DEV Community

Cover image for AWS Cloud Path Week 9 - Permissions and Autoscaling in AWS CDK
AWS Community Builders profile image Elizabeth Adeotun Adegbaju
Elizabeth Adeotun Adegbaju for AWS Community Builders

Posted on

AWS Cloud Path Week 9 - Permissions and Autoscaling in AWS CDK

#programming #aws #cloud #cdk

Welcome back, cloud builders! πŸš€ This week, we tackled Permissions and Autoscaling in AWS CDK. These are essential for ensuring that our infrastructure remains secure and scalable. But, as with any real-world deployment, we ran into some issues. Keep reading to see how we fixed them ;)

Week 9 Highlights

Permissions are the backbone of AWS security. We explored how AWS CDK integrates with IAM (Identity and Access Management) to define fine-grained access controls for our resources, then set up autoscaling as opposed to our single instance setup. Specifically, we:

βœ… Spent some time learning about IAM permissions in the beginning
βœ… Defined IAM roles and policies in our CDK stack
βœ… Used managed policies to simplify permission management
βœ… Added an Auto Scaling Group (ASG) to our EC2 instances

Debugging and Fixing Our App Deployment

After deploying our infrastructure, we encountered an issue where our web app won't load because targets were unhealthy. Here’s what went wrong and how we fixed it:

  1. 🚨 Issue 1: Our userdata script (which runs on instance creation to download files and start the web server) wasn’t executing correctly. This downloads all the necessary files and sets up our webserver, if our webserver is not started properly on the instance our health check will always fail.
    βœ… Fix: Removing the empty line at the beginning of the userdata script resolved this issue and the userdata executes as planned.

  2. 🚨 Issue 2: Our servers were placed in PRIVATE_ISOLATED subnets, which prevented them from downloading required files from the internet via the NAT Gateway.
    βœ… Fix: Changing the subnet type to PRIVATE_WITH_EGRESS allowed outbound internet access while keeping our instances private.

Missed the session? Catch up here:

  1. πŸ’» GitHub Repo: AWS 101 CDK Project (week-9 branch!)
  2. πŸ“Ί Session Recording:

References for this week:

πŸ“– Policies and Permissions in AWS IAM
πŸ“– Permissions and AWS CDK

Prepare for Next Week:

Next week, we shift focus to Amazon VPC (Virtual Private Cloud) as we start to explore the networking layer of AWS. To get ahead, check out these resources:

πŸ”Ή How Amazon VPC works
πŸ”Ή Infrastructure Security in Amazon VPC
πŸ”Ή Security Best Practices for your VPC

Stay updated! Join our WhatsApp community for updates.

See you next week!

Heroku
 Promoted

Heroku

Simplify your DevOps and maximize your time.

Since 2007, Heroku has been the go-to platform for developers as it monitors uptime, performance, and infrastructure concerns, allowing you to focus on writing code.

Learn More

Top comments (0)

AWS Community Builders

Create a simple OTP system with AWS Serverless cover image

Create a simple OTP system with AWS Serverless

Implement a One Time Password (OTP) system with AWS Serverless services including Lambda, API Gateway, DynamoDB, Simple Email Service (SES), and Amplify Web Hosting using VueJS for the frontend.

Read full post

Read next

aman_kureshi_ profile image

React useEffect: The Power of Side Effects! ⚑

Aman Kureshi -

flashblaze profile image

Using Cloudflare Durable Objects with SQL Storage, D1, and Drizzle ORM

Neeraj Lagwankar -

yyarmoshyk profile image

The cost of self-hosted LLM model in AWS

Yaroslav Yarmoshyk -

arpadt profile image

Using YubiKeys for passwordless authentication in Cognito user pools

Arpad Toth -

πŸ‘‹ Kindness is contagious

Please leave a ❀️ or a friendly comment on this post if you found it helpful!

Okay