Nginx with mod_security on EC2

Question

I am looking to get some ideas and see what others are doing in terms of managing/keeping updated Nginx + mod_security on EC2 instances. The catch with this is that mod_security needs to be compiled and then Nginx needs to be compiled with mod_security vs. installing via package.

Just to clarify some of the confusion - I am not looking for a product recommendation. I am aware of plenty of products and tools (Chef, Puppet, etc) and have used them in the past myself.

What I am interested in is technique and workflow. For example, do you use a lifecycle management tool to build an EC2 instance and then attach an EBS-volume to it. Do you build AMI's and then keep those up to data periodically, e.g. I make an AMI, update it as needed, take my production EC2 instance and replace it with the AMI that just has been updated - with data stored on a separate volume and attached to the new AMI. Or do you do something else?

https://en.wikipedia.org/wiki/Configuration_management (I'd recommend Ansible) — ceejayoz, Dec 21 '15 at 16:20
Voting to close because we don't do product recommendations. — Wesley, Dec 22 '15 at 04:32

score 1 · Answer 1 · answered Dec 21 '15 at 20:32

What you're describing is known as lifecycle management, which is a group of techniques to create a maintenance lifecycle for your various applications and systems. For AWS environments, Packer (https://packer.io/) is commonly used to create well-defined AMIs from configuration management software (like the Chef and Puppet tools you mentioned). You can also run arbitrary scripts like your module build routine. The JSON files you use to build AMIs can be kept in revision control along with your config management to establish complete change management in your environment.

Nginx with mod_security on EC2

1 Answers1