Browsed by
Category: dns

$40 a month on EC2 instances

$40 a month on EC2 instances

Looks like my main web server instance is costing less than $2 a month on a T3 Micro. That’s a spot instance with a fairly high bidding price set so that it’s very unlikely to ever be outbid and is still the cheapest way to provision EC2 capacity.

By the same token, my database server is also a T3 micro instance and that’s looking to cost just under $7 a month on demand – same uptime as the web server so you can see there’s a $5 saving.

The bamboo server is having to run on a medium server and that’s used around $27 this month. Don’t you just love java?

Still got $300 of credit in my account so there’s no massive rush to move off the on demand instances right now. Maybe I should think about it though.

Workmail is $4 per user per month plus tax. Route53 is $0.50 per domain per month, there’s no getting around that. If I can keep my monthly bills less than $30 a month that would certainly keep my wallet happy.

Need to do a fair bit more work with bamboo to see if I can get it running on something a little less powerful or spot instance it. We’ll see.

Certbot and Let’s Encrypt

Certbot and Let’s Encrypt

The only way to use Amazon’s free SSL certificates is if you pipe them through something like cloudformation, use them with cloudfront or a load balancer.

Tried that for December and it turns out its fairly expensive to run an ELB for a month – it’s all fine and dandy whilst I’ve got EDU credit to burn through but I can’t afford $20 a month to shortcut an easy way to SSL cert up the site.

I started to look at certbot and lets encrypt as an automatic way of getting a cert in place, changed my apache config and here we are – running through a straight connection on port 443 to the web server.

To be fair, it was a little silly having a load balancer in front of a single web server, but I didn’t have the time to do anything else with it.

I’ve got a little bit of time now, so setting things up properly.

Auto updating Route53 DNS when you launch a new EC2 instance based on an AMI

Auto updating Route53 DNS when you launch a new EC2 instance based on an AMI

I came across an issue with my DNS entries that mean every time that my spot instance was terminated, I had to manually change the A record.  That’s not very cloud-like.

Found an article(below):

Auto-Register EC2 Instance in AWS Route 53

The problem with the article, is that the API has changed since it was written and the script no longer works.

Steps 1-5 are spot on, and most of step 6 is perfect – aside from the script – my fixes are below, I’ve updated the api call and also added in a path statement so that the script will run non-interactively.

Following the blog above, If you are using an amazon linux ami as your base image, you’ll already have the awscli package so you can skip the first part of part 6 also.

 

=========

vi /usr/sbin/update-route53-dns
#!/bin/sh
PATH=$PATH:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin

# Load configuration and export access key ID and secret for cli53 and aws cli
. /etc/route53/config
export AWS_ACCESS_KEY_ID
export AWS_SECRET_ACCESS_KEY

# The TimeToLive in seconds we use for the DNS records
TTL="300"

# Get the private and public hostname from EC2 resource tags
REGION=$(curl -s http://169.254.169.254/latest/dynamic/instance-identity/document | grep region | awk -F\" '{print $4}')
INSTANCE_ID=$(curl -s http://169.254.169.254/latest/meta-data/instance-id)
INTERNAL_HOSTNAME=$(aws ec2 describe-tags --filters "Name=resource-id,Values=$INSTANCE_ID" "Name=key,Values=internal-hostname" --region=$REGION --output=text | cut -f5)
PUBLIC_HOSTNAME=$(aws ec2 describe-tags --filters "Name=resource-id,Values=$INSTANCE_ID" "Name=key,Values=public-hostname" --region=$REGION --output=text | cut -f5)

# Get the local and public IP Address that is assigned to the instance
LOCAL_IPV4=$(curl -s http://169.254.169.254/latest/meta-data/local-ipv4)
PUBLIC_IPV4=$(curl -s http://169.254.169.254/latest/meta-data/public-ipv4)

# Create a new or update the A-Records on Route53 with public and private IP address
cli53 rrcreate --replace "$ZONE" "$INTERNAL_HOSTNAME $TTL A $LOCAL_IPV4"
cli53 rrcreate --replace "$ZONE" "www $TTL A $PUBLIC_IPV4"

=========

 

Whilst this is great if you have tags in place, sometimes you want to have something hardcoded to update the DNS records quickly in case of failure/spot request going away.

=========

PUBLIC_HOSTNAME=$(aws ec2 describe-tags --filters "Name=resource-id,Values=$INSTANCE_ID" "Name=key,Values=public-hostname" --region=$REGION --output=text | cut -f5)
INTERNAL_HOSTNAME=$(aws ec2 describe-tags --filters "Name=resource-id,Values=$INSTANCE_ID" "Name=key,Values=internal-hostname" --region=$REGION --output=text | cut -f5)
#!/bin/sh
PATH=$PATH:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin

# Load configuration and export access key ID and secret for cli53 and aws cli
. /etc/route53/config
export AWS_ACCESS_KEY_ID
export AWS_SECRET_ACCESS_KEY

# The TimeToLive in seconds we use for the DNS records
TTL="300"

# Get the private and public hostname from EC2 resource tags
REGION=$(curl -s http://169.254.169.254/latest/dynamic/instance-identity/document | grep region | awk -F\" '{print $4}')
INSTANCE_ID=$(curl -s http://169.254.169.254/latest/meta-data/instance-id)
INTERNAL_HOSTNAME=web01
PUBLIC_HOSTNAME=www

# Get the local and public IP Address that is assigned to the instance
LOCAL_IPV4=$(curl -s http://169.254.169.254/latest/meta-data/local-ipv4)
PUBLIC_IPV4=$(curl -s http://169.254.169.254/latest/meta-data/public-ipv4)

# Create a new or update the A-Records on Route53 with public and private IP address
cli53 rrcreate --replace "$ZONE" "$INTERNAL_HOSTNAME $TTL A $LOCAL_IPV4"
cli53 rrcreate --replace "$ZONE" "$PUBLIC_HOSTNAME $TTL A $PUBLIC_IPV4"
=========
Route53 config updated, cron job added, wordpress storage offloaded to an s3 bucket

Route53 config updated, cron job added, wordpress storage offloaded to an s3 bucket

Interesting lunch hour today – had to fix a script I’d found to update route53 dns records on reboot because the API has changed since the guy wrote it.  Gave him my additions and it works a treat.

Also got bucket storage set up, so my images are all being server from S3.

More technical data on what I did to come soon.

Exam tomorrow.  Eeeeek.