how-to
/
all-in-one
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

aws s3 web deployment

Browse Source
main
Yik Teng Hie 5 years ago
parent 53af8f6d9e
commit 134f1e6ffb
4 changed files with 282 additions and 0 deletions
Show Stats Download Patch File Download Diff File

80
aws/s3-static-web.md
Unescape Escape View File

@ -0,0 +1,80 @@
# Create S3 static web
* Create a bucket `myforms3`
* Create a static web artifacts
* Flutter : `flutter build web`
* Upload `build/web` artifacts to S3 bucket
* S3
* Goto bucket properties
* Enable `Static website hosting` feature
* Endpoint will be shown in this section
* http://myforms3.s3-website-ap-southeast-1.amazonaws.com/
* Enable public access
* Goto `Permissions`
* Disable `Block public access (bucket settings)`
* Apply this settings to `Bucket policy`
```json
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "PublicReadGetObject",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::myforms3/*"
}
]
}
```
* Enable CORS to access external site
* Goto `Permissions`
* Apply this setting to `Cross-origin resource sharing (CORS)` to allow `https://54e9e45d-c142-4c16-8467-bceb20cf68ca.mock.pstmn.io`
```json
[
{
"AllowedHeaders": [
"*"
],
"AllowedMethods": [
"PUT",
"POST",
"DELETE"
],
"AllowedOrigins": [
"https://54e9e45d-c142-4c16-8467-bceb20cf68ca.mock.pstmn.io"
],
"ExposeHeaders": []
},
{
"AllowedHeaders": [],
"AllowedMethods": [
"GET"
],
"AllowedOrigins": [
"*"
],
"ExposeHeaders": []
}
]
```

BIN
jenkins/agent-node.PNG
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 64 KiB

