DEV Community: Franco Cerutti The latest articles on DEV Community by Franco Cerutti (@cheru94). https://dev.to/cheru94 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F1125333%2F7099d475-3c2c-4703-ab4f-3cf97f34f11c.jpeg DEV Community: Franco Cerutti https://dev.to/cheru94 en Onion Architecture in AWS Lambdas with TypeScript: A Practical Guide with Tradeoffs Franco Cerutti Tue, 28 Nov 2023 11:53:32 +0000 https://dev.to/cheru94/onion-architecture-in-aws-lambdas-with-typescript-a-practical-guide-with-tradeoffs-29h3 https://dev.to/cheru94/onion-architecture-in-aws-lambdas-with-typescript-a-practical-guide-with-tradeoffs-29h3 <h2> Introduction </h2> <p>In the realm of software development, the Onion Architecture, also known as the Ports and Adapters pattern, has emerged as a popular design approach for building modular, maintainable, and testable applications. This architectural style encapsulates core business logic within a distinct layer, shielding it from external dependencies and facilitating seamless integration with various external adapters.</p> <p>AWS Lambda, a serverless computing service offered by Amazon Web Services (AWS), provides a compelling platform for deploying event-driven applications. However, effectively implementing the Onion Architecture within Lambda functions can introduce certain tradeoffs that warrant careful consideration.</p> <p>This essay delves into the intricacies of applying Onion Architecture in AWS Lambdas using TypeScript, highlighting the associated benefits and drawbacks. It aims to equip developers with a comprehensive understanding of this architectural approach and its practical implications within the serverless context.</p> <h2> Embracing Onion Architecture in AWS Lambdas with TypeScript </h2> <p>The Onion Architecture, when applied to AWS Lambdas using TypeScript, offers several advantages:</p> <h3> Encapsulation and Modularity </h3> <p>The core business logic, encapsulated within the inner layers of the onion, remains shielded from external dependencies, promoting modularity and reusability of code components.</p> <h3> Testability </h3> <p>By isolating the business logic, unit testing becomes more straightforward, as test cases can focus on the core functionality without the distractions of external dependencies.</p> <h3> Adaptability </h3> <p>The outer layers, responsible for interacting with external systems, can be easily adapted to accommodate different technologies and frameworks, enhancing the application's flexibility.</p> <p>To implement Onion Architecture in AWS Lambdas with TypeScript, consider the following steps:</p> <h3> Define Core Domain Layer </h3> <p>Create a TypeScript module to house the core domain entities, value objects, and business rules. This layer is the heart of the application and should be independent of any external dependencies.</p> <h3> Establish Application Layer </h3> <p>Implement the application layer, responsible for orchestrating the core domain logic. This layer interacts with the core domain through interfaces and abstracts away the underlying implementation details.</p> <h3> Design Infrastructure Layer </h3> <p>Encapsulate the interaction with external systems, such as databases, APIs, or messaging queues, within the infrastructure layer. This layer utilizes the application layer's interfaces to communicate with the core domain.</p> <h2> Tradeoffs of Onion Architecture in AWS Lambdas </h2> <p>While the Onion Architecture offers significant benefits, it also introduces certain tradeoffs:</p> <h3> Increased Complexity </h3> <p>The layered structure adds complexity to the codebase, potentially increasing the learning curve for new developers.</p> <h3> Careful Dependency Management </h3> <p>Managing dependencies between layers requires careful planning to avoid circular dependencies and ensure proper initialization.