[WIP] Improve Tasking Manager Cloudformation template #5471
Commits on Dec 10, 2022
-
Improve Tasking Manager Cloudformation template
The most important enhancement is to remove soon-to-be deprecated LaunchConfiguration pieces and replace with LaunchTemplates - Parameterise several values previously hardcoded in the template - AMI ID - Backend instance type - Load balancer TLS Policy - DNS Zone ID - Rename some parameters to reflect their meaning better - Improve parameter types to make validation easier - Add secrets to AWS Secrets Manager and add their ARN tail as params - DB credentials - SMTP credentials - OAuth2 credentials - TM Secret - Remove parameters replaced by Secrets Manager entries - Simplify condition names - Remove Launch Configuration and replace with Launch Templates - Move package install from user-data to Metadata section
Commits on Dec 14, 2022
-
Fix LaunchTemplate issue;Enhance CloudFront piece
- [MISC] Move default backend instance type to t3.small - [MISC] Add us-east-1e to AZ list - [ENHANCE] Upgrade PostgreSQL version to 13.x - [ENHANCE] Create a parameter group and assign to RDS instance based on parameter group family - [MISC] Move default datase instance type to db.t4g.xlarge - [MISC] Rename Parameters to make them more meaningful - [ENHANCE] Fix names of resources - instead of using cf.stackName, use a simpler one. - [FIX] Switch to LaunchTemplateId from LaunchTemplateName - [ENHANCE] Parameterize disk size, snapshot retention period, etc., based on IsProduction condition - [SECURITY] Add a more restricted S3 Bucket Policy for frontend bucket - [ENHANCE] Add an Origin Access Control policy to CloudFront - [ENHANCE] Add a custom cache policy to CloudFront - [ENHANCE] Better defaults for CloudFront distribution - Enable http2 - Enable IPV6 - Add Route53 Recordset Group instead of a standalone RecordSet to add both A records and AAA records - Upgraded TLS Protocol Version option -
Fix issue with OriginAccessControl
The issue: If CloudFront needs to connect to S3 - We add an S3Origin. However, if the S3 bucket is configured as a website, it needs to be considered a custom origin. And custom origins can't have OriginAccessControl. The Solution: Removed Origin Access Control.
Commits on Dec 19, 2022
-
Remove sudo from bootstrap script; Fix user-data
- User data needed python to be installed in order to get cfn-init to work. Fixed that. - Cloud init scripts are run as root by default. so removed sudo
-
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.