1630d63cb7c6ae6669e6d33ea7749da2d74378cd
java/com.amazon.aws.aws-java-api.updatesite/features/aws-sdk/feature.xml
| ... | ... | @@ -2,21 +2,21 @@ |
| 2 | 2 | <feature |
| 3 | 3 | id="com.amazon.aws.aws-java-api" |
| 4 | 4 | label="AWS API" |
| 5 | - version="2.20.59" |
|
| 5 | + version="2.25.11" |
|
| 6 | 6 | provider-name="Amazon"> |
| 7 | 7 | |
| 8 | 8 | <plugin |
| 9 | 9 | id="com.amazon.aws.aws-java-api" |
| 10 | 10 | download-size="0" |
| 11 | 11 | install-size="0" |
| 12 | - version="2.20.59" |
|
| 12 | + version="2.25.11" |
|
| 13 | 13 | unpack="false"/> |
| 14 | 14 | |
| 15 | 15 | <plugin |
| 16 | 16 | id="com.amazon.aws.aws-java-api.source" |
| 17 | 17 | download-size="0" |
| 18 | 18 | install-size="0" |
| 19 | - version="2.20.59" |
|
| 19 | + version="2.25.11" |
|
| 20 | 20 | unpack="false"/> |
| 21 | 21 | |
| 22 | 22 | </feature> |
java/com.amazon.aws.aws-java-api.updatesite/site.xml
| ... | ... | @@ -1,6 +1,6 @@ |
| 1 | 1 | <?xml version="1.0" encoding="UTF-8"?> |
| 2 | 2 | <site> |
| 3 | - <feature url="features/aws-sdk/com.amazon.aws.aws-java-api_2.20.59.jar" id="com.amazon.aws.aws-java-api" version="2.20.59"> |
|
| 3 | + <feature url="features/aws-sdk/com.amazon.aws.aws-java-api_2.25.11.jar" id="com.amazon.aws.aws-java-api" version="2.25.11"> |
|
| 4 | 4 | <category name="aws-java-api"/> |
| 5 | 5 | </feature> |
| 6 | 6 | <category-def name="com.amazon.aws.aws-java-api" label="aws-java-api"/> |
java/com.amazon.aws.aws-java-api/build.gradle
| ... | ... | @@ -5,7 +5,7 @@ repositories { |
| 5 | 5 | } |
| 6 | 6 | |
| 7 | 7 | dependencies { |
| 8 | - implementation platform('software.amazon.awssdk:bom:2.20.59') |
|
| 8 | + implementation platform('software.amazon.awssdk:bom:2.25.11') |
|
| 9 | 9 | implementation 'software.amazon.awssdk:s3' |
| 10 | 10 | implementation 'software.amazon.awssdk:lambda' |
| 11 | 11 | implementation 'software.amazon.awssdk:ec2' |
java/com.amazon.aws.aws-java-api/pom.xml
| ... | ... | @@ -16,7 +16,7 @@ |
| 16 | 16 | </properties> |
| 17 | 17 | <groupId>com.amazon.aws</groupId> |
| 18 | 18 | <artifactId>com.amazon.aws.aws-java-api</artifactId> |
| 19 | - <version>2.20.59</version> |
|
| 19 | + <version>2.25.11</version> |
|
| 20 | 20 | <packaging>eclipse-plugin</packaging> |
| 21 | 21 | <build> |
| 22 | 22 | <plugins> |
java/com.sap.sailing.targetplatform/definitions/race-analysis-p2-remote.target
| ... | ... | @@ -146,7 +146,7 @@ |
| 146 | 146 | <repository location="https://download.eclipse.org/tools/orbit/downloads/drops/R20210223232630/repository"/> |
| 147 | 147 | </location> |
| 148 | 148 | <location includeAllPlatforms="false" includeConfigurePhase="false" includeMode="slicer" includeSource="true" type="InstallableUnit"> |
| 149 | -<unit id="com.amazon.aws.aws-java-api.feature.group" version="2.20.59"/> |
|
| 149 | +<unit id="com.amazon.aws.aws-java-api.feature.group" version="2.25.11"/> |
|
| 150 | 150 | <repository location="https://p2.sapsailing.com/p2/aws-sdk/"/> |
| 151 | 151 | </location> |
| 152 | 152 | <location includeAllPlatforms="false" includeConfigurePhase="false" includeMode="slicer" includeSource="true" type="InstallableUnit"> |
java/com.sap.sse.feature.runtime/feature.xml
| ... | ... | @@ -735,14 +735,14 @@ |
| 735 | 735 | id="com.amazon.aws.aws-java-api" |
| 736 | 736 | download-size="0" |
| 737 | 737 | install-size="0" |
| 738 | - version="2.20.59" |
|
| 738 | + version="2.25.11" |
|
