Name: startup-kit-templates
Owner: Amazon Web Services - Labs
Owner: AWS Samples
Description: CloudFormation templates for setting up a startup's well-architected infrastructure on AWS.
Created: 2016-12-28 17:58:48.0
Updated: 2018-01-15 22:02:21.0
Pushed: 2018-01-09 18:43:11.0
Size: 342
Language: Python
GitHub Committers
| User | Most Recent Commit | # Commits |
|---|
Other Committers
| User | Most Recent Commit | # Commits |
|---|
The AWS Startup Kit CloudFormation templates create stacks to help with getting started on AWS. Components include a VPC, a bastion host, and optionally a relational database and/or an AWS Elastic Beanstalk application.
The VPC template is the foundation for everything else. It creates a VPC that includes the following network resources:
The bastion host or jump server is used to provide SSH access to instances with private IP addresses in the application's security group.
If desired, a relational database can be created using the db.cfn.yml template. Either a MySQL or PostgreSQL database is created in the Amazon Relational Database Service (RDS), which automates much of the heavy lifting of database setup and maintenance. Following best practices, the database is created in private subnets concealed from the public Internet.
The optional app.cfn.yml template creates an Elastic Beanstalk application with EC2 application servers placed in private subnets while the load balancer in front of them is placed in public subnets. The complete architecture is as follows:
If you haven't done so already:
Make sure you're signed into AWS as an IAM user with admin access. Avoid using the root account.
Create an EC2 key pair. This is necessary to use the bastion host.
All of the following steps involve using the AWS CloudFormation console. Simply click the “Create Stack” button in the upper left corner of the console. Next, under “Choose a template”, select “Upload a template to Amazon S3” and click “Browse” to find your local fork of this repository and choose the relevant template.
Create the stacks in the following order:
[1] Create the VPC: Select the vpc.cfn.yml template. Pick a relevant stack name, and an IP address or address range from which you will allow SSH access to the bastion host. Use CIDR notation.
[2] Create the bastion: Select the bastion.cfn.yml template. Pick a relevant stack name, and then enter the name of your EC2 key pair and the name of the VPC stack you created in step [1].
[3] Create the database: Select the db.cfn.yml template.
[4] Create the app: First, decide which app you'd like to deploy.
[5] Create DevOps resources: Select the devops.cfn.yml template. NOTE: These resources are meant to be used with the Node.js sample app, but can be modified to work with another app.
In general, it is best to treat your fleet of instances as “cattle, not pets” and avoid SSH'ing into them to manage them individually. When it's necessary to connect for debugging purposes etc., connect via the bastion host created with the bastion template. One way to do this is to use SSH agent forwarding. For details about how to set this up on your local computer, consult the relevant AWS blog post.
Since the database is in a private subnet, it also is necessary to connect to it via the bastion host using a method such as TCP/IP over SSH. For an example of how to do this with MySQL Workbench, see the documentation.
In that example, you would replace the SSH Hostname with the public DNS name of your bastion host, SSH Username with “ec2-user”, and SSH Key File with the path to the EC2 key pair you created. Ignore the SSH Password field. For MySQL Hostname, enter the “RdsDbURL” from the Outputs tab for the database stack in the CloudFormation console. MySQL Server Port is 3306. For the Username and Password fields, enter the corresponding outputs for “DbUser” and “DbPassword” from the Outputs tab.
Using the app template automates the process of setting up an app in AWS Elastic Beanstalk. Additionally, using a Startup Kit sample workload allows you to quickly test out your VPC and database setup.
However, you can deploy your own app instead of a Startup Kit sample workload. If you use the app template, keep in mind that it is designed to work with a relational database in RDS. If your own app uses a relational database, the database connection string parameters should conform to the naming conventions in the template, or you can fork the templates and modify the names. Similarly, if you're not using a relational database at all, you can modify the app template accordingly.
Additionally, it is not necessary to use the app template to leverage the benefits of the other templates. You can add an application on top of the infrastructure created in steps [1] to [3] using any technologies of your choice.
For example, you can use the Elastic Beanstalk console to set up a load balanced, highly available environment. Alternatively, you can directly set up a load balancer and an autoscaling group (ASG) without using Elastic Beanstalk. To ensure your app is highly available, make sure to spin up at least two server instances in separate availability zones.
As you add application components on top of the infrastructure created with the templates, make sure that each component is (a) set up in the VPC created in step [1] above, and (b) assigned to the relevant security group created by the VPC template. Check the Outputs tab of the CloudFormation console for the IDs of the security groups, which will be prefixed with “sg-“. In particular:
Load balancers, such as Application Load Balancers or Classic Load Balancers, should be assigned to “ELBSecurityGroup” so they can talk to the application instances.
Application instances, such as RESTful API servers or web servers, should be assigned to the “AppSecurityGroup” so they can talk to the database as well as the load balancer, and receive SSH traffic from the bastion host.