Difference between revisions of "Publish Project to AWS"
From MgmtWiki
(→Solution) |
(→Deploying MSSQL on AWS) |
||
| (14 intermediate revisions by the same user not shown) | |||
| Line 4: | Line 4: | ||
==Context== | ==Context== | ||
==Problems== | ==Problems== | ||
| + | * Even though AWS is running almost standard Microsoft Widows images, there are some differences. | ||
| + | * A certificate with key can be loaded into the cert store on Windows for the single instance (Windows Virtual Machine) only. | ||
| + | * If an AWS load balance is used the cert can be obtained from AWS, but cannot be used with a EC2 instance. | ||
| + | |||
==Solution== | ==Solution== | ||
From the website [https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/dotnet-core-tutorial.html Deploying an ASP.NET core application with Elastic Beanstalk]. | From the website [https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/dotnet-core-tutorial.html Deploying an ASP.NET core application with Elastic Beanstalk]. | ||
| Line 17: | Line 21: | ||
# Pick a time for the URL to expire that will allow the completion of the process and click "Generate", copy the URL so you don't lose it and click ok | # Pick a time for the URL to expire that will allow the completion of the process and click "Generate", copy the URL so you don't lose it and click ok | ||
# Go back to the project in Visual Studio to the .ebextenstion folder and the RunRegistry.config file of the main project that is being deployed | # Go back to the project in Visual Studio to the .ebextenstion folder and the RunRegistry.config file of the main project that is being deployed | ||
| − | # | + | # Note that Visual studio thinks that .config files are xml, so don't open it in Visual Studio, but in Notepad (rt-click open with) |
| + | # Add the code single to that shown below to this file | ||
| + | |||
| Line 57: | Line 63: | ||
PS C:\Users\rp_to_000\Documents\TopCat\Repos\TrustRegistry3\RegistryServer> | PS C:\Users\rp_to_000\Documents\TopCat\Repos\TrustRegistry3\RegistryServer> | ||
</pre> | </pre> | ||
| + | |||
| + | ===Deploying MSSQL on AWS=== | ||
| + | The security consideration is that the SQL db should not be present on a publically accessible front-end server. As with a file system, front-end could read some tables and write different tables, but not be directly involved in updates or getting executable code from any writable memory. See the wiki page [[Web Site Security]] for more details. | ||
| + | * [https://d1.awsstatic.com/whitepapers/best-practices-for-deploying-microsoft-sql-server-on-aws.pdf Best Practices for Deploying Microsoft SQL Server on AWS]. Most recent version of 2020-05 captured on 2020-07-19 mostly addresses the high-level architectural choices. A major component is running the SQL server on an AWS VPN with the business logic on the same VPN. In no case should SQL commands come from the front-end server, but only from well-protcted micro-services running on the VPN with SQL. See the document for details on reliable configurations which are application dependent. When user private information is on the SQL db, the location of the SQL server may be important. | ||
| + | * [https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_GettingStarted.CreatingConnecting.SQLServer.html Creating a Microsoft SQL Server DB Instance and Connecting to a DB Instance]. | ||
==References== | ==References== | ||
* [https://docs.microsoft.com/en-us/dotnet/core/tools/dotnet-publish dotnet publish] | * [https://docs.microsoft.com/en-us/dotnet/core/tools/dotnet-publish dotnet publish] | ||
| + | * [https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/ebextensions.html Advanced environment customization with configuration files (.ebextensions)] | ||
| + | * [https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html AWS working with Server Certificates.] | ||
| + | * [https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/configuring-https-elb.html Configuring your Elastic Beanstalk environment's load balancer to terminate HTTPS] | ||
| + | * [https://aws.amazon.com/premiumsupport/knowledge-center/elastic-beanstalk-https-configuration/ How can I configure HTTPS for my Elastic Beanstalk environment?] | ||
| + | * Also see wiki page [[Best Practice and Example Trust Registry]] | ||
[[Category:Best Practice]] | [[Category:Best Practice]] | ||
Latest revision as of 22:42, 19 July 2020
Contents
Full Title or Meme
Build and zip a Visual Studio dot net core 2.1+ Project for publication to Amazon Web Services.
Context
Problems
- Even though AWS is running almost standard Microsoft Widows images, there are some differences.
- A certificate with key can be loaded into the cert store on Windows for the single instance (Windows Virtual Machine) only.
- If an AWS load balance is used the cert can be obtained from AWS, but cannot be used with a EC2 instance.
