thehelvetian

FROM nginx

ADD deploy/nginx/nginx.conf /etc/nginx/
ADD deploy/nginx/default.conf /etc/nginx/conf.d/

ADD public /usr/share/nginx/html

WORKDIR /usr/share/nginx/html

thehelvetian

# Building our Nginx Docker image and tagging it with the ECR URL
docker build -f Dockerfile-nginx -t YOUR_ECR_REGISTRY_URL_HERE:nginx .
docker push YOUR_ECR_REGISTRY_URL_HERE:nginx

# Building our Laravel Docker image and tagging it with the ECR URL
docker build -t YOUR_ECR_REGISTRY_URL_HERE:laravel .
docker push YOUR_ECR_REGISTRY_URL_HERE:laravel

thehelvetian

aws ec2 run-instances 
    --image-id ami-c1a6bda2 
    --key-name laravelaws            # the SSH key pair we created earlier
    --security-group-ids sg-xxxxxxxx # our previous SG allowing access to the DB
    --subnet-id subnet-xxxxxxxx      # one of our public subnets
    --count 1 
    --instance-type t2.micro         # the smallest instance type allowed
    --tag-specifications 'ResourceType=instance,Tags=[{Key=Name,Value=bastion}]'

thehelvetian

# Add your key to your SSH agent
ssh-add -K laravelaws.pem

# Verify that your private key is successfully loaded in your local SSH agent
ssh-add –L

# Use the -A option to enable forwarding of the authentication agent connection
ssh –A ec2-user@<bastion-public-IP-address>

# Once you are connected to the bastion, you can SSH into a private subnet instance

thehelvetian

# Use the Docker exec command to execute the Artisan commands inside the application container
docker exec -it CONTAINER_ID php artisan session:table
docker exec -it CONTAINER_ID php artisan migrate --force

thehelvetian

# create a SSH tunnel to RDS through your bastion:
ssh -L 54320:your_rds_database_endpoint_here.your_region_here.rds.amazonaws.com:5432 
    ec2-user@<bastion_public_ip> 
    -i ./laravelaws.pem

# Your remote database is now accessible from port 54320 on your local machine
# I strongly recommend to create first thing a read-only user in your database
psql -h localhost -p 54320 -U postgres -W db_name_here
> CREATE ROLE lionel LOGIN PASSWORD 'a_unique_password_here';
> GRANT CONNECT ON DATABASE crvs TO lionel;

thehelvetian

# create a hosted zone for AWS to select NS servers for your domain
aws route53 create-hosted-zone
    --name laravelaws.com
    --caller-reference random_string_here
    
# wait for the hosted zone to be created

# retrieve NS records
aws route53 get-hosted-zone
        --id /hostedzone/YOUR_HOSTED_ZONE_ID

thehelvetian

# Add an ALIAS record to ELB URL
aws route53 change-resource-record-sets 
    --hosted-zone-id /hostedzone/YOUR_HOSTED_ZONE_ID
    --change-batch '{
   "Changes":[
      {
         "Action":"CREATE",
         "ResourceRecordSet":{
            "Name":"laravelaws.com.",
            "Type":"A",

thehelvetian

CloudFrontDistribution:
    Type: AWS::CloudFront::Distribution
    Properties:
        DistributionConfig:
            Origins:
                - DomainName: !Ref S3BucketDNSName
                  Id: myS3Origin
                  S3OriginConfig:
                      OriginAccessIdentity: !Ref CloudFrontOAI
            Enabled: 'true'

thehelvetian

aws cloudfront create-cloud-front-origin-access-identity
    --cloud-front-origin-access-identity-config CallerReference=random_string_here,Comment=