li0nel

# Use the Docker exec command to execute the Artisan commands inside the application container
docker exec -it CONTAINER_ID php artisan session:table
docker exec -it CONTAINER_ID php artisan migrate --force

li0nel

# Add an ALIAS record to ELB URL
aws route53 change-resource-record-sets 
    --hosted-zone-id /hostedzone/YOUR_HOSTED_ZONE_ID
    --change-batch '{
   "Changes":[
      {
         "Action":"CREATE",
         "ResourceRecordSet":{
            "Name":"laravelaws.com.",
            "Type":"A",

li0nel

aws route53 test-dns-answer --hosted-zone-id /hostedzone/ZQPYH2JHZAVQV --record-name laravelaws.com --record-type A

li0nel

aws ec2 run-instances 
    --image-id ami-c1a6bda2 
    --key-name laravelaws            # the SSH key pair we created earlier
    --security-group-ids sg-xxxxxxxx # our previous SG allowing access to the DB
    --subnet-id subnet-xxxxxxxx      # one of our public subnets
    --count 1 
    --instance-type t2.micro         # the smallest instance type allowed
    --tag-specifications 'ResourceType=instance,Tags=[{Key=Name,Value=bastion}]'

li0nel

# This template creates a VPC and a pair public and private subnets spanning the first two AZs of your current region.
# Each instance in the public subnet can accessed the internet and be accessed from the internet
# thanks to a route table routing traffic through the Internet Gateway.
# Private subnets feature a NAT Gateway located in the public subnet of the same AZ, so they can receive traffic 
# from within the VPC.
VPC: 
    Type: AWS::EC2::VPC
    Properties:
        CidrBlock: !Ref VpcCIDR
        Tags: 

li0nel

# I recommend to encrypt your database to make sure your snapshots and logs are encrypted too.
# Automatic snapshots are stored by AWS itself, however manual snapshots will be stored in your S3 account.
# You don't want to accidentally open access to an unencrypted version of your data!
# It is also preferable not to use your default AWS master key if you ever need to transfer a snapshot to another
# AWS account later as you can't give cross-account access to your master key.
#
# Not that we only create one primary DB instance for now, no read replica.
KmsKey:
    Type: AWS::KMS::Key
    Properties:

li0nel

# This security group defines who/where is allowed to access the ECS hosts directly.
# By default we're just allowing access from the load balancer.  If you want to SSH
# into the hosts, or expose non-load balanced services you can open their ports here.
ECSSecurityGroup:
   Type: AWS::EC2::SecurityGroup
   Properties:
       VpcId: !Ref VPC
       GroupDescription: Access to the ECS hosts and the tasks/containers that run on them
       SecurityGroupIngress:
           # Only allow inbound access to ECS from the ELB

li0nel

ECSCluster:
    Type: AWS::ECS::Cluster
    Properties:
        ClusterName: !Ref EnvironmentName

ECSAutoScalingGroup:
    Type: AWS::AutoScaling::AutoScalingGroup
    Properties:
        VPCZoneIdentifier: !Ref PrivateSubnets
        LaunchConfigurationName: !Ref ECSLaunchConfiguration

li0nel

Service: 
    Type: AWS::ECS::Service
    DependsOn:
      - ListenerRuleHTTPS
    Properties: 
        Cluster: !Ref Cluster
        Role: !Ref ServiceRole
        DesiredCount: !Ref DesiredCount
        TaskDefinition: !Ref TaskDefinition
        LoadBalancers: 

li0nel

# Add your key to your SSH agent
ssh-add -K laravelaws.pem

# Verify that your private key is successfully loaded in your local SSH agent
ssh-add –L

# Use the -A option to enable forwarding of the authentication agent connection
ssh –A ec2-user@<bastion-public-IP-address>

# Once you are connected to the bastion, you can SSH into a private subnet instance