Rules:
- redirect www to non www
- redirect HTTP to HTTP(S)
Rules:
- Managed_Rules_WordPress_Rule_Set
- Managed_Rules_PHP_Rule_Set
- Managed_Rules_SQLi_Rule_Set
- IP_Rate_Based_Rule (
var.ip_rate_limit_reqests_num) - Block_country (
var.country_codes_block)
Autoscaling policy:
- UP/DOWN adding 2 instance or remove one
- by CPU UP - (75%), DOWN - (50%)
- ASG 5XX error more 10% and Downscale when less 5%
- Placement group
- SSH keys (RSA and DSA)
- AMI Amazon Linux 2
- Instance type -
local.instance_type - Instance type
Spot-module.spot-price.spot_price_current_optimal - ENS GP3 20Gb
- Encrypted by (
module.iam.aws_kms_key_arn)
- KMS key
- SSM, EFS, RDF policy
- Bucket for ALB logs
Password and login for RDS will be available as ENV variables inside instances:
MYSQL_PASSWDMYSQL_LOGINMYSQL_DBNAMEMYSQL_ADDRESS- Password, Login generated automatically and DB name.
- Engine
aurora-mysql, modeserverless scaling_configurationmin = 1,max = 2
Two zones (a and b) and private and public subnets.
git submodule init
- An easy way to get the best Spot price to control costs. terraform-aws-ec2-spot-price
- Creates S3 bucket on AWS with all (or almost all) features provided by Terraform AWS provider. terraform-aws-s3-bucket
- EC2 security group within VPC on AWS. terraform-aws-security-group
- AWS VPC Terraform module terraform-aws-vpc
