AWS Elastic Beanstalk

1. Introduction

To deploy your existing web application, create an application source bundle and then create a new application.

64bit Debian jessie v2.1.6 running GlassFish 4.1 Java 8 (Preconfigured - Docker)

2. Environments [DEV, INT, HOM, UAT, PRE, PRO]

http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/using-features.managing.html

Configuration changes are processed separately from deployments, and have their own scope.

3. Deployment

http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/using-features.rolling-version-deploy.html

App > Environment > Updates and Deployments

-Application Deployments

Deployment policy: Rolling with additional batch

Batch type: Percentage

Batch size: 50

-Configuration Updates

Rolling update type: Rolling based on Health

4. Networking

http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/concepts.concepts.design.html

5. Logs

TBD Software Configuration > Log publication

*Monitoring

Use Amazon CloudWatch to get more visibility into the health of your Elastic Beanstalk application and take appropriate actions in case of hardware failure or performance degradation.

*Scaling

Configure your Auto Scaling settings to maintain your fleet of Amazon EC2 instances at a fixed size so that unhealthy Amazon EC2 instances are replaced by new ones.

8. Security

Creating, uploading, and assigning an SSL certificate to your environment, see Configuring HTTPS for your Elastic Beanstalk Environment

8.1 HTTPS

Since the WS is only used internally among back-end pieces of software of the same project, we do not need a public certificate but instead let's use an Amazon generated one at the load balancer level.

-The Amazon Certificate Manager tool is used for requesting a new wildcard certificate (that needs to be approved by an admin) for using it in our Amazon load balancer:

*.cross.mydomain.com

-The Amazon Route 53 tools is used for creating a DNS alias that we will link to our environment hostname:

zuora-cross-bizws-int.cross.mydomain.com TYPE A ALIAS zuora-cross-bizws-int.wielkopolska.elasticbeanstalk.com

-The Amazon Beanstalk tool allows access to the load balancer configuration:

App > Environment > Load Balancing

Load Balancer

Listener port: OFF

Secure listener port: 443

Protocol: HTTPS

SSL certificate ID: *.cross.mydomain.com

Connection Draining

Connection draining: [✓] Enable connection draining.

8.1 TLS >= 1.2

Amazon Beanstalk load balancer has TLS 1.0 and TLS 1.1 activated by default. For changing the configuration, let's go to the EC2 tool, load balancers:

Choose the load balancer and click button Actions > Edit listeners

Click 'Change' in ciphers and deactivate any SSL protocol older than Protocol-TLSv1.2

9. Storage

http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/concepts.concepts.design.html

10. Backups

If you are using Amazon RDS, then set the retention period for backups, so that Amazon RDS can perform automated backups.

11. Updates and patching

Elastic Beanstalk does not upgrade running environments to new configuration versions automatically, but you can initiate a platform upgrade to update your running environment in place. Platform upgrades use rolling updates to keep your application available by applying changes in batches.

App > Environment > Health

-Application Health Check

Application health check URL: /zuora-cross-bizws/2.0?wsdl

-Health Reporting

System Type: Enhanced

App > Environment > Managed Updates

[x]Enable managed updates

Windows start: Every Monday starting at 04:10 UTC

Update level: Minor and patch

Instance replacement: [x]If enabled, an instance replacement will be scheduled if no other updates are available.

88. SSH access

Create the key pairs (.pem file) in the EC2 instance corresponding to the Beanstalk one.

In the Beanstalk instance, configure the keys generated in EC2.

Use a SSH client to login to the EC2 instance (using the host name of the EC2 instance; no the Beanstalk one).

Once logged-in into EC2, access docker:

[root@ip-333-44-5-66 ec2-user]# docker ps

CONTAINER ID        IMAGE               COMMAND                 CREATED             STATUS              PORTS                          NAMES

0c4101j013ab        250000555527        "/glassfish-start.sh"   27 minutes ago      Up 27 minutes       4848/tcp, 8080/tcp, 8181/tcp   goofy_bassi

[root@ip-333-44-5-66 ec2-user]# docker exec -it goofy_bassi bash

Once in docker, the glassfish installation is available, with its logs, etc.

99. References and resources

Developer resources produced by the AWS community are at http://aws.amazon.com/resources/

AWS Elastic Beanstalk Documentation > https://aws.amazon.com/documentation/elastic-beanstalk/

GlashFish Samples > https://glassfish-samples.java.net/