MF06-PRA06-CarlyRojasBeltran-AWSDeployment

PRA06_ANSWER/aws-prac.md

@@ -0,0 +1,56 @@
+## 
+
+### 1. Create an AWS Account
+
+- [x] Visit the AWS website and click "Create an AWS Account"
+- [x] Follow the registration process, providing necessary information
+- [x] Choose a support plan (Basic is free and sufficient for this exercise)
+
+#### 2. Set Up AWS Budget and Billing Alerts
+
+- [x] Navigate to AWS Budgets in the AWS Management Console
+
+- [x] Click "Create budget" and choose "Customize (advanced)"
+
+- [x] Select "Cost budget" and set a monthly fixed budget
+
+- [x] Configure alerts for 80% of your budgeted amount
+
+- [x] Set up an action to automatically apply an IAM policy restricting resource creation when the budget is exceeded
+
+#### 3. Create AWS Services for Spring Boot Docker Deployment
+
+###### Set up Amazon Elastic Container Registry (ECR)
+
+- [x] Open the Amazon ECR console
+
+- [x] Click "Create repository"
+
+- [x] Name your repository (e.g., "spring-boot-app")
+
+- [x] Configure repository settings and create 
+
+###### Configure Amazon Elastic Container Service (ECS)
+
+- [x] Open the Amazon ECS console
+
+- [x] Click "Create Cluster"
+
+- [x] Choose "Networking only" for Fargate compatibility
+
+- [x] Name your cluster and create
+
+##### Set up AWS Fargate
+
+- [x] In the ECS console, create a new task definition
+- [x] Choose Fargate as the launch type
+- [x] Configure task size (CPU and memory)
+- [x] Add container details using the ECR image
+
+#### 4. Update Jenkins Pipeline for AWS Deployment
+
+- [x] Modify your jenkins pipeline to include AWS deployment steps
+
+#### 5. Deploy Spring Boot Application
+
+- [x] Run the Jenkins pipeline to build and push the Docker image to ECR

PRA06_ANSWER/pipe-aws/error-authorization.md

@@ -0,0 +1,28 @@
+### Error authorization
+
+
+1. The **`devops`** user does not have permission to perform the `ecr-public:GetAuthorizationToken` operation on Amazon ECR.
+
+**Verify that the policies are correctly applied**:
+
+- **AmazonEC2ContainerRegistryFullAccess**: This policy allows the user to access both public and private ECR repositories.
+- **AmazonECRPublicFullAccess**: This policy is required to specifically access public ECR repositories.
+- **Access the IAM console:**
+
+  - Log in to the AWS console.
+  - Go to IAM (Identity and Access Management).
+
+  **Select the devops user:**
+
+  - In the left panel, select Users, then click on the devops user.
+
+  **Attach the AmazonECRPublicFullAccess policy:**
+
+  - Click on the Permissions tab.
+  - In the top-right corner, click on Add permissions.
+  - Select Attach existing policies directly.
+  - Search for the AmazonECRPublicFullAccess policy in the list and check the box next to it.
+  - Click Review and then click Add permissions.
+
+
+    <img title="" src="file:///home/albert/Desktop/pipelines/aws-pra06/aws-deploy/pipeline-push-ecr-ok.png" alt="pipeline-push-ecr-ok.png" width="613">

