Getting Started

Process at a High Level

graph TD A[Create IAM dev user] --> B{Default Image Fits Needs?} B -->|Yes| C[Use Default Image] B -->|No| D[Create Image] C --> E[Provision a Server] D --> E E --> F[Setup DNS Records] F --> G[Run SSL playbook] G --> H[Run Puma playbook] H --> I[Change DB Password] I --> J[Capistrano Deploy]

Create Image step is optional. It is only required if the default image does not fit your needs.

Step 1 : Create Account

Create AWS Account

Step 2 : Setup Environment

Development Environment Setup [PENDING: UPDATE LINK]

The IAM role is just for the purpose of getting the boto3 code to work. We will be creating IAM user instead of role. This will be covered in the next step. Things covered in this video:

  • Create IAM user called awsadmin with administrator access using AWS console.
  • Create access keys for awsadmin.
  • Download access keys for awsadmin. This is used for programmatic access by boto3 code.
  • Install AWS CLI.
  • Run aws command to get caller identity from command line.
  • Verify that the AWS account ID matches the AWS account ID is the AWS console.
  • Setup environment variables for access keys.
  • Create IAM role using boto3.
  • Make boto3 use the right credentials.
  • Run identity.py to check account used by boto.
  • Update credentials file.
  • Verify boto3 is using the right account.
  • Check in AWS console that the IAM role is created.
  • Use awsdev role to list the secrets in AWS Secrets manager

Step 3 : Create IAM User

You have two options: Create IAM User Programmatically or Create IAM User using AWS Console

Use the IAM user created for development and demonstrate the packer development workflow using that user’s credentials.

Prerequisite : The awsadmin user with administrator access exists and the access keys are setup.

  • Use aws CLI to check account ID
  • Verify account ID in AWS console
  • Run identity.py to make sure boto is using the same account
  • Create aws-dev user for development using iam.py
  • This user will have full EC2 and Secrets Manager permission
  • Run iam.py to create IAM dev user
  • Verify aws-dev user is created with the proper permission in AWS console
  • Copy access keys printed in the program output
  • Clone hivegrid.dev project
  • Go to hivegrid.dev project root directory
  • Export access keys for dev user as environment variables
  • Check Packer version
  • Run packer format command
  • Run packer validate command
  • Run packer build command

The build failure will be fixed in the next video. Instead of creating the IAM user programmatically, you can also create it in the AWS console with the same policy used in the code.

Step 4 : Create Custom Image

Create Image

This video covers:

  • Email showing request for accessing AWS resources
  • Run packer build command
  • Build failure when making AMI public

This issue is addressed in next video.

Step 5 : Share Packer Image

Packer Public Image video covers:

  • Run aws command to disable image block public access
  • The AWS account used is created to share all images with public
  • Build image using Packer
  • Note the AMI ID and the AWS region
  • Check AMI is in the AWS console in the correct region and it is public

This step is optional. You can turn off sharing the image in your Packer template.

Step 6 : Provision a Server

Terraform Provision video covers:

  • Copy AMI ID from packer build output
  • Check it matches the AMI ID in AWS console
  • Select the region in the UI that is the same region used in Packer template
  • Open terraform/main.tf in hivegrid.dev project
  • Change the tag version to the same value as Packer template
  • Run terraform fmt command
  • Run terraform validate command
  • Upgrade terraform by running brew upgrade terraform
  • Fix error by running terraform init command
  • Run terraform apply -auto-approve
  • Copy public IP and ror-secret name values in the terraform output
  • Go to AWS console -> instances
  • Copy public IP in the networking tab
  • Set ROR_SECRET_KEY environment variable to output value in the terminal
  • Go to javascript directory
  • Run node keyDownload.js to download the PEM file
  • SSH into EC2 instance using the downloaded PEM file and public IP
  • Ping caddy curl localhost
  • Ping goss healthcheck endpoint curl localhost:8080/healthz | jq .

Step 7 : Setup DNS Records

Mapping IP Address to Domain Name

Step 8 : Capistrano Setup

  • Setup SSH connection for Capistrano
  • Deploy Rails 7 app using Capistrano to EC2 instance

You can see the Capfile, deploy.rb, Gemfile related to Capistrano setup in Rails 7 demo app for Capistrano