</p> <h2> Code Examples </h2> <p>To illustrate the implementation of Onion Architecture in AWS Lambdas with TypeScript, consider the following code snippets:</p> <h3> Domain Layer </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>interface IUser { id: string; name: string; email: string; } class User implements IUser { id: string; name: string; email: string; constructor(id: string, name: string, email: string) { this.id = id; this.name = name; this.email = email; } } </code></pre> </div> <h3> Application Layer </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>class UserService { private readonly userRepository: IUserRepository; constructor(userRepository: IUserRepository) { this.userRepository = userRepository; } async getUser(userId: string): Promise&lt;User&gt; { const userData = await this.userRepository.getUserById(userId); return new User(userData.id, userData.name, userData.email); } } </code></pre> </div> <h3> Infrastructure Layer </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>class UserRepositoryImpl implements IUserRepository { async getUserById(userId: string): Promise&lt;UserData&gt; { // Implement database interaction to fetch user data } } </code></pre> </div> <h2> Conclusion </h2> <p>Onion Architecture, when implemented effectively, can significantly enhance the modularity, testability, and adaptability of AWS Lambda applications. However, it is crucial to carefully consider the potential tradeoffs, such as increased complexity and performance overhead, before adopting this architectural approach.</p> <p>TypeScript provides a powerful type system that can effectively support the implementation of Onion Architecture, ensuring type safety and reducing the risk of runtime errors. By leveraging TypeScript's capabilities, developers can confidently apply Onion Architecture to build robust and maintainable serverless applications on AWS Lambda.</p> <p>Hope you like it and makes some changes in your daily basis</p> aws architecture devrel serverless How to Create a Login for your WebApp with AWS Cognito Using OAuth 2.0 Franco Cerutti Mon, 31 Jul 2023 14:47:59 +0000 https://dev.to/cheru94/how-to-create-a-login-for-your-webapp-with-aws-cognito-using-oauth-20-2fip https://dev.to/cheru94/how-to-create-a-login-for-your-webapp-with-aws-cognito-using-oauth-20-2fip <h2> What is AWS Cognito </h2> <p>Amazon Cognito is an identity platform for web and mobile apps. It’s a user directory, an authentication server, and an authorization service for OAuth 2.0 access tokens and AWS credentials. </p> <p>You can authenticate and authorize users from the built-in user directory, from your enterprise directory, and from consumer identity providers like Google and Facebook.</p> <h2> Context </h2> <p>The application is going to be a webApplication where needs a login/SignUP feature, and the scope of this is to integrate the cognito user pools with Google federated Identities from Infrastructure as Code using Pulumi</p> <h2> Step to integrate AWS Cognito </h2> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fymqmwuols45ejv9gygo3.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fymqmwuols45ejv9gygo3.png" alt="AWS Cognito User Pool Diagram"></a></p> <h3> Define the User Pool </h3> <p>Create a user pool when you want to authenticate and authorize users to your app or API. User pools are a user directory with both self-service and administrator-driven user creation, management, and authentication</p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code> <span class="kd">const</span> <span class="nx">userPool</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">aws</span><span class="p">.</span><span class="nx">cognito</span><span class="p">.</span><span class="nc">UserPool</span><span class="p">(</span> <span class="s2">`</span><span class="p">${</span><span class="nx">appShortName</span><span class="p">}</span><span class="s2">-user-pool-</span><span class="p">${</span><span class="nx">NODE_ENV</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="p">{</span> <span class="na">autoVerifiedAttributes</span><span class="p">:</span> <span class="p">[</span><span class="dl">'</span><span class="s1">email</span><span class="dl">'</span><span class="p">],</span> <span class="na">emailConfiguration</span><span class="p">:</span> <span class="p">{</span> <span class="na">replyToEmailAddress</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">REPLY_EMAIL_ADDRESS</span><span class="p">,</span> <span class="na">emailSendingAccount</span><span class="p">:</span> <span class="dl">'</span><span class="s1">COGNITO_DEFAULT</span><span class="dl">'</span><span class="p">,</span> <span class="p">},</span> <span class="na">mfaConfiguration</span><span class="p">:</span> <span class="dl">'</span><span class="s1">OPTIONAL</span><span class="dl">'</span><span class="p">,</span> <span class="na">softwareTokenMfaConfiguration</span><span class="p">:</span> <span class="p">{</span> <span