- VPC
- IGW for Public subnet internet access
- Elastic IP for NAT Gateway
- NAT Gateway for Private subnet internet access
- Route table for public subnet
- Route table for private subnet
- private subnet
- public subnet
- sg to expose ssh(22) , http(80) in public subnet
- sg to expose ssh(22) , psql(5432) in private subnet
- 2 ec2 instances one for public and otherwise
terraform will create
- VPC with
10.0.0.0/16cidr block - IGW
- Elastic IP
- NAT Gateway
- public subnet with
10.0.1.0/24cidr block - private subnet with
10.0.2.0/24cidr block - route table with IGW associte with public subnet
- route table with NAT Gateway associte with Private subnet
t2.microec2 instance withroot_block_device10Gbgp2in public subnett2.microec2 instance withroot_block_device10Gbgp2in private subnet- security group with
- ingress
tcpport 22sshtcpport 5432psql
- egress
- expose anywhere
- security group with
- ingress
tcpport 22sshtcpport 80http
- egress
- expose anywhere
terraform apply
- update all the hosts
- install nginx in bastion host (public)
- install postgres in private host
- install postgres using apt
- configure
pg_hba.conffile to allow connections - configure
postgresql.confto listen on all interfaces to be accessible by other ec2 instances - create database , database user and previleges
- deploy linkin web app in docker container
ansible-playbook main.yml -v -i hosts
ansible config is loaded from the current directory ssh key and bastion redirects are loaded from the ssh config and ansible config
todo : use vars for database url , names ect. setup promethous nad grafana setup postgres data in separate ebs https://www.digitalocean.com/community/tutorials/how-to-move-a-postgresql-data-directory-to-a-new-location-on-ubuntu-18-04
setup crontab to backup pg https://docs.ansible.com/ansible/latest/collections/ansible/builtin/cron_module.htmll