AWS EC2 India Prep and Hand Off

[monicapatel21]

New legal requirement: India needs to launch live on AWS servers in India

• Assuming: we need dev/test/prod environments? Maybe we can skip?

• Or keep Pantheon for dev and test…deploy to live via AWS would be nice (change would be at final stage in deployment: test (Pantheon) to live (AWS EC2)

• Solr would also add wrinkles

• Would also make having a CDN for performance more difficult

• If India won't have a huge number of posts, this could be OK for a time? (We may need to go for MVP version of launch and then find out what to add)

• [ ] thinkShout has AWS account credentials -- for launch -- anything else needed?

• [ ] investigate: if we try to use Pantheon's infrastructure, we can pay for a real site (and have a backup)

Timing

1. Prioritize speccing out what we need from EC2 server
2. Pause
3. Work with India on needs -- figure out where this fits into priority

[mariacha]

Initial investigation: https://aws.amazon.com/getting-started/hands-on/build-drupal-website/ https://lightsail.aws.amazon.com/ls/docs/en_us/articles/amazon-lightsail-quick-start-guide-drupal https://aws.amazon.com/getting-started/hands-on/deploy-drupal-with-amazon-rds/

There's the part of this task that's getting Drupal to run on the site, and there's the part of this task that's creating a deployment plan.

We'll absolutely need regular backups on AWS, and the ability to roll back deploys in case of emergency. Quick ability to pull the database from the live AWS instance to the live Pantheon instance also ideal. HTTPS will need to be added.

We'll also need to set up drush access and figure out solr.

A nice workflow would be: Deploy/QA on Pantheon Push to Live (or test) Push cod only to AWS Then drush updb and config-import as usual. Doing things like upgrading php will be its own workflow

[StudioZut]

Our rep at Pantheon confirmed they don't have servers in India, but mentioned the AGCDN: "However, you do have our AGCDN package, which has a domain masking and reserve proxy feature. In theory, you could host an application on a different hosting provider, but still have it present as a site on Pantheon." -- not sure is there might be a creative solution here?

[mariacha]

Hmm, I think that's the opposite of what we want. Aw well, it was worth a shot.

[mariacha]

I've spent a little time today continuing to investigate, and have a good shape for the work: https://docs.google.com/document/d/1GCKPzgUGWYmaUdJdIFBwdzDYnfEc5wHShppRlFQYY7s/edit?usp=sharing

The short version is: Get started with Drupal on AWS using Lightsail provided by the Bitnami container.

Once the WRI India site is up on that instance and functioning for a handful of testers, we can get started with the finer-tuning that will be needed for go-live (caching and memory, backups).

I'll document the deployment process in this repo's wiki.

Since it's hard to estimate how long it will take to get things fully working, I'd like to approach this work from this direction.

First: Set aside a set of hours to go down the list in that Google doc and just see how far we get. I'd like to say 8 hours to start, then pause and estimate out remaining tasks.

[monicapatel21]

Internal blocker: WRI India is consulting with legal team...is the requirement relating to privacy or PCI compliance, data retention, other?

[StudioZut]

Some answers from the India team on legal requirements for data/servers:

The server location should be one in India – you would recall we had discussed the possibility of AWS, Bengaluru during our meeting with you during our call with you sometime back.

The technical architecture/design specs can be set by you in any way that you consider appropriate; we would appreciate some prior consultation with our digital team to understand the requirements and concerns, if any, at this end.

[monicapatel21]

Ideal: Pantheon for config, live site running off RDS server, Circle CI handles automation of export of config file from Pantheon to RDS

• IF: Database and data is what needs to be in-country
• IF: server needs to be in another country, then we’ll use an EC2 server within an India region, where database lives

[also some degree of IO contracting happening off line - not more budget]

[StudioZut]

Latest update with India requirements: at this point we should just work towards the full EC2 solution. We can use Pantheon through Test, then deploy from there to an AWS EC2. It looks like the India team will have their own agency handle the AWS EC2. We'll get credentials from them. We'll need to provide the EC2 specs. Their current site gets ~20k users a month.

[mariacha]

I've got the initial specs written up in this document and those haven't changed: https://docs.google.com/document/d/1GCKPzgUGWYmaUdJdIFBwdzDYnfEc5wHShppRlFQYY7s/edit#heading=h.dj729ldl8fkm

The method of spinning up the server was just what I had initially thought of, using bitnami, but I don't have strong opinions on how the server is built so long as it has the required items outlined under "What we need at launch"

[monicapatel21]

Christian to share doc with India team for review.

What ThinkShout needs is the ability to push our code up to their server. They want a versioning system on their server (something where they symlink to a new folder every time they deploy -- so they can rollback releases if needed). Having access to the database would be ideal.

Goals: Satisfy legal requirement, perception (if you check IP on server you still shouldn't see a non-India based server)

[monicapatel21]

India IO working on RFP to hire vendor, once vendor is hired, we share resources:

• Repos, databases in state it is in for migration
• Hand-off to vendor (freshly forked separate version of WRI brand and site)
• Less work and assistance for both WRI and TS

[StudioZut]

update: India's RFP is ready, we'll be helping review proposals from them

[StudioZut]

Let's stand up the dev environment on AWS and migrate the Pantheon site over. Use the WIR AWS account, set the server region as India.

• [ ] Does it need Solr? (Figure out how many pieces of content they have or use Open Solr or third party)
• [ ] Look into EC2 - what's easier to transfer ownership

AWS EC2 I assume is the best option. This will be the dev environment, so specs can be low. The India vendor will be responsible to the production environment.

Spin up next week after Christian gets some more information about India's AWS account

[StudioZut]

India has selected a vendor (WEQ Technologies) and is signing a contract. We're working with the India team to set up an AWS India account. Once they do we'll share credentials with TS (IAM user I guess?)

[monicapatel21]

Christian M will pick things back up this week with India finance team

[StudioZut]

Still waiting on AWS India account. The digital comms team in the India office has a new staff and we're working with them to get things back on track and working with their new vendor.

[monicapatel21]

New agency starts Oct 1 (hopefully -- if contract is signed by then)

[StudioZut]

We're walking the new India web through the AWS India signup, and will meet with their team again in October.