From building to deploying Ruby on Jets in docker-compose environment <Part 2>
Overview
In the previous article, I wrote about creating a local environment for Ruby on Jets.
From building to deploying Ruby on Jets in docker-compose environment <Part 1>
This time I would like to summarize up to the point of actually deploying.
Prepare the user
Create an IAM user from the console and get the credentials.
https://console.aws.amazon.com/iam/home#/users
Check "Programmatic access" because it is a user only for deploying this time.
To create a policy, press the tab called "JSON" and paste the json described below.
Json for policy setting
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"apigateway:*",
"cloudformation:*",
"dynamodb:*",
"events:*",
"iam:*",
"lambda:*",
"logs:*",
"route53:*",
"s3:*"
],
"Resource": [
"*"
]
}
]
}
Full action allowed for convenience.
If you want to minimize your IAM policy from a security perspective
Please refer to the following page and set the policy for the IAM user for deployment.
(I set it to the minimum.)
https://rubyonjets.com/docs/extras/minimal-deploy-iam/
Although it was not listed in the official document at this time, I think that it is necessary to add the following description in order to set VPC (or rather, in the VPC setting written in application.rb The deployment has failed.)
#Added to Statement
{
"Version": "2012-10-17",
"Statement": [
{
Omission
},
{
"Effect": "Allow",
"Action": [
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs"
],
"Resource": [
"*"
]
}
]
}
I won't explain it here, but the caveat is that this IAM policy is different from the IAM policy you set for the function role. You can attach an IAM policy to a function role in config/application.rb. I will write that as well when I feel like it.
Enter a name of your choice to create the policy.
After this, create a user with your favorite settings.
Set credential locally
Go to the IAM user screen created in the IAM console and create an access key and secret key from the "Credentials" tab.
Set the obtained two keys in ~/.aws/credentials and ~/.aws/config referring to the following.
https://rubyonjets.com/docs/deploy/
~/.aws/credentials:
[default]
aws_access_key_id=<access key>
aws_secret_access_key=<Secret key>
~/.aws/config:
[default]
region=<region>
output=json
Deploy execution
Use the command jets deploy to deploy. By the way, cloud formation is running behind the scenes.
Deploy as is from the docker container.
By the way, aws-cli is in the container in the Dockerfile described in ①.
(The settings of Dockerfile and docker-compose.yml are posted in ①)
Since the environment variables of the container are managed by .env.container, ENV is described here.
# .env.container
JETS_ENV = production
Next, describe environment variables for use in the function, such as DB information, in .env.production.remote.
(.env.development is for local, .env.development.remote is for remote, as well as staging and prod)
# .env.production.remote
#Describe DB information etc.
All you have to do is deploy!
$ docker-compose run --rm app bundle exec jets deploy
If you can see the application deployed from the lambda console, you're done!
https://ap-northeast-1.console.aws.amazon.com/lambda/home?region=ap-northeast-1#/applications
Create staging environment
With jets, you can easily create another environment with the environment variable JETS_ENV described earlier.
Try setting it in .env etc. as follows
# .env.container
JETS_ENV=staging
Deploy as before
At this time, write the environment variables of the function in .env.staging.remote.
$ docker-compose run --rm app bundle exec jets deploy
If you want to change the environment, you only need to change the value of JETS_ENV, so you can also build CI/CD.
All you have to do is switch the environment variables!
Application removal
You can delete all the resources that depend on the application with the following command
Be careful when handling
$ docker-compose run --rm app bundle exec jets delete
https://rubyonjets.com/reference/jets-delete/
Summary
I still have a lot of things I want to write, but for the time being, I'm about to deploy
I was able to go! !!
I would like to continue to communicate what I noticed and what I was stuck with.
Recommended Posts