...with Programmatic Access only and with the following permissions:
arn:aws:iam::aws:policy/AmazonS3FullAccess
arn:aws:iam::aws:policy/AmazonDynamoDBFullAccess
arn:aws:iam::aws:policy/IAMFullAccess
arn:aws:iam::aws:policy/AmazonRoute53FullAccess
arn:aws:iam::aws:policy/AWSCertificateManagerFullAccess
arn:aws:iam::aws:policy/AmazonRDSFullAccess
arn:aws:iam::aws:policy/AmazonEC2FullAccess
arn:aws:iam::aws:policy/AmazonECS_FullAccess
arn:aws:iam::aws:policy/CloudWatchFullAccess
arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryFullAccess
export PROJECT_NAME=your_project_name_here
aws --profile $PROJECT_NAME configure
Save the below function into your terminal to easily load an AWS profile in a terminal instance (optional):
awsprofile() { export AWS_ACCESS_KEY_ID=$(aws --profile $1 configure get aws_access_key_id) && export AWS_SECRET_ACCESS_KEY=$(aws --profile $1 configure get aws_secret_access_key); }
awsprofile $PROJECT_NAME
You can use any naming norm for your S3 bucket, as long as you update the backend bucket name configuration in providers.tf
accordingly.
export BUCKET_NAME=com.laravelaws.tf.$PROJECT_NAME
aws s3 mb s3://$BUCKET_NAME
aws s3api put-bucket-encryption --bucket $BUCKET_NAME --server-side-encryption-configuration '{ "Rules": [ { "ApplyServerSideEncryptionByDefault": { "SSEAlgorithm": "AES256" } } ] }'
aws s3api put-public-access-block --bucket $BUCKET_NAME --public-access-block-configuration BlockPublicAcls=true,IgnorePublicAcls=true,BlockPublicPolicy=true,RestrictPublicBuckets=true
aws s3api put-bucket-versioning --bucket $BUCKET_NAME --versioning-configuration MFADelete=Disabled,Status=Enabled
aws dynamodb create-table --region eu-west-2 --table-name terraform_locks --attribute-definitions AttributeName=LockID,AttributeType=S --key-schema AttributeName=LockID,KeyType=HASH --provisioned-throughput ReadCapacityUnits=1,WriteCapacityUnits=1
Download this Terraform project as a subfolder in your Laravel project:
cd my_laravel_project
git clone [email protected]:li0nel/laravel-on-fargate.git terraform
cd terraform
export TF_VAR_project_name=$PROJECT_NAME
terraform init -backend-config="bucket=$BUCKET_NAME"
// If you don't have one in Route53 already, create a Hosted Zone for your domain
aws route53 create-hosted-zone --name YOUR_DOMAIN --caller-reference "$(date)"
terraform apply
eval $(aws ecr get-login --registry-ids $(terraform output account_id) --no-include-email)
docker build .. --tag $(terraform output ecr_laravel_repository_uri) && docker push $(terraform output ecr_laravel_repository_uri)
docker build .. -f Dockerfile-nginx --tag $(terraform output ecr_nginx_repository_uri) && docker push $(terraform output ecr_nginx_repository_uri)
SSH tunnelling into the database through the EC2 bastion (optional - only to access the database manually)
aws ec2 run-instances --image-id $(terraform output ec2_ami_id) --count 1 --instance-type t2.micro --key-name $(terraform output ec2_key_name) --security-group-ids $(terraform output ec2_security_group_id) --subnet-id $(terraform output ec2_public_subnet_id) --associate-public-ip-address | grep InstanceId
aws ec2 describe-instances --instance-ids xxxx | grep PublicIpAddress
ssh ubuntu@xxxxx -i $(terraform output ec2_ssh_key_path) -L 3306:$(terraform output aurora_endpoint):3306
Then connect using your favourite MySQL client
mysql -u$(terraform output aurora_db_username) -p$(terraform output aurora_master_password) -h 127.0.0.1 -D $(terraform output aurora_db_name)
aws ec2 terminate-instances --instance-ids xxxx
cd my_laravel_project
curl https://raw.githubusercontent.com/li0nel/laravel-on-fargate/master/Dockerfile > Dockerfile
curl https://raw.githubusercontent.com/li0nel/laravel-on-fargate/master/Dockerfile-nginx > Dockerfile-nginx
cd my_laravel_project
curl https://raw.githubusercontent.com/li0nel/laravel-on-fargate/master/bitbucket-pipelines.yml > bitbucket-pipelines.yml
Then setup the following variables in your BitBucket project's Settings > Pipelines > Repository variables
from the Terraform output values
AWS_ACCOUNT_ID
ECR_LARAVEL_URI_*
ECR_NGINX_URI_*
AWS_ACCESS_KEY_ID_*
AWS_SECRET_ACCESS_KEY_*
AWS_REGION
ECS_TASK_DEFINITION
ECS_CLUSTER_NAME_*
ECS_SERVICE_NAME_*
... where * is each of PRODUCTION
and STAGING
That's it.
On the next commit to master, BitBucket Pipelines will build and deploy your Laravel project to your Fargate cluster!
// TODO workers and cron