Skip to content

Latest commit

 

History

History
70 lines (54 loc) · 2.26 KB

README.md

File metadata and controls

70 lines (54 loc) · 2.26 KB

This is a work in progress demo project using Terraform to create an Amazon ECS cluster running the following:

Prerequisites

  • Development and testing was done on macOS. It probably works ok on Linux too.

  • Docker installed locally.

  • SETTINGS.sh adjusted to your liking.

  • An EC2 Key Pair as named in SETTINGS.sh.

  • AWS credentials for the Profile(s) named in SETTINGS.sh.

    e.g. in ~/.aws/credentials:

    [devops-example]
    aws_access_key_id=...
    aws_secret_access_key=...
    

    and in ~/.aws/config:

    [profile devops-example]
    region=ap-southeast-2
    

Deploying

  1. Run bin/stack-create.sh to create everything.

  2. Run bin/test.sh to check the stack is working properly.

Undeploying

Run bin/stack-destroy.sh to destroy everything except for the logs in CloudWatch (which should be destroyed manually).

Things not yet addressed

  • Instance / DB sizing is chosen to suit the AWS Free Tier
  • Kong
    • Authentication for Admin API
  • Kong Database
    • Enable deletion protection
    • Backups
    • Storage size
    • At rest encryption
    • SSL connections
    • Proper password
    • Kong gets password via Secrets Manager
  • Logging
    • From ECS instance hosts (tasks are already sending to CloudWatch)
  • High availability / multi-zone etc
  • HTTPS instead of HTTP everywhere
  • Network
  • Testing
    • Network ACLs / Security Groups (haven't figured out how to test whats actually happening)
    • ECS instance exists
  • Static analysis
  • Are health checks pointing at paths that actually indicate health?
  • ...