This section describes how to setup UAT environment for application and media hosting.
⚠ The documentation is written for developers that have at least some experience with AWS and Terraform.
Application hosting is provisioned by Terraform script that creates following resources in AWS:
- CloudFront
- ECS on EC2 (3x services - backend, frontend and database)
- VPC resources in your AWS account for application hosting
⚠ Approximate cost of this stack is between $20 - $30 per month (main cost is for the EC2 t3.small instance) and it is meant for hosting pre-production UAT environment (it is not suitable for production workloads).
- Git CLI
- Terraform CLI
- Option A/ Use Terraform Cloud to store the infrastructure state
- Create Terraform Account
- Create Terraform Organization
- Name of the organization must match the name specified in
backend.tf- the name must be unique, so you will have to rename it - Workspace will be automatically created based on
backend.tf
- Name of the organization must match the name specified in
- Set organization execution mode to local
- Option B/ Use local backend to store the infrastructure state
- Setup local backend
- Option A/ Use Terraform Cloud to store the infrastructure state
- AWS account
- AWS CLI
- Route 53 domain (will be used to create subdomains)
- You can also use domain outside of AWS - by either changing the Terraform code or creating an alias for your domain in Route 53
git clone https://github.com/ironexdev/ent-stack-devops.git <your project name>- Copy
infrastructure/app-uatandbin/awsdirectories from the DevOPS repository to your Application repository- Prerequisite to this is having a previously created application repository based on the ENT Stack
- If you don't, then follow the setup guide
- Prerequisite to this is having a previously created application repository based on the ENT Stack
Create and fill-in the infrastructure/app-uat/.tfvars file
frontend_domain_name = "uat.<my-site>.com"
backend_domain_name = "uat.api.<my-site>.com"
route53_zone_id = "<aws-route53-zone-id>" There is more variables that can be overridden, but they have default values.
Make sure to go through variables.tf, providers.tf and backend.tf files - especially if you want to use different region than us-east-1.
- Navigate to the
infrastructure/app-uatdirectory
terraform initterraform plan -var-file=.tfvarsterraform apply -var-file=.tfvarsCheck deployment progress in AWS Console - ECS
After the deployment is done, you will have VPC, CloudFront for TLS termination and three running placeholder ECS tasks, that will be updated/replaced during CI/CD deployment.
Media hosting is provisioned by Terraform script that creates an S3 bucket and a CloudFront distribution resources in AWS.
The solution supports two access methods: Public and Signed URLs. You can store and access media files based on your access requirements, ensuring secure and efficient media delivery.
Provisioned resources may incur costs:
- CloudFront Pricing
- S3 Pricing
- The cost is same as if you would create these resources manually
The solution does not handle media optimization.
- Git CLI
- Setup Terraform CLI
- A/ Use Terraform Cloud to store the infrastructure state
- Create Terraform Account
- Create Terraform Organization
- Name of the organization must match the name specified in
backend.tf- the name must be unique, so you will have to rename it- You can change backend.tf after you clone the repo to your local env (Setup section)
- Workspace will be automatically created based on
backend.tf
- Name of the organization must match the name specified in
- Set organization execution mode to local
- B/ Use local backend to store the infrastructure state
- Setup local backend
- A/ Use Terraform Cloud to store the infrastructure state
- Setup AWS CLI
- Create and upload SSH key to sign urls
- You will later need private_key.pem to sign urls in your app
- Add Key Group vars
- Go to AWS CloudFront key groups and create a new key group
- Copy id of the key group you created
git clone https://github.com/ironexdev/ent-stack-devops.git <your project name>- Copy
infrastructure/media-uatdirectory from the DevOPS repository to your Application repository- Prerequisite to this is having a previously created application repository based on the ENT Stack
- If you don't, then follow the setup guide
- Prerequisite to this is having a previously created application repository based on the ENT Stack
Create and fill-in the infrastructure/media-uat/.tfvars file.
cloudfront_key_group_id = "<id>" - Refer to the prerequisites section for details on how to obtain it.
There is more variables that can be overridden, but they have default values.
Make sure to go through variables.tf, providers.tf and backend.tf files - especially if you want to use different region than us-east-1.
- Navigate to the
infrastructure/media-uatdirectory
terraform initterraform plan -var-file=.tfvarsterraform apply -var-file=.tfvarsAfter the deployment is done, you will have S3 bucket for storage and CloudFront for media hosting.
If you want to use Media hosting in the Application, then you will have do the following:
- Create AWS IAM user for the app with following permissions:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:PutObject",
"s3:DeleteObject",
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::ent-media",
"arn:aws:s3:::ent-media/*",
]
}
]
}- Add variables and secrets to AWS SSM:
- Variables
"APP_BE_AWS_S3_REGION"
"APP_BE_AWS_S3_MEDIA_BUCKET_NAME"- Secrets
"APP_BE_AWS_S3_ACCESS_KEY_ID"
"APP_BE_AWS_S3_SECRET_ACCESS_KEY"-
Add those variables and secrets also to CI/CD (specifically test and backend deploy workflows)
-
You will also need to add them to backend .env and install AWS SDK
-
Frontend does not need SDK as unprotected media urls can be constructed without it and protected media will be provided by the backend