The
terraform-aws-mystudies module creates and configures the "backend" components of the FDA MyStudies platform on AWS.
Overview
This topic example describes how to deploy a functional MyStudies Application Server Environment in AWS using the MyStudies Terraform Module with the following features:
- VPC
- Bastion Host
- Application Load Balancer
- TLS/SSL Certificate
- Route 53 DNS Domain Records
- Secrets Management
- Security Groups
- Registration Application Server
- Registration Database Server
- Response Application Server
- Response Database Server
- WCP Application Server
- WCP Database Server
Deployment Considerations
The MyStudies AWS Terraform Module is designed to deploy the components required to operate a functional test/evaluation MyStudies Application deployment. However, the example configuration does not take into account the requirements that should be considered for an organization to operate a system that collects Personal Health Information (PHI). Organizations planning to deploy MyStudies for PHI use will need to take into account several factors not covered by this example including but not limited to: security, backups, data retention, regulatory compliance requirements, privacy etc.
Deployment Options
- The MyStudies AWS Terraform module allows the MyStudies Administrator to choose options for deployment such as EC2 instance size, data volumes and sizes, and choices to use local or remote (dedicated) database server options. Each of these options can affect the cost of operating the MyStudies environment and care should be taken on how these choices will impact the operating costs of the deployment
- The example MyStudies deployment defaults to storing the Terraform state on the Administrators workstation. Administrators are strongly encouraged to configure the deployment to store the Terraform state in a S3 Bucket. More information about storing Terraform state remotely is available here:
- https://www.terraform.io/language/state/remote
Quick Start
The MyStudies AWS Terraform Module includes a sample deployment example which is configured to deploy an functional application server environment.
Prerequisites
- AWS Account
- AWS IAM User Account with appropriate permissions to deploy AWS resources
- AWS Access Keys for the IAM User and the administrator workstation configured with the AWS Access Keys, Profile and ENV variables
- Administrator computer configured with AWS credentials and Terraform 1.2.x installed
- An existing Route53 DNS domain configured in the target AWS account
- At least one new or existing AWS EC2 Key Pair. Two are recommended - one pair for the bastion host and one pair for the application servers
Quick Start deployment steps
Clone the MyStudies Terraform Module repo to an administrator computer:
git clone https://github.com/FDA-MyStudies/terraform-aws-mystudies.git
CD to the examples/sample-deployment directory:
cd ./terraform-aws-mystudies/examples/sample-deployment
Review and edit the terraform.tfvars configuration file - configuring appropriate values (e.g domain name, key pairs, WCP administrator email addresses etc.)
Deploy the infrastructure with terraform:
terraform init
terraform plan
terraform apply
Terraform will deploy the required resources and application servers, and will start the applications. The system is now ready for administrators to complete the initial configuration and setup. For information on how to complete initial setup follow this guide:
Clean up - How to remove the deployed environment
The deployed environment and deployed resources can be easily removed using the Terraform Destroy command as follows. Note: this will remove all deployed resources including any unsaved data. We highly recommend you take appropriate measures to back up your data.
cd ./terraform-aws-mystudies/examples/sample-deployment
terraform destroy
Troubleshooting
How to SSH to instances
The MyStudies module includes a ssh_config.txt file which can be used to SSH to the instances.
Example: SSH to MyStudies-Response server:
cd ./terraform-aws-mystudies/examples/sample-deployment
ssh -F ssh_config.txt mystudies-response
Secrets Management
Secrets Management is a component of the MyStudies Terraform Module. Random secrets are generated automatically for database admin, application connections etc. The Module utilizes the AWS Systems-Manager Parameter Store to securely store and retrieve secrets. Should you require access to the application secrets, you may view them in the AWS Systems Manager Parameter Store Web Console.
Partial/Staged Deployment Considerations - Out of order deployment consequences
The MyStudies Module has options to enable/disable each application server and associated RDS server. Administrators should take into consideration that these options are evaluated during initial deployment and have some consequences. For example if you initially choose to use local application databases and later want to use RDS (dedicated database servers) your applications will have been configured to use local databases, and the module does not take into account changing from local to RDS databases in a staged deployment.
If you find yourself in that situation you have two options:
- Backup the local database and restore the DB to the RDS database server and manually configure the applications to use the RDS server database connection
OR
- Abandon the local database and application server and redeploy a new application server. To do so, simply terminate the application server in the AWS EC2 console and redeploy with the MyStudies Terraform Module
Related Topics