diff --git a/docs/devops/lambda-vpc-nat.md b/docs/devops/setup-lambda-vpc-nat.md similarity index 98% rename from docs/devops/lambda-vpc-nat.md rename to docs/devops/setup-lambda-vpc-nat.md index 9ecf17b..639f145 100644 --- a/docs/devops/lambda-vpc-nat.md +++ b/docs/devops/setup-lambda-vpc-nat.md @@ -1,6 +1,6 @@ --- layout: default -title: Lambda VPC Config +title: Setup Lambda VPC+NAT Config parent: Setup DevOps --- diff --git a/docs/devops/setup-lambda-vpc-no-nat.md b/docs/devops/setup-lambda-vpc-no-nat.md new file mode 100644 index 0000000..ab3caea --- /dev/null +++ b/docs/devops/setup-lambda-vpc-no-nat.md @@ -0,0 +1,42 @@ +--- +layout: default +title: Setup Lambda VPC without NAT +parent: Setup DevOps +--- + +# Lambda VPC 설정과 NAT 없이 구성 + +- [일반적] VPC가 필요한 서비스들(ex: backend-api)은 외부 필요없도록 구성. +- [외부용] 외부 연결(https포함) 필요시 VPC없이 돌아가도록 + +주의! `VPCE` 구성이 필요함. + +---------------------- +## 구성 방법 + +1. Prepare a `Public Subnet` like `public-2a/2c` + - 기존 subnet에서 2가지를 고름 (+ 이름 지어주기) + +1. Create a `Security Group` like `lemon-services-api` + - add in-bound for all traffic from self + +1. Create `Endpoints` in VPC for accessing internal AWS + - create a security group as `infra-services`. + - allow all traffics from `lemon-services-api` + + - add each for `kms`, `sns`, `sqs`, and `execute-api` + - security-group: `infra-services` + - subnets: `public-2a/2c` + + * kms: `com.amazonaws.ap-northeast-2.kms` w/ `Interface` + * sns: `com.amazonaws.ap-northeast-2.sns` w/ `Interface` + * sqs: `com.amazonaws.ap-northeast-2.sqs` w/ `Interface` + * lambda: `com.amazonaws.ap-northeast-2.lambda` w/ `Interface` + * dynamodb: `com.amazonaws.ap-northeast-2.dynamodb` w/ `Gateway` + + +---------------------- +## 배포후 테스트하기 + +see `lemon-templates-api`, and check `/hello/echo`. + diff --git a/docs/setup-vpc-nat.md b/docs/devops/setup-vpc-nat.md similarity index 94% rename from docs/setup-vpc-nat.md rename to docs/devops/setup-vpc-nat.md index b4c94cb..4ed951e 100644 --- a/docs/setup-vpc-nat.md +++ b/docs/devops/setup-vpc-nat.md @@ -1,7 +1,7 @@ --- layout: default -title: Setup VPC/NAT -nav_order: 2 +title: Setup VPC+NAT (old) +parent: Setup DevOps --- # Setup VPC/NAT for AWS Lambda @@ -11,7 +11,7 @@ Lambda에서 VPC 이용과 NAT 연결 설정 방범 정리 - `VPC`에서 `Lambda` 구성시 인터넷 연결이 끊어지는데, `NAT` 구성으로 가능함. - `NAT`는 `ElasticIP` 설정으로 외부에서는 고정 아이피로 설정 가능함. -![](../../assets/images/vpc-diagram.png) +![](../../../assets/images/vpc-diagram.png) ## 구성 방법 (VPC + NAT) @@ -60,5 +60,5 @@ Lambda VPC 에서 SNS/SQS/KMS 등을 이용할때, 필요함 example) -![](../../assets/images/vpc-endpoints.png) +![](../../../assets/images/vpc-endpoints.png)