| 739 | 739 | unpack="false"/> |
| 740 | 740 | |
| 741 | 741 | <plugin |
| 742 | 742 | id="com.amazon.aws.aws-java-api.source" |
| 743 | 743 | download-size="0" |
| 744 | 744 | install-size="0" |
| 745 | - version="2.20.59" |
|
| 745 | + version="2.25.11" |
|
| 746 | 746 | unpack="false"/> |
| 747 | 747 | |
| 748 | 748 | <plugin |
wiki/info/landscape/amazon-ec2.md
| ... | ... | @@ -19,9 +19,9 @@ Our default region in AWS EC2 is eu-west-1 (Ireland). Tests are currently run in |
| 19 | 19 | |
| 20 | 20 | In Route53 (the AWS DNS) we have registered the sapsailing.com domain and can manage records for any sub-domains. The "apex" record for sapsailing.com points to a Network Load Balancer (NLB), currently ``NLB-sapsailing-dot-com-f937a5b33246d221.elb.eu-west-1.amazonaws.com``, which does the following things: |
| 21 | 21 | |
| 22 | -* accept SSH connects on port 22; these are forwarded to the internal IP of the web server through the target group ``SSH-to-sapsailing-dot-com``, currently with the internal IP target ``172.31.28.212`` |
|
| 23 | -* accept HTTP connections for ``sapsailing.com:80``, forwarding them to the target group ``HTTP-to-sapsailing-dot-com`` which is a TCP target group for port 80 with ip-based targets (instance-based was unfortunately not possible for the old ``m3`` instance type of our web server), again pointing to ``172.31.28.212``, the internal IP of our web server |
|
| 24 | -* accept HTTPS/TLS connections on port 443, using the ACM-managed certificate for ``*.sapsailing.com`` and ``sapsailing.com`` and also forwarding to the ``HTTP-to-sapsailing-dot-com`` target group |
|
| 22 | +* accept SSH connects on port 22; these are forwarded to the internal IP of the web server through the target group ``SSH-to-sapsailing-dot-com-2``, currently with the internal IP target ``172.31.28.212`` |
|
| 23 | +* accept HTTP connections for ``sapsailing.com:80``, forwarding them to the target group ``HTTP-to-sapsailing-dot-com-2`` which is a TCP target group for port 80 with ip-based targets (instance-based was unfortunately not possible for the old ``m3`` instance type of our web server), again pointing to ``172.31.28.212``, the internal IP of our web server |
|
| 24 | +* accept HTTPS/TLS connections on port 443, using the ACM-managed certificate for ``*.sapsailing.com`` and ``sapsailing.com`` and also forwarding to the ``HTTP-to-sapsailing-dot-com-2`` target group |
|
| 25 | 25 | * optionally, this NLB could be extended by UDP port mappings in case we see a use case for UDP-based data streams that need forwarding to specific applications, such as the Expedition data typically sent on ports 2010 and following |
| 26 | 26 | |
| 27 | 27 | Additionally, we have created a CNAME record for ``*.sapsailing.com`` pointing at a default application load balancer (ALB) (currently ``DefDynsapsailing-com-1492504005.eu-west-1.elb.amazonaws.com``) in our default region (eu-west-1). Thie default ALB is also called our "dynamic ALB" because it doesn't depend on DNS rules other than the default one for ``*.sapsailing.com``, so other than changes to the DNS which can take minutes to hours to propagate through the world-wide DNS, changes to the default ALB's rule set take effect immediately. Like all ALBs, this one also has a default rule that refers all traffic not matched by other rules to a target group that forwards traffic to an (in the future probably multiple) Apache httpd webserver. All these ALBs handle SSL termination by means of an ACM-managed certificate that AWS automatically renews before it expires. The traffic routed to the target groups is always HTTP only. |
