Jump to content
  • Advertisement
Sign in to follow this  
  • entries
    6
  • comments
    3
  • views
    1428

Learning How Troll Purse Easily Setup Forums in AWS

Martin H Hollstein

1309 views

How Troll Purse Easily Setup Forums in AWS

Originally Posted on Troll Purse Dev Blog

After our migration to AWS, Troll Purse removed the old forums running in Digital Ocean. Troll Purse decided to start with a clean slate. Which was easy - as nobody registered (no migrations needed, just nuclear destruction of the service)! A curse that turned into a blessing. Troll Purse can now scale the forums based on usage and save some money on infrastructure. This will allow us to put more effort into our games!

site-logo.png

How To

Troll Purse decided to share with you how to set up this type of environment.

S3 Configuration

For hosting content uploaded by Troll Purse forum users, S3 was used to store images. Since NodeBB has a nice S3 upload plugin, there was little to no work other than configuration needed to enable the feature.

S3 on the otherhand, required configuration to allow access from http://forums.trollpurse.com. However, it also needed to allow access to the real DNS hostname (according to AWS) for the actual server to update data. This meant a custom S3 CORS policy and S3 Bucket Policy. Finally, the role our server would assume needed to have full access to S3 buckets. Further, Troll Purse could restrict access by bucket name.

Below are examples Troll Purse Built up to help restrict access to an S3 bucket. Note, AWS will still mark it as public. However, there was a configuration that allowed public GET without S3 being marked public.

S3 Bucket Policy

{
    "Version": "2012-10-17",
    "Id": "website access bucket Policy",
    "Statement": [
        {
            "Sid": "Allow get requests originating from your domain.",
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::your-bucket-name/*",
            "Condition": {
                "StringLike": {
                    "aws:Referer": "http://your-domain-name/*"
                }
            }
        },
        {
            "Sid": "Deny get requests not originating from your domain.",
            "Effect": "Deny",
            "Principal": "*",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::your-bucket-name/*",
            "Condition": {
                "StringNotLike": {
                    "aws:Referer": "http://your-domain-name/*"
                }
            }
        },
        {
            "Sid": "Create, Update, Delete for ARN",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::xxxxxxxxx:role/your-role-used-for-s3-access-and-management"
            },
            "Action": [
                "s3:PutObject",
                "s3:GetObject",
                "s3:DeleteObject"
            ],
            "Resource": "arn:aws:s3:::your-bucket-name/*"
        }
    ]
}

S3 CORS Policy

<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
    <AllowedOrigin>your-domain-name</AllowedOrigin>
    <AllowedMethod>GET</AllowedMethod>
    <AllowedMethod>PUT</AllowedMethod>
    <AllowedMethod>POST</AllowedMethod>
    <AllowedMethod>DELETE</AllowedMethod>
    <MaxAgeSeconds>3000</MaxAgeSeconds>
    <AllowedHeader>Authorization</AllowedHeader>
</CORSRule>
</CORSConfiguration>

Redis Configuration

For Redis, Troll Purse used default configurations provided by AWS ElastiCache. This cache was put in a private subnet, accessible only to services in the Troll Purse VPC as configured. Currently, Troll Purse is using the free tier cache.t2.micro instance. Other than that, the Launch Configuration just needs a reference to the public DNS of the cache.

VPC Configuration

AWS VPC is great for creating logically segregated services for an environment.

Subnets

Following normal AWS architecture diagrams (shown below), Troll Purse created two subnets. There is the public subnet which will host the forum instances and the load balancer. There is then the private subnet which has no internet access. The private subnet contains the forum’s Redis service.

AWS VPC Architecture Diagram

Security Groups

Troll Purse setup two different Security Groups. One for services bound to the public subnet and another for services bound to the private subnet. The only real different is how the inboud internet traffic is configured. The public security group allows inbound internet traffic. The private security group does not allow inbound internet traffic. This is further strengthened by Route Tables

Route Tables

The Route Tables used were configured according to the afore mentioned diagram. There were two Route Tables. The first route table was created for the public subnet. This allows internet traffic in via the Internet Gateway bound to the public subnet. The second route table created was the private subnet. This Route Table did not receive configuration for public internet access.

IAM Role Configuration

To get our environment up using NodeBB with Redis, Troll Purse created a new IAM Role for EC2 instances meant to host NodeBB. This role did not need a lot of thought put into it. All it needed was full S3 Access, and full Redis access. From here Troll Purse uses two more AWS services to provide data storage for the forums.

Auto-Scaling Configuration

Using our existing configuration, Troll Purse created an Auto Scaling Configuration using the base Amazon Linux AMI on a t2.micro instance. We don’t do anything else special. Troll Purse set the default configurations of Min instances to 1 and Max instances to 1. This ensures the service will always be running one instance, whether it fails or not.

