infra-dapps/README.md

# Description

This repo configures infrastructure for the https://dap.ps/ service.

The service is split into two stages:

| Stage | With CDN | Without CDN |
|-|-|-|
| __`prod`__ | https://prod.dap.ps/ | https://raw.prod.dap.ps/ |
| __`dev`__  | https://dev.dap.ps/  | https://raw.dev.dap.ps/ |

The `prod` environment is `CNAME`ed to `dap.ps` domain.

# Technical Details

## Site

The infrastructure is hosted on AWS and consists of 5 main elements:

* [__ELB__](https://aws.amazon.com/elasticloadbalancing/) - Load balancers
* [__EB__](https://aws.amazon.com/elasticbeanstalk/) - Node.js App hosting
* [__EC2__](https://aws.amazon.com/ec2/) - [MongoDB](https://www.mongodb.com/) cluster
* [__S3__](https://aws.amazon.com/s3/) - [MongoDB](https://www.mongodb.com/) backups & [Terraform](https://www.terraform.io/) state
* [__SES__](https://aws.amazon.com/ses/) - Mail forwarding
* [__CF__](https://aws.amazon.com/cloudfront/) - [CDN](https://en.wikipedia.org/wiki/Content_delivery_network)
* [__R53__](https://aws.amazon.com/route53/) - Route53 DNS

All the AWS parts are provisioned and managed with [Terraform](https://www.terraform.io/) and the MongoDB cluster configured with [Ansible](https://www.ansible.com/).

The `dap.ps` domain is registered via [Gandi](https://www.gandi.net/) DNS provider and is managed with AWS [Route53](https://aws.amazon.com/route53/) [Hosted Zone](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/hosted-zones-working-with.html) by changing the Name Servers with help from Gandi support. See `dns.tf` for more details.

## EMail

There are no mailboxes for `dap.ps` domain. We forward emails using AWS Lambda and AWS SES. You can change the forwarding rules by editing the `defaultConfig` object in [`files/sesforwarder.js`](files/sesforwarder/index.js) and adding [Verified Emails](https://www.terraform.io/docs/providers/aws/r/ses_email_identity.html) in [`mail.tf`](mail.tf).

# Usage

Creation of both `dev` and `prod` stages is as simple as:
```
terraform init
terraform apply
```
And then configure the MongoDB hosts using ansible:
```
ansible-playbook ansible/dev.yml
ansible-playbook ansible/prod.yml
```

# Known Issues

* The ElasticBeanstalk environments can fail when being recreated
  - This is mostly due to AWS being slow at destorying resources and their race conditions
* There is no easy way of making ElasticBeanstalk spread geographically
  - The only way seems to have multiple EB environments linked via ELB
* CDN can be slow to pick up updates to ElasticBeanstalk application
  - Invalidating the CloudFront cache fixes the issue

# TODO

* [#4](https://github.com/dap-ps/infra-dapps/issues/4) - [prod] Geographically spread hosts
* [#11](https://github.com/dap-ps/infra-dapps/issues/11) - [prod] MongoDB Web UI
* [#13](https://github.com/dap-ps/infra-dapps/issues/13) - [prod] Stress test infrastructure

# Links

These helped me during work on this setup:

* https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/eb-cli3.html
* https://aws.amazon.com/getting-started/tutorials/deploy-app-command-line-elastic-beanstalk/
* https://medium.com/@vygandas/how-to-deploy-your-nodejs-app-on-amazon-elastic-beanstalk-aws-eb-with-circleci-short-tutorial-d8210d2a7f0c
* https://realpython.com/deploying-a-django-app-to-aws-elastic-beanstalk/
add a README Signed-off-by: Jakub Sokołowski <jakub@status.im> 2019-10-04 09:38:08 +00:00			`# Description`

			`This repo configures infrastructure for the https://dap.ps/ service.`

			`The service is split into two stages:`

add raw DNS entries for non-CDN access to the site Signed-off-by: Jakub Sokołowski <jakub@status.im> 2019-12-12 23:00:45 +00:00			`\| Stage \| With CDN \| Without CDN \|`
			`\|-\|-\|-\|`
readme: fix links to stages Signed-off-by: Jakub Sokołowski <jakub@status.im> 2021-01-22 10:48:32 +00:00			\| __`prod`__ \| https://prod.dap.ps/ \| https://raw.prod.dap.ps/ \|
			\| __`dev`__ \| https://dev.dap.ps/ \| https://raw.dev.dap.ps/ \|
add a README Signed-off-by: Jakub Sokołowski <jakub@status.im> 2019-10-04 09:38:08 +00:00
			The `prod` environment is `CNAME`ed to `dap.ps` domain.

			`# Technical Details`

explain email setup, rename index.js to sesforwarder.js Signed-off-by: Jakub Sokołowski <jakub@status.im> 2020-02-04 12:18:26 +00:00			`## Site`

add a README Signed-off-by: Jakub Sokołowski <jakub@status.im> 2019-10-04 09:38:08 +00:00			`The infrastructure is hosted on AWS and consists of 5 main elements:`

