Skip to content
This repository was archived by the owner on May 17, 2024. It is now read-only.

Files

Latest commit

 

History

History
94 lines (73 loc) · 2.75 KB

README.md

File metadata and controls

94 lines (73 loc) · 2.75 KB

Issuer Tool infra for AWS

This project helps to setup issuer-tool to AWS. The backend is deployed as single-container Elastic Beanstalk application and frontend via S3 bucket and CloudFront proxy.

Note! "<>" indicates example value, and shouldn't be included in values you define.

  1. Install dependencies

    npm install -g typescript
npm install -g aws-cdk
npm install

  2. Install AWS CLI

  3. Create codestar connection to GitHub

  4. Define environment variables for initializing AWS pipeline

    # AWS related
export AWS_DEFAULT_REGION=<AWS_REGION>
export AWS_ACCESS_KEY_ID=<AWS_ACCESS_KEY>
export AWS_SECRET_ACCESS_KEY=<AWS_SECRET_ACCESS_KEY>
export CDK_DEFAULT_REGION=<AWS_REGION>
export CDK_DEFAULT_ACCOUNT=<AWS_ACCOUNT_NUMBER>

# github connection arn
export GITHUB_CONNECTION_ARN=<arn:aws:codestar-connections:us-east-1:xxx:connection/xxx>
# app root domain
export DOMAIN_NAME=<example.com>
# app sub domain part
export SUB_DOMAIN_NAME=<issuer-tool>
# SSI wallet domain
export WALLET_DOMAIN_NAME=<wallet.example.com>

  5. Store pipelines parameters to AWS

    ./tools/init.sh

  6. Bootstrap, first synth and store context to AWS params

    cdk bootstrap
cdk synth
npm run pipeline:context

  7. Save secrets for service runtime functionality.

    Define following variables:

     export ISSUER_TOOL_OUR_HOST="<https://issuer-tool.example.com>"
 # Dynamo DB connection
 export ISSUER_TOOL_STORAGE_HOST="<https://dynamodb.<region>.amazonaws.com>"
 export ISSUER_TOOL_STORAGE_REGION="<region>"
 # Github authentication integration
 export ISSUER_TOOL_GITHUB_USERNAME="<github-user>"
 export ISSUER_TOOL_GITHUB_CLIENT_ID="<github-client-id>"
 export ISSUER_TOOL_GITHUB_CLIENT_SECRET="<github-client-secret>"
 # Frontend URL
 export ISSUER_TOOL_REDIRECT_URL="<https://issuer-tool.example.com>"
 # Allowed email domains
 export ISSUER_TOOL_AUTH_ALLOWED_DOMAINS='<[\"op.fi\"]>'
 # JWT secret
 export ISSUER_TOOL_JWT_SHARED_SECRET="<random_string>"
 # Agency integration
 export ISSUER_TOOL_AGENCY_AUTH_URL="<https://url.to.auth.server>"
 export ISSUER_TOOL_AGENCY_USER_NAME="<unique-agency-user-name>"
 export ISSUER_TOOL_AGENCY_KEY="<sw-authenticator-key>"
 export ISSUER_TOOL_SERVER_ADDRESS="<agency.address>"

    Save secrets to secret manager:

    ./scripts/store-secrets.sh

  8. Deploy pipeline

    cdk deploy

  9. Open pipelines at AWS console and see that the pipeline succeeds. Following changes to the app or infra are deployed automatically by the pipeline.