High Availability Setup (AWS) 2021-Dec
- 1 Overview
- 2 Step 1: Registering a Route53 Domain / Getting SSL Certificate
- 3 Step 2: Create VPC and two subnets
- 4 Step 3: Create Security Groups
- 5 Step 4: Create Amazon Aurora RDS Database
- 6 Step 5: Create Elasticache Instance
- 7 Step 6: Launching ec2 instance
- 8 Step 7. Create NAT gateway
- 9 Step 8: Install packagecloud enterprise
- 10 Step 9: Create Target Group
- 11 Step 10: Configure Elastic Load Balancer
- 12 Step 11: Create Autoscaling Group
- 13 Troubleshooting
Overview
The multi-node AWS setup is a standard high-availability/scalability AWS setup that involves:
Getting a domain name using Route53
Getting a SSL certificate using Certification Manager
Create S3 to hold packages
Create Cloudfront to serve packages held in S3 to provider high availability/scalability
Create DB to hold user information, etc.
Create Elasticache to hold background jobs
Creating a VPC with public and private subnets
Create an EC2 server in VPC private subnets to run packagecloud on-premise
Create load balancers in VPC public subnet to serve the SSL certificate and provide high availability/scalability
Creating an image of the EC2 instance running packagecloud on-premise and use it for autoscaling more EC2 servers depending on load to provide high availability/scalability
Step 1: Registering a Route53 Domain / Getting SSL Certificate
Route53 has a unique integration with Elastic Load Balancer that makes routing requests to our cluster a lot simpler. We recommend a Route53 even if you already have a domain you plan to use.
Register a Route53 Domain
For this guide we'll be using the domain name my-pcloud.be
Request Certificate
Receive Certificate Validation Email
In order for the Amazon issued certificate to work, we need to click on the validation link that Amazon sends to the following addresses:
administrator@your_domain
hostmaster@your_domain
postmaster@your_domain
webmaster@your_domain
admin@your_domain
The easiest way to receive this email on a Route 53 domain is to temporarily setup AWS Workmail.
Setting up AWS Workmail
Proving Ownership of Domain
Configure your Route53 records to match the values desired by the AWS Workmail verification screen. Note that 'Hostname' field already contains your domain name, but the interface for Route53 already suffixes your domain for you. Ensure you only copy+paste up to your domain. For example:
Final result:
If all your Record sets were configured correctly, then you should see this:
Create the hostmaster user
Inside of AWS Workmail, add a user named hostmaster (this is the email that receives the validation email from the Certificate Manager)
Go to Organization Settings to get the login URL for your organization
Login as the hostmaster user with the password given above
After hitting Resend, you should an email from Amazon Certificates
Open the email and approve the Certificate.
Now we have a working Domain and Certificate! Feel free to delete the AWS Workmail account and organization.
Step 2: Create VPC and two subnets
We're going to create a VPC with two subnets, since we'll be using a minimum of two availability zones. We will be using us-west-1a and us-west-1c.
Create the first subnet, on the 10.0.0.0/24 block and the second subnet on the 10.0.1.0/24 block.
Final result should be two subnets in two different availability zones.
Step 3: Create Security Groups
Frontend security group:
RDS security group:
Redis security group:
ELB security group:
Step 4: Create Amazon Aurora RDS Database
Before creating the database, create a Parameter Group for the database family you are using. We are using Aurora in MySQL 5.7: Amazon RDS
Step 5: Create Elasticache Instance
Create a subnet group:
Create Redis instance:
Step 6: Launching ec2 instance
Create public instance
Create private instance
Step 7. Create NAT gateway
This is to enable servers in private network to reach the internet, but not vice-versa.
Create route table:
Edit route table of private subnet:
Step 8: Install packagecloud enterprise
Follow the guide for Single Node Setup paying special attention to the External Database, External Redis, and Session Secret options. This also involves setting up Cloudfront.
NOTE: To reach the EC2 in VPC private subnet, you will need to setup a jump/bastion host in the VPC public subnet.
Step 9: Create Target Group
Step 10: Configure Elastic Load Balancer
Step 11: Create Autoscaling Group
Create Image from Running EC2 Instance
Create Launch Configuration
Troubleshooting
If the site is not working, make sure the instances registered for that load balancer are healthy (this may take a few minutes). Amazon will only forward requests to healthy instances.