class="na">enabled</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="p">},</span> <span class="na">accountRecoverySetting</span><span class="p">:</span> <span class="p">{</span> <span class="na">recoveryMechanisms</span><span class="p">:</span> <span class="p">[</span> <span class="p">{</span> <span class="na">name</span><span class="p">:</span> <span class="dl">'</span><span class="s1">verified_email</span><span class="dl">'</span><span class="p">,</span> <span class="na">priority</span><span class="p">:</span> <span class="mi">1</span><span class="p">,</span> <span class="p">},</span> <span class="p">{</span> <span class="na">name</span><span class="p">:</span> <span class="dl">'</span><span class="s1">verified_phone_number</span><span class="dl">'</span><span class="p">,</span> <span class="na">priority</span><span class="p">:</span> <span class="mi">2</span><span class="p">,</span> <span class="p">},</span> <span class="p">],</span> <span class="p">},</span> <span class="na">adminCreateUserConfig</span><span class="p">:</span> <span class="p">{</span> <span class="na">allowAdminCreateUserOnly</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="p">},</span> <span class="p">}</span> <span class="p">);</span> </code></pre> </div> <h3> Create Federated Identities Provider </h3> <p>In this case we're going to create a Goggle Identity, and we defined the provider configuration </p> <p>Before continuing with the Infrastructure in Pulumi we need to go to GCP Console and make the next config.</p> <h3> GCP Config </h3> <p>Once you're in the Console, go to API &amp; Services, Credentials, create a Oauth Client, declare mocked URL and continue. This you will need to modify once you have your Cognito DNS. </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code> <span class="kd">const</span> <span class="nx">googleCredentials</span> <span class="o">=</span> <span class="p">{</span> <span class="na">clientId</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">GOOGLE_CREDENTIALS_CLIENT_ID</span><span class="p">,</span> <span class="na">clientSecret</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">GOOGLE_CREDENTIALS_CLIENT_SECRET</span><span class="p">,</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">googleProvider</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">aws</span><span class="p">.</span><span class="nx">cognito</span><span class="p">.</span><span class="nc">IdentityProvider</span><span class="p">(</span> <span class="s2">`</span><span class="p">${</span><span class="nx">appShortName</span><span class="p">}</span><span class="s2">-identity-google-provider-</span><span class="p">${</span><span class="nx">NODE_ENV</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="p">{</span> <span class="na">providerName</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Google</span><span class="dl">'</span><span class="p">,</span> <span class="na">userPoolId</span><span class="p">:</span> <span class="nx">userPool</span><span class="p">.</span><span class="nx">id</span><span class="p">,</span> <span class="na">providerType</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Google</span><span class="dl">'</span><span class="p">,</span> <span class="na">providerDetails</span><span class="p">:</span> <span class="p">{</span> <span class="na">client_id</span><span class="p">:</span> <span class="nx">googleCredentials</span><span class="p">.</span><span class="nx">clientId</span><span class="p">,</span> <span class="na">client_secret</span><span class="p">:</span> <span class="nx">googleCredentials</span><span class="p">.</span><span class="nx">clientSecret</span><span class="p">,</span> <span class="na">authorize_scopes</span><span class="p">:</span> <span class="dl">'</span><span class="s1">email profile openid</span><span class="dl">'</span><span class="p">,</span> <span class="p">},</span> <span class="na">attributeMapping</span><span class="p">:</span> <span class="p">{</span> <span class="na">email</span><span class="p">:</span> <span class="dl">'</span><span class="s1">email</span><span class="dl">'</span><span class="p">,</span> <span class="na">username</span><span class="p">:</span> <span class="dl">'</span><span class="s1">sub</span><span class="dl">'</span><span class="p">,</span> <span class="p">},</span> <span class="p">}</span> <span class="p">);</span> </code></pre> </div> <h3> Create the Client App for the User Pool </h3> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code> <span class="kd">const</span> <span class="nx">userPoolClient</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">aws</span><span class="p">.