diff options
Diffstat (limited to 'doc/install/aws/manual_install_aws.md')
| -rw-r--r-- | doc/install/aws/manual_install_aws.md | 174 |
1 files changed, 87 insertions, 87 deletions
diff --git a/doc/install/aws/manual_install_aws.md b/doc/install/aws/manual_install_aws.md index 8b827d05b57..25973220170 100644 --- a/doc/install/aws/manual_install_aws.md +++ b/doc/install/aws/manual_install_aws.md @@ -1,5 +1,5 @@ --- -stage: Enablement +stage: Systems group: Distribution info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments --- @@ -83,8 +83,8 @@ As we'll be using [Amazon S3 object storage](#amazon-s3-object-storage), our EC2 ### Create an IAM Policy -1. Navigate to the IAM dashboard and click on **Policies** in the left menu. -1. Click **Create policy**, select the `JSON` tab, and add a policy. We want to [follow security best practices and grant _least privilege_](https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#grant-least-privilege), giving our role only the permissions needed to perform the required actions. +1. Navigate to the IAM dashboard and select **Policies** in the left menu. +1. Select **Create policy**, select the `JSON` tab, and add a policy. We want to [follow security best practices and grant _least privilege_](https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#grant-least-privilege), giving our role only the permissions needed to perform the required actions. 1. Assuming you prefix the S3 bucket names with `gl-` as shown in the diagram, add the following policy: ```json @@ -114,17 +114,17 @@ As we'll be using [Amazon S3 object storage](#amazon-s3-object-storage), our EC2 } ``` -1. Click **Review policy**, give your policy a name (we'll use `gl-s3-policy`), and click **Create policy**. +1. Select **Review policy**, give your policy a name (we'll use `gl-s3-policy`), and select **Create policy**. ### Create an IAM Role -1. Still on the IAM dashboard, click on **Roles** in the left menu, and - click **Create role**. -1. Create a new role by selecting **AWS service > EC2**, then click +1. Still on the IAM dashboard, select **Roles** in the left menu, and + select **Create role**. +1. Create a new role by selecting **AWS service > EC2**, then select **Next: Permissions**. -1. In the policy filter, search for the `gl-s3-policy` we created above, select it, and click **Tags**. -1. Add tags if needed and click **Review**. -1. Give the role a name (we'll use `GitLabS3Access`) and click **Create Role**. +1. In the policy filter, search for the `gl-s3-policy` we created above, select it, and select **Tags**. +1. Add tags if needed and select **Review**. +1. Give the role a name (we'll use `GitLabS3Access`) and select **Create Role**. We'll use this role when we [create a launch configuration](#create-a-launch-configuration) later on. @@ -140,14 +140,14 @@ Internet Gateway. We'll now create a VPC, a virtual networking environment that you'll control: 1. Sign in to [Amazon Web Services](https://console.aws.amazon.com/vpc/home). -1. Select **Your VPCs** from the left menu and then click **Create VPC**. +1. Select **Your VPCs** from the left menu and then select **Create VPC**. At the "Name tag" enter `gitlab-vpc` and at the "IPv4 CIDR block" enter `10.0.0.0/16`. If you don't require dedicated hardware, you can leave - "Tenancy" as default. Click **Yes, Create** when ready. + "Tenancy" as default. Select **Yes, Create** when ready.  -1. Select the VPC, click **Actions**, click **Edit DNS resolution**, and enable DNS resolution. Hit **Save** when done. +1. Select the VPC, select **Actions**, select **Edit DNS resolution**, and enable DNS resolution. Hit **Save** when done. ### Subnets @@ -160,7 +160,7 @@ We will create private and public subnets to match load balancers and RDS instances as well: 1. Select **Subnets** from the left menu. -1. Click **Create subnet**. Give it a descriptive name tag based on the IP, +1. Select **Create subnet**. Give it a descriptive name tag based on the IP, for example `gitlab-public-10.0.0.0`, select the VPC we created previously, select an availability zone (we'll use `us-west-2a`), and at the IPv4 CIDR block let's give it a 24 subnet `10.0.0.0/24`: @@ -176,7 +176,7 @@ RDS instances as well: | `gitlab-private-10.0.3.0` | private | `us-west-2b` | `10.0.3.0/24` | 1. Once all the subnets are created, enable **Auto-assign IPv4** for the two public subnets: - 1. Select each public subnet in turn, click **Actions**, and click **Modify auto-assign IP settings**. Enable the option and save. + 1. Select each public subnet in turn, select **Actions**, and select **Modify auto-assign IP settings**. Enable the option and save. ### Internet Gateway @@ -184,8 +184,8 @@ Now, still on the same dashboard, go to Internet Gateways and create a new one: 1. Select **Internet Gateways** from the left menu. -1. Click **Create internet gateway**, give it the name `gitlab-gateway` and - click **Create**. +1. Select **Create internet gateway**, give it the name `gitlab-gateway` and + select **Create**. 