https://speakerdeck.com/bsideup/healthy-cloud-for-a-healthtech-company-aws-berlin-meetup
- Adjust
deploy_master.sh
and put your own values forENV_NAME
,CF_BUCKET
,ACM_CERTIFICATE_ARN
andINTERNAL_DOMAIN
variables - Adjust
ENV_NAME
incicd.sh
- Create a single ACM certificate for your internal domain (e.g.
mycompany.services
) and your public domain (e.g.example.com
) - Execute it (Alternatively, pack a template and use your favorite CloudFormation tool to deploy it)
- Go to AWS Console and execute the changeset after reviewing it
- Once it is created, add
*.example.com
wildcard Route53 record pointing to your public ALB
Now you have:
- VPC with 10.0.0.0/16 CIDR and 3 AZs
- ECS Cluster with EC2 ASG draining
- Internal ALB with
*.mycompany.services
private DNS zone - Public ALB
- SSH bastion instance with IAM-based auth.
Check https://github.com/widdix/aws-ec2-ssh how to configure it
- use
./cicd.sh foo
to deploy servicefoo
(you can find it inservices/foo/
folder) - Go to AWS console and execute the changeset (
--no-execute-changeset
is set, you can remove it to immediately run the deployment)
services/foo/infrastructure.py
describes foo
service's infrastructure.
Since foo
is an internal service, we can only query it from the inside of our VPC.
Important: this step assumes you have aws-ec2-ssh configured (see Deploy the platform
)
Run
$ ./commands/shell.sh $ENV_NAME 'curl -sSL https://foo.mycompany.services/hello'
Hello, I am 6cae38f4-5dee-4344-8c0d-10a430dfbd98
Where ENV_NAME
is your environment name (see Before we start
)
- Go to AWS Parameter Store UI and add an encrypted parameter "/some/secret"
- use
./cicd.sh bar
to deploy servicebar
(you can find it inservices/bar/
folder) - Go to AWS console and execute the changeset
- Test it:
$ curl -sSL https://bar.example.com/
Foo answered:
Hello, I am 6cae38f4-5dee-4344-8c0d-10a430dfbd98
$ curl -sSL https://bar.example.com/env/something
**the value of "/some/secret" secret parameter**
- Adjust
services/foo/infrastructure.py
, adddesired_count=2
afterpriority
- use
./cicd.sh foo
to update servicefoo
- Go to AWS console, review and execute the changeset
- Test it:
$ curl -sSL https://bar.example.com/
Foo answered:
Hello, I am 79586eb1-2488-4039-a16f-fbab4d06d215
$ curl -sSL https://bar.example.com/
Foo answered:
Hello, I am 91d0bf3e-5157-493f-b031-faf86ba7d6df
$ curl -sSL https://bar.example.com/
Foo answered:
Hello, I am 79586eb1-2488-4039-a16f-fbab4d06d215
$ curl -sSL https://bar.example.com/
Foo answered:
Hello, I am 91d0bf3e-5157-493f-b031-faf86ba7d6df
Use Jenkins or some other CD platform to deploy your platform & services