AWS settings for blockscout-terraform deployment

wiki

#1

AWS

You will need to use a pre-existing AWS account with a robust VPC setup. This account requires full access to all AWS services, as a wide variety of services are used, a mostly complete list is as follows:

  • VPCs and associated networking resources (subnets, routing tables, etc.)
  • Security Groups
  • EC2
  • S3
  • SSM
  • DynamoDB
  • Route53
  • RDS
  • ElastiCache
  • CodeDeploy

Given the large number of services involved, and the unpredictability of which specific API calls will be needed during provisioning, it is recommended that you provide a user account with full access. You do not need to keep this user around (or enabled) except during the initial provisioning, and any subsequent runs to update the infrastructure. How you choose to handle this user is up to you.

TOC

Creating a secret key pair

An access key is needed to utilize the aws cli

  1. Go to MyAccount -> My Security Credentials

  2. Click Continue to Security Credentials

  3. Select Access keys

  4. Click on Create New Access Key

  5. Download the Key File, it will include:

  1. View your created key.

Login with AWS CLI

use aws configure in the cli to connect your account for Terraform deployment. You will be prompted to enter the following.

  • AWS Access Key ID: <your access key id (see creating a secret key pair above)>
  • AWS Secret Access Key: <secret access key((see creating a secret key pair above)>
  • Default region name: us-east-1 Use this, as Terraform has known issues with other regions
  • Default output format: json

Creating an AWS certificate for SSL

You can choose whether or not to use SSL in your deployment.

  • If you do not want to use SSL, you can disable by adding the use_ssl = "false" parameter to the terraform.tfvars file.
  • Otherwise, you will need to get an ssl certificate.
  1. Go to https://console.aws.amazon.com/acm/. Select provision certificates and click on get started:

  2. Request a Public Certificate.

  3. Add in a domain you have access to, it does not need to be the same domain for deployment - as long as it’s a valid ARN on your account it will pass verification.

  4. Choose your validation method. Click Review.

  5. Review your choices, click Confirm and Request.

  6. Confirm domain

  1. In the certificate manager, click on the domain name to view the certificate details. Copy and paste your ARN into the alb_certificate_arn field in the terraform.tfvars file .

Manual cleaning up of Terraform related instances in AWS

AWS cleaning resources

In order to completely manually remove Terraform deployment from AWS you need to clear all related instances in the next sections:

  • S3
  • RDS
  • CodeDeploy
  • Route 53
  • DynamoDB
  • VPC

Removing of S3 buckets

  1. Go to S3 section S3_1
  2. Find related buckets created by Terraform one by one. They all will be prefixed with ${prefix} from Terraform config file. Select bucket and click Delete button. Confirm the deletion.

Removing of CodeDeploy application

  1. Go to CodeDeploy section CodeDeploy_1
  2. Remove an application. Select Applications section in the left menu. Click an application in the list (related to Terraform deployment), in the appeared screen of application click Delete Application button. Confirm the deletion.


Removing of DynamoDB instance

  1. Go to DynamoDB section DynamoDB_1
  2. Remove all related DynamoDBs. Select Tables section in the left menu, select all related databases (usually it should be 1 database for deployment). Select database, click Delete Table button. Confirm the deletion.

Removing of DNS (Route 53)

  1. Go to Route 53 section
  2. Remove all related Hosted zones. Select related hosted zone, click Delete Hosted Zone button. Confirm the deletion.

Removing of Isolated cloud resources (VPC)

  1. Go to VPC section VPC_1
  2. Remove all related subnets. Select Subnets section in the left menu, select all related subnets (usually it should be 1 subnet for deployment). Right-button mouse click or click Delete subnet item in Actions menu. Confirm the deletion.

  1. Remove all related route tables. Select Route tables section in the left menu, select all related route tables (usually it should be 1 route table for deployment). Right-button mouse click or click Delete Route table item in Actions menu. Confirm the deletion.

  1. Deattach from VPC all related internet gateways. Select Internet gateways section in the left menu, select all related internet gateways (usually it should be 1 internet gateway for deployment). Right-button mouse click or click Deattach from VPC item in Actions menu. Confirm the deattachment.

  1. Remove all related DHCP options sets. Select DHCP Options Sets section in the left menu, select all related DHCP options sets (usually it should be 1 DHCP option set for deployment). Right-button mouse click or click Delete DHCP options set item in Actions menu. Confirm the deletion.

  1. Remove all related Network ACLs. Select Network ACLs section in the left menu, select all related Network ACLs (usually it should be 1 Network ACL for deployment). Right-button mouse click or click Delete network ACL item in Actions menu. Confirm the deletion.

  1. Remove all related Security groups. Select Security Groups section in the left menu, select all related Security groups (usually it should be 1 Security group for deployment). Right-button mouse click or click Delete security group item in Actions menu. Confirm the deletion.

  1. Remove all related VPCs. Select Your VPCs section in the left menu, select all related VPCs (usually it should be 1 VPC for deployment). Right-button mouse click or click Delete VPC item in Actions menu. Confirm the deletion.

Removing of Relational Database Service (RDS)

  1. Go to RDS section
  2. Remove all related subnet groups. Select Subnet groups section in the left menu, select all related subnet groups (usually it should be 1 subnet group for deployment). Select subnet group and click Delete button. Confirm the deletion.

  1. Remove all related RDSs. Select RDS section in the left menu, select all related databases (usually it should be 1 database for deployment). Select database, click Delete item in Actions menu. Confirm the deletion.


Deploying BlockScout with Terraform
#2

To remove the infrastructure, the user can run bin/infra destroy. This will eliminate the process of deleting everything manually.

bin/infra destroy_setup will delete the dynamodb table at the end as well.


#3

Yes, this is true if the deployment process was successful. In some circumstances, that rely on insufficient AWS account rights, deployment process might be failed. In this case, bin/infra destroy_setup will not work. And cleaning section is just to inform developers, which resources he/she should remove manually. Forgetting to clean those resources might cost a lot for devs.