AWS Elastic Beanstalk
1. Introduction
To deploy your existing web application, create an application source bundle and then create a new application.
64bit Debian jessie v2.1.6 running GlassFish 4.1 Java 8 (Preconfigured - Docker)
2. Environments [DEV, INT, HOM, UAT, PRE, PRO]
http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/using-features.managing.html
Configuration changes are processed separately from deployments, and have their own scope.
3. Deployment
http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/using-features.rolling-version-deploy.html
App > Environment > Updates and Deployments
-Application Deployments
Deployment policy: Rolling with additional batch
Batch type: Percentage
Batch size: 50
-Configuration Updates
Rolling update type: Rolling based on Health
4. Networking
http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/concepts.concepts.design.html
5. Logs
TBD Software Configuration > Log publication
*Monitoring
Use Amazon CloudWatch to get more visibility into the health of your Elastic Beanstalk application and take appropriate actions in case of hardware failure or performance degradation.
*Scaling
Configure your Auto Scaling settings to maintain your fleet of Amazon EC2 instances at a fixed size so that unhealthy Amazon EC2 instances are replaced by new ones.
8. Security
Creating, uploading, and assigning an SSL certificate to your environment, see Configuring HTTPS for your Elastic Beanstalk Environment
8.1 HTTPS
Since the WS is only used internally among back-end pieces of software of the same project, we do not need a public certificate but instead let's use an Amazon generated one at the load balancer level.
-The Amazon Certificate Manager tool is used for requesting a new wildcard certificate (that needs to be approved by an admin) for using it in our Amazon load balancer:
*.cross.mydomain.com
-The Amazon Route 53 tools is used for creating a DNS alias that we will link to our environment hostname:
zuora-cross-bizws-int.cross.mydomain.com TYPE A ALIAS zuora-cross-bizws-int.wielkopolska.elasticbeanstalk.com
-The Amazon Beanstalk tool allows access to the load balancer configuration:
App > Environment > Load Balancing
Load Balancer
Listener port: OFF
Secure listener port: 443
Protocol: HTTPS
SSL certificate ID: *.cross.mydomain.com
Connection Draining
Connection draining: [✓] Enable connection draining.
8.1 TLS >= 1.2
Amazon Beanstalk load balancer has TLS 1.0 and TLS 1.1 activated by default. For changing the configuration, let's go to the EC2 tool, load balancers:
Choose the load balancer and click button Actions > Edit listeners
Click 'Change' in ciphers and deactivate any SSL protocol older than Protocol-TLSv1.2
9. Storage
http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/concepts.concepts.design.html
10. Backups
If you are using Amazon RDS, then set the retention period for backups, so that Amazon RDS can perform automated backups.
11. Updates and patching
Elastic Beanstalk does not upgrade running environments to new configuration versions automatically, but you can initiate a platform upgrade to update your running environment in place. Platform upgrades use rolling updates to keep your application available by applying changes in batches.
App > Environment > Health
-Application Health Check
Application health check URL: /zuora-cross-bizws/2.0?wsdl
-Health Reporting
System Type: Enhanced
App > Environment > Managed Updates
[x]Enable managed updates
Windows start: Every Monday starting at 04:10 UTC
Update level: Minor and patch
Instance replacement: [x]If enabled, an instance replacement will be scheduled if no other updates are available.
88. SSH access
Create the key pairs (.pem file) in the EC2 instance corresponding to the Beanstalk one.
In the Beanstalk instance, configure the keys generated in EC2.
Use a SSH client to login to the EC2 instance (using the host name of the EC2 instance; no the Beanstalk one).
Once logged-in into EC2, access docker:
[root@ip-333-44-5-66 ec2-user]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
0c4101j013ab 250000555527 "/glassfish-start.sh" 27 minutes ago Up 27 minutes 4848/tcp, 8080/tcp, 8181/tcp goofy_bassi
[root@ip-333-44-5-66 ec2-user]# docker exec -it goofy_bassi bash
Once in docker, the glassfish installation is available, with its logs, etc.
99. References and resources
Developer resources produced by the AWS community are at http://aws.amazon.com/resources/
AWS Elastic Beanstalk Documentation > https://aws.amazon.com/documentation/elastic-beanstalk/
GlashFish Samples > https://glassfish-samples.java.net/