</span><span class="nx">cognito</span><span class="p">.</span><span class="nc">UserPoolClient</span><span class="p">(</span> <span class="s2">`</span><span class="p">${</span><span class="nx">appShortName</span><span class="p">}</span><span class="s2">-user-pool-client-</span><span class="p">${</span><span class="nx">NODE_ENV</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="p">{</span> <span class="na">userPoolId</span><span class="p">:</span> <span class="nx">userPool</span><span class="p">.</span><span class="nx">id</span><span class="p">,</span> <span class="na">callbackUrls</span><span class="p">:</span> <span class="p">[</span><span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">CALLBACK_WEB_APP_URL</span><span class="p">],</span> <span class="na">logoutUrls</span><span class="p">:</span> <span class="p">[</span><span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">LOGOUT_WEB_APP_URL</span><span class="p">],</span> <span class="na">explicitAuthFlows</span><span class="p">:</span> <span class="p">[</span> <span class="dl">'</span><span class="s1">ALLOW_USER_SRP_AUTH</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">ALLOW_REFRESH_TOKEN_AUTH</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">ALLOW_CUSTOM_AUTH</span><span class="dl">'</span><span class="p">,</span> <span class="p">],</span> <span class="na">allowedOauthFlowsUserPoolClient</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="na">allowedOauthScopes</span><span class="p">:</span> <span class="p">[</span><span class="dl">'</span><span class="s1">profile</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">openid</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">email</span><span class="dl">'</span><span class="p">],</span> <span class="na">allowedOauthFlows</span><span class="p">:</span> <span class="p">[</span><span class="dl">'</span><span class="s1">code</span><span class="dl">'</span><span class="p">],</span> <span class="na">supportedIdentityProviders</span><span class="p">:</span> <span class="p">[</span><span class="dl">'</span><span class="s1">COGNITO</span><span class="dl">'</span><span class="p">,</span> <span class="nx">googleProvider</span><span class="p">.</span><span class="nx">providerName</span><span class="p">],</span> <span class="p">}</span> <span class="p">);</span> </code></pre> </div> <p>Here you have declared the OauthFlows, Scopes and Providers that your Cognito IDP will support.</p> <h3> Deploy </h3> <p>Deploy the infrastructure to AWS</p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> pulumi up </code></pre> </div> <h3> AWS Config </h3> <p>Go to the AWS Cognito, in the AWS Console, fetch the one created recently.</p> <p>Navigate to the App integration tab for your user pool.</p> <p>Next to Domain, choose Actions and select Create custom domain or Create Amazon Cognito domain. If you have already configured a user pool domain, choose Delete Amazon Cognito domain or Delete custom domain before creating your new custom domain.</p> <p>Enter an available domain prefix to use with a Amazon Cognito domain</p> <p>Choose Create.</p> <h3> Verify DNS </h3> <p>Verify that the sign-in page is available from your Amazon Cognito hosted domain.</p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> https://&lt;your_domain&gt;/login?response_type=code&amp;client_id=&lt;your_app_client_id&gt;&amp;redirect_uri=&lt;your_callback_url&gt; </code></pre> </div> <p>Your domain is shown on the Domain name page of the Amazon Cognito console. Your app client ID and callback URL are shown on the App client settings page.</p> <h3> Summary </h3> <p>With that being done, you will have a functional Authorization &amp; Authentication with Google Federated Identities using OAuth 2.0 from Infrastructure as Code.</p> <p>This is a guide from and for the community </p> <p>Hope you like it!