202
jenkins/sample-scripts.md
Unescape Escape View File

@ -0,0 +1,202 @@
# Sample Scripts
* ![](./slave-config.PNG)
* ![](./agent-node.PNG)
* Wallet-API Shell script
```sh
sudo apt update
sudo apt install jq yajl-tools
cp config/uat.json.default config/dev.json
cd config/
RedisOldHost=`cat dev.json | jq .redis.host`
RedisHost=\"`aws ssm get-parameter --name "/rpp-dev/redis/rpp-dev-redis/endpoint" --region ap-east-1 --with-decryption --query 'Parameter.[Value]' --output text`\"
sed -i "s/$RedisOldHost/$RedisHost/" dev.json
jq 'del(.redis.password, .redis.topupLimitCheck)' dev.json > development.json
cat development.json > dev.json
rm -f development.json
DBOldHost=`cat dev.json | jq .database.host`
DBHost=\"`aws ssm get-parameter --name "/rpp-dev/database/database-url" --region ap-east-1 --with-decryption --query 'Parameter.[Value]' --output text | sed 's/:3306//'`\"
sed -i "s/$DBOldHost/$DBHost/" dev.json
DBOldUsername=`cat dev.json | jq .database.username`
DBUsername=\"`aws ssm get-parameter --name "/rpp-dev/database/database-username" --region ap-east-1 --with-decryption --query 'Parameter.[Value]' --output text`\"
sed -i "s/$DBOldUsername/$DBUsername/" dev.json
DBOldPassword=`cat dev.json | jq .database.password`
DBPassword=\"`aws ssm get-parameter --name "/rpp-dev/database/database-password" --region ap-east-1 --with-decryption --query 'Parameter.[Value]' --output text`\"
sed -i "s/$DBOldPassword/$DBPassword/" dev.json
MQOldAddress=`cat dev.json | jq .mq.address`
MQAddress=\"`aws ssm get-parameter --name "/rpp-dev/mq/private_ip" --region ap-east-1 --with-decryption --query 'Parameter.[Value]' --output text`\"
sed -i "s/$MQOldAddress/$MQAddress/" dev.json
ssh nodecon@$client_ip_addr 'sudo mkdir -p /opt/razer-pay-wallet-api && sudo chown -R nodecon:nodecon /opt/razer-pay-wallet-api'
scp -r * nodecon@$client_ip_addr:/opt/razer-pay-wallet-api
ssh nodecon@$client_ip_addr << EOF
if [ -f /usr/bin/node ] ;
then echo "Node is installed";
else curl -sL https://deb.nodesource.com/setup_14.x | sudo -E bash - && sudo apt-get install -y nodejs g++ gcc make;
fi
sudo chown -R nodecon:nodecon /opt/razer-pay-wallet-api
sudo su - nodecon
cd /opt/razer-pay-wallet-api/
sudo npm install pm2@latest -g
sudo npm install
pm2 startup
sudo env PATH=$PATH:/usr/local/bin /usr/lib/node_modules/pm2/bin/pm2 startup systemd -u nodecon --hp /home/nodecon
cd /opt/razer-pay-wallet-api/ && NODE_ENV=dev pm2 start server.js
pm2 save
EOF
```
* pipeline wallet-api
```groovy
pipeline {
agent {
label "RPP-DEV"
}
stages {
stage('Pulling project from GIT') {
steps {
git credentialsId: 'Tudorskey', url: 'git@bitbucket.org:razersw/razer-pay-wallet-api.git'
}
}
stage(' Creating new config file'){
steps{
sh '''sudo apt update
sudo apt install jq
cp config/uat.json.default config/dev.json
cd config/
RedisOldHost=`cat dev.json | jq .redis.host`
RedisHost=\\"`aws ssm get-parameter --name "/rpp-dev/redis/rpp-dev-redis/endpoint" --region ap-east-1 --with-decryption --query \'Parameter.[Value]\' --output text`\\"
sed -i "s/$RedisOldHost/$RedisHost/" dev.json
jq \'del(.redis.password, .redis.topupLimitCheck)\' dev.json > development.json
cat development.json > dev.json
rm -f development.json
DBOldHost=`cat dev.json | jq .database.host`
DBHost=\\"`aws ssm get-parameter --name "/rpp-dev/database/database-url" --region ap-east-1 --with-decryption --query \'Parameter.[Value]\' --output text | sed \'s/:3306//\'`\\"
sed -i "s/$DBOldHost/$DBHost/" dev.json
DBOldUsername=`cat dev.json | jq .database.username`
DBUsername=\\"`aws ssm get-parameter --name "/rpp-dev/database/database-username" --region ap-east-1 --with-decryption --query \'Parameter.[Value]\' --output text`\\"
sed -i "s/$DBOldUsername/$DBUsername/" dev.json
DBOldPassword=`cat dev.json | jq .database.password`
DBPassword=\\"`aws ssm get-parameter --name "/rpp-dev/database/database-password" --region ap-east-1 --with-decryption --query \'Parameter.[Value]\' --output text`\\"
sed -i "s/$DBOldPassword/$DBPassword/" dev.json
MQOldAddress=`cat dev.json | jq .mq.address`
MQAddress=\\"`aws ssm get-parameter --name "/rpp-dev/mq/private_ip" --region ap-east-1 --with-decryption --query \'Parameter.[Value]\' --output text`\\"
sed -i "s/$MQOldAddress/$MQAddress/" dev.json'''
}
}
stage('Copying app to remote EC2') {
steps {
sh '''ssh nodecon@$client_ip_addr 'sudo mkdir -p /opt/razer-pay-wallet-api && sudo chown -R nodecon:nodecon /opt/razer-pay-wallet-api'
scp -r * nodecon@$client_ip_addr:/opt/razer-pay-wallet-api'''
}
}
stage('Deploy app') {
steps {
sh '''ssh nodecon@$client_ip_addr <<EOF
if [ -f /usr/bin/node ] ;
then echo "Node is installed";
else curl -sL https://deb.nodesource.com/setup_14.x | sudo -E bash - && sudo apt-get install -y nodejs g++ gcc make ;
fi
sudo chown -R nodecon:nodecon /opt/razer-pay-wallet-api
sudo su - nodecon
cd /opt/razer-pay-wallet-api/
sudo npm install pm2@latest -g
sudo npm install
pm2 startup
sudo env PATH=$PATH:/usr/local/bin /usr/lib/node_modules/pm2/bin/pm2 startup systemd -u nodecon --hp /home/nodecon
cd /opt/razer-pay-wallet-api/ && NODE_ENV=dev pm2 start server.js
pm2 save
EOF
'''
}
}
}
}
```
* pipeline aws
```groovy
pipeline {
agent {
label "master"
}
stages {
stage('Pulling GIT project') {
steps {
git branch: 'endava', credentialsId: 'Tudorskey', url: 'git@bitbucket.org:razersw/razer-pay-infrastructure.git'
}
}
stage('Build terraform image') {
steps {
sh 'cd serverless/aws && sudo docker build --build-arg AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID --build-arg AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY --build-arg PROFILE=$PROFILE --build-arg REGION=$REGION -t terraform_aws .'
}
}
stage('Validate terraform') {
steps {
sh 'sudo docker run -t terraform_aws bash -c "cd environments/dev && terraform validate"'
sh "CONTAINER_ID=\$(sudo docker ps -a | grep 'terraform' | awk '{ print \$1 }') && CONT=\$(echo \${CONTAINER_ID} | cut -d' ' -f1) && sudo docker rm \${CONT}"
}
}
stage('Generate plan') {
steps {
sh 'sudo docker run -t terraform_aws bash -c "cd environments/dev && terraform plan -out tfplan"'
sh "CONTAINER_ID=\$(sudo docker ps -a | grep 'terraform' | awk '{ print \$1 }') && CONT=\$(echo \${CONTAINER_ID} | cut -d' ' -f1) && sudo docker rm \${CONT}"
}
}
stage('Security testing') {
steps {
sh 'sudo docker run -t terraform_aws bash -c "cd environments/dev && terraform plan -out tfplan && terraform show -json tfplan > tfplan.json && terraform-compliance -p tfplan.json -f ../../security_testing/ > security_results.txt ; cat security_results.txt ; terraform-compliance -p tfplan.json -f ../../security_testing/ > security_results.txt"'
sh "CONTAINER_ID=\$(sudo docker ps -a | grep 'terraform' | awk '{ print \$1 }') && CONT=\$(echo \${CONTAINER_ID} | cut -d' ' -f1) && sudo docker rm \${CONT}"
}
}
stage('Approval step') {
steps {
script {
env.APPROVED = input message: 'Approve this infrastructure deploy?',
ok: 'Deploy!',
parameters: [choice(name: 'Approving', choices: "YES\nNO\n", description: 'Proceed with deployment?')]
}
}
}
// stage('Deploy infrastructure') {
// steps {
// script {
// sh 'sudo docker run -t terraform_aws bash -c "cd environments/dev && terraform apply -auto-approve"'
// sh "CONTAINER_ID=\$(sudo docker ps -a | grep 'terraform' | awk '{ print \$1 }') && CONT=\$(echo \${CONTAINER_ID} | cut -d' ' -f1) && sudo docker rm \${CONT}"
// }
// }
// }
}
}
```

BIN
jenkins/slave-config.PNG
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 9.5 KiB

Write Preview
Loading…
Cancel
Save