Workshop AWS Account Setup > Application on AWS > Enhancing the Elastic Beanstalk setup

Enhancing the Elastic Beanstalk setup

Enhance the Cloudformation template for Elastic Beanstalk cloudformation/app.yml with the following content:

---
...

Parameters:
  Stage:
    Type: String
  Service:
    Type: String

...

Resources:
  ...
  Environment:
    Type: AWS::ElasticBeanstalk::Environment
    Properties:
      ApplicationName: !Ref Application
      ...
      OptionSettings:
        ...
        - Namespace: 'aws:elasticbeanstalk:application:environment'
          OptionName: MYSQL_USER
          Value: !Sub "{{resolve:secretsmanager:${Service}-${Stage}-db-db:SecretString:username}}"
        - Namespace: 'aws:elasticbeanstalk:application:environment'
          OptionName: MYSQL_PASSWORD
          Value: !Sub "{{resolve:secretsmanager:${Service}-${Stage}-db-db:SecretString:password}}"
        - Namespace: 'aws:elasticbeanstalk:application:environment'
          OptionName: MYSQL_HOST
          Value: !Sub "{{resolve:secretsmanager:${Service}-${Stage}-db-db:SecretString:host}}"
        - Namespace: 'aws:elasticbeanstalk:application:environment'
          OptionName: MYSQL_DATABASE
          Value: !Sub "{{resolve:secretsmanager:${Service}-${Stage}-db-db:SecretString:dbname}}"
        ...
        - Namespace: 'aws:autoscaling:asg'
          OptionName: MinSize
          Value: '2'
        - Namespace: 'aws:autoscaling:updatepolicy:rollingupdate'
          OptionName: RollingUpdateEnabled
          Value: 'true'
        - Namespace: 'aws:elasticbeanstalk:cloudwatch:logs:health'
          OptionName: HealthStreamingEnabled
          Value: 'true'
        - Namespace: 'aws:elasticbeanstalk:cloudwatch:logs'
          OptionName: StreamLogs
          Value: 'true'
  ...
  InstanceProfileRole:
    Type: AWS::IAM::Role
    Properties:
      ...
      Policies:
        - PolicyName: root
          PolicyDocument:
            Version: 2012-10-17
            Statement:
              ...  
              - Sid: LogsAccess
                Action:
                  - 'logs:CreateLogStream'
                  - 'logs:PutLogEvents'
                Effect: Allow
                Resource: '*'

Also change the Makefile accordingly:

.PHONY: app
app: guard-STAGE
	aws cloudformation deploy \
		--no-fail-on-empty-changeset \
		--template-file cloudformation/app.yml \
		--stack-name $(SERVICE)-$(STAGE)-app \
		--parameter-overrides Service=$(SERVICE) \
		                      Stage=$(STAGE) \
		--capabilities CAPABILITY_IAM \
		--region $(AWS_REGION)

Update the Cloudformation stack with the following command in the app-staging AWS account

AWS_PROFILE=myorg-app-staging make app STAGE=dev