# AWS EC2 Deployment Guide This guide explains how to deploy the my-recipes application on AWS EC2 with RDS database. ## Prerequisites 1. AWS Account with EC2 and RDS access 2. Docker and Docker Compose installed on EC2 instance 3. RDS PostgreSQL database instance created 4. Domain name (optional, but recommended) 5. SSL certificate (optional, but recommended for production) ## Step 1: Set Up AWS RDS 1. **Create RDS PostgreSQL Instance:** - Go to AWS RDS Console - Click "Create database" - Choose PostgreSQL engine - Select version 15 or higher - Choose appropriate instance size (db.t3.micro for testing, db.t3.small+ for production) - Set Master username (e.g., `recipes_user`) - Set Master password (strong password) - Database name: `recipes_db` - Enable public accessibility if needed (not recommended for production) - Configure VPC security group to allow connections from EC2 2. **Security Group Configuration:** - Create/modify security group for RDS - Add inbound rule: PostgreSQL (port 5432) from EC2 security group - Note the endpoint: `your-db-instance.xxxx.region.rds.amazonaws.com` 3. **Initialize Database Schema:** ```bash # Connect to RDS and run schema.sql psql -h your-rds-endpoint.region.rds.amazonaws.com \ -U recipes_user \ -d recipes_db \ -f backend/schema.sql ``` ## Step 2: Set Up AWS EC2 1. **Launch EC2 Instance:** - Choose Ubuntu 22.04 LTS or Amazon Linux 2023 - Instance type: t3.micro (minimum), t3.small+ (recommended) - Configure security group: - SSH (port 22) - your IP only - HTTP (port 80) - 0.0.0.0/0 - HTTPS (port 443) - 0.0.0.0/0 - Custom TCP (port 8000) - optional, for direct API access - Add storage: 20GB minimum - Assign Elastic IP (recommended) 2. **Connect to EC2:** ```bash ssh -i your-key.pem ec2-user@your-ec2-public-ip # or for Ubuntu: ssh -i your-key.pem ubuntu@your-ec2-public-ip ``` 3. **Install Docker and Docker Compose:** ```bash # Update system sudo yum update -y # For Amazon Linux # sudo apt update && sudo apt upgrade -y # For Ubuntu # Install Docker sudo yum install docker -y # Amazon Linux # sudo apt install docker.io -y # Ubuntu sudo systemctl start docker sudo systemctl enable docker sudo usermod -a -G docker ec2-user # or ubuntu # Install Docker Compose sudo curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose sudo chmod +x /usr/local/bin/docker-compose # Logout and login again for group changes to take effect exit ``` ## Step 3: Deploy Application 1. **Clone Repository:** ```bash cd ~ git clone https://your-repo-url/my-recipes.git cd my-recipes ``` 2. **Configure Environment Variables:** ```bash # Copy the example env file from root to backend directory cp .env.example backend/.env nano backend/.env # or vim backend/.env ``` Update the following variables: ```env # Database Configuration (from RDS) DB_USER=recipes_user DB_PASSWORD=your_rds_password DB_NAME=recipes_db DB_HOST=your-rds-endpoint.region.rds.amazonaws.com DB_PORT=5432 # Frontend URL (your domain or EC2 public IP) FRONTEND_URL=http://your-ec2-ip # or FRONTEND_URL=https://your-domain.com # Update OAuth redirect URIs GOOGLE_REDIRECT_URI=http://your-ec2-ip/auth/google/callback AZURE_REDIRECT_URI=http://your-ec2-ip/auth/azure/callback # Update other configurations as needed ``` 3. **Build and Start Services:** ```bash cd /home/ec2-user/my-recipes # or /home/ubuntu/my-recipes docker-compose up -d --build ``` 4. **Verify Services:** ```bash docker-compose ps docker-compose logs -f ``` ## Step 4: Configure Domain and SSL (Optional but Recommended) 1. **Set Up Domain:** - Point your domain's A record to EC2 Elastic IP - Update FRONTEND_URL in .env file 2. **Install Nginx and Certbot:** ```bash sudo yum install nginx certbot python3-certbot-nginx -y # Amazon Linux # sudo apt install nginx certbot python3-certbot-nginx -y # Ubuntu ``` 3. **Configure Nginx:** Create `/etc/nginx/conf.d/recipes.conf`: ```nginx server { listen 80; server_name your-domain.com; location / { proxy_pass http://localhost:80; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; } location /api { proxy_pass http://localhost:8000; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; } } ``` 4. **Get SSL Certificate:** ```bash sudo certbot --nginx -d your-domain.com sudo systemctl restart nginx ``` ## Step 5: Monitoring and Maintenance 1. **View Logs:** ```bash docker-compose logs -f backend docker-compose logs -f frontend ``` 2. **Restart Services:** ```bash docker-compose restart ``` 3. **Update Application:** ```bash git pull docker-compose down docker-compose up -d --build ``` 4. **Backup Database:** Backups are automatic based on BACKUP_INTERVAL setting. Manual backup: ```bash docker-compose exec backend python backup_db.py ``` ## Troubleshooting 1. **Can't connect to RDS:** - Check security group rules - Verify VPC and subnet configuration - Test connection: `telnet rds-endpoint 5432` 2. **Services won't start:** ```bash docker-compose logs ``` 3. **Database connection errors:** - Verify DATABASE_URL format - Check DB credentials - Ensure RDS is accessible from EC2 4. **Port conflicts:** ```bash sudo netstat -tulpn | grep :80 sudo netstat -tulpn | grep :8000 ``` ## Security Best Practices 1. Use strong passwords for DB and admin accounts 2. Enable SSL/TLS for all connections 3. Keep EC2 security groups restrictive 4. Don't expose RDS publicly 5. Use IAM roles for AWS service access 6. Regularly update Docker images and system packages 7. Enable CloudWatch monitoring 8. Set up automated backups 9. Use secrets management (AWS Secrets Manager or Parameter Store) ## Cost Optimization 1. Use reserved instances for long-term deployments 2. Enable auto-shutdown for non-production environments 3. Monitor and optimize RDS instance size 4. Use S3 or R2 for backups (already configured) 5. Consider using Application Load Balancer for multiple instances