Skip to content

Latest commit

 

History

History
109 lines (82 loc) · 3.75 KB

README.md

File metadata and controls

109 lines (82 loc) · 3.75 KB

Overview

Install, configure and manage the AWS scicomp account.

Instructions to create or update CF stacks

need to redo this..

# Update CF stacks with sceptre:
# sceptre launch-stack prod <stack_name>

The above should setup resources for the AWS account. Once the infrastructure for the account has been setup you can access and view the account using the AWS console.

Note - This project depends on CF templates from other accounts.

Scicomp

Provision EC2 instances

aws --profile scicomp --region us-east-1 \
cloudformation create-stack --stack-name khai-instance1 \
--capabilities CAPABILITY_NAMED_IAM \
--template-url https://s3.amazonaws.com/bootstrap-awss3cloudformationbucket-114n2ojlbvj21/scicomp-infra/master/accounts.yaml \
--parameters \
ParameterKey=InstanceType,ParameterValue="t2.nano" \
ParameterKey=JcServiceApiKey,ParameterValue="abcd111122223333aaaabbbbccccddddeeeeffff" \
ParameterKey=JcSystemsGroupId,ParameterValue="1eabd8df45bf6d7d2a32d4ff" \
ParameterKey=JcConnectKey,ParameterValue="0123456789abcdef0123456789abcdef01234567" \
ParameterKey=KeyName,ParameterValue="scicomp" \
ParameterKey=VpcName,ParameterValue="computevpc" \
ParameterKey=VpcSubnet,ParameterValue="PrivateSubnet"

Note - check default parameters in the template

The above should create an EC2 instance and join the instance to a Sage Jumpcloud "system group" identified by $JcSystemsGroupId. Jumpcloud "User groups" that have access to $JcSystemsGroupId will have access to this instance.

Jumpcloud System Groups

Find system groups by using the Jumpcloud API

curl -X GET https://console.jumpcloud.com/api/v2/systemgroups \
  -H 'Accept: application/json' \
  -H 'Content-Type: application/json' \
  -H 'x-api-key: abcd111122223333aaaabbbbccccddddeeeeffff'

Jumpcloud Systems

Find systems by using the Jumpcloud API

curl -X GET https://console.jumpcloud.com/api/systems \
  -H 'Accept: application/json' \
  -H 'Content-Type: application/json' \
  -H 'x-api-key: abcd111122223333aaaabbbbccccddddeeeeffff'

Workflow

This is how EC2 provisioning works for this account.

  1. Create the EC2 instance with the above command.
  2. Locate the IP address of the newly provisioned EC2 instance.
  3. Login to the Sage VPN. (only required if the instance is in a private subnet)
  4. ssh to the ip address with a jumpcloud user account and ssh key (i.e. ssh [email protected])

Delete EC2 instances

Steps required to delete an instance.

  1. Delete the stack from AWS.
aws --profile scicomp --region us-east-1 \
cloudformation delete-stack --stack-name khai-instance1

The above should delete the EC2 instance that was provisioned in the Provision EC2 instance step

  1. Delete EC2 from Jumpcloud
curl -X DELETE https://console.jumpcloud.com/api/systems/5aabfa45f626352a235780a8 \
  -H 'Accept: application/json' \
  -H 'Content-Type: application/json' \
  -H 'x-api-key: abcd111122223333aaaabbbbccccddddeeeeffff'

Continuous Integration

We have configured Travis to deploy CF template updates. Travis deploys using sceptre

Contributions

Issues

Builds

Secrets

  • We use the AWS SSM to store secrets for this project. Sceptre retrieves the secrets using a sceptre ssm resolver and passes them to the cloudformation stack on deployment.