1. Select it from the table, and then under the **Actions** dropdown choose "Attach to VPC". @@ -197,12 +197,12 @@ create a new one: Instances deployed in our private subnets need to connect to the internet for updates, but should not be reachable from the public internet. To achieve this, we'll make use of [NAT Gateways](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html) deployed in each of our public subnets: -1. Navigate to the VPC dashboard and click on **NAT Gateways** in the left menu bar. -1. Click **Create NAT Gateway** and complete the following: +1. Navigate to the VPC dashboard and select **NAT Gateways** in the left menu bar. +1. Select **Create NAT Gateway** and complete the following: 1. **Subnet**: Select `gitlab-public-10.0.0.0` from the dropdown. - 1. **Elastic IP Allocation ID**: Enter an existing Elastic IP or click **Allocate Elastic IP address** to allocate a new IP to your NAT gateway. + 1. **Elastic IP Allocation ID**: Enter an existing Elastic IP or select **Allocate Elastic IP address** to allocate a new IP to your NAT gateway. 1. Add tags if needed. - 1. Click **Create NAT Gateway**. + 1. Select **Create NAT Gateway**. Create a second NAT gateway but this time place it in the second public subnet, `gitlab-public-10.0.2.0`. @@ -215,23 +215,23 @@ We need to create a route table for our public subnets to reach the internet via On the VPC dashboard: 1. Select **Route Tables** from the left menu. -1. Click **Create Route Table**. +1. Select **Create Route Table**. 1. At the "Name tag" enter `gitlab-public` and choose `gitlab-vpc` under "VPC". -1. Click **Create**. +1. Select **Create**. We now need to add our internet gateway as a new target and have it receive traffic from any destination. 1. Select **Route Tables** from the left menu and select the `gitlab-public` route to show the options at the bottom. -1. Select the **Routes** tab, click **Edit routes > Add route** and set `0.0.0.0/0` +1. Select the **Routes** tab, select **Edit routes > Add route** and set `0.0.0.0/0` as the destination. In the target column, select the `gitlab-gateway` we created previously. Hit **Save routes** once done. Next, we must associate the **public** subnets to the route table: -1. Select the **Subnet Associations** tab and click **Edit subnet associations**. -1. Check only the public subnets and click **Save**. +1. Select the **Subnet Associations** tab and select **Edit subnet associations**. +1. Check only the public subnets and select **Save**. #### Private Route Tables @@ -251,7 +251,7 @@ We'll create a load balancer to evenly distribute inbound traffic on ports `80` On the EC2 dashboard, look for Load Balancer in the left navigation bar: -1. Click the **Create Load Balancer** button. +1. Select **Create Load Balancer**. 1. Choose the **Classic Load Balancer**. 1. Give it a name (we'll use `gitlab-loadbalancer`) and for the **Create LB Inside** option, select `gitlab-vpc` from the dropdown menu. 1. In the **Listeners** section, set the following listeners: @@ -259,20 +259,20 @@ On the EC2 dashboard, look for Load Balancer in the left navigation bar: - TCP port 22 for both load balancer and instance protocols and ports - HTTPS port 443 for load balancer protocol and ports, forwarding to HTTP port 80 on the instance (we will configure GitLab to listen on port 80 [later in the guide](#add-support-for-proxied-ssl)) 1. In the **Select Subnets** section, select both public subnets from the list so that the load balancer can route traffic to both availability zones. -1. We'll add a security group for our load balancer to act as a firewall to control what traffic is allowed through. Click **Assign Security Groups** and select **Create a new security group**, give it a name +1. We'll add a security group for our load balancer to act as a firewall to control what traffic is allowed through. Select **Assign