| ... | ... | @@ -38,6 +38,8 @@ The IPs for all reverse proxies will automatically be added to the `CentralWebSe |
| 38 | 38 | and to the `DDNSMapped-x-HTTP` (in all the DDNSMapped servers). These are the target groups for the default rules and it ensures availability to the ARCHIVE especially. |
| 39 | 39 | Currently, the new approach tags instances with `disposableProxy` to indicate it hosts no vital services. `ReverseProxy` also identifies any reverse proxies. The health check for the target groups would change to trigger a script which returns different error codes: healthy/200 if in the same AZ as the archive (or if the failover archive is in use), whilst unhealthy/503 if in different AZs. This will reduce cross-AZ, archive traffic costs, but maintain availability and load balancing. |
| 40 | 40 | |
| 41 | +For security groups of the central reverse proxy, we want Webserver, as well as Disposable Reverse Proxy. The diposables just have the latter. |
|
| 42 | + |
|
| 41 | 43 | There is hope to also deploy the httpd on already existing instances, which have free resources and a certain tag permitting this |
| 42 | 44 | co-deployment. |
| 43 | 45 | Most of sapsailing.com no longer cares about SSL and does not need to have an SSL certificate. Sail-insight still does though. The central reverse proxy offers the following services: |
| ... | ... | @@ -64,8 +66,8 @@ If you see ``Syntax OK`` then reload the configuration using |
| 64 | 66 | The webserver is registered as target in various locations: |
| 65 | 67 | |
| 66 | 68 | * As DNS record with its internal IP address (e.g., 172.31.19.129) for the two DNS entries ``logfiles.internal.sapsailing.com`` used by various NFS mounts, and ``smtp.internal.sapsailing.com`` for e-mail traffic sent within the landscape and not requiring the AWS SES |
| 67 | -* as IP target with its internal IP address for the ``HTTP-to-sapsailing-dot-com`` target group, accepting the HTTP traffic sent straight to ``sapsailing.com`` (not ``www.sapsailing.com``) |
|
| 68 | -* as IP target with its internal IP address for the ``SSH-to-sapsailing-dot-com`` target group, accepting the SSH traffic for ``sapsailing.com`` |
|
| 69 | +* as IP target with its internal IP address for the ``HTTP-to-sapsailing-dot-com-2`` target group, accepting the HTTP traffic sent straight to ``sapsailing.com`` (not ``www.sapsailing.com``) |
|
| 70 | +* as IP target with its internal IP address for the ``SSH-to-sapsailing-dot-com-2`` target group, accepting the SSH traffic for ``sapsailing.com`` |
|
| 69 | 71 | * as regular instance target in all load balancers' default rule's target group, such as ``DefDynsapsailing-com``, ``DNSMapped-0``, ``DNSMapped-1``, and so on; the names of the target groups are ``CentralWebServerHTTP-Dyn``, ``DDNSMapped-0-HTTP``, ``DDNSMapped-1-HTTP``, and so on, respectively |
| 70 | 72 | * as regular instance target in ``DNSMapped-0``'s target group ``DNSMapped0-Central-HTTP`` to which requests for services available only on the *central* reverse proxy are forwarded to, such as ``releases.sapsailing.com``, ``bugzilla.sapsailing.com``, and so on |
| 71 | 73 | * as target of the elastic IP address ``54.229.94.254`` |