Skip to content

AWS

IAM

  • On peut directement attacher un rôle à un compte sans passer par un groupe (c'est la 3e case à cliquer)
  • On peut utiliser des "modèles de stratégie" (Policy Templates) pour éviter d'ajouter tout un par un
  • Il y a une autorisation administrator
  • Programmatic access must be enabled for IAC tools

EC2

Pour trouver le bon user ssh :

type ssh user
ubuntu ubuntu
amazon linux ec2-user

Il faut aussi changer le groupe de sécurité et autoriser le ssh sinon cha marche po

RDS

Pour savoir quel type d'engine mettre.... (utile pour terraform...)

engine rds api name prereq
postgresql postgres 20G, db.t2.small
mysql mys n/a

ECS

Principle: "We run a Task in a Cluster and expose a Service"

Task: container, ports, memor / CPU limits Service: like a K8S service

EC2 launch type

A classic ECS node contains: a EC2 instance with ECS agent + docker installed. It means that you need to provision a EC2 server.

Fargate launch type

Fargate is another way of hosting containers (instead of using plain EC2 instances). No backend provisioning is required.

The "only thing" to change is the launchType parameter in the Service

Fargate limitations

Fargate only supports awsvpc mode. It means that your containerPort must be always equal to hostPort in the Task Definition. If you need to expose the same containerPort in multiple protocols (say UDP and TCP), Fargate won't allow it.

Even with this 2020 update, it won't work if the udp & tcp ports are the same.

Example code here: openttd-server/ecs-fargate-fail

Elastic Load Balancer

Two types are available: ALB (HTTP only, for web applications) or NLB/LB (standard network layer mode)

Listener: a process listening for incoming connections