Create a BYOVPC App
Learn how to create an app that can be deployed in a customer’s VPC.
This guide walks you through supporting a shared responsibility model for a BYOC app. You will configure an app that can be installed into a customer’s existing VPC. You will be able to monitor and update the install, even though the customer owns and manages the VPC it’s running in.
The component code used in this guide can be found in our Guides repo.
Prerequisites
- Create a Nuon account. You will need a working Nuon org.
- Set up an AWS account. This is the account you will create the install in.
- A VPC, with the public and private subnets tagged so our sandbox can find them.
What You Will Create
This tutorial will walk you through creating the following:
- An App
- A Docker Build component
- A Terraform component
- An Install, using our AWS ECS BYOVPC sandbox
Configure App
To configure the app, you will create a TOML config file using our CLI. In each section below we will provide you with configuration snippets for the app itself as well as it’s components.
If you would prefer to use Terraform, see our Terraform Configuration Management guide. We provide Terraform sample code you can use throughout this guide.
Create App
Define the app itself and give it a name.
This will create the app in Nuon and generate a config file named nuon.<your-app>.toml
.
This file will be populated with sample config, which we will update in this guide.
App Input
This is a setting that your customer will be able to configure when they install the app. It will be displayed on the installer page as a text field. For BYOVPC, this is especially important, since it allows the customer to tell Nuon which VPC to install the app into.
Installer
Update the installer config. Installers provide an out-of-the-box installation flow your customers can use to install your app. You will use it later in this guide to create an install yourself.
Sandbox
Update the sandbox config. The aws-ecs-byovpc sandbox will provide everything you need to run ECS services on top of a pre-existing VPC.
Runner
Update the runner config.
The aws-ecs-byovpc
sandbox requires that we use the aws-ecs
runner.
The runner manages the sandbox, provisioning and deprovisioning AWS resources during deploys.
The aws-ecs
runner is so named because it runs on ECS, but it can be used to manage any AWS resources.
Since it runs on ECS Fargate, no resources beyond what is needed for the runner are provisioned by default.
You can use our ECS sandbox and runner to manage Lambda or EC2 deployments without worrying about extraneous ECS costs.
Sync App Config to Nuon
You now have a complete Nuon app config. This is a good place to stop and sync it to Nuon.
Once the config is synced, select the newly created app using the CLI. This will scope CLI commands to the new app.
Connect Components
This app consists of two components: one to build the Docker image, and another to provision the ECS service.
Docker Image
This is a Docker Build component that will build the API and create a Docker image containing it. When released, it will sync the image to each install’s ECR so ECS can pull it when creating tasks.
ECS Service
This component will create an ECS service using the docker image, and expose it to the internet with an ALB. It requires some info about the install it will run in, so we use Nuon variables to interpolate the required info on a per-install basis. See our Using Variables guide for more info about how this works.
Sync Component Configs to Nuon
Now that you have the components, sync the update config to Nuon.
Just like the app, you can use the CLI to verify they were synced successfully.
Initial builds for each component will also have been created. Verify with the CLI that they were successful.
Create an Install
Creating an install requires two steps: granting access to the AWS account via an IAM role, and then provisioning the install in that account. There are a few ways to do this, but the easiest is to use the installer you configured earlier, via our installer UI template.
You can find the template at https://github.com/nuonco/installer. Clone that and run it locally following the instructions in the README.
For other approaches, see our guides Install Access Permissions and Create Installs.
Monitor Install Creation
To monitor the install’s status, log into the Dashboard and select your org. You should see a card for the install.
Click on the card, and use the History to verify that the install is being provisioned. You should see events for the sandbox being provisioned and the components being deployed.
Inspect the Install
When the install has provisioned, and the deploys have completed, copy the install ID from the UI and curl the API to verify it’s running.
Wrapping Up and Next Steps
Congratulations, you just deployed a shared responsibility app to a VPC in AWS! A few suggestions for where to go next:
- Check out our Release Management guide to learn how to update installs.
- Dig into our App Configuration guide to learn how to configure more complex apps.
- Share your installer with a friend and have them install your app in their AWS account.