Browse --- Chat --- Wekan

Skip to content
GitLab

Cloud provider · Changes

Page history
Fresh authored by kc's avatar kc
Hide whitespace changes
Inline Side-by-side
Cloud-provider.md 0 → 100644
View page @ 8da0102a
#### _AWS_
- Upload public ssh key, creating a key pair (optionally use a new ssh key)
- ex `ssh-keygen`
- Create a User (recommend admin/**AdministratorAccess**) that will manage the overall infrastructure.
- Create a Bot user with **AmazonS3FullAccess** policy that will be used to Download/Upload to s3
- Each user is provided an **AWS_ACCESS_KEY** and **AWS_SECRET_ACCESS_KEY** and is needed later
- If given the **AdministratorAccess** managed policy, your access key will have all of the below policies by default
- User key must have the following **managed** policies:
- [ ] **AmazonEC2FullAccess** : Create and Destroy ec2 instances/amis
- [ ] **AmazonVPCFullAccess**: Create and Destroy vpcs
- [ ] **AmazonS3FullAccess**: Upload and Download from S3
- *Review if **all** s3 actions done by bot or not*
- Bot key must have the following **managed** policy:
- [ ] **AmazonS3FullAccess**: Upload and Download from S3
If you would like to sticky nameservers for multiple domains (aws uses many and changes them whenever a hosted zone is destroyed/created) you have 2 options. One using terraform and one not. Both require keeping a placeholder hosted zone with a reusable delegation set.
1. Using the aws cli (no terraform)
- Create a "placeholder" [hosted zone](https://console.aws.amazon.com/route53/v2/hostedzones#)
- Get the Hosted Zone ID (Adjust the table to get the full ID)
- With the aws cli tool (AWS Cloudshell works), enter the following command replacing YOUR_ZONE_ID with the Hosted Zone ID
- `aws route53 create-reusable-delegation-set --caller-reference="unique" --hosted-zone-id="YOUR_ZONE_ID"`
- Get the ID created from the command and fill in `variable "default_reusable_delegationset_id"`
2. Using terraform
- Enter a "placeholder" domain name into `variable "default_hostzone"` and return here after you've created your infrastructure
- After the entire infra is created, we have a placeholder hosted zone with a reusable delegation set we want to keep even after `terraform destroy`. To keep them we must remove them from terraforms state.
- First run `terraform show` and retrieve the ID from the resource `module.main.aws_route53_delegation_set.dset[0]` and fill in `variable "default_reusable_delegationset_id"`
- Then run the following two commands to remove both the zone and delegation set from state
- `terraform state rm module.main.aws_route53_delegation_set.dset[0]`
- `terraform state rm module.main.aws_route53_zone.default_host[0]`
After using either method a placeholder hosted zone with 4 nameservers will be in route53 that we can point any domain in our registrars to and not worry about changing them again. Its rather convoluted compared to digital oceans `ns1.digitalocean.com...` convention but it gets the job done.
If you would like to create your *own* `ns1.example.com` nameservers, we've performed some of those steps here, the rest can [be found here](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/white-label-name-servers.html).
<br>
#### _Digital Ocean_
- Upload public ssh key, creating a ssh fingerprint (optionally use a new ssh key)
- ex `ssh-keygen`
- Create a TODO (Token)[link] that will manage the overall infrastructure.
- Create a TODO (Space)[link] (s3 object storage) that will be used to Download/Upload to s3
- Spaces will provide a **SPACES_ACCESS_KEY** and **SPACES_SECRET_KEY** and will be needed later, compared to the singular digital ocean api token
- #### Review if there are permissions for digital oceans token.
<br>
Now that your [workstation](workstation) is setup, you've [configured your cloud provider](cloud-provider), it's time to [configure an external domain](domain)
\ No newline at end of file