Solution
From the website Deploying an ASP.NET core application with Elastic Beanstalk.
- Prepare a project with all dependencies marked.
- Ensure that the main project to be deployed by Visual Studio to AWS elasticbeanstalk has a folder in the root of that main project.
- Add a deployment file (see section below)
- from Powershell type "dotnet publish" (this and future commands are typed in the project directory)
- Now the deployment manifest file and a directory of all the files to be loaded up to the AWS elasticbeanstalk a ready for creating the deployment bundle.
- Run the Powershell script that creates the zip file of the code to install the soltuion and the zip that up with the deployment manifest.
- Upload the deployment bundle to the S3 instance for the app in AWS
- Open the AWS Explorer in Visual Studio (fro the View tab at the top ribbon)
- Navigate to the S3 file just uploaded and right click on the file, then click on "Create Pre-signed URL"
- Pick a time for the URL to expire that will allow the completion of the process and click "Generate", copy the URL so you don't lose it and click ok
- Go back to the project in Visual Studio to the .ebextenstion folder and the RunRegistry.config file of the main project that is being deployed
- Note that Visual studio thinks that .config files are xml, so don't open it in Visual Studio, but in Notepad (rt-click open with)
- Add the code single to that shown below to this file
Deployment File
- From the website Running multiple applications and ASP.NET core applications with a deployment manifest
- name file aws-windows-deployment-manifest.json in the project directory with "Build Action" : "Content" and "Copy to Output Directory" : "Copy always"
- Bundle the manifest and site archive in a ZIP archive to create a source bundle.
{
"manifestVersion": 1,
"deployments": {
"aspNetCoreWeb": [
{
"name": "my-dotnet-core-app",
"parameters": {
"archive": "dotnet-core-app.zip"
}
}
]
}
}
Example dotnet-core-bundle.zip -- aws-windows-deployment-manifest.json -- dotnet-core-app.zip
PS C:\Users\rp_to_000\Documents\TopCat\Repos\TrustRegistry3\RegistryServer> dotnet publish Microsoft (R) Build Engine version 16.6.0+5ff7b0c9e for .NET Core Copyright (C) Microsoft Corporation. All rights reserved. Determining projects to restore... All projects are up-to-date for restore. SimpleService -> C:\Users\rp_to_000\Documents\TopCat\Repos\TrustRegistry3\SimpleService\bin\Debug\netcoreapp3.1\SimpleService.dll CredStore -> C:\Users\rp_to_000\Documents\TopCat\Repos\TrustRegistry3\CredStore\bin\Debug\netcoreapp3.1\CredStore.dll MonitorService -> C:\Users\rp_to_000\Documents\TopCat\Repos\TrustRegistry3\MonitorService\bin\Debug\netcoreapp3.1\MonitorService.dll RegistryServer -> C:\Users\rp_to_000\Documents\TopCat\Repos\TrustRegistry3\RegistryServer\bin\Debug\netcoreapp3.1\RegistryServer.dll RegistryServer -> C:\Users\rp_to_000\Documents\TopCat\Repos\TrustRegistry3\RegistryServer\bin\Debug\netcoreapp3.1\publish\ PS C:\Users\rp_to_000\Documents\TopCat\Repos\TrustRegistry3\RegistryServer>
Deploying MSSQL on AWS
The security consideration is that the SQL db should not be present on a publically accessible front-end server. As with a file system, front-end could read some tables and write different tables, but not be directly involved in updates or getting executable code from any writable memory. See the wiki page Web Site Security for more details.
- Best Practices for Deploying Microsoft SQL Server on AWS. Most recent version of 2020-05 captured on 2020-07-19 mostly addresses the high-level architectural choices. A major component is running the SQL server on an AWS VPN with the business logic on the same VPN. In no case should SQL commands come from the front-end server, but only from well-protcted micro-services running on the VPN with SQL. See the document for details on reliable configurations which are application dependent. When user private information is on the SQL db, the location of the SQL server may be important.
- Creating a Microsoft SQL Server DB Instance and Connecting to a DB Instance.
References
- dotnet publish
- Advanced environment customization with configuration files (.ebextensions)
- AWS working with Server Certificates.
- Configuring your Elastic Beanstalk environment's load balancer to terminate HTTPS
- How can I configure HTTPS for my Elastic Beanstalk environment?
- Also see wiki page Best Practice and Example Trust Registry
