技术方案-AWS-AWS GitHub + Codepipline + ECR + ECS + Load Balancer + EC2 + RDS + Redis project setup workflow for follow paris
IAM
- Create a IAM user
- Login as new IAM user
- Generate password and access_key
Region
- Paris (eu-west-3)
Related services
GitHub + Codepipline + ECR + ECS + Load Balancer + EC2 + RDS + ElastiCache
Request Public certificate for HTTPS
*.api.followparis.com
*.stg.api.followparis.com
*.prod.api.followparis.com
Add CNAME records of domain in Route 53
Set DNS settings -> OK
Create ECR
No work with the build from Mac M1 (arm)
Create repository
name: follow-paris-backend-node-js-prod-ecr
Comands
Check AWS CLI
aws ecr get-login-password --region eu-west-3 | docker login --username AWS --password-stdin 125894042607.dkr.ecr.eu-west-3.amazonaws.com
Build docker image
docker build -t follow-paris-backend-node-js .
docker tag follow-paris-backend-node-js:latest 125894042607.dkr.ecr.eu-west-3.amazonaws.com/follow-paris-backend-node-js:latest
Push docker image
docker push 125894042607.dkr.ecr.eu-west-3.amazonaws.com/follow-paris-backend-node-js:latest
ECS + Load Balancer + EC2
Create EC2 key pair
name of key: follow-paris-key-v3
Create Security for Load balancer
name: follow-paris-backend-ALB-security-group
Create Target Group then register one nstance
name: follow-paris-backend-target-8080
Create Load balancer
Select “Application Load Balancer”
name: follow-paris-backend-ALB
Set redirect from 80 to 443 port
Create Security for ECS Cluster
name: follow-paris-ecs-backend-cluster-security-group
Create ECS Cluster
Cluster name: follow-paris-backend-node-js-prod-cluster
to-delete-[[screencapture-eu-west-3-console-aws-amazon-ecs-home-2023-06-17-17_49_11.png]]
Create ECS Task (Do codePipline first then go back, deploy settings need ECS task)
Task name: follow-paris-bakcend-node-js-prod-task Container name: follow-paris-backend-node-js-container
The memory need to be .879 GB to avoid lack of memory issue.
Create ECS Service by ECS Task
Name: follow-paris-bakcend-node-js-service
GitHub + CodePipeline + ECR
Create Parameter Store in AWS
Systems Manager
- My Parameters - Jiean-MacBook-Pro-14-ssh-id_rsa - Jiean-MacBook-Pro-14-ssh-id_rsa-pub
Create CodePipeline
Step 1 Choose pipeline settings
Pipeline name: follow-paris-backend-node-js-prod-pipeline
Role name: AWSCodePipelineServiceRole-[eu-west-3]-follow-paris-backend-role
Step 2 source stage
step 3 Add build stage
Select AWS CodeBuild, Region
Create Build project
name: follow-paris-backend-node-js-prod-code-build Managed image Amazon Linux 2 - standard - :5.0 Role name: codebuild-role-follow-paris-backend-node-js-prod [x, not sure for this check] Check - Enable this flag if you want to build Docker images or want your builds to get elevated privileges configuration/buildspec.prod.yml
version: 0.2
env:
# git-credential-helper: yes
variables:
git_url: '[email protected]:FollowParis/follow-paris-common.git'
parameter-store:
ssh_key: Jiean-MacBook-Pro-14-id_rsa
ssh_pub: Jiean-MacBook-Pro-14-id_rsa_pub
phases:
pre_build:
commands:
- echo init follow-paris-common submodule...
- mkdir -p ~/.ssh
- echo "$ssh_key" > ~/.ssh/id_rsa
- echo "$ssh_pub" > ~/.ssh/id_rsa.pub
- chmod 600 ~/.ssh/id_rsa
- eval "$(ssh-agent -s)"
- git submodule update --init --recursive
- echo Logging in to Amazon ECR...
- aws --version
- AWS_DEFAULT_REGION=eu-west-3
- AWS_PASSWORD_STDIN=125894042607.dkr.ecr.eu-west-3.amazonaws.com
- aws ecr get-login-password --region $AWS_DEFAULT_REGION | docker login --username AWS --password-stdin $AWS_PASSWORD_STDIN
- REPOSITORY_URI=125894042607.dkr.ecr.eu-west-3.amazonaws.com/follow-paris-backend-node-js
- COMMIT_HASH=$(echo $CODEBUILD_RESOLVED_SOURCE_VERSION | cut -c 1-7)
- IMAGE_TAG=${COMMIT_HASH:=latest}
build:
commands:
- echo Build started on `date`
- echo Building the Docker image...
- docker build -f Dockerfile-prod -t $REPOSITORY_URI:latest .
- docker tag $REPOSITORY_URI:latest $REPOSITORY_URI:$IMAGE_TAG
post_build:
commands:
- echo Build completed on `date`
- echo Pushing the Docker images...
- echo $REPOSITORY_URI:latest
- docker push $REPOSITORY_URI:latest
- echo $REPOSITORY_URI:$IMAGE_TAG
- docker push $REPOSITORY_URI:$IMAGE_TAG
- echo Writing image definitions file...
- printf '[{"name":"follow-paris-backend-node-js-container","imageUri":"%s"}]' $REPOSITORY_URI:$IMAGE_TAG > imagedefinitions.json
artifacts:
files: imagedefinitions.json
Complete step 3
Permission setup for build role
Role name: codebuild-role-follow-paris-backend-node-js-prod Permission name: follow-paris-get-parameters-store
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": ["ssm:GetParameters"],
"Resource": "arn:aws:ssm:eu-west-3:058264371409:parameter/*"
}
]
}
Permission: follow-paris-use-github-connection
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"codestar-connections:ListTagsForResource",
"codestar-connections:UseConnection",
"codestar-connections:GetConnection",
"codestar-connections:DeleteConnection",
"codestar-connections:TagResource",
"codestar-connections:UntagResource"
],
"Resource": "arn:aws:codestar-connections:eu-west-3:058264371409:connection/24b1e19f-b5ea-446b-b30f-fbdd058323df"
}
]
}
Permission: AmazonEC2ContainerRegistryFullAccess (AWS managed) for access ECR(Elastic Container Registry)
Step 4 Add deploy stage
Image definitions file: imagedefinitions.json
Review 4 steps
Manual workflow
- CodePipeline (start)
- CloudFormation (EC2 instance: 1 → 2)
- CodePipeline (Done)
- ECS Service (task number: 1 → 2)
- CloudFormation (EC2 instance: 1 → 2)
- ECS Service (task number: 2 → 1)
Addition: Update Database and redis
AWS RDS - database -create new
Create security group for database
name: follow-paris-database-security-group
Create postgreSQL database
Databse name: follow-paris-prod-v3
AWS RDS - restore database by snapshot
AWS ElastiCache - redis
Create security group for database
Create redis (x)
name: follow-paris-backend-prod-redis
Cluster settings
Advanced settings
Review
