It makes sense to run TFS on EC2. I’m in the office then I fire up our EC2 VM running TFS, I’m heading out to a client site and I shut down the VM and avoid excess costs. I’m working out of the office or interstate and need access to our source code then I can easily and securely get access.
First step was to create a small instance from a pre-canned Windows Server 2008 AMI with SQL Server 2008 R2. Download the installer for TFS direct from the EC2 VM and install it. My requirements were simple. No SharePoint or Report Server yet. Just a plain install of TFS 2010.
First tip, install the TFS 2010 Power Tools. The power tools make life a LOT easier when setting up a backup plan. After installation from the TFS Administration Console you’ll notice a new menu item “Team Foundation Backups”. From there creating a backup plan is a no brainer, just following the wizard.
Next task was to secure TFS. The basic steps involve removing all but necessary ports from AWS security group used by the TFS EC2 instance, locking down the firewall on the TFS Server itself, creating or acquiring a certificate, creating a port binding using this certificate on the “Team Foundation Server” website on the TFS Server, then doing a “Change URL” for the TFS Server from the TFS Administration Console to use the new HTTPS urls. For detailed steps see this guide.
Whilst testing I’ve been using a self signed certificate. A self signed certificate is simple enough to generate from within IIS 7.0. Just go to the IIS admin console, then from the root server node select “Server Certificates”. Right mouse and select to create a new self signed certificate. When it comes time to connect from a client the self signed certificate must be installed into the “Trusted Root Certificate Authority” store of the client machine.
Now its time for the gotcha. Being on AWS my TFS server has a different internal and external IP. The address is mapped via AWS Elastic IP. So from my client machine when it comes time to access the TFS Server I get an address mismatch error. If you try to navigate to “https://address:443/tfs/web” you’ll see this address mismatch error. Visual Studio will fail to connect. Basically to get around this you’ll need to tweak the hosts file to include <external IP> <TFS Server Name>. Then from within Visual Studio when connecting to TFS you simple supply <TFS Server Name> as the server name.
One last thing, don’t forget to tweak the AWS security group being used by the EC2 instance running TFS so that it allows port 443. Port 443 or what ever port you have decided to run the “Team Foundation Server” website under on the TFS Server.