This page provides an index to existing documentation and a To Do list for standard solutions of technical problems we regularly face.
Standard Solutions That Need to be (Better) Documented
(Also, standards solutions that we need to come up with.)
- Provide customer access to files on EFS volumes, without requiring shell access. Access to AWS EFS Volumes
Standard Solutions
Elastic Beanstalk
Detailed control of Elastic Beanstalk environment configuration via .ebextensions
- Lots of various configuration suggestions.
- https://github.com/awslabs/elastic-beanstalk-docs/tree/master/.ebextensions/aws_provided
Set an environment variable with AWS region for instances in Elastic Beanstalk
- There are lots of ways to do this, but this is automagical if you are using Elastic Beanstalk
- https://github.com/awslabs/elastic-beanstalk-docs/blob/master/.ebextensions/aws_provided/instance%20configuration/env-regionname.config
Use an EFS volume for instances in Elastic Beanstalk
- http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/services-efs.html
- Create EFS - https://github.com/awslabs/elastic-beanstalk-docs/blob/master/.ebextensions/aws_provided/instance%20configuration/storage-efs-createfilesystem.config
- Mount EFS - https://github.com/awslabs/elastic-beanstalk-docs/blob/master/.ebextensions/aws_provided/instance%20configuration/storage-efs-mountfilesystem.config
Setup Papertrail on Elastic Beanstalk instances
- http://help.papertrailapp.com/kb/hosting-services/aws-elastic-beanstalk/
- https://github.com/papertrail/remote_syslog2/blob/master/examples/remote_syslog.ebextensions.config
- See also Papertrail Logging SaaS
Elastic Compute Cloud (EC2)
Expanded Notifications for EC2 Instance Retirement
Joining EC2 Instances to Cornell AD
Elastic Block Store (EBS)
Snapshot EBS volumes attached to running EC2 instances
- Use snapshotting instead of a traditional file backup process.
- Locally developed solution
- Configure a Jenkins job to run the auto-snapshot utility.
- https://github.com/CU-CloudCollab/cucloud_utils#auto-snapshot
- Another open source solution
Prune EBS snapshots
- Prune snapshots that are older than a specified age. Useful in conjunction with "Snapshot (backup) EBS volumes attached to running EC2 instances".
- https://github.com/CU-CloudCollab/cucloud_utils#clean-snapshots
- https://github.com/CU-CloudCollab/cucloud_utils/blob/master/bin/delete-ebs-snapshots-older-than.rb
Route53
Tie a cornell.edu hostname to an AWS service
- See How to Setup AWS Route53 to Work with Cornell-Managed DNS blog post.
- Scheme to Route Traffic to On-Premises and AWS Endpoints
Identity and Access Management (IAM)
Using IAM policy to restrict EC2 actions to specific users or role
Allow a role from one AWS account assume a role in a different AWS account
Use Cornell Two-Step Login (Shibboleth + Duo) to get AWS CLI credentials
Relational Database Service (RDS)
- MyISAM Tables in MySQL RDS Instances - Before migrating a MySQL database to AWS Relational Database Service, be sure to understand the impact of that move if any tables in your MySQL database utilize the MyISAM engine.
- Encrypting AWS RDS Instances - You can encrypt your Amazon RDS instances and snapshots at rest by enabling the encryption option for your Amazon RDS DB instance.