structure

zalando-stups · Apr 8, 2015 · 2464441 · 2464441
1 parent 16738d0
commit 2464441
Show file tree

Hide file tree

Showing 8 changed files with 104 additions and 14 deletions.
diff --git a/components/index.rst b/components/index.rst
@@ -0,0 +1,17 @@
+==========
+Components
+==========
+
+
+
+.. toctree::
+   :maxdepth: 1
+
+   piu
+   senza
+   mai
+   even
+   odd
+   taupage
+   pierone
+   sevenseconds
diff --git a/components/piu.rst b/components/piu.rst
@@ -0,0 +1,3 @@
+===
+Piu
+===
diff --git a/aws/zalando-ami.rst → components/taupage.rst b/aws/zalando-ami.rst → components/taupage.rst
@@ -1,21 +1,18 @@
-===========
-Zalando AMI
-===========
-
-We enforce the usage of the official Zalando AMI in order to fulfill our auditing requirements. We have to bridge the
-gap between freedom and compliance.
+=======
+Taupage
+=======
 
 As we want to foster immutable (and therefore deterministic and reproducible) deployments, we want to encourage the use
-of Docker (and similar deployment technologies). The Zalando AMI is capable of starting a Docker container on boot. This
+of Docker (and similar deployment technologies). The Taupage AMI is capable of starting a Docker container on boot. This
 will enable teams to deploy 'what they want' as long as they package it in a Docker image. The server will be
 set up to have an optimal configuration including managed SSH access, audit logging, log collection, monitoring and
 reviewed security additions.
 
 ---------------------
-Using the Zalando AMI
+Using the Taupage AMI
 ---------------------
 
-There is currently no internal tooling but you can find the Zalando AMIs in your EC2 UI. They are maintained by the
+There is currently no internal tooling but you can find the Taupage AMIs in your EC2 UI. They are maintained by the
 Platform team and regularly updated with the newest security fixes and configuration improvements.
 
 .. NOTE::
@@ -24,7 +21,7 @@ Platform team and regularly updated with the newest security fixes and configura
 How to configure the AMI
 ++++++++++++++++++++++++
 
-The Zalando AMI uses the official cloud-init project to receive user configuration. Different to the standard, you can
+The Taupage AMI uses the official cloud-init project to receive user configuration. Different to the standard, you can
 not use the normal user data mimetypes (no #cloud-config, shell scripts, file uploads, URL lists, ...) but only our own
 configuration format::
 
@@ -169,7 +166,7 @@ This is useful if an application (runtime container) wants to use the default SS
 AMI internals
 +++++++++++++
 
-This section gives you an overview of customization, the Zalando AMI contains on top of the Ubuntu Cloud Images.
+This section gives you an overview of customization, the Taupage AMI contains on top of the Ubuntu Cloud Images.
 
 Hardening
 ---------

diff --git a/index.rst b/index.rst
@@ -8,9 +8,9 @@ Contents:
 .. toctree::
    :maxdepth: 1
 
-   aws/index
-   aws-accountsetup/index
-   application-development/index
+   installation/index
+   user-guide/index
+   components/index
 
 
 

diff --git a/installation/aws-account-setup.rst b/installation/aws-account-setup.rst
@@ -0,0 +1,53 @@
+===================
+AWS - Account Setup
+===================
+
+
+**Our AWS VPC Account Setup**
+
+
+.. ATTENTION::
+   Nearly everything is public. Services have to communicate over secure transport layer (HTTPS, SSL, SSH etc.)
+
+   Take care of your **Security Groups** in the public DMZ subnets.
+
+
+Only the public "DMZ" subnets have a direct connection to the internet.  The communication with other teams is only possible over the internet.
+Instances in a Private subnet can only talk to the internet via a **NAT-Instance**.
+The **NAT-instances** are in multiple Availbilty Zones (AZ), therefore every **PRIVATE SUBNET** can communicate to the Internet.
+
+If a Team want to talk to another Team they have to do this from the **PRIVATE SUBNET** over the Internet.
+Because only the private subnet has the Elastic IP's for outgoing traffic.
+The other Team can grant access to this IP's, for example in a Security Group of a ELB (Elastic Loadbalancer)
+
+**Main Points**
+
+   * Communication between teams goes over the **public network**
+   * NAT-Instances get **Elastic IP's**
+      * every team got 3 Public IP's to communicate to the Internet
+      * Other Teams can use these IP's to grant access to there Instances (mostly **ELB**)
+   * We will setup 2 different types of subnets **DMZ** and **Internal**
+   * **Every Team** got the same default Network **172.31.0.0/16**
+      * therefore no **VPN-Tunnel** or **VPC-Peering** is possible between teams
+   * Instances in **Internal** can only be accessed through a SSH bastion host
+
+.. image:: images/AWS-Public-Account-Setup.png
+
+
+
+**setup process**
+
+
+
+The following pages describe our Amazon Web Services initial setup.
+This is only for a whole new AWS Account (a new account for a Team or Service).
+
+.. toctree::
+   :maxdepth: 1
+
+   create_aws_account
+   manual-setup
+   automatic-setup
+
+
+
diff --git a/installation/images/AWS-Public-Account-Setup.png b/installation/images/AWS-Public-Account-Setup.png
diff --git a/installation/index.rst b/installation/index.rst
@@ -0,0 +1,10 @@
+==================
+Installation Guide
+==================
+
+How to install and configure the STUPS platform.
+
+.. toctree::
+   :maxdepth: 1
+
+   aws-account-setup
diff --git a/user-guide/index.rst b/user-guide/index.rst
@@ -0,0 +1,10 @@
+============
+User's Guide
+============
+
+How to use the STUPS platform.
+
+.. toctree::
+   :maxdepth: 1
+
+   deployment