How to Deploy Signing Service To AWS
Follow these instructions to install AWS eb-cli.
Clone the Repository
Clone this repository and cd to its directory in Terminal.
Add elasticbeanstalk config
Download the file elasticbeanstalk_config.zip, copy the zip file to root of the cloned repository folder, and unzip it. Inside will be a hidden folder called “.elasticbeanstalk” that contains configuration files.
Add required config values
Use a text editor such as TextEdit to open the file at:
This file will contain some configuration values that should remain unchanged as well as some that require a new value to be entered. The text
######### ENTER VALUE will be shown for each area that requires a new value. Remove
######### ENTER VALUE and replace it with new values as follows.
Skip this if a value has already been provided for this. Otherwise generate a long secure value to use for this. If Ruby on Rails is already installed, this can be done by going to the repo root in Terminal. Type
rake secret | pbcopy to generate a secret key base and copy it to the paste board.
Add an email address to display as the sender when the application sends email.
Enter the domain name to be used for the application. (This can be added or changed later if needed using AWS Console.)
Add values for an email service such as Mandrill. This can be skipped initially if needed.
MAIL_HOST MAIL_USERNAME MAIL_PASSWORD
Enter a secure value for
DBPassword to use for the database created.
If desired, edit the value for
DBUser as well to any valid value to use as the database user name. Or just leave the default value.
Use AWS Certificate Manager to create an SSL certificate. Copy the ARN for the certificate and paste it for this section.
Add an email address to be notified for AWS application health monitoring events.
In Terminal from the repo root, run the command
eb init and follow prompts to select or create an SSH keypair.
Set up SSH: yes
Select a keypair: create new keypair called aws-eb or select an existing one.
The Elastic Beanstalk configuration file references two standard AWS IAM roles used for permissions when deploying to Elastic Beanstalk. If Elastic Beanstalk has previously been used for the current AWS account then these IAM roles will have already been created and nothing further is needed. This can be confirmed by going to AWS web console, opening the IAM section, clicking on Roles, and checking that both of these roles are shown:
If these IAM roles do not exist the easiest way to add them is to run the command below. This will create an environment for the application without specifying any configuration. After running this command proceed immediately to the next section to create the real environment.
eb create temp-env
Press Control-C if needed to quit the command above for create temp-env.
In Terminal from the repo root, run this command to create the environment:
eb create signing-service-env --cfg signing_service_template
This will then run for about 15 minutes and create an environment for the application using the configuration template file.
Once Terminal prints the output message saying it is safe to do so, press Control-C. Then run these commands
eb use signing-service-env eb console
Wait for environment creation to be completed.
In Terminal run the command
eb open to open the application in a browser. Click through security warnings as needed to load the page, as initially there will be a mismatch between the app url and the SSL certificate.
Once the application is loaded in a browser, sign in with initial credentials. These initial credentials are sent via email and must be changed on first login.
Enter the license key file provided and accept the user agreement.
Click on Users to change the admin password and email address.
temp-env was created as specified in the section for IAM Roles, temp-env will need to be removed once the main app environment is confirmed. From the AWS web console go to Elastic Beanstalk environments and find
temp-env. Once on the page for
temp-env find the button toward the top right called
Actions, then click
Terminate environment. Enter the name
temp-env when prompted to confirm.
Configure a domain for the application to resolve the SSL warnings. If the domain is managed in AWS Route 53, create an alias record pointing to an Elastic Beanstalk environment, and select the environment for this application.
In Terminal type “eb ssh” to SSH to the instance if needed. The app content will be located at