A decoupled version of Notejam project with CI/CD and IaC.
- Serverless
- Ready to deploy in any AWS region
- Cost-effective
- AWS CDK
- Python 3.8 or Later
- virtualenv
- AWS CLI with configured account and full access for CloudFormation and S3
- Navigate to notejam-cicd/
- Activate virtual environment by running
virtualenv venv && source venv/bin/activate
- Install python dependencies
pip install -r requirements.txt
- Change the notejam/variables.py file to configure application's stage, region and account_id
- Run
cdk bootstrap
to provision deployment infrastructure. Specify your account id and region where deployment should take place. - Run
cdk deploy --all
to deploy the application - When finished, cdk will output app URL
- Application is ready to scale dynamically based on the traffic load which is implemented via ECS scaling policy for the web layer and via Aurora Serverless scaling for the data layer.
- Regular snapshots of the database are taken and are availalbe for S3 export. They will be kept for 3 years in a warm state and archived after that period.
- Both container fleet and the database span across multiple availability zones thus making service resillient to the outages
- All infrastructure is described in Python code and is ready to be deployed in any available region with respective variables
- A development CI/CD pipeline is created for the developers and the Dev group is provisioned in the account allowing developers to work with the required resources
- Application can be deployed in several modes that would run independently. It is possible to include per-stage rollout of the service in the development pipeline
- All logs are exported to the CloudWatch log groups and are available for the analysis
Technical Overview
The architecture above is the first iteration which covers all business requirements.
- Add Cognito service to decouple user management and authentication and the rest of the service
- Add WAF before ALB to filter the traffic and add more security
- Add a Route53 Alias record to have a static URL for the service
- Add a SecretsManager secret to rotate and secure access to the DB
- Implement an Organizations tree of accounts to separate workloads by the stage