Note: Make sure to use ELB Health Checks - this will verify the web service is actually running on the instance

Launch Configuration User Data

Here is a wonderful gist provided by one of our AWESOME developers (Disclaimer: I authored this post - totally biased opinion) used as a Launch Configuration.

Soon Troll Purse will take away half of that setup and make an image for EC2 to use. Then only NodeBB configuration and launch information is required for the Launch Configuration.

EC2 Configuration

There wasn’t anything to do for EC2 since all of our instance information was setup using Auto Scaling.

Conclusion

Setting up an environment in AWS for our forums took about two days of building and verifying. These changes required no code whatsoever. All Troll Purse had to do was select from a large suite of services to support desired results. So, now that they exsist, join up on the forums!

Originally Posted on Troll Purse Dev Blog



0 Comments


Recommended Comments

There are no comments to display.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Advertisement
  • Advertisement
  • Blog Entries

  • Similar Content

    • By FredHicks
      I am finishing up my Game Programming and Design BS and am excited to start working in the field.  My biggest concern right now is that I live in a city with almost zero game studios and will be here for a while longer as me and my family have just bought our first house a couple years ago.  We do plan on moving in the future just for the purpose of change and experiencing something new and my girlfriend wants to move somewhere I can at least have opportunities to work in, but for now we are staying here while she finishes up her masters program.  What I am curious about is how to go about trying to get into the industry as a remote developer.  I am interested in any kind of work in the field to start off as I have been working on many different areas of game development since I was a kid in the early 90's but have finally decided to go for it in a serious way.  I guess I'm just looking for some advice and harsh reality checks about breaking into this highly competitive field as a remote developer.  I am new to the forums as well, so I hope I didn't break any rules I missed with this post.
      Thanks
    • By Vyacheslav Leonov
      Hi everyone. I am experienced web dev and I want to try creating games for Android, iOS platforms. I know PHP, JS, some Java.
      For beginning I'd like to create some maze game with many levels, different modes to play. After it I want to create some simple word game or some 2D runner.
      I need to choose right game engine.
      For now I have next options:
      Libgdx Unity Corona SDK So, my questions are:
      What game engine should I choose for beginning? What game engine should I choose for maze game? What game engine should I choose for word game and simple 2D runner?  
      Thanks!
       
       
    • By James Proctor
      I've started a Youtube channel for anyone wanting to make a Indie MMO using the Unity3d game engine. Topics include:
      Business Kickstarter uMMORPG kit Atavism SpatialOS Community Building Interviews And more You can access the channel here. 
      Intro Video: 
       

      View full story
    • By James Proctor
      I've started a Youtube channel for anyone wanting to make a Indie MMO using the Unity3d game engine. Topics include:
      Business Kickstarter uMMORPG kit Atavism SpatialOS Community Building Interviews And more You can access the channel here. 
      Intro Video: 
       
    • By David Chadwick
      As many already know -- Defold is a completely free game engine which provides a fully turn-key solution for game development across iOS, Android, HTML5, Mac OS X, Windows and Linux platforms.  It includes a Visual Editor, Lua Code Editor, Scene Editor, Particle Editor and Tile Editor.  A full suite of integrated tools which supports the full cycle of game creation.
      I'm announcing a new series of tutorials which teaches each of the major capabilities of the Defold Game Engine -- with both introductory tutorials on how to use key Defold features, as well as more advanced tutorials which develop a full game project.   The current tutorials in the series include:
      Introductory Tutorials
      Kickoff with the Defold Game Engine Defold Image Procedures Select, Drag and Drop of a Defold Game Object Game Object Movement Techniques Preliminary use of 2d Physics and Collisions Convex Shaped Collision Objects Animated GUI Nodes Introduction to Levels, Messages and Menus Defold Game Tutorials
      New Enhanced Defold Game Template Balloon Pop - Defold Game Project Tutorial CoinDrop - Defold Game Project Tutorial IceJump - Defold Game Project Tutorial The series is located at the following site:   TactxStudios.com
      I hope you find these tutorials helpful in getting acquainted with the Defold tool.   I'd appreciate any feedback on how I can make this series more productive.  
      One last thought - on the site is a newletter signup -- I'd encourage you to join the mailing list.  I'll be sending out notices as new tutorials are being added.
      All the very best - David C

      View full story
×

Important Information

By using GameDev.net, you agree to our community Guidelines, Terms of Use, and Privacy Policy.

We are the game development community.

Whether you are an indie, hobbyist, AAA developer, or just trying to learn, GameDev.net is the place for you to learn, share, and connect with the games industry. Learn more About Us or sign up!

Sign me up!