</p> aws devops security typescript Lift and Shift to AWS with IaC Franco Cerutti Mon, 24 Jul 2023 11:54:21 +0000 https://dev.to/cheru94/lift-and-shift-to-aws-with-iac-386k https://dev.to/cheru94/lift-and-shift-to-aws-with-iac-386k <h2> What is Lift and Shift? </h2> <p>Lift and Shift, or re-hosting, is one of the strategies to migrate existing applications into the cloud, where the application is not modified, only the hosting platform is changed. </p> <p>Check the next link for the 6'R of migrations: <a href="https://aws.amazon.com/blogs/enterprise-strategy/6-strategies-for-migrating-applications-to-the-cloud/">AWS Docs</a></p> <p>In this article case we're going to see the Open Source project of E-Commerce <a href="https://medusajs.com/">Medusa</a> Backend Server and an Admin Panel</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--lT29-8wH--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/j4zp0oyce11hdshyvsj4.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--lT29-8wH--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/j4zp0oyce11hdshyvsj4.png" alt="Medusa Architecture" width="800" height="495"></a></p> <h2> What is Medusa? </h2> <p>Medusa is an open source project for building blocks of e-commerce, in order to not re-invent the wheel, which provides a extensive API's, Backoffice and the UI using SSR/SSG with Next.JS</p> <h2> How to migrate to AWS? </h2> <p>To migrate to AWS, we have to make some considerations before dropping that artifact in a compute and expose it with a DNS.</p> <h3> Considerations when migrating to AWS </h3> <h4> 1 - Operations </h4> <p>What things do we need to keep running in order to sustain the platform?</p> <h4> 2 - Security </h4> <p>What security assessment or compliances i need to be comply to?</p> <h4> 3 - Costs </h4> <p>What is my monthly and annually budget?</p> <h4> 4 - Performance </h4> <p>Which is my desired traffic, or user consumption business goal?</p> <h4> 5 - Availability </h4> <p>How is my application going to be available in case of a cloud provider failure?</p> <p><strong>6 - Resillience</strong></p> <p>Is my application going to be ready to fail, and keep running?</p> <p>With that being said we can choose the right resources in AWS to make this lift-shift migration strategy</p> <p><strong>Ready?</strong></p> <p>Let's migrate.</p> <h2> Steps to migrate to AWS </h2> <h3> Install Dependencies </h3> <p><code>npm install @medusajs/medusa-cli -g</code></p> <h3> Create the Medusa Backend Server </h3> <p><code>medusa new my-medusa-store</code></p> <h3> Dockerize the application </h3> <p>You can use the next Docker, i recommend to make this one with Multi-stage pattern for PROD and keep the platform in case the CI is running on arm64 if not, remove it<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight docker"><code><span class="k">FROM</span><span class="s"> --platform=linux/amd64 public.ecr.aws/docker/library/node:lts</span> <span class="c"># Create app directory</span> <span class="k">WORKDIR</span><span class="s"> /usr/src/app</span> <span class="c"># Bundle app source</span> <span class="k">COPY</span><span class="s"> . .</span> <span class="k">RUN </span>npm <span class="nb">install</span> <span class="c"># If you are building your code for production</span> <span class="c"># RUN npm ci --omit=dev</span> <span class="k">EXPOSE</span><span class="s"> 80</span> <span class="k">CMD</span><span class="s"> [ "node", "index.js" ]</span> </code></pre> </div> <h3> Build Docker and Run it Locally </h3> <p><code>docker build -f ./Dockerfile. -t &lt;myImage&gt; --no-cache</code></p> <p><code>docker run &lt;myImage&gt; -p 80:80</code></p> <h3> Deploy to AWS </h3> <p>For this architecture we decided to go with AWS ECS Launch Type Fargate, since the business needs a fully managed container service orchestration to handle the deployment, load balancing, where Amazon ECS will launch, monitor, and scale your application across flexible compute options with automatic integrations to other supporting AWS services that your application needs</p> <p>*<em>How we are going to deploy *</em></p> <p>For deployment we're going to use best practice DevOps using Infrastructure as Code ( IaC ) with Pulumi</p> <p>Run the next code at the root level</p> <p><code>pulumi new aws-typescript --dir ./infra</code></p> <p>First we need to create Roles, Repository of ECR and Image for our Docker<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="o">*</span> <span class="k">as</span> <span class="nx">pulumi</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">@pulumi/pulumi</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="o">*</span> <span class="k">as</span> <span class="nx">aws</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">@pulumi/aws</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="o">*</span> <span class="k">as</span> <span class="nx">awsx</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">@pulumi/awsx</span><span class="dl">"</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">imageName</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">medusa-ecr-image</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">repositoryName</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">medusa-ecr-repository</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">repository</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">awsx</span><span class="p">.