AWS
IAM
- On peut directement attacher un rôle à un compte sans passer par un groupe (c'est la 3e case à cliquer)
- On peut utiliser des "modèles de stratégie" (Policy Templates) pour éviter d'ajouter tout un par un
- Il y a une autorisation administrator
Programmatic
access must be enabled for IAC tools
EC2
Pour trouver le bon user ssh :
type | ssh user |
---|---|
ubuntu | ubuntu |
amazon linux | ec2-user |
Il faut aussi changer le groupe de sécurité et autoriser le ssh sinon cha marche po
RDS
Pour savoir quel type d'engine mettre.... (utile pour terraform...)
engine | rds api name | prereq |
---|---|---|
postgresql | postgres | 20G, db.t2.small |
mysql | mys | n/a |
ECS
Principle: "We run a Task in a Cluster and expose a Service"
Task: container, ports, memor / CPU limits Service: like a K8S service
EC2 launch type
A classic ECS node contains: a EC2 instance with ECS agent + docker installed. It means that you need to provision a EC2 server.
Fargate launch type
Fargate is another way of hosting containers (instead of using plain EC2 instances). No backend provisioning is required.
The "only thing" to change is the launchType
parameter in the Service
Fargate limitations
Fargate only supports awsvpc
mode. It means that your containerPort
must be always equal to hostPort
in the Task Definition. If you need to expose the same containerPort in multiple protocols (say UDP and TCP), Fargate won't allow it.
Even with this 2020 update, it won't work if the udp & tcp ports are the same.
Example code here: openttd-server/ecs-fargate-fail
Elastic Load Balancer
Two types are available: ALB (HTTP only, for web applications) or NLB/LB (standard network layer mode)
Listener: a process listening for incoming connections