Build

Project utilizes registry modules to build infrastructure

Register project modules

• AWS VPC
• AWS RDS AURORA
• AWS EC2

⚠️ Terraform state is is stored in s3 bucket

Install terraform

• Download terraform from here.
• Unzip downloaded file
• Move unzip file sudo mv terraform /usr/local/bin/

Terraform state in s3

We need to create a bucket where terraform state will be stored and dynamo db to add state locking feature

• cd ./remote
• terraform init
• terraform plan
• terraform apply

Bucket and dynamodb should be created. Now use bucket name and dynamo db name at project backend.tf.

Service to setup from AWS dashboard

Services is to be created from AWS dashboard and configured in main.ts

• Create a IAM role
• Create a Key Pair
• Ensure SSL Certificate

Setting aws credentials

$ export AWS_ACCESS_KEY_ID="<ACCESS_KEY_ID>"
$ export AWS_SECRET_ACCESS_KEY="<SECRET_ACCESS_KEY>"
$ export AWS_DEFAULT_REGION="<DEFAULT_REGION>"

Terraform

Use these command from individual component located at their environment.

If no S3BucketFound error is shown remove rm -rf ./terraform

[Note: Please configure IAM role, key_pair at <env>/services/[back|front]-end/ec2.tf and ssl_certificate at <env>/services/[back|front]-end/alb.tf]

$ terraform init
$ terraform plan
$ terraform apply

Checklist

Necessary packeges

• Execute install.shto install necessary package and ruby

SSH hardening

• Change default ports also security group ports
• Enable Verbose Logging LogLevel VERBOSE
• Disable root access PermitRootLogin no
• Disconnet Idle session ClientAliveInterval 300 ClientAliveCountMax 0
• Disable Password Authentication PasswordAuthentication no

OS hardening

• Delete unwanted users deluser --remove-home <username>
• Remove unwanted packages apt autoremove --purge

Code base

• Configure ssh-kekgen in new user created
• Add public key of users in .ssh/authrozied_keys
• Clone projecs repo to server