</span><span class="nx">ecr</span><span class="p">.</span><span class="nx">Repository</span><span class="p">(</span><span class="nx">repositoryName</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">imageArgs</span><span class="p">:</span> <span class="nx">awsx</span><span class="p">.</span><span class="nx">ecr</span><span class="p">.</span><span class="nx">ImageArgs</span> <span class="o">=</span> <span class="p">{</span> <span class="na">dockerfile</span><span class="p">:</span> <span class="dl">'</span><span class="s1">../dockerfile</span><span class="dl">'</span><span class="p">,</span> <span class="na">path</span><span class="p">:</span> <span class="dl">'</span><span class="s1">../</span><span class="dl">'</span><span class="p">,</span> <span class="na">repositoryUrl</span><span class="p">:</span> <span class="nx">repository</span><span class="p">.</span><span class="nx">url</span><span class="p">,</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">dockerImage</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">awsx</span><span class="p">.</span><span class="nx">ecr</span><span class="p">.</span><span class="nx">Image</span><span class="p">(</span><span class="nx">imageName</span><span class="p">,</span> <span class="nx">imageArgs</span><span class="p">);</span> <span class="c1">// Define the Log Group Creator IAM</span> <span class="kd">const</span> <span class="nx">logGroupCreatorPolicy</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">aws</span><span class="p">.</span><span class="nx">iam</span><span class="p">.</span><span class="nx">Policy</span><span class="p">(</span><span class="dl">"</span><span class="s2">logGroupCreatorPolicy</span><span class="dl">"</span><span class="p">,</span> <span class="p">{</span> <span class="na">policy</span><span class="p">:</span> <span class="nx">JSON</span><span class="p">.</span><span class="nx">stringify</span><span class="p">({</span> <span class="na">Version</span><span class="p">:</span> <span class="dl">"</span><span class="s2">2012-10-17</span><span class="dl">"</span><span class="p">,</span> <span class="na">Statement</span><span class="p">:</span> <span class="p">[{</span> <span class="na">Action</span><span class="p">:</span> <span class="p">[</span> <span class="dl">"</span><span class="s2">*</span><span class="dl">"</span> <span class="p">],</span> <span class="na">Effect</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Allow</span><span class="dl">"</span><span class="p">,</span> <span class="na">Resource</span><span class="p">:</span> <span class="dl">"</span><span class="s2">*</span><span class="dl">"</span> <span class="p">}]</span> <span class="p">})</span> <span class="p">});</span> <span class="c1">// Create a new Role</span> <span class="kd">const</span> <span class="nx">ecsRole</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">aws</span><span class="p">.</span><span class="nx">iam</span><span class="p">.</span><span class="nx">Role</span><span class="p">(</span><span class="dl">"</span><span class="s2">ecsRole</span><span class="dl">"</span><span class="p">,</span> <span class="p">{</span> <span class="na">assumeRolePolicy</span><span class="p">:</span> <span class="nx">JSON</span><span class="p">.</span><span class="nx">stringify</span><span class="p">({</span> <span class="na">Version</span><span class="p">:</span> <span class="dl">"</span><span class="s2">2012-10-17</span><span class="dl">"</span><span class="p">,</span> <span class="na">Statement</span><span class="p">:</span> <span class="p">[{</span> <span class="na">Action</span><span class="p">:</span> <span class="dl">"</span><span class="s2">sts:AssumeRole</span><span class="dl">"</span><span class="p">,</span> <span class="na">Principal</span><span class="p">:</span> <span class="p">{</span> <span class="na">Service</span><span class="p">:</span> <span class="dl">"</span><span class="s2">ecs-tasks.amazonaws.com</span><span class="dl">"</span><span class="p">,</span> <span class="p">},</span> <span class="na">Effect</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Allow</span><span class="dl">"</span><span class="p">,</span> <span class="p">}],</span> <span class="p">}),</span> <span class="p">});</span> <span class="c1">// Attach the log creator policy to the role</span> <span class="k">new</span> <span class="nx">aws</span><span class="p">.