Deployment of web server from web server

[hartsick]

Opening this for visibility!

#3

[hartsick]

Created services using small / non-production plans and bound them to the application:

cf create-service aws-rds small-psql api-psql
cf create-service aws-elasticache-redis redis-dev api-redis
cf bind-service notifications-api api-psql
cf bind-service notifications-api api-redis

Deployed using the new manifest.yml and credentials in .env.deploy.

cf push --vars-file=.env.deploy # will require .env file

[hartsick]

current status: application is deployed at route, but tossing errors when connecting to database and AWS logging:

2022-06-22T14:15:52.51-0700 [APP/PROC/WEB/0] OUT {"name": "app", "levelname": "ERROR", "message": "(psycopg2.OperationalError) Connection refused\n\tIs the server running on that host and accepting TCP/IP connections?\n\n(Background on this error at: https://sqlalche.me/e/14/e3q8)"

cwlogs.push.publisher - WARNING - 80 - Thread-3 - Caught exception: Could not connect to the endpoint URL: "https://logs.us-west-2.amazonaws.com/"

[hartsick]

I think I'm running into egress constraints. More on how cloud.gov manages that here: https://cloud.gov/docs/management/space-egress/

since we're in a new space (10x-notifications) I think we're hitting the default closed-egress security group rules.

If we change the security group to trusted_local_networks_egress then we get access to RDS, but I think we'll run into issues when we start to use non-cloud.gov brokered services like SNS and SES, in addition to the current (broken) cloudwatch logging.