Skip to content

idomoroschenov/notejam

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

29 Commits

notejam-cicd

notejam-cicd

 
 

notejam-code

notejam-code

 
 

notejam-diagrams

notejam-diagrams

 
 

.gitignore

.gitignore

 
 

README.md

README.md

 
 

Repository files navigation

Notejam

A decoupled version of Notejam project with CI/CD and IaC.

  • Serverless
  • Ready to deploy in any AWS region
  • Cost-effective

Prerequisites

  • AWS CDK
  • Python 3.8 or Later
  • virtualenv
  • AWS CLI with configured account and full access for CloudFormation and S3

Installation

  • Navigate to notejam-cicd/
  • Activate virtual environment by running virtualenv venv && source venv/bin/activate
  • Install python dependencies pip install -r requirements.txt
  • Change the notejam/variables.py file to configure application's stage, region and account_id
  • Run cdk bootstrap to provision deployment infrastructure. Specify your account id and region where deployment should take place.
  • Run cdk deploy --all to deploy the application
  • When finished, cdk will output app URL

Initial requirements

Requirements

  • Application is ready to scale dynamically based on the traffic load which is implemented via ECS scaling policy for the web layer and via Aurora Serverless scaling for the data layer.
  • Regular snapshots of the database are taken and are availalbe for S3 export. They will be kept for 3 years in a warm state and archived after that period.
  • Both container fleet and the database span across multiple availability zones thus making service resillient to the outages
  • All infrastructure is described in Python code and is ready to be deployed in any available region with respective variables
  • A development CI/CD pipeline is created for the developers and the Dev group is provisioned in the account allowing developers to work with the required resources
  • Application can be deployed in several modes that would run independently. It is possible to include per-stage rollout of the service in the development pipeline
  • All logs are exported to the CloudWatch log groups and are available for the analysis

Design Assumptions

DesignAssumptions

Implemented Architecture

Technical Overview

TechnicalView

The architecture above is the first iteration which covers all business requirements.

Deployment Overview DeploymenView

Further recommendations

  • Add Cognito service to decouple user management and authentication and the rest of the service
  • Add WAF before ALB to filter the traffic and add more security
  • Add a Route53 Alias record to have a static URL for the service
  • Add a SecretsManager secret to rotate and secure access to the DB
  • Implement an Organizations tree of accounts to separate workloads by the stage

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages