The accompanying diagram illustrates the architecture of our deployed infrastructure, showcasing the relationships between key components. While the CDK stacks deploy infrastructure inside AWS Cloud, for external components like the DNS provider (ClouDNS), we will need to execute manual steps, highlighted in the following diagram
- AWS account credentials
- NodeJS installation https://nodejs.org/en/download/
After getting AWS credentials, you will need to make sure that you pick the right ones(if you have more than one):
aws configure list-profiles
export AWS_DEFAULT_PROFILE=xxxxxxxxxx
export AWS_DEFAULT_REGION=us-east-1
Confirm AWS credentials are working by running the following commands:
aws configure list
aws sts get-caller-identity
Warning Update the default public DNS domain (subdomain-2.subdomain-1.cloudns.ph) with your own domain name.
In ClouDNS set up the following:
- Create a free DNS Hosted Zone (Example case: subdomain-xx.cloudns.ph)
In this GitHub repository, update the configuration file with your own public domain name.
- DNS_ZONE_NAME: "subdomain-2.subdomain-xx.cloudns.ph"
export const AppConfig = {
VPC_NAME: 'vpc-web-container',
CLUSTER_NAME: 'fargate-cluster-web-container',
APP_NAME: 'app-region-evacuation',
DNS_ZONE_NAME: 'subdomain-2.subdomain-1.cloudns.ph',
INTERNAL_DNS: 'web-container',
DOCKER_IMAGE: 'jaimenavarro/web-container'
};
These are the following steps to build the project:
- Make sure you are in the right folder
cd infrastructure/blog_post_2
- Install javascript dependencies
npm install -dd
npm run build -dd
- It sets up the necessary AWS resources and configurations required to deploy your CDK stacks in CloudFormation.
npx cdk bootstrap --region us-east-1
- AWS CDK Synth the project
npx cdk context --clear
npx cdk synth
This command will deploy the basic infrastructure in region us-east-1:
- Creates a VPC that spans a whole region. It will automatically divide the provided VPC CIDR range, and create public and private subnets per Availability Zone. Network routing for the public subnets will be configured to allow outbound access directly via an Internet Gateway. Network routing for the private subnets will be configured to allow outbound access via a set of resilient NAT Gateways (one per AZ).
- Fargate cluster
- Route53 DNS public zone
npx cdk deploy stage-1/* --require-approval never
You can review the status of your CDK deployment from AWS console CloudFormation
Go to AWS Route 53 the hosted zone created in the previous step. Copy the NS records related to the authoritative DNS servers.
- Example values:
ns-231.awsdns-28.com.
ns-1965.awsdns-53.co.uk.
ns-1055.awsdns-03.org.
ns-724.awsdns-26.net.
Go to your account in ClouDNS and open your free DNS zone (For our example was subdomain-xx.cloudns.ph). We will add four NS records, one for each authoritative DNS servers
- Type: NS record
- Host: subdomain-2.subdomain-xx.cloudns.ph
- Points to: ns-231.awsdns-28.com
You can confirm that the NS records are working fine by using the following online tool. Keep in mind to use your own domain name. (For our example was subdomain-xx.cloudns.ph)
After creating basic infrastructure in the previous step we need to recreate the file cdk.context.json, which keeps information of the infrastructure in AWS, for that purpose we will use the following commands:
npx cdk context --clear
npx cdk synth
In this step, we will deploy web container tasks (web-server-container) in Fargate Cluster and its related infrastructure in (us-east-1):
- Deploys the web container tasks in Fargate Cluster
- Creates a public certificate in ACM. ( Step 6 needs to be working)
- Creates Application Load Balancer with the previously created certificate
- Creates Route53 DNS records to reach the web container.
npx cdk deploy stage-2/* --require-approval never
You can review the status of your CDK deployment from AWS console CloudFormation
You can use the following online resources to confirm that your public endpoint is available and the certificate is valid.
Warning Update the following domains with your own domain name.
- Online DNS validation tool: https://dnschecker.org/#A/web-container-us-east-1.subdomain-2.subdomain-1.cloudns.ph
- Online SSL/TLS validation tool: https://www.sslshopper.com/ssl-checker.html#hostname=https://web-container-us-east-1.subdomain-2.subdomain-1.cloudns.ph/
curl -v https://web-container-us-east-1.subdomain-2.subdomain-1.cloudns.ph
In order to remove all the resources go to your cloudformation console and delete the stacks in the inverse order:
- Remove the DNS records with type CNAME in Route 53 created by Certificates Manager
- Execute the following commands:
npx cdk destroy stage-2/* stage-1/*