Rails AWS Starter Application
A starter Rails app for Code for America products that includes out-of-the-box configuration for the following:
- Postgres as database
- Rspec for tests
- GCF styleguide
- Terraform script for creating deployment environment
- CircleCI config with deployment pipeline (staging, demo, production environments)
Currently a work-in-progress.
Initial Setup
First deploy
-
Create a new key pair locally (
ssh-keygen -t rsa -b 4096 -C "[email protected]"
). Safely store the keyfiles, and runchmod 400 my-key-pair
on the private key so that only you can read it. Add the generated public key (e.g.my-key-pair.pub
) to the varfile aspublic_key
. -
Initialize the terraform backend and apply the initial configuration (default name is
rails-aws-starter-sandbox
). -
Upon initial creation, enable access to the Bastion instance for each user that requires SSH access:
-
Generate a new key pair (either locally or in AWS console) for each additional user that requires SSH access. Safely store the keyfiles, and run
chmod 400 my-key-pair
on the private key so that only you can read it. Add name and public key information for each user, including the initially generated key, toadduser.sh
. Commit and push the script before running aneb deploy
below, as the public keys will be added to the application instances at that time. -
Use these private key generated in step one as credentials and run the bastion setup script with:
./bastion_setup.sh <ip address>
, which creates individual user accounts and sets up logging to CloudWatch from the bastion.
-
-
Install the Elastic Beanstalk CLI (
brew update && brew install awsebcli
) and configure with your AWS credentials. -
Initialize Elastic Beanstalk
eb init --region <preferred-region>
and choose the environment created above (rails-aws-starter-sandbox
). For region, this sample app usesus-east-1
. -
Deploy the application by running
eb deploy rails-aws-starter-sandbox
.
First deploy (all environments, with promotion pipeline)
Our CircleCI config details three environments: staging, promotion, and production. To create these environments for use with CircleCI, you can use the script and steps detailed above—you'll just have to do the following for each environment:
-
Create a separate AWS account (e.g. using
[email protected]
,[email protected]
,[email protected]
) -
Complete the [first deploy] steps for each environment
Once the deployment environments are all in place, update the CircleCI config as detailed below, and trigger a build.
CircleCI
We use CircleCI to run tests and deploy to our various environments, by running the following tasks:
- Install dependencies
- In parallel:
- Run checks (i.e. bundle-audit)
- Run tests
- Deploy to staging environment
- Approving for deploy to production
- In parallel:
- Tag the release and push to Github
- Deploy to production environment
- Deploy to demo environment
In order to set up the above functionality, you'll need to configure the following:
- Replace each
APP_ENV_NAME
value (i.e. for staging, demo, and production) with the appropriate AWS environment name e.g.becomesenvironment: APP_ENV_NAME: REPLACE_ME
environment: APP_ENV_NAME: rails-starter-staging
- Add the SSH key fingerprint for the read/write deploy key that was added to AWS at the following location:
- add_ssh_keys: fingerprints: - "REPLACE ME: READ/WRITE DEPLOY KEY FINGERPRINT"
To SSH to the EC2 instance via the bastion host
Add your credentials to your local SSH agent by running ssh-add <key>
. SSH to the instance by proxying through the Bastion by running: ssh -o ProxyCommand='ssh -W %h:%p <username>@<bastion public ip>' <username>@<instance private ip>
Contributing
Bug reports and pull requests are welcome on GitHub at https://github.com/codeforamerica/rails-aws-starter. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the Contributor Covenant code of conduct.
License
The application is available as open source under the terms of the MIT License.
Code of Conduct
Everyone interacting in the Rails AWS Starter project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the code of conduct.