Security Groups** and select **Create a new security group**, give it a name (we'll use `gitlab-loadbalancer-sec-group`) and description, and allow both HTTP and HTTPS traffic from anywhere (`0.0.0.0/0, ::/0`). Also allow SSH traffic, select a custom source, and add a single trusted IP address or an IP address range in CIDR notation. This will allow users to perform Git actions over SSH. -1. Click **Configure Security Settings** and set the following: +1. Select **Configure Security Settings** and set the following: 1. Select an SSL/TLS certificate from ACM or upload a certificate to IAM. 1. Under **Select a Cipher**, pick a predefined security policy from the dropdown. You can see a breakdown of [Predefined SSL Security Policies for Classic Load Balancers](https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-security-policy-table.html) in the AWS docs. Check the GitLab codebase for a list of [supported SSL ciphers and protocols](https://gitlab.com/gitlab-org/gitlab/-/blob/9ee7ad433269b37251e0dd5b5e00a0f00d8126b4/lib/support/nginx/gitlab-ssl#L97-99). -1. Click **Configure Health Check** and set up a health check for your EC2 instances. +1. Select **Configure Health Check** and set up a health check for your EC2 instances. 1. For **Ping Protocol**, select HTTP. 1. For **Ping Port**, enter 80. - 1. For **Ping Path** - we recommend that you [use the Readiness check endpoint](../../administration/load_balancer.md#readiness-check). You'll need to add [the VPC IP Address Range (CIDR)](https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-security-groups.html#elb-vpc-nacl) to the [IP Allowlist](../../administration/monitoring/ip_whitelist.md) for the [Health Check endpoints](../../user/admin_area/monitoring/health_check.md) + 1. For **Ping Path** - we recommend that you [use the Readiness check endpoint](../../administration/load_balancer.md#readiness-check). You'll need to add [the VPC IP Address Range (CIDR)](https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-security-groups.html#elb-vpc-nacl) to the [IP allowlist](../../administration/monitoring/ip_whitelist.md) for the [Health Check endpoints](../../user/admin_area/monitoring/health_check.md) 1. Keep the default **Advanced Details** or adjust them according to your needs. -1. Click **Add EC2 Instances** - don't add anything as we will create an Auto Scaling Group later to manage instances for us. -1. Click **Add Tags** and add any tags you need. -1. Click **Review and Create**, review all your settings, and click **Create** if you're happy. +1. Select **Add EC2 Instances** - don't add anything as we will create an Auto Scaling Group later to manage instances for us. +1. Select **Add Tags** and add any tags you need. +1. Select **Review and Create**, review all your settings, and select **Create** if you're happy. After the Load Balancer is up and running, you can revisit your Security Groups to refine the access only through the ELB and any other requirements @@ -280,19 +280,19 @@ you might have. ### Configure DNS for Load Balancer -On the Route 53 dashboard, click **Hosted zones** in the left navigation bar: +On the Route 53 dashboard, select **Hosted zones** in the left navigation bar: -1. Select an existing hosted zone or, if you do not already have one for your domain, click **Create Hosted Zone**, enter your domain name, and click **Create**. -1. Click **Create Record Set** and provide the following values: +1. Select an existing hosted zone or, if you do not already have one for your domain, select **Create Hosted Zone**, enter your domain name, and select **Create**. +1. Select **Create Record Set** and provide the following values: 1. **Name:** Use the domain name (the default value) or enter a subdomain. 1. **Type:** Select **A - IPv4 address**. 1. **Alias:** Defaults to **No**. Select **Yes**. 1. **Alias Target:** Find the **ELB Classic Load Balancers** section and select the classic load balancer we created earlier. 1. **Routing Policy:** We'll use **Simple** but you can choose a different policy based on your use case. 1. **Evaluate Target Health:** We'll set this to **No** but you can choose to have the load balancer route traffic based on target health. - 1. Click **Create**. + 1. Select **Create**. 1. If you registered your domain through Route 53, you're done. If you used a different domain registrar, you need to update your DNS records with your domain registrar. You'll need to: - 1. Click on **Hosted zones** and select the domain you added above. + 1. Select **Hosted zones** and select the domain you added above. 