Last active
February 28, 2024 01:47
-
-
Save jameswilson/0763157c667daf5ef281bcd46bbbc2ce to your computer and use it in GitHub Desktop.
Configure DDEV for AWS CLI, and use an EC2 instance as a jumphost
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Add the following to your project's .gitignore | |
| # The approach here assumes you're going to want to have the awscli also configured | |
| # on your host OS, so we can just copy configs from ~/.aws/ on your host OS into the | |
| # ddev web container during startup by way of the .ddev/homeadditions folder. | |
| .ddev/homeadditions/.aws |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Add the following in .ddev/config.yaml: | |
| webimage_extra_packages: [awscli] | |
| web_environment: | |
| - AWS_JUMPHOST_ID=i-XXXXXXXXXXXXXXXXX | |
| - JUMPHOST=ec2-user@XXX.XX.XXX.XX | |
| - PROD_SERVER=username@project.someuniversity.edu | |
| hooks: | |
| pre-start: | |
| - exec-host: | | |
| set -x | |
| if [ -d ~/.aws ]; then | |
| cp -r ~/.aws .ddev/homeadditions | |
| else | |
| echo "Note: AWS credentials and configurations are required for 'ddev pull jumphost' but they're missing from your host OS. Please execute 'aws configure' and then restart the ddev instance." | |
| fi | |
| pre-pull: | |
| - exec: | | |
| INSTANCE_STATE=$(aws ec2 describe-instances --instance-ids $AWS_JUMPHOST_ID --output text --query 'Reservations[*].Instances[*].State.Name') | |
| if [ "$INSTANCE_STATE" != "running" ] | |
| then | |
| echo -n "Starting jumphost" | |
| aws ec2 start-instances --instance-ids $AWS_JUMPHOST_ID >/dev/null | |
| while INSTANCE_STATE=$(aws ec2 describe-instances --instance-ids $AWS_JUMPHOST_ID --output text --query 'Reservations[*].Instances[*].State.Name'); | |
| test "$INSTANCE_STATE" != "running" | |
| do | |
| sleep 1 | |
| echo -n '.' | |
| done | |
| echo " $INSTANCE_STATE" | |
| sleep 15 # Allow time for SSH service to spin up. | |
| fi | |
| post-pull: | |
| - exec: | | |
| set -x | |
| echo "Stopping $AWS_JUMPHOST_ID" | |
| aws ec2 stop-instances --instance-ids $AWS_JUMPHOST_ID >/dev/null |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Add the following in .ddev/providers/jumphost.yaml | |
| # Example AWS jumphost rsync provider configuration. | |
| # This will pull a database and files from a network location via an AWS | |
| # jumphost. It operates inside the web container and uses ssh, so you need | |
| # to `ddev auth ssh` first. | |
| # To use this configuration, | |
| # | |
| # 1. You need a database dump and/or user-generated files tarball that you | |
| # have access to somewhere on the internet | |
| # 2. Copy jumphost.yaml.example to jumphost.yaml (or name it as you see fit) | |
| # 3. `ddev auth ssh` (only needs to be done once per ddev session or reboot) | |
| # 4. Use `ddev pull jumphost` to pull the project database and files. | |
| # Note that while this is done in the web container it could also be done on | |
| # the host, and then you wouldn't need the `ddev auth ssh` | |
| auth_command: | |
| command: | | |
| # set -x # You can enable bash debugging output by uncommenting | |
| set -eu -o pipefail | |
| ssh-add -l >/dev/null || ( echo "Please 'ddev auth ssh' before running this command." && exit 1 ) | |
| db_pull_command: | |
| command: | | |
| # set -x # You can enable bash debugging output by uncommenting | |
| set -eu -o pipefail | |
| ls /var/www/html/.ddev >/dev/null # Refresh stale NFS if possible | |
| pushd /var/www/html/.ddev/.downloads >/dev/null | |
| rm -f db.sql.gz | |
| ssh -o StrictHostKeyChecking=no -o "ProxyCommand ssh -A $JUMPHOST -W %h:%p" $PROD_SERVER "rm -f ~/db.sql.gz; /usr/local/bin/drush sql-dump --root=/var/www/html/csrc/www --result-file=~/db.sql; gzip ~/db.sql;" | |
| rsync -avz -e "ssh -o StrictHostKeyChecking=no -o 'ProxyCommand ssh -A $JUMPHOST -W %h:%p'" $PROD_SERVER:~/db.sql.gz /var/www/html/.ddev/.downloads/db.sql.gz | |
| service: web | |
| files_pull_command: | |
| command: | | |
| # set -x # You can enable bash debugging output by uncommenting | |
| set -eu -o pipefail | |
| ls /var/www/html/.ddev >/dev/null # Refresh stale NFS if possible | |
| pushd /var/www/html/.ddev/.downloads >/dev/null | |
| rm -f files.tar.gz | |
| rsync -avz -e "ssh -o 'ProxyCommand ssh -A $JUMPHOST -W %h:%p'" $PROD_SERVER:~/files.tar.gz . | |
| tar -xzf files.tar.gz -C files/ | |
| service: web | |
| # Pushing a database or files to upstream can be dangerous and not recommended. | |
| db_push_command: | |
| command: | | |
| # set -x # You can enable bash debugging output by uncommenting | |
| set -eu -o pipefail | |
| echo "Database push to remote environment is disabled." | |
| files_push_command: | |
| command: | | |
| # set -x # You can enable bash debugging output by uncommenting | |
| set -eu -o pipefail | |
| echo "Files push to remote environment is disabled." |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment