My children decided to take some Python cources during COVID-19 outbreak. We decided to use Amazon Workspaces for them. So they can use their Chromebooks to access remote Linux system provided by Amazon Workspaces. Hence this projecte created.
💂♂️Security without compromises is a must for us. That is why we are using Amazon Web Services (AWS) applying all the best practicies (including but not limited to the runnning all our workloads inside an Amazon VPC private subnets).
🛑👉 DON'T FORGET TO CHECK NOTES.md if you want to understand more about some of the ideas used while authoring CloudFormation Templates.
We are using CodePipeline as a primary method to a deploy. This is very opinionated approach to deploy something outside of a normal development process. Usually you would prefer to use CloudFormation Nested Stacks when you deploy several dependant CloudFormation stacks. And, probably, it is the most correct approach to be honest. So we should support it as well :)
- Create CloudFormation Stack by using pipeline.yaml template. Name it on-aws-workspaces-pipeline. You can name it differntely. But it is what we are using ourselves. We recommend to use default provided value for the Tag CloudFormation parameter.
- Open AWS CodePipeline Console. You should see 2 new pipelines (on-aws-workspaces-create and on-aws-workspaces-delete). You might see that both pipelines are In progress state. This happened because we just created them. But they will not be triggered automatically any time we change something in the repo. Only way to trigger them is to click Release change button.
- Now pay attention to on-aws-workspaces-delete pipeline which is most likely In progress right now. You can safely go and Stop execution of it. Otherwise it will be In progress for a long time as you can find a disabled transition there. This is done for an extra protection, so you wouldn't delete your resources mistakenly. Next step will explain why do we need on-aws-workspaces-delete.
- 💰(OPTIONAL) You can deploy an optional CloudFormation Stack on-aws-workspaces-frugality by using https://github.com/on-aws/frugality/template.yaml. This stack allows you to schedule execution of on-aws-workspaces-pipeline in the morning (hence to provision all the required resources) and on-aws-workspaces-delete at night (hence to delete al lthe resources). Why do I need it? Well this deployment produces several AWS resources which you will be charged for. Very first one is Amazon VPC NAT gateway. Deleting it overnight will help to save some money in your pocket. In general we are trying to make sure that all data survived this harsh exercise and available for you next morning. WARNING: FRUGALITY DOES NOT GUARANTEE PERSISTENCE OF YOUR DATA YET. But we'll make sure to find a way to make it happen. 👉So you should weight your usecase before applying this optional step.
- 🔚We are sorry to see you go. But our lives go on. And sometime we need to clean a mess created previously. on-aws-workspaces-delete pipeline is exactly for this case (in addition to the optional 4️⃣). It will delete all the AWS resources (including Amazon CloudWatch Log Groups), except data artifacts (if applicable for this deployment). Though few extra steps are required to completely wiped all memories:
- First make sure that you deleted all essential resources by Release change for on-aws-workspaces-delete pipeline
- Open AWS Cloud Formation Console
- Find on-aws-workspaces-create and click Delete
- IMPORTANT You will see an error The bucket you tried to delete is not empty. You must delete all versions in the bucket.. This is not a bug. But a protective feature. This is your last chance to rethink tour decision.
- You can go and delete mentioned Amazon S3 bucket trough Amazon S3 Console.
- Or you can click Delete one more time and exclude S3 bucket resource from deletion.
- Find on-aws-workspaces-delete and click Delete.
- (OPTIONAL) Find and delete on-aws-workspaces-frugality if you were using it.