Luvgreed/Certificate Manager

## Certificate Manager
# Support Email and DNS validation

# Custom SSL currently only provide regional support, includes :
- N. Virginia ( tested )

## CloudFront
Origin Domain Name
- Public DNS of EC2 / CodeStar

Viewer Protocol Policy
- Redirect HTTP to HTTPs

Allowed HTTP Methods
- ALL

Object Caching
- customize ( so minimum TTL must be 0 seconds )

Forward Cookies
- All

String Forwarding and Caching
- Forward all, cache based on all


## EBS
Configuration

# run container
1) create new application
2) create an environment with Docker installed


EC2
$ sudo wget -qO- https://get.docker.com/ | sh
$ docker run --name db -d mongo:3.0 --smallfiles
$ docker run -p 80:3000 --name rocketchat --link db -d rocket.chat

Sample Nodejs Project
# setup standard expressjs project
# define "npm start"
# eb init
# eb deploy
# environment
- nodejs version
- security group

## Migrate DB btw accounts
#1 EXPORT / IMPORT DATA
- MySQLWorkbench : export / import data ( need to add schema manually w current version )
remark:
- check DB collation

#2 Set User / Privileges in MySQLWorkbench( if any )

#3 update ENV of app server

#4 add IP / security group to RDS

#5 set config : timezone ...

#6 update cloudfront
- delete DNS record
- delete old cloud distribution

#7 DNS
- set TTL as short as possible
- delete DNS record ( if exist, can't create distribution
- create new distribution
- create new DNS record

## S3
S3 has 3 ways to control access :
- IAM
- Bucket Policy
- ACLs

# ACLs
# upload static file recursively to S3 bucket
$ aws s3 cp . s3://{bucket.name}/ --recursive --acl public-read

# assign Pre-Signed URL
$ aws s3 presign s3://[YOUR_BUCKET_NAME]/tmp/[YOUR_UPLOADED_FILE_NAME] --expires-in [TIME_BY_SECONDS]

# You can automate those tasks just only define this function on your .zshrc.
$ share_file_s3 [YOUR_FILE]

share_file_s3() {
  if [ ! -n "$1" ]; then
    echo "Usage: $0 [file]"
    return
  fi
  defaultExpireTime=3600 // 1hour
  if [ -n "$2" ]; then
    defaultExpireTime=$2
  fi
  aws s3 cp $1 s3://[YOUR_BUCKET_NAME]/tmp/
  aws s3 presign s3://[YOUR_BUCKET_NAME]/tmp/$1 --expires-in $defaultExpireTime | pbcopy
}

## SES
Domain verification
====================
Remark
1) Godaddy, skip the ".exmplae.com" in NAME

E.g.
Record Type:
TXT (Text)
TXT Name*: _amazonses.example.com ( if Godaddy, just "_amazonses" )
TXT Value: xanzzzzzxzxzxzxzxzxzxzxzxzxzxzxRY=


DKIM verification
====================
Remark
1) Godaddy, skip the ".exmplae.com" in NAME
	# Support Email and DNS validation

	# Custom SSL currently only provide regional support, includes :
	- N. Virginia ( tested )
	Origin Domain Name
	- Public DNS of EC2 / CodeStar

	Viewer Protocol Policy
	- Redirect HTTP to HTTPs

	Allowed HTTP Methods
	- ALL

	Object Caching
	- customize ( so minimum TTL must be 0 seconds )

	Forward Cookies
	- All

	String Forwarding and Caching
	- Forward all, cache based on all
	Configuration

	# run container
	1) create new application
	2) create an environment with Docker installed


	EC2
	$ sudo wget -qO- https://get.docker.com/ \| sh
	$ docker run --name db -d mongo:3.0 --smallfiles
	$ docker run -p 80:3000 --name rocketchat --link db -d rocket.chat

	Sample Nodejs Project
	# setup standard expressjs project
	# define "npm start"
	# eb init
	# eb deploy
	# environment
	- nodejs version
	- security group
	#1 EXPORT / IMPORT DATA
	- MySQLWorkbench : export / import data ( need to add schema manually w current version )
	remark:
	- check DB collation

	#2 Set User / Privileges in MySQLWorkbench( if any )

	#3 update ENV of app server

	#4 add IP / security group to RDS

	#5 set config : timezone ...

	#6 update cloudfront
	- delete DNS record
	- delete old cloud distribution

	#7 DNS
	- set TTL as short as possible
	- delete DNS record ( if exist, can't create distribution
	- create new distribution
	- create new DNS record
	S3 has 3 ways to control access :
	- IAM
	- Bucket Policy
	- ACLs

	# ACLs
	# upload static file recursively to S3 bucket
	$ aws s3 cp . s3://{bucket.name}/ --recursive --acl public-read

	# assign Pre-Signed URL
	$ aws s3 presign s3://[YOUR_BUCKET_NAME]/tmp/[YOUR_UPLOADED_FILE_NAME] --expires-in [TIME_BY_SECONDS]

	# You can automate those tasks just only define this function on your .zshrc.
	$ share_file_s3 [YOUR_FILE]

	share_file_s3() {
	if [ ! -n "$1" ]; then
	echo "Usage: $0 [file]"
	return
	fi
	defaultExpireTime=3600 // 1hour
	if [ -n "$2" ]; then
	defaultExpireTime=$2
	fi
	aws s3 cp $1 s3://[YOUR_BUCKET_NAME]/tmp/
	aws s3 presign s3://[YOUR_BUCKET_NAME]/tmp/$1 --expires-in $defaultExpireTime \| pbcopy
	}
	Domain verification
	====================
	Remark
	1) Godaddy, skip the ".exmplae.com" in NAME

	E.g.
	Record Type:
	TXT (Text)
	TXT Name*: _amazonses.example.com ( if Godaddy, just "_amazonses" )
	TXT Value: xanzzzzzxzxzxzxzxzxzxzxzxzxzxzxRY=



	DKIM verification
	====================
	Remark
	1) Godaddy, skip the ".exmplae.com" in NAME