</span><span class="nx">iam</span><span class="p">.</span><span class="nx">RolePolicyAttachment</span><span class="p">(</span><span class="dl">"</span><span class="s2">rolePolicyAttachment</span><span class="dl">"</span><span class="p">,</span> <span class="p">{</span> <span class="na">role</span><span class="p">:</span> <span class="nx">ecsRole</span><span class="p">.</span><span class="nx">name</span><span class="p">,</span> <span class="na">policyArn</span><span class="p">:</span> <span class="nx">logGroupCreatorPolicy</span><span class="p">.</span><span class="nx">arn</span><span class="p">,</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">executionECSRole</span> <span class="o">=</span> <span class="p">{</span> <span class="na">roleArn</span><span class="p">:</span> <span class="nx">ecsRole</span><span class="p">.</span><span class="nx">arn</span><span class="p">,</span> <span class="p">};</span> </code></pre> </div> <p>Now we need to create:</p> <ul> <li>ECS Cluster</li> <li>Fargate Service</li> <li>Task Definition</li> <li>Load Balancer </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code> <span class="c1">// create ECS cluster</span> <span class="kd">const</span> <span class="nx">clusterName</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">medusa-ecs-cluster</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">loadBalancer</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">medusa-ecs-load-balancer</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">ecsService</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">medusa-ecs-service</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">configLoadBalancer</span><span class="p">:</span> <span class="nx">awsx</span><span class="p">.</span><span class="nx">lb</span><span class="p">.</span><span class="nx">ApplicationLoadBalancerArgs</span> <span class="o">=</span> <span class="p">{</span> <span class="na">defaultTargetGroup</span><span class="p">:</span> <span class="p">{</span> <span class="na">port</span><span class="p">:</span> <span class="mi">80</span><span class="p">,</span> <span class="na">healthCheck</span><span class="p">:</span> <span class="p">{</span> <span class="na">path</span><span class="p">:</span> <span class="dl">'</span><span class="s1">/health</span><span class="dl">'</span><span class="p">,</span> <span class="p">}</span> <span class="p">},</span> <span class="na">enableWafFailOpen</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">lb</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">awsx</span><span class="p">.</span><span class="nx">lb</span><span class="p">.</span><span class="nx">ApplicationLoadBalancer</span><span class="p">(</span><span class="nx">loadBalancer</span><span class="p">,</span> <span class="nx">configLoadBalancer</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">cluster</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">aws</span><span class="p">.</span><span class="nx">ecs</span><span class="p">.</span><span class="nx">Cluster</span><span class="p">(</span><span class="nx">clusterName</span><span class="p">,</span> <span class="p">{});</span> <span class="kd">const</span> <span class="nx">service</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">awsx</span><span class="p">.</span><span class="nx">ecs</span><span class="p">.</span><span class="nx">FargateService</span><span class="p">(</span><span class="nx">ecsService</span><span class="p">,</span> <span class="p">{</span> <span class="na">cluster</span><span class="p">:</span> <span class="nx">cluster</span><span class="p">.