Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- source $1
- source $HOME/.python3/bin/activate
- ############ IAM CONFIG ############
- aws iam create-user --user-name ${SERVICE_IAM_USER} --profile iam
- aws iam attach-user-policy \
- --policy-arn arn:aws:iam::aws:policy/AmazonVPCFullAccess \
- --policy-arn arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforAWSCodeDeploy \
- --user-name ${SERVICE_IAM_USER} \
- --profile iam
- aws iam attach-user-policy \
- --policy-arn arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforAWSCodeDeploy \
- --user-name ${SERVICE_IAM_USER} \
- --profile iam
- aws iam attach-user-policy \
- --policy-arn arn:aws:iam::aws:policy/AWSElasticBeanstalkFullAccess \
- --user-name ${SERVICE_IAM_USER} \
- --profile iam
- aws iam attach-user-policy \
- --policy-arn arn:aws:iam::aws:policy/AmazonS3FullAccess \
- --user-name ${SERVICE_IAM_USER} \
- --profile iam
- aws iam attach-user-policy \
- --policy-arn arn:aws:iam::aws:policy/AmazonRDSFullAccess \
- --user-name ${SERVICE_IAM_USER} \
- --profile iam
- aws iam attach-user-policy \
- --policy-arn arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryFullAccess \
- --user-name ${SERVICE_IAM_USER} \
- --profile iam
- aws iam attach-user-policy \
- --policy-arn arn:aws:iam::aws:policy/AWSCodeDeployFullAccess \
- --user-name ${SERVICE_IAM_USER} \
- --profile iam
- aws iam create-access-key --user-name ${SERVICE_IAM_USER} --profile iam
- read -p "User id: " AWS_ID
- read -p "User secret: " AWS_SECRET
- echo "IAM_USER_ID=${AWS_ID}" >> ./aws-eb.env
- echo "IAM_USER_SECRET=${AWS_SECRET}" >> ./aws-eb.env
- aws configure set region ${SERVICE_AWS_REGION} --profile ${SERVICE_IAM_USER}
- aws configure set aws_access_key_id ${AWS_ID} --profile ${SERVICE_IAM_USER}
- aws configure set aws_secret_access_key ${AWS_SECRET} --profile ${SERVICE_IAM_USER}
- ############ ECR & EB CONFIG ############
- # Create ECR repository
- aws ecr create-repository \
- --repository-name ${SERVICE_DOCKER_REPO} \
- --profile ${SERVICE_IAM_USER}
- aws ecr describe-repositories \
- --repository-names ${SERVICE_DOCKER_REPO} \
- --profile ${SERVICE_IAM_USER}
- read -p "ECR repo URL: " ECR_URI
- echo "ECR_URI=${ECR_URI}" >> ./aws-eb.env
- # Create VPC
- # aws ec2 create-vpc \
- # --cidr-block 10.0.0.0/16
- # read -p "VPC ID:" VPC_ID
- #echo "export VPC_ID=${VPC_ID}" >> ./aws.env
- # Create Elastic Beanstalk Environment
- cd "${APP_FOLDER}"
- eb init -p docker ${SERVICE_NAME} --profile ${SERVICE_IAM_USER} --region ${SERVICE_AWS_REGION}
- echo -e "deploy:" >> ./.elasticbeanstalk/config.yml
- echo -e " artifact: ./Dockerrun.aws.json" >> ./.elasticbeanstalk/config.yml
- cat << EOF > ./Dockerrun.aws.json
- {
- "AWSEBDockerrunVersion": "1",
- "Image": {
- "Name": "${ECR_URI}",
- "Update": "true"
- },
- "Ports": [
- {
- "ContainerPort": "${APP_PORT}"
- }
- ]
- }
- EOF
- git archive --format=tar \
- --output ${SERVICE_NAME}.tar 5fc9c7e
- docker build --build-arg service_name=${SERVICE_NAME} \
- --build-arg react_folder=${REACT_FOLDER} \
- --tag ${SERVICE_NAME} \
- --file Dockerfile .
- #docker tag ${SERVICE_NAME}/go:latest ${SERVICE_DOCKER_REPO}
- docker tag ${SERVICE_NAME}:latest ${ECR_URI}
- $(aws ecr get-login --no-include-email --region ${SERVICE_AWS_REGION} --profile ${SERVICE_IAM_USER})
- docker push ${ECR_URI}
- # Assign policy to EB role to enable
- # ElasticBeanstalk to access ECR
- # This is going to work as long as
- # the EB instance has the default ec2 role
- aws iam attach-role-policy \
- --role-name aws-elasticbeanstalk-ec2-role \
- --policy-arn arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly \
- --profile iam
- # to create a vpc use --vpc
- eb create ${SERVICE_ENVIRONMENT_NAME} --region ${SERVICE_AWS_REGION} --profile ${SERVICE_IAM_USER}
- ############ DB CONFIG ############
- cd "${APP_FOLDER}"
- # Create a new security group
- # for the VPC the DB is in.
