[RUBY] Deployment procedure on AWS ① Network environment settings

I will write a deployment procedure using AWS, which is difficult for beginners

AWS has a lot of UI changes, so I am writing in the current one (2019/10), (AWS has a UI that changes frequently, so it may look a little different depending on the version ...)

• If you do not have an account, please apply for a new one first.

Contents this time [** STEP1 Network environment settings **](https://qiita.com/tksh8/items/9a8e88a777a3a4ee7a09#step1-%E3%83%8D%E3%83%83%E3%83%88%E3%83% AF% E3% 83% BC% E3% 82% AF% E7% 92% B0% E5% A2% 83% E8% A8% AD% E5% AE% 9A)

1. Creating a VPC
2. Create subnet
3. Create an internet gateway
4. Creating a route table
5. Linking with subnets
6. Create a security group

[** STEP2 EC2 settings **] (https://qiita.com/tksh8/items/9a8e88a777a3a4ee7a09#step2-ec2%E3%81%AE%E8%A8%AD%E5%AE%9A)

1. Create an instance on EC2
2. Elastic IP assignment
3. SSH into your instance

Next time content [** STEP3 or later Steps to deploy on AWS ② Server (EC2 instance) environment settings **] (https://qiita.com/tksh8/items/3d2f2eeaf0e8de291b6d)

* The server here is an AWS EC2 instance (Amazon Linux).

STEP1 Network environment settings

1. Creating a VPC

VPC (a private virtual network that is logically separated on the AWS cloud)

https://aws.amazon.com/ Sign in with Amazon Web Services

Set the region in the header to Tokyo and Search for "VPC" and go to "VPC"

Click [Create VPC] from VPC in the side menu.

Because it will be a creation screen This time, set as below and click [Create].

・ Name tag:testVPC
-IPv4 CIDR block:10.0.0.0/16
-IPv4 CIDR block:No block
・ Tenancy:Default

2. Create subnet

A subnet is a group of networks that initially divides the CIDR block created by the VPC.

This subnet is configured to create two subnets for placing [RDS].

Click [Create Subnet] from the subnet in the side menu.

Because it will be a creation screen Set as below and press [Create]

・ Name tag:testSubnet
・ VPC:Select the one you created earlier
・ Availability zone:ap-northeast-1a
・ CIDR block:10.0.0.0/24

Create another one in the same way

・ Name tag:testSubnet2
・ VPC:Select the one you created earlier
・ Availability zone:ap-northeast-1c
・ CIDR block:10.0.1.0/24

3. Create an internet gateway

What is an internet gateway (a gateway required to communicate with the internet)

From the internet gateway on the side menu Click [Create Internet Gateway]

Because it will be a creation screen Set as below and press [Create]

Name tag:testGateway

Press [Action], and then press [Attach to VPC].

Set as below and press [Attach]

VPC:Select the one you created earlier

4. Creating a route table

The route table (which defines the rules for where the instances in the subnet go to communication)

Press [Create Route Table] from the route table in the side menu.

Because it will be a creation screen Set as below and press [Create]

Name tag:testTable
VPC:Select the one you created earlier

With the created route table selected Click the tabs "Route"> "Edit Route" below, and press [Add Route].

Set as below and press [Save Rule]

Destination:0.0.0.0/0
target:Select Internet Gateway and select the gateway ID you created earlier

5. Linking with subnets

A subnet is a group of networks that initially divides the CIDR block created by the VPC.

→ Select "Subnet" on the left
→ Select the subnet whose association you want to change
→ Select the route table at the bottom of the screen
→[Editing route table associations]Press

→ Select the route table ID created earlier
→[Save]Press

6. Create a security group

A security group is a virtual firewall that summarizes security rules.

Side menu From Security> Security Group> Click [Create Security Group]

Set as below and press [Create]

Security group name:testSecurityGroup
Description:そのセキュリティグループのDescription
VPC:Select the one you created earlier

Click [Edit Rule] of the inbound rule at the bottom of the screen, and then click [Add Rule]. Set as below and press [Save Rule]

type:SSH
Source:My IP

STEP2 EC2 settings

If you want to use DB on AWS

-Create an instance on EC2
・ Use RDS
* However, if you use RDS, you will be charged, so
If you do not use it, create the database directly on the server.

There are two types of methods. This time Create an instance on EC2 (create a database directly on the server) I will mainly do

1. Create an instance on EC2

If the instance remains up You will be charged, so if you do not use it It is recommended to put it in a stopped state

Search and access "EC2" in the AWS Management Console

Click [Create Instance] from the instance in the side menu.

Click here this time

Click Next Steps: Set Instance Details

Set the following and click [Next step: Add storage]

Network: Select the VPC you just created
Subnet: Select the subnet you just created
Auto-assign public IP: Enabled
Others remain default

Keep the default and click [Next step: Add tag]

Add a tag

Click [Add Tag]

Key: Name
Value: testInstance

Click [Next Step: Security Group Settings]

Security group settings

Security Group Assignment: Existing Select it, select the security group you just created, Click [Confirm and Create]

Since it will be a list screen Finally, click [Start]

It will be displayed as below Choose to create a new key pair, Enter the key pair name and Click [Download Key Pair] (Note that once the file is created, it cannot be downloaded again.)

After downloading, click [Create Instance]

An instance will be created after a while !!

2. Elastic IP assignment

Side menu Network & Security> Press Elastic IP [Assign New Address]

Click [Assign]

Return with [Close]

Click [Action]> Address Association

Select the instance you created earlier and press [Associate].

• If you leave the Elastic IP associated with the stopped instance, a small fee will be charged. If you have stopped the instance, we recommend releasing it.

