Team Data Services

EB Deploy checklist

devops | aws | elastic-beanstalk |

Checklist / procedure for creating a new instance.

Initial environment setup:

Elastic Beanstalk environment

  • Select the “Sample Application”
  • Use a custom configuration
  • A new Key/Value pair (.pem format) should be created with a name matching the instance
  • eu-west-1a/subnet-0db9ca85a60c3169a and eu-west-1b/subnet-0f48355de2cbfdfa0 should be chosen for the instance subnets
  • Public IP address should not be activated
  • Scaling should be a single instance (min 1, max 1)

Once the environment has been created:

Target group

  • Create a target group for the environment
  • It should be an Instances target type
  • The name should be the instance name with -tg appended
  • VPC should be the flux-vpc on port 80
  • Health check protocol should be HTTP. The path is application dependant, but the admin path is usually a good choice. Make sure the path has a trailing slash as it needs to deliver a 200 not a 30x redirect response code.
  • Select the created EB environment as the target

Load balancer

  • Identify which load balancer to use in Load balancers. In general for production services, it will be igate-test-services-lb/igate-test-services-lb-1439154562.eu-west-1.elb.amazonaws.com and for production ones insurergate-services-lb/insurergate-services-lb-1075857744.eu-west-1.elb.amazonaws.com
  • Add a rule to the load balancer that will match the service hostname to the created target group
  • Make a note of the Load balancers security group for later use.

Auto Scaling groups

  • The environment create should have also created an Auto scaling group. The easiest way to identify which one is either in the instances Event log, or by the Creation time property of the autoscaling groups.
  • In the Details tab edit Load balancing. In Load balancing - optional/Application, Network or Gateway Load Balancer target groups add the target group from the Target group step. This will ensure when the instances are replaced with a managed update, they will be registered to the Load balancer.

Security Groups

  • Make a note of the Environments security group. This should be available in the configuration tab of the environment.
  • Find the security group in Security Groups
  • Edit the inbound rules. Start by deleting all the rules. (You cant just update them)
  • Add in a rule for SSH/22 that allows Hut SSH/sg-01fb8747247d85628
  • Add in a rule for HTTP/80 that allows the above load balancer security group

Database security groups

If the application connects to any databases, the environments security group needs to be added to the RDS instances inbound rules.

Cloudflare setup

  • The DNS target to the service should be the DNS (A record) for the Load Balancer
  • It should be proxied (Orange clouded) through Cloudflare
  • The SSL mode should be strict. This will probably be achieved via a configuration rule if the domain is not strict buy default.

Navigate to the URL and you should see the sample application default page. Once this step has been achieved, the actual app is ready to be deployed to the environment. If you get it correct first time, buy a Euro millions ticket; it’s your lucky day.