I recall consists of:
VPC
Internet GateWay
Private and Public SubnetWorks
Routing Rules
ACL
Security Policies
RDS, MariaDB
Secure Key Store
ELB classic, with a certificate
ECS Container Registry - Docker
ECS Cluster
AutoScale Group
EC2 AutoScale Definition
CloudWatch
CloudFormation templates are good for replicating the same resources in different regions or accounts.
You create a template that describes all the AWS resources that you
want (like Amazon EC2 instances or Amazon RDS DB instances), and AWS
CloudFormation takes care of provisioning and configuring those
resources for you.
There is a beta tool, CloudFormer, that attempts to generate a CloudFormation template from resources that exist in your account.
Related
I made and deployed my Django application in AWS Elastic Beanstalk. It has a connection to a Postgres DB in RDS, through the EBS console.
When I click configuration -> network in EBS, I see: "This environment is not part of a VPC."
How can I make it a part of a VPC? Thanks!
NOTE: very new to this ;)
You have to recreate the Elastic Beanstalk environment and pick the VPC during the creation. It is not possible to move an existing environment into a VPC.
But, unless you have access to EC2-Classic, the EC2 servers that were launched are already be in a VPC. They are just in the default VPC. But as far as Elastic Beanstalk is concerned, it seems oblivious to this.
I am not sure if there are any features that are exclusively available to VPC environments. My suggestion is to try to use your current environment, and if you happen to recreate the environment later for some other reason, then you can try picking a VPC and see if it offers anything new.
As already explained by #stefansundin you can't move existing EB into a custom VPC. You have to create new one.
These are general steps to consider:
Create a custom VPC with public and private subnets as described in the docs: VPC with public and private subnets (NAT). NAT is needed for instances and rds in private subnet to communicate with internet, but no inbound internet traffic will be allowed. This ensures that your instances and rds are not accessible from the outside.
Create new RDS, external to EB. This is good practice as otherwise the lifetime of your RDS is coupled with EB environment. Starting point is the following AWS documentation: Launching and connecting to an external Amazon RDS instance in a default VPC
Create new EB environment and ensure to customize its settings to use the VPC. Pass the RDS endpoint to the EB instances using environmental variables. Depending on how you want to handle password to the RDS, there are few options, starting from using environmental variables (low security) through SSM Parameter Store (free) or AWS Secrets Manager (not free).
Setting this all up correctly can be difficult for someone new to AWS. But with patience and practice it can be done. Thus, I would recommend with starting with default VPC, as you have now. Then once you are comfortable with how to work with external RDS, think on creating custom VPC as described.
I am trying to develop a spring cloud micro services. And I planned to deploy into AWS cloud. When I reading AWS resources I found that ECS providing configuration less environment for deploying microservices other than EC2. My doubt is that
Can I choose ECS resource for my complete services deployment without configurations?
For creating ECS service, is EC2 instance mandatory? Can I use ECS only in my account without creating EC2 VM? I need to know about ECS is alternative for EC2?
ECS is a service which offers clustering of vm for docker container, manages container lifecycle.
1) Yes. You can use ECS for your service deployment and it needs some basic configuration which will be one time.
2) No. To run docker container you need EC2 instance without that its not possible to run. EC2 instance are managed by ECS so you only need to provide some config like region,security group etc.
For complete config and deployment refer below link.
https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ECS_GetStarted.html
I have aspnet webdeploy package(.zip) now i want it to deploy in AWS with cloudformation.
my cloudformation should contain
vpc with two subnet (private and public)
Private subnet will contain Instance and RDS(sqlserver web or any)
Public Subnet will have NAT, Bastian host (for login into actual instance) and internet gateway.
Cloudformation should pick appication(zip) from s3 URL.
and at the end as output i can get URL (working website).
anyhelp would be really appreciated (if someone has cloudformation which do the same please post it here or send me on kotnala.ajayk#gmail.com)
Thanks,
Ajay
Unless you have requirements to use CloudFormation directly, I would recommend using AWS Elastic Beanstalk and the AWS Console to setup your VPC and deploy your application. Using the AWS Console to create a VPC with public and private subnets is much easier than creating them via CloudFormation, and Elastic Beanstalk supports ASP.NET application deployment automatically. EB uses a CloudFormation template to manage its own resources and can be customized later if needed.
Read through the Launching an Elastic Beanstalk Application in a VPC with Bastion Hosts, Launching an Elastic Beanstalk in a VPC with Amazon RDS and How to Deploy a .NET Sample Application Using AWS Elastic Beanstalk examples, which should get you started. Your requirements are all covered by some combination of the steps listed in those three examples.
Once you've become familiar with how to use Elastic Beanstalk to configure and deploy your application package, you can also look into managing your Elastic Beanstalk environment from a CloudFormation template, to automate the full process. See Elastic Beanstalk Template Snippets for getting started with this step.
To create kubernetes cluster in AWS, I use the set up script "https://get.k8s.io". That script creates a new VPC automatically, but I want to create kubernetes cluster inside an existing VPC in AWS. Is there a way to do it?
I checked /kubernetes/cluster/aws/config-default.sh file, but there doesn't seem to be any environment variables about VPC.
You can add this ENV variable (we are using ver 1.1.8)
export VPC_ID=vpc-YOURID
Also Kubernetes creates a VPC with 172.20.0.0/16 and I think it expects this.
EC2 instances are used as a backend for kubernetes in the AWS cloud.
You can always run necessary number of instances manually and deploy any service above.
The following article describes how to launch your EC2 instance:
http://docs.aws.amazon.com/AmazonVPC/latest/GettingStartedGuide/getting-started-launch-instance.html
By the way, Amazon already provides a managed service similar to kubernetes based on docker. I will suggest you to consider using it.
More information here:
https://aws.amazon.com/ecs/details/
I'm new to AWS, and I want to deploy a web application on an EC2 instance,
So far I've tried Elastic Beanstalk, but AWS always requires me to create a new Environment for the application instead of letting me choose an existing EC2 instance that I've created before.
Actually my main purpose is to set a policy group that allow HTTPS access, and idk how to set it to the "Environment" instance.
Any help is greatly welcome. :)
That is not currently viable, as you'd need to set up an AMI based on your instance and use a custom AMI for beanstalk, and that is not a trivial task. If you need to run a custom environment in Elastic Beanstalk, using Docker would be much easier.
But none of that is required to set a security group allowing HTTPS, you can configure security groups and HTTP/s listeners for ELBs on you Environment configuration.