14 Apr Deploying an app on AWS using EBS, S3, RDS
List of Services Used
We will use the following services:
AWS services
- Route 53: For domain management
- Certificate Manager: For SSL manager
- Elastic Beanstalk: For Server management
- RDS (Postgresql) : For Database
- S3 storage: For Static/Media content hostings
- IAM: for resources Access management
Github services:
- Github actions: For automated deployment
Detail of Setup
Route 53 domain settings
Route 53 has a hosted zone “domain.com” that contains all records regarding domain management
NameCheap.com (Owner of domain.com) contains NS records of Route 53 (in domain.com hosted zone)
A record ‘domain.com’ is pointing to Elastic Beanstalk application via alias
MX record ‘domain.com’ is pointing to Email servers on SiteGrounds (May change with time)
NS record ‘domain.com’ is provided by Route 53 Don’t change
SOA record ‘domain.com’ is provided by Route 53 Don’t change
CNAME record ‘_cc46ec9bd5d8fb6678a8142c1438e394.domain.com’ is from the Certificate Manager for SSL certificate verification
A record ‘www.domain.com’ is pointing to an S3 route redirect bucket via alias
Certificate Manager: For SSL manager
SSL is being provided by AWS Certificate Manager
Simply request a certificate add your domains and add the given Domain records(CNAME, TXT) to your domain manager currently Route 53
Note: Using Certificate manager is necessary as Elasticbeanstalk only support Certificate Manager
S3 route redirect bucket
AWS S3 contains a bucket
This bucket is empty and will not store any objects, its sole purpose is to add a domain level 301 redirect
Scroll to the bottom (AWS S3 console of 2021)
It contains the following settings
Use this method to add any 301 redirects at the domain level
Note: make sure that the name of the bucket is exactly the same as the source domain or it will not showup in Route 53 menu
S3 for Static/Media Storage
“Applicationname-dev” is the bucket currently being used for the storage and hosting purpose of static and media files of the Django application
This bucket should have the latest contents of the static folder in order for the Django application to work properly. It is being done via Django collectstatic command in Elastic Beanstalk.
The above settings make s3 contents publicly accessible throughout the internet
CORS settings: Make sure AllowedOrigins contains all domain names
RDS PostgreSQL for database
Below is the current database being used for the Django application it is set to 20 GB at the time of deployment with auto-scaling on and Max threshold to 1000GB
RDS takes snapshots of the database regularly that can be restored at any point
Its Username and password are set at the time of the creation
Default Database name is ‘postgres’
Default Username is ‘postgres’
Password was shared at the time of development.
Security Group settings
Note: All databases are set to be private (not accessible via the internet) if the database is not connecting check Security Group settings
Why a separate RDS database and not the one provided by Elastic Beanstalk?
Elastic Beanstalk will delete its database in case of any failure that can cause a loss of data in order to keep things simple and failproof it is better to use a separate Database.
Elastic Beanstalk
Elastic Beanstalk contains an application that has an environment that has Django application deployed
Quick Setup From saved Configuration
- Create a new webserver environment with a sample application
- After success full deployment load latest saved configuration
- Upload Django code in zipped format
Elastic beanstalk Configurations
Environment Variable Configurations
In Configurations > Software section > Edit following environment variables are necessary
Details of the environment can be found here
Note: Current Server type is NGINX and Django app has a configuration specific to NGINX
Load Balancer Configuration
In Configurations > Load Balancer section > Edit
Port 80: for listing to normal request
Port 443: for listing SSL
In the SSL Certificate field, the Certificates will appear from the Certificate Manager
Security Configuration
Service role and IAM are created automatically,
EC2 key pair can be created and attached to EBS here for SSH access
Current key pair shared during development
.ebextensions config
In the root directory, there should be a .ebextionsions folder that should contain the following files
Above is the base file that installs extra packages and sets the WISGI path
The above file will run migration command and collectstatic command on each deployment
IAM Roles
At the time of development 2 IAM Roles were created for the following purposes
- domain.com-CIRCLICI: Has Full access to elastic beanstalk is being used for Automated deployment by githit actions
- domain.com-S3: Has Full S3 access used in Django application for static and media file management
Django Application Environment Variables
Django applications have the following settings that they can take from the os environment and override existing settings.
Note: All variables name can be found in Django code spcore/settings.py
Django Application NGINX Configuration
Django code should contain a .platform\nginx\conf.d (Windows format)file with the content shown in the image above.
The settings allow an upload size of 25MB.
Github Actions Configuration
At the time of development, the following is the YML configuration for GitHub actions
Dependences
Github action depends on two variables from Github secrets
It requires Access Id and Secret Key to deploy code directly to Elastic Beanstalk
Working
This workflow will be triggered on every push to the master branch
It will zip the existing code and except for the .git folder and upload it to Elastic Beanstalk and issue a deploy request.
To observe the process open Github repo and navigate to the Actions tab.
