Deploying an app on AWS using EBS, S3, RDS - Techylem
16496
post-template-default,single,single-post,postid-16496,single-format-standard,bridge-core-1.0.5,ajax_fade,page_not_loaded,,qode_grid_1300,qode-content-sidebar-responsive,qode-theme-ver-18.1,qode-theme-bridge,qode_advanced_footer_responsive_1000,bridge,wpb-js-composer js-comp-ver-6.0.2,vc_responsive

Deploying an app on AWS using EBS, S3, RDS

Deploying an app on AWS using EBS, S3, RDS

List of Services Used

 

We will use the following services:

AWS services

 

  • Route 53: For domain management
  • Certificate Manager: For SSL manager
  • Elastic Beanstalk: For Server management
  • RDS (Postgresql) : For Database
  • S3 storage: For Static/Media content hostings
  • IAM: for resources Access management

Github services:

 

  • Github actions: For automated deployment

Detail of Setup

Route 53 domain settings

 

Route 53 has a hosted zonedomain.com” that contains all records regarding domain management

 

 

NameCheap.com (Owner of domain.com) contains NS records of Route 53 (in domain.com hosted zone) 

 

A record domain.com is pointing to Elastic Beanstalk application via alias

 

MX record ‘domain.com’  is pointing to Email servers on SiteGrounds (May change with time)

 

NS record ‘domain.com’  is provided by Route 53 Don’t change

 

SOA record ‘domain.com’ is provided by Route 53 Don’t change

 

CNAME record ‘_cc46ec9bd5d8fb6678a8142c1438e394.domain.com’ is from the Certificate Manager for SSL certificate verification 

 

A record www.domain.com’ is pointing to an S3 route redirect bucket via alias

 

Certificate Manager: For SSL manager

SSL is being provided by AWS Certificate Manager

Simply request a certificate add your domains and add the given Domain records(CNAME, TXT) to your domain manager currently Route 53

Note: Using Certificate manager is necessary as Elasticbeanstalk only support Certificate Manager

S3 route redirect bucket

AWS S3 contains a bucket

This bucket is empty and will not store any objects, its sole purpose is to add a domain level 301 redirect 

Scroll to the bottom (AWS S3 console of 2021)

It contains the following settings

Use this method to add any 301 redirects at the domain level

 

Note: make sure that the name of the bucket is exactly the same as the source domain or it will not showup in Route 53 menu

 

S3 for Static/Media Storage

“Applicationname-dev” is the bucket currently being used for the storage and hosting purpose of static and media files of the Django application

 

This bucket should have the latest contents of the static folder in order for the Django application to work properly. It is being done via Django collectstatic command in Elastic Beanstalk.

 

 

The above settings make s3 contents publicly accessible throughout the internet

 

CORS settings: Make sure AllowedOrigins contains all domain names

 

RDS PostgreSQL for database

Below is the current database being used for the Django application it is set to 20 GB at the time of deployment with auto-scaling on and Max threshold to 1000GB

 

RDS takes snapshots of the database regularly that can be restored at any point

Its Username and password are set at the time of the creation

Default Database name is ‘postgres’

Default Username is ‘postgres’

Password was shared at the time of development.

 

Security Group settings

 

 

 

 

Note: All databases are set to be private (not accessible via the internet) if the database is not connecting check Security Group settings

 

Why a separate RDS database and not the one provided by Elastic Beanstalk?

Elastic Beanstalk will delete its database in case of any failure that can cause a loss of data in order to keep things simple and failproof it is better to use a separate Database.

Elastic Beanstalk

 Elastic Beanstalk contains an application that has an environment that has Django  application deployed

 

 

Quick Setup From saved Configuration
  • Create a new webserver environment with a sample application
  • After success full deployment load latest saved configuration
  • Upload Django code in zipped format

Elastic beanstalk Configurations

Environment Variable Configurations

In Configurations > Software section > Edit following environment variables are necessary 

Details of the environment can be found here

Note: Current Server type is NGINX and Django app has  a configuration specific to NGINX

Load Balancer Configuration

In Configurations > Load Balancer section > Edit

 

 

Port 80: for listing to normal request 

Port 443: for listing SSL

 

 

In the SSL Certificate field, the Certificates will appear from the Certificate Manager

 

Security Configuration

 

 

Service role and IAM are created automatically, 

EC2 key pair can be created and attached to EBS here for SSH access

Current key pair shared during development

 

.ebextensions config

In the root directory, there should be a .ebextionsions folder that should contain the following files

 

 

Above is the base file that installs extra packages and sets the WISGI path

 

 

The above file will run migration command and collectstatic command on each deployment

IAM Roles

At the time of development 2 IAM Roles were created for the following purposes

  1. domain.com-CIRCLICI: Has Full access to elastic beanstalk is being used for Automated deployment by githit actions
  2. domain.com-S3: Has Full S3 access used in Django application for static and media file management

Django Application Environment Variables 

Django applications have the following settings that they can take from the os environment and override existing settings.

Note: All variables name can be found in Django code spcore/settings.py

 

 

Django Application NGINX Configuration

Django code should contain a .platform\nginx\conf.d (Windows format)file with the content shown in the image above.

The settings allow an upload size of 25MB.

 

Github Actions Configuration

 

At the time of development, the following is the YML configuration for GitHub actions

 

Dependences

Github action depends on two variables from Github secrets

It requires Access Id and Secret Key to deploy code directly to Elastic Beanstalk

 

Working

 

This workflow will be triggered on every push to the master branch

It will zip the existing code and except for the .git folder and upload it to Elastic Beanstalk and issue a deploy request.

 

To observe the process open Github repo and navigate to the Actions tab.

Abdul Moeed Bin Babar
abdulmoeedbinbabar@gmail.com