1. You'll see a list of `NS` records. From your domain registrar's administrator panel, add each of these as `NS` records to your domain's DNS records. These steps may vary between domain registrars. If you're stuck, Google **"name of your registrar" add DNS records** and you should find a help article specific to your domain registrar. The steps for doing this vary depending on which registrar you use and is beyond the scope of this guide. @@ -308,22 +308,22 @@ create the actual RDS instance. We need a security group for our database that will allow inbound traffic from the instances we'll deploy in our `gitlab-loadbalancer-sec-group` later on: 1. From the EC2 dashboard, select **Security Groups** from the left menu bar. -1. Click **Create security group**. +1. Select **Create security group**. 1. Give it a name (we'll use `gitlab-rds-sec-group`), a description, and select the `gitlab-vpc` from the **VPC** dropdown. -1. In the **Inbound rules** section, click **Add rule** and set the following: +1. In the **Inbound rules** section, select **Add rule** and set the following: 1. **Type:** search for and select the **PostgreSQL** rule. 1. **Source type:** set as "Custom". 1. **Source:** select the `gitlab-loadbalancer-sec-group` we created earlier. -1. When done, click **Create security group**. +1. When done, select **Create security group**. ### RDS Subnet Group 1. Navigate to the RDS dashboard and select **Subnet Groups** from the left menu. -1. Click on **Create DB Subnet Group**. +1. Select **Create DB Subnet Group**. 1. Under **Subnet group details**, enter a name (we'll use `gitlab-rds-group`), a description, and choose the `gitlab-vpc` from the VPC dropdown. 1. From the **Availability Zones** dropdown, select the Availability Zones that include the subnets you've configured. In our case, we'll add `eu-west-2a` and `eu-west-2b`. 1. From the **Subnets** dropdown, select the two private subnets (`10.0.1.0/24` and `10.0.3.0/24`) as we defined them in the [subnets section](#subnets). -1. Click **Create** when ready. +1. Select **Create** when ready. ### Create the database @@ -332,7 +332,7 @@ Avoid using burstable instances (t class instances) for the database as this cou Now, it's time to create the database: -1. Navigate to the RDS dashboard, select **Databases** from the left menu, and click **Create database**. +1. Navigate to the RDS dashboard, select **Databases** from the left menu, and select **Create database**. 1. Select **Standard Create** for the database creation method. 1. Select **PostgreSQL** as the database engine and select the minimum PostgreSQL version as defined for your GitLab version in our [database requirements](../../install/requirements.md#postgresql-requirements). 1. Since this is a production server, let's choose **Production** from the **Templates** section. @@ -355,7 +355,7 @@ Now, it's time to create the database: 1. Configure your preferred backup settings. 1. The only other change we'll make here is to disable auto minor version updates under **Maintenance**. 1. Leave all the other settings as is or tweak according to your needs. - 1. Once you're happy, click **Create database**. + 1. Once you're happy, select **Create database**. Now that the database is created, let's move on to setting up Redis with ElastiCache. @@ -368,24 +368,24 @@ persistence and is used to store session data, temporary cache information, and 1. Navigate to the EC2 dashboard. 1. Select **Security Groups** from the left menu. -1. Click **Create security group** and fill in the details. Give it a name (we'll use `gitlab-redis-sec-group`), +1. Select **Create security group** and fill in the details. Give it a name (we'll use `gitlab-redis-sec-group`), add a description, and choose the VPC we created previously -1. In the **Inbound rules** section, click **Add rule** and add a **Custom TCP** rule, set port `6379`, and set the "Custom" source as the `gitlab-loadbalancer-sec-group` we created earlier. -1. When done, click **Create security group**. +1. In the **Inbound rules** section, select **Add rule** and add a **Custom TCP** rule, set port `6379`, and set the "Custom" source as the `gitlab-loadbalancer-sec-group` we created earlier. +1. When done, select **Create security group**. ### Redis Subnet Group 1. Navigate to the ElastiCache dashboard from your AWS console. 