PRA06_ANSWER/pipe-aws/output.txt

@@ -0,0 +1,100 @@
+Started by user CRhACKER7
+
+[Pipeline] Start of Pipeline
+[Pipeline] node
+Running on Jenkins
+ in /var/jenkins_home/workspace/pipe3-aws-pra
+[Pipeline] {
+[Pipeline] withEnv
+[Pipeline] {
+[Pipeline] stage
+[Pipeline] { (Pull from DockerHub)
+[Pipeline] sh
++ docker pull crhacker7/books-pageable-backend:latest
+latest: Pulling from crhacker7/books-pageable-backend
+a803e7c4b030: Already exists
+b4972576c83d: Already exists
+af800cd8441e: Already exists
+b2adc153a57b: Already exists
+3e7eeb32da62: Already exists
+Digest: sha256:b24b9330527b9a0b5a251bfd5c278fa4c43b92fb3ad1b9ccf2bdacc9735db7fa
+Status: Downloaded newer image for crhacker7/books-pageable-backend:latest
+docker.io/crhacker7/books-pageable-backend:latest
+[Pipeline] }
+[Pipeline] // stage
+[Pipeline] stage
+[Pipeline] { (Tag for ECR)
+[Pipeline] sh
++ docker tag crhacker7/books-pageable-backend:latest public.ecr.aws/z4y4h0k9/spring-boot-app:3
+[Pipeline] sh
++ docker tag crhacker7/books-pageable-backend:latest public.ecr.aws/z4y4h0k9/spring-boot-app:latest
+[Pipeline] }
+[Pipeline] // stage
+[Pipeline] stage
+[Pipeline] { (Push to ECR)
+[Pipeline] withCredentials
+Masking supported pattern matches of $AWS_ACCESS_KEY_ID or $AWS_SECRET_ACCESS_KEY
+[Pipeline] {
+[Pipeline] sh
++ aws ecr-public get-login-password --region us-east-1
++ docker login --username AWS --password-stdin public.ecr.aws/z4y4h0k9
+WARNING! Your password will be stored unencrypted in /var/jenkins_home/.docker/config.json.
+Configure a credential helper to remove this warning. See
+https://docs.docker.com/engine/reference/commandline/login/#credential-stores
+
+Login Succeeded
+[Pipeline] sh
++ docker push public.ecr.aws/z4y4h0k9/spring-boot-app:3
+The push refers to repository [public.ecr.aws/z4y4h0k9/spring-boot-app]
+974ed95b9915: Preparing
+f82750e12aa6: Preparing
+659a8c4ba776: Preparing
+0ac7ecf8a41c: Preparing
+d310e774110a: Preparing
+d310e774110a: Layer already exists
+0ac7ecf8a41c: Layer already exists
+659a8c4ba776: Layer already exists
+f82750e12aa6: Pushed
+974ed95b9915: Pushed
+3: digest: sha256:b24b9330527b9a0b5a251bfd5c278fa4c43b92fb3ad1b9ccf2bdacc9735db7fa size: 1371
+[Pipeline] sh
++ docker push public.ecr.aws/z4y4h0k9/spring-boot-app:latest
+The push refers to repository [public.ecr.aws/z4y4h0k9/spring-boot-app]
+974ed95b9915: Preparing
+f82750e12aa6: Preparing
+659a8c4ba776: Preparing
+0ac7ecf8a41c: Preparing
+d310e774110a: Preparing
+f82750e12aa6: Layer already exists
+659a8c4ba776: Layer already exists
+d310e774110a: Layer already exists
+974ed95b9915: Layer already exists
+0ac7ecf8a41c: Layer already exists
+latest: digest: sha256:b24b9330527b9a0b5a251bfd5c278fa4c43b92fb3ad1b9ccf2bdacc9735db7fa size: 1371
+[Pipeline] }
+[Pipeline] // withCredentials
+[Pipeline] }
+[Pipeline] // stage
+[Pipeline] stage
+[Pipeline] { (Declarative: Post Actions)
+[Pipeline] sh
++ docker rmi crhacker7/books-pageable-backend:latest
+Untagged: crhacker7/books-pageable-backend:latest
+Untagged: crhacker7/books-pageable-backend@sha256:b24b9330527b9a0b5a251bfd5c278fa4c43b92fb3ad1b9ccf2bdacc9735db7fa
+[Pipeline] sh
++ docker rmi public.ecr.aws/z4y4h0k9/spring-boot-app:3
+Untagged: public.ecr.aws/z4y4h0k9/spring-boot-app:3
+[Pipeline] sh
++ docker rmi public.ecr.aws/z4y4h0k9/spring-boot-app:latest
+Untagged: public.ecr.aws/z4y4h0k9/spring-boot-app:latest
+Untagged: public.ecr.aws/z4y4h0k9/spring-boot-app@sha256:b24b9330527b9a0b5a251bfd5c278fa4c43b92fb3ad1b9ccf2bdacc9735db7fa
+Deleted: sha256:fe0cc31eaa48d12ff6fd1992399b47e22385cd520c20f95d24ee004aad606893
+[Pipeline] }
+[Pipeline] // stage
+[Pipeline] }
+[Pipeline] // withEnv
+[Pipeline] }
+[Pipeline] // node
+[Pipeline] End of Pipeline
+Finished: SUCCESS
+

PRA06_ANSWER/pipe-aws/pipeline.txt

@@ -0,0 +1,45 @@
+pipeline {
+    environment {
+        DOCKERHUB_IMAGE = 'crhacker7/books-pageable-backend:latest'
+        ECR_REGISTRY = 'public.ecr.aws/z4y4h0k9'
+        ECR_REPOSITORY = 'spring-boot-app'
+        IMAGE_TAG = "${BUILD_NUMBER}"
+        AWS_REGION = 'us-east-1' // Public ECR repositories are only available in us-east-1
+    }
+
+    agent any
+
+    stages {
+        stage('Pull from DockerHub') {
+            steps {
+                sh "docker pull ${DOCKERHUB_IMAGE}"
+            }
+        }
+
+        stage('Tag for ECR') {
+            steps {
+
+                sh "docker tag ${DOCKERHUB_IMAGE} ${ECR_REGISTRY}/${ECR_REPOSITORY}:${IMAGE_TAG}"
+                sh "docker tag ${DOCKERHUB_IMAGE} ${ECR_REGISTRY}/${ECR_REPOSITORY}:latest"
+            }
+        }
+
+        stage('Push to ECR') {
+            steps {
+                withCredentials([[$class: 'AmazonWebServicesCredentialsBinding', credentialsId: 'awscredentials_id']]) {
+                    sh "aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin ${ECR_REGISTRY}"
+                    sh "docker push ${ECR_REGISTRY}/${ECR_REPOSITORY}:${IMAGE_TAG}"
+                    sh "docker push ${ECR_REGISTRY}/${ECR_REPOSITORY}:latest"
+                }
+            }
+        }
+    }
+
+    post {
+        always {
+            sh "docker rmi ${DOCKERHUB_IMAGE}"
+            sh "docker rmi ${ECR_REGISTRY}/${ECR_REPOSITORY}:${IMAGE_TAG}"
+            sh "docker rmi ${ECR_REGISTRY}/${ECR_REPOSITORY}:latest"
+        }
+    }
+}