A valid elastic beanstalk environment requires the following:
There are 2 options, one is to have a Private and Public VPC (Virtual Private Cloud) and use NAT to translate from private to public. The NAT has an hourly cost.
The other method is to have a public VPC with only certain ports open. I cover the public VPC here.
The VPC needs to be manually set up as follows:
2 subnets. A subnet is essentially a pool of IP addresses that can only see each other but not the other subnets, even though they are in the same IP address range. The first portion of the IP address is masked (think of it as ignored)
A router: The router will route traffic between these subnets.
An internet gateway: Again, manually configured through AWS, this gateway allows traffic between the VPC and the rest of the internet.
Security Groups: Security group is an in/out network activity policy attached to the service instance that has networking capability, such as a database, memory cache service, etc. Each network-capable service requires a security group to identify incoming traffic that it can accept, and also outgoing traffic.
A redis instance for sessions, and later on for database query caching.
Load balancer and 4 EC2 instances
An AWS TLS certificate for HTTPS
Two S3 instances, one private S3 for photos, and one public one for assets storage. Typically they can be updated using an s3 deploy command (an npm package).
Set up cloudfront with HTTPS for serving assets.
Set up fastly with HTTPS for serving photos. (Use fastly domain for free TLS). Otherwise monthly charges vary between $100 - 275 which is ridiculous for testing.