There is no charge as long as the instance to which the Elastic IP is attached (associates) is running. However, if your instance is "down" or you are not using Elastic IP, you will be charged. Therefore, you should delete the Elastic IPs that you do not use.

If the Elastic IP is still attached to your instance, select it from the Elastic IPs and click Actions → Disassociate Address. A confirmation screen will be displayed. If there is no mistake, click "Disassociate Address" and detach the EIP.

After that, select the relevant IP again and click "Action"-> "Release Address" to delete the EIP. Now you will not be charged.

The setting on the AWS side is completed once

3. SSH into your instance

Open a terminal on your PC

Various installation

python

$ brew install python

pip (python package management system)

$ easy_install pip

awscli (for handling aws from the console of the PC)

$ pip install awscli

Click here if you can't https://docs.aws.amazon.com/ja_jp/cli/latest/userguide/install-macos.html

Log in to your instance with ec2-user

On AWS As a user who can log in to your EC2 instance A user named ec2-user is provided by default Here, first log in as ec2-user

I will put the following in the terminal (* TestKey.pem is the key downloaded in STEP2 earlier)

$ mv Downloads/testKey.pem .ssh/
(#Move the created public key to the ssh folder)

$ cd .ssh/
(#Move directory to ssh)

$ chmod 600 testKey.pem
(#Grant the access right defined by No. 600 to the public key)

$ ssh -i testKey.pem ec2-user@(@For the following URLs, use the Elastic IP associated with the created EC2 instance.)
(#Ec2 using public key-Login as user)

Example:
($ ssh -i testKey.pem [email protected])

I'm asked yes / no

Press Enter with yes

You have successfully logged in! !! !!

※ ssh port 22 Operation timed out Click here if an error occurs https://qiita.com/yokoto/items/338bd80262d9eefb152e

https://qiita.com/minicoopers0716/items/cac50f29ef79a03f1d8d

User creation (operation on EC2)

While logged in to the instance as described above

[ec2-user|~]$ sudo adduser testuser
(#Register new user name)
[ec2-user|~]$ sudo passwd testuser
(#Password registration for new user name)


Register password

Write to add permissions to users with vim

$ sudo visudo

Go to vim mode

## Allows people in group wheel to run all commands
# %wheel        ALL=(ALL)       ALL

## Same thing without a password
# %wheel  ALL=(ALL)       NOPASSWD: ALL

## Allows members of the users group to mount and unmount the
## cdrom as root
# %users  ALL=/sbin/mount /mnt/cdrom, /sbin/umount /mnt/cdrom

## Allows members of the users group to shutdown this system
# %users  localhost=/sbin/shutdown -h now

In search mode below Look for "wheel" (Enter "/ wheel" on the keyboard and press it, then press "N" to go next)

## Same thing without a password
# %wheel  ALL=(ALL)       NOPASSWD: ALL

Press "i" on the keyboard to enter edit mode

# %wheel ALL=(ALL) NOPASSWD: ALL Uncomment

## Same thing without a password
%wheel  ALL=(ALL)       NOPASSWD: ALL

further

Next, the description to add authority to the created user as shown below
testuser   ALL=(ALL)       ALL 　
Add

## Allow root to run any commands anywhere
root    ALL=(ALL)       ALL
testuser   ALL=(ALL)       ALL

Press "esc" on the keyboard Type ": wq" and press Enter to save

Please switch users here.

[ec2-user|~]$ sudo su - testuser
(#Switch user name)
[testuser@ ~]

It's OK if [ec2-user | switches to testuser (created user name) safely.

exit

Twice Log out once with

Create key pair for additional users

This is a local work

$ cd .ssh
[.ssh]$ ssh-keygen -t rsa
(#Create public key)
-----------------------------
Enter file in which to save the key ():
(#Enter the name of the file here and press enter)
test_key_rsa 

Enter passphrase (empty for no passphrase): 
(#Enter as it is without doing anything)
Enter same passphrase again: 
(#Enter as it is without doing anything)
-----------------------------

[.ssh]$ ls
#「test_key_rsa "and" test_key_rsa.Confirm that "pub" has been generated
[.ssh]$ vi config
(#Start VIM and edit the configuration file)
-----------------------------

Press "i" on the keyboard to enter edit mode

#Add the following
Host test_key_rsa
Hostname Elastic IP mentioned above(#According to your settings)
  Port 22
  User testuser (#Username)
  IdentityFile ~/.ssh/test_key_rsa (#Private key setting)
*Delete the () part.
-----------------------------
Press "esc" on the keyboard
「:Save with "wq"

[.ssh]$ cat test_key_rsa.pub　(#Output the contents of the key on the terminal)

★ ssh-rsa~~~~Copy up to local

Server-side work

Next is the work on the server Log in as ec2-user

$ cd .ssh
$ ssh -i testKey.pem ec2-user@(@For the following URLs, use the Elastic IP associated with the created EC2 instance.)
[ec2-user|~]$ sudo su - testuser
[testuser@ ~]$ mkdir .ssh
[testuser@ ~]$ chmod 700 .ssh
[testuser@ ~]$ cd .ssh
[testuser@ |.ssh~]$ vi authorized_keys

(Since vim opens, press "i" and
I just copied the ssh with ★-paste rsa)
Press "esc" on the keyboard
「:Save with "wq"

[testuser@ |.ssh~]$ chmod 600 authorized_keys

$ exit
once again
$ exit
Log out

[~]$ ssh test_key_rsa

If you can log in, the user settings are completed.

In addition, you may not be able to log in locally over time, so in that case,
Security group>Inbound>In editing
With SSH source
Select My IP[Save]Then you will be able to connect

Click here for more [** Procedure to deploy on AWS (2) Server (EC2 instance) environment settings **] (https://qiita.com/tksh8/items/3d2f2eeaf0e8de291b6d)