</span><span class="nx">arn</span><span class="p">,</span> <span class="na">assignPublicIp</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="na">desiredCount</span><span class="p">:</span> <span class="mi">2</span><span class="p">,</span> <span class="na">taskDefinitionArgs</span><span class="p">:</span> <span class="p">{</span> <span class="na">executionRole</span><span class="p">:</span> <span class="nx">executionECSRole</span><span class="p">,</span> <span class="na">containers</span><span class="p">:</span> <span class="p">{</span> <span class="na">app</span><span class="p">:</span> <span class="p">{</span> <span class="na">image</span><span class="p">:</span> <span class="nx">dockerImage</span><span class="p">.</span><span class="nx">imageUri</span><span class="p">,</span> <span class="na">cpu</span><span class="p">:</span> <span class="mi">512</span><span class="p">,</span> <span class="na">memory</span><span class="p">:</span> <span class="mi">1024</span><span class="p">,</span> <span class="na">essential</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="na">portMappings</span><span class="p">:</span> <span class="p">[{</span> <span class="na">containerPort</span><span class="p">:</span> <span class="mi">80</span><span class="p">,</span> <span class="na">hostPort</span><span class="p">:</span> <span class="mi">80</span><span class="p">,</span> <span class="na">targetGroup</span><span class="p">:</span> <span class="nx">lb</span><span class="p">.</span><span class="nx">defaultTargetGroup</span><span class="p">,</span> <span class="p">}],</span> <span class="na">healthCheck</span><span class="p">:</span> <span class="p">{</span> <span class="na">command</span><span class="p">:</span> <span class="p">[</span><span class="dl">"</span><span class="s2">CMD-SHELL</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">curl --fail http://localhost/health || exit 1</span><span class="dl">"</span><span class="p">],</span> <span class="na">interval</span><span class="p">:</span> <span class="mi">30</span><span class="p">,</span> <span class="na">timeout</span><span class="p">:</span> <span class="mi">3</span><span class="p">,</span> <span class="na">retries</span><span class="p">:</span> <span class="mi">3</span> <span class="p">},</span> <span class="na">logConfiguration</span><span class="p">:</span> <span class="p">{</span> <span class="na">logDriver</span><span class="p">:</span> <span class="dl">"</span><span class="s2">awslogs</span><span class="dl">"</span><span class="p">,</span> <span class="na">options</span><span class="p">:</span> <span class="p">{</span> <span class="dl">"</span><span class="s2">awslogs-create-group</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">true</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">awslogs-group</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">medusa-logs-group</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">awslogs-region</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">us-east-1</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">awslogs-stream-prefix</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">medusa-ecs-logs</span><span class="dl">"</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> <span class="p">},</span> <span class="p">},</span> <span class="p">});</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">url</span> <span class="o">=</span> <span class="nx">lb</span><span class="p">.</span><span class="nx">loadBalancer</span><span class="p">.</span><span class="nx">dnsName</span><span class="p">;</span> </code></pre> </div> <p>You can see important things here.</p> <p>Load balancer config with healthcheck route, the definition of the container app with hardware resources and port mapping, this will allow that the Task Definition of the Cluster exposes a port to the cluster and to the container.</p> <p>Last the container has a healthcheck inside where checks if the Docker is healthy</p> <p><strong>Now let's wrap this up!</strong></p> <p><code>pulumi up</code></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--KlTs_3rb--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/7s8pzwjs6o0xdpnbpxwc.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--KlTs_3rb--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/7s8pzwjs6o0xdpnbpxwc.png" alt="Resources Graph" width="800" height="311"></a></p> <p>Pulumi will expose the <strong>DNS</strong> for our service, check the <strong>/health</strong> route and it should be returning <code>OK</code>. </p> <p>Also check the <strong>/app</strong> which holds the Admin Panel.</p> <p><strong>Hope you enjoy it and learn how to Lift and Shift an App to AWS using ECS Fargate.</strong></p> aws devops docker microservices