SPSI AWS configurations
| Verification | |
|---|---|
| Tags | |
| Last edited | |
| Last edited time | |
| Owner |  Ridgeway |
| Person |
- SPSI backend services and web app are hosted on a single EC2 instance
- For media storage we use AWS s3 bucket
- After logging in to aws console using client credentials search for EC2 in search bar
- Select EC2 instances and select the region from top right corner to US-East(Ohio). This is where the client servers are present.
Selecting us east region
- One with the name is the actual server. click on to view the details of the server.
spsi1
instance ID
Server details
Note: An Elastic IP is created and assigned to the instance.
Port numbers
There are 2 categories in EC2 instance.
Inbound rules: are the ports from where EC2 accepts requests
Otbound rules: are the ports from where EC2 responds
On clicking on Security under EC2 details, we can find Inbound rules and Outbound rules
- Click on link to open up port configurations in detail.
Security groups
list of inbound rules, click on edit rules to edit them
Can change type of protocol and port numbers from here
Storage
- From EC2 details page, click on to get storage details
Storage
storage tab
From here storage of the EC2 can be modified using modify button
S3 buckets
Search for S3 in search bar
πRefer here for creating new buckets
π Refer here for creating new Iam roles
π Iam roles are used to assign access permissions to users over a particular AWS service
list of s3 buckets
| S3 | Description |
| report-media-storage-bucket | Stores all the report, officer and client documents |
| spsi-database-backup-bucket | stores backup of the spsi database |
| spsi-officer-client-documents-bucket | Was supposed to store officer and client documents, but not in use right now. Client and officer docs are stored in report-media-storage-bucket only |
Setting up access permissions for the bucket(report-media-storage-bucket)
Click on the bucket name to see its details and select permissions tab.
- The access key of IAM User ββ is used to access buckets
from our application.
thanushree@swayaan.com
- Block public access should be , so that files can be accessed by anyone
off
- Bucket policy should be set to
{
"Version": "2012-10-17",
"Id": "Policy1624514578055",
"Statement": [
{
"Sid": "Stmt1624514576003",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:*",
"Resource": "arn:aws:s3:::report-media-storage-bucket/*"
}
]
}- Access control list is set to read and write for the owner of the account
- Cross-origin resource sharing(CORS) should be set to
[
{
"AllowedHeaders": [
"*"
],
"AllowedMethods": [
"PUT",
"POST",
"HEAD",
"DELETE",
"GET"
],
"AllowedOrigins": [
"*"
],
"ExposeHeaders": []
}
]