- # Otherwise, the DB is going
- # to belong to the default security group
- # Get RDS VPC name
- aws ec2 describe-vpcs --profile ${SERVICE_IAM_USER}
- read -p "RDS_VPC_ID: " RDS_VPC_ID
- echo "RDS_VPC_ID=${RDS_VPC_ID}" >> /home/federico/qualivita/aws-eb.env
- aws ec2 create-security-group --group-name ${RDS_SECURITY_GROUP} \
- --description "${DB_NAME} security group" \
- --vpc-id ${RDS_VPC_ID} \
- --profile ${SERVICE_IAM_USER}
- read -p "Enter database Group Id: " RDS_GROUP_ID
- echo "RDS_GROUP_ID=${RDS_GROUP_ID}" >> /home/federico/qualivita/aws-eb.env
- # Get EC2 group id
- aws ec2 describe-instances --query 'Reservations[*].Instances[*].[SecurityGroups, Tags[?Key==`Name`].Value]' --profile ${SERVICE_IAM_USER}
- read -p "Enter service Group Id: " EC2_GROUP_ID
- echo "EC2_GROUP_ID=${EC2_GROUP_ID}" >> ./aws-eb.env
- # Create a NEW security group for
- # the DB's VPC to
- # accept incoming requests from another
- # security group: the ElasticBeanstalk
- # instance's security group.
- cat << EOF > ./sg-ip-permissions-rds.json
- [
- {
- "PrefixListIds": [],
- "IpRanges": [],
- "IpProtocol": "tcp",
- "Ipv6Ranges": [],
- "UserIdGroupPairs": [
- {
- "Description": "Enable access to ${DB_NAME} from EC2 security group",
- "UserId": "711464981613",
- "GroupId": "${EC2_GROUP_ID}"
- }
- ],
- "ToPort": 5432,
- "FromPort": 5432
- }
- ]
- EOF
- IP_PERMISSIONS="$(cat ./sg-ip-permissions-rds.json)"
- aws ec2 authorize-security-group-ingress \
- --ip-permissions "${IP_PERMISSIONS}" \
- --group-id $RDS_GROUP_ID \
- --profile ${SERVICE_IAM_USER}
- aws rds create-db-instance \
- --vpc-security-group-ids ${RDS_GROUP_ID} \
- --allocated-storage 20 \
- --db-instance-class db.t2.micro \
- --db-instance-identifier ${DB_NAME} \
- --engine postgres \
- --master-username ${DB_USER} \
- --port ${DB_PORT} \
- --enable-iam-database-authentication \
- --master-user-password ${DB_PASSWORD} \
- --profile ${SERVICE_IAM_USER}
- aws rds describe-db-instances --profile ${SERVICE_IAM_USER} -- --query 'DBInstances[*].Endpoint'
- read -p "DB URI: " DB_HOST
- echo "export DB_HOST=${DB_HOST}" >> ./aws-eb.env
- aws ec2 describe-instances --query 'Reservations[*].Instances[*].[PublicDnsName, Tags[?Key==`Name`].Value]' --profile ${SERVICE_IAM_USER}
- read -p "EC2 URL: " BASE_URL
- DB_CONNECTION_STRING="postgres://${DB_USER}:${DB_PASSWORD}@${DB_HOST}:${DB_PORT}/postgres?sslmode=disable"
- cd ${APP_FOLDER}
- eb setenv AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID} \
- AWS_SECRET_KEY=${AWS_SECRET_KEY} \
- APP_PORT=${APP_PORT} \
- BASE_URL=${BASE_URL} \
- JWT_SECRET=${JWT_SECRET} \
- DB_CONNECTION_STRING=${DB_CONNECTION_STRING} \
- SENDGRID_API_KEY=${SENDGRID_API_KEY} \
- SENDGRID_PASSWORD=${SENDGRID_PASSWORD} \
- SENDGRID_USERNAME=${SENDGRID_USERNAME} --profile ${SERVICE_IAM_USER}
- cd -
- ############ S3 CONFIG ############
- # S3 create bucket
- aws s3api create-bucket \
- --bucket ${S3_BUCKET_NAME} \
- --acl private \
- --region ${SERVICE_AWS_REGION} --profile ${SERVICE_IAM_USER}
- # S3 update ACL for bucket
- # S3 update CORS for bucket
- cat << EOF > ./cors.json
- {
- "CORSRules": [
- {
- "AllowedOrigins": ["${BASE_URL}"],
- "AllowedHeaders": ["*"],
- "AllowedMethods": ["PUT", "POST", "DELETE", "OPTIONS", "GET", "PATCH"],
- "MaxAgeSeconds": 3000,
- "ExposeHeaders": ["x-amz-server-side-encryption"]
- },
- {
- "AllowedOrigins": ["*"],
- "AllowedHeaders": ["Authorization"],
- "AllowedMethods": ["GET"],
- "MaxAgeSeconds": 3000
- }
- ]
- }
- EOF
- aws s3api put-bucket-cors \
- --bucket ${S3_BUCKET_NAME} \
- --cors-configuration file://cors.json
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