1. Go to **Subnet Groups** in the left menu, and create a new subnet group (we'll name ours `gitlab-redis-group`). - Make sure to select our VPC and its [private subnets](#subnets). Click - **Create** when ready. + Make sure to select our VPC and its [private subnets](#subnets). +1. Select **Create** when ready.  ### Create the Redis Cluster 1. Navigate back to the ElastiCache dashboard. -1. Select **Redis** on the left menu and click **Create** to create a new +1. Select **Redis** on the left menu and select **Create** to create a new Redis cluster. Do not enable **Cluster Mode** as it is [not supported](../../administration/redis/replication_and_failover_external.md#requirements). Even without cluster mode on, you still get the chance to deploy Redis in multiple availability zones. 1. In the settings section: @@ -404,7 +404,7 @@ persistence and is used to store session data, temporary cache information, and 1. In the security settings, edit the security groups and choose the `gitlab-redis-sec-group` we had previously created. 1. Leave the rest of the settings to their default values or edit to your liking. -1. When done, click **Create**. +1. When done, select **Create**. ## Setting up Bastion Hosts @@ -418,29 +418,29 @@ If you do not want to maintain bastion hosts, you can set up [AWS Systems Manage ### Create Bastion Host A -1. Navigate to the EC2 Dashboard and click on **Launch instance**. +1. Navigate to the EC2 Dashboard and select **Launch instance**. 1. Select the **Ubuntu Server 18.04 LTS (HVM)** AMI. 1. Choose an instance type. We'll use a `t2.micro` as we'll only use the bastion host to SSH into our other instances. -1. Click **Configure Instance Details**. +1. Select **Configure Instance Details**. 1. Under **Network**, select the `gitlab-vpc` from the dropdown menu. 1. Under **Subnet**, select the public subnet we created earlier (`gitlab-public-10.0.0.0`). 1. Double check that under **Auto-assign Public IP** you have **Use subnet setting (Enable)** selected. - 1. Leave everything else as default and click **Add Storage**. + 1. Leave everything else as default and select **Add Storage**. 1. For storage, we'll leave everything as default and only add an 8GB root volume. We won't store anything on this instance. -1. Click **Add Tags** and on the next screen click **Add Tag**. +1. Select **Add Tags** and on the next screen select **Add Tag**. 1. We'll only set `Key: Name` and `Value: Bastion Host A`. -1. Click **Configure Security Group**. +1. Select **Configure Security Group**. 1. Select **Create a new security group**, enter a **Security group name** (we'll use `bastion-sec-group`), and add a description. 1. We'll enable SSH access from anywhere (`0.0.0.0/0`). If you want stricter security, specify a single IP address or an IP address range in CIDR notation. - 1. Click **Review and Launch** -1. Review all your settings and, if you're happy, click **Launch**. -1. Acknowledge that you have access to an existing key pair or create a new one. Click **Launch Instance**. + 1. Select **Review and Launch** +1. Review all your settings and, if you're happy, select **Launch**. +1. Acknowledge that you have access to an existing key pair or create a new one. Select **Launch Instance**. Confirm that you can SSH into the instance: -1. On the EC2 Dashboard, click on **Instances** in the left menu. +1. On the EC2 Dashboard, select **Instances** in the left menu. 1. Select **Bastion Host A** from your list of instances. -1. Click **Connect** and follow the connection instructions. +1. Select **Connect** and follow the connection instructions. 1. If you are able to connect successfully, let's move on to setting up our second bastion host for redundancy. ### Create Bastion Host B @@ -466,16 +466,16 @@ From the EC2 dashboard: 1. Use the section below titled "[Find official GitLab-created AMI IDs on AWS](#find-official-gitlab-created-ami-ids-on-aws)" to find the correct AMI to launch. 1. After clicking **Launch** on the desired AMI, select an instance type based on your workload. Consult the [hardware requirements](../../install/requirements.md#hardware-requirements) to choose one that fits your needs (at least `c5.xlarge`, which is sufficient to accommodate 100 users). -1. Click **Configure Instance Details**: +1. Select **Configure Instance Details**: 1. In the **Network** dropdown, select `gitlab-vpc`, the VPC we created earlier. 