Hello, pulumi noobie here :slightly_smiling_face: ...
# getting-started
Hello, pulumi noobie here 🙂 Let's say I wanted to set up an aws ec2 with a postgresql database up and running. I've tried using the (golang)
, and then configuring the database with a bunch of
. This approach doesn't feel super robust though; setting up db users, changing their passwords etc is a little tricky this way. Other approaches I've considered are 1. making a custom AMI and just spinning that up, or 2. installing a docker runtime on the ec2 host, pulling some docker compose file and starting that up. Or should I just bite the bullet and start using ECS or similar? I would love to hear your feedback!
I'm in a bit of a similar position, where I'm trying to venture across the line of provisioning and maintaining infrastructure, to the configuration of that infrastructure. The solution I ended up using was finding 1st-class resources in my cloud provider that are designed for this purpose. In my case, on Azure, that was setting up a VM Scale Set, then using an App Gallery application and App Gallery Versions to define my program and how it should be installed and configured. Then I just associated the App Gallery application with my Scale Set, and trusted Azure to handle the deploying and updating. It's been a good while since I've worked with AWS, but I suspect AWS AppConfig might offer this for you. Just think of it as a way to configure VMs, not necessarily that you must provide binaries for it to run and all that. Good luck! https://docs.aws.amazon.com/appconfig/latest/userguide/what-is-appconfig.html https://www.pulumi.com/registry/packages/aws/api-docs/appconfig/
Typically, I would use Postgres in RDS connected via an EC2 by role for better security.
That's also a valid solution, but it's hard for me to blame anyone trying to save money by avoiding fully-managed services like RDS
Typically startup companies go from EC2 to ECS to Kubernetes and squire technical debt along the way. There are a log security issues that come up along the way and the final goal dictates the technical approach. You can build an app in ECS with a SideCar database. EC2 has a much higher cost.
RDS is expensive compared to docker/sidecar but it also protects the database.
If you go for a SOC2 certification; it will come into play.
If it's a LEMP thing or LAMP thing; i'd build a docker compose app and then move to ECS. You can mound an S3 bucket into the container and put regular backups there for robust RTO/RPO
Those are all true, and indeed, using RDS would be best practice if you're in a business and seeking to build a production service. @thankful-activity-51613 should take heed of your advice if that's their goal. If this is for personal/small-scale/testing purposes, though, then their current path should do just fine
If it's exploration; I'd use a free tier EC2 with a CIS hardening (Ubuntu) and Harden the database. Using ECS is harder for new people because you just can't login and fix something.
Three tiny EC2s Web/App/SQL is very low cost.
you could also build in Docker locally. If it's just OS + SQL; I'd use Sidecar approach easier to move to ECS.
I am building something similar. Happy to share the docker files and pulumi code for ECS. It
It's not working all that well on ECS but the docker images are good.