			`* [__ELB__](https://aws.amazon.com/elasticloadbalancing/) - Load balancers`
			`* [__EB__](https://aws.amazon.com/elasticbeanstalk/) - Node.js App hosting`
			`* [__EC2__](https://aws.amazon.com/ec2/) - [MongoDB](https://www.mongodb.com/) cluster`
			`* [__S3__](https://aws.amazon.com/s3/) - [MongoDB](https://www.mongodb.com/) backups & [Terraform](https://www.terraform.io/) state`
			`* [__SES__](https://aws.amazon.com/ses/) - Mail forwarding`
delegate dap.ps domain management to Route53 We have to use Route53 because it provides the option to use an ALIAS type record which works for apex records and can point to a CloudFront distribution in a dynamic way. Without this we'd have to use A records which are static unlike a CNAME, which would eventually become obsolete and take down the site when they do. Details: https://github.com/dap-ps/infra-dapps/issues/18 Signed-off-by: Jakub Sokołowski <jakub@status.im> 2020-01-27 19:38:42 +00:00			`* [__CF__](https://aws.amazon.com/cloudfront/) - [CDN](https://en.wikipedia.org/wiki/Content_delivery_network)`
			`* [__R53__](https://aws.amazon.com/route53/) - Route53 DNS`
add a README Signed-off-by: Jakub Sokołowski <jakub@status.im> 2019-10-04 09:38:08 +00:00
			`All the AWS parts are provisioned and managed with [Terraform](https://www.terraform.io/) and the MongoDB cluster configured with [Ansible](https://www.ansible.com/).`

delegate dap.ps domain management to Route53 We have to use Route53 because it provides the option to use an ALIAS type record which works for apex records and can point to a CloudFront distribution in a dynamic way. Without this we'd have to use A records which are static unlike a CNAME, which would eventually become obsolete and take down the site when they do. Details: https://github.com/dap-ps/infra-dapps/issues/18 Signed-off-by: Jakub Sokołowski <jakub@status.im> 2020-01-27 19:38:42 +00:00			The `dap.ps` domain is registered via [Gandi](https://www.gandi.net/) DNS provider and is managed with AWS [Route53](https://aws.amazon.com/route53/) [Hosted Zone](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/hosted-zones-working-with.html) by changing the Name Servers with help from Gandi support. See `dns.tf` for more details.
add a README Signed-off-by: Jakub Sokołowski <jakub@status.im> 2019-10-04 09:38:08 +00:00
explain email setup, rename index.js to sesforwarder.js Signed-off-by: Jakub Sokołowski <jakub@status.im> 2020-02-04 12:18:26 +00:00			`## EMail`

mail: move all config from ses.tf to mail.tf Also add two emails: - dapps-staking@status.im - dapps-approvals@status.im Signed-off-by: Jakub Sokołowski <jakub@status.im> 2020-02-04 14:54:39 +00:00			There are no mailboxes for `dap.ps` domain. We forward emails using AWS Lambda and AWS SES. You can change the forwarding rules by editing the `defaultConfig` object in [`files/sesforwarder.js`](files/sesforwarder/index.js) and adding [Verified Emails](https://www.terraform.io/docs/providers/aws/r/ses_email_identity.html) in [`mail.tf`](mail.tf).
explain email setup, rename index.js to sesforwarder.js Signed-off-by: Jakub Sokołowski <jakub@status.im> 2020-02-04 12:18:26 +00:00
add a README Signed-off-by: Jakub Sokołowski <jakub@status.im> 2019-10-04 09:38:08 +00:00			`# Usage`

			Creation of both `dev` and `prod` stages is as simple as:
			```
			`terraform init`
			`terraform apply`
			```
			`And then configure the MongoDB hosts using ansible:`
			```
			`ansible-playbook ansible/dev.yml`
			`ansible-playbook ansible/prod.yml`
			```
explain email setup, rename index.js to sesforwarder.js Signed-off-by: Jakub Sokołowski <jakub@status.im> 2020-02-04 12:18:26 +00:00
add a README Signed-off-by: Jakub Sokołowski <jakub@status.im> 2019-10-04 09:38:08 +00:00			`# Known Issues`

			`* The ElasticBeanstalk environments can fail when being recreated`
			`- This is mostly due to AWS being slow at destorying resources and their race conditions`
			`* There is no easy way of making ElasticBeanstalk spread geographically`
			`- The only way seems to have multiple EB environments linked via ELB`
add known issue to readm Signed-off-by: Jakub Sokołowski <jakub@status.im> 2020-06-29 15:44:59 +00:00			`* CDN can be slow to pick up updates to ElasticBeanstalk application`
			`- Invalidating the CloudFront cache fixes the issue`
add a README Signed-off-by: Jakub Sokołowski <jakub@status.im> 2019-10-04 09:38:08 +00:00
			`# TODO`

fix issue links Signed-off-by: Jakub Sokołowski <jakub@status.im> 2019-10-04 09:39:08 +00:00			`* [#4](https://github.com/dap-ps/infra-dapps/issues/4) - [prod] Geographically spread hosts`
add Data Lifecycle Policy for MongoDB volumes Signed-off-by: Jakub Sokołowski <jakub@status.im> 2019-10-04 12:55:12 +00:00			`* [#11](https://github.com/dap-ps/infra-dapps/issues/11) - [prod] MongoDB Web UI`
			`* [#13](https://github.com/dap-ps/infra-dapps/issues/13) - [prod] Stress test infrastructure`
drop LINKS.md file Signed-off-by: Jakub Sokołowski <jakub@status.im> 2019-10-04 09:39:28 +00:00
			`# Links`

			`These helped me during work on this setup:`

			`* https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/eb-cli3.html`
			`* https://aws.amazon.com/getting-started/tutorials/deploy-app-command-line-elastic-beanstalk/`
			`* https://medium.com/@vygandas/how-to-deploy-your-nodejs-app-on-amazon-elastic-beanstalk-aws-eb-with-circleci-short-tutorial-d8210d2a7f0c`
			`* https://realpython.com/deploying-a-django-app-to-aws-elastic-beanstalk/`