1. In the **Subnet** dropdown, select `gitlab-private-10.0.1.0` from the list of subnets we created earlier. 1. Double check that **Auto-assign Public IP** is set to `Use subnet setting (Disable)`. - 1. Click **Add Storage**. + 1. Select **Add Storage**. 1. The root volume is 8GiB by default and should be enough given that we won't store any data there. -1. Click **Add Tags** and add any tags you may need. In our case, we'll only set `Key: Name` and `Value: GitLab`. -1. Click **Configure Security Group**. Check **Select an existing security group** and select the `gitlab-loadbalancer-sec-group` we created earlier. -1. Click **Review and launch** followed by **Launch** if you're happy with your settings. -1. Finally, acknowledge that you have access to the selected private key file or create a new one. Click **Launch Instances**. +1. Select **Add Tags** and add any tags you may need. In our case, we'll only set `Key: Name` and `Value: GitLab`. +1. Select **Configure Security Group**. Check **Select an existing security group** and select the `gitlab-loadbalancer-sec-group` we created earlier. +1. Select **Review and launch** followed by **Launch** if you're happy with your settings. +1. Finally, acknowledge that you have access to the selected private key file or create a new one. Select **Launch Instances**. ### Add custom configuration @@ -501,7 +501,7 @@ Since we're adding our SSL certificate at the load balancer, we do not need the From your GitLab instance, connect to the RDS instance to verify access and to install the required `pg_trgm` and `btree_gist` extensions. -To find the host or endpoint, navigate to **Amazon RDS > Databases** and click on the database you created earlier. Look for the endpoint under the **Connectivity & security** tab. +To find the host or endpoint, navigate to **Amazon RDS > Databases** and select the database you created earlier. Look for the endpoint under the **Connectivity & security** tab. Do not to include the colon and port number: @@ -580,23 +580,23 @@ It should be enabled and configured on a separate EC2 instance in one of the Let's create an EC2 instance where we'll install Gitaly: -1. From the EC2 dashboard, click **Launch instance**. +1. From the EC2 dashboard, select **Launch instance**. 1. Choose an AMI. In this example, we'll select the **Ubuntu Server 18.04 LTS (HVM), SSD Volume Type**. 1. Choose an instance type. We'll pick a `c5.xlarge`. -1. Click **Configure Instance Details**. +1. Select **Configure Instance Details**. 1. In the **Network** dropdown, select `gitlab-vpc`, the VPC we created earlier. 1. In the **Subnet** dropdown, select `gitlab-private-10.0.1.0` from the list of subnets we created earlier. 1. Double check that **Auto-assign Public IP** is set to `Use subnet setting (Disable)`. - 1. Click **Add Storage**. + 1. Select **Add Storage**. 1. Increase the Root volume size to `20 GiB` and change the **Volume Type** to `Provisioned IOPS SSD (io1)`. (This is an arbitrary size. Create a volume big enough for your repository storage requirements.) 1. For **IOPS** set `1000` (20 GiB x 50 IOPS). You can provision up to 50 IOPS per GiB. If you select a larger volume, increase the IOPS accordingly. Workloads where many small files are written in a serialized manner, like `git`, requires performant storage, hence the choice of `Provisioned IOPS SSD (io1)`. -1. Click on **Add Tags** and add your tags. In our case, we'll only set `Key: Name` and `Value: Gitaly`. -1. Click on **Configure Security Group** and let's **Create a new security group**. +1. Select **Add Tags** and add your tags. In our case, we'll only set `Key: Name` and `Value: Gitaly`. +1. Select **Configure Security Group** and let's **Create a new security group**. 1. Give your security group a name and description. We'll use `gitlab-gitaly-sec-group` for both. 1. Create a **Custom TCP** rule and add port `8075` to the **Port Range**. For the **Source**, select the `gitlab-loadbalancer-sec-group`. 1. Also add an inbound rule for SSH from the `bastion-sec-group` so that we can connect using [SSH Agent Forwarding](#use-ssh-agent-forwarding) from the Bastion hosts. -1. Click **Review and launch** followed by **Launch** if you're happy with your settings. -1. Finally, acknowledge that you have access to the selected private key file or create a new one. Click **Launch Instances**. +1. Select **Review and launch** followed by **Launch** if you're happy with your settings. +1. Finally, acknowledge that you have access to the selected private key file or create a new one. Select **Launch Instances**. NOTE: Instead of storing configuration _and_ repository data on the root volume, you can also choose to add an additional EBS volume for repository storage. Follow the same guidance as above. See the [Amazon EBS pricing](https://aws.amazon.com/ebs/pricing/). We do not recommend using EFS as it may negatively impact the performance of GitLab. You can review the [relevant documentation](../../administration/nfs.md#avoid-using-cloud-based-file-systems) for more details. @@ -679,9 +679,9 @@ When our [auto scaling group](#create-an-auto-scaling-group) spins up new instan On the EC2 dashboard: 1. Select the `GitLab` instance we [created earlier](#install-gitlab). -1. Click on **Actions**, scroll down to **Image** and click **Create Image**. +1. Select **Actions**, scroll down to **Image** and select **Create Image**. 1. Give your image a name and description (we'll use `GitLab-Source` for both). -1. Leave everything else as default and click **Create Image** +1. Leave everything else as default and select **Create Image** Now we have a custom AMI that we'll use to create our launch configuration the next step. @@ -691,21 +691,21 @@ Now we have a custom AMI that we'll use to create our launch configuration the n From the EC2 dashboard: -1. Select **Launch Configurations** from the left menu and click **Create launch configuration**. +1. Select **Launch Configurations** from the left menu and select **Create launch configuration**. 1. Select **My AMIs** from the left menu and select the `GitLab` custom AMI we created above. -1. Select an instance type best suited for your needs (at least a `c5.xlarge`) and click **Configure details**. +1. Select an instance type best suited for your needs (at least a `c5.xlarge`) and select **Configure details**. 1. Enter a name for your launch configuration (we'll use `gitlab-ha-launch-config`). 1. **Do not** check **Request Spot Instance**. 1. From the **IAM Role** dropdown, pick the `GitLabAdmin` instance role we [created earlier](#create-an-iam-ec2-instance-role-and-profile). -1. Leave the rest as defaults and click **Add Storage**. -1. The root volume is 8GiB by default and should be enough given that we won't store any data there. Click **Configure Security Group**. +1. Leave the rest as defaults and select **Add Storage**. +1. The root volume is 8GiB by default and should be enough given that we won't store any data there. Select **Configure Security Group**. 1. Check **Select and existing security group** and select the `gitlab-loadbalancer-sec-group` we created earlier. -1. Click **Review**, review your changes, and click **Create launch configuration**. -1. Acknowledge that you have access to the private key or create a new one. Click **Create launch configuration**. +1. Select **Review**, review your changes, and select **Create launch configuration**. +1. Acknowledge that you have access to the private key or create a new one. Select **Create launch configuration**. ### Create an auto scaling group -1. As soon as the launch configuration is created, you'll see an option to **Create an Auto Scaling group using this launch configuration**. Click that to start creating the auto scaling group. +1. After the launch configuration is created, select **Create an Auto Scaling group using this launch configuration** to start creating the auto scaling group. 1. Enter a **Group name** (we'll use `gitlab-auto-scaling-group`). 1. For **Group size**, enter the number of instances you want to start with (we'll enter `2`). 1. Select the `gitlab-vpc` from the **Network** dropdown. @@ -713,7 +713,7 @@ From the EC2 dashboard: 1. Expand the **Advanced Details** section and check the **Receive traffic from one or more load balancers** option. 1. From the **Classic Load Balancers** dropdown, select the load balancer we created earlier. 1. For **Health Check Type**, select **ELB**. -1. We'll leave our **Health Check Grace Period** as the default `300` seconds. Click **Configure scaling policies**. +1. We'll leave our **Health Check Grace Period** as the default `300` seconds. Select **Configure scaling policies**. 1. Check **Use scaling policies to adjust the capacity of this group**. 1. For this group we'll scale between 2 and 4 instances where one instance will be added if CPU utilization is greater than 60% and one instance is removed if it falls |